Image source: The Motley Fool.
FireEye Inc (MNDT)
Q3Â 2018 Earnings Conference Call
Oct. 30, 2018, 5:00 p.m. ET
Contents:
- Prepared Remarks
- Questions and Answers
- Call Participants
Prepared Remarks:
Operator
Good day, everyone, and welcome to the FireEye Third Quarter 2018 Earnings Results Conference Call. At this time, all participants are in a listen-only mode. Later we will conduct a question-and-answer session and instructions will follow at that time. Also this call is being recorded.
At this time, I would like to turn the call over to Kate Patterson. Please go ahead.
Kate Patterson -- Vice President of Investor Relations
Thank you, Daniel. Good afternoon and thanks, everyone on the call for joining us today to discuss FireEye's financial results for the third quarter of 2018. This call is being broadcast live over the Internet and can be accessed on the Investor Relations section of FireEye's website at investors.fireeye.com. With me on today's call are Kevin Mandia, FireEye's Chief Executive Officer; and Frank Verdecanna, Executive Vice President, Chief Financial Officer and Chief Accounting Officer of FireEye. After the market closed today, FireEye issued a press release announcing the results for the third quarter of 2018.
Before we begin, let me remind you that FireEye's management will make forward-looking statements during the course of this call, including statements relating to FireEye's guidance and expectations for certain financial results and metrics; FireEye's priorities, initiatives, plans and investments; drivers and expectations for growth; the expansion of FireEye's platform and the benefits, capabilities and availability of new and enhanced offerings; competitive position, market opportunities and go-to-market strategy.
These forward-looking statements involve a number of risks and uncertainties, some of which are beyond our control, which could cause actual results to differ materially from those anticipated by these statements. These forward-looking statements apply. As of today, and you should not rely on them as representing our views in the future. We undertake no obligation to update these statements after the call. For a detailed description of the risks and uncertainties, please refer to our SEC filings, as well as our earnings release posted an hour ago. Copies of these documents may be obtained from the SEC or by visiting the Investor Relations section of our website.
Additionally, certain non-GAAP financial metrics will be discussed on this call, we have provided reconciliations on these non-GAAP financial measures for the most directly comparable GAAP financial measures in the Investor Relations section of the website as well as in the earnings release. We'd also like to remind you that the results included in this call and the earnings releases are using the ASC 606 revenue standard. Finally, I'd like to point out that we have posted the supplemental slides and financial statements on the Investor Relations section of the website.
With that, I'll turn the call over to Kevin.
Kevin Mandia -- Chief Executive Officer & Director
Thank you, Kate. And I'd like to thank all of the investors, employees and customers and partners that are joining us on this call. We appreciate your continued support in FireEye. This is the seventh consecutive quarter we have done what we said we would do, meeting or exceeding our guidance ranges for all our key financial metrics,. We posted billings at the high-end of our range, revenue, operating margin and cash flow were above guidance and we achieved non-GAAP profitability for the second consecutive quarter.
And these are the results of a company building for the long term. In addition to delivering our financial results, we continued to increase our innovation velocity, improve our entire product portfolio, while also providing world-class security services and threat intelligence. Now Frank will take you through the detailed financial metrics in a moment. But I'd like to reinforce our message from the last few quarters.
We have made tremendous strides improving FireEye's productivity and efficiency. We have returned FireEye to sustainable growth, while increasing profitability in cash flow and we have accelerated innovation across our entire portfolio of products and services. Over the past few years, we have turned FireEye from an appliance company with declining sales into a more efficient software company with sustainable growth, while building a platform that will power the future of security operations.
With the transformations we are achieving and with our expertise and intelligence driving continuous innovation cycle, this is an exciting time to be at FireEye. So I want to take a moment to recognize and thank all the FireEye employees for their effort, there ingenuity and the team that brought us to this point. Now let's discuss some recent highlights.
We continue to leverage our diversified portfolio to drive growth. Most security companies are one dimensional, but FireEye is diversified and we are able to acquire customers and find new ways to deliver value to existing customers. We have done this by creating a multiple of avenues into our customer base, including services, threat intelligence, endpoint security, email security, network security as well as our Helix platform. So we have many avenues in, many avenues for upsell.
Of the 43 transactions in the third quarter that were over $1 million, 42 involved multiple products or services and approximately 75% of these transactions involves three or more of our solutions. We added 243 new logo customers to FireEye, we provision more than 100 new Helix customers. And we had another record quarter for Mandiant services revenue and year-to-date we have responded to more security incidents, provided more proactive security assessments and expanded internationally.
We have evolved the SIEM component within Helix adding approximately 30 new reports and other capabilities in addition to adding value to SIEM deployments with orchestration and our embedded threat intelligence, our SIEM capabilities have led to displacement of some of the most popular providers of SIEM solutions to enterprise class customers. We launched Malware Guard, our machine learning, signature list endpoint protection capability, which has led to the displacement of the legacy endpoint providers.
Beyond detecting what AV detects, our endpoint security solution also detects threats that AV misses and arms incident responders with the comprehensive forensic capabilities, they need. We are on pace this year to train more security experts than any other year in our history. And it is important to note that these classes are not just product training, but more than 20 different security courses addressing the needs of intelligence officers, law enforcement personnel, government personnel and security practitioners from around the world.
By training the security experts, we are helping to create the next-generation of security capabilities and professionals. We continue to distinguish ourselves from the pack with our thought leadership and threat intelligence. In recent months some of this work has included first identifying and Iranian influence campaign designed to impact public opinion during elections in the United States.
Second attributing global financial crimes to North Korean cyber attackers (Technical Difficulty) industrial control systems. Our threat analysts and incident responders inform our understanding of the attackers and their specific tools, tactics and procedures and in turn this intelligence allows us to better protect our customers, while building better products. Managed Defense had one of its best quarters ever. With Managed Defense, we can provide our customers with the solutions they need to optimize their security operations themselves or we can do it for them.
And we made FireEye products more accessible and easy to test drive by launching FireProof, our first click-to-try evaluation. FireProof enable organizations to assess their cloud email security at no charge with no software or hardware to deploy. I expect our click-to-try for our email security service will expand our reach as well as our channel leverage due to its ease of demonstrating value. And we plan to introduce a similar click-to-try option for our endpoint security in the near future.
We launched the FireEye marketplace as we build out our Helix platform, we know we need an ecosystem of applications that run on Helix, applications developed by partners, customers and FireEye employees. Today, we have released hundreds of applications to our new FireEye marketplace and we have had hundreds of downloads in the first month. The FireEye marketplace is a key component of our community defense strategy and we plan to open it to third-party developers in early 2019.
We also moved closer to putting expertise on demand directly into our products. We have always believed in the need for both, technology and people to address the ongoing security challenges organizations have. With expertise on demand, our customers will be able to quicken in our technology to obtain advanced security services such as malware analysis, forensic analysis or threat intelligence. We believe, providing a seamless way for our customers to get the security expertise they need, when they need it most priced on a consumption basis is the future of Security-as-a-Service.
So I believe our third quarter results reflect some of the fundamental shifts defining the future of cyber security. These shifts include a greater emphasis on integration and automation to make security operations more efficient and effective. A move toward cloud and hybrid architectures at a pace dictated by our customers. And recognition that technology alone will not solve the cyber security problem and having a cadre of experts, only a click away will become indispensable.
Leveraging millions of hours of incident response experience and a decade of gathering threat intelligence across the globe, we have built an innovation cycle that will continue to differentiate FireEye products and services and drive our success as the industry evolves. And with cloud, virtual and on-premise versions of our solutions, we are ready and able to achieve our mission to relentlessly protect our customers with innovative technology and expertise learned on the front lines.
Before I turn the call over to Frank. I would like to thank the customers who put their trust in us and rely on our expertise to safeguard their enterprises. And I would also like to thank our partners who work with us to meet the needs of a growing community of organizations worldwide. Frank will now provide you with a detailed review of the financial metrics. Frank?
Frank Verdecanna -- Executive Vice President, Chief Executive Officer & Chief Administrative Officer
Thanks, Kevin, and hello to everyone on the call. On our last two quarterly calls, I said that I believe that with our best-in-class products, simplified pricing and packaging and an energized team, we were on a path to sustained growth and leverage in our financial model. In Q3, our vision for the future of security supported by our differentiated threat intelligence and expertise resonated with customers, resulting an increases in the number of new logo customers and expanded commitments from our existing enterprise and government customers.
The metrics also underscore the dramatic transformation of our business and our business model over the past few years. The positive trends over the past few quarters continued into Q3. First, business momentum continues to diversify across product families and geographies. In 2015 excluding professional services, almost a third of our non-services billings were for physical appliances. And through Q3 2018 year-to-date, appliances accounted for less than 15% of billings.
In 2015 on premise network and email with their related subscriptions and support accounted for approximately 70% of our non-services sales. For year-to-date Q3 2018, the mix split is about 50-50 between network and email appliances and attached subscriptions. And our newer products such as Managed Defense, Endpoint, Intel, Helix and cloud or virtual versions of our email and network products. This is a remarkable transformation less than 3 years.
Second, as billings shift away from appliance-based products to virtual, cloud and hybrid, the mix of recurring subscriptions and support is increasing, which is good for the long-term growth of our business. At the same time, billing for appliance hardware has stabilized and even grew slightly on a year-over-year basis this quarter. Third, we continued to drive efficiencies and leverage in our operating model. A higher mix of software and cloud solutions, increased operating efficiencies and focus on productivity are all factors in our improved margin profile.
We've gone from negative 7% billings growth in 2017 to imply new growth of 10% at the midpoint of our 2018 guidance, a swing of 17%. As Kevin said earlier, very few companies are able to make this turn and even a few are able to do so, while increasing operational efficiency. I'm proud to be part of the team that made this happen, and I'm excited about what's in store for the future.
Before I review the detailed metrics, let me remind you that I'll be referring to non-GAAP metrics except for revenue. Our non-GAAP measures exclude stock-based compensation, amortization of intangibles, non-cash interest expense on our convertible debt and other nonrecurring items. Also note that prior period results have been adjusted to reflect the adoption of ASC 606 as of January 1, 2018.
The adoption of the new standard resulted in multiple changes to our business model, most significantly the ratable recognition of most of our appliances. As we go through the detail of our Q3 results, I will highlight a few key points to address some of the questions we have heard over the last few quarters as investors and analysts adjust their models.
Turning to the results. Total billings were $219 million at the high end of our guidance range of $210 million to $220 million. Product and related subscriptions and support billings were up 7% year-over-year. This category includes all products deployed on-premise or in hybrid environments. It includes both physical and virtual appliances. Cloud MVX, on-premise Helix security orchestrator and all the subscriptions and support billings related to these products.
We have disaggregated this category further to give you a view into products versus recurring billings. In Q3, product accounted for approximately 30% of the product and related subscription and support category and increased 5% from Q3 2017. Product related subscriptions and support, formerly known as TAP subscriptions and support accounted for approximately 70% of this category and increased 8% from Q3 2017. Growth and virtual deployments and Cloud MVX was a significant contributor to the subscription growth in the quarter.
The second breakout category cloud subscriptions and managed services increased 20% sequentially and 16% year-over-year, reflecting ongoing strength in Managed Defense, stand-alone iSIGHT threat intelligence, Helix subscriptions and cloud emails. In Q3, this category accounted for 27% of total billings. With strong performance in both product related and cloud subscriptions, recurring billings grew 11% year-over-year and accounted for 80% of our non-services billings or 65% of total billings.
We continue to achieve renewal yields of greater than 100% including cross-sell and upsell. The weighted average contract length for product and related category was about 31 months, down a half a month from Q3 2017. The ACL for cloud subscription category, which is all recurring subscriptions was about 25 months, down from about 26 months a year ago. The weighted ACL across all routable billings in Q3 was about 29 months, down about a month from Q3 2017.
I know ACL is closely followed. So I want to provide some additional color on the trends we've seen over the past few years. First, the declining trend in the weighted ACL for product and related billings has reflected the decrease in appliance sales both in absolute dollars and as a percentage of total billings. The decline in appliances also impacted the weighted average ACL across all ratable billings.
However, if you exclude appliances and look at the average contract length for just the reoccurring billings, the ACL has averaged about 24 months since 2017. This is an important point. The stability in the recurring billings average contract length suggests that this metric is not a meaningful headwind or tailwind to overall billings growth. For the same reason, ACL trends do not indicate any meaningful change in customers' preferences or commitment to FireEye's technology.
I believe that the best indicators of customers' willingness to commit to FireEye technology today and into the future are; one, the customer retention rate; two, the yield on subscriptions up for renewal; and three, the growth in new customers. Our customer retention rate remains approximately at 90% and we added more new customers in Q3 2018 than we did in Q3 2017. Our performance on retention, cross-sell and new business are all reflected in the annual recurring revenue or ARR metric. For ARR to increase, the pool of recurring business must expand. Straight up renewals without upsell or new customer subscriptions would just keep it flat.
We ended the quarter with $538 million in annual recurring revenue, an increase of $50 million or 10% year-over-year, an increase of $60 million or 3% sequentially. ARR for subscriptions for both breakout categories increased. ARR for cloud subscriptions and managed services increased more than 20% year-over-year for the second quarter in a row reflecting the momentum we're seeing in this segment of the business.
Turning to revenue and the income statement. Revenue in the quarter was $212 million, above our guidance range of $206 million to $210 million and up 7% year-over-year. Approximately 90% of our non-services revenue or $159 million was recognized from current deferred revenue associated with prior quarter billings. Our strong revenue performance was accompanied by continued discipline on the cost and expense lines with total COGS and operating expenses down about $800,000 from Q3 2017. The year-over-year increase in revenue was fully reflected in operating income, allowing us to achieve record operating margin of 7%. The decrease in expenses from the second quarter was primarily due to lower payroll taxes.
Turning to the balance sheet and cash flow, we continue to maintain a very healthy balance sheet with cash and short-term investments of $1.1 billion, an increase of $13 million from prior quarter. We ended the quarter with receivables, about $129 million and DSOs calculated on billings of 54 days, slightly below the low end of our target range of 55 to 65 days.
Ending deferred revenue was approximately $887 million split 60-40 between current and long term. Since I know many of you track the changing in current deferred revenue as a way to adjust for changes in the average contract length of recurring billings, let me take a moment to go into a little bit more detail on how the adoption of ASC 606 is currently impacting our current deferred revenue.
Under the 606 standard, we recognized appliance revenue over 48 months. Because appliance sales were higher in prior periods than they are today, we are recognizing more appliance revenue from deferred revenue and we are adding back from appliance sales in the current quarter. As a result, in Q3, current deferred product and related revenue declined by $6 million from Q2 and $20 million from Q3 a year ago. This decrease was more than offset by increases in current deferred revenue in other areas of the business. The net result is a sequential increase in current deferred revenue of approximately $3 million that you can calculate from our balance sheet.
If you exclude the changes in deferred product and related revenue associated with -- from past appliance sales, current deferred revenue would have increased approximately $36 million year-over-year and approximately $9 million, sequentially. Total deferred revenue would have increased $14 million sequentially and $61 million from a year ago.
Turning now to our (Technical Difficulty) $9 million. Non-GAAP operating cash flow, which excludes $43.6 million non-cash item associated with the repurchase and retirement of the 1% convertible notes is expected to be between $60 million and $65 million, a $2.5 million increase at the midpoint compared to the midpoint (Technical Difficulty) GAAP or as reported operating cash flow is expected to be in the range of $16 million to $22 million. CapEx is expected to be in the range of $45 million to $50 million. CapEx for 2018 includes approximately $60 million associated with our move to our new headquarters earlier this year.
Based on the above and excluding the non-cash item associated with the retirement of convertible notes in Q2, we expect to achieve positive free cash flow for the year. Our outlook for the fourth quarter is essentially unchanged from the outlook implied by third quarter and annual guidance ranges we provided last quarter. For Q4, we expect billings in the range of $245 million to $255 million, implying 4% year-over-year growth at the midpoint.
Recall that Q4 2017 billings included a $10 million plus transaction. Excluding the $10 million plus transaction from Q4 2017, the Q4 growth rate at the midpoint of our guidance range would be 9%. We expect revenue in the range of $214 million to $218 million, implying 5% year-over-year growth at the midpoint. Given this revenue range, we expect operating margin between 5% and 7% and earnings per share of $0.04 to $0.06, based on fully diluted weighted average share count of approximately $201 million.
Our earnings per share guidance reflects cash interest expense of approximately $3.5 million and tax expense between $1 million and $2 million. Operating cash flow is expected to be in the range of $30 million to $35 million and we expected to generate free cash flow in the fourth quarter.
That concludes my prepared remarks, we'll now take your questions. Operator?
Questions and Answers:
Operator
(Operator Instructions) Our first question comes from Andrew Nowinski with Piper Jaffray. Your line is now open.
Andrew Nowinski -- Piper Jaffray -- Analyst
Thank you very much and congrats on another good quarter. Maybe if you could just start Kevin, I've got a -- just a one question and a follow-up, if you just give us any color on the US federal demand this quarter and how that tracked according to your expectations?
Kevin Mandia -- Chief Executive Officer & Director
Yes, I tracked exactly what we wanted to do, in fact, it exceeded expectations a little bit. We have a great federal sales team with great experience, and what I've found especially here in the US, a lot of the government buyers love to buy our technology along with some services to go along with it. And because we have both halves of that equation, we can provide more value. So bottom line, we did what we expected to do with, in regards to our federal business and we have a strong federal business.
Andrew Nowinski -- Piper Jaffray -- Analyst
Great. And then with regard to the endpoint. I think you mentioned you displaced some legacy vendors, are those -- yes, are primarily existing FireEye customers that are deploying other FireEye solutions in addition to now your endpoint or are you seeing your endpoint solution coming in as a stand-alone win and bringing in new customers at FireEye?
Kevin Mandia -- Chief Executive Officer & Director
So in general, when I look at bringing in the new logos, endpoint is one of the top three ways that we do that. But on the one that came to mind where we replaced a legacy antivirus endpoint. It was a customer that's bought several of our solutions.
Andrew Nowinski -- Piper Jaffray -- Analyst
Okay. Thanks. Keep up the good work.
Kevin Mandia -- Chief Executive Officer & Director
Thank you, Andrew.
Operator
Thank you. And our next question comes from Saket Kalia with Barclays Capital. Your line is now open.
Saket Kalia -- Barclays Capital -- Analyst
Hey, guys, thanks for taking my questions here. How are you? Hey, Frank, maybe just for you, I'd love to dig into that cloud subscription billings line a little bit, I think there are a few puts and takes kind of quarter-to-quarter, I think you said last quarter, there were fewer iSIGHT renewals, maybe next quarter we've got a slightly different comparable. And so the question is, can you help us think about growth in that line item over the long term, especially as we see more -- to your point, see more of a shift to cloud products and cloud form factors?
Frank Verdecanna -- Executive Vice President, Chief Executive Officer & Chief Administrative Officer
Yes, I think that line item is where you're going to see a lot of our growth coming from and if you think about what's rolling into that line item you've got Helix the subscriptions related to Helix and that would include both expertise on demand. It would include cut to the SIEM takeout, which is really our Threat Analytics subscription. It also includes our cloud email Managed Defense and our Threat Intelligence subscriptions all which had a strong quarter in the third quarter, which was one of the reasons we saw a nice growth in that line item. But I think you're going to see that continue in Q4 and into 2019 given that most of our growth drivers are coming on that line item.
Saket Kalia -- Barclays Capital -- Analyst
Got it. That makes sense. Maybe follow up for you Kevin kind of related to the earlier question on US federal clearly a strong vertical for FireEye one that you're clearly connected with. A lot of focus just in the media this year on security around elections. I guess maybe just the two part question that is how true is that in terms of elections maybe driving more scrutiny and security spending? And then I guess relatedly, is the strength in that vertical, sustainable in a non-election year or slower election season like next year for example?
Kevin Mandia -- Chief Executive Officer & Director
Yes, I think, I answered this question even more broadly. And just, you see the rising importance of cyber security, not just in the impact on information operations and trying to sway public opinion, not just in the threat of trying to tamper with the democracy or the systems that promote democracy. But as you look at self driving cars, you look at watches that can talk, you're going to have medical condition or not. We are all living more connected ergo the importance of trusting those connections have never been more important. So I put election security into just a sub-bucket of the increasing importance of getting security right and what's at risk if we don't get it right, self driving cars, human health, the production of energy and the outcomes of elections. That being said, getting straight to the elections use a Star Trek term from the past where shields up in this nation on the elections, right now it's a community defense effort with lots of organizations behind that efforts. So I feel confident that we'll be just fine this election.
Saket Kalia -- Barclays Capital -- Analyst
Got it, very helpful. Thanks guys.
Operator
Thank you. And our next question comes from Walter Pritchard with Citi. Your line is now open.
Walter Pritchard -- Citi -- Analyst
Hi. Thanks, Kevin. I wonder if you can talk about -- it sounds like the little bit of a product headwind in your underlying business is growing a little bit faster. Could you talk about within that non-product business or were you're seeing the most incremental SaaS relative to maybe expectation a few months back? And then as we look at into next year, do you think you'll still be talking about the product headwind sort of having to adjust those out to look at the growth rate of the business, you think will be more of a clean growth number if that stuff going on?
Kevin Mandia -- Chief Executive Officer & Director
Yes. So we're always going to be looking at. We had some core products start to decelerate a few years ago and we always want to overcome them with the new products. What I look at is three things in regards to things outside of those core products we IPOed on years ago, first Managed Defense added one of its best quarters ever and that's the ability to get endpoint network and email security and our expertise behind it. Our endpoint getting into endpoint protection was important for this Company. We were the company that detected what everybody else missed. That's a great niche to be in, but over time, you got to expand into adjacencies like detecting what everybody else detects as well and we've done that on the endpoint, we're doing that in email and that's good. About the thing I'm most bullish about going into 2019, as I love the idea of watching on expertise on demand, Walter, and what that means is, we have great malware analysts. We have great forensic analyst, we have threat intelligence folks that speak 32 different languages. These are all expensive resources for every company to maintain on their own. We have a way to be a seamless extension of everybody security operations. Right now, we can already sell it, but I'm going to be able to put right in the product they click to chat with malware analyst, click to get that forensic analysis done. And I think those things can create good growth for us because it's consumption-based, customers can engage us when they need us most. And I think that's going to be a driver as well. We've only been soon after about a quarter now and I expect to see that grow more and more as we bring it more into our products in more into our thought processes. So hopefully I answered your question, but I look at Managed Defense, our cloud-based emails doing well, threat intelligence is doing well and inside of this services, I also think it's very important. The way -- when I advise senior leaders of companies, they always want to know how good is my security and you got to test it. And I think the only way to get unvarnished through testing it is to do what we call Red teaming exercises. So as I go to prospects, I do feel for that particular service, it's a hot right now, there is a need for Red teaming. And when I mean Red teaming, I mean an exercise to test the security of an organization and not just see if you can break into the organization, but see if you can break in and get the somebody's email, or break-in and get to customer data, or break in and make some kind of threat become a reality that the CEO doesn't want to see. So I think that, if you're looking for the specifics that feels like a hot service to me right now and training is always important. We've trained some of the best minds in security and we're having our best year ever and I'm seeing as I travel around particularly in government buyers, in other nations, they want us to train their folks. So I'll stop there, I can keep going, but I think I've provided enough.
Walter Pritchard -- Citi -- Analyst
And just one follow-up there Kevin, on the email, can you talk about what manager or sort of how frequent it is, if you like to being deployed the primary defense in the new business there versus sort of behind in a product?
Kevin Mandia -- Chief Executive Officer & Director
Right now, I think primarily we are second layer of defense in emails still.
Walter Pritchard -- Citi -- Analyst
Okay. Thank you.
Operator
Thank you. And our next question comes from Gabriela Borges with Goldman Sachs. Your line is now open.
Gabriela Borges -- Goldman Sachs -- Analyst
Good afternoon. Thanks for taking my question. One for Kevin, if I may, on the SIEM landscape. Could you give us an update on how customers are thinking about adding you as an additional layer on top of this versus maybe some of the displacement opportunities that you talked about in the prepared remarks? And what types of functionality is standing out versus some of the incumbents in the space? Thanks.
Kevin Mandia -- Chief Executive Officer & Director
Yes. So when I look at security operation, it seem to me at least the traditional SIEM was the data aggregator and then present the data you aggregated to make sure you are compliant with some capacity. And then the second generation was let's take that data and allow some action on it, not necessarily smooth automated orchestration, but some action. As we build Helix, Gabriela, what I'm noticing is, we're building it to take threat intelligence and provide context and answers. We're building it so that you can go from data, to action, to fix, I always call that the alert to fix process. And as we're building Helix in the apps that go with it, it just so happens that we have to create a SIEM map, that app that takes in a common event format and other data and present in a meaningful way to the folks that are sitting in the Security Operations Center, which is what the first gen of SIEM kind of did. And then we added the compliance reports to it. So I kind of almost want to answer the question and what if the next-gen SIEM do? Well, it's got to be able to do analytics. It's got to be able to have threat intelligence management from many different sources. It should be able to answer questions, provide better workflow, aggregate the data and orchestrate the counter measures and automate the security operations that you can automate. And as we keep building Helix, what we've noticed is, we're getting to a point in Helix where a SIEM takeout is a reality. We can do it. That doesn't mean, we can't offer value side saddle to SIEM, meaning if you already have as a prospect, all your data in the SIEM by adding Helix it's like adding our security expertise to your security operation center, you can know what we know based on our threat intelligence. We can take alerts from the minimization you do in your current SIEM and provide context to it and provide value on top of that. So we don't have to go in and tear SIEM out and say, here we are. We offer value on top of pre-existing SIEMs in regards to orchestration and threat contacts. But we've also recognized as we build out Helix we need those SIEM features in there.
Gabriela Borges -- Goldman Sachs -- Analyst
That's helpful. Thank you. The follow-up is for Frank, if I could. I thought that $36 million disclosure was really helpful. What the short-term deferred would have been had it not been for the change in product revenue recognition. Do you have a sense for what that would have been for billings year-over-year growth? And the forward-looking question is, could you just give us an update on how much visibility you feel you have into the pipeline now versus a year ago now that all the go-to-market changes have been implemented? Thank you.
Frank Verdecanna -- Executive Vice President, Chief Executive Officer & Chief Administrative Officer
Sure and with respect to the change, yes, we'll started providing that slide in that metric just to show the big impact from ASC 606 and that headwind from product going down and relieving current deferred revenue and then not adding back as much into that. But I think as you look through that you can see that the other areas of the business, primarily the cloud subscriptions and managed services more than made up for that decline. And then with respect to the pipeline, I think we've got -- given that we've got a mature sales leadership team. I think from a pipeline perspective, we have a very much consistent methodology about our forecasting and pipeline, and I think you've seen that in the results with us achieving our numbers the last seven quarters in a row. And so I feel really good about kind of our pipeline visibility into kind of the next few quarters, obviously the -- beyond that, we obviously, don't have a ton of visibility into much beyond the next few quarters. But as we sit here today, we feel really good about the pipeline.
Gabriela Borges -- Goldman Sachs -- Analyst
I appreciate the color.
Operator
Thank you. And our next question comes from Gregg Moskowitz with Cowen and Company. Your line is now open.
Gregg Moskowitz -- Cowen and Company -- Analyst
Okay, thank you very much and good afternoon, guys. I'll add my congratulations as well. First question is for Frank, just wondering if there is any way to roughly measure what impact the new subscription model had on billings and recognize revenue in the quarter?
Frank Verdecanna -- Executive Vice President, Chief Executive Officer & Chief Administrative Officer
So the new pricing and new subscription model had an impact in the third quarter, but I would say it's still really early days. We just came out with that really at the very beginning of the second quarter. So we saw some good contribution from that in the third quarter, but more importantly, we saw a pretty significant uptick in the pipeline relating to those new subscription offerings.
Gregg Moskowitz -- Cowen and Company -- Analyst
Okay, perfect. And then just for Kevin, you always I think have sort of thing around the polls of EDR market and just curious, what you're seeing or hearing with respect to pricing, specifically with next gen guys? Thank you.
Kevin Mandia -- Chief Executive Officer & Director
I haven't felt a shift in the pricing. I've always believed with -- we had signature-based detection on the endpoint and then we went to signature less and that's what the next-gen does. And I just -- I'm very pleased with the results that we've seen with our Malware Guard. So we have the next-gen detection capability and the FireEye Endpoint now. And yes, I'd like to use this opportunity, most people don't think of FireEye as an endpoint company. We absolutely are. We just backed into it. We built the forensics capabilities first, which I think are the hardest things to build, then we got into Endpoint Protection with signature-based and the signature was tough that we -- we're not new to it. We have had models and we've been working on since 2009, 2010 timeframe, but we got it to market, I believe in August of this year in Q3, and we just love the results we're getting on the protection. On the pricing, to answer your question directly, I have not felt a shift in the pricing on next-gen endpoint.
Gregg Moskowitz -- Cowen and Company -- Analyst
Okay, that's helpful. Thanks, Kevin.
Operator
Thank you. And our next question comes from Michael Turits with Raymond James. Your line is now open.
Michael Turits -- Raymond James -- Analyst
Hey guys, good evening. Two questions. First on the Helix, now with the new capabilities out for a point third-party data as well as automation. I was wondering, what -- if you can talk about what you think the outlook is for monetary conversions Helix? And then I've a follow-up.
Frank Verdecanna -- Executive Vice President, Chief Executive Officer & Chief Administrative Officer
Yes, Michael. So in the quarter, we did close over 100 Helix customers, about a third of those included subscription for the Threat Analytics. So if you think about those customers are basically signing up to be able to ingest third party products into Helix and they're paying us on an events per second basis. So that's one monetization model, but one of the other things as Kevin talked about earlier was the launching of the expertise on-demand, which is basically going to be a click to chat button within Helix. And so we just started selling that and we really expect that to have a pretty significant monetization stream on top of Helix as well.
Kevin Mandia -- Chief Executive Officer & Director
Yes and the third one is just bringing the intelligence to the person in the operation center, where we can marry up that contacts that you subscribed to and you can get full color. What I found throughout my career and to some extent it surprised me when someone has a compromise, who did it absolutely matters, what those people normally do when they break in the company's absolutely matters. So that you can assess risk and we have the ability to bring our intelligence to market not just as a subscription directly, but also make it easier to consume right in Helix.
Michael Turits -- Raymond James -- Analyst
Great. And then for my follow-up, I just wanted to -- last quarter, you commented that I believe the billings to me that you said, your pipeline growth was double-digit. And we have some nice double-digit metrics. This quarter is still around cloud subscription. Can you comment again on how that pipeline is doing and maybe walk us through to the point where we can actually see that driving both top line and billings at that double-digit level?
Frank Verdecanna -- Executive Vice President, Chief Executive Officer & Chief Administrative Officer
Yes, so, I mean the pipeline has been growing very nicely. And I think, again, we focus very much on the current quarter and the next quarter thereafter. Beyond that people are -- is -- don't put as much data into the tool beyond the next few quarters. But I think as we look at the cloud subscriptions and managed services, you can see that has been growing nicely double digits and when you look at the newer products that we've launched and the innovation on those new products, we have been seeing double-digit growth there.
Michael Turits -- Raymond James -- Analyst
Thanks.
Operator
Thank you. And our next question comes from Fatima Boolani with UBS. Your line is now open.
Fatima Boolani -- UBS -- Analyst
Get afternoon and thank you for taking the questions. Kevin, maybe to start with you a question on your consulting business with Mandiant. It's been pretty strong internationally and I know this quarter was a little bit lighter than what we were looking for. But I'm curious if that's a function of you just being capacity constrained, as an organization or if sort of there is any change into the domestic demand environment for Mandiant consulting services? And I have a follow-up for Frank.
Kevin Mandia -- Chief Executive Officer & Director
Yes, I don't feel any change in the demand for and we're a product company, first and foremost, but we love being out on the front lines. And I think, maintaining that, what I call the Incident Response Vantage point, where we responded the breaches that matter and we try to get that front row seat to help technologies abated, how processes need to work and we take advantage of that by building and innovating our products around it. I don't feel -- when I look at the services and I look at our chargeability and what we're doing at Helix performance. Yes, I don't know what your expectations were. But I looked at it and it did what we expected it to do.
Frank Verdecanna -- Executive Vice President, Chief Executive Officer & Chief Administrative Officer
Yes, Fatima, we actually had a record services revenue quarter. I think you were referring to services billings and the thing to keep in mind in services billings is, there is always a different mix of fixed bid versus time and material contracts. And so demand has been as strong as ever. It's just a matter of -- the billings number will always change based on the mix of how many deals are time and materials, which are build after delivery versus fixed bid compromise assessments that would be billed upfront.
Kevin Mandia -- Chief Executive Officer & Director
And to reiterate from my remarks earlier -- the prepared remarks, year-to-date, we're responding to more breaches than In the past and we're doing more assessments than in the past. And then I reported last quarter that about a third of our business was international. I didn't break it down this quarter yet, but you can feel the expansion internationally and we are hiring consultants as an as needed bases. We don't like to have a lot of consultants on the beach. So sometimes we're hiring maybe behind the power curve in regards your growth there, but we have found that's just the right way to run the services organization, you get -- you keep people on the streets, doing the work.
Fatima Boolani -- UBS -- Analyst
That makes a ton of sense. And Frank, a quick one for you, just digging into ARR and the trajectory there. So as we think about your product and appliance business sort of stabling out and sort of plateauing as customers elect more hybrid deployment, and virtual deployment, and cloud deployment. How should we think about the maintenance support trajectory within the ARR bucket? And then to the extent, you've had a customers transition their existing support agreements to other form factors of your products. To what extent do you have either a proactive or reactive programs to kind of help them consume your product functionality in the way that's best suited for them?
Frank Verdecanna -- Executive Vice President, Chief Executive Officer & Chief Administrative Officer
Sure. So with respect to the kind of the ongoing maintenance and subscriptions related to kind of the appliance business that should -- assuming we continue to keep our renewal rates where they're at. That should have a negligible effect on ARR. Basically if you're renewing exactly what's coming up for renewal, ARR would stay the same and then we'd see growth in ARR with the growth in additional cloud subscriptions and managed services and other new subscription offerings. As far as -- when you look at the various components of what continues to drive that. We do have some customers that were legacy on-prem customers that are moving to our cloud offering. That's going to have a positive impact on ARR our because your annual spend with us is going to be higher than the legacy support and subscription spend. So that should have a continued positive impact on ARR. And we have -- plays our -- a playbook in place for customers that are moving to the cloud. We have an easy way for them to go from on-premise to our cloud solution.
Fatima Boolani -- UBS -- Analyst
That's very helpful. Thank you, Frank.
Operator
Thank you. And our next question comes from Melissa Franchi with Morgan Stanley. Your line is now open.
Angela Archie -- Morgan Stanley -- Analyst
Hi. This is Angela Archie (ph) in for Melissa. Thanks for taking my question. First question just wanted to comment on, you mentioned another strong quarter internationally. Were there any regions showing outside strength in Q3 or sort of particular partners going forward?
Kevin Mandia -- Chief Executive Officer & Director
Yes, I think we are referring to, and this is Kevin speaking, in regards to services, we had a -- we are growing it and expanding it internationally year-over-year. When we -- traditionally our services is very strong in the United States that's where it heralds from and that's where it started, but with a concentrated effort we've been expanding it internationally and it's been growing in last quarter about a third of our business was international in regards to our services component, in regards to our overall performance in every geography. I think almost all of it was in line with our expectations for the most part.
Angela Archie -- Morgan Stanley -- Analyst
Got it. Thank you. And just on new customer adds another quarter of year-over-year growth although decelerating a little bit from a really strong Q2. How's that new logo add growth come versus your expectations?
Frank Verdecanna -- Executive Vice President, Chief Executive Officer & Chief Administrative Officer
So we actually saw year-over-year growth in new customer logos for the second consecutive quarter and I think what we're seeing like Kevin mentioned is that we are seeing new customer logos come from a few different areas, which is nice to see that it's not -- we used to have network be the tip of the spear. Right now, you can see new logos coming from email endpoint services and then also we still do get some new logos from the network side of the business as well.
Angela Archie -- Morgan Stanley -- Analyst
Got it. Thank you.
Kevin Mandia -- Chief Executive Officer & Director
Thank you.
Operator
Thank you. And our next question comes from Shaul Eyal with Oppenheimer. Your line is now open.
Shaul Eyal -- Oppenheimer -- Analyst
Thank you. Good afternoon, guys. Congrats from my end as well for the (Multiple Speakers) set of results. Sure. Kevin, perception wise and, again, just perception, FireEye is not a name, which is observed as probably one of the things gaining market share. In your view are you beginning to see more displacements? And if so, who is the major market donor? Is that the legacy guys, some of the endpoint guys, maybe on a specific company or market category perspective, any views on that front?
Kevin Mandia -- Chief Executive Officer & Director
Yes, I'm not sure what you're referring to when saying we're not perceived as gaining market share. We have -- our products are growing and it depends on which one as to what we're up against. I still feel that we respond to virtually every single security breach that matters. We know more about the threat actors than any one with our threat intelligence, our endpoint's been growing year-over-year, most quarters our email security platform has shown growth, even our network. So which market specifically you're talking about because we play in several different markets.
Shaul Eyal -- Oppenheimer -- Analyst
Fair enough. Let me try and rephrase it, maybe on the network front.
Kevin Mandia -- Chief Executive Officer & Director
Yes, on the network front, we are -- the reality is as we've been designed at the onset as a platform that had signature list based detection of threats that the firewall traditionally missed. What we've seen over the years is that we had to stabilize that business that declined in sales in 2016. We found a way to get it into other areas. We're going into other niches like network traffic analysis and we're showing value in east-west traffic and we're continually adding features to it. But it is a -- as I refer to, it is a layer two behind the firewall safeguard. The good news about security is you need multilayer security and we do detect what traditional safeguards miss with our Network product. I'm really not sure there's a competitor for it. It's whether people want two layers of defense or not on their network.
Frank Verdecanna -- Executive Vice President, Chief Executive Officer & Chief Administrative Officer
I guess, Shaul, I'll just add to it. One of the things we are really excited about is the fact that we moved to that first line of defense in a lot of cases has opened up some pretty big opportunities for us. And in the third quarter, we had a seven figure deal where we actually replaced a legacy AV vendor. We've also -- our Helix sales have been traditionally replacing some legacy SIEM providers and in October, we actually closed another seven figure deal where we actually replace the next gen SIEM. So I think that movement in the innovation on those folks has really helped us be able to go in and compete for existing budget, which has helped.
Shaul Eyal -- Oppenheimer -- Analyst
Got it. Thank you for that elaborated reply. And maybe just as a follow-up with the spectrum Kevin's prior comment on trying to avoid consultants hanging down on the beach, Frank, what will the overall headcount by the end of the quarter versus last year. How's the overall hiring environment?
Frank Verdecanna -- Executive Vice President, Chief Executive Officer & Chief Administrative Officer
it's slightly up, Shaul. And the good news is that's one of the areas that we continually to focus on adding folks because if you look at what we've been able to do over the last, I might say last year and a half, for the most part we've been selling more services than we've been able to deliver. And so we've created a backlog of opportunities primarily on compromise assessments and penetration testing where we can actually go in and once we get these folks hired and trained, we can deliver on those services. So that's -- we continually keep those -- that hiring process and that machine going, those folks are not easy to come by, but I think we've done a great job on finding that talent and also retaining that talent.
Shaul Eyal -- Oppenheimer -- Analyst
Great. Keep up that great job. Good work.
Kevin Mandia -- Chief Executive Officer & Director
Thank you, Shaul.
Operator
Thank you. And our next question comes from Sterling Auty with JP Morgan. Your line is now open.
Sterling Auty -- JP Morgan -- Analyst
Yes, thanks. Hi guys. I'm curious what you're seeing in terms of what are the average discounts in deals looking like this quarter versus over the last several quarters?
Frank Verdecanna -- Executive Vice President, Chief Executive Officer & Chief Administrative Officer
Hey, Sterling, actually it's pretty remarkably consistent that when we look at the discount rate across products and even on the new pricing. We've just tended to have -- we have processes in place and controls in place. So there's typical thresholds that more people need to get involved. And so it's been relatively consistent over the last couple years really.
Sterling Auty -- JP Morgan -- Analyst
All right, great. And then with all the talk of the shift in terms of appliances, et cetera. What do you think needs to happen to see consistent double-digit billings and revenue growth from FireEye moving forward?
Kevin Mandia -- Chief Executive Officer & Director
Well, the first thing that had happened Sterling was a stabilization on the product. And I think we've seen that over this year and that's why 2018 is return to growth. I think going forward, as we look, the new products continue to grow really nicely. I think we start -- and more importantly, they are becoming a bigger piece of the overall business, and we talked about in my prepared remarks that the newer products are now 50% of our overall sales. So I think just that the fact that it becomes a bigger part of our business will help the overall growth rate, and we're tracking exactly kind of where we had expected. And so we'll continue to kind of -- continue on the innovation and we feel really good about those products and the competitiveness of those products.
Operator
Thank you. And our next question comes from Gur Talpaz with Stifel. Your line is now open.
Gur Talpaz -- Stifel -- Analyst
Okay. Thanks for taking my questions. One for Kevin, one for Frank. So Kevin, a philosophical question. One thing I'm noticing in your tone in your commentary, especially over the past few quarters is sort of a greater willingness to serve less as an augmentation layer and more as a first line of defense, especially, in areas like endpoint and like SIEM. So can you talk a bit about that, what's giving you confidence here to kind of strike that tone beyond just the -- sort of the handful of deals you're referencing?
Kevin Mandia -- Chief Executive Officer & Director
Well, so there I mean, I'm a proponent, but we are doing other things as well. So, yes -- and I love the last question that Frank got and I probably can talk for half an hour on it. But obviously when you go in any opportunity, what -- you sometimes end up in what I call a spoke on spoke knife fight, endpoint versus endpoint. And we have to evolve our Company so that we don't lose any spoke on spoke knife fights by saying, when you have our spoke meaning either email, or network, or endpoint with Helix as the interface, we then bring to bear intelligence, expertise on demand, greater value, better visibility . And I'm doing a lot on the inside with the team. Our engineers did a great job this quarter. And I said in my prepared remarks, we have a click-to-try. We're pushing to have click-to-try, click-to-try, click to make everything easier to do business with FireEye button and I think that's going to make a major difference. So when we are in spoke on spoke, we do have to have some layer one capability, So we did that with our endpoint. We're doing that with our email. On network, it's a tougher challenge. I don't see us getting into the firewall business, OK. So we may be a layer two for network, but there's still a lot of value can offer when you combine endpoint, email and network visibility through the Helix interface. We're going to have some transformational Helix updates over the next four quarters and beyond. And when we have those updates and bring more of the expertise with our spoke products together with our intelligence together, that's what makes me feel pretty bullish on the growth story. People under estimate all the time the incident response vantage point that on a daily basis, we get a lot of hours of witnessing how the common safeguards our circumvented, how the process is broke down, how product -- which products are effective or ineffective and what people need to not be a headline. We witnessed it as far as I know more than anybody on the planet. If we build our products based on what we're learning from these experiences. It's going to be a lot of great future for us.
Gur Talpaz -- Stifel -- Analyst
That's a great color. Kevin, and thank you for that. Frank, sort of looking back to March the Analyst Day guidance you gave for the long-term rather then near to mid-term. How do you feel about that sort of pushing near into 2019 recognizing that you know you don't want to guide to 2019. But just kind of looking back to that framework. Is that still an appropriate framework do you think?
Frank Verdecanna -- Executive Vice President, Chief Executive Officer & Chief Administrative Officer
Yes, I think it's an appropriate framework. I mean one of the things that the only difference probably from the Analyst Day is, we are -- have been seeing a significant amount of kind of Cloud MVX and virtual appliances that are being deployed in hybrid environments. And ultimately those are winding up on the product and related subscription and support line item. So I think you've seen a little bit more strength there and a little less strength on the cloud subscription just because of that classification. But really that's the only real change. I think 2018 is tracked very much on target of what we've talked about and in fact we've been at or above, pretty much every major guided metric.
Gur Talpaz -- Stifel -- Analyst
That's helpful. Thanks a lot and congrats.
Kevin Mandia -- Chief Executive Officer & Director
Thanks, Gur.
Kate Patterson -- Vice President of Investor Relations
We have time for one more question please.
Operator
Thank you. And our last question comes from Ken Talanian with Evercore ISI. Your line is now open.
Phil -- Evercore ISI -- Analyst
Hi. This is Phil (ph) on for Ken. Thanks for taking the questions. I was wondering if you could just talk a little bit maybe conceptually about how you're thinking about free cash flow margin for 2019?
Kevin Mandia -- Chief Executive Officer & Director
Sounds like a great question for Frank.
Frank Verdecanna -- Executive Vice President, Chief Executive Officer & Chief Administrative Officer
Yes. So we have -- on the end of our Q4 call, we'll give our 2019 guidance, but traditionally free cash flow margin has been a little bit ahead of operating margin because of the fact that our average contract term is more than one year. So we expect continued growth on free cash flow and I think you started to see the leverage in the model of both in Q3 and in our Q4 guidance.
Phil -- Evercore ISI -- Analyst
Okay, great. And just as a follow-up maybe for Kevin. Can you talk a little bit about what kind of traction you're seeing with the channel versus the first half of this year?
Kevin Mandia -- Chief Executive Officer & Director
What I have -- my our observables on that is the sentiment is better with FireEye, since we brought on Bill and senior leadership there we got consistent in the policies on how we're working with the channel. We've done some pricing modifications and some product campaigns. And I think that what I expect is just a -- what I would call incremental increasing in channel leverage quarter-over-quarter.
Phil -- Evercore ISI -- Analyst
Okay, great. Thanks.
Operator
Thank you. Ladies and gentlemen, that concludes our question-and-answer session for today's call. I would now like to turn the call back over to Kevin Mandia for any further remarks.
Kevin Mandia -- Chief Executive Officer & Director
I would like to thank everybody for attending this call. When I observed FireEye, I'm very proud that we're learning on the front lines, we're responding to the breaches that matter and learning from those. We are the trusted advisors when cyber security matters most. We are deploying people worldwide to learn more about what the threat actors are doing on the Internet today and what they're going to do tomorrow than any other company that I'm aware of. And we are taking the lessons learned from the front lines and we're relentlessly protecting our customers by automating every single thing we can in our software to protect our customers. I'm proud of how the engineering team has galvanized around with Helix and what we're building. And I'm just excited for the next 90 days and I look forward to talking to everybody probably exactly 90 days from today. Thank you.
Operator
Ladies and gentlemen, thank you for participating in today's conference. This does conclude today's program and you may all disconnect. Everyone, have a wonderful day.
Duration: 61 minutes
Call participants:
Kate Patterson -- Vice President of Investor Relations
Kevin Mandia -- Chief Executive Officer & Director
Frank Verdecanna -- Executive Vice President, Chief Executive Officer & Chief Administrative Officer
Andrew Nowinski -- Piper Jaffray -- Analyst
Saket Kalia -- Barclays Capital -- Analyst
Walter Pritchard -- Citi -- Analyst
Gabriela Borges -- Goldman Sachs -- Analyst
Gregg Moskowitz -- Cowen and Company -- Analyst
Michael Turits -- Raymond James -- Analyst
Fatima Boolani -- UBS -- Analyst
Angela Archie -- Morgan Stanley -- Analyst
Shaul Eyal -- Oppenheimer -- Analyst
Sterling Auty -- JP Morgan -- Analyst
Gur Talpaz -- Stifel -- Analyst
Phil -- Evercore ISI -- Analyst
Transcript powered by AlphaStreet
This article is a transcript of this conference call produced for The Motley Fool. While we strive for our Foolish Best, there may be errors, omissions, or inaccuracies in this transcript. As with all our articles, The Motley Fool does not assume any responsibility for your use of this content, and we strongly encourage you to do your own research, including listening to the call yourself and reading the company's SEC filings. Please see our Terms and Conditions for additional details, including our Obligatory Capitalized Disclaimers of Liability.
