Image source: The Motley Fool.
ForeScout Technologies, Inc. (FSCT)
Q4 2018 Earnings Conference Call
Feb. 07, 2019, 4:30 p.m. ET
Contents:
- Prepared Remarks
- Questions and Answers
- Call Participants
See all our earnings call transcripts.
Prepared Remarks:
Operator
Good day, ladies and gentlemen, and welcome to the Q4 2018 ForeScout Technologies Earnings Conference Call. At this time all participants are in a listen only mode. Later we will conduct a question-and-answer session and instructions for how to participate will follow at that time. (Operator Instructions) As a reminder this conference call is being recorded.
I would now like to introduce your host for today's conference Ms. Michelle Spolver, Chief Communications Officer. Ma'am you may begin.
Michelle Spolver -- Chief Communications Officer
Thank you, operator, and thank you all for joining us on today's conference call to discuss our financial results for the fourth quarter and full year 2018 and provide guidance for the first quarter and full year 2019. This call is being broadcast live over the Internet and can be accessed from the Investor Relations section of our website at www.investors.forescout.com.
A few minutes ago, we issued a press release announcing our financial results for the fourth quarter and full year of 2018, as well as guidance for the first quarter and full year 2019. The release can be found on our Investor Relations website, along with supplemental financial information that accompanies today's remarks.
Before we begin, let me remind you that we will make forward-looking statements during this call, including statements related to ForeScout's guidance and expectations for the first quarter and full year 2019; the market for our products, including business growth factors and customer demand for our products; our products and services releases; our competitive position; changes in the threat landscape and the security industry; the ramping of our sales organization and our growth profitability and the impact of the SecurityMatters acquisition on our marketing company. These forward-looking statements involve risks and uncertainties, some of which are beyond our control, which could cause actual results to differ materially from those anticipated by these statements. These forward-looking statements apply only as of today, and we undertake no obligation to update these statements in the future. For a detailed description of risks and uncertainties, please refer to our SEC filings, as well as our earnings release. Copies of these documents may be obtained from the SEC or by visiting the Investor Relations section of our website.
Additionally, certain non-GAAP financial measures will be discussed on this call. We have provided reconciliations of these non-GAAP financial measures against the most directly comparable GAAP financial measures in the Investor Relations section of our website as well as in our earnings release.
Before I turn things over to Mike, I want to highlight that today's -- during today's call we will be sharing certain business and financial metrics that we may provide on an annual but not quarterly basis which can also be found in the supplemental financial information also posted on our Investor Relations website.
Lastly, I'd like to mention that we'll be attending the Morgan Stanley Technology Conference on Tuesday, February 26th and hosting our First Analyst Day on Monday March 4th in San Francisco. Additional details and registration information can be found on the Events page of our Investor Relations website.
And now, let me hand things over to Mike to discuss our business and provide a review of our fourth quarter and full year 2018 performance. Mike?
Michael DeCesare -- Chief Executive Officer and President
Thanks, Michelle, and thanks to everyone for joining us on the call today. 2018 was our first full year as a public company and we finished it strong. As I'll share in a few minutes, ForeScout had a fantastic fourth quarter across the board as we executed exceptionally well on market opportunity and need for device visibility and control. We again exceeded all our guided metrics capping off a very successful 2018 in which we made significant strides expanding our footprint into new geographies, vertical markets and customers. We landed more than 500 net new logos in 2018 bringing our total customer count to nearly 3,300. Even more impressive we added over 60 new Global 2000 customers across a variety of industries driving our penetration rates in the Global 2000 to 21% up from 18% at the end of 2017.
We now count six of the top 10 financial service companies, five of the top 10 manufacturing companies, 11 of 14 civilian cabinets within the US Federal government and numerous large healthcare companies as customers that are standardizing on ForeScout for device visibility and control. Also evident of our expanding footprint we added more than 13 million devices under management in 2018, increasing our total number of device license sold to approximately $65 million of which $5 million were added in the fourth quarter. All of this helps fuel our long-term growth.
Security begins by understanding with confidence what is on the network. This means having visibility into every single user credential that is logged in, knowing what applications each of those users is entitled to and also identifying every single device the moment they connect to the network and constantly thereafter. The latter is where ForeScout plays.
According to Gartner, September 2018 Report on IoT Trends, they estimate that by 2023 the average CIO will be responsible for more than 3 times the number of endpoints they managed in 2018. The vast majority of this growth is not coming from traditional-managed devices like laptops and smartphones, but from IoT and OT devices which can’t support agents and thus can go easily undetected and unmanaged. This tailwind plays very much into ForeScout's favor as customers need an agentless solution and a single scalable platform that can provide a unified view of all their devices across campus, data center, cloud and operational technology networks.
Let me now briefly touch on some financial highlights in the fourth quarter and from the full year 2018. The revenue in the fourth quarter grew 35% year-over-year to $84.7 million, bringing our full year revenue to $298 million, an increase of 33% year-over-year. This far exceeded the guidance that we set last February as a result of strong sales execution, healthy market demand and sales productivity gains from our prior go-to-market investments.
On the bottom line, we achieved positive non-GAAP operating income for the second consecutive quarter, as we continue to demonstrate the leverage in our operating model and benefits from increased sales of our software product. And lastly, I am proud to say that we ended 2018 free cash flow positive, finishing the fourth quarter with $5 million and the year with $6 million in free cash flow generated.
Criss will discuss in our financials in more detail, but I'm very pleased with the combination of our 33% full year revenue growth, positive free cash flow, ability to achieve non-GAAP operating profitability for the second consecutive quarter. This demonstrates that we're executing well and hitting our stride. Q4 was marked by the largest quarter ever of customer additions, with more than 200 net new logos. We had a number of exciting marquee customer wins across the mix of verticals continued traction on international markets and broad adoption of ForeScout platform in device, visibility, control and orchestration.
The momentum we're having on both the land and expense side would not be possible without the investments we made to grow our sales force, which is maturing and ramping nicely.
As we previously shared, at the end of 2016, only 14% of our sales reps have been with ForeScout for more than two years. This number increased to approximately 35% at the end of 2017 and to approximately 50% at the end of 2018. From a productivity perspective, our 2018, 2017 and 2016 cohorts are producing at or better than we expected which is helping to drive momentum in our business. Let me now highlight some of the more significant wins in the fourth quarter.
In the Federal government, we executed extremely well in a challenging political and budgetary environment. Our largest deal of the quarter, which was a civilian agency that expanded its already large ForeScout deployment to include roughly 700,000 new devices, bringing the total number of devices under management with us to around 1.5 million.
Our integration and orchestration with Splunk was also an important part of this win. In addition to our CounterACT products, they purchased our extended module with Splunk to enhance and enforce controls for these devices. This is one of the first deals tied to Phase 3 of the US government's continuous diagnostics and mitigation or CDM program.
As a reminder, Phase 3 is focused on mitigation of threats and moving from device visibility to the control mode. On the new customer front, we landed our first deal with – for the US Department of Defense Comply-to-Connect Framework in which we'll be initially managing visibility for 250,000 devices.
ForeScout is a foundational component in Comply-to-Connect framework to achieve better cyber hygiene and see 100% of the devices and systems connected to the network. We are still in the very early stages of this large market opportunity. Comply-to-Connect is a government mandate has not yet become a funded program of record, however, as demonstrated in cases such as this particular deal, government customers understand the importance of complete device visibility and control and are allocating budget to Comply-to-Connect, the highly complex framework advanced centralized DoD funded.
We also landed a top 10 US Bank which shows (ph) ForeScout to secure an inventory more than 250,000 devices across their network. This customer have attempted to use a legacy network competitor's product, but it has failed to both scale and effectively interoperate with its existing infrastructure. ForeScout's orchestration solutions were a key factor in winning this deal, which in addition to our CounterACT products included five extended modules. Among the orchestration use cases is our extended module for ServiceNow.
ForeScout is enabling deep device visibility value that marries well with ServiceNow's CMDB, to enable a single source of truth for all devices on the network. We also continued to grow our footprint in the healthcare vertical. During the quarter, we landed a US Fortune 10 Healthcare giant that purchased ForeScout platform of CounterACT Federal extended modules to solve the device visibility and control challenges it was experiencing as a result of multiple acquisitions and divestitures over the years.
Despite being a longtime user of our primary network competitor, they will be deploying ForeScout for visibility, control and orchestration for nearly 250,000 devices across their campus. Government, financial services and healthcare are our largest vertical and we're continuing to make traction into other verticals as well, like retail, technology, manufacturing and energy. For example, in the fourth quarter, we closed a deal with one of the largest industrial manufacturing companies on the planet.
And this competitive win, this European based company chose ForeScout CounterACT products for device visibility as well as control across 1 million campus wired and wireless devices. Our ability to run at very large scale and work in highly complex environment is key to the selection process. Additionally, if the customer purchased the extended module for Qualys. In this use case, ForeScout enables real-time vulnerability management by identifying, the device the second that joins the network and triggers a real-time scans from Qualys. If the device has known vulnerabilities, ForeScout then takes action by blocking it until it's patched.
And finally, we made headway into the telecommunications vertical with a new win in APJ, with one of Australian's largest companies. ForeScout was selected to provide device visibility across more than 200,000 devices than their campus wired and wireless networks. We won because we were agentless, demonstrated a rapid time to value with ease of deployment.
Also important was that we seamlessly operate with their existing network and security solutions. Among those is CrowdStrike, in which case they purchased our extended module for EDR orchestration. These are just some examples of the traction that we're making and landing and expanding across verticals around the world and how highly strategic ForeScout is to our customers. To demonstrate our scale, our largest deployment now spans nearly 3 million devices, which to our knowledge is -- are greater than any other vendor in our space.
Additionally, the power of the ForeScout platform is evident of new and existing customers, utilizing our extended modules to better leverage their existing IT and security tools and automate more actions. This is not just an add-on sale, but rather a very key reason on why we are winning deals. To put numbers behind my words, revenue from orchestration accounted for 24% of total product revenue in 2018, up from 9% in 2017. Approximately one-third of our product deals during the year include at least one extended module, up from one-quarter in 2017.
Also, approximately 27% of our entire customer base has purchased at least one extended module -- orchestration module, up from 23% last year. Based on our knowledge, we believe we are one of the largest orchestration vendors in the space and there is significant growth ahead.
Before turning the call over to Criss, I would like to provide an update on SecurityMatters and feedback we've been receiving from customers. Prior to the acquisition, ForeScout was making traction in the OT space and winning deal. But the technologiesin SecurityMatters provides us the ability to see even deeper into the OT network stack or specialized devices like controllers and sensors. Combining technology, ForeScout has the most comprehensive OT solution in the industry.
We believe that we are now the largest player in this market and the only vendor that can provide deep visibility and control across the extended higher enterprise. From campus to data center, to cloud, operational technology. Feedback from customers has been overly positive and we're seeing accelerated pipeline in the OT area of our business with both new and existing customers. Customers are understanding that securing OT environment begins with achieving full visibility across their entire network into layers of the OT stack. Many that had been using us in the campus data center are extended ForeScout into their OT networks as well.
Later this month, we will be announcing our next major product release that will provide even further differentiation across our product suite and help drive momentum for us in 2019 and beyond. I could not be more excited about this. Among other things we will be delivering a complete IT to OT solution which fully integrates SecurityMatters technology with ForeScout to cover all layers of the OT stack and integrates with all major OT infrastructure providers. Our new release will also provide comprehensive visibility from multi-cloud infrastructure, with support for both Azure and AWS.
Lastly, we're adding significant investments to our network segmentation solution to automate segmentation control across firewalls, as well as virtual cloud and SDN environment. As our customers design and define their next-generation network segmentation is an important part of the solution. I'm excited to showcase the results of our recent R&D efforts and I am really proud of the work that this team has finished (ph).
With that said, let me now turn the call over to our Chief Financial Officer, Criss Harms to discuss detailed financial results for the fourth quarter and full year 2018 as well as our guidance for the first quarter and full year 2019. Criss?
Christopher Harms -- Chief Financial Officer
Thanks, Mike. Thank you for joining us on the call today. Following Mike's remarks, let me dive deeper in ForeScout's fourth quarter and the full year 2018 financial results and our outlook for the first quarter, full year 2019. And by reminding you, except for the revenue results which are GAAP, all financials we will speak about non-GAAP are stated otherwise.
As Michelle mentioned, at the start of this call, non-GAAP, GAAP reconciliations of these financials can be found in our earnings press release and supplemental financial information, both located on our Investor Relations website.
As Mike shared, we had a very strong fourth across all key metrics. We’re pleased with what we accomplished in the year. Core revenue Q4 2018, $84.7 million, an increase of 35% on a year-over-year basis. Product revenue for Q4 2018 is $47.5 million, an increase of 36% on a year-over-year basis. Product revenue growth continues to be driven by uptake of our software products, comprised 81% Q4 Product revenue, our hardware products, 19%. Maintenance and professional services revenue, $37.3 million, an increase of 33% year-over-year.
Looking at Q4 revenue mix by region. Geographic mix of revenue was Americas at 66% of total revenue compared to 68% Q4 2017. EMEA was 24% and APJ was 10% compared to 22% and 10% in Q4 2017 respectively. We continued strength in regions outside the US this quarter as we realized positive returns on our international sales and marketing investments, leading to geographic diversification and new customer acquisitions.
Our gross margin for Q4 2018 was 81%, an increase of approximately 400 basis points year-over-year and an increase of approximately 300 basis points sequentially. Product margin was 86%, an increase of approximately 600 basis points year-over-year and an increase of approximately 300 basis points sequentially. We’ve seen continued strength in product margins. We benefit from the tailwinds, increasing role of extended modules in our product revenue mix and customers deploying CounterACT in virtual environments that don't require any hardware provided by ForeScout.
Our combined maintenance and professional services margin for Q4 2018 was 74%, an increase of approximately 100 basis points year-over-year and up 200 basis points sequentially. The year-over-year services margin improvement was a result of the growing efficiencies in our customer support organization and the scaling of our prior investments. Total operating expenses for 2018 were $68.2 million, an increase of 33% year-over-year.
Looking at the components of OpEx, sales and marketing expense for Q4 2018 is $43.3 million or 51% of revenue, an increase of 34% year-over-year, reflecting continuing investments in our direct and channel selling resources, as well as sales engineering, sales enablement keys. Our research and development expense is $14.4 million or 17% of revenue, an increase of 35% year-over-year, reflecting continuing investments of our development teams.
General and administrative expense was $10.6 million or 12% of revenue, an increase of 23% year-over-year, reflecting additional investments in infrastructure related to the inter-public company. Operating income for Q4 2018 was $0.2 million compared to a loss of $3.1 million in Q4 2017. We've achieved two consecutive quarters of positive operating profit, demonstrating the operating leverage capabilities in our model, driven by outperformance on the top line, as well as improvements in sales productivity and product margins.
Net loss was $0.4 million compared to a net loss of $3.6 million in Q4 2017. Net loss per share for Q4 2018 was $0.01 compared to net loss per share of $0.13 in Q4 2017. We ended the fourth quarter with total revenue of $172 million, an increase of $9 million sequentially. The combination of revenue, a sequential change in deferred revenue provided Q4 billings $94 million.
From a cash perspective, we finished the fourth quarter with cash, cash equivalents and investments of $115 million. As a reminder, we completed the acquisition of SecurityMatters in the fourth quarter which resulted in net usage of $105.4 million in cash. Free cash flow in the fourth quarter was positive $5.2 million compared to negative $7.4 million in Q4 2017.
Free cash flow margin was 6% compared to negative 12% in Q4 2017. Let me now share our results for the full year 2018. Total revenue grew 33% to $298 million. Product revenue increased 30% to $163 million and maintenance and professional services revenue grew 36% to $135 million. We saw strong execution across all geographies throughout the year, with both EMEA and APJ representing larger contributions for 2018 revenue mix. The Americas represented 75% total revenue in 2018 compared to 77% for fiscal year 2017. EMEA was 17% and APJ was 8% compared to 16% and 7% last year, respectively.
As evidenced by the customer examples Mike highlighted earlier, while we are landing new deals that are increasing our vertical mix diversification, specific momentum in healthcare, retail, technology, manufacturing and energy vertical, our historical sales focus financial services and government market both continues to generate our largest results.
Collectively, Financial Services and Government represented 61% of 2018 revenue compared to 57% in 2017. It's important to note that we had several very large Federal deals during the year and grew our state and local and our international government business both of which contributed to the strong government. For the year, the number of large deals over $1 million was relatively consistent with 2017. However, aggregate dollar value of these deals continue to increase, reflecting our critical role in these customers' security strategy. Our gross margin for the full year is approximately 78%, up 300 basis points year-over-year. Product margin was approximately 83%, services margin was 73%, up approximately 200 basis points and 600 basis points respectively.
As we discussed in prior calls, we are seeing two trends that are driving our product margin improvement. The first trend is the increasing role of our extended modules and revenue mix. In 2018, extended modules increased to 24% of the product revenue mix, up from 9% in 2017. The second trend is towards CounterACT being used in virtual deployments and not requiring hardware being provided by ForeScout. In 2018, the portion of CounterACT license being used in virtual environments increased to 23% all CounterACT licenses, up from 15% in 2017. Collectively, the mix of CounterACT software being deployed in a virtual environment plus extended modules represented 42% of our product revenue in 2018, up from 23% in 2017.
Our operating loss for the full year 2018 was $16 million or 5% of revenue compared to a loss of $35 million or 15% of revenue last year. Net loss per share for the full year 2018 was $0.42 compared to $3.28 in 2017. Free cash flow for the full year was positive $6 million or 2% of revenue compared to negative $7 million in 2017. We achieved annual positive free cash flow, a full year ahead of the stated goal of achieving this in 2019.
We remain very pleased with the ongoing year-over-year improvements we're seeing in both our operating margin and free cash flow margin which were up 1,000 basis points and 500 basis points year-over-year respectively. We believe these improvements reflect well on our path towards sustained profitability, as we continue to balance growing revenue at scale while continuing to invest to capitalize on our substantial market opportunity.
Now, I'll finish up with our guidance for the quarter and full year 2019. For the first quarter of 2019, we expect total revenue to be in the range of $71.9 million to $74.9 million, representing year-over-year growth of 23% at the midpoint.
We expect operating loss in the range of $18.7 million to $17.7 million. The loss per share we expect to be in the range of $0.45 to $0.43 on approximately 43.7 million weighted shares outstanding. For the full year we expect total revenue to be in the range of $363 million to $373 million, representing year-over-year growth of 24% at the midpoint. We expect operating loss in the $16 million to $12 million and loss per share in the range of $0.45, $0.37 based on approximately 44.5 million weighted shares outstanding.
Before turning the call back over to Mike, I want to provide some color around our outlook for 2019. On revenue seasonality for the year, we anticipate our 2019 quarterly seasonality, all of that of a more traditional enterprise software company, whereby Q4 revenues will be larger than our Q3 revenues which is reflective of our increasing pipeline commercial business.
From a product revenue mix perspective, though we don't specifically quantitatively guide this, I want to remind you that our 2018 product revenue mix was highly impacted by the very large extended modules deal that we recognized in the second quarter of 2018. While we anticipate continued strong adoption of our extended modules in 2019, we do not expect a deal of similar impact and thus expect extended modules to account for a smaller portion, total product revenue in 2019 and our CounterACT product comprised the larger portion.
In terms of operating expenses, I'll remind you -- excuse me, a reminder that we will be absorbing the expenses of SecurityMatters, which are approximately $4 million each quarter of 2019. Additionally, the RSA Conference is being held in Q1 this year whereas it was held in Q2 last year. As a result, associated marketing expense will occur in the first quarter of 2019.
Lastly, on free cash flow, we achieved positive free cash flow in 2018, one year ahead of our prior guidance. We're maintaining our guidance of annual free cash flow positive in 2019 and beyond. In terms of the trajectory for 2019, we expect a modest improvement over 2018.
Now let me turn the call over to Mike for some closing comments.
Michelle Spolver -- Chief Communications Officer
Thanks, Criss. 2018 was a tremendous year for ForeScout. We are really just getting started. The market opportunity for device visibility and control is massive and growing quickly. Though others are making claims and even using similar words, we believe only ForeScout can do complete device visibility and control at scale. We've proven it with numerous customers with more than 1 million devices under management across highly complex environments. We're confident that our unified IT to OT platform has competitive differentiation and are excited about the substantial market opportunities ahead.
Thank you again for everyone joining us on the call today and for your continued support from our investors, employees, customers and partners. We look forward to seeing many of you at our Analyst Day on March 4th, where we'll be sharing more of our strategy and long-term vision.
And we'll now open the call up for questions. Operator?
Questions and Answers:
Operator
Thank you. (Operator Instructions) Our first question comes from Sterling Auty with JP Morgan. Your line is now open.
Sterling Auty -- JP Morgan -- Analyst
Yeah. Thanks. Hi, guys. I wanted to dive into -- obviously, one of the big questions over the last couple of months is Fed given the percentage of business that you have. And obviously, we know September is the big quarter, but can you kind of talk to us about what you're seeing in your Fed business and how do you kind of factor that into your guidance?
Michael DeCesare -- Chief Executive Officer and President
So the pipeline for our Federal business is really strong. As I've mentioned in my prepared remarks, we saw large strategic transactions in both the civilian side of the US government against CDM contract, as well as in the DoD side of the business against the Comply-to-Connect contact. And although it was a somewhat tumultuous environment to navigate through, I'm really proud of the job that our team did for us in the fourth quarter. I feel great about the results.
Christopher Harms -- Chief Financial Officer
Yeah. In terms of the guidance, Sterling, we've got the tailwinds of the programs Mike just alluded, but we're balancing the kind of the volatility that continues to play as we're setting the basis for our guidance. (inaudible) like we're actually expecting a stronger Q4 than Q3, reflecting the emerging strength of our commercial business which we tried to give you some guidance to in the color on prepared remarks.
Sterling Auty -- JP Morgan -- Analyst
No, it makes sense. And then one follow-up. On the partnership side, specifically, companies like ServiceNow, just wondering how the evolution of some of those partnerships have gone with some of the third-party connections that you've got? And are you starting to see an increased traction with maybe those company starting to bring you into opportunities rather than the other way around?
Michael DeCesare -- Chief Executive Officer and President
So – and we're obviously pleased with the results. As we mentioned, 24% of revenue we see is a really strong year and we're really psyched on the results that we've seen. You mentioned ServiceNow, kind of the bigger ones for us are ServiceNow, Palo Alto, Splunk, Tenable, those are the ones that we see the most traction with. We are definitely getting into situations now where we are being brought into deals from some of those vendors versus it being the other way. But they're still predominantly technology relationships meaning that we're selling into their installed base for customers that use our CounterACT product and their product.
Sterling Auty -- JP Morgan -- Analyst
That make sense. All right. Thanks, guys.
Christopher Harms -- Chief Financial Officer
Thanks, Sterling.
Operator
Thank you. Our next question comes from Melissa Franchi with Morgan Stanley. Your line is now open.
Melissa Franchi -- Morgan Stanley -- Analyst
Hi. Thank you for taking my question. I wanted to take a little bit more into SecurityMatters. It sounds like the initial customer feedback has been pretty positive. And you did know accelerating pipeline as we are moving into 2019. So I'm just wondering, I know as a stand-alone SecurityMatters was not significant in terms of revenue. But just thinking about guidance and expectations for growth next year, what are you -- what should we expect in terms of SecurityMatters? And how much scale do you think you can achieve over the next year?
Michael DeCesare -- Chief Executive Officer and President
So -- I'll take this. I think, that -- when we get to our Analyst Day, our intention is to give you a little bit more color around this. But we would try to guide you guys to be thinking more about our overall OT business and simply what we're doing in SecurityMatters versus kind of the base ForeScout CounterACT business, because most of the customers that will be buying these products must will be buying both. It is -- ForeScout already played a significant role in the part of the OT world where there was an IP address that we could get visibility into. And SecurityMatters takes us deeper into that stack by letting us have that similar level of visibility into the rest of the OT stack. So we see those things as being highly complementary towards each other.
Criss, do you have any comments that you want to...
Christopher Harms -- Chief Financial Officer
Yeah. Melissa, I can give you a little more look. The top line is definitely built into our overall guidance which we shared with you. And we want to give you a little bit more color on the expense side on how to model that, that's what we give you kind of the $4 million a quarter to add on to your existing models, because remember we punted on giving you more visibility at the last call.
And the point that Mike made is that, look, our OT business is already strong. The ability to have the entire OT stack really completes that whole product. We will drive a lot of the pipeline that we were already building to a faster closure and we’ve weaved that into our guidance for the year.
Melissa Franchi -- Morgan Stanley -- Analyst
Okay. That's helpful. And then just one follow-up question I think for you Criss or maybe Mike. But just looking at the net recurring retention rate, on an annual basis, it did downtick relative to '17. Is there a good explanation for that? And then, thinking about how that should trend in 2019 with like ramping OT and SecurityMatters, could that metric stabilize or even perhaps improve?
Michael DeCesare -- Chief Executive Officer and President
Yes. So I'll start with anything north of 100, I feel great about. Remember the mechanics of it is measuring the annualized maintenance value just of our existing customers, but what they maintained plus how they expand it. One of the double edges to that sword is when more of our product revenue in the current period comes from new customers. There -- that doesn't help that number. It keeps the denominator the same, but it doesn't contribute to the numerator. So just remember on the mathematics.
In terms of where I see the '19, I think it will continue to be well north of 100. Will it tip back up north of 120, that will be a function of how the kind of new customer versus expansion sales takes shape in '19. That is the one nuance to that metric.
Christopher Harms -- Chief Financial Officer
And let me just add one data point on there too is, we do absolutely believe that a substantial portion of our kind of historical campus customers will be buying our OT product from us now. So we do have expectations that that will be a contributing factor to this over time. It's a great second product for us to sell into many of these customers.
Melissa Franchi -- Morgan Stanley -- Analyst
Makes sense. Thank you very much.
Michael DeCesare -- Chief Executive Officer and President
Thanks.
Operator
Thank you. And our next question comes from Rob Owens of KeyBanc Capital Markets. Your line is now open.
Mike Casado -- KeyBanc Capital Markets -- Analyst
Hi, guys. Sorry, of the mute button. This is Mike Casado on for Rob Owens. Given the improving sales or productivity, the growing international contribution and the extended module traction you've seen in 2018. How are you guys thinking about your investment priorities or the composition of your planned spend for 2019 as compared to your plan for 2018?
Michael DeCesare -- Chief Executive Officer and President
So I would describe '19 as steady state. I think what Criss and I have been able to kind of work our way into is what we believe to be an appropriate percentage of expense on sales and marketing versus R&D versus G&A. And we are committed to growing those buckets at a lower level than the top line of the company. But I don't feel like we think we have any areas that are in like dire need of investment at this stage now.
With that said, recognizing that with all the growth that we have kind of invested on both the sales and marketing side there are still material parts of the world that we don't even have a single sales team in yet. So as we continue to see strength internationally, you've seen the international results that we posted, there's opportunity for us to continue to double down there. So kind of inside the sales and marketing budget, it would be more expansion into new geographies.
Mike Casado -- KeyBanc Capital Markets -- Analyst
Understood, Mike. That's very helpful. And I know you touched on this in Sterling's question, but in the event that the federal government does shut down again and for an extended period of time, at what point would that friction start to inhibit your opportunity with CDM? How many months out into another shut down? Would you expect to see pressure along the opportunity?
Michael DeCesare -- Chief Executive Officer and President
So, if the US government shuts down for an extended period of time it could have an impact into many industries, not just the government industry on its own. We are very fortunate in our government business and that we're kind of the majority of the sales that we make are into government-mandated congressional projects, right? So being foundational technologies at both CDM and C2C or Comply to-Connect, that's a much safer place to be.
And if you're trying to sell to the US government with no kind of baseline that you are trying to sell in behind. So our team also in the US Federal is very, very strong. And it is showing quarter-after-quarter, year-after-year and ability to navigate what has now been a few years of very tumultuous political environments here and still be very successful.
So with that said, we have certainly taken that into consideration as we've set guidance. We maintained our approach of our guidance in our kind of minimal level of financial commitment here. And we do recognize the percentage of our business that is tied to the US government and we feel like we have taken that into consideration appropriately.
Mike Casado -- KeyBanc Capital Markets -- Analyst
Fantastic guys. Thanks for the question. And nice quarter.
Christopher Harms -- Chief Financial Officer
Well, thanks.
Operator
Thank you. Our next question comes from Fatima Boolani with UBS. Your line is now open.
Fatima Boolani -- UBS Investment Bank -- Analyst
Good afternoon. Thank you for taking the question. Mike, I just wanted to ask you about your enterprise business and -- to what extent the flexible licensing program that was launched within version 8 of the product and to what extent that has really pushed the envelope within the commercial/enterprise momentum?
Michael DeCesare -- Chief Executive Officer and President
Yeah. It has sped up sales cycles, because now we can go into an organization that might know they have at least a couple of hundred thousand devices, but don't know exactly how many of those are in campus or data center, Cloud or OT and have the flexibility to deploy our product. And until they get to a couple of 100,000 devices they don't have to buy any more product from us. So it definitely gets us into the mode of customers deploying our product quicker. The vast majority of the deals that we did in the fourth quarter were under flex licensing and -- Criss and I both expected that trend to continue, because it gives customers so much more flexibility. Remember that's based on years of effort of kind of separating the hardware from the software and being able to really sell it as a software product. So we're really pleased with the results and we think it gives us a lot of flexibility no pun intended, as we kind of move into 2019.
Fatima Boolani -- UBS Investment Bank -- Analyst
And actually just part and parcel to that question, I know historically, your customers haven't necessarily pulled you into the direction of wanting a cloud-based service from you. But as you move into different verticals that diversify your end market exposure, to what extent is potentially a ForeScout as a service type offering becoming more top of mind or imminent to addressing even broader swath of customers and then I have a quick follow-up for Criss, if I may.
Michael DeCesare -- Chief Executive Officer and President
So I'll kind of answer that two ways. I think the first is that when we give customers visibility into every device that is connected to their network, the heterogeneity of our product that allows us to run with kind of Cisco and Juniper also allows us to run with Azure and AWS. So we are seeing an increasing percentage of our customers that when they're in this hybrid cloud environment where they still have substantial servers in their data center, but now they're deploying large portions of that up into a public cloud, giving them visibility into those cloud-based assets in the same depth -- dashboard that we give them visibility of the physical and virtual assets is a very powerful part of the value prop and drives kind of the device count up in many of our customers.
So in -- selling for devices that are already in the cloud is definitely a big part of that value prop. Delivering ForeScout-as-a-Service for customers, that’s certainly one of the products that we have had kind of -- that we've been working on. I don't think quite frankly that we see many of the large government or financial service companies that will probably be very interested in deploying our console or our policy engine up in the cloud, because that's something that they value dearly and would like to have more control of in a campus environment. And we definitely acknowledge that that will open a part of the market to us that maybe is a little bit more difficult for us to sell into today so we’re working on that.
Christopher Harms -- Chief Financial Officer
I’ll add the one point, Fatima, without taking too much of the oxygen out of the room for the Analyst Day on March 4th. But we will -- the next step for us will be bringing incremental products to market that our SaaS delivered. And we'll give you more insight into that. So not a delivery of CounterACT from the cloud which as Mike alluded to, but the next step being for us the incremental, really replicating with Palo Alto did of bringing incremental offerings to the market in a cloud delivered SaaS-based ratable revenue business.
Fatima Boolani -- UBS Investment Bank -- Analyst
That's very helpful. And Criss, just very quickly for you. Just bearing in mind some of your comments around the million dollars deal -- the million dollar deal volume in those deal sizes in and of themselves becoming larger. But at the same time, I did notice your average deal size come down year-on-year, so just hoping if you could reconcile those two in that commentary. And that's it for me. Thank you.
Christopher Harms -- Chief Financial Officer
Yeah, yeah. No, absolutely. So the average annual deal size was impacted by the success we had in APJ and EMEA in getting some net new logos that had smaller initial deal sizes. Just the volume of new customers and transactions we brought to the market. Whereas the million dollars is really focused at the high end, Global 2000, large healthcare and the government where the quantity of those deals stay consistent with the aggregate value of those deals increased year-over-year.
Fatima Boolani -- UBS Investment Bank -- Analyst
Very clear. Thank you.
Christopher Harms -- Chief Financial Officer
Thank you.
Operator
Thank you. (Operator Instructions) Our next question comes from Alex Henderson with Needham. Your line is now open.
Alex Henderson -- Needham -- Analyst
Great. Thank you very much. I was hoping you could talk a little bit more about Comply to-Connect and the CDM program. I mean, I think you described them as essentially a $300 million to $500 million programs each. Obviously, if we're only 40% into the CDM program there's a lot of that still left to go over the 5-year stretch of it. Is there any chance do you think that over the next say 12 to 18 months, we'll see a period where both ramping CDM and be in the early phases of ramp on the Comply-to-Connect resulting in pretty outsized growth rates in that government vertical?
Christopher Harms -- Chief Financial Officer
I think that upside is definitely implicit in how you're looking at our outlook. The one thing you said, Alex, that I wanted to clarify is we definitely have represented the $300 million to $500 million for CDM. We don't have a good sense shared of Comply-to-Connect, because it hasn't been DoD centrally funded. Our estimates are it could be of the same size, but I don't want to -- I don't want you to take that as definitive. We’ll wait till we see the centralized DoD funding. Mike, do you want to add...
Michael DeCesare -- Chief Executive Officer and President
Let me just add a bit of color for you on these two. So let's take them one at a time. So CDM is a congressional mandate that then Scott's (ph) full funding over the last couple of years. And as we mentioned to you, we're a couple of years, 2.5 years into a 5-year window. At the end of that 5-year window, every civilian agency is expected to be compliant. So what we're really excited about is, whereas we saw the majority of those agencies buy Phase 1 from us over the last couple of years, we saw a very material transaction this quarter for us which was in the add-on phase, into the CDM Phase 3, which moves them from that visibility to control mode which gives us a lot of confidence as the other agencies begin to move into that mode as well for us. So that was a very exciting expansion for us into one of our stronger customers.
Comply-to-Connect is in the very early innings. It is a congressional mandate, it needs to be completed. We’re into the first of the five years, but it has not been centrally funded yet. So we do expect that when this gets centrally funded that we could see some similar results to what we've seen from CDM historically, but recognize that we're seeing some of these DoD agencies that are now buying our product with different money, because they want to be compliant even before it becomes funded. So, there is no doubt that, we certainly hope that we get to the place where both of those are firing on all cylinders, but we have significant headroom in both of those and that's very exciting for us.
Alex Henderson -- Needham -- Analyst
Just a follow-up on that last comment. So the -- it sounds like your orchestration products would be substantially increased as we move into the Phase 3 portion of the CDM program. Is that therefore going to drive larger deal sizes, higher margins, other nice metrics for you?
Michael DeCesare -- Chief Executive Officer and President
We've seen similar success in the CDM. Recognizing that CDM is where we have seen more of the historical business, we've seen some very strong success on selling orchestration into many of those same organizations. Just recognize that even though they're all part of the same congressional mandate, many of them have different cyber tools underneath that. So, what, one division might need our connection into ServiceNow or somebody else might need our connection in the Splunk, because they don't all have the same base systems underneath. But we've seen very similar results in the US government to what we have seen in the commercial part of the business with the -- where we said -- as we said, it's 24% of total revenue in 2018. And you can expect to see substantially kind of similar contributions from that US government vertical versus rest of the world.
Alex Henderson -- Needham -- Analyst
One last thing and then I'll cede the floor. Could you just go over the metric you said on the sales productivity number? I just didn't catch it when you went, you gave it earlier.
Michael DeCesare -- Chief Executive Officer and President
What I said was that, at the end of 2016, what we're declaring as tenured is a sales rep that has been with ForeScout for more than two years and in their territories so that we know that they had – kind of had the time to build things up. That number was 14% at the end of 2016, 35% at the end of 2017 and over 50% at the end of 2018. So we believe that's trending in the right direction.
Alex Henderson -- Needham -- Analyst
Perfect. That's what I was looking for. Thank you.
Michael DeCesare -- Chief Executive Officer and President
Thank you.
Operator
Thank you. Our next question comes from Jonathan Ruykhaver with Robert W. Baird. Your line is now open.
Jonathan Ruykhaver -- Robert W. Baird -- Analyst
Yeah. Good afternoon and congrats on the strong close to the year. The success with the extended modules is clearly paid dividends in terms of driving broader value proposition. And I’m kind of wondering, do you see a similar opportunity over time to extend that functionality into IoT and OT environments?
Michael DeCesare -- Chief Executive Officer and President
So, the answer is yes. I would kind of challenge back a little bit that our current orchestration modules already play a significantly roles in the world of IoT. So I’ll just give you one example, which is our module to ServiceNow, at the same time, when a device first connects to network, at the same time that our CounterACT product is looking to that device and analyzing the 1000-plus attributes that we might analyze of the device to decide and determine what that device is. We can import that data over into ServiceNow and override the CMDB so that that stays very current, another big major problem that organizations are embarking in..
Because we're agentless in our CounterACT product and can play the same role for a security camera or an HVAC controller or some IoT devices, as we can on managed assets, we now give ServiceNow our customers the ability to import IoT devices into the ServiceNow CMDB as well. So the orchestration modules since they're also priced on a per device basis are absolutely benefiting from the same IoT tailwinds that our CounterACT business is.
What you can expect from us over time is for us to begin to release extended modules into the OT market. There's a different set of products that customers are presenting to us in those environments and they expect similar functionality. So we see a pretty awesome opportunity to be able to continue to drive that orchestration business over OT as well. That's one of the reasons. Not that you asked, but that's one of the reasons that we're so excited about the 13 million devices and 5 million of those in the fourth quarter that were added in 2018. Is all of those are devices that we can come back in and sell these add-on products inclusive of our extended modules on top of it.
Jonathan Ruykhaver -- Robert W. Baird -- Analyst
So just to be clear. That used case around IoT and the extended modules, is that happening today? Or is that expected in the future?
Michael DeCesare -- Chief Executive Officer and President
The ServiceNow used case that I explained to you?
Jonathan Ruykhaver -- Robert W. Baird -- Analyst
Yeah, yeah.
Michael DeCesare -- Chief Executive Officer and President
It's happening today. Customers don't just want -- the CMDB is theoretically should be the source of everything that is allowed on the network. Customers don't simply want that to be populated with Windows and Linux. Security cameras might not be as complicated, but knowing how many security cameras you have, what version of the firmware they have, does it have a version of the XP operating system embedded, very valuable attributes. So we are seeing customer. We've seen very strong success with ServiceNow in a very short period of time, because we can populate that CMDB with both managed and the unmanaged assets.
Jonathan Ruykhaver -- Robert W. Baird -- Analyst
Right. Great. And when you look at the expansion opportunity, how do you see the mix between CounterACT and extended modules playing out over time? Does orchestration become the easier sales motion or is the need for additional coverage with CounterACT equally important?
Christopher Harms -- Chief Financial Officer
I think there is such a combined solution set for visibility and control. When you think of vast majority of the orchestration used cases or some element of control, (inaudible) tied together. I was thinking about it just from a modeling perspective, kind of '19 and beyond, trying to give you a little color that '19 we expect to be consistent with how we did in 2018. Don't expect the same kind of growth that we saw from '17 to '18. And then longer term, we've discussed, we could see from a product perspective, 50% of the revenue coming out of that core device visibility that we call CounterACT today and 50% coming from the vast array of extended modules which we're really playing in all these different use cases. But that's being a longer-term.
Jonathan Ruykhaver -- Robert W. Baird -- Analyst
Make sense. That's great. Thanks guys.
Christopher Harms -- Chief Financial Officer
Thanks. Appreciate it.
Operator
Thank you. (Operator Instructions) Our next question comes from Josh Tilton with Berenberg. Your line is now open.
Josh Tilton -- Berenberg -- Analyst
Hi, thanks for taking my questions. Just continuing on the sales force productivity. Is there a different go-to-market strategy for landing the customer and OT side versus the traditional IT side? And if so does more ramping due to take place on the OT side?
Michael DeCesare -- Chief Executive Officer and President
So the consistent motion is that it is an enterprise-level sell. Gartner listed about 35% of clients today. The CIO has responsibility for both security on the IT and the OT side. And they see that number rising to 70% in the next couple of years. Well that is very consistent with the trend that we're seeing out there. Every time a company goes through a breach that is on the OT side, it's very natural to turn to your CIO and ask that individual to take over responsibility per cyber, whereas that might have been under the GM or plant manager or something that led that prior. So the fact that we sell to the CIO and the CISO, the Chief Information Security Officer today is a very good trend for us when being able to cross-sell to the OT space.
Secondly is, customers when they want a single pane of glass that shows them everything that's on their network would like that single pane of glass to include both the OT and IT side because then we give them visibility into what is communicating between those different network segments, so there's also a functional reason that customers will have interest in that. But we have a lot of optimism on this. We really believe that the majority of our historical installed base of 3,300 clients is going to have interest in our OT offerings as well. And we see that as pretty massive expansion opportunity.
Josh Tilton -- Berenberg -- Analyst
Okay. That's helpful. And then maybe for the OT opportunity and also somewhat related to IoT, are you seeing a situation where a company will have a smart manufacturing initiative and then they’ll bring in an IoT platform to connect all their factory assets and then bring ForeScout in to provide visibility and control? Is that the direction that we're headed in?
Michael DeCesare -- Chief Executive Officer and President
What I see more is organizations that have decade-old infrastructures in their OT space and didn't think of it as a threat vector historically. And based on WannaCry and some of the other more recent breaches, are in a panic mode, trying to figure out how they're going to get security into that part of their business. So smart manufacturing, I can't tell you that’s a factor for us pro or con, but I see many more customers that are -- that have more antiquated systems with older, kind of older embedded versions of XP and other operating systems that come from manufacturers like Siemens and GE and others. And our solution is just very well suited to help make sense of that without making them replace a bunch of their OT infrastructure.
Josh Tilton -- Berenberg -- Analyst
So just to touch on what you said it's more, you take catch-up mode now? I think you referenced panic mode.
Michael DeCesare -- Chief Executive Officer and President
It's a catch-up mode. Yeah, that would probably be a better choice of words. It's -- when you look at a lot of these industrial control systems, when you look at something like WannaCry, it's those organizations didn't think that they had an OT device that had an embedded version of the XP operating system. But the reality is, the way that a lot of these OT manufacturers themselves build their products they are on the multi-year release cycles, they don't get new versions of the software. So when something attacks that part of the environment, the typical way an IT that you’d respond, is you’d go to Microsoft or whoever and you’d say come out with a new patch on your product that patches that vulnerability. That's not as realistic in the OT world. So the fact that we’re agentless and that we don't require real estate on those devices themselves makes us a really good fit and most of those organizations are not interested in forklift-type upgrades to their OT infrastructure in order to be able to get security in that part of the business. Make sense?
Josh Tilton -- Berenberg -- Analyst
Thanks guys. That was helpful. Yeah.
Christopher Harms -- Chief Financial Officer
Thanks.
Operator
Thank you. And I'm showing no further questions at this time. I'd like to turn the call back over to speakers for any closing remarks.
Michelle Spolver -- Chief Communications Officer
Thank you. And thank you everybody for joining us on today's call. We are pleased to walk you through our strong fourth quarter and full year 2018 results. We look forward to engaging with you in the coming quarter whether that be at conferences, our Analyst Day, RSA or otherwise. We'll be speaking with several of you in the coming hours. For those we aren't, please feel free to reach out to me. I'm happy to answer any further questions. Have a good day.
Operator
Ladies and gentlemen, thank you for your participation in today's conference. This does conclude your program and you may all disconnect. Everyone have a great day.
Duration: 58 minutes
Call participants:
Michelle Spolver -- Chief Communications Officer
Michael DeCesare -- Chief Executive Officer and President
Christopher Harms -- Chief Financial Officer
Sterling Auty -- JP Morgan -- Analyst
Melissa Franchi -- Morgan Stanley -- Analyst
Mike Casado -- KeyBanc Capital Markets -- Analyst
Fatima Boolani -- UBS Investment Bank -- Analyst
Alex Henderson -- Needham -- Analyst
Jonathan Ruykhaver -- Robert W. Baird -- Analyst
Josh Tilton -- Berenberg -- Analyst
Transcript powered by AlphaStreet
This article is a transcript of this conference call produced for The Motley Fool. While we strive for our Foolish Best, there may be errors, omissions, or inaccuracies in this transcript. As with all our articles, The Motley Fool does not assume any responsibility for your use of this content, and we strongly encourage you to do your own research, including listening to the call yourself and reading the company's SEC filings. Please see our Terms and Conditions for additional details, including our Obligatory Capitalized Disclaimers of Liability.
