FireEye, Inc. (FEYE) Presents at 2018 Citi Global Technology Conference (Transcript)

FireEye, Inc. (NASDAQ:FEYE) 2018 Citi Global Technology Conference Call September 6, 2018 11:00 AM ET

Executives

Frank Verdecanna – CFO

Grady Summers – CTO

Analysts

Walter Pritchard – Citigroup

Walter Pritchard

So, again, I’m Walter Pritchard, the Software Analyst here at Citi. Happy to have FireEye here with us at 11:00 o’clock. We’ve got Frank Verdecanna, who is the CFO. And we’ve got Grady Summers, who is the CTO. So, as I’ve done in these prior sessions, I’ll run through some questions that we’ve prepared. And then, to the extent there are any questions out here in the room, feel free to raise your hand. We can bring a microphone around, just to make sure we get it on the webcast.

So, Grady, Frank, thanks a lot for showing up and spending the time here at the conference, really appreciate it. Maybe we could talk about — we’ve asked — so, we had quite a few security companies here at the event already and we have quite a few coming after this session here. We’d love to hear your perspective on security demand and especially the threat landscape seems to change pretty frequently, what’s driving that demand as we sit here today?

Grady Summers

I’ll start with that one. So, in terms of threat landscape. I mean, it’s changing a lot. That’s kind of a constant as every year. It seems to change a lot. But this year marked by a lot more activity of course from Russia, Iran, North Korea. And that’s driving — a couple of weeks ago, we had worked at Facebook and Google to take out some Iranian misinformation actors that were on the Facebook and those platforms. So, it’s changing a lot from few years ago when it was all about Chinese, threat rescue and that. All that said, I mean, the market in general, we continue to see healthy growth. But, I think the growth to me has changed from kind of fear and breach motivated spending and much more commonly the customers are looking to simplify their environment, to take out cost, to get more efficient. I hear more and more now, look, we’ve got — we’re capped on security spending growth; we’ve got to figure out how we can gain some efficiencies internally. So, we’re still seeing there is business out there, there is growth, but it tends to come at the expense of like a lot of smaller players when you have somebody coming in to consolidate like we’ve been doing.

Walter Pritchard

Okay, got it. And Frank, anything to add on that?

Frank Verdecanna

Yes. I think, the demand has been pretty broad based as well. So, I think we’re seeing contributions, both across different geos but also across our different threat vectors and really across our portfolio, which has been really good to see.

Walter Pritchard

On the most recent quarterly results as well as in Q1, pretty good top-line numbers and bottom-line numbers. You have a variety of factors that play here with the core NX base, some refresh going on. You’ve got some new products in the market. Maybe you could give us sort of a more of an overview of the high level drivers and how you see those drivers point out in second half of the year?

Frank Verdecanna

Yes. We really did have a really solid second quarter. I think a lot of the things — that demand being broad-based across our portfolio has been really significant. Because the more customers you talk to and prospects you talk to, they all have similar pain points and that they’ve invested a lot in security over time. And now, they have a lot of despaired security products that are not integrated, not tying together, throwing off too many alerts that they don’t have the internal resources to be able to manage to those alerts. And so, they’re really looking for their vendors to do more and to really provide a platform. And so, one of the good validation points in the second quarter was we had 37 deals greater than $1 million. And of those deals, 90% of them had more than one products, and over 50% of them had four or more products. And that’s a change from a year ago or two years ago. We typically would have won in a spoke or two spokes, but rarely would we have gone into a customer and replaced their endpoint, replaced their email gateway, replaced their network, replaced their legacy SIM and bundled it all together as one big package. So, we’re seeing a lot more platform deals than we had seen in the past. And a lot of that I think is because of the vendor consolidation, what customers trying to be more strategic in their security spend.

Walter Pritchard

Got it. Got it. And anything to add there?

Grady Summers

Well, I would just say, the ability to leverage our installed base presents a lot of upside for us because we’ve been kind of 1.5 products per customer historically. The fact that we’ve got a big uptick in four-plus product customers, the last quarter was really a good sign for us, and we see a lot of opportunity to leverage Helix as sort of an inflection point to grow that.

Walter Pritchard

And Frank, maybe sort of tackling the question as we look forward from a little bit of a different perspective. We’ve seen — as the accounting change has gone on across all the software and you guys changed your segmentation a bit coming into the year. So, maybe the way some folks have modeled the business has changed. There is a few revenue streams you have that are declining, you have a few that are growing. There is some product headwinds. You had the FireEye as a Service offering, the Managed Defense that’s faced some headwinds but then the subscription — the other subscription streams have shown quite nice growth. Maybe you could just help us understand, as we look at the second half and going forward, what we should think about these growth drivers, what are headwinds in there…

Frank Verdecanna

Yes. And so, really, right now, the only headwind that we really have is just on pure appliance sales. So, appliance sales, we’ve been kind of flat to slightly down, but the subscription offerings — and now we have a subscription, a cloud subscription offering in every threat vector. So, we used to be on-premise and email endpoint and network, and now we also have a cloud and virtual subscriptions for all three of those areas. And so, we’re seeing really nice growth in the cloud subscription and managed services category. And in any one quarter, there could be some variation between the buckets because ultimately our customers will choose whether they want to be on-prem or in the cloud or where they are in their cloud migration strategy. But, I think in general, we’ll see the cloud subscription being the major growth driver because that’s got Helix in there, that’s got our cloud version of endpoint and email, and most newer customers are opting for our cloud versions of endpoint and email versus the on-prem.

Walter Pritchard

Over to you, Grady on Helix. I think, the question I get from quite a few investors, actually pretty sophisticated in the space, understanding all the different companies and sort of really the landscape. And one of the questions I continue to get is around Helix and what bucket does that fit in, in the industry, is that a SIM, is that integration point for FireEye products? Maybe you could help us understand where that is, how that might be evolving, and how we should think about the market opportunity?

Grady Summers

Yes. So, when we started with Helix a year and a half ago, we were reluctant to not use the S word and describe it as a SIM, because we knew we were missing some components we needed primarily around compliance and reporting angle. So, we really talk more about store capabilities, the orchestration in automation. Over the last six months or so, we’ve kind of added those last pieces that we think we need to be competitive with legacy SIM providers and have started to put together really nice run of SIM takeouts, displacing some of those older SIMs. So, I always differentiate. To me Splunk, we’d really try to coexist with Splunk. It’s a great platform. It’s used for so much more than security. So, for us to try go and go head-to-head would be kind of nonsense. So, we have apps that work with Splunk, we take data from Splunk. So, when a customer…

Walter Pritchard

Sort of sit under you and…

Grady Summers

Yes. Well, I’d say, beside us, we have probably 65, 70 customers that are feeding data right over from Splunk. They take all kinds of IT data from Splunk, use the Splunk forwarding capabilities and a subset of relevant security related beta, proxies, firewalls that type of thing. And then, we do our thing to prioritize, we give them punch back, the API into Splunk. So, sometimes we use just like that or they use our Splunk app interface. So, they have our products and employ data in the Splunk. But more and more getting brought [ph] into stray of SIM replacement. I mean, to be clear, it’s our client’s QRadar, sometimes companies have those 5, 6, 7 years and just aren’t getting the usefulness out of them that they used to. They were ready to go to the cloud anyway. So, it can present a pretty compelling case of getting to the cloud, getting like native analytics and intel integration that they didn’t have before.

Walter Pritchard

So, Frank on the Helix side. I think you’ve been talking about the investments you’re making there since kind of early ‘17, the product came out kind of I recall, mid-’17 or so. Funding that product, I know there is a value proposition around helping to drive these multiproduct FireEye sales or you can have that as sort of the center of the spokes. The other is just the straight up revenue opportunity with Helix. How are you thinking about the sort of return on the investment in Helix versus driving other products versus its straight up revenue contribution?

Frank Verdecanna

Yes. And when we look at the Helix opportunity, we always look at it as what Helix brings to the table, both at the standalone monetization stream but more importantly as a platform, because what we’re seeing is Helix customers generally buy more FireEye spoke products for subscription than non-Helix customers. So, the grand total of the monetization opportunity is our most significant growth driver. Because you’re getting the monetization of the threat analytic subscription by ingesting third-party alerts into Helix but you’re also getting additional spoke sales. And then, your add on intelligence or Managed Defense on top of that. So, it really presents a really great opportunity for us to go into our existing customer base and new customers and install the platform and then have a kind of a constant revenue stream that these customers that buy Helix initially are typically then going in the next quarter, adding another subscription on top of that, or just more EPS by ingesting more and more alerts into Helix.

Walter Pritchard

Got it. And Grady, for you, on this notion of kind of first line products versus second line products, NX feels like kind of came to the market as a check behind the firewall. We do sort of look at traffic that firewall passed on or missed. And you’ve been working towards getting the Company into a position where you’re selling kind of the first line products. Can you just kind of walk us through that strategy at a high level? Then, I have some products.

Grady Summers

Yes, definitely. So, if you back up 18 months, we were the second line for everything, NX to go behind the firewall, or email, we typically have to sit behind a Proofpoint or Mimecast, because we just did a thinner layer security, and we kind of go down the line that way. So, we did, as you mentioned, made a very concerted effort to move up. When we say first line, we need to be able to take that primary budget line item. And so, network is really broadened. We now can do a capable IPS, we now do east-west traffic detection. So, we’ve really broadened the data threat detection module. We’ve broadened what network can do. But to be fair, it’s never going to replace the firewalls. They are very frontline on the edge. In the other three spokes, we’ve made a lot of progress. Endpoint now is a full antivirus replacement, it’s got all the certifications we need. We’ve got in addition to our old Indicators of Compromise like atomic indicator engine, we now do behavior-based detection, we have a commodity AV that we OEM, and we just a few weeks to go announced our machine learning basis classification. So, four engines there. And it’s doing very well in our head-to-head bake offs. So, that’s email, it’s now level one — or I’m sorry endpoint, email, similarly, we’ve added the last piece that we need to — or should be going in the next month that we need to be considered as a security e-mail gateway in Gartner’s terminology. And so now, we do the outbalance scanning, which sort of lets us compete directly in security email gateway space. We’ll probably won’t get into the DOP, or archiving except through the partnerships, but we can incredibly say, hey, we’re security email gateway now. And then, now with adding some of the compliance functionality to Helix, we can now compete directly in SIM. So, I see, 18 months ago, we were in the second line for everything; now, three of our four products areas, we can incredibly say we’re a level one.

Walter Pritchard

Got it. So, we don’t have Bill Robbins who heads sales, here up on stage. But if we were to have him, what would he say about what he’s doing on the sales and marketing side to try to drive more of a sale of these first line products instead of where you’ve been in the past?

Frank Verdecanna

Yes. I think, — so, Bill would — they’re absolutely targeting kind of SIM takeout on the legacy SIM space. So, that’s a really good opportunity for us, because we’ve always traditionally been incremental budget to customers. And so, now being able to go in and get existing budget, and Grady was just working on a deal that we were talking about earlier, internationally, where they’re actually going to save 20% and they’re going in and replacing five of their existing security products. And so, that strategy of being able to consolidate under a platform and actually save money and have a better security architecture, I think is really resonating, and it’s a great sales playbook that I think we’re going to see a lot of over the next few quarters and years.

Walter Pritchard

Got it. And just stepping up, maybe a broader question before we dive back down into some of the product stuff with Grady. Frank, on the sales organization, I know, if we go back 18 months ago, there were certainly even some holes in the organization in terms of people that need to be put in the jobs. You now have those — all those hold still for almost — it feels like almost a year. Is the sales organization, sort of the stability and so forth a hindrance at all at this point in terms of growth or is that…

Frank Verdecanna

No. I think, we feel really good about where the sales organization is. The leadership team has now all been on board for at least a year. And we’re really confident in all of the sales leaders across, all the geos right now. So, I think we’re in a great place there. And I think you’ve seen in our numbers, we’ve hit all our numbers six quarters in a row. And a lot of that is just the maturity of forecasting the sales leadership process the — our overall kind of approach to the forecasting in the business is — because we just have a lot better kind of processes and run rates and visibility than we’ve had in the past.

Walter Pritchard

And how are you looking at — now that things have been stable for a while, looking at productivity and the analysis around adding heads in the sales organization versus — obviously, it’s been a priority on margin, getting to cash flow breakeven and so forth?

Frank Verdecanna

Yes. Now that we’ve got to non-GAAP profitable, our intent is to increase revenue faster than our OpEx. So, we see increasing enhancements to the operating and cash flow margin going forward. I think, the sales function will continue to get more efficient. I think part of that is, we’re finally starting to kind of crack the code on channel leverage. If you remember, back at Analyst Day, we had talked about, by the end of the 2018, we wanted to see 33% of our deals coming from channel sourced deals. We got to that in the second quarter. And so, I think we’re on track to continue to see more and more channel leverage, which will increase the overall productivity of the sales organization.

Walter Pritchard

So, Grady, returning on the product side, you talked about the first line, second line, and you’ve sort of knocked down some of the key peoples you need to have. I guess, diving into the endpoint space. I mean, that space just feels as crowded as I’ve seen in market in security space in a long time. Could you hone in on your differentiation in that market, help us understand like when you’re winning deals, on what necessary we need to be?

Grady Summers

Yes. I guess, I think of three things. The first is, the detection and threat intelligence. At the end of the day, companies need to know that like you’re going to catch the stuff that can take them down. And so, we tend to do well when we get in that bake off situation where they’re throwing a bunch of malware at us and I mean just frankly do better. So, have a better detection and the intelligence to back that up is key. I think the second is, when customers are looking for EDR solution for forensics, they know that we’ve kind of got that depth of experience, it’s the same tool that our consultants use when they got to do engagements. So, you have the EDR that the experts can use along with the endpoint detection platform now that can replace AV.

But, one think Frank is often trying to point out and I totally agree with him is, the power we have with that is that being able to do that platform sale. And so, being able to pull and point deal through when we’re doing an email deal or network refresh for example is something that — Carbon Black or [indiscernible] don’t have the luxury of doing that. And getting back to that point on multiproduct family deals, we’re seeing that work.

Walter Pritchard

And so, we actually have a panel just to shamelessly plug tomorrow. We have a panel on endpoint security. But I guess, Grady, I wanted to get your perspective on this. It seems as though almost everybody in my space is growing. I think, we can see what’s going on. And Symantec for example not growing, but most of the others seems like its growing. Is there just more budget focus around endpoint? Has this become an area that can increase in terms of prioritization or do you think there is something else that drives that?

Grady Summers

So, EDR has definitely opened up new budget. So, everybody had some sort of protection — endpoint protection budget for a decade. But they started to do acquire a new budget when EDR came in. We used to — thinking about like the top third of the market or so, more mature companies. But, we definitely, — I think a lot of this is coming from consolidation though. I mean, look — and that’s one thing CrowdStrike has done really well is being able to — I mean, if you look at — if they plan now, let’s say, we’re going to be everything from device management, policy enforcement, encryption and patch management. It’s dropped it on the one agent. And while we’re not — we don’t have a plan to go that far, we certainly do believe to go and say hey, you have that all McAfee or Symantec deployment now for years, EDR is not probably what you need, the intelligence to backup the alerts isn’t what you desire, we can go ahead and replace that.

Walter Pritchard

Got it. And so, when you’re talking first line in endpoint, you’re talking about the primary endpoint. Because it feels like in endpoint, there the AV, it’s been like the EDR, the add-on product and sometimes there is even this like forensics agent that you’d come as handy. So, is it — and what percentage against it do you see it actually point to one primary product, is that becoming more common?

Grady Summers

Yes. I don’t know the exact number you might think, but I would say, probably 20% of our customers are replacing AV and probably half of them have expressed the interest in doing so, but they’re going cautiously. We have the advantage up till now, we’ve been coming in mostly on hey, you’re looking for good EDR. And then they’re pleasantly surprised to realize we can replace AV. More recently, I’m thinking we had a big European bank testing us, actually looking at the protection piece first. So, we’re starting now with the release of MalwareGuard, the machine learning base classification system. We’re now getting pulled in primarily for the protection and then EDR can kind come on to the ride.

Walter Pritchard

Okay, got. And then, on the email side, I think one thing that is — a pretty clear trend in the market is around email going to the cloud. I know you have both products, I think last quarter you have shared pretty healthy mix…

Frank Verdecanna

Yes. We have seen most of our new email customers coming through as cloud email customers.

Walter Pritchard

Right.

Frank Verdecanna

In the second quarter, we did have some pretty sizable customers that wanted to on-prem. But one of the other interesting things, because we do have both the cloud version and on-premise version, we have a very easy migration path for our customers. So, they maybe six months out to moving to the cloud, but they can still initially buy our on-prem and then have a migration path to the cloud, which I think pretty unique. And it creates a lot of opportunities for us for our customers that are in that hybrid mode which are early on their migration strategy.

Walter Pritchard

Got it. As you look at the mix of that business going forward to some dominated by cloud or do you think the on-premise piece continues to kind of bolster your product revenue?

Frank Verdecanna

I think ultimately, in email and endpoint, cloud will ultimately kind of carry, most of the business will be cloud. I think that could take number of years because we do have a lot of large financial services, large oil and gas, government that just may be able to slower to move to the cloud.

Walter Pritchard

Okay. And Grady, on the NX side and the web proxy to market, is that a market you look at as sort of potentially — mainly on the web proxy side, I understand you’re not trying to be a firewall, network firewall put on the website. How do you look at the market as one where you potentially be the first line product?

Grady Summers

I think for us, it makes more sense to leverage our competitive strengths there. So, rather than us trying — we’ve certainly hit this around. And you’re right, should we kind of acquire our partner into that and be more of a secure web gateway and do the proxy stuff, I think it makes more sense and the path we’ll be going down — breaking out some of our detection capabilities to be more accessible via API, so customers can embed us at that layer. So, if we can’t do the web proxy or firewall, can we be the detection component in those pieces of infrastructure. And that’s leveraging that what we feel very good, which is very extremely scalable and — not going too far field and training in new markets.

Walter Pritchard

Sure. Got it. I’m going to pause here a second to see if there is has any questions out in the audience, we’ll be happy to take those.

Question-and-Answer Session

Q – Unidentified Analyst

Your MDR solution, is that something that you offer as a direct service to your customers or you kind of leverage it for enabling partnering SSPs?

Grady Summers

Yes. Good question. We didn’t talk about our MDR solutions, I just has Managed Defense or what we used to call FAS, FireEye as a Service but we run that as Managed Defense now. That’s something that we offer directly to customers. We’ve — we talk to some of SPPs about layering. We’ve had a few kind of nascent projects in that space that have been very successful, primarily as just direct to customer. So, we’ve seen for example very good attach with Helix when their customers are buying Helix, we’re seeing very good attach and then also taking Managed Defense to go along with that. We can see good attach to our endpoint product as well, which is one of the products that Managed Defense has built around. So, typically sold in conjunction with one of those deals that always does require one of our products to work.

Walter Pritchard

Any other questions out in the audience? So, Frank, going back to you on the channel side. You mentioned you feel like the channels is sort of starting to provide some leverage and boost on the revenue side. I know, historically, there has been a bit of a challenge sometimes with the services business that was competitive with some of those channel partners. How you’ve been able to get through those challenges that you had in the past and from a product perspective, what’s helped to drive the…

Frank Verdecanna

Sure. Yes. I think, there is a few different things. One is, from a competitive standpoint, it typically hasn’t been our services — it’s been more in the Managed Defense, it’s been a little bit more competitive with certain channel partners. But, I think we’re figuring out ways to work with them, and we do the very high end kind of Managed Defense services. And so, there is opportunity to work with partners. And they can do some of the MSSP level services and we can do more of the high-end stuff. So, I think there is opportunities to cooperate with those channel partners. But, I think one of the major changes we made over the last couple of years is really kind of changing the process and how we approach the channel. And some of the things we’ve done on our comp plans to make it so that our direct reps are working with the channel and that they get penalized if they were to pick the deal direct. That’s a non-services deal.

And so, it’s important that we have a kind of a structured process with them. We also — it’s important that if they can consume FireEye products a lot easier. And so if you think about our legacy pricing, where it was appliance-based pricing, with the percentage of subscription and support. It got pretty complex when it was a platform sale, because you’d have — you could have a 20 or 30 line item invoice and building materials, which is a lot more challenging for the channel partners. And we went to a simplified pricing where we now on endpoint we charge by the number of endpoint, email, clearly on the number of email boxes, on network side rather than by appliances. It’s based on megabits per second. And so, it’s a lot easier to consume FireEye products. And I think that’s helped with the new logos and with the channel leverage, because it’s a lot easier today for a channel partner to put it in FireEye order than it was six months ago or year ago.

Walter Pritchard

Got it. Makes sense. And I guess, Grady, from a product perspective, how is this influencing the roadmap in terms of driving the product agenda?

Grady Summers

In terms of channel…

Walter Pritchard

Yes. In consumable, I mean, I thought FireEye five years ago was definitely selling to the ultra-high end of the market. Now you’re talking about mid-market.

Grady Summers

Yes. I mean, that manifests itself in a few ways it influenced product roadmap and one would be the ability for example to more quickly trial our product, something that our channel partners have wanted, back when you had to ship an appliance that wasn’t very easy. And even the early iterations like our cloud, endpoint product or sort of someone joked for fake cloud right, like we hosted it, but, it wasn’t a full SaaS environment where you can just spin up 50 or 100 customers, like that. So that’s been — we’ve been pretty aggressive on that. For example, now we have just unveiled a new way to test email. So, our partner can go and put in a kind of delicate permission information on a 365 mailbox and we’ll go and sweep the mailbox and give them a like a tailored report. So, it’s a 10-minute process now to demo email. So, we’ve been pushing a lot more on that, and just the SaaS where we can see the ability to quickly scale up and down where things are coming to the product roadmap for partners.

Walter Pritchard

Okay. Got it. Is — I guess, Grady, sort of a technical question is for you. We’re seeing large enterprise start to embrace public cloud, maybe still slowly, but they are going in that direction. When you look at the needs of a customer, as they move into deploying workloads and even writing apps natively in an AWS and Azure. How do you think about the security needs changing and what impact is that having on your roadmap?

Grady Summers

Yes. It’s interesting area for us, because we’re convinced to do cloud security right is not just supporting the same bits that you have, running on-premise and firming them up in the cloud. Firewalls are different, they operate at a different level on the cloud. But, yes, we still see a lot of companies are doing well with just taking their same bits, putting in the marketplace and customers want consistency. So, I had [indiscernible] on-promise, I got to get them in the cloud. We don’t think that really addresses the threat factor in the cloud. Similarly, we can’t expect to just take our next box and throw it up in the cloud, it’s meant for different use case, not a server workload but a client side. So, we’ve taken the approach of using the native to — on which the cloud providers. That’s why Helix can natively ingest CloudTrail, GuardDuty, Azure tenant logs, O365 logs, but just plenty of those sources. We’ve got real packs developed around each of those and have really good success. AWS, a lot of richness there, O365 logs have been eye opener. What the types of things you look for account takeover and do force attacks there. So, we’re trying to leverage that native form of tree and then of course we use HX to supplement that where need to and it runs well in all those cloud environments too.

Walter Pritchard

So, we see a substantial number of new skews that are cloud — attacking those unique requirements or is it…

Grady Summers

We like to keep it — no, I’d prefer to keep it simple, certainly cut new SKUs and say look our endpoint products and run seamlessly whether you’re running an on-prem or in the cloud by one license, use it in either place, Helix is very much the same way.

Walter Pritchard

Okay. Again, I’ll pause. If there is any question in the audience, happy to take those. Okay. So, on — one of the themes, I think we started out little bit talking about this with the refresh on your NX base, it has a very strong growth number of years ago in that product line. Frank, could you talk about, what does the refresh look like, how much is a renewal, maintenance or subscription, how much is the purchase of hardware? And I want to go a little bit more in depth on that.

Frank Verdecanna

Sure. So, for the refresh opportunity, we really look at an opportunity to go in as part of their renewal — the refreshing of the clients is the small piece of that. The bigger opportunity is really cross selling and up selling additional spoke products, getting in Helix into that renewal sale as well. And so, the refresh opportunity, just from a pure number of boxes that are coming up for renewal, that continues to grow. ‘18 was bigger than ‘17; ‘19 will be big than ‘18. And that’s because, in the renewals, we see a lot of those initial three-year deals come up for renewals and they renew for a year to try to get another year out of the box. And so, that’s kind of a cascading waterfall into the fall on years of opportunities. And we continue — when a dollar comes up for renewal, we knew more than dollar because of the ability to cross sell and up sell, and it’s a perfect time and engagement to be talking about some of the newer products and getting that customer consolidate more on FireEye and more as a platform than just one or two spoke sale.

Walter Pritchard

Got it. So, we’ll see that largely in billings and then in subscription revenue?

Frank Verdecanna

Yes. It will be in the product and related subscriptions and support and less they migrate to the cloud. And so, we do have email customers that they were on-premise and when the renewal comes up, they’re ready to kind of migrate to the cloud. So, you will see that drop out of the product and related bucket but you’ll see go into the cloud subscription bucket.

Walter Pritchard

Okay. Got it. And then, just as it relates to the cost side that you talked about a few minutes ago, Frank. You’ve done a good job of getting to that non-GAAP breakeven. As we think about sort of a margin framework or sort of how you’re running the business going forward, you mentioned growing revenue faster than you grow expenses. Do you expect to put out some sort of — now you have got those milestones on sort of targets, as we look out, or help investors understand sort of the slopes of those two lines, which could….

Frank Verdecanna

So, we’ve given our long-term target at our Analyst Day of roughly 20% operating margin, but every year because we are growing revenues faster than OpEx, we expect to see increases in the op margin and cash flow margin. And really, as we look at the business, we believe there is a leverage across really all the functional areas. We don’t need — we’ve got over 900 engineers, we don’t need more engineers necessarily, there will be some reallocation and resources to point to different products. But the base of OpEx, I think, we can marginally grow that while growing the top-line much faster than the OpEx. So, I expect to see significant leverage in the model.

Walter Pritchard

Got it. And how you’re thinking about stock-based comp and share dilution and so forth in that framework?

Frank Verdecanna

So, if you look, our stock comp’s come down over time and dilution. And a lot of that is — there is a focus on that obviously. But, as the Company continues to execute, you actually have to use less stock to get to the same amount of comp, which is one of the reasons why we’ve had decent amount of dilution and stock comp over the past few years. But, that’s been getting better and we’re getting more in line with our peers there?

Walter Pritchard

Okay. And then, from a MA perspective, maybe Grady start out with you in terms of the Company. I mean, you actually came to the Company through an acquisition. And the Company and its early history was quite acquisitive and recently not quite as acquisitive. Just from maybe the product side, and holes to fill and the roadmap and so forth, how you’re looking at MA as the accomplishing some of that?

Grady Summers

We did historically have more acquisitions. I wouldn’t say we’re ever super acquisitive, I think I’m six years, I think we’ve done…

Frank Verdecanna

We’ve done seven in the six years that I’ve been here.

Grady Summers

Okay. If youcountsecurity in it. And of those, four of them have been sort of sub-$30 million. But, last year, at the end of the year, we announced the Email Laundry and X15, two smaller fields, both of those. We like the space that we’re in. I really feel, if you add up the addressable market in the four primary product areas, endpoint, email network and SIM automation orchestration, Helix. If we can add another 1% or 2% share growth onto those and start to take share in those big addressable markets, I don’t feel like we need to expand to adjacencies at this point in the spoke. So, you’ll see our MA — definitely we expect to see get back on more regular pace of a couple tuck-ins a year. But there will be the strength in those four areas.

Walter Pritchard

Okay. And Frank, from you in terms of the financial parameters around MA, especially the off chance, something larger emergence, how do you think about the screens to you use there?

Frank Verdecanna

I mean, the good news is, our capital structure today is in a really good spot to be able to do any acquisitions that we’d really feel like would be a really good fit for the Company. Because one, we’re now generating cash, we expect to continue to generate cash. And two, we did do a convert and take out some of our old convertible debt in the second quarter. And so, that gave us pretty sizable balance sheet and we have over $1 billion in cash and investments. We have some debt coming due, little not to do in 2020. Most of it’s due in 2022 and 2024. So, I think we’re in a good spot from a capital structure and just gives us the flexibility we need if anything will arise. But, we’re always very diligent about making sure we use that cash wisely. And I think we’ve got a very good track record of this on our acquisitions.

Walter Pritchard

I’ll again pass it back to the audience and see we’ve got any questions.

Unidentified Analyst

Maybe just one question on the competition front on the SIM side from Splunk and ServiceNow and where are they, what are you seeing from those guys?

Grady Summers

Yes. So, we tend to sit adjacent to Splunk. We don’t go head-to-head to say, hey and say, hey, we’re going to displace Splunk. We’re going to be in head-to-head. It’s a little bit apples and oranges. They do so much more broad data analytics in the IT space, something we would ever do. Functionally, we’re equivalent with the enterprise security modules that they have. But our approach with them is much more haloishhaving to work with Splunk implementation.There is typically multiple owners of Splunk in the company, so we show them our Splunk apps we have that will integrate our capabilities, we talk about how we can take a subset of the data and enrich it and return it via API. So, I’d say, that’s a very good relationship there. ServiceNow is a different beast. I mean, we are starting to see them a little bit more in the security space, but certainly don’t have the same expertise and we’re not seeing out of the box expert workflows or through intelligence enrichment from ServiceNow, so seeing less, Splunk more so.

Unidentified Analyst

Is Phantom on Splunk side, is that more direct competition?

Grady Summers

Yes. That would be a direct competition with the enterprise security module in Splunk with Phantom, would be like, we acquired Invotas two and a half years ago, it’d be like what we’ve done at Helix with Invotas in orchestration. So, yes, very similar and feel like that is validated where we were going a couple of years ago when we said. We see SIM tip with the threat intel platforms and store, all converging pretty quickly into what used to be the SIM. And that’s where I think — there are a couple of incumbent SIMs for those legacy SIM providers and might be a disadvantage there as you see like more like internal analytic driven SIMs like Splunk and FireEye Helix.

Walter Pritchard

Any other questions out there? So, Grady, you’ve run a security operation center before. It’s a — I mean, I’ve done a little bit of shopping looking at what Citi does. I mean, it’s a very labor intensive, people intensive process. And you hear about all the time there’s this labor shortage and security, we can’t get enough qualified people or you as soon as hire somebody and train them up, they leave to go somewhere else. How much of a driver today is the sort of replacing people or with technology — and what is it going to take to really have that if it’s not a big driver today, what’s it going to take to have that be a bigger driver of business and others in the space?

Grady Summers

Yes. It’s huge. So, first time, in all my years in security, we can credibly talk about return on investment. I think lot of the ROI that security vendors have tried to throw out is kind of — it’s hard to justify a return on something to protect assets. But you can really see it now with orchestration and automation. We can legitimately go to a customer and say hey, you’ve got 15 people in the stock, we can free up three of them to do something more interesting by automating these six use cases and like we’ll prove it to you at the end. So, that’s going to effect. We have a vision to — we have talked about the autonomous stock, which is using — we have this machine learning module, actually learns from our Managed Defense experts and can start to close cases much like they were to make determination on true or false, positive.

So, our vision is going to purely autonomous stock that you could have a machine doing the majority of the work except for kind of last line approvals. But, until we get to that point, a lot of that — I think the road automation is band with Splunk, us within Invotas. I think it’s going to be seen more as a feature of what we use to call the SIM, the center of the stock. I’m not sure we’ll see a lot like multimillion dollar deals for orchestration like we did a year or two ago. We are kind of fixing that low hanging fruit. More and more customers are expected to be part of the platform. So, we’ll certainly do a big deal for Helix for example, but they’re not looking to pay like separate distinct for automation.

Walter Pritchard

Got it. So, that doesn’t necessarily end up as a separate SKU, it’s more of a…

Grady Summers

Yes. That’s within our vision is it’s just got to be part of the fabric of the stock, not yet another tool that you stick on.

Frank Verdecanna

Okay. I’ll give the audience one last chance here with Grady and Frank, if there is anything you want to ask them, otherwise we’ll wrap it up here. All right. Thank you very much for coming. Thank you all for participating.

Leave a Reply