Logo of jester cap with thought bubble.

Image source: The Motley Fool.

FireEye Inc (NASDAQ:FEYE)
Q1 2020 Earnings Call
Apr 28, 2020, 5:00 p.m. ET

Contents:

  • Prepared Remarks
  • Questions and Answers
  • Call Participants

Prepared Remarks:

Operator

Good day everyone, and welcome to the FireEye First Quarter 2020 Earnings Results Conference Call. At this time, all participants are in a listen-only mode. Later, we will conduct a question-and-answer session and instructions will follow at that time. [Operator Instructions] Also this call is being recorded.

At this time, I would like to turn the call over to Kate Patterson. Please go ahead.

Kate Patterson -- Vice President, Investor Relations

Thank you, Shannon. Good afternoon, and thanks to everyone on the call for joining us today to discuss FireEye's financial results for the first quarter of 2020. This call is being broadcast live over the Internet and can be accessed on the Investor Relations section of FireEye's website at investors.fireeye.com.

With me on today's call are Kevin Mandia, FireEye's Chief Executive Officer; and Frank Verdecanna, Executive Vice President, Chief Financial Officer and Chief Accounting Officer of FireEye. After the market closed today, FireEye issued a press release announcing the results for the first quarter of 2020.

Before we begin, let me remind you that FireEye's management will make forward-looking statements during the course of this call, including statements relating to FireEye's guidance and expectations for certain financial results and metrics; the impact of the COVID-19 pandemic; FireEye's priorities, initiatives, plans and investments; drivers and expectations for growth and business transformation; the expansion of FireEye's platform; and the benefits, capabilities and availability of new and enhanced offerings; market opportunities; go-to-market strategies and FireEye's restructuring plan.

These forward-looking statements involve a number of risks and uncertainties, some of which are beyond our control, which could cause actual results to differ materially from those anticipated by these statements. These forward-looking statements apply as of today, and you should not rely on them as representing our views in the future, and we undertake no obligation to update these statements after the call.

For a detailed description of the risks and uncertainties, please refer to our SEC filings, as well as our earnings release posted an hour ago. Copies of these documents may be obtained from the SEC or by visiting the Investor Relations section of the website. Additionally, certain non-GAAP financial measures will be discussed on this call.

We have provided reconciliations on these non-GAAP financial measures for the most directly comparable GAAP financial measures in the Investor Relations section of the website, as well as in the earnings release. Finally, I'd also like to point out that we have posted the supplemental slides and financial statements on the Investor Relations section of the website.

With that, I'll turn the call over to Kevin.

Kevin Mandia -- Chief Executive Officer and Board Director

Thank you, Kate. I would like to thank all the investors, employees, customers and partners for joining us today on the call. I hope that all of you, your families and your loved ones are staying healthy during the unprecedented conditions we are all currently enduring. As we are confronted with new and emerging challenges from the coronavirus, it's FireEye's top priority to ensure the health and safety of all our employees while also effectively safeguarding our customers from cyber attacks. I am proud of how fast our customers adapted to the new normal. I'm also proud of our employees, who reacted swiftly to shelter-in-place and work-from-home orders, while maintaining performance in our mission of safeguarding our customers.

Now, I'd to turn to FireEye's first quarter accomplishments. I will begin by discussing some Q1 highlights and then I'll provide an update on our performance by category. I'll add commentary on how we are thinking about the impact of the current COVID pandemic on our business. I will then turn the call over to Frank to discuss the details of our first quarter financial results, the impact of the COVID-19 pandemic, and the resulting changes to our outlook for the year.

In the first quarter, we met our revenue guidance for the 13th straight time. We achieved the mid-point of our billings guidance range and we exceeded our guidance range for earnings per share. Let me share some of the highlights with you. Billings for the quarter was $170 million at the mid-point of our guidance range. Revenue for the quarter was $225 million, which represented a first quarter record for us and was above the mid-point of our guidance range and up 7% year-over-year.

Our revenue growth was led by year-over-year growth of more than 30% in our platform cloud subscription and managed services category, which includes our validation platform, our threat intelligence, Managed Defense offerings, as well as our cloud-based security products. Annual recurring revenue for this category also increased by more than 30% year-over-year. Revenue for the Mandiant Consulting services grew 25%, compared to Q1 of 2019. Now, this marks the eighth quarter in a row of record revenue for our professional services; the fifth quarter of year-over-year revenue growth exceeding 20%; and the second quarter in a row that revenue exceeded $50 million.

The combined revenue of our platform and cloud category and our professional services category eclipsed our more mature appliance-based business again in the first quarter and it accounted for 53% of our total revenue. This compares to 44% in Q1 of 2019 and less than 40% in Q1 of 2018. And we expect this trend will accelerate throughout 2020 as we are transforming FireEye to a security-as-a-service company with our emerging solutions growing over 30% and eclipsing our product category.

We exceeded our earnings per share guidance, reduced our first quarter non-GAAP operating losses by over 50% year-over-year. We added 258 new customers in the quarter, up from 237 new customers a year ago. The dollar amount of new customer billings increased more than 20% year-over-year. The total number of customers and the number of Global 2000 customers transacting in the quarter increased compared to a year ago. And our business is well diversified across all geographies.

I was pleased that our largest transaction in the first quarter was a new customer added from Japan. I believe our solid performance during the quarter was a direct result of the actions we have taken to transform and modernize our business over the last several years. I also believe our performance was aided by the speed and effectiveness and which we adapted to the working conditions brought upon by the COVID pandemic.

We were able to shift our operations around the world almost seamlessly to a work-from-home model on very short notice. This allowed us to remain focused on our mission and to address the change in threat activities we witnessed in the first quarter.

Now, I'd like to provide you an update on our Mandiant Consulting services. Customers around the world continue to call on Mandiant not only to respond to security breaches, but also to proactively assess their resilience against the latest attacks, modernize their security operations, and help them build in-house capabilities. Custom demand for these offerings has allowed our consulting business to consistently deliver record results.

While our consulting business is not completely immune to the impact of the global pandemic, I believe Mandiant services will continue to be an important growth driver for our business, both during the pandemic and afterwards. There are several reasons for this. First, the threat environment remains elevated. While most threat actors have continued to use the same tools and techniques, the attack service is expanding with work-from-home mandates.

We have seen targeted attacks by nation-state actors that appear to be seeking COVID-19-related data from both public and private sources. We have also seen the reemergence of some highly sophisticated state-sponsored attackers who appear to be targeting organizations associated with critical infrastructure, energy and the defense industries. In addition to nation-state attacks, we continue to see significant levels of ransomware activity and other disruptive attacks that we are currently responding to.

Second, the Mandiant Consulting organization has been able to quickly respond to the current work-from-home environment. We have adapted all of our services, including our education business to provide remote delivery. We adapted fast because our technology was designed for us to send expertise and offer remote assistance to our customers. For incident response services, we are leveraging our endpoint technology, which is deployed and managed remotely, allowing our experts to work on multiple engagements simultaneously from anywhere.

For our strategic services, we are making use of videoconferencing and other collaboration technologies to help us bridge the portion we would typically perform on-site. The third reason I believe Mandiant services will continue to grow is the relevance of our portfolio, which we are expanding even further. We are in the process of formalizing two new offerings to meet customer demand in the current environment. First, a remote security assessment, which is a lightweight fixed cost offering intended to address an organization's immediately -- their immediate concerns due to work-from-home mandates, and a ransomware technical assessment to help organizations determine how effective their security technology and processes are at containing a ransomware attack. We also introduced a new Managed Defense offering that covers shorter durations and allows customers and prospects to use our resources to surge or cover their security needs as they accommodate their remote workforce.

In addition to these new services, our security program assessments, red teaming and other strategic services allow customers to assess the effectiveness of their security programs. As the security landscape shift changed rapidly in the last few months, more and more organizations are looking to complete assessments given the strategic importance of cybersecurity. For these reasons, we are confident the demand for our consulting expertise and we're looking to add more Mandiant consultants to increase our capacity to meet that demand.

Now, I'd like to update you on our platform and cloud subscription and managed services category. Every product in this category posted year-over-year growth with cloud endpoint once again leading the category with triple-digit growth. In the latest MITRE ATT&CK test, our FireEye endpoint security have the greatest number of total cumulative detections of any of the evaluated solutions.

Additionally, the Naval Information Warfare Systems Command selected FireEye's endpoint security as the first place winner of the artificial intelligence applications to autonomous cybersecurity challenge. This recognition highlights how we have been able to transform our innovation into our cloud-based products. Our cloud-based network and email security, threat intelligence, and Managed Defense offerings all posted double-digit year-over-year growth in annual recurring revenue in Q1. We continued to enhance our validation platform with new insights and new threat intelligence releasing several updates during the quarter. And we expect continued growth in our platform, cloud and managed service category. There is a natural relationship between our Mandiant Consulting services and our platform offerings that drives long-term relationships with our customers and future adoption of our solutions.

Now, I'd like to discuss our plan for 2020. Last quarter, we talked about the steps we have taken to modernize our business and our priorities for this year. I'd like to give you an update on our progress in the first quarter, as well as recent actions we have taken to increase our investment in our growth areas. First, we intend to be the best in the world at incident response, red teaming, and threat intelligence. As I've shared earlier, we continue to add capacity to our Mandiant Services organization and to package our offerings in order to expand our reach.

Second, we intend to extend our dynamic threat detection and expertise to defend cloud-based infrastructure. In the first quarter, we acquired Cloudvisory, we launched our cloud security assessment service and continued to expand our cloud-based email, endpoint and network security solutions. With Detection On Demand, we now offer our detection capabilities through an API. This creates new partnership opportunities and allows customers to augment the detection capabilities of their existing security products with our best-in-class detection.

Third, we deliver our expertise on demand seamlessly through our technology. We want to make our experts available at the point when customers need them most. So, we continue to make progress on this front and our Expertise-on-Demand billings grew 66% year-over-year.

And finally, we intend to be the best in the world at security validation. What we want to do here is make the measuring of security effectiveness against the most current attacks simple, continuous, and common place. With our Mandiant experts and our managed offerings, we believe a managed validation-as-a-service would be a highly effective, differentiated way for organizations to measure their security effectiveness.

We are uniquely armed with the latest attacker methodologies and I believe we will be the company that closes the gap between the attackers' emerging techniques and the safeguards that are often too slow to adapt and stop or detect these attacks. We recently took several additional steps as a company that we believe will allow us to increase our momentum. First, to more clearly convey the relationship between our services and our security-as-a-service subscription offering offerings, earlier this month, we officially unified our validation, our threat intelligence, Managed Defense and Expertise-on-Demand offerings under the umbrella of Mandiant solutions. The Mandiant brand is widely recognized by customers as a gold standard in cybersecurity consulting and this unification is designed to help make the transition from our services to our SaaS offerings, a more seamless experience for our customers.

Second, in parallel with our increased investment in the growth areas of our business, we are revamping our business operations to be more efficient and make it easier to do business with us. In short, we are evolving the business operations built for an appliance business to business operations built for an as-a-service offering with more flexible pricing, modern licensing schemas and the ability to transact and provision software and services in minutes. I believe these efforts will be more important than ever in the aftermath of the COVID-19 pandemic.

And finally, we initiated a restructuring plan designed to enable us to increase investment in the growth areas of our business and position the company for improved operating performance. To be clear, planning was in motion long before the coronavirus outbreak. The restructuring includes a reduction of approximately 6% of the company's workforce, primarily in the mature appliance-based product areas. While there is never an ideal time for this type of action, I believe it was necessary for us to take the steps now to continue to transform our business to a comprehensive security-as-a-service company.

To conclude, I believe we are in the midst of a shift in the way organizations evaluate, buy and implement cybersecurity solutions. And the COVID-19 pandemic is likely to accelerate the shift. Organizations are increasingly focused on security outcomes rather than technology alone, and they are demanding proof-of-security effectiveness. This change is happening in parallel with the migration of workloads to the cloud. I believe the steps we're taking to leverage our differentiators, define and own the security validation market, and transact in an as-a-service way position us well for the shift change. Our strategic advantages, our expertise in threat intelligence remain unchanged. And while few companies will be untouched by the economic disruptions brought about by the COVID-19 pandemic, I believe we are well-positioned to continue to grow our emerging solutions and services.

Now, I'd like to turn the call over to our Chief Financial Officer, Frank Verdecanna.

Frank Verdecanna -- Executive Vice President, Chief Financial Officer and Chief Accounting Officer

Thanks, Kevin, and hello to everyone on the call. Before we move onto the details of our Q1 results and guidance for Q2 and 2020, let me remind you that I'll be referring to non-GAAP metrics, except for revenue and operating cash flow. Our non-GAAP measures exclude stock-based compensation, amortization of intangibles, non-cash interest expense on our convertible debt, restructuring charges, and other non-recurring items.

Turning to Q1 results, I echo Kevin's comments that I think we executed well against our plan, as we quickly pivoted to a work-from-home organization. We delivered billings and revenue within our guidance ranges and exceeded our EPS guidance range. We estimate that COVID-19 global pandemic reduced our Q1 billings by about $10 million to $15 million and revenue by less than $2 million.

The impact on billings combined with an increase in DSOs related to the COVID-19 pandemic, resulted in operating cash flow below what we had anticipated in our pre-pandemic guidance. As we take a closer look at the details, I will focus my comments on ARR and revenue as the key indicators of our financial performance. The ARR metric gives you insight into the expansion of our installed base of reoccurring subscriptions without regard to short-term changes in average contract length or in-quarter timing of large renewals, which as we've seen, can cause volatility in our quarterly growth rates for billings.

Revenue reflects growth in our deferred revenue and drives our profitability. For these reasons, we believe ARR and revenue are better indicators of our progress on our transformation journey, especially in the current environment. Looking at revenue and ARR by category and our operating results, platform, cloud subscriptions and managed services revenue increased 33% year-over-year and accounted for 30% of total revenue, compared with 25% of total revenue in Q1 of '19.

ARR was up 32% year-over-year and 1% sequentially as we continue to expand our customer base in this category. This category now accounts for 49% of ARR, up from 40% at the end of Q1 of '19. Mandiant services revenues grew 25% year-over-year to a record $51 million and accounted for 23% of total revenue, compared with 19% of total revenue in Q1 of '19. We continued to see strong demand for our expertise in both incident response and strategic consulting. As an FYI [Phonetic], we do not include any of our services or Expertise-on-Demand subscriptions in our ARR metrics, even though many customers purchase strategic consulting engagements year-after-year. Revenue for platform, cloud subscriptions, and managed services and Mandiant services categories accounted for 53% of total revenues, compared with 44% a year ago.

Our on-premise product and related business accounted for 47% of total revenue, compared with 56% a year ago as our mix continues to shift to higher-growth categories. Product and related revenue declined 11% from Q1 of '19, due to lower deferred revenue balances entering the quarter. Appliances accounted for the majority of the year-over-year decline. Remember, that appliances originally sold in 2015 were fully amortized by the end of Q4 2019, creating a more difficult year-over-year comparison than prior quarters.

Product and related ARR decreased about 2% sequentially, a similar seasonal decline as last year. Net retention rates in these categories remained above 95%. Our ARR and retention metrics demonstrate that the product and related portion of our business has stabilized following the end-of-life event that impacted results in early last year. It also suggests that while we expect on-premise appliance-based sales to continue to decline as customers shift to virtual and cloud form factors, we are managing well through the transition and we continue to retain our base of enterprise class customers.

Gross profit margin of 71% was consistent with our guidance. The decrease compared to Q1 of '19 was due to a higher mix of services in total revenue, as well as an increase in cloud hosting costs associated with higher cloud revenues. Note that although Mandiant Consulting services are at a lower gross margin, our services contribution margin is consistent with other areas of the business.

Total operating expenses were flat year-over-year and increased about $6 million sequentially. The sequential increase was primarily related to higher employee payroll taxes that are seasonally higher in Q1. Our pre-shelter-in-place guidance had anticipated operating expenses of around $168 million on an absolute dollar basis or about $7 million higher than our actual results. The difference was primarily due to lower travel and event expenses in the last month of the quarter.

With revenue and gross margin where we expected, and lower-than-anticipated operating expenses, operating margin was 3 percentage points better than our midpoint of our guidance range. Q1 2020 operating losses were 56% lower than Q1 of '19 at a $2.8 million loss. This translated into a net loss per share of $0.02, better than our guidance range of a loss of $0.03 to $0.05.

Turning to the balance sheet and cash flow, our balance sheet remains very healthy. We ended the quarter with cash and short-term investments of $980 million, which is more than enough to repay the $120 million in convertible debt that we expect to be required to repurchase on June 1 and to fund our operations for the foreseeable future even in the more conservative versions of likely scenarios in this current environment.

We ended the quarter with receivables of approximately $140 million, an increase of $29 million from a year ago. DSOs calculated on billings were 74 days. This is up from our usual 55 days to 60 days. We attribute the increase to the COVID-19 pandemic and expect DSOs to remain in the 70-day to 80-day range at least through the second and third quarters of the year.

As I mentioned, cybersecurity remains a high priority and we remain confident in our ability to collect payment, but we increased our bad debt reserves and reduced our near-term cash collection forecast as a precautionary measure. Total deferred revenue at year-end was approximately $920 million, an increase of $14 million from the end of the first quarter of 2019.

Platform, cloud subscriptions and managed services deferred revenue increased by about $36 million, and services deferred revenue increased by about $24 million. The increases in the platform, cloud subs and services categories was partially offset by $46 million decline in product and related deferred revenue as prior period appliance sales continued to roll off the balance sheet. Note that this dynamic has a disproportionate impact on current deferred revenue.

On a sequential basis, deferred revenue decreased by $55 million, reflecting normal seasonality in our quarterly billings. Operating cash flow for the quarter was negative $24 million, compared to our expectation of approximately breakeven. The difference was due to the increase in DSOs relative to our pre-pandemic expectations.

As Kevin mentioned, we have been taking steps to accelerate our transformation and set the stage for increasing growth and profitability in the future. This resulted in a restructuring charge of approximately $11 million in the first quarter and we expect to incur additional restructuring cost of between $10 million and $15 million in the second quarter. We expect these actions will reduce our operating expenses by at least $25 million in 2020, compared to 2019, primarily in the second half of the year along with additional year-over-year savings related to lower travel.

When I review our Q1 operational metrics, including the increase in new customers, growth in ARR and net retention rates, as well as our current pipeline of both new and renewable business, I am confident our business remains healthy and our transformation is on track.

Now, let's turn to our current outlook for Q2 and the remainder of the year. My comments on our outlook take into account what we know today, while we recognize there are many unknowns, including the timing of reopening economies both in the U.S. and abroad. While we are operating with the same uncertainties that every other cybersecurity company, cybersecurity remains a top priority for our base of government and enterprise class customers. I believe these are also the organizations best positioned to weather the storm. I believe the biggest unknown for us is the average contract length of billings. While customers may still commit to multiple years, given the current economic uncertainties, we are assuming that some will be less willing to pay for upfront for multiple years. In recognition of this uncertainty, we are not guiding billings for the second quarter and we are withdrawing our previous annual billings guidance for 2020.

Since billings drives our receivables balance and cash flow, we are also withdrawing our cash flow guidance for the year. However, since we typically recognize more than 90% of quarterly non-services revenue from deferred revenue on the balance sheet and for demand for our services remain high, we are providing revenue guidance for Q2. We're also providing revenue guidance for the year, although we have expanded the range compared to prior periods.

Expenses remain within our control, allowing us to provide visibility into operating margin and earnings per share for the quarter and the year based on current revenue assumptions. For Q2, we expect revenue in the range of $213 million to $217 million, gross margin of between 68% and 69%, and operating margin of between negative 1% and negative 2%, and EPS of a loss per share of $0.01 to $0.03.

For the full-year 2020, we expect revenue between $880 million and $900 million, gross margin between 69% and 70%, operating margin between positive 1% and positive 3%. This implies a decrease in operating expenses of $30 million to $35 million compared to 2019, which includes at least $25 million related to the restructuring actions, as well as additional savings for operating costs, such as lower T&E. As noted, this is based on what we know today and what we believe as of today.

There is a lot of uncertainty that has been created because of COVID-19 and we are doing our best to manage and provide you with the guidance while operating in this uncertain environment. That concludes my review of our guidance ranges and assumptions. I know there's a lot of detail here, so we have summarized the assumptions and math for you in the guidance section of our slides.

Operator, we'll now open the call for your questions.

Questions and Answers:

Operator

[Operator Instructions] Our first question comes from Michael Turits with Raymond James. Your line is open.

Eric Keith -- Raymond James -- Analyst

This is Eric Keith on for Michael. Kevin, just based on what you're seeing in the conversations, can you just elaborate more on maybe what customers are -- if the customers are actually de-prioritizing maybe certain IT initiatives compared [Phonetic] to others and how you might see that shift in coming quarters?

Kevin Mandia -- Chief Executive Officer and Board Director

Yes. So, the number one question I've gotten and realized my audience is usually Chief Information Security Officer or above. It was, how do you protect your remote workforce. I didn't feel any shift in spend, meaning let's lower it although in this environment obviously people are looking at discretionary cost and cutting them if they can, but I did not see security as discretionary, it's seen as important.

So question number one, how do you defend the remote employee. And what do you do to make sure and validate that in fact you're running a secure infrastructure?

Eric Keith -- Raymond James -- Analyst

Great. And then for you Frank, just can you provide some more color on contract lines in the quarter? It looks like it was above your expectations, so curious what's going on there.

Frank Verdecanna -- Executive Vice President, Chief Financial Officer and Chief Accounting Officer

Yes. So it was pretty much flat. It was slightly up year-over-year, but we did have a five-year $5 million deal in the quarter that if you pull that deal specifically out, contract length would have went down by half a month. So, surprisingly we didn't see much of an impact on contract length in the quarter, but again we only had three weeks of the pandemic in the quarter. So, we would expect a bigger impact on contract length going forward.

Eric Keith -- Raymond James -- Analyst

Great thanks.

Operator

Thank you. Our next question comes from Shaul Eyal with Oppenheimer. Your line is open.

Shaul Eyal -- Oppenheimer & Co. Inc. -- Analyst

Thank you. Hi, good afternoon gentlemen. I had a quick question Kevin, when looking at FireEye's portfolio, what do you see as more non-discretionary products, services, solutions and conversely what is more discretionary from the CECL perspective?

Kevin Mandia -- Chief Executive Officer and Board Director

Almost everything we do is relatively critical and I know that sounds like boiler plate answer, but it's not. When you look at our services, we're either responding to the house is on fire or we're showing up before that to make sure we can do an assessment of your security program to make sure you don't have a problem to worry about.

So, I feel like on the services side, the demand is there. When you look at our products, they were always designed to detect what other safeguards missed, kind of they closed the gap between legacy safeguards and what the attackers were doing. So, we're seen as a pretty instrumental layer with our products to people's security programs and that's why I think you see high renewal rates for us. And the biggest challenge we had is going from appliance to cloud, getting -- and going from perpetual license to subscription and getting into form factors that are getting more and more common.

We've done that work and now we have to leverage it. So, I think through the portfolio, probably the biggest delay we had on things that were in flight that got delayed were on training, education. We do 200 classes a year for security professionals and we had this sort out in a short period of time, how do we take that training and still connect with remote folks, but we're starting to see that spin back up now.

And I think as organizations recognize that we're all going to be working in a remote setting for an indeterminate length of time that we have to figure out how to allow things like training to happen in remote environments. But out of everything we did, the only thing that hit my desk with delays was the training.

Shaul Eyal -- Oppenheimer & Co. Inc. -- Analyst

Understood. Thank you so much for this color. And if I may, Frank or Kevin, month of April is coming to an end very shortly. Can you talk to us what you've been seeing so far and maybe just a word about ASPs, where do they stand right now? Thank you so much.

Kevin Mandia -- Chief Executive Officer and Board Director

Yes, so far Shaul in the month of April, we're actually a little bit ahead of linearity from typically where we are in month one of a quarter. So, I think, so far all signs have been very positive, which gives us a lot of confidence going into the remainder of the quarter.

Shaul Eyal -- Oppenheimer & Co. Inc. -- Analyst

Thank you.

Kate Patterson -- Vice President, Investor Relations

Next question.

Operator

Our next question comes from Fatima Boolani with UBS. Your line is open.

Fatima Boolani -- UBS Group AG -- Analyst

Thanks for taking the questions. Kevin, I'll start with you. Just with respect to Mandiant, appreciate the color you gave around the ability of the Mandiant professionals to remotely troubleshoot customer pain points and particularly those verticals that continue to be besieged by cyber attacks. So, I'm wondering if you can kind of talk us through how the on-boarding of additional capacity is going to play out over the course of the year and to what extent are you having to backlog engagements because the billable hours and billable rates are at capacity? And then I have a follow-up for Frank if I may.

Kevin Mandia -- Chief Executive Officer and Board Director

Yes, so we feel like we're operating full bore [Phonetic]. So, the on-boarding -- I think I'm answering your questions in reverse order. Now, let me answer them in the right order. When it comes to working remotely, we started designing our endpoint in 2005 to do exactly this; send expertise in seconds, and as you adopt our endpoint, if anything happens, we always want to be that unbiased third-party that can reach in and investigate and sort it out for you. So, we've always had the ability to do critical services from remote locations. And so that's not new.

So, when we had to go remote, in reality, we've already been doing it that way. We can't put people on Boeing 737s every time there is a breach and fly them in. You don't have the time to do that, you can't travel there. Software can travel there in 30 minutes or less, get installed and we're executing our expertise remotely. In regards to on-boarding, I know my way of doing it. They show up, we train them a little bit, but there's no better job than on-the-job training. So, the reality is, people that we hire, we've always gotten them busy fast. I mean that's just what you do in consulting. We do have training, we do have mentorship, but the on-boarding of consultants really means you get repetitions and you get repetitions as soon as you hit the ground.

Frank Verdecanna -- Executive Vice President, Chief Financial Officer and Chief Accounting Officer

Yes, and Fatima, just to add to that, we have been growing the global consulting org for the last couple of years. And so we've had plenty of folks that have come aboard in remote locations that have gone through our remote training program. So, that really wasn't that much of a challenge to get those folks up to speed.

Kevin Mandia -- Chief Executive Officer and Board Director

Yes. It's an incredibly journey...

Fatima Boolani -- UBS Group AG -- Analyst

Appreciate that and thank you [Indecipherable].

Frank Verdecanna -- Executive Vice President, Chief Financial Officer and Chief Accounting Officer

Go ahead.

Kevin Mandia -- Chief Executive Officer and Board Director

It's Frank's turn.

Fatima Boolani -- UBS Group AG -- Analyst

Okay. Frank since I have you, just digging into the outlook assumptions, both from a revenue and opex perspective. So, on the revenue front, are you expecting any changes from a renewal standpoint or rate of decline in appliances? And then on the cost front, given the restructuring, I'm wondering why the magnitude of change here is so much starker than the revenue being rebased lower. And that's it for me. Thank you so much.

Frank Verdecanna -- Executive Vice President, Chief Financial Officer and Chief Accounting Officer

Yes. From a revenue perspective, obviously we brought down the revenue number for the full-year and we've expanded the range. We've done that across all categories assuming that business would see an impact across various areas. Yes, to date, we haven't seen much of an impact. Obviously, we delivered on our Q1 numbers, but the Q2 guidance shows that we are expecting or we are at least taking conservative view on what could happen in the quarter and so we are accounting for less appliance sales, we are accounting for assuming that there are going to be some service offerings that folks will want on-site and may delay until we get to a point where we can deliver that on-site. So, we've taken that into consideration.

From an opex standpoint, most of restructuring actions have happened toward the tail end of the quarters and so there will be most of the positive impact to that will happen in the back half of the year, obviously depending on what travel is like for the remainder of the year. We may actually have additional savings there if we wind up and sheltered in place for a longer period of time.

Fatima Boolani -- UBS Group AG -- Analyst

Very helpful. Thank you.

Operator

Our next question comes from Sterling Auty with JPMorgan. Your line is open.

Unidentified Participant

Hi guys, this is Matt on for Sterling. Thanks for taking the question. I know you guys talked about this quarter kind of some of the segments that benefited or not benefited, but had some increased interest from the current situation. Going forwards, which parts of your business do you think are going to be negatively impacted from the current situation and which ones do you think are going to have more of a positive impact? Thanks.

Frank Verdecanna -- Executive Vice President, Chief Financial Officer and Chief Accounting Officer

Matt, obviously we're not that far into this process, so it's very difficult to see -- forecast exactly which products are going to do better. Our early signs is renewal rates seem to be doing little bit better, appliance sales probably little bit worse, and then from the service offerings, we've been able because we've had a lot of backlog and because we've got lot of demand there, we've been able to keep utilization and chargeability up high, but at some point, if things don't change, we would expect some impact there as well.

Unidentified Participant

Got you. Great. That's very helpful.

Frank Verdecanna -- Executive Vice President, Chief Financial Officer and Chief Accounting Officer

But obviously our cloud products probably are positioned better for kind of remote install, remote work environments or cloud endpoint, cloud email.

Unidentified Participant

Understood, thanks. And then one quick follow-up. In terms of the Mandiant services component, is there any type of -- I know you talked about the implementation, but is there any type of situation that you wouldn't be able to perform in the current environment?

Kevin Mandia -- Chief Executive Officer and Board Director

Yes. This is Kevin speaking. I mean there is always times where it's better to be in a room. Whenever there is an incident, right when we started doing the remote work, you often wondered for many companies, you start a war room, everybody crowds in the war room, you get to read verbal and non-verbal communication. So, you got to do business a little bit differently. But our folks are very used to remote collection of information, remote forensics, remote analysis, remote counseling, and discussion on remedial steps, but what you lose is that the customer sometimes want you in the war room. And by the way, the customer doesn't have that with their own people now. So, it's just a different environment. So, you lose a little bit of the connectedness when you hit some incidents that are in a sprint.

In regards to the security assessments, we are probably communicating at a 90% effectiveness rate, not 100%, just because we're all remote and doing things in a different way. Sometimes, it's easier to get on-site, meet the 20 folks to 50 folks that you need to meet and go through, here's all the things that would make your security program more effective. So, that's a long-winded way of saying that our communications are different today than what they used to be and that for some folks, they may have to change their communication style to be more effective.

Frank Verdecanna -- Executive Vice President, Chief Financial Officer and Chief Accounting Officer

And Matt, we have seen people leverage our internal offering and our Expertise-on-Demand a little bit more as well. So, I do think people are utilizing our internal expertise to augment their internal teams.

Unidentified Participant

Great. Thank you so much guys. That's very helpful.

Operator

Thank you. Our next question comes from Rob Owens with Piper Sandler. Your line is open.

Rob Owens -- Piper Sandler Companies -- Analyst

Yes, good afternoon guys. Building on Matt for Sterling's question earlier around Mandiant, curious just about billable hours. The billable rate, I guess, Kevin, how it changes on-prem to remote and you've got this large portfolio of new Mandiant services that you talked about. So, you should have a leverage then I guess. So, is there a near-term hit when you move kind of to remote work for these guys? But you hope to make that up from the -- just from the simple standpoint they might be able to participate more or offer more services to an end customer.

Kevin Mandia -- Chief Executive Officer and Board Director

Yes. So, couple of thoughts there. Let me just be simple [Phonetic]. So I've read some of the analysis from folks saying, oh services has been hit and it's been hit negatively. Our rates haven't changed one bit. Five years ago, when there was an incident, we did exactly what we're doing today then. We'd send software, we'd be on the phone, we'd start communicating with the customer and we'd start sending our expertise and responding from a remote location. So for us, this is almost business as usual. We were -- we are actually almost too busy to send people in travel hours. That's how busy we are. So, no change in the rates right now Rob.

We haven't even seen compression in them at all or even a debate about it. So, I feel comfortable there and then for us, I think the customer prospects behavior has changed because they have a workforce now that's remote and their security force is remote, but I think we're doing a lot of business as usual for us, right. So, I don't feel like it's changed too much.

Rob Owens -- Piper Sandler Companies -- Analyst

Great. And then second if I may, just something on the Verodin acquisition, the rebranding kind of how the acceptance has been by end customers. And is this proving to be a tip of the spear for FireEye solutions or is it more that different consulting validation of pre-existing infrastructure sale?

Kevin Mandia -- Chief Executive Officer and Board Director

Yes. So, it came down to working with Chris Key, the Founder of Verodin, where he believed and probably rightfully so, FireEye is a controls business. When you think about endpoint network, email and the cloud SIM, Mandiant was always seen a little more agnostic, controls agnostic. When you do validation as a business, you want to have -- you want to be the honest broker and the Mandiant brand was seen as more the honest broker in regards to that, a non-controls business brand. And if you look at what Verodin does, it measures security effectiveness.

We want to be the honest broker, not game it. When you run Verodin, you get unvarnished truth, whether you stop or detect attacks, and the Mandiant brand has kind of survived for whatever reason. It's still here, it's still with us and it's more agnostic to just what are the right damn answers right now to secure your network and so it's more fitting in a go-to-market for a validation story. So, Verodin is now Mandiant validation.

Rob Owens -- Piper Sandler Companies -- Analyst

Alright, thank you.

Operator

Thank you. Our next question comes from Erik Suppiger with JPMorgan -- JMP. Your line is open.

Erik Suppiger -- JMP Securities LLC -- Analyst

Yes. Thanks for taking the question. First off, can you talk a little bit about vertical markets? Are you pretty well insulated from some of the key markets that have been hit like hospitality or travel? And then, could you talk a little bit about whether your products feed into remote access infrastructure? Are you particularly securing remote access at all? Are these products largely salvaged [Phonetic] from the build-out of lot of remote access infrastructure this last quarter?

Kevin Mandia -- Chief Executive Officer and Board Director

Got it. So I got -- so that's two questions. Kevin speaking. In regards to the different verticals, believe it or not we did business in basically every single vertical last quarter to include some that are significantly impacted like the airlines industry. So, I think at that point, it's more about the payment terms, where you'll see the industries that are more impacted are probably going to try to negotiate different payment terms than those that are less impacted and Frank could probably speak to that.

In regards to remote access infrastructure, we have an assessment that our consultants do on remote access, where we test people's remote access. Does everybody really need to factor authentication? Is it actually in practice? So, we do that and then in regards to our solutions, we have a partnership with a company called iboss, which is a cloud SaaS network security. Really it's -- you download their endpoint and all of your traffic would be going through our detection capabilities. So that's a powerful partnership that to me is how you get really shields up on a remote workforce. It is a nice iboss plus FireEye detection kind of combination there, and then the third way is endpoint. Endpoints guard endpoints. So bottom line is, yes, on remote access and what CISOs are worried about. We've been doing those tests for years.

Erik Suppiger -- JMP Securities LLC -- Analyst

And then, let me ask one last one. Just on the shift to a remote workforce, how long do you think we have to benefit from the effort to secure that change? Are we still very early in terms of where CISOs are from the way they are looking at this shift to building out their remote workforce?

Kevin Mandia -- Chief Executive Officer and Board Director

I think it will come in waves and I think the 1A enterprises and CISOs I know they are already well into it or already -- you're not ever done, that's a funny thing about security. People think oh we did three things, wash your hands, done. You have to do a lot of rinse repeat and test, but I think that it's happening fast. It needs to happen fast and it will be the new normal by the end of the year.

There are folks that are, for whatever reason nobody knows what's going to happen after the pandemic might flatten the curve as they say and I'm no expert, but behaviors are going to change for a long time right now, and the question is, does that mean one-third of the workforce stays remote, two-thirds, three-quarters, nobody knows, but the change happens so abruptly and cybersecurity is so important. I think the vast majority of this is going to happen this year.

Erik Suppiger -- JMP Securities LLC -- Analyst

Very good. Thank you.

Operator

Thank you. Our next question comes from Gur Talpaz with Stifel. Your line is open.

Chris Speros -- Stifel Financial Corp. -- Analyst

Hi, this is actually Chris Speros on for Gur. For Kevin, given FireEye's unique viewpoint into the threat landscape, how has the threat environment evolved since COVID? Are you seeing any sort of uptick in nation-state sponsored activities?

Kevin Mandia -- Chief Executive Officer and Board Director

All I can tell you, and I kind of mentioned it, we're seeing a lot of incidents right now. We're exceptionally busy and I would tell you, calls are coming in daily to help companies deal with it, but I don't know if I can tie it to COVID or just tie it to things such as -- I'll give you one example that's created a problem. When I was responding to breaches and someone hacked in and extorted you, the person that hacked you and extorted you is the exact same person. And they were probably great at hacking you, but not very good at extorting you. So, you'd pay $5,000, problem solved.

Somewhere in 2018, 2019, we started seeing a separation of duty where you have folks that break-in because that's what they're good at, and then they're handing their access and break-in to practice folks that are criminals that can extort. So, we're just seeing more ransomware cases. Those things are very disruptive to business and you combine the separation of duty between hacking and extorting with anonymous digital currency and you've got a hell of a perfect storm to monetize breaches, far easier than the olden days of stealing credit card data and fraudulently buying things.

So, we're just seeing an uptick because you can make more money breaking in now than ever before. The nation-state stuff is here to stay. Clandestine operations, espionage, it's done online now. So, that's just going to always have a steady escalating home, but the amount of money folks are making now, I just feel like the financial crimes are escalating as well.

Chris Speros -- Stifel Financial Corp. -- Analyst

That makes a ton of sense. And one more for Kevin if I may. How should we think about the current appetite for security validation and how has it been impacted by COVID-driven disruption across the enterprise?

Kevin Mandia -- Chief Executive Officer and Board Director

Yes. My read on the first quarter is in 90 days, I can't tell. I feel like we're still tracking for the year, but it's early on, but there is two different audiences for validation. There is the technologist and then there is the CISO and above. And my angle on it is, it matters more to the CEO and CISO. Can the attacks I'm reading about work on my network? Do we have an infrastructure of technology and processes and people that are ready to withstand the attacks that are most relevant to our organization?

So, you're going to see us do tweaks. I think we're going to pivot our go-to-market more toward the senior staff, not the junior staff and I think in the past, people saw Verodin as a technical buy. Now that Verodin is part of FireEye and they are working side-by-side with Mandiant expertise, I believe we need to bring it to market in a managed way, similar to Rapid7, similar to Qualys. I don't want to run a damn vulnerability scanner every day, but I would like to get the output from somebody else from time-to-time and I think that Verodin gives us a great platform for that. So, stay tuned, we're pivoting that. It's a technology you can buy. 1A enterprises will and they will run it themselves. It will put their own Intel in it, no share indicators and they'll do their sort of things.

In addition to that though, we want to be able to run validation and I think the true value in the validation is two-fold. It's not just binary. Yes, these attacks work or no, they don't. I think the more important aspect of it is tracking the remedial steps that organizations will take and that to me will require our expertise working with the customers' expertise. So, I see it as a -- I'm excited about what I'm calling validation-as-a-service. We have created packages to do that, and then I think I'd rather have -- if you buy the technology, that's great, and you can have people running it at your company. You get people inputting stuff. What's also great is the folks that are responding to over 700 incidents a year are inputting a bunch of data into that system as well. So, bottom line, that's a long-winded way of saying, I feel we're on track, I'm excited about the validation space. I think we're going to define it and we're going to grow it.

Chris Speros -- Stifel Financial Corp. -- Analyst

Great. Thanks guys.

Operator

Thank you. Our next question comes from Melissa Franchi with Morgan Stanley. Your line is open.

Unidentified Participant

Hi guys, this is Hamza [Phonetic] in for Melissa. Thank you for taking my question. Just a couple of quick ones from me. So I know it's early days, but as you look at sort of the past five to six weeks or so, what are you seeing in terms of buying behavior as it relates to existing customer expansion and new customer adds? And as you look out to the rest of the year in your guidance, what is the assumption around net retention?

Kevin Mandia -- Chief Executive Officer and Board Director

Yes. I'll address this first and then Frank will probably say exactly what I say because almost every day or two, I'm like Frank what are we seeing, what are the patterns, and right now it's almost like there's not a pattern, other than we'll sell less on-prem gear, and we feel that there might be a rise in renewal rates, meaning people that have already spent for something are more inclined to renew it and that may mean that there is less inclination in buying patterns to buy something new.

So, that being said, we added more customers this year than last year and we had more of an uptick on net new logos and their spend this year than last year. So, I ask Frank every day what are we seeing and we're not seeing a pattern other than that what I just said. Renewals seem to be going up in rate and on-prem gears probably going to go down.

Frank Verdecanna -- Executive Vice President, Chief Financial Officer and Chief Accounting Officer

Yes and I think as we get through the second quarter, obviously, we'll have a lot better visibility into that by product and -- but as we look throughout the remainder of the year, we've taken a very conservative approach to assuming that renewal rates are much more closer to historic norms rather than go up. We've also assumed that appliance sales would go down more than we expected because of COVID-19 and that we would also see more challenges on some of the newer products and some of the services. Hopefully, none of that stuff will come to fruition and we'll be in a much better spot, but given the uncertainty, we weren't going to take chances on our guidance on any of those items.

Unidentified Participant

That's really helpful. And just one more quick one. Are you seeing any supply chain constraints around the appliance business at all?

Kevin Mandia -- Chief Executive Officer and Board Director

We're not -- we did -- if you looked at our balance sheet, we did increase our inventory a little bit over the -- year-over-year and that was really just to make sure that if there was any challenges going forward that we'd have a little bit more supply, but so far, our contract manufacturer is operating at full capacity and the component parts are -- we have multiple suppliers there and so we haven't really seen any challenges there.

Unidentified Participant

Thank you very much.

Operator

Thank you. Our next question comes from Keith Bachman with Bank of Montreal. Your line is open.

Keith Bachman -- Bank of Montreal -- Analyst

Hi, thank you. My question relates to the previous one and I was wondering if you could just talk about your views on product revenues, and what I mean by that, the context is at the Analyst Day, you had laid out a scenario whereby product revenues will be expected to flatten out over time. Obviously, the COVID virus has disrupted that, but is there any context you could give, A, about what you think product revs [Phonetic] impact maybe this year? And then, B, more importantly, as we come out of COVID, is it you're -- still your expectation that product revenues flatten out or you think investors should assume some ongoing declines with product revenues? And that's it from me. Thank you.

Frank Verdecanna -- Executive Vice President, Chief Financial Officer and Chief Accounting Officer

Yes. I think what we had talked about previously at Analyst Day was the fact that the year-over-year decline in the amortization of product revenue was going to -- that rate of decline was going to flatten out as we got into late 2020. And we still expect that. It's going to be more focused on adding new appliance sales to the waterfall schedule. Our expectation right now will be there will be probably less appliance sales than we originally expected. So, we'll see a little bit of the bigger impact on the product revenues due to COVID, but longer term, we've talked about, we expect more and more business to move to virtual and cloud and so the pure appliance product revenue will continue to decline over time. Over time, we just think the rate of decline will flatten out a little bit.

Keith Bachman -- Bank of Montreal -- Analyst

Okay, great. That's it for me. Thank you.

Operator

Thank you. Our next question comes from Gregg Moskowitz with Mizuho. Your line is open.

Gregg Moskowitz -- Mizuho Securities -- Analyst

Okay, thank you very much. Good afternoon guys. Just a couple from me. Kevin you alluded to more flexible pricing. And if I think back, you had already introduced subscription-based pricing across network endpoint and email quite some time ago. Other than introducing shorter duration options like you have for Managed Defense, I was just wondering if there was something else here that is actually new.

Kevin Mandia -- Chief Executive Officer and Board Director

Yes. I think over time, and this is something I've done with our product marketing folks, you look out three to five years, it would be really nice to download software, run it when you need it, pay for as much as you need at that time, the consumption-based pricing. We're not there yet. We don't need to do it now.

Frank is probably cringing, as I talk to you about this. But I've always defined six qualities to security-as-a-service, and one of them is always just consumption-based pricing, elastic pricing. You see AWS doing it, you see cloud-based companies sort of doing it, and I just want to be ready for that. I want to have a back office where folks may need to do shields up. Years ago, there was a specific event and you can think of a major sporting event or you can think of a major entertainment event, where people just want to do shields up, and I'd love to be able to tell the CEO, hey, have your tech guy grab this, upload it, and we will charge for you as you go.

Per user pricing is something we have now, but I want consumption-based true SaaS, and one day, we will have it. And we will have the at least the means to do it should we choose to do it. And that's what I mean by that. Right now, we built a back office that has a skew for everything. It's an appliance shipping back office and that's how we transact and I think we can do better than that.

We can transact in a way that is more flexible for our customers, where we can provision faster. We can have a licensing scheme that's not an appliance-based licensing scheme, and we can get people up and running in minutes from when they purchase from us. So, that's what I mean by that, and I won't bore you with the slides that I routinely show internal to FireEye, and I'll be showing them again tomorrow at our all hands. And here's the six criteria to be genuine SaaS. We got a lot of it, but we got a few more steps to do.

Gregg Moskowitz -- Mizuho Securities -- Analyst

Okay, that's really helpful and makes a lot of sense. And then just as a follow-up, so Frank you talked about a $10 million to $15 million negative billings impact in Q1 from COVID-19. Kevin I think you said the only delays that hit your desk were training related and so I wanted to clarify that you're not saying the $10 million to $15 million impact is mostly or entirely tied to lower training, because it just would seem to be really high. I would have thought there probably would have been a component or two on the product side. Again just a clarification.

Kevin Mandia -- Chief Executive Officer and Board Director

Yes. To be clear, I was talking about delays for deals that are already closed, where in relation to services, all closed deals, most of it moved forward, but on training, I knew that there were delays where we had to cancel classes, move them out because we weren't sure how we'd perform it. So...

Frank Verdecanna -- Executive Vice President, Chief Financial Officer and Chief Accounting Officer

Yes. Gregg, that was really more of an impact on revenue, but because of the amount of backlog we had and the demand, we didn't see much of an impact on revenue. On the $10 million to $15 million impact on billings, I think those were just deals that we would have normally got through the normal gauntlet, but because customers purchasing departments was all of a sudden in a remote spot, we definitely saw some delays. We saw some countries that we actually could not even ship to because of COVID and so there were some deals that just kind of just pushed out a couple of weeks that came into April already, but did have impact on things that we would have seen in the last week of March.

Gregg Moskowitz -- Mizuho Securities -- Analyst

And Frank, is it your view that all of these as far as you can tell are delays or deferrals as opposed to anything that will be a cancellation?

Frank Verdecanna -- Executive Vice President, Chief Financial Officer and Chief Accounting Officer

Yes. None of those were loss deals. They were -- strictly they just didn't get through the customers' procurement cycle in time for us to shift and deliver by 03/31.

Gregg Moskowitz -- Mizuho Securities -- Analyst

Okay, perfect. Thank you.

Kate Patterson -- Vice President, Investor Relations

We have time for one more question please.

Operator

Our last question is from Saket Kalia with Barclays. Your line is open.

Saket Kalia -- Barclays plc -- Analyst

Hey, guys. Thanks for taking my question here. I'll keep it to one. Maybe for you Kevin, it's really a high level one, but I guess as you spend time with your sales leaders, what are you hearing about the growth and sort of quality of the pipeline?

Kevin Mandia -- Chief Executive Officer and Board Director

Well, the reason I'm pausing on that is, most of the time when I look at pipeline, I'm not looking at all of it, I'm looking at very specific things and how it's doing because I'm trying to shift this more to cloud, shift this more to the services that are relevant and that pipeline is growing. I inspected the validation pipeline yesterday and I like what I see. So, yes I can't speak of the pipe in its entirety, but in regards to validation and emerging products, I feel very good about it.

Frank Verdecanna -- Executive Vice President, Chief Financial Officer and Chief Accounting Officer

Yes. Overall pipe socket year-over-year is very strong. I think as Kevin mentioned, it's more of a difference in mix. Like I said, the appliance component obviously is lower year-over-year but the cloud stuff and the validation is up.

Saket Kalia -- Barclays plc -- Analyst

Makes sense. Thanks guys.

Frank Verdecanna -- Executive Vice President, Chief Financial Officer and Chief Accounting Officer

Thank you, Saket.

Operator

Thank you. I'd now turn the call back over to Kevin Mandia for closing remarks.

Kevin Mandia -- Chief Executive Officer and Board Director

I want to thank everybody for joining us today. Thank you for your interest in FireEye. I look forward to speaking to all of you in 90 days. Until then, stay safe and healthy. Thank you very much.

Operator

[Operator Closing Remarks]

Duration: 63 minutes

Call participants:

Kate Patterson -- Vice President, Investor Relations

Kevin Mandia -- Chief Executive Officer and Board Director

Frank Verdecanna -- Executive Vice President, Chief Financial Officer and Chief Accounting Officer

Eric Keith -- Raymond James -- Analyst

Shaul Eyal -- Oppenheimer & Co. Inc. -- Analyst

Fatima Boolani -- UBS Group AG -- Analyst

Unidentified Participant

Rob Owens -- Piper Sandler Companies -- Analyst

Erik Suppiger -- JMP Securities LLC -- Analyst

Chris Speros -- Stifel Financial Corp. -- Analyst

Keith Bachman -- Bank of Montreal -- Analyst

Gregg Moskowitz -- Mizuho Securities -- Analyst

Saket Kalia -- Barclays plc -- Analyst

More FEYE analysis

All earnings call transcripts

AlphaStreet Logo