Image source: The Motley Fool.
Proofpoint Inc (PFPT)
Q4Â 2019 Earnings Call
Jan 30, 2020, 4:30 p.m. ET
Contents:
- Prepared Remarks
- Questions and Answers
- Call Participants
Prepared Remarks:
Operator
Good day, and welcome to the Proofpoint Fourth Quarter 2019 Earnings Results Conference Call. Today's conference is being recorded.
At this time, I'd like to turn the call over to Jason Starr, Vice President, Investor Relations. You may begin.
Jason Starr -- Vice President, Investor Relations
Thanks, Jenny. Good afternoon, and welcome to Proofpoint's fourth quarter 2019 earnings call. Today, we'll be discussing our results for not only the fourth quarter, but also the full year 2019 as detailed in the press release that we issued after the market closed this afternoon, a copy of which is available on the Investor Relations Section of our website. Joining me here on the call are Gary Steele, Proofpoint's Chief Executive Officer and Chairman of the Board; and Paul Auvil, Proofpoint's Chief Financial Officer.
During the course of this call, we will make forward-looking statements regarding future events and future financial performance of the company, which are subject to material risks and uncertainties that could cause actual results to differ materially. We caution you to consider the important risk factors contained in the press release and on this conference call. These risk factors are also more fully detailed under the caption Risk Factors in Proofpoint's filings with the SEC, including our most recent Form 10-Q. These forward-looking statements are based on assumptions that we believe to be reasonable as of today's date January 30th, 2020. We undertake no obligation to update these statements as a result of new information or future events. Of note, it is Proofpoint's policy to neither reiterate nor to adjust the financial guidance provided on today's call unless it is also done through a public disclosure such as a press release or through the filing of a Form 8-K.
Additionally, we will present both GAAP and non-GAAP financial measures on today's call. These non-GAAP measures exclude a number of items as set forth in our release. These non-GAAP measures are not intended to be considered in isolation from, a substitute for, or superior to our GAAP results and we encourage you to consider all measures when analyzing Proofpoint's performance. A reconciliation of GAAP to non-GAAP measures and a list of the reasons why the company uses these non-GAAP measures are included in today's press release.
Finally, in addition to reading our press releases and SEC filings, we encourage investors to also monitor the Investors section of our website at investors.proofpoint.com as we routinely post investor-oriented information such as news and events, financial filings, webcasts, presentations and other relevant materials to it.
So with that said, I'll turn the call over to Gary.
Gary Steele -- Chief Executive Officer and Chairman of the Board
Thanks, Jason. I'd like to thank everyone for joining us on the call today. We are very pleased with our fourth quarter results, which closed out another year of great execution for Proofpoint, both financially and strategically. Our overall business momentum remained strong, driven by the continuing demand for our next-generation cloud security and compliance platform, the ongoing migration to the cloud and our unique visibility into the rapidly evolving threat landscape. For the full year 2019, we beat our guidance on all metrics, highlighted by our billings growth of 22% and our revenue growth of 24%. Our results also demonstrated the compelling operating leverage intrinsic to our business model with our non-GAAP operating metrics, such as gross margin, net income, and free cash flow all coming in ahead of our guidance.
Beyond these strong financial results, throughout the year we continue to invest in expanding our product offerings, while scaling our organization and infrastructure around the globe with an eye toward capturing the significant growth opportunity that lies ahead. The competitive environment remains favorable and our people-centric approach to cybersecurity and compliance is resonating with our customers and prospects alike, as evidenced by our continued high win rates, robust demand for our emerging products and our world-class renewal rate, which remains nicely above 90%. The ongoing migration of enterprise, applications and workloads to the cloud provides organizations with many well-known benefits, but it also provides attackers with entirely new and often unprotected vectors that they can exploit to compromise individuals for financial gain.
To deal with these evolving challenges, companies need a comprehensive set of people-centric cybersecurity and compliance capabilities to better safeguard their employees from threats and the sensitive data they interact with. As attackers have moved away from targeting infrastructure and toward socially engineered attacks to target people, security leaders increasingly need the ability to understand not only who in their organization is being targeted, but also the sensitivity of the information and the resources that those individuals can access, as well as how likely they are to be tricked and to succumb to an attack. Additional information such as the sophistication of the attackers; for instance, are they a hacker or a state-sponsored threat actor or whether the attack is targeted or part of a broader campaign is important so that security teams can take appropriate steps to prioritize their security to their highest risk most privileged or most vulnerable users.
Proofpoint is uniquely positioned to solve all of these challenges by combining our excellence in email security and threat intelligence with our broadening reach across new threat factors such as the cloud, web and social media. Since over 90% of attacks begin with malicious email, this vector remains the most important entry point for an enterprise to secure. And given the rapidly changing threat landscape, existing legacy solutions are unable to provide enterprises with a sufficiently capable defense due to their lack of focus and innovation. Our ability to quickly release effective solutions to protect against Business Email Compromise or BEC through our email fraud defense, as well as email account compromised through our CASB solutions, are great examples of this agility.
Defending against the email attack vector has always been Proofpoint's core capability and the insights gained by filtering billions of emails daily, provide extraordinary visibility into both the sources and destinations of these targeted attacks as well as their specific intent of each malicious campaign. This unique vantage point, not only serves as the foundation of our exceptional ability to protect customers from email threats, but also enables us to provide each customer with actionable data regarding their most attacked employees and how best to protect them. And since the same attacks that the threat actors attempt to deliver through email are simply repurposed and delivered through these new cloud attack vectors all of the intelligence that we glean from our email filtering system is automatically applied to our broader set of people-centric defenses.
One of the other people-centric risk that organizations face are threats for malicious or compromise insiders. In fact as noted in the most recent Verizon data breach investigations report approximately one-third of all breaches were due to insiders, further highlighting the need for security and compliance teams to gain visibility into the critical defense point. This important risk vector associated with the insider activities served as a key driver behind the acquisition of ObserveIT and their leading insider threat management platform. And as such serves as an important investment in our ongoing mission to provide our customers with a single integrated comprehensive platform to protect their sensitive data from these types of people-based risks. This ITM capability is delivered through a lightweight sensor that is loaded onto the endpoint and empower security teams to detect, investigate and prevent potential insider threat incidents by delivering real-time alerts and actionable insights into user activity.
Overall, we're making good progress in our integration efforts with ObserveIT and we're already seeing some early customer interest in this new capability across industries like financial services, manufacturing and retail. As noted in our press release announcing the acquisition, ObserveIT traditionally sold their technology as an on-premise solution based on a perpetual licensing model. We are making an immediate transition to a subscription-based model as Paul will discuss later. We also expect to release a cloud-based version of the Insider threat management solution later this year, which will further differentiate this offering. Beyond the core insider threat management solution we also seen an attractive opportunity to further leverage the ObserveIT endpoint sensor technology and user behavior and risk analytics.
We plan to integrate these capabilities with our email data loss prevention and casualty solutions to create a unified DLP solution. This cloud-based service will leverage our unique combination of data classification, user activity insight and threat context to significantly improve upon legacy on-premise DLP products that are based on outdated architectures and unsuited for modern IT environments. The core unified DLP service will enable customers to have unprecedented insights into data loss and user activity across email, endpoint and cloud applications and is expected to be available later this year.
Customers also have the option to extend these capabilities to data at rest via our Data Discover product and to unsanctioned web applications via our Isolation Technology. We believe this could be a potential game changer when compared to other legacy on-premise DLP solutions that are currently deployed in the market and represents a significant expansion of our total addressable market. In fact, we estimate that both insider threat management and unified DLP will expand our addressable market by an incremental $1 billion. This is yet another great example of our proven ability to acquire innovative technology solutions and pair them with existing Proofpoint solutions to enable us to create highly differentiated offerings that in many cases no other vendor in the industry can offer. We believe that these solutions are unmatched in the marketplace and are increasingly critical to protecting enterprises from threat actors.
Now turning to some of our key operating results during the fourth quarter. The rapidly changing threat landscape and the ongoing transition to the cloud and the migration of Microsoft Office 365 in particular continue to be the key secular trends that are helping to drive Proofpoint's demand for Proofpoint's full suite of security and compliance solutions. As existing on-premise infrastructure by definition cannot meet the challenges of this new generation of cloud systems and infrastructure. We also continue to effectively demonstrate the strength of Proofpoint's products when compared to the baseline security solutions provided by Microsoft as part of their Office 365 bundles.
In fact, in Q4 we had a record quarter in terms of new annual recurring revenue, driven by customers upgrading their security from Microsoft to Proofpoint. Examples of customers who had moved to Office 365 and subsequently decided to upgrade their security capabilities with Proofpoint during the fourth quarter included a Fortune 500 manufacturing company that purchased P0 bundle for 50,000 users, a software engineering firm that purchased a P0 bundle and PSAT for 30000 users; a European consulting firm that purchased Protection & Tap for 20,000 users; and a European payments company that purchased P0 bundle and PSAT for 10,000 users. We are also pleased with the success of our add-on sales into our customer base which contributed nicely to our growth this quarter.
In particular, we are very encouraged by the ongoing strength in demand for our emerging products, which yet again represented over one third of the total new and add-on business closed during the quarter led by strong demand for Proofpoint Security Awareness Training or PSAT, Email Fraud Defense or EFD and threat response. As well, we are quite pleased with the developing traction we're seeing with cap isolation launched in Q3, which seamlessly integrates our browser isolation technology into our TAP advanced threat detection system in order to further enhance the protection of end users. We had several notable wins in the quarter, including one transaction in Europe that was in excess of $1 million in annual recurring revenue. We're also seeing good progress in the market with our CASB service with several key wins in the quarter, including a 30,000-seat deployment for a State Government.
As we shared in prior calls, we've seen a significant increase in the number of account takeovers of Office 365 at other cloud-based applications putting organizations at significant risk from ex-filtration of sensitive data within the accounts, as well as internal attacks being launched by threat actors from these compromised accounts inside their own corporate domain. Our CASB service can automatically detect sign of compromise alert security teams and help them take corrective actions to regain control of the account.
Overall, we are very encouraged by the ongoing strength and demand for our emerging products, which continue to meaningfully outpace the rest of our product portfolio and again contributed over one-third of the total new and add-on business closed during the quarter. We are also pleased that at the end of 2019, our emerging products represented over 25% of the ARR under contract at the end of 2019, up from 20% at the end of 2018.
A key initiative for our go-to-market this year in support of these emerging products was the launch of our solutions bundles, P0, P1, P2 and P3. We believe that these bundles make it easier for customers to consume our broad set of capabilities, eliminating the need for multiple sales cycles and greatly simplifying the sales process for our sales team and importantly for the channel. Customers have also cited our bundle's ability to help them consolidate vendors and simplify security purchasing. While this effort is still early bundled products again contributed nicely to our Q4 results, reflecting solid customer interest in this approach. In fact, we closed over 200 deals with the entry-level P0 and P1 bundles this quarter and also made further progress with our higher-end P2 and P3 bundles. In total, bundled solutions represented over 20% of the annual recurring revenue that was added in the fourth quarter. Examples of customers that purchased bundles during the fourth quarter included a Fortune 500 financial services firm that purchased a P0 bundle and also privacy EFD in isolation for 25,000 users; and a regional medical center that upgraded to a P3 bundle for 10,000 users.
We also recorded another quarter of solid growth with our archiving solution as 2019 represented a breakout year for this product offering. Our pipeline continues to strengthen with several deals converting in the fourth quarter, including a Fortune 500 financial services firm that added additional compliance services for their 80,000 users; as the government health services department that purchased archiving for 13,000 users; a Fortune 100 retailer that added archiving for 11,000 users; and a large asset management firm that purchased archiving and PSAT for 4,500 users.
We also remain excited about our technology ecosystem partnerships, which continue to drive our pipeline, expand our market reach, and increase overall value to customers by delivering an integrated framework across the family of best-in-class security solutions. Of note, our recent integrations with Okta and CrowdStrike are progressing quite well resulting in several recent wins that implemented these joint solutions this past quarter. We also continue to make progress toward further expansion abroad and are pleased with the quarterly results in our international business, which grew 30% year-over-year and represented 20% of total revenue.
Overall, we believe that the operations outside of the United States are executing well with no indications of macro weakness or headwinds from Brexit as highlighted by several notable international deals closed during the quarter. Such as, a Global 2000 pharmaceutical firm that purchased Protection TAP Isolation and threat response for 140,000 users. A Global 2000 financial services firm that purchased a P1 bundle with isolation for 70,000 users; and a Global 2000 retailer that purchased Protection TAP and EFD for 60,000 users.
As we announced last week, we were pleased to report that Proofpoint's protection TAP and email data loss prevention solutions have officially achieved FedRAMP authorized status joining our archiving service which achieved this status in 2017. This is expected to help bolster our opportunity to gain share in the federal market over the coming years, particularly given the large number of agencies that still rely on legacy on-prem solutions for their email security and archiving requirements.
Finally we continue to invest in our overall growth opportunity and we're very pleased to have added nearly 800 people to our team around the world over the course of the past year with our total headcount ending at approximately 3,400 at the end of 2019. We plan to continue to invest in scaling our team in 2020, particularly in markets overseas as we capitalize on the burgeoning demand for people-centric security and compliance around the world.
So in summary we are very pleased with our strong Q4 results and our market momentum as we enter 2020. Our unique people-centric approach to cybersecurity and compliance is clearly resonating with customers and prospects alike and we believe we are well positioned to further execute on our plan to continue to gain share and drive attractive top and bottom line growth as we scale well beyond our $1 billion run rate, while leading the industry as we define an entirely new and important category security and compliance in the years ahead.
With that, let me turn it over to Paul.
Paul Auvil -- Chief Financial Officer
Thanks Gary. We were quite pleased with our operating results this quarter. Revenue totaled $243.4 million up 23% year-over-year and well above our guidance range of $237.5 million to $239.5 million. We believe that these results are particularly compelling when considering that approximately 99% of this revenue is recurring which just us apart as the leader on this metric across all publicly traded SaaS companies. As expected at the time that we announced the acquisition, ObserveIT contributed nominally to these results to the tune of roughly $3.4 million in total based on the combination of both perpetual and time-based licenses along with a contribution from legacy deferred revenue that was added to the balance sheet and recognized during the quarter. Absent this impact, we would have recorded revenues of roughly $240 million or 21% growth still above the high end of our guidance range for the quarter and a very good result when viewed in the context of the challenging comparison measured against the results that we recorded during the fourth quarter of 2018.
As we had expected the year-end calendar proved to be quite challenging with many companies marking their final working day of the year on December 23 and in some cases even sooner. That said, our sales and administrative teams executed an excellent form proactively working with each customer prospect to get their paperwork submitted before their company closed down for the holiday, enabling us to deliver billings in the fourth quarter of $347.2 million, an increase of 29% year-over-year and above the high end of our guidance range of $339 million to $343 million.
Gary and I would like to take this opportunity to thank all of our teams around the world for their extraordinarily long hours and hard work throughout the holiday season in delivering this billings record for the company and for our shareholders. Note that as expected, our fourth quarter billings represented nearly 1/3 of total billings for the year, reflecting a quarter-to-quarter sequential increase of nearly 25% from the preceding quarter and further underscoring the increasing seasonality, we are seeing in this metric. As noted on prior calls under ASC 606, the derivation of our billings metric now requires adjustments to reflect unbilled accounts receivable activity during the quarter as well as any right of refund liability. For Q4, the adjustment related to these two items had a positive impact to billings of $1.4 million.
Our duration over the course of the year continued to underscore the high quality of our free cash flow generation as we operated within our historical range of 14 to 20 months across the arc of the entire year. Fourth quarter was consistent with the duration that we recorded during the prior quarter as some of our larger customers chose to execute multiyear prepaid transactions as part of committing to the purchase and deployment of larger bundles of Proofpoint solutions. This trend in terms of duration is further reflected in our deferred revenue balances, which ended the quarter at $784 million, up $109 million sequentially with short term growing by $73 million and long term increasing by only $36 million. Note that this growth in long-term deferred revenue only contributed to 33% of the overall sequential increase in deferred revenue for the quarter, down from 41% in Q3 of this year. And it is also worth noting that our short-term deferred revenue balance grew by 26% when measured year-over-year.
Before turning to expense and profitability metrics, I'd like to provide some final commentary as it relates to our segment reporting. As we've shared on prior calls, our bundling initiative has become a key element in our strategy to drive further customer adoption of our growing portfolio of solutions. As Gary noted, over 20% of the ARR that was added in 2019 was driven by this new approach and we are encouraged with our early traction. As we expect to continue to drive adoption of these bundles in the years ahead, they will become an increasingly meaningful contributor to our revenue with the allocation of value of individual products becoming increasingly subjective as a result. With that in mind and given our evolving operating structure as a business, we will no longer provide segment reporting between our advanced threat and our overall compliance-oriented products as we believe that it is not informative in terms of measuring the performance of the business nor does it reflect how we run the business in terms of reporting our operating structure.
Turning to expenses and profitability for the fourth quarter. On a non-GAAP basis our total gross margin was 80% above our expectations, driven primarily by our strong revenue performance. During the fourth quarter, total non-GAAP operating expenses increased 23% over the prior year period to $157.1 million, representing 65% of total revenue.
In terms of profitability for the quarter, we reported non-GAAP net income of $33.2 million above our guidance range of $30 million to $32 million. And note that the nominal addition of revenues from ObserveIT were effectively offset by additional operating expenses contributed by their operations. And as such, as expected the acquisition had no material impact on the net income recorded for the quarter.
Moving on to EPS, non-GAAP earnings per share for the quarter was $0.52 per fully diluted share above our guidance range of $0.47 to $0.50 based on 64.9 million shares. The EPS calculation applies the if-converted method to our newly issued convertible notes and as such adds back $575,000 in cash interest associated with the convertible debt. On a GAAP basis, we recorded a net loss for the fourth quarter totaling $28.7 million or $0.51 per share based on 56.5 million shares outstanding. In terms of cash flow, we generated $76.4 million in operating cash flow and invested $11.3 million in capital expenditures, resulting in free cash flow for the quarter of $65.1 million above our guidance range of $58.2 million to $60.2 million.
Turning to a quick summary of the results for the full year of 2019. Total revenue was $888 million, an increase of 24% compared to 2018. Billings for the full year were $1.072 billion, up 22% year-over-year, and above the high end of our final guidance for the year. Non-GAAP net income for the year was $106.7 million, or $1.77 per share based on 60.7 million weighted average diluted shares outstanding and above our guidance of $103.5 million to $105.5 million, or $1.72 to $1.75 per share. The EPS calculation applies the IF-converted method and such adds back $818,000 in cash interest associated with our convertible debt.
We generated $242.5 million in operating cash flow and invested $35.2 million in capital expenditures, resulting in free cash flow for the year of $207.3 million. Excluding the one-time payment of $8.4 million for the transfer of intellectual property associated with our acquisition of Meta Networks, free cash flow would have been $215.7 million, or 24% of revenue, up from the 22% recorded in 2018, highlighting the company's ability to generate strong free cash flow, growth, while at the same time delivering compelling top line results at scale.
I'd like to take a moment to provide everyone with an update regarding our annual customer statistics, which underscore the significant progress we've made in both expanding our customer base, while driving the sale of additional services over the past 12 months.
In terms of enterprise customer count, we are up 31% over the past 12 months, ending the year with approximately 7,100 enterprise customers, each of which contributes a minimum of $10,000 in annual recurring revenue to our business. As in past years, this metric continues to exclude the tens of thousands of smaller customers that are below this annually recurring revenue threshold most of whom access our solutions through our SMB-oriented Essentials platform.
Now as a reminder, Proofpoint Essentials is our cloud-based multi-tenant email security solution targeted at smaller businesses that want the same world-class email security that is available with our Proofpoint Protection and TAP solutions, but don't need the dedicated infrastructure and other features provided as part of our enterprise platform. This Essentials solution is primarily sold through MSSP partners and has steadily gained traction and market share in the market over the past several years. In fact, as of the end of the fourth quarter, we are pleased to report that the Essentials platform now provides services to over 100,000 customers around the world through these partners. And going forward, we believe that our Essentials solution is poised for continued growth in the years ahead.
Another important factor fueling our growth is our success in driving additional sales to our existing customers by leveraging our broadening product line, which now stands at 20 unique services and continues to represent an opportunity of well over $1 billion in annual recurring revenue, if we were to sell these products into our installed base. This expanding product portfolio is also important as many of these solutions, such as, PSAT Insider threat management CASB additional risk, create additional opportunities to engage prospects and land new customers beyond our traditional entry point leveraging protection in TAP.
Overall, we continue to make great progress with add-on sales with just over 60% of recorded in 2019 coming from add-on and further exemplified by the fact that over the past 12 months, the number of customers with three or more products has increased from 2,900 to 4,000, an increase of 38%. And yet this statistic also highlights that just under half of our customers still only have one or two products providing substantial headroom to drive revenue growth, through add-on sales into our customer base.
We ended the year with approximately 540 enterprise customers from the Fortune 1000, so just over half of that index each of whom has at least one significant enterprise scale deployment with Proofpoint. It's important to note, however, that even with this ongoing success, we still have substantial opportunity to further grow our revenues with these customers through the add-on sale of additional Proofpoint capabilities, while also winning new customers in this category through our best-in-class security and compliance solutions. And as a point of reference, of these Fortune 1000 customers roughly 3/4 of them are Proofpoint protecting customers which means that many of these customers joined Proofpoint through an initial purchase of a solution outside of our core email security product line, demonstrating yet another benefit of our broad product suite.
Internationally, we ended the year with 24% of the Global 2000 further highlighting that the addressable market outside of the United States in both EMEA and Asia Pacific represents a compelling future growth opportunity for Proofpoint. We're quite pleased with the progress we've made in expanding our global customer base and further penetrating it with our comprehensive portfolio of security and compliance products. We plan to provide an even deeper dive regarding our traction with bundles add-on sales and expanding our global customer base at our 2020 Analyst Day which we expect to hold sometime during the second half of this year.
With 2019 behind us, let's move on to guidance for 2020. As we start the New Year, we remain well positioned with a broad product line, a loyal customer base, a favorable competitive environment, and a line of sight to generating revenues in excess of $1 billion a milestone that has been achieved by only 5% of public tech companies that were founded since the year 2000.
In terms of billings as we shared on our Q3 call in October, after 32 consecutive quarters of consistently exceeding our billings guidance, we have decided that we will no longer be providing guidance for this metric with our operational activities now evolving to carry more of an emphasis on the timing of cash flow rather than the timing of billings. For those investors and analysts who choose to continue to model this metric, we'd like to reiterate our previous commentary that billings growth will likely be equal to or slightly less than revenue growth in 2020 depending on duration of build contracts which we would expect to remain somewhere in our range of 14 to 20 months. And in terms of timing should follow a seasonal pattern similar to past years given the timing of sales and customer renewal cycles with approximately 35% to 40% of billings invoiced in the first half of the year and approximately 1/3 being invoiced during the fourth quarter.
Please refer to the detailed commentary that we provided during our call in October for additional model and commentary on this topic. In terms of revenue guidance for 2020 we are increasing our original range of $1.05 billion to $1.0625 billion to a new range of $1.06 billion to $1.067 billion which raises the midpoint by just over $7 million and reflects an annual growth rate of 20%. When factoring in our Q1 guidance that I will outline shortly of approximately 22% growth and adjusting for the $3.4 million in revenues contributed by ObserveIT in Q4 2019, the high end of this annual guidance range suggests approximately 20% growth for each of the final three quarters of the year 2020. As Gary noted, we are excited about our acquisition of ObserveIT and their world-class Insider threat platform and I'd like to take a moment to provide some additional modeling points on this topic. As we noted in the November release announcing the acquisition, we are immediately moving their business from a model based on perpetual licenses to a model based on subscription licenses in order to directly align with the rest of our solutions.
Under standard acquisition accounting, over the course of 2020 we will recognize a total of $3.7 million in deferred revenue associated with our legacy support and maintenance contracts to be recognized as follows: $1.2 million in Q1, $1.1 million in Q2, $0.8 million in Q3 and $0.6 million in Q4. Beyond this limited deferred revenue benefit, we are effectively starting from scratch in terms of the economic model of selling subscription-based licenses on a go-forward basis for this solution. And with this measured against an annualized spend rate in the acquired business of roughly $40 million or $10 million per quarter.
We expect full year 2020 non-GAAP gross margins to be approximately 79.5%, modestly improved when compared to 2019 and above the high end of our long-term range of 77% to 79%. In terms of non-GAAP net income, based on the details that we provided on our call in October, our implied guide for net income for the full year was roughly $120 million at the midpoint. However, subsequent to that guidance in mid-November, we announced our acquisition of ObserveIT.
Taking into account the $40 million of additional operating expense from this acquisition, offset by the aforementioned $3.7 million contribution to revenues from acquired deferred revenue, brings the midpoint of our initial guidance down to roughly $90 million when applying C&DI tax rate of 17%. With all that as background, when taking these factors into account, we are raising the midpoint of our initial guidance to $93 million with a range of $91 million to $95 million or $1.42 to $1.48 per share using 65.8 million shares outstanding. In terms of a tax rate under C&DI, for 2020 we expect a rate consistent with 2019 of approximately 17%. This guidance also assumes depreciation of roughly $36 million to $38 million, $11 million in net cash interest income and an income tax provision exclusive of potential discrete items of approximately $3.5 million.
Now turning to cash flow. Free cash flow in particular for the year. As we added on our earnings call and shared in October, our initial expectation for free cash flow in 2020 was approximately $225 million, which included roughly $25 million in one-time net cash expenses associated with the build-out of our new corporate headquarters. As with net income, subsequent to this guidance, we announced our acquisition of ObserveIT in November where we indicated that for 2020 we will be taking on annualized spending of roughly $40 million with an estimated offset from the legacy maintenance and support activities of roughly $5 million. This impact alone would naturally adjust our original guidance of $225 million, downward to $190 million. With that said, with the acquisition complete, we have decided to repatriate the intellectual property of the company from Israel to the United States, consistent with our tax strategies for both Meta Networks and FireLayers. This one-time tax payment of roughly $20 million will be incurred here in Q1 of 2020, thus adjusting our initial cash flow guidance down further by an additional $20 million from $190 million to $170 million.
With all that as backdrop and taking all these factors into account, we're effectively raising our free cash flow estimate here at the start of the year by $10 million from this adjusted baseline of $170 million to an updated range of approximately $178 million to $182 million, which equates to a free cash flow margin of approximately 17%. That said, if we adjust for the one-time effects just noted, this would bring our adjusted free cash flow to approximately $260 million, which at 24% of revenue would be consistent with the 2020 model that we had outlined in our analyst days in both 2016 and 2017. Similar to past years, we expect the majority of this cash flow to be delivered in the second half of the year with roughly $65 million or 35% of total contributed in the first half. Consistent with last quarter's commentary, this 2020 guidance assumes capital expenditures of $93.5 million including approximately $43.5 million in capex associated with the build-out of our new headquarters, though partially offset by approximately $18.5 million in the form of a tenant allowance that we have negotiated with the landlord. As a reminder, this offset will run through the operating cash line of the cash flow statement as opposed to netting against capital expense.
Now, let's discuss our financial outlook for the first quarter in particular. As noted, we expect revenue to be in the range of $246 million to $248 million, reflecting 22% growth at the midpoint. We expect first quarter non-GAAP gross margin to be roughly 79%, down slightly from Q4. We expect first quarter non-GAAP net income to be $16 million to $18 million, or $0.25 to $0.29 per share. This also assumes an income tax provision exclusive of discrete items of approximately $1 million during the quarter.
Net cash interest income of $3 million, depreciation of roughly $9 million and a share count of 65.1 million fully diluted shares outstanding. We expect first quarter free cash flow to be $50 million to $52 million, which includes capital expenditures of roughly $11 million, and no material spending on the new campus. This guidance also includes the aforementioned $20 million cash payment associated with the ObserveIT intellectual property transfer.
Before wrapping up, I'd like to share a few reminders about seasonal trends that occur within our financial model. First, revenue growth tends to be a bit lower sequentially from the fourth quarter to the first quarter given that we employ a daily revenue recognition methodology with respect to releasing subscription revenues from our deferred revenue accounts. More specifically, given that Q1 has only 91 days of revenue to recognize as compared to 92 in Q4, the result is a sequential decline in subscription revenue from our existing business of approximately 1%, which equates to roughly $2.5 million at our current size and scale.
Also, on the cost side, keep in mind that the first quarter is always a step backward in terms of profitability and cash flow for the Company as our first quarter includes seasonal increases in costs associated with payroll taxes, sales kickoff, initial sales and marketing investments for the year, the timing of payment for the Company's annual bonus program, as well as accelerated commission payments for our top sales performers at the end of the year.
In conclusion, we continued to execute well, delivering strong top and bottom line operating results in the fourth quarter and the full-year 2019, and we remain well positioned competitively. Our targeted 2020 investments are expected to expand this opportunity, and we believe that Proofpoint remains well positioned to continue to drive disciplined growth with increasing free cash flow margins in the years ahead, built on our proven capability to defend enterprises against today's advanced security and compliance threats. While 2020 is clearly a bit of an investment year, given our new headquarters and the integration of ObserveIT, we do expect these to be absorbed into our operating framework as we exit 2020.
In terms of one final thought, as we execute on our guidance of exceeding $1 billion in revenue here in 2020, from this vantage point, we see a much larger opportunity in the years ahead, given our many investments over the years compared with what we believe to be very favorable trends in the market. So with that said, we're now turning our focus to our next major milestone where we intend to double the business to $2 billion in annualized revenues in the 2023-2024 timeframe, while continuing to execute on our ongoing commitment of delivering a rule of 40 score in the mid-40s built on the combination of attractive revenue growth and free cash flow margins.
Before turning it over to the operator for questions, I would like to request that everyone limit themselves to just one question to help reduce the duration of the call and to ensure that everyone has a chance to be included in today's discussion.
Thank you very much for taking the time to join us on our call today. And with that, we'd be happy to take your questions now. Operator?
Questions and Answers:
Operator
Thank you. [Operator Instructions] And we will go first to Rob Owens of Piper Sandler Corporation.
Robbie Owens -- Piper Sandler & Co. -- Analyst
Great. And thank you, guys, for taking my question. Gary, in your prepared remarks, you did talk about email remaining a top attack vector. And you talked about your unique vantage point of billions of emails daily and how that helps feed the entire system. And also pointed out that the new ARR from Microsoft to Proofpoint was hitting record levels. But if you just strategically look at where Microsoft sits in the ecosystem, they're also seeing even more emails daily. And so, I guess, over the long run, what keeps you ahead of them? And where is the competitive moat? And why haven't they been able to catch up, in your opinion, at this point?
Gary Steele -- Chief Executive Officer and Chairman of the Board
Well, I think that the one advantage that we have is this is what we do for a living. This is what we wake up and think about every single day. And what is critical in this world is to have a high-level of agility. And as I noted in our prepared remarks, as we've seen the threat landscape move, we've responded with capabilities that then better protect our customers. And I think at the end of the day, agility is the absolute critical element here that ultimately creates that competitive moat.
And if you look at the history, Microsoft has been in this market for a long time. They originally bought FrontBridge in the '04, '05 timeframe, that turned into EOP. EOP has been a core part of every single bundle that they've had when it was on-prem, and then when it was in the cloud. And that's still, over that 14-year period, 15-year period, they still haven't been able to respond with the agility required. And then they introduced ATP, Advanced Threat Protection, in 2015 in June. It's been out almost five years, and we just haven't seen the agility required to keep up with the change in the threat landscape and the threat actors. And because this is all we do, we've been able to continue to stay well ahead of what Microsoft's been able to deliver.
Robbie Owens -- Piper Sandler & Co. -- Analyst
Thanks.
Operator
And our next question comes from Walter Pritchard of Citi.
Walter Pritchard -- Citigroup -- Analyst
Hi, thanks. I've got a question for you, Gary. I think ObserveIT is the first product that you have a, really, a substantial footprint on the endpoint. And I know you mentioned it's kind of a minimal agent, but it was sort of thought as almost host product. How do you think about the build -- your ambitions on the endpoint further building that out? And is that something that's just inevitable as you sort of expand your -- the sort of ambition of what your Company is trying to do around people-centric security?
Gary Steele -- Chief Executive Officer and Chairman of the Board
Yeah. No, great question. So, we viewed having an endpoint presence as critical as we bring together all the capabilities required for a unified DLP offering. And in particular, one of the key use cases that you can only identify through having an endpoint would be to, say, for example, be able to identify a user who downloads information from Salesforce and then wants to take that information and put it out on an unsanctioned web app like Dropbox. So those are critical use cases where we see an endpoint as super strategic in our overall product portfolio.
Now, the other part of your question, do we see ourselves moving that endpoint agent into EDR? We do not see that. So we do not have intention of going out and competing against the endpoint security vendors like a CrowdStrike or others. And we continue to see our partnership having great benefit there. We want to be able to use this endpoint strategically from a DLP perspective.
Walter Pritchard -- Citigroup -- Analyst
Okay. Thank you.
Operator
And moving on, we'll go to a question from Sarah Hindlian of Macquarie.
Sarah Hindlian -- Macquarie -- Analyst
Hi, great. Thank you, guys, so much for taking my question. Just what I wanted to get into with you is, we've really very much been looking forward to FedRAMP certification. And seeing it come through, I believe it was last week on TAP and on core email was obviously really good news. So there's also a massive amount of migration in federal government over to both Office 365 and Azure as well. And I'm wondering how you're thinking about your place attacking that business with your FedRAMP certification today. And how large of an opportunity you think it could be?
Gary Steele -- Chief Executive Officer and Chairman of the Board
Yeah. No, great question. So, we're very excited about the opportunity within the federal government. As we noted in our prepared remarks, we've had FedRAMP certification for our archiving solutions since 2017. And now with the certification of our core Protection and TAP solution, we think that there's a great opportunity there as the broader federal government moves from a widely on-prem environment to increasingly a cloud environment with Office 365 or even Google G Suite. So we're super excited about this. The enablement that we've been focused on is building out our go-to-market capabilities with a larger and more robust sales team. That's been happening over the course of last year. And so, that team is ramping, and we feel very good about this opportunity.
If you look today across our business, all government has been roughly 5% to 7% total. And it's hard for me to break federal out, which we haven't done in the past. It's a smaller percentage of that. So, if you think where could that be over time? Could that double over time? Sure. And so, while we don't necessarily anticipate a massive federal year in 2020, while we ramp our team, we do see that as a really important and really interesting investment opportunity for Proofpoint. And we think there is a tremendous amount of opportunity as the broader federal government moves to cloud.
Sarah Hindlian -- Macquarie -- Analyst
Awesome. Thank you very much. Appreciate it.
Operator
And our next question comes from Jonathan Ruykhaver of R.W. Baird.
Jonathan Ruykhaver -- Robert W. Baird & Co. -- Analyst
Yeah. Good afternoon, guys. So regarding the bundled -- the bundling initiative, I think you talked about smaller organizations moving from P0 to P1. But I'm more interested in what you're seeing around enterprise adoption, what your expectations are for enterprise adoption as we move through 2020. And do you have certain expectations around what the uplift to ACV could look like on renewal within that set of customers?
Gary Steele -- Chief Executive Officer and Chairman of the Board
Yeah. I'll start, and I'll let Paul dive in here. So the one motion that we see, Jonathan, is customers that have our core capabilities, so they're either with a P0 or P1, so they have Protection TAP and our threat response solution. We see a lot of interest today in moving -- adding to that, our CASB solution, for example. So that would be a natural move to a P2 or potentially even a P3. And over the course of both Q3 and Q4, we saw a number of really good examples where the customers did exactly that. So we think that through the course of 2020, we'll see a lot more motion that way. And I think, frankly, our sales team is getting more effective at promoting the benefits of that move.
I'll let Paul talk a little bit about the pricing opportunity there and the value that can be delivered through that.
Paul Auvil -- Chief Financial Officer
Yeah. Thanks, Gary. I think one thing that I'm particularly pleased with, quite frankly, is, as all of you know, we first launched bundles at the beginning of 2019. And so, in the first quarter, things were really just getting rolling. So, the fact that over the course of 2019, over 20% of our ARR that we added during the year came from bundles, I thought was actually quite impressive. I was really pleased with that. And if you step back and you think about the things that we talked about in terms of examples on both the third quarter call, as well as the fourth quarter call, we had some fairly large customers buying bundles. Some of which were brand-new to the Company and buying a large bundle, not just a P0 or P1, but a P2 or P3 for the first time, as well as upgrades.
So, I think that as we look at 2020, I'd say that we have modest expectations built into the current plan in terms of how our installed base might upgrade to these larger bundles. But, obviously, many of our salespeople, especially the ones in the enterprise side of the business, have been now already working for many months in discussions with customers around the idea of starting with whatever platform they currently have with Proofpoint and upgrading to a larger bundle. So, it will be very interesting in the first half of the year to see how it plays out. But there's quite a bit of potential there and something that -- when I mentioned that the statistics around the number of customers that have one, two and three products, even the customers that have three or more products are still great candidates to upgrade to a P2 or P3 bundle. So there's well over $1 billion of add-on business that we can generate in terms of recurring revenue just selling into our installed base.
And so, I think that given the fact that 60% of our new and add-on recurring revenue this year came from add on, I think that statistic could continue to move upward over the next few years as bundles really take hold. But again, we'll see, the next few quarters should be interesting.
Jonathan Ruykhaver -- Robert W. Baird & Co. -- Analyst
That's great. Thanks guys.
Operator
And moving on, we'll go to a question from Alex Henderson of Needham.
Alexander Henderson -- Needham & Company -- Analyst
Great. Thank you very much. Just wanted to see if you could talk a little bit about how often you're running into KnowBe4? Been pretty impressed with their growth rate. They talked about it being a very large market in the training space. Obviously, you're doing well with it. But I just wanted to think through a little bit to what extent you run into them when you win, when you don't win? Do you see them in your accounts, where your platform is dominant? Or do you just run into the new accounts? A little bit of detail around that would be very helpful. Thank you.
Gary Steele -- Chief Executive Officer and Chairman of the Board
Yeah. So, KnowBe4, clearly, is a competitor in the security awareness and training business. Our strategy has been pretty simple is to demonstrate the value of the integration between our security awareness training in this broader people-centric framework. And so, simple things that are incredibly high-value to customers. For example, when a user reports a phish, we can automate that whole process from front-end to back-end, and we can demonstrate the economic argument to the customer of why that integration has tremendous value. So, for example, in the second half of '19, we moved the customer over. They had six people doing all that work manually, and we replaced all that with the automation of this capability. It's known as CLEAR, we've referenced it in previous earnings calls.
So -- and then you combine that with all the threat intel that we have where we can basically use that threat intel to help identify who are the users that ultimately need training. So, where someone is -- has a high click rate, we can then put people into training automatically and create a more integrated experience across this whole thing. So, what we're encouraged by broadly is, this is a very big market. It's moving fast. I think the reference, Alex, that you made around KnowBe4's growth, I think, it just demonstrates this as a fast-moving market. And so, we're extremely enthusiastic about how this plays a role with our broader offering. And yes, KnowBe4 is definitely a competitor out there, but we view this market to be large, we view it to be international and there's, frankly, not a lot of players there. So we feel really good about the opportunity.
Operator
And our next question...
Jason Starr -- Vice President, Investor Relations
Can we go to the next question?
Operator
...comes from Matt Hedberg of RBC Capital Markets.
Matthew Hedberg -- RBC Capital Markets -- Analyst
Oh, hey, great. Hi, guys. Thanks for taking my question. In regards to ObserveIT, it really seems like you guys have a good opportunity to disrupt really the legacy DLP market. There hasn't been a lot of innovation there over the years. But, I guess, for Paul, a point of clarification. It sounds to me like you might start to generate some revenue later in 2020 from the acquisition. But I just wanted to confirm, in your initial guide outside of the $3.7 million of DR that will convert to revenue, you aren't assuming any other contribution from the acquisition this year? In other words, if you do get some later in the year, should that be considered upside to the guide?
Paul Auvil -- Chief Financial Officer
Yeah. As we look at it, and I outlined it a little bit in the transcript, we're doing a complete reset on their business model by shutting down their perpetual licensing. So, other than this legacy deferred revenue that we're bringing over and the opportunity to renew some of the existing contracts, which totaled about $5 million, as I referred to, we're starting all over again in terms of driving pipeline around a subscription-oriented license.
Now, we'll continue to sell the ITM, the insider threat management platform, we think it's a great platform with tremendous potential. But as Gary talked about, there's also this emphasis on integrating it fully with the rest of our DLP capabilities and rolling out an enterprise DLP product. So, there's some amount of contribution one would expect from going out and driving the subscription business around that. And so, as I think about our new and add-on recurring revenue model and our sales team out selling the products, certainly, part of what I expect to deliver over the course of the year will be around that legacy ITM platform but converted over to a subscription model. But it's one of 20 products. So it's -- we view it really as a kind of starting from scratch sales effort that we have to go out and execute on here now starting in January.
Matthew Hedberg -- RBC Capital Markets -- Analyst
Got it. Thanks.
Operator
And our next question comes from Andrew Nowinski of D.A. Davidson.
Andrew Nowinski -- D.A. Davidson & Co. -- Analyst
Great. Thank you, and congrats on a great quarter. So, on the call, you touched on many different catalysts for growth this year, including the increasing adoption of Office 365, the ramping opportunity on your high-end bundles, the add-on opportunity to sell some of your new solutions like ObserveIT. And so, I'm just wondering if you could possibly rank order how we should think about those catalysts now that we're heading into 2020. And which ones will have perhaps the most impact on revenue and the potential upside to your guidance? Thanks.
Gary Steele -- Chief Executive Officer and Chairman of the Board
Yeah. That's an interesting question. And quite frankly, I wouldn't say that we necessarily spend a lot of time in this next executive team trying to rank order them. We're more focused on these broad categories and then run marketing and go-to-market campaigns around all of them. So, obviously, yeah, there's still a large number of enterprise customers that haven't moved to Office 365. So, when I think about our net new customer acquisition vector, most of it is driven by that still. Although, as we talked about in the Fortune 1000 accounts, over 25% of them, we got not through our kind of classic protection and TAP play, but through selling different products as an initial starting point.
So, anyway, I think our net new account acquisition for the next year will probably still -- the preponderance will still come from our classic protection TAP go-to-market. But as I think then about business coming from the add-on plays, it's hard to handicap one versus another as being primary drivers. I think we look at bundling as a great strategy. We look at individual products, whether it's in the CASB space, whether it's PSAT, for example. As we look across all those different products, it's a great opportunity. And, of course, one of the things that we touched on as well is, we're quite pleased with the international growth rate, which we recently recorded a 30% year-over-year. So, we have very small current penetration globally, but with tremendous opportunity.
And, of course, last but not least, the train is finally leaving the station, if you will, on archiving, and we talked about some really nice wins here in 2019. I would expect that 2020 will likely be another year of interesting archiving opportunities that help drive our top line and our cash flow and bottom line as well. So, I know that's a more generic answer than you might have been looking for, but it's hard for us to actually rank these one by one because, at this stage in the year, it's hard to say exactly which ones will be the most compelling catalyst for growth. It's easier to look at it in retrospect. But what I like is that, there aren't many companies, even at this scale, it's a $1 billion company, that have so many different levers to help drive growth. And so, I really like our setup, not only going into 2020. But again, as we look to the '23, '24 timeframe where we're running at a $2 billion annualized run rate. We have lots of levers to go make that happen.
Andrew Nowinski -- D.A. Davidson & Co. -- Analyst
Understood. Keep up the good work guys.
Gary Steele -- Chief Executive Officer and Chairman of the Board
Thanks.
Paul Auvil -- Chief Financial Officer
Thanks.
Operator
And we'll hear next from Phil Winslow of Wells Fargo.
Philip Winslow -- Wells Fargo Securities -- Analyst
Hey, thanks, guys for taking my question. Congrats on a great close to the year. Just did want to focus in on just your international efforts. Obviously, you called out some of the growth there. But I'm wondering if you could walk us through just sort of some of the initiatives that you have for 2020, if there are any changes versus 2019 across those markets. Thanks.
Gary Steele -- Chief Executive Officer and Chairman of the Board
Yeah. I think, Phil, for us, I think the main thing is, we made investments in '19 where we began to get good presence in newer markets. So, Spain, Italy, Middle East, Nordics, where we traditionally go back to '18, we didn't have anybody there. And so, leadership is very much focused now. How do we deepen pipeline, drive productivity in these new markets, which we're super enthusiastic about. We just came off of our sales kickoff, which went phenomenally well. I've actually never seen the team so charged up. And I think in particular, I think the international team feels incredibly optimistic because we've been underrepresented in a lot of these markets. So it's really about blocking and tackling in new spaces where we traditionally haven't had people, and we are super enthusiastic about it.
Operator
And we'll go to our next question from Gur Talpaz of Stifel.
Gur Talpaz -- Stifel, Nicolaus & Company -- Analyst
Great. Thanks for taking my question. With ObserveIT, can you walk us through the thoughts here around migrating the architecture to the cloud? You talked about a potential hybrid architecture going forward. So is the idea here to be hybrid on a go-forward basis with some parts moving to the cloud and then supporting an appliance framework for the foreseeable future?
Gary Steele -- Chief Executive Officer and Chairman of the Board
Sure. So, at a very simple level today, the way solution works, there's this endpoint sensor that runs on an end user's laptop or desktop, that today communicates to a back-end server that collects all the alerts that come from the endpoints. The future looks like you can take that back-end server, you can move that entire platform to the cloud. And so, the agents then speak directly to the cloud with all of that user activity and information about what an end user is doing, that then flows to the cloud. So that's the most basic move. And then you can also run in an environment where that server still stayed -- on-premise server sits in the environment but then communicates to the cloud as well.
So you'll have a variety of configurations. And what we're excited about is that back-end cloud platform will be our back-end investigative platform that brings together our unified DLP solution. So think about that endpoint sensor and all that information coming from that, information from our CASB and information from our email environment, all within a single environment and seeing all those alerts and events in a single cloud-based environment.
Did that help Gur?
Gur Talpaz -- Stifel, Nicolaus & Company -- Analyst
That's helpful. Thank you. It does. Yeah. Thank you.
Operator
And our next question comes from Jonathan Ho of William Blair.
Jonathan Ho -- William Blair & Company -- Analyst
Hi. Good afternoon. It sounds like you executed well in 4Q around sort of that challenging calendar timeframe. Were there any deals that maybe slipped out into 1Q or anything that was worth noting on the linearity outside of sort of things working out as you expected?
Gary Steele -- Chief Executive Officer and Chairman of the Board
Yeah. I mean, there's always a few deals that push out, and Q4 was no exception, particularly given the fact that, again, most of the customers went incommunicado on the 23rd of December, some even sooner. But those things, obviously, have now been picked up and completed and dealt with. We often have room to give the customer a handful of days of grace period if they don't quite get their paper working on time. But there was no meaningful push out. I think it's because we were very, very focused on the fact that we knew this was going to be a very complicated last couple of weeks of the quarter.
And so, quite frankly, a combination of sales and the administrative teams were just all over the details of not only getting all the renewals done on time, but also working with customers looking to buy newer add-on business and making sure they were clear on the timing of what were their calendars, when would they know when they're going to be available. And with that in mind, we're here through 12/31 at midnight. But what timing works for you in order to get this paperwork done. So, it was as complicated a quarter end as we had expected, but we were really pleased with how everybody executed as we worked our way through that.
Jonathan Ho -- William Blair & Company -- Analyst
Great. Thank you.
Operator
And we'll move to our next question from Melissa Franchi of Morgan Stanley.
Melissa Franchi -- Morgan Stanley -- Analyst
Great. Yeah. Thanks for taking my question. I wanted to follow-up, Paul, on your guidance for $2 billion in 2023-2024, that's adding an additional $1 billion in revenue. And I'm wondering if you could help us parse out where that $1 billion is going to come from across the legacy email security market, just given there is a lot of legacy deployments to displace and/or the new add-on solutions, particularly as you're executing to the people-centric strategy. Thanks.
Paul Auvil -- Chief Financial Officer
That's a good question. I mean, right now, the TAM across all of our products is roughly $15 billion, and it's actually higher if you include these new enterprise DLP capabilities that we'll look to deliver later in the year. And so, we're really only talking about picking up another 6 or 7 points of share of that overall TAM over the next several years in order to go make that happen. So, with that in mind, as we look at it, I do think that we'll probably see an increasing amount of the recurring revenue growth from here come from the existing customer base, not dramatically. But as we saw in 2019, it was about 60%. I think as we drive more bundles and drive lots of these products into our installed base and becoming more and more strategic with these accounts, you'll see more growth come from there.
But that said, as I touched on earlier, international is a huge untapped opportunity. And I think we'll execute, I believe, quite well on that. And I do think that with 540 of the Fortune 1000, while we'll never probably get 100% share, that doesn't happen in most markets. I think there's still room for us to add a meaningful number of those customers to the fold. Even if not with email security, to sell them other products. And as I've mentioned, 25% of that Fortune 1000 customer base, that 540, are currently Proofpoint Protection or TAP customers. So, we could easily see relationships with these Fortune 1000 accounts where maybe they're CASB and enterprise DLP and may not use our email security solution in the near term. That's perfectly fine. There's significant revenue opportunity, significant in terms of gross margin and cash flow contribution. So, we're not overly focused on necessarily driving additional growth in email security market share per se as part of driving this path from $1 billion to $2 billion over the next several years.
Operator
And our next question comes from Nick Yako of Cowen and Company.
Nicholas Yako -- Cowen and Company -- Analyst
Great. Thank you. Some of the third-party research firms out there are increasingly talking about the importance of scanning internal emails and communications. So just curious to hear how you're thinking about that opportunity. And if you're seeing elevated interest from customers?
Gary Steele -- Chief Executive Officer and Chairman of the Board
So today, Proofpoint offers a solution called Internal Mail Defense that allows us to apply all of our threat detection capabilities, as well as our compliance-oriented, policy-oriented scanning to internal email. So that's something that we've had available for, I think, it's roughly two years. And it's done quite well, as more organizations worry about malicious content spreading if you have a compromised account. And so, frankly, we've seen more interest in this because of the ramp in compromised accounts that happen to Office 365 these days. And we're finding more and more threat actors focused on infiltering Office 365, taking over an account and then launching campaigns within Office 365. So that's a very real and real concern for companies today. And that's why we launched this solution two years ago.
Operator
And we'll hear next from Gregg Moskowitz of Mizuho.
Gary Steele -- Chief Executive Officer and Chairman of the Board
Gregg?
Operator
And one moment while we -- looks like he have [Indecipherable].
Gary Steele -- Chief Executive Officer and Chairman of the Board
We have lost him on the -- in the queue we can try and get him back. But lets go to our next question.
Operator
Okay. Thank you. And we'll hear next from Steve Koenig of Wedbush Securities.
Steven Koenig -- Wedbush Securities Inc. -- Analyst
Hey, guys. Hey, I was really interested in Okta's report that they put out just recently. Their data showed Proofpoint was one of the top three fastest-growing apps at any time. In 2019, app usage was up over 100% for their data. And internally, as well, the top three were all user-focused security apps. So I'm kind of curious, Gary, as you talk to customers and as Proofpoint goes to market in the field, are those conversations involving people-centric security in the extended portfolio, particularly around browser isolation, CASB, maybe insider threat. Are they coming to you wanting these products? Are you -- how much are you having to educate them, how does this differ and add-on versus new customer sales and bundles? How are they helping in the unified DLP, like how will this help this whole motion. So kind of how is this people-centric security, how is it being reflected in your conversations, what's the tone of those?
Gary Steele -- Chief Executive Officer and Chairman of the Board
Yeah. No, it's really interesting. So, with existing customers, customers are really loving that because we're giving the visibility and insight they never had and then they can think more proactively about what are those additional controls they wanted to put in place to impact these highly targeted users. So that, within the customer base, we're starting to see more and more dialogue today. And I'm amazed that the number of CISOs where we're doing their board decks for them because we have such great visibility and insight. And it's very easy to then digest that information for board members, etc. So that's really working.
When we talk to new prospects, people that haven't been exposed to the people-centric model, what they understand fundamentally, though, is that the risk, from a security perspective, comes from what an end user may do and where an end user is getting targeted. So what we're finding in some of the more sophisticated organizations, they're doing their own version of threat modeling and user risk modeling. And so, we provide basically all of that from an -- in an automated fashion. So it's really worked well for us. And I think that as we broaden our product line and we extend it, for example, into insider threats, that's another key thing that these companies are thinking about. It really plays into this broader model.
And I think that all culminates as CISOs think about how do they reduce the number of vendors that they're dealing with. And we're constantly hearing about the opportunity to want to buy more from Proofpoint and consolidate spend around our broader platform. So, I think it's really -- it's been super encouraging as we closed out '19, and we spent a lot of time with CISOs today. And I think we see the opportunity to bring a broad people-centric platform to bear across these large customers.
Operator
And we'll go next to Gregg Moskowitz of Mizuho.
Gregg Moskowitz -- Mizuho Securities -- Analyst
Hi, guys. Can you hear me this time?
Gary Steele -- Chief Executive Officer and Chairman of the Board
We can.
Gregg Moskowitz -- Mizuho Securities -- Analyst
Terrific. Thank you for circling back. So, Gary, I was just wondering if you've begun to benefit from disruption associated with Broadcom, Symantec and email security and/or archiving. Or would you say it's still too early at this stage?
Gary Steele -- Chief Executive Officer and Chairman of the Board
Yeah. No, good question. Just as a reminder, the archiving solution that was Enterprise Vault under Symantec went to Veritas. So Broadcom doesn't own the archiving solution there. What we've seen is a fair amount of discussion and dialogue from those Broadcom email customers because no specific statement has been made about their commitment to email. And so, those customers are trying to figure out what they're going to do. One of the things we learned from our experience with McAfee is the customers typically move in there at the time when their subscription is up with their existing supplier. So we suspect that the opportunity for us comes, not in the next quarter, but frankly, over the next three years, with all those subscriptions that had been with Symantec kind of due for renewal. And we're obviously working very hard and aggressively to ensure that customers rethink what their platform is as those subscriptions comes to expiration.
Gregg Moskowitz -- Mizuho Securities -- Analyst
Perfect. Thank you.
Operator
And we'll go next to Taz Koujalgi of Guggenheim Partners.
Imtiaz Koujalgi -- Guggenheim Securities -- Analyst
Hey, guys. Thanks for taking my question. I had a clarification on your billings number, you had a strong billing speed this quarter, was there any contribution from ObserveIT on the billings number?
Gary Steele -- Chief Executive Officer and Chairman of the Board
Yeah. No, it's a good question. And I should have just added a blurb in the prepared remarks. It was a few million. As I talked about, there was a bit of perpetual license. There's a little bit of recurring that we invoiced in December with them. And then we had that right on to the balance sheet of their acquired deferred revenue, which was another piece. So, maybe I can answer the other question that's inferred, we would have beaten the high-end of our range with or without ObserveIT.
Imtiaz Koujalgi -- Guggenheim Securities -- Analyst
Thank you.
Operator
And we'll go next to Daniel Bartus of Bank of America.
Daniel Bartus -- Bank of America Merrill Lynch -- Analyst
Hey, guys. Thanks for taking the questions. I just had two on competition. Curious if the Office 365 customers that come back to you guys, if you have a sense of -- are they using both Microsoft and you in a lot of cases? Or are they turning off any Microsoft security and then switching to you? And then just curious if you're seeing Mimecast a little bit more as they might be moving upmarket to larger enterprises? Thanks.
Gary Steele -- Chief Executive Officer and Chairman of the Board
Yeah. With respect to Office 365, what we typically see is customers were probably spending money either on E5 or specifically on ATP. And if they go to Proofpoint, they typically don't run both. They typically just run us because they don't want to incur the cost twice.
And then with respect to Mime, we really haven't seen any changes competitively. I think as we talked about, I think aspirationally they'd like to move up. We just don't see them much in our customer base. We run into them from time-to-time, but it's not something that happens much.
Operator
And our last question comes from Catharine Trebnick of Dougherty.
Catharine Trebnick -- Dougherty & Company -- Analyst
Oh, thanks for taking my question. Are you there?
Gary Steele -- Chief Executive Officer and Chairman of the Board
Yes, we are.
Catharine Trebnick -- Dougherty & Company -- Analyst
Okay. I thought -- no I thought I hung up on you. Okay. Yeah. Mine has to do with your remarks on the Essentials package. You had said you had over 100,000 customers now on that. And who are you gaining share from in that market? Is it some of Mimecast customers, ZixE [Phonetic] customers, Barracuda? Just could you fill some more information on that? Thank you.
Gary Steele -- Chief Executive Officer and Chairman of the Board
I think it's a smattering of all those. So I think it's Office 365, it's a little bit of Mime, it's a little bit of Barracuda, it's a little bit of random, smaller players that were maybe legacy players that we don't need ever talk about. So, it's being sold today, as Paul referenced in his prepared remarks, being sold through MSSPs. And so, whoever those MSSPs have been on previously that they moved them over.
Operator
And I would now like to turn the call back to Gary Steele for closing remarks.
Gary Steele -- Chief Executive Officer and Chairman of the Board
Great. Thanks. I want to take a moment and thank everyone for joining us on the call today. We're very pleased with our Q4 results and excited about the continued progress with our people-centric approach to cybersecurity. We believe we're well positioned to drive attractive returns for our shareholders and we look forward to talking to you on our next call and to seeing many of you on the conference circuit this quarter. Thanks so much for joining us today.
Operator
[Operator Closing Remarks]
Duration: 74 minutes
Call participants:
Jason Starr -- Vice President, Investor Relations
Gary Steele -- Chief Executive Officer and Chairman of the Board
Paul Auvil -- Chief Financial Officer
Robbie Owens -- Piper Sandler & Co. -- Analyst
Walter Pritchard -- Citigroup -- Analyst
Sarah Hindlian -- Macquarie -- Analyst
Jonathan Ruykhaver -- Robert W. Baird & Co. -- Analyst
Alexander Henderson -- Needham & Company -- Analyst
Matthew Hedberg -- RBC Capital Markets -- Analyst
Andrew Nowinski -- D.A. Davidson & Co. -- Analyst
Philip Winslow -- Wells Fargo Securities -- Analyst
Gur Talpaz -- Stifel, Nicolaus & Company -- Analyst
Jonathan Ho -- William Blair & Company -- Analyst
Melissa Franchi -- Morgan Stanley -- Analyst
Nicholas Yako -- Cowen and Company -- Analyst
Steven Koenig -- Wedbush Securities Inc. -- Analyst
Gregg Moskowitz -- Mizuho Securities -- Analyst
Imtiaz Koujalgi -- Guggenheim Securities -- Analyst
Daniel Bartus -- Bank of America Merrill Lynch -- Analyst
Catharine Trebnick -- Dougherty & Company -- Analyst
