Despite coronavirus-induced uncertainties, FireEye (NASDAQ:FEYE) this week posted first-quarter results in line with guidance. In addition, the cybersecurity specialist is accelerating its transition to growth areas. But investors should remain cautious as the company's recent results indicate significant challenges remain. 

Transition to cybersecurity growth areas is accelerating

During the first quarter, revenue increased to $224.7 million, up 6.7% year over year. 

The company's legacy hardware business -- appliances that provide advanced cybersecurity defenses -- dropped 10.8% year over year to $105.7 million. That result isn't surprising as enterprises are moving some of their computing infrastructure and applications to the cloud, which reduces the need for FireEye's hardware solutions.

In contrast, revenue from FireEye's platform, cloud subscription, and managed services segment (cloud-based network, email, endpoint, and other security solutions) increased by 33% to $68.4 million.

And if you add in professional services (mostly consulting), which jumped to $50.6 million, up from $40.6 million in the year-ago quarter, revenue from growth areas represented 53% of total revenue, up from 44% one year ago.

During the earnings call, management forecast this trend would accelerate throughout the year, and it took action in that direction during the quarter. FireEye implemented a restructuring that will cut approximately 6% of the company's workforce, mostly in the legacy appliance-based product business, and it acquired cloud-security specialist Cloudvisory for an undisclosed amount.

Person touching drawing of cloud and padlock

Image source: Getty Images.

Challenges in the cloud

Despite the company's increasing exposure to high-growth cybersecurity areas, investors should keep in mind FireEye will still be facing significant challenges.

First, the strong first-quarter revenue growth in the company's platform, cloud subscription, and managed services is partly due to the contribution of cybersecurity testing specialist Verodin, which FireEye, acquired in 2019 for approximately $250 million. Management didn't reveal Verodin's revenue, but it said last year that it expected Verodin's billings to exceed $70 million in 2020. Comparing revenue and billings isn't ideal, as they represent different metrics, but the point is that FireEye's organic growth (growth without acquisitions) was not that strong.

Second, because of the COVID-19 pandemic, many businesses deployed work-from-home solutions on short notice. FireEye and some other cybersecurity specialists, such as Check Point Software, have observed that cyberthreats have increased as hackers are trying to take advantage of the weaknesses these urgent deployments involve. Yet FireEye didn't overperform, posting first-quarter revenue in line with expectations, while competitors Check Point and F5 Networks disclosed similar results this week. The impact of the coronavirus remained limited as delays in some projects offset the boost from urgent cybersecurity implementations.

Third, some of FireEye's cloud-based products face remarkable competitors. For instance, FireEye competes with high-growth cybersecurity endpoint specialist CrowdStrike. Both companies offer a piece of software that leverages their cloud infrastructure to protect computers. FireEye doesn't disclose the individual performance of its products, but CrowdStrike's 93% revenue growth over the last 12 months indicates gaining market share won't be easy. Also, FireEye must still catch up with established vendors in the security testing solution area as management said during the last earnings call that it wanted to imitate competitors Rapid7 and Qualys to package Verodin, rebranded as Mandiant Security Validation.

Then, in contrast with software-as-a-service (SaaS) solutions that can serve extra customers at almost no cost, FireEye's consultancy business doesn't scale, which reduces the company's capacity to improve its negative operating margin

Looking forward

Management forecasts its restructuring actions will reduce FireEye's operating expenses by at least $25 million in 2020, compared to 2019. Yet given the company's declining legacy hardware business and strong competition in growth areas, turning last year's losses of $257.4 million into profits in the medium term will require many more improvements as well as flawless execution.

In addition, in contrast with many profitable cybersecurity vendors, such as Check Point, F5 Networks, and Cisco Systems,that can rely on large cash balances -- net of debt -- to survive a potentially prolonged recession without facing financial difficulties, FireEye's safety net is much thinner. Its total debt exceeded its cash and short-term investments by $43 million at the end of last quarter.

Thus, despite the company's apparently reasonable enterprise value-to-sales ratio of 2.8, based on the midpoint of management's full-year revenue guidance range of $880 million to $900 million, prudent investors should stay on the sidelines.