Mimecast Limited (MIME) CEO Peter Bauer on Q2 2020 Results - Earnings Call Transcript

Nov. 07, 2019 7:30 PM ETMimecast Limited (MIME)1 Comment1 Like
SA Transcripts profile picture
SA Transcripts
129.65K Followers

Mimecast Limited (NASDAQ:MIME) Q2 2020 Earnings Conference Call November 7, 2019 4:30 PM ET

Company Participants

Robert Sanders - Director, IR

Peter Bauer - Co-Founder, Chairman, and CEO

Rafe Brown - CFO

Conference Call Participants

Saket Kalia - Barclays Capital

Matt Hedberg - RBC Capital Markets

Shaul Eyal - Oppenheimer

Gray Powell - Deutsche Bank

Keith Bachman - Bank of Montreal

Terry Tillman - SunTrust Robinson Humphrey

Catharine Trebnick - Dougherty

Robert Sanders

Good evening. Welcome to Mimecast's Earnings Call for Fiscal Second Quarter of 2020 Ended September 30, 2019. I am Robert Sanders, Director of Investor Relations. With me on the call tonight are Peter Bauer, our Co-Founder, Chairman and CEO; and Rafe Brown, our CFO.

Tonight's conference call is being broadcast live. A replay of this call will be available after the live call has ended. We will make forward-looking statements regarding future events and the future financial performance of the company. These forward-looking statements are subject to risks and uncertainties that could cause actual results to differ materially from those in the forward-looking statements. We caution you to consider the important risk factors that could cause actual results to differ from those in the forward-looking statements contained in today's press release and on this conference call. These risk factors are further defined in Mimecast's most recent Form 10-Q filed with the Securities and Exchange Commission.

During this call, we will present both GAAP and non-GAAP financial measures. These non-GAAP measures are not intended to be considered in isolation from, a substitute for, or superior to our GAAP results. A reconciliation of GAAP to non-GAAP measures and the reasons for our representation of the non-GAAP measures are included in today's press release, which can be found in the Investor Relations section of our Web site.

The date of this call is November 7, 2019. Any forward-looking statements we make today are based on assumptions that we believe to be reasonable as of this date. We undertake no obligation to update these statements as a result of new information or future events.

Now, I'd like to turn the call over to Peter Bauer, Peter?

Peter Bauer

Good evening, and welcome to our earnings call for the second quarter of our fiscal 2020. On tonight's call, I'll provide an overview of our second quarter results and discuss our progress in helping customers build greater cyber resilience as we gain market share. Then, I'll talk about our inaugural Cyber Resilience Summit, held just last week in Dallas, and discuss the launch of Email Security 3.0, our strategy to help customers evolve and advance from perimeter email security to a much more powerful pervasive email security on our platform. I'll review recent partnerships and cover additions to our Board and my leadership team. Then finally, as I've done in past calls, I'll share with you some examples of the solutions we're providing to customers and the reasons why Mimecast's unified platform of services continues to win favor with organizations of all sizes.

So, the second quarter marked a big milestone for the company, achieving our first quarter surpassing $100 million in revenue, 98% of which was reoccurring subscription revenue. Our results exceeded our guidance for both revenue and adjusted EBITDA. Revenue, up $103.4 million, grew at 26% year-over-year as reported, and 29% in constant currency over the prior year's achievement. And we added 800 net new customers to our platform, so we now serve 36,100 customers across 138 countries globally. Notable in the quarter was our continued success with larger accounts as we closed 30 transactions over six figures. And we believe the market opportunity for our services remains very large.

And Mimecast's recently published our quarterly Email Security Risk Assessment Report, and found competing solutions from other cloud services providers and legacy on-premises equipment vendors are not adequately protecting organizations. While monitoring emails that had already been scanned by competitors, we found a dramatic increase in business email compromised or whaling attacks. Out of 260 million emails that pass through competing solutions only 231 million were deemed safe by Mimecast. We found 28 million pieces of spam, 60,000 impersonation attacks, and 28,000 malware attachments all having slipped through competitive email security offerings.

Now, our ability to protect customers better is thanks to our unique cloud architecture and the advanced gauntlet of tests that we're able to subject messages to before they are deemed safe for end users. Our efficacy is enhanced and often unmatched thanks to embedded machine learning, teams of experts located in several different countries, and the vast telemetry and threat intelligence that we gather from our networks, as well as dozens of third-party feeds and engines. With email continuing to be the number one attack factor, efficacy remains a significant buying requirement.

Now, recently Mimecast's Secure Email Gateway was recognized as a 2019 Gartner Peer Insights Customer Choice for Email Security. And we work hard to deliver customer success 24 hours a day, everyday, and so this award carries special meaning for us. I want to thank all the Mimecasters involved for their focus on delighting our customers.

Now last week, our customers and partners gathered in Dallas, Texas, for our first ever Cyber Resilience Summit. And the summit was buzzing with energy as customers engaged with Mimecast to share best practices and learn new skills. At the summit, we focused on moving beyond perimeter-only email defense models to a more pervasive email security strategy. We launched a new initiative, Email Security 3.0. Now, this refers to a three-zone approach wit layers of protection for each zone. Zone 1 is the traditional perimeter, bad actors must not be allowed to deliver malware into any organizations, and targeted threat protection provides superior protection at the perimeter and integrates seamlessly with other Mimecast services, like data leak prevention and archiving.

Now, Zone 2 is inside the perimeter where internal threats, sometimes the result of compromised accounts can evade traditional perimeter scans and move laterally inside an organization; Mimecast's internal email protection and remediation guards against these threats. Now, we saw strong demand for Zone 2 defenses this quarter with 700 new subscriptions to our internal email protect service. Zone 2 also includes awareness training to strengthen the human firewall. Now Zone 3 exists beyond the perimeter and represents threats like Web site spoofing, and domain impersonations that are frequently used to attack the customers of an organization by abusing the trust that has been built up over many years in their brand.

Now we've partnered with Segasec and DMARC Analyzer to further strengthen Zone 3 protection, and larger organizations are likely to benefit the most from our bolstered Zone 3 defenses. Now, we believe awareness and protection in all three zones is required to fully protect organizations, their staff, data, and their reputations. So the idea of pervasive email security covers these three zones, as well as leverages our APIs to deliver increased value to customer SOC teams and their other security investments. Mimecast's open APIs and pre-built integration were an area of keen interest to customers at the summit.

Email is such a rich attack surface, and given the volume and quality of telemetry and threat intelligence we gather we have made this value available as part of the pervasive email security strategy, in other words, helping customers to leverage the value of their email security defenses to make their teams and their other security investments smarter. We showcased integration concepts with SIEM, SOAR, end-point and threat intelligence providers, and we have an exciting roadmap of upcoming integrations too.

On the Mimecast organizational side of things, I'm very pleased to share with you that Alpna Doshi will join our Board as an Independent Director and serve as a member of the Compensation Committee. Her extensive experience working as both a CIO on the buying side and supporting customers as an IT service provider brings a wealth of knowledge and insight to the Mimecast Board. Secondly, Heather Bentley joins Mimecast as our SVP of Customer Success and Operations. In this newly created position on my leadership team, Heather's experience at Symantec will benefit our customers and our organization as a whole. Then I'm very happy to announce that we're just back from the ribbon cutting ceremony at our new offices in Central London, a beautiful space that will support our growth and facilitate our employees' work, their best teamwork, and their greatest learning.

Now, let's look in more detail at some of the ways Mimecast has helped our customers to become more cyber resilient in the second quarter. So firstly, a U.K.-based engineering firm with about 2,500 employees experienced malicious URL and impersonation attacks, penetrating their gateway while running a legacy email security solution in front of Office 365, and they sought a more secure platform. Additionally, this customer looked to add protection from email downtime and provide a robust archive capable of processing e-discovery and compliance requirements.

Mimecast's ability to provide a complete solution from one platform with the highest levels of efficacy was central to the win. In total, this customer purchased nine of our 10 services, including our Web Security and Awareness Training, and represents a six-figure engagement. This example nicely illustrates the power of the Mimecast platform to solve multiple customer problems while simplifying IT.

Secondly, a U.S.-based healthcare provider with about 8,000 employees was preparing to move from G Suite to Office 365. Now, as email is mission critical for this organization they wanted to ensure the migration was successful, and they looked to Mimecast. Additionally, security and regulatory concerns around email archiving required a comprehensive solution to solve both of these issues. The customer evaluated the native features of Office 365 and found Mimecast's solution to be highly complimentary, delivering additional security and resilience that they needed.

Thirdly, a global financial organization with headquarters in the U.S., and about 11,000 employees, sought to replace a legacy on-premises email gateway that was ineffective at blocking today's threats. Mimecast was evaluated in a proof of concept alongside other leading vendors, and was selected on merit. While initially an email security engagement, during the sales process their underperforming legacy on-premise email archive came up. Looking to leverage cloud services, this customer expanded the original RFP to include archiving. And Mimecast's ability to offer SEC compliance supervision services for archiving, and our in-house data migration services helped us win this deal. Ultimately, this lengthy and rigorous evaluation concluded with a wonderful Mimecast due to our superior efficacy and our integrated suite of cloud services delivered through a unified Administration Console.

Then a U.S-based industrial supply company with about 1100 employees using a suite of Mimecast services increased their subscription to include two of our most recent offerings, Web Security and Awareness Training. This customer who runs a relatively small IT and security stuff was able to further consolidate vendors and replace this standalone web gateway and their training suite, preferring an integrated solution from Mimecast. This customer is now subscribed to five Mimecast services, all of which are administrative from a single-user interface, removing complexity, simplifying IT, and bolstering cyber resilience.

Then a department within a U.S. state government purchased our service for 21,000 employees. Prior to selecting Mimecast, they were running legacy equipment, and we're not happy with the threats penetrating the organization. In addition to poor threat defense, their income and provider offered a mixture of non-integrated technologies, leading to complexity and higher operating costs. Mimecast was able to enhance cyber resilience and simplify IT delivering an integrated solution from a Unified Management Console.

Then a university with 40,000 employees and students were played by spear-phishing and impersonation attacks, getting through their legacy gateway. This organization was operating in a hybrid configuration with mailboxes on exchange, Office 365 and G-Suite. Mimecast mail routing capabilities enabled through our cloud-native architecture along with superior protection from advanced threats won this competitive engagement.

And finally, a leading global technology company with over 50,000 staff using Mimecast for email security sorted a more effective cyber awareness training solution, one that could modify employee behavior and protect the organization better. Mimecast competed against other leading vendors and replaced an incumbent solution that was found to be overly time-consuming for employees and lacked engagement. Mimecast's catalog of training modules was found to be engaging and highly relevant to this customer. Additionally, they appreciate it are continuously updated training modules, offering new subject matter addressing the ever-changing threat landscape.

And finally, our dynamic risk scoring and our ability to proactively pinpoint risky uses and deploy training to modify behaviors were seen as extremely compelling. As you can see from the customer examples, we continue to have success with larger accounts, while our platform has broad appeal to customers of all sizes. So, in summary, Email Security 3.0 extends Mimecasts beyond the perimeter to a more pervasive security posture. We believe Email Security 3.0 is the next phase of evolution for our industry, as it covers all three zones that an organization must defend, while at the same time making the value derived from this compelling attack surface, pervasive across the rest of the customer security ecosystem via API integrations.

Our customer success and engagement remains a high priority for Mimecast, evidenced by a successful user summit and our recognition as a Gartner Peer Insights customer choice for email security. I'm very pleased with the results that we're delivering today, exceeding our guidance for both revenue and adjusted EBITDA, and I very much like to thank our customers, our partners, and of course, our growing team of Mimecasters for all their hard work and loyalty over this past quarter. We are achieving a lot together.

Now, I'd like to turn the call over to Rafe Brown, our CFO, to cover our financial results in greater detail. Rafe?

Rafe Brown

Thank you, Peter. I'm pleased to report that for the second quarter of fiscal 2020, we exceeded the high-end of our guidance for both revenue and adjusted EBITDA. Despite currency headwinds in the second quarter, we generated revenue of $103.4 million, which represents growth of 25.8% over the prior year in absolute dollar terms, adjusting for the $2.7 million of currency headwind we faced, our constant currency growth rate over the prior year stood at 29% for the quarter.

Note that since providing guidance last quarter, foreign currency fluctuations negatively impacted our second quarter results by $400,000. Adjusted EBITDA for the second quarter totaled $20 million, representing an adjusted EBITDA margin of 19.3% compared to $12.3 million or 15%, in the same quarter the prior year. As I will explain in a moment, adjusted EBITDA was marginally higher than expected due to the upside in revenue as well as the time in certain expenditures.

On a net customer basis, we added 800 customers in the quarter. Mimecast now serves 36,100 customers worldwide. While our unified platform as services continues to win favor with organizations of all sizes, we once again showed strong performance in our larger enterprise group. At present, 17% of our revenues in the quarter are from customers with greater than 5000 seats up from 16% in the second quarter of last year.

Consistent with recent trend, we saw an increase in our average order value driven by both customers by multiple services from us, and a mix shift, whereby we are now selling to a blend of larger customers. Thirty of our new engagements in the quarter were over six figures. And currently the average order value of all customers stands at $11,700, up approximately 14% in constant currency terms.

As we introduce new products, we continue to grow the total addressable market for existing customers, which helped drive our average services per customer across our base to 3.2. Services per customer in the quarter Up from three services last year at this time, are positive trends with customers using Microsoft Office-365 continued in the second quarter with customers using Office-365 purchasing a higher number of services per customer 3.5 services per customer compared to three services for customers not using Office-365.

Over 17,500 or 48.6% of our customers are now using Mimecast in conjunction with Office-365 up from 38% in the second quarter of 2019. Our trailing 12-month revenue retention rates stood at 110% underpinned by solid upsell results, as our existing customers continue to renew their subscription and purchase additional services.

From a geographic perspective, North America was clearly the standout with revenue growth in the second quarter remaining above 30%. While we saw growth across the EMEA region, it is clear that the EMEA economic environment has softened. In particular business in the U.K., which represents our largest market outside North America, seems to be reflecting the uncertainty of its political and economic future. This said, as you will see in our guidance, we remain confident in our ability to achieve our full-year performance targets.

Turning to gross margins for the second quarter, we recognize a 76.2% non-GAAP gross margin, up 200 basis points from Q2 of the prior year, driven largely by efficiencies of scale in our platform. Second quarter non-GAAP operating expenses totaled $65.8 million, compared to $54.9 million for the same period in the prior year, and increase of 20%.

Non-GAAP R&D expenses stood at 16.1% of revenue in the second quarter, compared to 15.3% for the same period in the prior year demonstrating our commitment to innovation, as we pursue what we continue to believe is a large market opportunity. Non-GAAP sales and marketing expenses, totaled 36.4% of revenue down from 39.8% of revenue for the same period of the prior year. In part, this decrease reflects a shifting of market resources from the second to the third quarter aligning with last week's cyber resilience summit.

Non GAAP G&A expense was 11.2% of revenue down 50 basis points from one last year's 11.7% of revenue. Our non-GAAP operating profit for the second quarter with $13 million, or 12.6% of revenue, up from $6.1 million or 7.4% of revenue in the prior year. In bottom line terms, our second quarter GAAP net loss was $900,000 or a loss of $0.01 per basic and diluted share, based on $61.8 million weighted average shares outstanding.

Our GAAP results reflect a $2.4 million charge for the settlement of patent litigation within the quarter of the total settlement amount of $5.9 million 3.7 has been expensed in this or prior quarters. The remaining $2.2 million of the settlement will be amortized over the next 42 months.

Our GAAP tax charges total approximately $120,000 in the quarter. We expect full-year gap tax charges to be approximately $2.2 million and improvements since our last project of $2.5 million due to require timing, the majority of this tax charge will fall in the fourth quarter. Our non-GAAP net income for the quarter was $8.5 million or $0.13 per diluted share based on 63.9 million fully diluted weighted average shares outstanding. Our non-GAAP tax rate with 30.8% for the quarter, we continue to project a full-year non-GAAP tax rate of approximately 31%.

Turning now to cash flows, our operating cash flow results illustrate the efficiencies we are gaining in the business. For the second quarter, our operating cash flows totaled $17.7 million or 17.1% of revenue, a 190 basis point improvement over last year. On a year-to-date basis, we have now generated $46.2 million in operating cash flows versus $29.1 million in the same period for the prior year.

Recalling that Q2 reflects the first large payments for the build out of our new U.K. and South African offices, we still generated $4 million in free cash flow in the quarter compared to $4.2 million in the prior year. With the U.K. build-out just now completed last week, the South African project well underway and including the impact of the patent litigation settlement mentioned above, we expect Q3 CapEx charges to total approximately $22 million. With this in mind, in absolute dollar terms, even while now including the impact of the patent litigation settlement, we continue to expect that free cash flow will be in line with our FY '19 performance. As of September 30th Mimecast had $199.2 million in cash and short-term investments.

Let me now turn the guidance. For the third quarter of 2020, revenues are expected to be in the range of $107.4 million to $108.5 million or 24% to 25% growth in constant currency terms. Our guidance is based on exchange rates as of October 31, 2019, and includes an estimated negative impact of $900,000. As a result of the strengthening of the U.S. dollar compared to the prior year. Adjusted EBITDA for the third quarter is expected to be in the range of $17.7 million to $18.7 million.

Full-year 2020 revenue is expected to be in the range of $420.8 million to $425.3 million or 26% to 28% growth in constant currency turns. Foreign exchange rate fluctuations are negatively impacting this guidance by an estimated $9.2 million compared to the rates in effect in the prior year. The prior guidance for fiscal year 2020 provided in August was $418.3 million at the midpoint. Our overachievement in Q2 coupled with this strength seen in our business is leaving us to raise the midpoint of our full-year guidance by $2.8 million in constant currency terms.

In addition, this raise of $2.8 million is being positively impacted by an additional $2 million of foreign exchange tailwind. That has arisen since the rates used in our August call, resulting in the midpoint of our full-year guidance moving up by $4.8 million in absolute dollar terms, from $418.3 million to $423.1 million. Full-year adjusted even expectations are being raised to a range of $72.9 million to $74.4 million.

We are increasing our guidance by $1.1 million at the midpoint on an adjusted EBITDA basis. In summary, I am pleased to see that the Mimecast team was able to once again deliver results that exceeded our expectations. And then, we are raising our full-year guidance for revenue and adjusted EBITDA in both constant currency and absolute dollar terms.

Before I turn the call over to the Operator for questions, I'd like to announce we're hosting an Analysts Day on Monday the 24th of February 2020 in San Francisco. A press release with additional details will be issued shortly, and we hope you will join us.

With that, I'd like to thank you for your time and open the line to your questions. Operator, can you please pull for the first question?

Question-and-Answer Session

Operator

Certainly, [Operator Instructions] Our first question comes from Saket Kalia with Barclays Capital. Your line is now open.

Saket Kalia

Hey, Peter. Hey, Rafe. Thanks for taking my questions here.

Peter Bauer

Hi, Saket.

Saket Kalia

Hey. First, maybe for you, Peter, the numbers certainly wouldn't indicate it, but I'm just curious if you could talk a little bit about the competitive environment a little. I think there's a view out there that other competitors were perhaps willing to get more aggressive if necessary with things like pricing. I wonder if you could talk a little bit about just the overall competitive landscape and pricing at all from what you saw in the quarter.

Peter Bauer

Yes, great question. So, I think our experience has been a very consistent competitive environment. We haven't seen many changes. Probably the notable changes just been with the Symantec acquisition by -- or pending Symantec acquisition by Broadcom. There is concern amongst customers; there is concern among partners around what Broadcom's commitment to email security may be. And so that has -- potentially has some upcoming opportunity for us which we're excited about. I think on the pricing point there'll always be anecdotal examples of competitors being aggressive on pricing, but we've found overall, in aggregate, the pricing environment has been very consistent for us quarter-over-quarter.

Saket Kalia

Got it, that's very helpful. Maybe for my follow-up for you, Rafe, 800 net new customers added in the quarter, I think it was maybe slightly higher in the prior quarter. I was just wondering if you could speak to -- obviously the AOV was nicely ahead though, but I'm just wondering if you could talk about the profile of customer additions this quarter and sort of how you think about the pace of customer additions going forward.

Rafe Brown

Yes, thank you. We're quite pleased with the pace here on customer acquisitions. I think one of the things that you're seeing is that of course is a net number that we experienced for the quarter. And as we've talked about in a number of different ways, the company has started to shift somewhat higher in terms of customers it approaches. I would say on the very low end we defocused around those customers that were under 50 seats many of whom are in the historic base. And then as Peter cited a number of examples where we're actually resonating with a lot of customers at a much higher level. So the raw customer number or the customer account number becomes a bit less important when that mix shift is going on.

Saket Kalia

Got it, very helpful. Thanks very much, guys.

Peter Bauer

Thanks, Saket.

Operator

Our next question comes from Matt Hedberg with RBC Capital Markets. Your line is now open.

Matt Hedberg

Hi, guys. Thanks for taking my questions. Congrats on the results. Maybe, Peter, the Email Security 3.0 initiative sounds like a great sort of message. And I'm wondering from a go-to-market perspective, how do you approach that? Do you have anything, perhaps maybe some bundles? I'm just sort of curious how that gets branded because it seems like it's a compelling value prop for customers.

Peter Bauer

Yes, it is, and thanks, Matt. So Email Security 3.0 is a strategy and it's a context that I think helps customers understand where the various offerings that we have fit in. We haven't necessarily translated that into a specific new bundle largely because we see it as being a strategy that appeals to slightly larger companies who may not make the change or the swing or the implementation of the strategy all in one large go. They may look at a more modular approach to implementing different technologies in each one of those zones. It obviously also plays back into our existing customer base, the vast majority of which have made investments in Zone 1 or the perimeter layer, and gives them a context to adopt some of our newer offerings into each one of those zones.

So, it's more of a strategy and a positioning, and a context for customers to adopt more offerings than it is a specific new skew or bundle of products.

Matt Hedberg

Got it. And then maybe as a follow-up, Rafe, you talked about -- you mentioned the U.K., some of the political concerns there. Just wondering if you'd put a little bit more color on that, what exactly you're seeing there? I know last quarter you mentioned South Africa as well, you didn't -- I don't think you brought that up, curious maybe an update on that region as well.

Rafe Brown

You bet. You know, when we look across the geographies, first, as I noted, the U.S. really turned in some nice numbers. Then buried down in the Q, we break out the geographic revenue split and you can see the U.S. still growing at over 31%. Rest of world still grew, which was very good. We would like to have seen, particularly the U.K. growing a bit faster. Really what we're seeing is, and it's showing up in a bunch of the economic reports and whatnot, but that there's this natural tendency for deals to perhaps extend a little bit and move slower. And I think it's really things like that that are trickling through the business. It's still got good growth, but not as quite. It's certainly not keeping up with their North American counterparts.

South Africa, the story continues there. South Africa is a relatively smaller market than North America and the U.K. They certainly are having some economic challenges. That market, we have quiet a strong team there, and do a very good job. So again, you see growth but it's just not able to keep up with the pace that we're demonstrating in North America at present.

Matt Hedberg

Got it. Well done, guys.

Rafe Brown

Thank you.

Peter Bauer

Thank you.

Operator

Our next question comes from Brent Thill with Jefferies. Your line is now open.

Unidentified Analyst

Hey, guys. This is Joe on for Brent. Thanks for the question. Through M&A and organically, you guys have done a great job of broadening the product portfolio. And in the breadth of Mimecast's specific offerings, how should we think about the going forward, specifically also in the context of Email Security 3.0, which I believe is mainly starting off by partnering with DMARC and Segasec? And I guess the final part of that one question is how should we think about build versus buy versus partner as you move forward with your offerings?

Peter Bauer

Yes, great question. So in Zone 3 of Email Security 3.0, you're right, we have two great partner offerings that we're working with, and we have existing integrations into both of those offerings today that joint customers are able to benefit from. I think in terms of the mix of build/buy partner, we keep all of those options on the table in terms of how we build out the portfolio. I think what you'll know about us as a company is that we've been extremely organic in our approach to building out this technology platform, and that's had tremendous benefit in terms of our ability to deliver a simplified solution and a fully integrated suite to customers.

And also, particularly as we look at Email Security 3.0 and the importance of APIs for customers to be able to integrate our platform with the rest of their security ecosystem, having a contiguous suite and a contiguous API that affords that integration in a very slick and straightforward way is certainly important. But as you know, we have, I guess, conservatively but steadily incorporated some M&A into our strategy. The awareness training product which has really been successful for us has been part of a buy and integrate and kind of rebuild on our MIME OS platform, that has worked fairly well.

Our web security offering also was catalyzed originally through M&A, and some of the other M&A activity that we've had has given us really strong componentry within our platform to be able to do a lot of advanced security work as well. So we continue to use all of those tools to be able to build out our product portfolio, but we do it in a very conservative way so that we don't create a hodgepodge of solutions that customers have to deal with the complexity of, and that we could bring this all together in a really cohesive contiguous proposition.

Unidentified Analyst

That's good to hear and very helpful. Just as a follow-up, we were just at Microsoft Ignite, and I understand you probably don't want to speak to specific competitors, but they were really touting their enhancements in security. So I was just wondering if you've seen this at all in the email side, have the customers said anything? And I understand Microsoft customers, I believe, are over 50% of your new business, so the proof is kind of in the numbers. But given it's the biggest kind of bare case has anything changed there?

Peter Bauer

Yes, we continue to see strong demand from Office 365 customers. I think as you mentioned and in the prepared remarks, it's almost half of our customers now, 48%-49% roughly of our customers using us in conjunction with 365. So we think it's important that Microsoft continues to invest in security, but I think we're far from imagining that they will be able to solve the security problem in its entirety on their own. And feel there's a really important place for security and resilience suites, like what we offer, to help customers be confident and secure and resilient as they have an increased dependency on Office 365, and in deed as the community of adversaries there has really offered a pretty large scale homogenous attack surface to work with becomes very important to be able to bring additional layers of security technology to that platform to mitigate some of those.

Unidentified Analyst

Make sense. Thanks.

Operator

Our next question comes from Shaul Eyal with Oppenheimer. Your line is now open.

Shaul Eyal

Thank you. Good afternoon, gentlemen. Congrats on the consistent execution and elevated outlook. Peter or Rafe, when you look at the new logos you've added during the quarter and indeed a very, very good job on that front as well, is there any way to look at it more from a displacement versus Greenfield? I know it's probably hard to quantify that, but any color you can share with us will be very helpful?

Peter Bauer

Yes, that's an interesting one. I mean, I think when we are looking at straight email security, we're always displacing something, unless they are an existing Office 365 customer where we may not be displacing, we may be adding an additional layer on top of whatever their license for on 365, but the email security market is displacements, but it's frequently a displacement with an upgrade. So, we may be displacing something that doesn't have an equivalent capability to our targeted threat protection offering, and so, we'll be going in replacing, but then providing this extended functionality as well.

What we do see is Greenfields opportunity in some of the Zone 2 areas, so those being our IT offering and our awareness training offering with customers don't have any defenses in place there yet. So that is more Greenfields although they have displacement opportunities that we take advantage of there, and then I think looking out at Zone 3 that is a lot more Greenfields again, and fresh market opportunity. And then of course, outside of the definition of the Email Security 3.0 offerings, the breadth of our portfolio spanning into continuity, archiving, web security, secure messaging, and so on. Those are once again combinations of displacement and net new capabilities that are being purchased by customers.

Shaul Eyal

Got it. This is great color, Peter. And then we think about Zone 3 and listening to your prepared remarks, comments, will that be taking you into a more for augmented environment, also competitively?

Peter Bauer

I think that there are some slightly different types of competitors up market or within that Zone 3 space, but I think some of those competitors are focused. So, on the DMARC side, there are a set of competitors that have started to build nice businesses around the DMARC, and we've partnered with several of them, and I think I'll focus on DMARC analyzer which we believe is the best partner for us, it gives us an opportunity to really compete with a set in that space and be successful. And then, on the second set side there are various types of services that cover straight hunting in the wild and take on activities. We feel that second set proposition matches much more closely with what we do in email and we see that email is frequently the tool that gets used to perpetuate these types of impersonation or look-alike domain attacks. And so, that's a really good fit for us. But we do move into a slightly different, a slightly different competitive set. But we feel very good and particularly when a customer is looking to us as the Zone 1 and 2 email security provider, that Zone 3 available through Mimecast is a no-brainer for those customers as well.

Shaul Eyal

Understood. Thank you for that. Good job. Congrats.

Peter Bauer

Thanks Shaul.

Operator

Our next question comes from Sterling Auty with JP Morgan. Your line is now open.

Unidentified Analyst

Hi, guys. This is Matt on for Sterling. Thanks for taking the question. The first question is I know you guys talked about the shift and expenses in next quarter. I was wondering if you could give any additional commentary on what are some of the factors, they're driving that?

Rafe Brown

Yes, thanks. This is Rafe. You know that there is a bit of a shift as I called out just between the second quarter and the back half of the year. I think when you -- to put it in context, let's first look at the midpoint of the full-year, EBITDA guidance, which implies about 150 basis points improvement over the prior year. So, there is some ongoing investment that will really manifest itself and in marketing spend that it shows up in the back half of the year, continued R&D investment that will be going on things of that nature that just weren't maybe the sequential math didn't follow exactly like you saw last year. We're really quiet on course for where we've wanted to be inconsistent with some of our prior comments on the full-year in terms of making sure we're balancing that line between good growth on the top line, and also building profitability.

Unidentified Analyst

Got it, got it. And then just a follow-up for Peter, you know, with Mr. Jennings departure, can you review kind of who's going to be running sales and heading up marketing from here?

Peter Bauer

Yes, absolutely. So as you know, we announced a couple of several weeks back that Ed Jennings who'd been our CRO for about four years, is transitioning out of the business to go pursue an opportunity. That is his still exploring to be a, senior leader in another business at some point. So, we were fortunate to have some pretty good succession in place. And so, we've elevated Dino DiMarino who has run on North American business. For the past two-and-a-half years, we've elevated him to a global head of sales role. So he will sit directly on my team, and in fact, we made these structural changes, we implemented them from the 1st of October. It just made a lot of sense for us to do them at the midpoint of our fiscal year.

At the same time, we just announced Heather Bentley, who will be joining my team in a couple of weeks' time, which was another area that sat under Ed Jennings. And so, she will run customer success and operations for us globally. And you can read a little bit more about that in the press release. And then, the marketing piece of set and that is now reporting into Christina Van Houten and she runs strategy, our product management and corporate development for us. So we have an integrated product management, marketing, and Biz dev Corp dev group under her. So that's the way we've set out the structure of the organization, and we've been operating with that model for the past, four and a bit weeks, and it's going extremely well.

Unidentified Analyst

Got it. Thanks for taking the question guys.

Peter Bauer

Thank you.

Operator

Our next question comes from Gray Powell with Deutsche Bank. Your line is now open.

Gray Powell

Great, thanks. Thanks for taking the question. Maybe a couple of quick ones, so I know you touched on it before, but just how do you feel about the opportunity to gain incremental share from Symantec out the businesses at this part of Broadcom? And then, I saw that you're running some pretty targeted promotions at Symantec customers, because back in September, could you talk about the traction that you're seeing there?

Peter Bauer

Yes, great. So naturally, the Broadcom Symantec transaction will close, I believe, later in this calendar year. So it's not yet underway. So we think that the benefits that we expect would come from it, maybe more into next year specifically. We have a long track record of migrating, Symantec cloud email security customers onto our platform. Over the years, we've had several thousand of them move over to us. And so, we've really been highlighting that opportunity to Symantec customers and partners as they've started to get when the fact that there's some changes coming for them, and that the priority of the Broadcom organization, at least from our standpoint, doesn't appear to be email security, and certainly doesn't appear to be particularly focused on the mid-market customers that Symantec has historically had. So yes, we put these promotions to us and certainly driving a lot of interest in conversations in the Mimecast platform.

Gray Powell

Got it. Okay. Thank you.

Operator

Our next question comes from Keith Bachman with Bank of Montreal. Your line is now open.

Keith Bachman

Hi, thank you. I want to ask two questions and the first one is Peter for Peter rather and it's about market orientation. It did come up -- part A is it did come up that that obviously U.K. and South Africa slow. And I just think about your geographic expansion, and the first part is why not be more aggressive, because you're subject to so much more geographic concentration than most tech companies, there's many markets that are still uncovered. I pick out Canada is an obvious one. And if you've planted seeds now, obviously it takes a while to germinate, but why not be more expansive in your geographic orientation? And then the second part of the orientation question is, I heard the Zone 1, Zone 2, Zone 3, and the lens seems to be around email, and I'm just wondering is rather than a lens around email, if you think about security processes or should investors expect to the next couple years with your API strategy that you'll largely be remaining around an email orientation? Then I have a quick math follow-up.

Peter Bauer

Yes, those are great questions. So let me start with the second question and let's come back to international expansion strategy after that. So, as you know, we have a pretty broad portfolio of offerings, and as a company, we talk a lot about cyber resilience, which is really about at best being able to avoid an impactful cyber incidents, and worst with standard. And we really think about cyber resilience is being this ability to avoid the disruptive impact that that cyber incidents may bring. And it's beyond just necessarily breaches or security. It may be disruptions that are the result of human error, or maybe disruptions as a result of technological failure. So, we're a little bit more agnostic as to whether this is sort of specifically a security-focused issue, or whether this is a technology issue, or a skills issue, the things that can cause disruptions, how do we help companies avoid those? And that's sort of the broad positioning of the company, and we have a broad suite of offerings to help deliver against that promise.

And what we have found though is that while companies really like that, and we have had a lot of success in selling that, the number one issue for many security teams today and for many organizations today, continues to be email as an entry point into their organizations, and that problem has grown, and we expect will continue to grow. And so, the thin end of the wedge, for us, is very important to communicate with the market and to communicate with our customers and prospects, that we are continuing to innovate and have a strong strategic view on the email security market in particular. And so, this is really about us doubling down on that. And then looking at the rest of our portfolio and saying, we certainly have ample opportunity to sell more of those into that and now doesn't actually come to the time as we continue to increment up market but, as we look down market into our smaller customer base and our prospects, certainly the messaging is slightly more nuanced towards the broader suite, talking to smaller organizations, but as we talked to two larger organization, but Email Security 3.0 is the focus of those initial complications.

Keith Bachman

Okay.

Peter Bauer

That makes sense?

Keith Bachman

Yes, in the geo?

Peter Bauer

So, actually, we're pretty diversified from an international selling perspective, obviously North American business has grown tremendously and now represents a bit over 50% of our revenue. But across U.K. South Africa, Australia, Central Europe, Middle East, in fact, I think we pulled up well over 100 countries that we're doing - we have customers in today, it is sort of fairly diversified. I think the rhythm and pace of which we look at international expansion is something that we've been really concerned about, so that we don't run out of sort of management bandwidth or spread ourselves too thinly, and we want to make sure that we have sufficient pounds per inch in terms of the force that we are applying to our go-to-market and our customer service efforts in any market. There are markets like as you say, Canada that are compelling, adjacent markets particularly to the resources that we have in North America. So, those would be good ideas for us in terms of subsequent international expansion opportunity.

Rafe Brown

Absolutely, and we do have a few people up in Canada right now that have actually been quite successful. So that's certainly an opportunity that we've noted.

Keith Bachman

Okay, if I could just sneak one in, Rafe, if you could just talk about your retention rate, the 110, how should investors think about that going forward, because it's obviously slowing a little bit, and where do you see the resistance point?

Rafe Brown

So yes, thank you for the question. Actually, when you look back over time, it has stayed fairly consistent in that 109 to 111 range, and that's going back actually quite some time. So, there is a little modulation in that and I think we would expect it to continue to stay in that zone for now.

Keith Bachman

Okay, great thanks.

Operator

Our next question comes from Terry Tillman with SunTrust Robinson Humphrey. Your line is now open.

Terry Tillman

Hey, good afternoon gentlemen. Most all my questions have been answered, but not to worry, I have a few extra ones. So first on the partnership side, particularly channel partners, as you guys are having success more in the kind of upper end of the mid-market, and then enterprise, we've been hearing about greater and better engagement with some of these kind of key channel partners and influencers, but I'd like to hear from you all in terms of your all's perspective on how the level of engagements coming along with some of these key influencers on the channel side.

Peter Bauer

Yes, that's a big focus for us both in terms of the sales and commercial side of the channel organizations, but importantly for us the technical the technology stakeholders within those channel partners, so solution architects, sales engineers, that's been a really big focus for us over the last couple of quarters ramping up on our education and certification capabilities. In fact that the cyber resilience summit last week, we had both customers and partners involved in learning about our latest technologies and getting trained and certified in those. So, that is a very important part of our sales motion and we expect to continue to invest in building those technology influencer relationships within the channel.

Terry Tillman

Yep. And my follow-up question, just Peter, in terms of web security, just trying to maybe get a gauge on when this could start kind of really breaking out. I know you've seen some success. We've actually heard about some attach rate with it even in some larger customers, but I would love to just get your perspective in terms of kind of where you think you are and kind of what needs to happen for this to really start to add up to something. Thank you.

Peter Bauer

Yes, great. So as you say, we launched on our first version of our web security product almost about one year ago. And we've continued to iterate on that product and mature that at capabilities. I think we're just on version 1.4 now, and we feel good about the progress that we making in that in that space. Again, our focus for this product was really to sell to customers that had already chosen us for our email security capabilities, and to add this as an additional layer of functionality. So we've seen displacement opportunities around things like Cisco umbrella, we've seen Greenfield opportunities with apps, the customer had some kind of UTM devices going into the network, but doesn't have coverage for users in a [indiscernible] or remote worker, or remote office situation. So we think it's a very large opportunity that we're earning our place in that market, and we will keep you posted as we as we progress and continue to innovate there.

Terry Tillman

Sounds good, thanks.

Operator

And our last question comes from Catharine Trebnick from Dougherty. Your line is now open.

Catharine Trebnick

Oh, thank you for taking the question. And this is for you Rafe, I noticed your billing for Q2 came in shorter than the total revenue, and that was the same with Q1. Can you give us some underlying dynamics, what might be driving it, because you've had some decent billings numbers in growth rates last year?

Rafe Brown

Yes, thank you for the question. One of the things that we've tried to consistently message that the billing number which we don't give, but we're where people often try and calculate by backing into it can be highly variable really, most significantly impacted by FX. Keep in mind that you don't want to -- just like we have constant currency revenue numbers those same forces are in play with billings, but it's almost a little bit worse because usually one calculate that by looking at deferred revenue, which is a balance sheet data [ph], and so, you get these very big balance sheet swings. So, that can be very deceptive certainly when you're looking at it. I guess the best thing I would refer you to, is our guidance, where you know, again we raised our full-year guidance by 100 basis points to 27% growth at the midpoint. That's really the best indicator of where we believe the underlying business fundamentals are taking us.

Catharine Trebnick

All right, thank you.

Operator

And that concludes today's question-and-answer session. I would like to turn the call back to Mr. Bauer for closing remarks.

Peter Bauer

Great. Thanks everybody for joining our call this evening. We've enjoyed sharing our results with you, and we look forward to speaking again in about one quarter's time. Thank you.

Operator

Ladies and gentlemen, this concludes today's conference call. Thank you for participating. You may now disconnect.

Recommended For You

Comments (1)

To ensure this doesn’t happen in the future, please enable Javascript and cookies in your browser.
Is this happening to you frequently? Please report it on our feedback forum.
If you have an ad-blocker enabled you may be blocked from proceeding. Please disable your ad-blocker and refresh.