Logo of jester cap with thought bubble.

Image source: The Motley Fool.

FireEye (NASDAQ:FEYE)
Q2 2020 Earnings Call
Jul 28, 2020, 5:00 p.m. ET

Contents:

  • Prepared Remarks
  • Questions and Answers
  • Call Participants

Prepared Remarks:


Operator

Good day, everyone, and welcome to the FireEye second-quarter 2020 earnings results conference call. [Operator instructions] Also, this call is being recorded. At this time, I would like to turn the call over to Kate Patterson. Please go ahead.

Kate Patterson -- Vice President, Investor Relations

Thank you, Joelle. Good afternoon, and thanks to everyone on the call for joining us today to discuss FireEye's financial results for the second quarter of 2020. This call is being broadcast live over the Internet and can be accessed on the Investor Relations section of FireEye's website at investors.fireeye.com. With me on today's call are Kevin Mandia, FireEye's chief executive officer; Frank Verdecanna, executive vice president, chief financial officer, and chief accounting officer of FireEye; and Brad Maiorino, FireEye's executive vice president and chief strategy officer.

After the market close today, FireEye issued a press release announcing the results for the second quarter of 2020. Before we begin, let me remind you that FireEye's management will make forward-looking statements during the course of this call, including statements relating to FireEye's guidance and expectations for certain financial results and metrics; the impact of the COVID-19 pandemic; FireEye's priorities, initiatives, plans and investments; drivers and expectations for growth and business transformation; the expansion of FireEye's products, subscriptions and services; and the benefits, capabilities and availability of new and enhanced offerings, market opportunities and go-to-market strategies. These forward-looking statements involve a number of risks and uncertainties, some of which are beyond our control, which could cause actual results to differ materially from those anticipated by these statements. These forward-looking statements apply as of today, and you should not rely on them as representing our views in the future, and we undertake no obligation to update these statements after the call.

For a detailed description of the risks and uncertainties, please refer to our SEC filings, as well as our earnings release posted an hour ago. Copies of these documents may be obtained from the SEC or by visiting the Investor Relations section of our website. Additionally, certain non-GAAP financial measures will be discussed on this call. We have provided reconciliations on these non-GAAP financial measures for the most directly comparable GAAP financial measures in the Investor Relations section of the website, as well as in the earnings release.

Finally, I'd like to point out that we have posted the supplemental slides and financial statements on the Investor Relations section of the website. With that, I'll turn the call over to Kevin.

Kevin Mandia -- Chief Executive Officer

Thank you, Kate. I'd like to thank all of you for joining us today, all the investors, the employees, the customers and the partners that have such a strong interest in FireEye. I hope all of you, your families and your loved ones are staying healthy during these unprecedented times. I am proud of how FireEye has responded to the current challenges the world is facing.

We made the pivot to work from home in March. And as working from home continued over the months, we maintained productivity, and we delivered the results we set out to accomplish in the second quarter. I'm going to begin today's call by discussing some Q2 highlights. I'll provide an update on our innovation in both Mandiant Solutions and FireEye products.

I will then turn the call over to Brad Maiorino, our new executive vice president and chief strategy officer, and then we will conclude our prepared remarks with a discussion of our financial results from Frank. We did what we said we'd do in the second quarter. We exceeded our guidance range on both the top-line metrics, as well as the bottom line. In fact, revenues in the second quarter were the highest second-quarter revenues in our history, and our non-GAAP operating income was the highest we have ever had as a company.

So let me share some additional highlights. Q2 revenue was $230 million, $15 million above the midpoint of our guidance range. Our revenue growth was led by year-over-year increase of 30% in our platform, cloud subscription and managed services categories, which includes our validation, threat intelligence and managed defense offerings, as well as our cloud-based security products, such as EPP and cloud Endpoint. Annual recurring revenue for this category increased 27% year over year.

I'm very proud about the performance of the Mandiant Consulting services. Revenue for the service grew 21% compared to the second quarter of 2019. This marks the ninth quarter in a row of record revenue for our professional services, the sixth quarter of year-over-year revenue growth greater than 20% and the third quarter in a row that our services revenue exceeded $50 million. Our threat intelligence annual recurring revenue grew 27% year over year, reflecting just how differentiated our frontline knowledge and global threat intelligence really is.

The composite of our revenue continued its shift from our appliance-based heritage and our control products to our cloud-based products and Mandiant solutions. Combined revenue of our platform cloud category and our professional services category eclipsed our more mature appliance-based business again in the second quarter and accounted for 55% of our total revenue. This compares to 46% of our total revenue a year ago and 40% in the second quarter of 2018, so we have the evolution in the right direction. And another major milestone, our annual recurring revenue for platform, cloud and managed services surpassed the product and related category for the first time ever.

We achieved these results while significantly reducing our cost structure, generating a non-GAAP operating margin of 10% and a record non-GAAP operating income, net income and earnings per share. We also added more than 200 new logo customers in the quarter and closed 39 transactions greater than $1 million. While both these metrics are down from slightly -- down slightly from a year ago, this performance is in line with expectations given the current environment. We first mentioned a year ago that we were seeing two related but different areas of focus emerge within FireEye, which we refer to as platform and solutions business and a products business.

Since then, we have optimized our investments, reorganized our development teams and placed new leadership in each of these two areas. We also created two separate brands, FireEye products and Mandiant Solutions, to better reflect our internal structure. Doing so allows us to simplify our go-to-market strategies and to leverage the equity of each brand, FireEye products as control technologies to best protect our customers and Mandiant Solutions as a product agnostic offering to enable and empower all security technologies to be as effective as possible. Our innovation cycle fuels and enables both the FireEye products and Mandiant Solutions businesses.

Each relies on and constantly improves from our frontline experiences in incident response, performing red team engagements and our global threat intelligence network. So now I'll provide you an update on both these areas. I'd like to begin our update with Mandiant Solutions, which consists of Mandiant Consulting, our threat intelligence, our managed defense and our security validation capabilities, and we'll start with consulting. As I said earlier, our services business had its ninth straight quarter of record revenues, an increase of more than 20% over the second quarter of 2019.

We will continue to invest in consulting for at least three reasons. First, I believe our Mandiant Consulting services will continue to deliver above-market rate growth. This growth is driven by two predominant factors, a threat environment that remains elevated and our reputation as the recognized industry leader in incident response in cybersecurity consulting. The second reason we continue to invest in Mandiant Consulting is that our services drive strong, long-lasting customer relationships that lead to follow-on business.

As an example, our incident response is often the tip of the spear for new logo customers, and more than 90% of our service customers purchase additional products or services within 12 months following our initial engagement. And third, our services deliver one of the highest contribution margins in the company. Therefore, we are creating new services and adding the capacity to deliver these services in order to continue the momentum of the Mandiant Consulting practice. Now I'd like to update you on the Mandiant intelligence and Mandiant Validation.

Customers and security operators routinely want to know everything we know about cyber threats, and they want to answer two questions. Are they currently compromised by these threats? Or could they be compromised by these threats? Therefore, under the leadership of Chris Key and Sander Joyce, we have modernized the delivery of our threat intelligence and coupled it with our validation capability to address this need. We call it combining both our threat intelligence and our security validation the Mandiant Advantage, and we plan to make it available to our customers during this quarter. With the Mandiant Advantage, along with our proprietary threat intelligence, we will also be including related open-source information so that customers will be able to know what we know in real time and apply that knowledge to their own security alerts coming from any source.

In short, the Mandiant Advantage is like adding our threat intelligence team to our customer security operations with results at network speed. In addition, our customers will be able to seamlessly pivot from our threat intelligence to security validation. This will enable our customers to simply and safely execute real cyber attacks and hone their defenses based on the results of these attacks. We believe the simplicity, elegance and ease of the Mandiant Advantage is a major step in our transformation and that it will be instrumental in embedding our threat intelligence and validation capabilities into all security operations, whether they leverage FireEye control products or not.

We are also expanding our Mandiant Managed Defense offering. Starting later this year, we plan to offer our managed defense capability with third-party endpoint technology for the first time. By offering managed defense without being exclusive to FireEye products, we expect to expand our addressable market and enable new technical partnerships and alliances. And now I'd like to provide you an update on our products business under the leadership of Bill Robbins.

FireEye products leverage our frontline threat intelligence to provide the most up-to-date defense against cyber attacks. Protecting our customers from threats on the network and email on the endpoint, and then the cloud remains a core part of our mission. Over the last three years, we have modernized our products business with new form factors, simplified our go to market, and we have a greater focus on customer success. We also continue to enhance the products with new features to support our customers.

Our endpoint annual recurring revenue increased more than 30% year over year with cloud endpoint ARR up more than 100% for the second consecutive quarter. The investments we have made have driven above-market growth, as well as industry recognition. For example, for endpoint we achieved the highest cumulative detections across all categories, among the 21 evaluated vendors in the 2019 MITRE ATT&CK assessment. And most recently, we won recognition as the best endpoint security in the 2020 SE Europe awards.

Our launch of Endpoint Security 5.0 in the second quarter was one of our best releases ever. A key to this release was our innovation architecture. Which represents the shift to a more modular design that results in faster innovation in new detection, new protection and enterprise-readiness features. We believe next-generation cloud endpoint, including managed EDR, continues to represent a growth opportunity for us, and we are increasing our investment in our endpoint solution.

We continue to innovate in network security, raising the bar and detection leadership while enabling customers to expand their deployments into public and private clouds. Our network security 9.0 release during the quarter included more than 40 customer-requested features, including support for Microsoft's Azure and bring-your-own-license options for both AWS and Azure. In May, we added new capabilities to Helix that further enhance the safety and security of remote workers. These and other product innovations are helping us deliver control technologies that better protect our customers with offerings available on-premise and in the cloud that leverage our industry-leading threat intelligence obtained on the front lines.

In conclusion, we continue to accelerate FireEye's transformation. Our chief operating officer, Peter Bailey, is helping lead this transformation by focusing us on higher profitability and increased growth of our cloud category and ARR as our emerging key metric. We are also transforming our back office from our appliance-based heritage to a modern quote-to-cash process. We recently appointed Dave Baumgartner as our CIO to facilitate the changes required, and we are laser-focused on changing our processes to better support our subscription businesses and delivering our solutions in a more modern and simple way.

I want to thank all FireEye employees for all the progress we have made toward our transformation and for their continued efforts and focus through these most unusual times. And now I'm about to turn the call over to Brad Maiorino, our new EVP. I've known Brad for over a decade. And during that time, I got to watch him transform the security operations of Target, Thomson Reuters, General Motors and General Electric.

He uses specific methods to create and measure security programs, and we have the means to improve upon and institutionalize these practices. So I'm going to turn the call over to Brad, who's going to share his perspective on the industry and the reasons why he joined FireEye today. Over to you, Brad.

Brad Maiorino -- Executive Vice President and Chief Strategy Officer

Thanks, Kevin, and hello to everyone on the call. As Kevin said, I was the CISO for 15 years, leading the transformation of IT risk and security programs at some of the largest companies in the world. And the playbook I used to do this always included one company every single time, and that company was FireEye. So why has FireEye always been a key partner in my transformation playbook? It all starts with the foundation of what makes this company so special.

Simply said, I believe then and I believe even more strongly now that we have the world's best cyber expertise and threat intelligence and that we know more about the bad guys than anyone in the industry. Our intel is derived from an organization that's been operating for over 15 years and the knowledge gained from responding to over 800 incidents a year. And that work is supported by 180 analysts operating in 22 countries and monitoring in over 30 languages. This intel is then applied upstream into all FireEye products and solutions, from our endpoint cloud solutions, how we respond to incidents, how we hunt for bad guys in your network, help build and manage your stock and test the effectiveness of your security program through red teaming and automated validation.

There's simply nothing else like FireEye's comprehensive set of cyber expertise, threat intelligence and products, and that is why I joined FireEye. So looking ahead, given the unprecedented rise in the frequency and sophistication of attacks, one of the areas I'm most excited about is the security validation business. If there is one thing all companies need to be doing right now is to validate the effectiveness of their security programs. And that's exactly what Mandiant Validation is all about.

We have taken the power of Verodin, which we acquired last year, and combined it with our global and breach intelligence to create a platform that helps companies answer two very simple questions. If I were attacked today, would they detect it? And, how effectively could they respond to it? When someone reads a headline about a company being shut down due to a ransomware attack, the first thing they ask themselves is that, could that happen to them? How ready are they for that? Companies want to know how effective their security program is, not hope it is effective. Hoping is never a good strategy. And then also, given where we are in the COVID world, we're all looking at ways to take costs out of our respective organizations.

Mandiant Validation not only tells you what's working or what's not working, it can also tell you what return you're getting on your security investments, giving you the data you need to make decisions about where you can effectively manage costs of ineffective security controls out of your organization. And we're finding that more and more companies want this insight given the cost constraints faced by all companies in this COVID world. And there are a number of companies that do this, but none of them have the combined power of the Verodin platform, backed by Mandiant Intelligence. So this is why I'm here and excited to be part of this world-class team and help our customers combat this ever-evolving threat landscape.

So thank you, and I'll turn the call over to Frank.

Frank Verdecanna -- Executive Vice President, Chief Financial Officer, and Chief Accounting Officer

Thanks, Brad, and hello to everyone on the call. Before we move on to the details of our Q2 results and the guidance for Q3 and the remainder of 2020, let me remind you that I'll be referring to non-GAAP metrics, except for revenue and operating cash flow. Our non-GAAP measures exclude stock-based compensation, amortization of intangibles, noncash interest expense on our convertible debt, restructuring charges and other nonrecurring items. As a high-level summary, Q2 was a really strong performance for us across all key metrics.

I echo Kevin's comments that we executed extremely well in this uncertain environment. We delivered revenue $15 million above the midpoint of our guidance range and reduced our operating costs by $17 million compared to Q2 of '19. As a result, we delivered our highest-ever non-GAAP operating profit of $22 million. We also delivered positive operating cash flow of nearly $15 million and free cash flow of $9 million.

Now let's turn to the details. We remain focused on annualized recurring revenue and revenue as the most important indicators of our financial performance. ARR provides insight into the expansion of our installed base of reoccurring subscription without regard to short-term changes in average contract length or timing of large renewals, which, as we've seen, can cause volatility in the quarterly growth rates for billings. Revenue reflects growth in our deferred revenue balances and drives our profitability.

For these reasons, we believe ARR and revenue are better indicators of the progress on our transformation journey, especially in the current environment. Some color on our Q2 billings performance illustrates this point. We delivered $203 million in billings during the quarter, down 8% from Q2 of '19. The year-over-year decline was a result of three factors.

First, in Q2 of '19, we booked a large multiyear government appliance refresh and renewal deal that was entirely on-premise email security. While this deal did not reach the $10 million threshold that we typically disclose, it was at the very upper end of a $5 million to $10 million range. We did not book any transactions approaching this size in Q2 of '20. Interestingly, when I look at the details of large deals in Q2 of '20 compared to Q2 of '19, the most significant difference was in deals greater than $3 million.

We booked five deals greater than $3 million in Q2 of '20 compared to $9 million in Q2 of 2019. I believe this decline is most likely related to the uncertainties of the current environment as deals this large are typically multiyear and paid upfront. Second, the same trend is reflected in the decline in average contract length in Q2. Overall, ACL declined by about two months and had the effect of reducing reoccurring and total billings by about $12 million.

Finally, recall that the appliance sales were relatively strong in Q2 of '19, due to the refresh cycle associated with the end of life of our X300 appliances. Product and related subscription billings were up 5% year over year in Q2 of '19, led by a 24% year-over-year increase in appliance sales. This compare made the Q2 decline in product and related subscriptions category, which look much sharper than the longer-term trend suggests. I'm providing this detail so you can see how factors that have little to do with our current operating performance can impact the uptick.

Our sales have traditionally been weighted toward large enterprise and government customers, and this can drive big deals and mixed variation between quarters. However, our ARR metrics show that these long-term strategic customers rely on our products and solutions to protect their organizations as much as they always have. Looking at our revenue and ARR by breakout categories, our shift to cloud-based and cloud-delivered solutions continued in Q2 with platform, cloud subscriptions and managed services revenue, up 30% year over year. This category accounted for 32% of total revenue compared with 26% of total revenue in Q2 of '19.

Platform, cloud and Mandiant Services ARR increased 27% year over year and 5% sequentially and accounted for more than half of our ARR for the first time. Revenue associated with on-premise product and related subscription business was down 12% year over year. A large portion of the decline was associated with appliance hardware as appliance sales from prior periods are fully amortized. ARR for the product and related subscription category continues to stabilize with ARR down just 2% sequentially.

This decline was more than offset by a sequential increase in the ARR of the cloud version of our products. Professional services revenue was a record $53 million and accounted for 23% of total revenue compared with 20% of total revenue in Q2 of '19. Strong demand for our expertise and a higher mix of our incident response services allowed us to maintain high utilization rates and chargeability, which translated into record gross margin of 57% for services. Lower travel, which is charged back to customer at cost, or 0% gross margin, was also a factor.

The increase in services gross margin helped drive our total gross margin to 72%, consistent with Q2 of '19 and above our guidance range of 68% to 69%. Operating expenses declined $17 million from Q2 of '19, reflecting our reduced cost structure following the first-half 2020 restructurings, as well as roughly $8 million to $10 million of lower travel and entertainment and lower facilities operating costs due to the worldwide shutdown related to COVID-19. The combination of higher-than-expected revenue, improved gross margin and lower costs translated into record operating income of $22 million and earnings per share of $0.09. Turning to the balance sheet and cash flow.

Our balance sheet remains very healthy. We ended the quarter with cash and short-term investments of $914 million. The cash balance reflects payment of a significant portion of the Q2 restructuring charge and the repurchase of $96 million of the $120 million in Series A convertible notes. The total amount of convertible notes outstanding is now approximately $1.1 billion.

We ended the quarter with $120 million receivables, a decrease of $20 million from the $140 million in ARR at the end of Q1. DSOs declined to our historical range at 54 days, a decrease of 20 days from the end of Q1 due to good billings linearity and collections of some of the outstanding receivables carried over from Q1. Our strong collection performance resulted in operating cash flow of $15 million and free cash flow of $9 million. Total deferred revenue at quarter end was approximately $893 million, a decrease of $27 million sequentially and $20 million from the end of Q2 of '19.

Product and related deferred revenue decreased by almost $66 million from a year ago of appliance sales and the related subscriptions and support from prior periods are fully amortized. The year-over-year decline in product and related deferred revenue was partially offset by a $20 million increase in platform cloud and managed services deferred revenue. Note that deferred revenue associated with professional services projects declined about $3 million on a sequential basis from the near record levels of Q1. With increased capacity in our strategic consulting business from hiring over the last year, we were able to work through some of the backlog of committed projects.

Our top-line results validate the resilience of the business and the relevance of our strategy, while the improvement of our operating profit and cash flow demonstrates our resolve to transform our operating model and deliver profitable growth. Now let's turn to our current outlook for Q3 and the second half of the year. As we've discussed before, changes in average contract length, the timing of large transactions and subsequent renewals, customer preference for on-premise versus cloud form factors and periodic billings all have the potential to impact the quarter-by-quarter billings mix and growth rates. This is especially true in the current environment.

As a result, we are not guiding to billings number for either Q3 or for the year. However, with more than 90% of our non-services revenue recognized from the balance sheet, we have good visibility into our revenue and operating model, and we are comfortable guiding to revenue, operating profit and earnings per share. I'm pleased to say that with the continued momentum we are seeing early in the third quarter, as well as the strong revenue and operating results posted in Q2, we are raising our guidance for revenue, operating margin and earnings per share for the second half of 2020 and the year. For Q3, we expect revenue in the range of $225 million to $229 million, gross margin of between 70% and 71%, operating margin of between 7.5% and 8.5% and fully diluted earnings per share of between $0.06 and $0.08.

For 2020, we are raising our revenue guidance range to $905 million to $925 million, an increase of $25 million at the midpoint from the previous guidance. We now expect gross margin of between 70.5% and 71.5%, compared to our prior-period expectation of 69% to 70%. This range assumes our services gross margin returns to a more sustainable range of 52% to 53% in the second half of the year. We are raising our operating margin guidance range to 6.5% to 7.5%, which reflects our increased revenue range and our reduced cost structure, as well as lower travel and facility operating costs, as compared to 2019.

Embedded in this guidance are assumptions about the ongoing impact of the COVID-19 pandemic on our operating metrics that you should consider as you build your models. First, we do expect T&E and facilities operating costs to increase from the lows in Q2 as restrictions are lifted in certain international regions. As we outlined in our Q1 call, we expect the restructuring we did in the first half to reduce our operating costs by about $25 million in 2020 compared to 2019, and this remains our expectation. We also expect to see a continued decline in the average contract line by about two months compared to a year ago.

And finally, we remain somewhat cautious about the potential impact of the pandemic on services billings and revenue growth rates. More specifically, our current outlook does not anticipate a sequential increase in services revenue in Q3. Also, we do not expect to see the same surge in prepaid services billings we saw in Q4 of last year when services billings exceeded $70 million. As noted, this is based on what we know and believe as of today, there's a lot of uncertainty that has been created because of the COVID-19 pandemic.

But I believe we have proven the resilience of our business. We are doing our best to provide you with guidance while operating in this uncertain environment. And I am confident in our ability to deliver on improved revenue and profitability outlook as we continue to transform our business. Operator, we'll now open the call for questions.

Questions & Answers:


Operator

[Operator instructions] Our first question comes from Sterling Auty with JP Morgan. Your line is now open.

Matt Parron -- J.P. Morgan -- Analyst

Hi, guys. This is Matt on for Sterling. Thanks for taking the questions. With regards to the impacts you're seeing from COVID on the business, which products are you seeing did you see increased demand for throughout the quarter?

Kevin Mandia -- Chief Executive Officer

So similar to last quarter, we actually saw Intel and cloud endpoint performed very well in the COVID environment. Services, which is one area that we thought might be impacted more significantly by COVID, actually had an incredibly strong quarter. We saw a very high mix of incident response engagements, which because of the elevated threat environment, we were firing on all cylinders there as well.

Matt Parron -- J.P. Morgan -- Analyst

Got it. Thanks That's very helpful. And then one follow-up. With regards to the services margin, long term, do you think that the current environment maybe shifts, how much of the deployment that you can do remotely and that that could potentially benefit the operating margin line?

Kevin Mandia -- Chief Executive Officer

Yes. Really, the only impact from a services margin perspective, there were two components to it. The first component was a higher mix of incident response, which is at a higher rate per hour. So that obviously benefited the services gross margin.

And then the fact that we're not doing a lot of on-site travel and so that helps because we don't have a component of what we're charging at very low margin. So when we get reimbursed for travel, that's basically at cost. So that does bring down the overall gross margin. I would expect that, going forward, the new norm will probably continue to deliver a lot of stuff remotely, but there'll be occasions for on-site engagements as well.

Matt Parron -- J.P. Morgan -- Analyst

Great. Thank you.

Kevin Mandia -- Chief Executive Officer

Thank you, Matt.

Operator

Thank you. Our next question comes from Gregg Moskowitz with Mizuho. Your line is now open.

Gregg Moskowitz -- Mizuho Securities -- Analyst

OK. Thanks very much, and nice to chat with you, guys. I guess my first question is just on Verodin/validation. I think a strong argument can be made that the ability to implement and enforce security controls is more relevant in the current environment than ever, which I think Brad was talking about as well.

What I'm wondering is, how much evangelism, if you will, is required today in order to help customers understand the value add of that service?

Kevin Mandia -- Chief Executive Officer

Yes. This is Kevin speaking. I think there's still a little bit of evangelism. There's not real space there yet, so what I'm observing is a couple of patterns.

And first, it's -- our sales force has warmed up to it. So you're going to see, in my opinion, pipeline's increasing nicely, and I like that. We've got the behavior among our entire sales force that it's a relevant service. The second thing, though, is it depends on the state and maturity of the customer and what will happen is, a lot of times, if you red team a customer and they have two years of remediation to do, they don't need to do continual red teaming.

So this is something that -- there's almost like you red team somebody, they do the remediation to that. And then the amount of drills they do get more incremental and a little bit faster. So right now, I'd say validation is something the 1A Enterprises and the mature teams are doing or will be doing shortly. And for the folks that are less mature, they may do it once, do a couple of quarters of remediation and then get back to doing it on a more repeated basis.

But it's still an emerging market. I'm just confident that it's going to be one that matters. We had a multi-decade run of patch management. Let's just patch everything, but this is even better than that.

This is unvarnished truth. Does an attack work or not? And to me, that is something you can take up to the board and have a very tangible and simple conversation rather than, well, we scanned 122,000 hosts. We had 57,000 vulnerabilities. We rack and stack those into four different buckets, from critical to noncritical.

And then here's where we're at in our remediation drills. Nobody understands it. Nobody can comprehend it. So I'm giving you a longer answer than what you asked for, but we like the growth that we're seeing with validation.

But again, if you go to Gartner or you go to other analysts, they're saying this is a five years out sort of thing. Our goal is to let people know the value of it now, that it just provides more value now than so many other alternatives when you're trying to tweak the knobs on your security instrumentation.

Gregg Moskowitz -- Mizuho Securities -- Analyst

OK. That's really helpful, Kevin. Thanks for that.

Kevin Mandia -- Chief Executive Officer

Thank you.

Gregg Moskowitz -- Mizuho Securities -- Analyst

And then Mandiant advantage, I think it's interesting as well. How should we think about the price uplift for Mandiant advantage versus the stand-alone threat intel and validation and then also, will there be some sort of promotional pricing for existing customers that have already bought one service but not the other?

Frank Verdecanna -- Executive Vice President, Chief Financial Officer, and Chief Accounting Officer

Yes. Gregg, it will be an uplift, obviously, but it will really depend on the level of service they'll be getting and how much they're going to deploy it within their environment. But we will have an opportunity for some strategic customers to actually adopt it in Q3, and we'll have some promos that we roll out in Q4 as well to get a decent amount of the existing customer base on it.

Gregg Moskowitz -- Mizuho Securities -- Analyst

Great. Thank you.

Frank Verdecanna -- Executive Vice President, Chief Financial Officer, and Chief Accounting Officer

Thank you, Gregg.

Operator

Thank you. Our next question comes from Jonathan Ruykhaver with Baird. Your line is now open.

Jonathan Ruykhaverz -- Baird -- Analyst

Yes. Good afternoon. I'm wondering if you can elaborate more on the smaller number of new logos added in the quarter. Just the challenges you're seeing on adding new customers, is it a certain segment of the market you serve? Or is it broad-based? Is it something you expect to continue?

Frank Verdecanna -- Executive Vice President, Chief Financial Officer, and Chief Accounting Officer

Jonathan, this is Frank. Yes. It -- I think in this environment, there's plus and minuses in this environment. The plus is we are seeing a little bit of higher renewal rates.

We're also seeing a little bit more traction from follow-on business with existing customers. One of the downsides is new customer acquisition is a little bit more challenging in this environment because, in a lot of cases, your sales force is obviously not able to be on site. And selling a new product to a new customer, I think, is a little bit more challenging in this environment. So intuitively, that wasn't a surprise that we did see year-over-year decline.

But I think if you look at kind of the large strategic customers, every aspect of our business, from pipeline to every other key metric are trending really well. So all customers aren't really created equally. And so new customer logos is a metric, but by no means, one of the more significant ones.

Jonathan Ruykhaverz -- Baird -- Analyst

OK. That's helpful. So I guess that leads into my second question just around the platform adoption. Can you talk to us about the products that are leading the charge in terms of adoption? And have you've seen any change there related to COVID?

Frank Verdecanna -- Executive Vice President, Chief Financial Officer, and Chief Accounting Officer

Yes. Similar to Q1, we saw a little bit of a more uptick than we had seen in 2019 on Intel and cloud endpoint. So those seem to be things that are -- become probably a little bit more important in this environment. Those were probably the only really changes that kind of, pre-COVID, we have seen.

To our surprise, we have seen our entire services be able to be delivered remotely. And pre-COVID, we delivered a lot of services remotely but not everything, and so it was really good to see things like training that customers typically like on site to be able to deliver that remotely in Q2.

Jonathan Ruykhaverz -- Baird -- Analyst

So no real change in demand trends around EOD, like some Managed Defense?

Frank Verdecanna -- Executive Vice President, Chief Financial Officer, and Chief Accounting Officer

No, no. I think it's pretty similar. Probably the only negative impact in some of those areas where we are -- we did see contract length come down a little bit, which is not surprising that, in this environment, customers are oftentimes committing to a lot less paid upfront dollar engagements.

Jonathan Ruykhaverz -- Baird -- Analyst

Right. OK. Thank you, guys.

Frank Verdecanna -- Executive Vice President, Chief Financial Officer, and Chief Accounting Officer

Thank you, Jonathan.

Operator

Thank you. And our next question comes from Fatima Boolani with UBS. Your line is now open.

Fatima Boolani -- UBS -- Analyst

Good evening, everyone, and thanks for taking the question. Brad, maybe I'll start with you, and welcome to the team. I'm curious about the key objectives for you as chief strategy officer and the top initiatives that you plan to undertake in your role.

Brad Maiorino -- Executive Vice President and Chief Strategy Officer

Yes. Thank you. So first is it's really about taking kind of my experience and applying it to our strategy, and that's how do we go to market, with what products and when and just really being that in-house customer representing and evangelizing internally what our customers want and then turning around and evangelizing that externally.

Fatima Boolani -- UBS -- Analyst

That's helpful. And Frank, if I may, a follow-up for you. If you can help us put a finer point on the geographic performance and certainly, vertical-based performance. Anything to call out there in terms of acute areas of weakness and particularly as the pandemic has sort of traveled globally in certain geographies and areas have lifted restrictions.

I'm wondering how that sort of impacted the business in 2Q and how you're sort of envisioning or incorporating that in your outlook for the year? And that's it for me.

Frank Verdecanna -- Executive Vice President, Chief Financial Officer, and Chief Accounting Officer

Sure. So Fatima, I think from a geo perspective, obviously the COVID pandemic has kind of ebbed and flowed in different areas. But as we look at it, from a delivery perspective, from a new customer acquisition perspective, it really hasn't changed that much. Kind of pre-COVID, post-COVID, I think there's been certain pockets in certain areas that probably saw a little bit more pressure at different points in the quarter.

But even those areas within a full 90-day period seems to kind of ebb and flow. So I would say, from a geo perspective, just not a lot of difference by geo relating specifically to COVID. I think most of the various impact on things like contract length has been more across the board.

Fatima Boolani -- UBS -- Analyst

And just the same question on a vertical basis, an end-market basis?

Frank Verdecanna -- Executive Vice President, Chief Financial Officer, and Chief Accounting Officer

We've seen probably a little bit less in the kind of the harder-hit industries like oil and gas and transportation. But other than that, it really hasn't been very much different from a vertical perspective. We had a very strong state and local quarter in the second quarter. We'll have a very strong fed quarter this quarter, so it follows kind of the typical patterns.

Fatima Boolani -- UBS -- Analyst

Very helpful. Thank you so much.

Frank Verdecanna -- Executive Vice President, Chief Financial Officer, and Chief Accounting Officer

Thank you, Fatima.

Operator

Thank you. And our next question comes from Gur Talpaz with Stifel. Your line is now open.

Chris Speros -- Stifel Financial Corp. -- Analyst

Hi. This is actually Chris Speros on for Gur. For Kevin, you mentioned in the prepared remarks that you were planning on adding incremental services to the Mandiant Consulting business. Can you talk about what services you plan to add and what's driving those additions?

Kevin Mandia -- Chief Executive Officer

Absolutely. One of the things that we're the best at is responding to breaches. It's really hard to forecast that. Even though we have 17 years of history doing it, you tend to not know who's going to get compromised tomorrow and what to do about it.

So what you start doing is saying if you want to have more predictable revenues and knowing where your folks are going to be working six weeks out, we do a lot of that with red teaming, but we got to get into what we call more strategic services. And the interesting thing is with our specialty, I think last quarter, over 40% of our services revenues and maybe even higher than that were from responding to breaches. It's, again, hard to schedule it. But when you do those things, we're writing these remediation plans.

And here's what to do about it. And most of the time, when we're the first ones through the door, the pros from Dover, we are being asked to take somebody from security point A to security point B, how do we get better? How do we get there? And over the years, we've kind of pumped on those. And we said, you know what, that's somebody else's job. They can come in and do that.

I believe, right now, we've got all this incredible frontline expertise. We're responding to these breaches. We're figuring out what happened and what to do about it, and then we're getting on the plane and flying back. And we can't do that.

We got to go to the extra mile and start doing those transformation services and greater volumes. They're more predictable. They're stabilized. The spikes that you can get in services over time, you get a bunch of incidents oen quarter and not as many the next.

And it also -- another reason why we brought in Brad and we have Charles Carmichael internally running this, is that Mandiant, over the last six or seven years, we really haven't concentrated on the top of the pyramid for consulting. We've hired a whole bunch of frontline responders. We have a whole bunch of directors managing it. They're unbelievably busy.

They're unbelievably chargeable. But then as what other consulting firms we call the partner level, we don't have a lot of people. And if you want scale and services, that's where you have to hire. That's how you get it.

So we're focusing on strategic services. We're focusing Jürgen Kutschner, who runs that, on hiring at the top of the consulting pyramid to grow it, and we're absolutely phenomenal at it. That's one -- the main thing. So everybody thinks, wow, you respond to breaches.

That's just so tactical. It means you actually have total command of the strategy around transforming security operations. I believe we may write more transformation plans than anybody on the planet. We just don't help our customers go through them.

So we're going to start doing it.

Chris Speros -- Stifel Financial Corp. -- Analyst

Thank you, Kevin. That's great color. And one for Frank. Can you talk about how we should expect the appliance business to trend through the back half of the year?

Frank Verdecanna -- Executive Vice President, Chief Financial Officer, and Chief Accounting Officer

Yes. I think we'll see a little bit more stabilization in the product and related business. If you looked at the first two quarters of 2020, the compares were against heavy product refresh quarters in 2019. As you recall, we did the end of life for the X300 appliances at March 31 last year, so Q1 and Q2 had some pretty significant refresh activity.

Q3 is more of an apples to apples, so I think you're going to see stabilization there. And like I mentioned earlier, we are seeing a little bit of an uptick in our renewal rate. So we feel like that we'll see that part of the business stabilize at the back half of the year.

Chris Speros -- Stifel Financial Corp. -- Analyst

Great. Thanks, guys.

Frank Verdecanna -- Executive Vice President, Chief Financial Officer, and Chief Accounting Officer

Thank you, Chris.

Operator

Thank you. Our next question comes from Rob Owens with Piper Sandler. Your line is now open.

Frank Verdecanna -- Executive Vice President, Chief Financial Officer, and Chief Accounting Officer

How are you, Rob?

Rob Owens -- Piper Sandler -- Analyst

Thanks for taking my questions. I'm doing well. How are you doing?

Frank Verdecanna -- Executive Vice President, Chief Financial Officer, and Chief Accounting Officer

Fantastic.

Rob Owens -- Piper Sandler -- Analyst

Excellent. Kevin, could you kind of just play for us the COVID continuum relative to how the quarter played out on a linearity perspective? And we went into this at the end of March, which is usually a busy period. But curious as to your big deals are up, your logos were down quarter over quarter. DSOs look good.

How did the linearity play out? And how did the quarter take shape?

Kevin Mandia -- Chief Executive Officer

Yes. And Rob, you're not going to like my answer because in these 90 days, the linearity was better than ever before. I mean, we couldn't explain it at the time we were going through it, and I've seen other CEOs say the same thing. It was almost like people pushed back against the COVID pressure and our linearity.

We were always ahead during the quarter. The whole quarter our sales professionals and what they predicted kind of fell right in line with what they said all along, so we did not feel the impact. In fact, we felt almost the opposite, better linearity, more discipline among the buyer. And, yes, things fell in line for us.

Rob Owens -- Piper Sandler -- Analyst

Well, actually, I like that answer, Kevin. So I think you misinterpreted my response. So I think that then begs the second question relative to your guidance. And I think the midpoint of the range, you lose about 5 points of growth quarter over quarter.

Understand that this is the first full comp you have relative to Verodin. How much is associated with that versus just the general environments, and, of course, the thoughts on the federal setup?

Frank Verdecanna -- Executive Vice President, Chief Financial Officer, and Chief Accounting Officer

Yes. I think, Rob, this is Frank. The current environment, we are similar to last quarter when we gave guidance. We are expecting some level of impact from COVID on the services side, so we are expecting a sequential down quarter on the services side.

That may not happen. But as we look at it today, Q2, that team was incredibly chargeable. I mean, there's no -- well, it's very unlikely that the mix will be as high of incident response engagements, and it's very unlikely we can maintain that level of chargeability in the third quarter because the third quarter tends to be a little bit seasonal on the services side. There are more vacations, the summer slowdown in Europe, all kind of hits in the third quarter.

And so that's why you see from a revenue guidance perspective a little bit of a sequentially, potentially down quarter over quarter. But as we look forward, we've been adding to the services team, so we feel very good about that longer term. And I think with the growth on the platform cloud side, I think you're going to see continued contributions there. And like we talked about a little bit earlier on the stabilization on the product and related, I think we'll see a little bit of a benefit there as well.

Kevin Mandia -- Chief Executive Officer

And some of the color, Rob, having run that thing for over 16 years now. What I observed in Q2 is we said no to a lot of jobs, and you can't always control the inbounds when there's a breach. But I felt like our nose were a little higher in Q2 based on capacity. But when that happens, you do get a little bit of burnout.

When you get burn out, sometimes folks come off a couple of jobs, and you have to give them a week to collect themselves. And that week is hitting in Q3 for us. And then at one of our last new hires, I just know the attendance at our last consulting onboarding was about 77 folks. When you add that many people, there's also that half step backwards to go two steps forward.

When you onboard in this environment, I'm not convinced I know what the new normal is for onboarding. Does it take them one engagement to be up to speed, four engagements to get up to speed? Because I do know we're working remotely. We're working a little bit differently, but there's no question onboarding is probably going to take a tiny bit longer with on-the-job training. And then I think we're going to have to change.

We did fixed fee jobs. You pay for us upfront. I think we're one of the only consulting cores running that way. I think in the COVID environment, we're going to have to change that a little bit.

And we're a products company. We like billings, billings, collect upfront. That's not a services business, but we've run our services in the model of it almost being a product. I think one of the ways we can continue the growth there is to start changing that payment cycle.

Let's do the services first and then charge for it, and that's OK. And we may have to do a little bit more of that through this current environment.

Rob Owens -- Piper Sandler -- Analyst

All right. Thank you, guys.

Kevin Mandia -- Chief Executive Officer

Thank you, Rob, as well.

Operator

Thank you. And our next question comes from Saket Kalia with Barclays Capital. Your line is now open.

Saket Kalia -- Barclays Capital -- Analyst

OK, great. Hey, guys. Thanks for taking my question here. How are you?

Kevin Mandia -- Chief Executive Officer

Doing great, Saket. How are you?

Saket Kalia -- Barclays Capital -- Analyst

Good, good. Hey, Kevin, maybe just to start with you. In your prepared commentary, you touched on some new SKUs that were available for network security in the public cloud. You spent a lot of time with customers, as well as Brad.

I mean, I'm wondering what your customers are telling you about their desire to put an added layer of security like FireEye on what they may already have in the public cloud, if they have anything. Any thoughts on that?

Kevin Mandia -- Chief Executive Officer

Yes. It's a little early to tell, but I can tell you for the 1A enterprises, FireEye's always been that second layer of assuredness, right? That's how we are in the network. In a way, that's how we were on endpoint with forensics, on email, and we're kind of building into that layer one. So I believe this.

If the customers that have adopted FireEye when they go to the cloud, it's just far more probable, they're going to bring us along with them because they've learned to rely on our technology to defend their networks. It may create some new opportunities for us as well, and we got to do it regardless. I'm glad we did the work. But right now, it's a little early to tell.

We have a 15-year run of the appliance business and only a couple of year run of cloudifying that capability. But now it's really cloud native, and we'll see how it does it. So that's a long-winded answer, Saket, to tell you this. 1A Enterprise, they want two layers of defense.

They'll do it. Down market or smaller businesses may not be as reliant on that.

Saket Kalia -- Barclays Capital -- Analyst

That makes a lot of sense. Yes. Sure, sure. Frank, maybe for my follow-up for you.

Maybe a derivative of a question that was asked earlier just about the core products business, but -- and I want to focus in on sort of product ARR specifically and how you think about that going forward. I guess the question is, do you feel like you could sort of stabilize here in that $300 million range on product and related ARR? And maybe you could talk about some of the dynamics in that because you mentioned the amortization of product that we all know. Can you just talk about some of the puts and takes to that product and related ARR and how we should sort of think about that going forward?

Frank Verdecanna -- Executive Vice President, Chief Financial Officer, and Chief Accounting Officer

Yes. I thought -- if you look at -- in Q2, you did see some level of stabilization on a sequential decline of 2%. There are obviously some customers that migrate from on premise to cloud, and so there is some movement of dollars between buckets. So I won't say it will be stabilized forever at $300 million or so, but I think we'll see it in a stabilized range going forward.

And like I talked about a little bit earlier that Q3, we didn't -- it wasn't -- Q3 '19 wasn't a huge refresh quarter. So I think you'll see some product stabilization there on the year-over-year compare? Yes. I think the important thing to keep understanding as you look at FireEye as a whole, the product and related business, while stabilized, it's generating a significant amount of cash that we're now able to invest in the growth areas of the business. So as we look at and as we get more efficient as a company, the more mature areas are really becoming kind of a cash cow for us, and that really helps us invest significantly in areas that we believe will continue growing.

Saket Kalia -- Barclays Capital -- Analyst

Got it. Very helpful. Thanks, guys.

Frank Verdecanna -- Executive Vice President, Chief Financial Officer, and Chief Accounting Officer

Thanks, Saket.

Operator

Thank you. And our next question comes from Tal Liani with Bank of America. Your line is now open.

Dan Bartus -- Bank of America Merrill Lynch -- Analyst

Hey, thanks, guys. this is actually Dan Bartus on for Tal. First for Kevin, interesting to hear that you guys are going to be managing third-party endpoint products going forward. Can you just talk a little bit more about the strategy there? Maybe how many vendors you'd be interested in supporting or some other areas of security that you think ends for you guys to start managing?

Kevin Mandia -- Chief Executive Officer

Yes. So by the way, it's been the plan all along. I guess, maybe before FireEye bought us, and then we had a five-year period where we will be holding the FireEye products. It's that -- you're not going to own every damn count on endpoint, period.

And the demand for our expertise and the second set of eyes to look at every single alert is something almost everybody I talked to once. And they're not going to throw out their endpoint for our endpoint just to get that. So it just makes sense for us to go in and say, what have you got? And can we support it? And we should have a list of supported products. One of the best things about being on the front lines of every breach is we know exactly the detection efficacy of everybody's products.

Granted, you can have user error and you configure them wrong, and most products are probably only used at 60% of their potential. But we're just sitting here on the front line, seeing what gets evaded, how it gets evaded. And we need to apply that knowledge to more than just our technology, period. That's just -- it's more valuable for us to do that.

We can do that, and it's just time we start doing it. So that's the rationale behind doing it for the managed defense. And by the way, we even do it in services. You can't always show up to a breach and say, hey, no matter what you've got, we're not going to use it.

We're going to use our own stuff. We do have technology enabled services. But we have responded to incidents, collecting data, using other technology. You have to be able to do it.

It's as simple as, well, I was just about to have an analogy that compared Microsoft with Word Perfect, but I don't think Word Perfect is around anymore. But the bottom line is we use different technology to get the damn job done, and we got to elongate that. So we're going to have supported products inside of Managed Defense. That's being run by Marshall Heilman and will support other endpoint technologies.

And that's the No. 1 use case for managed defense, verify that we have a damn problem. Answer the question every day, all the time. Are we compromised or not? And that's what Managed Defense does, and I just think it should be growing faster than it is.

This is probably the fastest way to unlock growth.

Dan Bartus -- Bank of America Merrill Lynch -- Analyst

Great, great. That sounds good. And then quickly for Frank. Good to see the ARR growth improves up to 8%.

I think that's the best over the last year -- year over year there. Can you just help us break out what you attribute to Verodin in that growth, if that's possible?

Frank Verdecanna -- Executive Vice President, Chief Financial Officer, and Chief Accounting Officer

Yes. So we did see, obviously, Verodin continued growing and continuing to have nice traction year over year. We did grow 27% in the platform cloud category. From an overall billings perspective, the Verodin growth is probably close to half of that growth.

Dan Bartus -- Bank of America Merrill Lynch -- Analyst

Thanks, guys.

Frank Verdecanna -- Executive Vice President, Chief Financial Officer, and Chief Accounting Officer

Thank you very much.

Operator

Thank you. Our next question comes from Hamza Fodderwala with Morgan Stanley. Your line is now open.

Hamza Fodderwala -- Morgan Stanley -- Analyst

Hi. Thank you for taking my questions. Hope you're doing well. Just a quick question on my end.

Clearly, Q2 demand was really durable. I'm wondering what you're seeing as far as early demand trends are concerned in July, particularly with some of the high-profile breaches recently. Is that helping to create any new pipeline into the back half? Just any thoughts you have there.

Kevin Mandia -- Chief Executive Officer

The one challenge when you mentioned that, I immediately went to the 30% to 40% of our services revenue comes within quarter sometimes. And in regards to those breaches, we worked a bunch of big ones in Q2. We've probably got a couple of big ones right now. But some of the headline breaches, by the way, aren't ones that are big headline breaches from a response standpoint, and so won't comment on those specifically, but they weren't going to be big jobs for us.

Frank, I don't have a good answer for this. I mean, early on --

Frank Verdecanna -- Executive Vice President, Chief Financial Officer, and Chief Accounting Officer

I think the best way to look at it is, typically, when we have significant amount of breach activity, yes, there's typically a fair amount of pull-through from those breaches over the next, call it, two to three quarters. And so the fact that Q2 was a really significant breach quarter and incident response quarter, that does kind of play well for the back half of the year because a lot of those engagements will have significant either product or solutions kind of pull through. What we're seeing early in Q3, yes, we have seen some kind of high-profile breaches, but Q2 was a really high mix of breaches. So we'll see where Q3 ends.

But so far, we still see a lot of activity going on there.

Kevin Mandia -- Chief Executive Officer

Yes. And I think there's always adaptation. We've always done our incident response work remotely. That's just what we do.

You need the pros from Dover. We send the expertise in minutes, and help you out. But one of the things that I'm certain we'll have to do is, our strategic consulting is always done with some on-site visits, on-site interviews and things of that nature. We're going to have to evolve a little bit on how we do that, build a little bit more about validation, having dashboards so that we can interact with our customers remotely in a more effective way.

And we're building that with the Verodin platform, that ability to attack, test and rinse and repeat. But I am certain we're going to have to look at the way we do our strategic consulting and change some of those methodologies based on a work-from-home environment.

Hamza Fodderwala -- Morgan Stanley -- Analyst

Got it. Thank you.

Operator

Thank you. Our next question comes from Shaul Eyal with Oppenheimer. Your line is now open.

Shaul Eyal -- Oppenheimer and Company -- Analyst

Thank you. good afternoon, guys, and congrats on the strong performance and the outlook for the second half. Kevin, I wanted to focus specifically on your email related product. Are you seeing Microsoft being more pronounced or more visible in this market in recent quarters?

Kevin Mandia -- Chief Executive Officer

Yes, absolutely. I think that we went through O365. What you're seeing, in my opinion and solely my opinion, is the cloud suite of email like Google Suite and O365 are definitely doing -- they're winning because the alternative is us doing email ourselves. And even as a CEO, I found it far easier for us to outsource that capability than to insource it.

And so that's a good thing. So I think more and more companies are choosing third-party email as their email. And then, by the way, once you do that as a third party, you have to have security platforms as well. So we are seeing growth in our cloud, email, ETP, as we call it, we are not seeing growth in our on-prem appliance.

And I don't think too many people will see in the future on-prem email gateways being successful. So bottom line, yes. Microsoft is, in my opinion, doing an exceptional job winning enterprise email, period.

Shaul Eyal -- Oppenheimer and Company -- Analyst

Got it. No. That's extremely helpful. And maybe on billable hours or your billable rates.

I would imagine that stage relatively settled, maybe. Have you been able to slightly up these rates, expand these rates a little bit?

Kevin Mandia -- Chief Executive Officer

We're not increasing our rate. And a lot of folks, it's kind of interesting. People will think we're -- that the rate itself can be perceived as high when we're responding to breaches or doing other things. But the reality is, is we have more experienced folks and the overall cost of a lot of what we do is actually less than folks that send a whole bunch of folks at a lower rate.

Eight people at $200 an hour is more than two people at $400 an hour, and you hit the same results. But we don't really do that. I mean, in reality, different services have different rates. We, over time, have lowered the rate, if anything, although our average rate run now is high because of the incident response work.

We have shown a willingness to lower the rates for what I would call strategic government work, where we just think it's strategically important to be involved in different security operations across the globe, by the way, with different intel agencies or different departments of defense. So -- and so I think in the long run, because just the way we run that, though, our hourly rates always hovered at around the same, plus or minus 2%, the same thing. And I think it will stay there. But the range of the rate has grown a little bit.

Kate Patterson -- Vice President, Investor Relations

We have time for one more question.

Kevin Mandia -- Chief Executive Officer

One more?

Kate Patterson -- Vice President, Investor Relations

One more.

Kevin Mandia -- Chief Executive Officer

Sure.

Operator

Thank you. And that question comes from Brian Essex with Goldman Sachs. Your line is now open.

Kevin Mandia -- Chief Executive Officer

Brian, how are you?

Brian Essex -- Goldman Sachs -- Analyst

Hi, guys. Good. How are you? thanks for squeezing me in, appreciate it.

Kevin Mandia -- Chief Executive Officer

Sure.

Brian Essex -- Goldman Sachs -- Analyst

One quick question for you. Was just wondering, any incremental contribution progress with the iboss partnership? Just wondering how that's going on the platform and kind of what to expect there going forward.

Kevin Mandia -- Chief Executive Officer

Yes. First off, love the technology of iboss, and I looked at the performance. And obviously, we could probably do better there and train our sales force. And I think, right now, it might be relatively specialized sale for us where our sales engineers that get it are just better at, I think, positioning it.

And I look at it as -- it's like a Zscaler thing, right? You get the FireEye protection, but you get to just kind of use the iboss agent to route all your traffic. We got room for improvement there. But on paper, the partnership looks great. They send all the data, and it can go through all our virtual appliances.

Frank Verdecanna -- Executive Vice President, Chief Financial Officer, and Chief Accounting Officer

And, Brian, just from a timing perspective, we had trained the sales force in Q1 on that, so it does take a couple of quarters to build the pipeline. But if you look at where we sit today, we've got a lot of nice deals in the pipeline for Q3 and Q4. So we're hopeful that we'll see some nice traction there.

Brian Essex -- Goldman Sachs -- Analyst

Right. That's helpful. Maybe, Frank, just a real quick follow-up. On cloud-managed services, I know you talked about training your sales force.

And I understand you had some rationalization, the hardware side of the business. How has hiring been there? What does the sales force look like in terms of new hires and maturity? And how can we expect that to support growth going forward as we look at potentially stabilization, the hardware side of the business?

Frank Verdecanna -- Executive Vice President, Chief Financial Officer, and Chief Accounting Officer

Yes. When we look at kind of hiring across the board, I think given FireEye's position in the marketplace, with the level of intelligence and expertise we have, it's an area that we're very successful from. I look at a lot of the people that we bring aboard, and we have a lot of talented new individuals coming aboard that I think can really help take us to the next level. I think that's been an area of strength for us for quite some time.

And I think we feel really good about our ability to hire and our ability to kind of grow the growth areas of the business.

Brian Essex -- Goldman Sachs -- Analyst

And is there a certain percentage of the sales force that's still kind of getting up to maturity? Or is this kind of a steady state hiring just to support growth as you go along kind of process?

Frank Verdecanna -- Executive Vice President, Chief Financial Officer, and Chief Accounting Officer

No. I think it's always evolving, but I think we feel really good about kind of a lot of the enablement that we've been working on for some of the newer areas of the business. And I think Verodin, our Mandiant Validation is the perfect example of if you looked at the pipeline being built right after the acquisition over the next couple of quarters, then you looked at the pipeline being built after we went through a full kind of enablement and training. I think the sales force got it, and I think they built a pretty significant pipeline that I think will drive significant growth there.

So I think we've got the right resources aboard. We think they're in the right level of -- as far as enablement goes, and so we should be in a good spot there.

Brian Essex -- Goldman Sachs -- Analyst

OK. That's helpful. Thank you.

Frank Verdecanna -- Executive Vice President, Chief Financial Officer, and Chief Accounting Officer

Thank you.

Operator

Thank you. I'm not showing any further questions at this time. I would now like to turn the call back over to Kevin Mandia for closing remarks.

Kevin Mandia -- Chief Executive Officer

Yes. I did write a couple of closing remarks right now. I'll spit them out at New Jersey auctioneer speed because I know we've been on for over an hour. But in closing, I just want to provide a quick update on the four priorities we outlined for 2020.

Our first priority was we intend to be the best in the world at incident response, red teaming and threat intelligence. When I reviewed the first half of 2020, we are performing more investigations at a faster pace this year than last year. And in third-party appraisals of our incident response and threat intelligence, we're in the top right, so I feel we're doing our jobs there. Our second priority was to extend our dynamic threat detection and expertise to defend cloud-based infrastructures.

We addressed this priority with our acquisition of Cloudvisory and the launch of our cloud security assessment service and consulting and our network security 9.0 release in the second quarter, which included our enhancements to support secure migration of workloads in the major cloud providers. A third priority was to deliver our expertise on-demand seamlessly through our technology where our experts are available at the point when our customers need them most. And again, we developed expertise on-demand not to sell more services but to differentiate our technology. I know in my years of doing computer security at the Pentagon, I would have loved to have had a button, a click on to get help.

So we give that to our customers. And we are seeing our customers take advantage of this button and our on-demand capability with their XGs on demand revenue use up over 300% year over year, still a small number. But they're using it, and that's what we wanted. And finally, we want to be the best in the world at security validation.

We intend to make the process of measuring security effectiveness against the most current attacks as simple, continuous and as commonplace as we can make it. And the Mandiant advantage portal that integrates our threat intelligence and validation will close the security gap between the attackers' emerging techniques and the safeguards that are just too slow to adapt or stop or detect these attacks. So I'm very pleased that we're making progress in all our objectives. I want to thank everybody for joining us today.

Thank you for your interest in FireEye, and I look forward to speaking to all of you in 90 days. Until then, please stay safe and healthy. Thank you very much.

Operator

[Operator signoff]

Duration: 73 minutes

Call participants:

Kate Patterson -- Vice President, Investor Relations

Kevin Mandia -- Chief Executive Officer

Brad Maiorino -- Executive Vice President and Chief Strategy Officer

Frank Verdecanna -- Executive Vice President, Chief Financial Officer, and Chief Accounting Officer

Matt Parron -- J.P. Morgan -- Analyst

Gregg Moskowitz -- Mizuho Securities -- Analyst

Jonathan Ruykhaverz -- Baird -- Analyst

Fatima Boolani -- UBS -- Analyst

Chris Speros -- Stifel Financial Corp. -- Analyst

Rob Owens -- Piper Sandler -- Analyst

Saket Kalia -- Barclays Capital -- Analyst

Dan Bartus -- Bank of America Merrill Lynch -- Analyst

Hamza Fodderwala -- Morgan Stanley -- Analyst

Shaul Eyal -- Oppenheimer and Company -- Analyst

Brian Essex -- Goldman Sachs -- Analyst

More FEYE analysis

All earnings call transcripts