FireEye, Inc. (FEYE) Management Presents at JMP Securities Technology Conference (Transcript)

FireEye, Inc. (FEYE) JMP Securities Technology Conference March 1, 2021 1:00 PM ET

Company Participants

Frank Verdecanna - EVP, Chief Financial Officer and Chief Accounting Officer

Conference Call Participants

Eric Suppiger - JMP Securities

Rustam Kanga - JMP Securities

Eric Suppiger

Welcome. Thank you for joining us. I am Eric Suppiger with JMP Securities, the Cybersecurity and Infrastructure Analyst. And for this session with us, we have FireEye. And presenting for FireEye would be Frank Verdecanna. I hope I pronounced that correctly.

Frank Verdecanna

Yes, right.

Eric Suppiger

All right. EVP, CFO and Chief Accounting Officer. So before we dive in, though, I just want to encourage all clients on the call here please feel free to ask questions. Really, the goal here is to allow you to get your questions in. We have a window, Q&A window, that you should be able to type them into it. So, please feel free to enquire. And with that, I think I will -- I'll start it off here.

So Frank, talk a little bit about how FireEye can capitalize on the -- really nice visibility and credibility that FireEye gained from detecting the SUNBURST malware attack. This is kind of a unique situation where I think FireEye has really gained some credibility. What is FireEye doing to take advantage of that opportunity?

Frank Verdecanna

Yes. I mean, the process was a great validation of how security products alone can't really solve the problem. You really need the intelligence and expertise on top of that. And so out of the 18,000 companies that had the SolarWinds implant, FireEye was the only one to be able to discover that. And it really was because of both technology and our intel and expertise and being able to bring that to bear all-in-one solution. And so, I think the market -- if you look at the press we're getting, if you look at a lot of the presentations that we've done to various government agencies, you can see that we are the subject matter expert on this. And it really is something that we're in a unique position, because of the level of frontline expertise we have from all the breach at work that we do, but also the intel analysts that we have throughout the world that are tracking the threat actors throughout the world.

Eric Suppiger

So are you taking any steps? Are you getting more engaged with clients? Are you marketing more aggressively on this? Or are there any activities that you're doing differently in light of the breach?

Frank Verdecanna

I wouldn't say there's activities that we're doing differently. I mean, we're -- obviously there's been a lot of requests for our CEO, or Head of Sales or Head of Strategies time, to go in and talk to different Boards. And I kind of walk through. I think one of the things that's really come to light is the fact that companies have been increasing their security budgets, been buying a lot of different security technologies, but don't feel like they're any more secure today than they were before that.

So I think, folks are really trying to figure out how to strategically approach the next couple years from a defense perspective, and really looking to FireEye to be able to talk through, how can they take advantage of our threat intelligence, our frontline expertise. And that's why we're really excited about 2021, because we're -- we've introduced Mandiant Advantage. And that's the first product that really takes full advantage of our intel analysts, our frontline expertise, and all our detection from our products throughout the world as well, all in one spot.

Eric Suppiger

And I do want to get to Mandiant Advantage. But before we get there, just talk a little bit about how the product line has evolved, your product portfolio? It's gone through a lot of changes over the years. Describe a little bit about kind of the strategic evolution that you've had in the last couple years, if you would?

Frank Verdecanna

Yes. Lot of focus on just going from on-premise appliances to cloud security products. And so, if you look at the our various products, and both on the network, email, endpoint side, we now have hybrid and cloud solutions. So that was a big focus area. The next focus area has really been taking advantage of the things that were very unique in the market. So the level of frontline expertise. The level of threat intelligence that we have, that nobody else in the world actually has, being able to monetize that and put that into a solution that gives our customers and prospective customers the opportunity to leverage that intelligence in their fight against the threat actors.

Eric Suppiger

Your product line is very broad. If I think about it, you've got SIM, you've got Endpoint Security, you've got Email, you got Cloud Security. How do you look at market share across those different products? I think in most cases, you're not a number one or two players. So how do you -- how does outside of incident response? Clearly, your real strength is on the professional services side? But in terms of the products, how can investors think about your market share goals and targets?

Frank Verdecanna

Yes. I think well, one, first, besides incident response, which we're clear number one leader there, if you look at the threat intelligence we’re the clear number one [indiscernible] there as well. We're actually a leader in the validation market, which is a brand new market, but we're the clear leader there as well. So, I think, we are positioned very uniquely in some very important markets. But then, in the other markets that we may not be top company from a market share perspective I would say that we have unique technology and differentiation that puts us in a lot of cases as a great second line of defense. So, if you think through our network, email, endpoint solution, while they may not be the market leaders there. From a detection standpoint, they are the market leaders. And so why companies buy our products to put in back of a firewall or back of another endpoint technologies, because our technology is actually better at catching stuff that they miss.

Eric Suppiger

Do you anticipate gaining share across those other areas where you may not be the market share leader, but you'll be the technology leader? And how can investors kind of gauge the success from those?

Frank Verdecanna

Yes. I think, probably the best way to look at the opportunity is, if you look at our categories and our platform, cloud subscription, managed services category, our growth products are in there, our cloud versions, our more mature products are in there. And you can see the growth rate has been really consistent and high in that category. And we expect it will be going forward as well. I think one of the important things to note is, if you look at how we're kind of going to market; in a lot of cases, we're going with a bundled approach of being able to sell our email network and endpoint solution along with kind of our overall platform, all-in-one sale. And so if you looked at the fourth quarter, we had 64 deals greater than a $1 million, 50% of them had services, 50% of them had products and solutions. And then of those 72% had [four] [ph] more products. So, we're able to even though, we may not be technically the largest company from a market share perspective, in some of those categories, we're able to win against some of those market leaders, because of the synergies across our portfolio of products and being able to unify those under one platform.

Eric Suppiger

Let's talk a little bit about the Mandiant Advantage. This was a product that you recently introduced, and I think it's a significant development in terms of monetizing your threat intelligence. Can you one just describe it a little bit?

Frank Verdecanna

Yes. It's a platform that we're providing to customers and prospective customers, to be able to basically operationalize all our threat intel and frontline expertise, and basically tell you everything we know about the bad guy, and the threat actor in one spot. And so, you could literally, any alert that you're concerned on, you can highlight over, and we'll tell you exactly what we know. We'll tell you exactly what open source knows as well. And so the first module out of the gate is our threat intelligence. And so if you can think through our very highly curated intelligence, along with open source intelligence all in one spot. And then, as we look in 2021, you'll see us introduce validation as a module within Mandiant Advantage, and then our managed defense offering as well. And then, one of the things we're really excited about is we're now integrating the Respond XDR Technology, so the machine learning and AI technology into Mandiant Advantage.

Eric Suppiger

Okay. In the past, have you been effective at monetizing, I would certainly agree that your threat intelligence is considered the best. Have you been effective at monetizing that to the fullest in the past? Do you feel?

Frank Verdecanna

I wouldn't say to the fullest. I would say, in 2020, our threat intelligence was above market grower, is very highly curated intelligence that were primarily sold to large enterprises and governments. If you look at 2021, and going forward, we'll do a better job of being able to monetize that in the mid market and smaller enterprises as well, because we're now offering that open source component to it as well. And it's now -- whereas the original threat intelligence offering may have been more focused for kind of large in-house security teams that can really take full advantage of it. Now, it's also being marketed to be able to be used by a couple analysts on a smaller company that will just be able to kind of know everything that we know.

Eric Suppiger

Talk a little bit about how you can take that threat Intel into the lower market, or the take it down market some? Is it a form factor issue more than anything, that's been difficult in the past, and this changes that dynamic?

Frank Verdecanna

I think a lot of it is just, how easy it is to consume through Mandiant Advantage. And so if you think about, what we're trying to do is, it's a dashboard that you can put on top of any system that you have, and put any amount of alerts into that and you can leverage our intelligence and expertise all in one spot. And so, it's marketed and it's easily deployed. You can demo it. Right now, we're offering a Freemium Version that will give customers and prospects the opportunity to just take a look at some of the capabilities before converting to a paid subscriptions. So, the ease of deployment, the ease of use, and really pulling it all together in one spot is why it just -- it fits the mid market as well, versus kind of before when it was just very targeted and threat intel that was built for kind of sophisticated Security Analysts teams.

Eric Suppiger

And how do you expect this Mandiant Advantage product to perform relative to your other products?

Frank Verdecanna

Well, because we're -- if you think about all the growth products that are going to be built into Mandiant Advantage, I mean, ultimately, it's going to be the fastest growing product in the company, because we're moving validation into it. We're moving our managed defense offering to it, and there's a lot of synergies, the more modules that you'll get within Mandiant Advantage. So our expectation is that, that's going to be the fastest growing product/solution that we have. And we're really going to be able to leverage for the first time, all our threat intel and all our frontline expertise into one spot.

Eric Suppiger

Who do you think would be the likely competitor for Mandiant Advantage? I don't know of too many companies out there with a similar product. So how do you think of the competitive landscape?

Frank Verdecanna

Yes. I think there'll be competitors, four components of it. But we don't think there's anybody out there that can actually have as much of a comprehensive offering as the full Mandiant Advantage when all the modules are in there, There'll be competitors that have components that will compete on various aspects of it, but there won't be anyone out there that will have kind of the managed defense component to it, the validation, the XDR and the level of threat intelligence and expertise that we have.

Eric Suppiger

Will it compete with the Mandiant services, with professional services component?

Frank Verdecanna

It won't be -- it won't compete with. It will be a great [leap] [ph] behind after any service engagement. It would be a perfect follow-on subscription after any compromise assessment or incident response engagement or strategic program assessment as a leap behind. Because then they're going to get constant value going forward of everything we continually to learn. Because as we speak today, right now, we're responding to over 100 breaches. And so, we learn -- tomorrow, we'll have learned a lot more than we know today. And so being able to operationalize that intel and expertise will provide ongoing value to our customers.

Eric Suppiger

All right. So you're anticipating -- based on your guidance, you're anticipating an acceleration in growth in fiscal 2022. But you're holding your expenses relatively flat from Q1 levels? How are you planning to get those returns?

Frank Verdecanna

Yes. If you look at kind of what we've done in the fourth quarter, and what we're doing in first quarter, a lot of the headcount growth that we've had is coming in late part of 2020 and in the early part of 2021. And further incremental investment in the growth areas, we continue to fund from the more mature areas of the business. So we continue to do some reallocation of resources across. But as we look forward, we don't see operating expenses going up significantly. And so we'd be -- we expect to be able to drive revenue growth faster than OpEx, and therefore gaining continual leverage in the model.

Eric Suppiger

How would you describe your sales force from a productivity point of view today? And where do you think that can go?

Frank Verdecanna

Yes. I think the good news is, if you look at the productivity over the last three years, every year has been getting better and better. And a lot of it is the fact that we're kind of now able to get the bundles and the synergies across products. But we've also had a very consistent sales leadership team, our Head of Worldwide Sales, and our sales leaders in every major region have actually been with the company now for three to four plus years. So, we've had a really good run of consistency of just kind of fine tuning our go-to-market approach and just doing -- continue really good job of being able to actually drive overall OpEx down in sales and marketing, but be able to increase overall productivity on the top line.

Eric Suppiger

So, the pandemic is presumably getting somewhat better here. Can you talk a little bit about how the pandemics affected FireEye? And as we start getting into more of a vaccinated population, how do you think that things will change at FireEye?

Frank Verdecanna

Yes. Surprisingly, there hasn't been a lot of negative impact or even for that matter, a lot of positive impact from the pandemic. I think what we saw initially was, obviously, a lot of companies being a little bit concerned, and not necessarily willing to commit to longer term deals. But that was really just the very tail end of March of last year, and in the second quarter and in the third and fourth quarter, really, it was very little impact whatsoever from the pandemic. We were able to drive consistent growth across various areas.

So, if you look at services, when initially, we were thinking that, lot of our service engagements were delivered on site when COVID hit that we were going to have to do everything remotely, that there might be a slow down there. But the customers, the market, everyone kind of adopted this work from home and virtual perspective. And we've really kind of -- were able to do without missing a beat. And I think we've been very productive. I think there are a lot of people obviously dying to kind of get back to the office and have some level of face to face exposure. But I think once things get a little bit better, I look at as is probably going to go to a hybrid approach for a while.

So people are going to probably -- because they prove that they can be very productive, a lot of people are going to want to come into the office maybe two, three times a week, rather than five days a week, because people are enjoying, saving two hours of non commuting. But I think -- as we look forward, we're ready to get back to it once we can get in front of folks. But the good news is in the meantime, we've been able to deliver all our services, and we've been able to sell remotely.

Eric Suppiger

What about from a demand perspective? Was -- as people start getting vaccinated, do you think that demand is going to change one way or another?

Frank Verdecanna

I think, because we actually play in a lot of different areas, I think there are certain areas that may be doing better in COVID and others may be doing not as good. And so, there may be some shifts within the different areas that may happen kind of post COVID. But, as we looked at it, we were pretty consistent performers across our different solution set. There are probably certain things that performed a little bit better, just because people were more concerned with protecting the remote workforce. And there's probably products like newer products that maybe didn't do as well, because people wanted to just kind of make sure that they work with existing vendors before they kind of work with brand new vendors. So I think there's pluses and minuses to it. I think, as we think through the post pandemic world, we don't see a major shift in any of our products.

Eric Suppiger

Let me ask Rusty, are there any questions from the audience right now?

Question-and-Answer Session

Q - Rustam Kanga

Yes. We have one question, which is, was the SUNBURST attack broader than just SolarWinds? And they cited that a Wall Street Journal article kind of mentioned 30% of accounts, actually were not using SolarWinds that were breached?

Frank Verdecanna

So, from an attack perspective, I mean, the nation states and the criminals out there that are they're attacking companies and individuals, that that goes on constantly in the ransomware cases, it wasn't just SolarWinds. And so, even though they're -- SolarWinds, obviously, had an impact in a ton of different companies in one specific attack, the threat actors have been continuing attacking in various different areas all the time. So, I think the Wall Street Journal mentioned 30%. But, I mean, ultimately, what we see every single day is the 100 companies that were responding to right now, a few of them might be related to the SolarWinds breach, but the vast majority of them are breaches through other means.

Eric Suppiger

I saw I saw in one of your videos that I think it said something to the effect of 75% of attacks penetrate the account, something that was pretty surprising, that Mandiant Advantage, I guess, based on the Mandiant data. Is the threat landscape changing at this point? Did SolarWinds change? Did the evolution of supply chain attacks? Or has the threat landscape changed in just the last few months in light of this particular attack?

Frank Verdecanna

Yes. I don't think it's changed the last few months. I think the threat landscape was elevated before SolarWinds and it continues to be elevated today. I think what did change a little bit and through the SolarWinds process was that people are now more concerned with supply chain defenses and supply chain technology and making sure that their suppliers have adequate controls and reporting and monitoring of things like that. But, we look at because we respond to breaches every single day. And we look at the last couple years, I mean, there's more nation states participating in attacks than there was before. Ransomware is kind of at an all time high. And unfortunately the threat actors have been very successful in that area. And so that will continue. Because there's still a fair amount of money to be made there, unfortunately.

So I think, what we see every single day is more and more attacks and the threat environment continuing to get elevated. But I don't think that was the result of SolarWinds. I do think people now are more concerned with supply chain than they were before SolarWinds. But I think that the attackers have been elevated for quite some time. Now.

Eric Suppiger

The awareness is higher, but the bad actors are not terribly different.

Frank Verdecanna

Right.

Eric Suppiger

But you did say that there's a higher number of nation state attackers, is that correct? Have other countries gotten more active than the traditional few that were focused on that?

Frank Verdecanna

Yes. I think, if you looked at the last couple years, and if you asked us the question, which nation states were participating three years ago. It would have been one or two at any one point in time. If you look at it now, it's five, six plus nation states are participating in various attacks. And so, it is absolutely more elevated from a threat landscape perspective, because there's just more countries involved in it. But also on the criminal side, some of the payouts have been very large on the ransomware side, so you just get more and more people participating from that perspective as well.

Eric Suppiger

Rusty, do we have a question in the queue here?

Rustam Kanga

Yes, we do have one question from client at Fidelity. Curious about how the headcount growth this year would translate into services growth? And what your expectations for that headcount growth are?

Frank Verdecanna

Yes. On the Mandiant services side, we've hired about 100 Mandiant consultants last year, I think we'll hire roughly the same this year. And so, if you look at that side of the business, continues to -- we've had more demand than we have supply, but we've been able to do a great job of continuing to kind of keep up with hiring the best talent out there. And we've done a great job on the retention side as well. So, we feel really good about our ability to continue to hire there and continue to grow that side of the business anywhere from 15% to 20%, year-over-year.

Eric Suppiger

Okay. I think we're going to run out of time. So I think we're going to have to wrap it up there. But Frank, I want to thank you very much. I want to congratulate you on a very successful breach identification with the SUNBURST. And I also want to thank our clients for attending this session. And with that, I will say, have a good day. Thank you.

Frank Verdecanna

Thanks, Eric.