FireEye, Inc. (FEYE) CEO Kevin Mandia on Q2 2020 Results - Earnings Call Transcript

July 29, 2020

FireEye, Inc. (FEYE) Q2 2020 Earnings Conference Call July 28, 2020 5:00 PM ET

Company Participants

Kate Patterson - Investor Relations
Kevin Mandia - Chief Executive Officer
Brad Maiorino - Executive Vice President and Chief Strategy Officer
Frank Verdecanna - Executive Vice President, Chief Financial Officer and Chief Accounting Officer

Conference Call Participants

Matthew Parron - JPMorgan
Gregg Moskowitz - Mizuho Securities
Jonathan Ruykhaver - Robert W. Baird & Co.
Fatima Boolani - UBS
Christopher Speros - Stifel Nicolaus & Company
Rob Owens - Piper Sandler
Saket Kalia - Barclays Capital
Daniel Bartus - Bank of America Merrill Lynch
Hamza Fodderwala - Morgan Stanley
Shaul Eyal - Oppenheimer & Co. Inc.
Brian Essex - Goldman Sachs

Operator

Good day, everyone, and welcome to the FireEye Second Quarter 2020 Earnings Results Conference Call. At this time, all participants are in a listen-only mode. Later, we will conduct a question-and-answer session and instructions will follow at that time. [Operator Instructions] Also, this call is being recorded.

At this time, I would like to turn the call over to Kate Patterson. Please go ahead.

Kate Patterson

Thank you, Joelle. Good afternoon, and thanks to everyone on the call for joining us today to discuss FireEye’s financial results for the second quarter of 2020. This call is being broadcast live over the Internet and can be accessed on the Investor Relations section of FireEye’s website at investors.fireeye.com.

With me on today’s call are Kevin Mandia, FireEye’s Chief Executive Officer; Frank Verdecanna, Executive Vice President, Chief Financial Officer and Chief Accounting Officer of FireEye; and Brad Maiorino, FireEye’s Executive Vice President and Chief Strategy Officer. After the market closed today, FireEye issued a press release announcing the results for the second quarter of 2020.

Before we begin, let me remind you that FireEye’s management will make forward-looking statements during the course of this call, including statements relating to FireEye’s guidance and expectations for certain financial results and metrics; the impact of the COVID-19 pandemic; FireEye’s priorities, initiatives, plans and investments; drivers and expectations for growth and business transformation; the expansion of FireEye’s products, subscriptions and services; and the benefits, capabilities and availability of new and

These forward-looking statements involve a number of risks and uncertainties, some of which are beyond our control, which could cause actual results to differ materially from those anticipated by these statements. These forward-looking statements apply as of today, and you should not rely on them as representing our views in the future, and we undertake no obligation to update these statements after the call.

For a detailed description of the risks and uncertainties, please refer to our SEC filings, as well as our earnings release posted an hour ago. Copies of these documents may be obtained from the SEC or by visiting the Investor Relations section of our website. Additionally, certain non-GAAP financial measures will be discussed on this call.

We have provided reconciliations on these non-GAAP financial measures for the most directly comparable GAAP financial measures in the Investor Relations section of the website, as well as in the earnings release.

Finally, I’d like to point out that we have posted the supplemental slides and financial statements on the Investor Relations section of the website.

With that, I’ll turn the call over to Kevin.

Kevin Mandia

Thank you, Kate. I’d like to thank all of you for joining us today, all the investors, the employees, the customers and the partners that have such a strong interest in FireEye. I hope all of you, your families and your loved ones are staying healthy during these unprecedented times.

I’m proud of how FireEye has responded to the current challenges the world is facing. We made the pivot to work from home in March. And as working from home continued over the months, we maintained productivity and we delivered the results we set out to accomplish in the second quarter.

I’m going to begin today’s call by discussing some Q2 highlights. I’ll provide an update on our innovation, both Mandiant Solutions and FireEye products. I will then turn the call over to Brad Maiorino, our new Executive Vice President and Chief Strategy Officer. And then we will conclude our prepared remarks with the discussion of our financial results from Frank.

We did what we said we’d do in the second quarter. We exceeded our guidance range on both the top line metrics, as well as the bottom line. In fact, revenues in the second quarter were the highest second quarter revenues in our history and our non-GAAP operating income was the highest we have ever had as a company.

So let me share some additional highlights. Q2 revenue was $230 million, $15 million above the midpoint of our guidance range. Our revenue growth was led by year-over-year increase of 30% in our platform, cloud subscription and managed services categories, which includes our validation, threat intelligence and managed defense offerings, as well as our cloud-based security products such as EPP and cloud endpoint. Annual recurring revenue for this category increased 27% year-over-year.

I’m very proud about the performance of the Mandiant Consulting services. Revenue for the service grew 21% compared to the second quarter of 2019. This marks the ninth quarter in a row of record revenue for our professional services, the sixth quarter of year-over-year revenue growth greater than 20% and the third quarter in a row that our services revenue exceeded $50 million.

Our threat intelligence annual recurring revenue grew 27% year-over-year, reflecting just how differentiated our frontline knowledge and global threat intelligence really is. The composite of our revenue continued its shift from our appliance-based heritage and our control products to our cloud-based products and Mandiant Solutions.

Combined revenue of our platform cloud category and our professional services category eclipsed our more mature appliance-based business again in the second quarter and accounted for 55% of our total revenue. This compares to 46% of our total revenue a year ago and 40% in the second quarter of 2018. So we have the evolution in the right direction.

And another major milestone, our annual recurring revenue for platform, cloud and managed services surpassed the product and related category for the first time ever. We achieved these results while significantly reducing our cost structure, generating a non-GAAP operating margin of 10% and a record non-GAAP operating income, net income and earnings per share.

We also added more than 200 new logo customers in the quarter and closed 39 transactions greater than $1 million. While both these metrics are down from slightly a – down slightly from a year ago, this performance is in line with expectations given the current environment.

We first mentioned a year ago that we were seeing two related, but different areas of focus emerged within FireEye, which we referred to as platform and solutions business and a products business.

Since then, we have optimized our investments, reorganized our development teams, and placed new leadership in each of these two areas. We also created two separate brands, FireEye products and Mandiant Solutions, to better reflect our internal structure. Doing so allows us to simplify our go-to-market strategies and to leverage the equity of each brand.

FireEye products has control technologies to best protect our customers and Mandiant Solutions has a product agnostic offering to enable and empower all security technologies to be as effective as possible.

Our innovation cycle fuels and enables both the FireEye products and Mandiant Solutions businesses, each relies on and constantly improves from our frontline experiences an incident response, performing Red Team engagements, and our global threat intelligence network.

So now, I’ll provide you an update on both these areas. I’d like to begin our update with Mandiant Solutions, which consists of Mandiant Consulting, our threat intelligence, our managed defense and our security validation capabilities. And we’ll start with consulting.

As I said earlier, our services business had its ninth straight quarter of record revenues, an increase of more than 20% over the second quarter of 2019. We will continue to invest in consulting for at least three reasons.

First, I believe our Mandiant Consulting services will continue to deliver above-market rate growth. This growth is driven by two predominant factors, a threat environment that remains elevated and our reputation as the recognized industry leader in incident response and cyber security consulting.

The second reason we continue to invest in Mandiant Consulting is that, our services drive strong long-lasting customer relationships that lead to follow-on business. As an example, our incident response is often the tip of the spear for new logo customers, and more than 90% of our service customers purchase additional products or services within 12 months following our initial engagement.

And third, our services deliver one of the highest contribution margins in the company. Therefore, we are creating new services and adding the capacity to deliver these services in order to continue the momentum of the Mandiant Consulting practice.

Now, I’d like to update you on the Mandiant Intelligence and Mandiant Validation. Customers and security operators routinely want to know everything we know about cyber threats, and they want to answer two questions. Are they currently compromised by these threats? Or could they be compromised by these threats?

Therefore, under the leadership of Chris Key and Sandra Joyce, we have modernized the delivery of our threat intelligence and coupled it with our validation capability to address this need. We call combining both our threat intelligence and our security validation, the Mandiant Advantage, and we plan to make it available to our customers during this quarter.

With the Mandiant Advantage, along with our proprietary threat intelligence, we will also be including related open source information, so that customers will be able to know what we know in real-time and apply that knowledge to their own security alerts coming from any source.

In short, the Mandiant Advantage is like adding our threat intelligence team to our customer security operations with results at network speed. In addition, our customers will be able to seamlessly pivot from our threat intelligence to security validation. This will enable our customers to simply and safely execute real cyber attacks and hone their defenses based on the results of these attacks.

We believe the simplicity, elegance and ease of the Mandiant Advantage is a major step in our transformation. And that will be instrumental in embedding our threat intelligence and validation capabilities into all security operations, whether they leverage FireEye control products or not.

We are also expanding our Mandiant Managed Defense offering. Starting later this year, we plan to offer our managed defense capability with third-party endpoint technology for the first time. By offering managed defense without being exclusive to FireEye products, we expect to expand our addressable market and enable new technical partnerships and alliances.

And now, I’d like to provide you an update on our products business under the leadership of Bill Robbins. FireEye products leverage our frontline threat intelligence to provide the most up-to-date defense against cyber attacks. Protecting our customers from threats on the network and e-mail on the endpoint, and then the cloud remains a core part of our mission.

Over the last three years, we have modernized our products business with new form factors, simplified our go-to-market and we have a greater focus on customer success. We also continue to enhance the products with new features to support our customers.

Our endpoint annual recurring revenue increased more than 30% year-over-year, with cloud endpoint ARR, up more than 100% for the second consecutive quarter. The investments we have made have driven above-market growth, as well as industry recognition.

For example, for endpoint, we achieved the highest cumulative detections across all categories, among the 21 evaluated vendors in the 2019 MITRE ATT&CK assessment. And most recently, we won recognition at the Best Endpoint Security in the 2020 SC Europe Awards.

Our launch of Endpoint Security 5.0 in the second quarter was one of our best releases ever. A key to this release was our innovation architecture, which represents the shift to a more modular design that results in faster innovation in new detection, new protection and enterprise readiness features. We believe next-generation cloud endpoint, including managed EDR, continues to represent a growth opportunity for us and we are increasing our investment in our endpoint solution.

We continue to innovate network security, raising the bar and detection leadership, while enabling customers to expand their deployments into public and private clouds. Our Network Security 9.0 release during the quarter included more than 40 customer requested features, including support for Microsoft’s Azure and bring your own license options for both AWS and Azure.

In May, we added new capabilities to Helix that further enhance the safety and security of remote workers. These and other product innovations are helping us deliver control technologies that better protect our customers with offerings available on-premise and in the cloud, that leverage our industry leading threat intelligence obtained on the frontlines.

In conclusion, we continue to accelerate FireEye’s transformation. Our Chief Operating Officer, Peter Bailey, is helping lead this transformation by focusing us on higher profitability and increased growth of our cloud category and ARR as our emerging key metric. We are also transforming our back office from our appliance-based heritage to a modern quote-to-cash process.

We recently appointed Dave Baumgartner as our CIO to facilitate the changes required, and we are laser-focused on changing our processes to better support our subscription businesses and delivering our solutions in a more modern and simple way. I want to thank all FireEye employees for all the progress we have made toward our transformation and for their continued efforts and focus through these most unusual times.

And now, I’m about to turn the call over to Brad Maiorino, our new EVP. I’ve known Brad for over a decade. And during that time, I got to watch him transforming the security operations of Target, Thomson Reuters, General Motors and General Electric. He uses specific methods to create and measure security programs and we have the means to improve upon and institutionalize these practices.

So I’m going to turn the call over to Brad, who is going to share his perspective on the industry and the reasons why he joined FireEye today. Over to you, Brad.

Brad Maiorino

Thanks, Kevin, and hello to everyone on the call. As Kevin said, I was the CISO for 15 years, leading the transformation of IT risk and security programs at some of the largest companies in the world. And the playbook I used to do this always included one company every single time and that company was FireEye.

So why is FireEye always been a key partner in my transformation playbook? It all starts with the foundation of what makes this company so special. Simply said, I believe then and I believe even more strongly now that we have the world’s best cyber expertise and threat intelligence and that we know more about the bad guys than anyone in the industry.

Our Intel is derived from an organization that’s been operating for over 15 years, and the knowledge gained from responding to over 800 incidents a year. And that work is supported by 180 analysts operating in 22 countries and monitoring in over 30 languages.

This Intel is an applied upstream into all FireEye products and solutions, from our endpoint cloud solutions, how we respond to incidents, how we hone for bad guys in your network, help build and manager stock and test the effectiveness of your security program through red teaming and automated validation. There’s simply nothing else like FireEye’s comprehensive set of cyber expertise, threat intelligence and products and that is why I joined FireEye.

So looking ahead, given the unprecedented rise in frequency and sophistication of attacks, one of the areas I’m most excited about is the security validation business. If there’s one thing all companies need to be doing right now is to validate the effectiveness of their security programs. And that’s exactly what Mandiant Validation is all about.

We have taken the power of Verodin, which we acquired last year, and combined it with our global and breach intelligence to create a platform that helps companies answer two very simple questions. If I were attacked today, would they detect it? And how effectively could they respond to it?

When someone reads a headline about a company being shutdown due to a ransomware attack, the first thing they ask themselves is that, could that happen to them? How ready are they for that? Companies want to know how effective their security program is, not hope it is effective, hoping is never a good strategy.

And then also, given where we are in the COVID world, we’re all looking at ways to take costs out of our respective organizations. Mandiant Validation not only tells you what’s working or what’s not working, it can also tell you what return you’re getting on your security investments, giving you the data you need to make decisions about where you can effectively manage cost of ineffective security controls out of your organization.

And we’re finding that more and more companies want this insight, given the cost constraints faced by all companies in this COVID world. And there are a number of companies that do this, but none of them have the combined power of the Verodin platform backed by Mandiant Intelligence.

So this is why I’m here and excited to be part of this world-class team and help our customers combat this ever-evolving threat landscape.

So thank you. And I’ll turn the call over to Frank.

Frank Verdecanna

Thanks, Brad, and hello to everyone on the call. Before we move on to the details of our Q2 results and the guidance for Q3 and the remainder of 2020, let me remind you that I’ll be referring to non-GAAP metrics, except for revenue and operating cash flow.

Our non-GAAP measures exclude stock-based compensation, amortization of intangibles, non-cash interest expense on our convertible debt, restructuring charges and other non-recurring items.

As a high-level summary, Q2 was a really strong performance for us across all key metrics. I echo Kevin’s comments that we executed extremely well in this uncertain environment. We delivered revenue of $15 million above the midpoint of our guidance range and reduced our operating costs by $17 million compared to Q2 of 2019.

As a result, we delivered our highest ever non-GAAP operating profit of $22 million. We also delivered positive operating cash flow of nearly $15 million and free cash flow of $9 million.

Now let’s turn to the details. We remain focused on annualized recurring revenue and revenue as the most important indicators of our financial performance. ARR provides insight into the expansion of our installed base of reoccurring subscription without regard to short-term changes in average contract length, or timing of large renewals, which, as we’ve seen, can cause volatility in the quarterly growth rates for billings.

Revenue reflects growth in our deferred revenue balances and drives our profitability. For these reasons, we believe ARR and revenue are better indicators of the progress on our transformation journey, especially in the current environment.

Some color on our Q2 billings performance illustrates this point. We delivered $203 million in billings during the quarter, down 8% from Q2 of 2019. The year-over-year decline was a result of three factors.

First, in Q2 of 2019, we booked a large multi-year government appliance refresh and renewal deal that was entirely on-premise e-mail security. While this deal did not reach the $10 million threshold that we typically disclose, it was at the very upper-end of a $5 million to $10 million range. We did not book any transactions approaching this size in Q2 of 2020.

Interestingly, when I look at the details of large deals in Q2 of 2020 compared to Q2 of 2019, the most significant difference was in deals greater than $3 million. We booked five deals greater than $3 million in Q2 of 2020, compared to nine in Q2 of 2019. I believe the decline is most likely related to the uncertainties of the current environment, as deals as large are typically multi-year and paid upfront.

Second, the same trend is reflected in the decline in average contract length in Q2. Overall, ACL declined by about two months and had the effect of reducing reoccurring and total billings by about $12 million.

Finally, recall that the appliance sales were relatively strong in Q2 of 2019, due to the refresh cycle associated with the End of Life of our X300 appliances. Product and related subscription billings were up 5% year-over-year in Q2 of 2019, led by a 24% year-over-year increase in appliance sales.

This compare made the Q2 decline in product and related subscriptions category look much sharper than longer-term trend suggests. I’m providing this detail, so you can see how factors that have little to do with our current operating performance can impact the uptick.

Our sales have traditionally been weighted towards large enterprise and government customers. And this can drive big deals and make variation between quarters. However, our ARR metrics show that these long-term strategic customers rely on our products and solutions to protect their organizations as much as they always have.

Looking at our revenue and ARR by breakout categories. Our shift to cloud-based and cloud-delivered solutions continued in Q2, with platform, cloud subscriptions and managed services revenue, up 30% year-over-year. This category accounted for 32% of total revenue, compared with 26% of total revenue in Q2 of 2019.

Platform, cloud and Mandiant Services ARR increased 27% year-over-year and 5% sequentially and accounted for more than half of our ARR for the first time. Revenue associated with on-premise product and related subscription business was down 12% year-over-year. A large portion of the decline was associated with appliance hardware, as appliance sales from prior periods are fully amortized.

ARR for the product and related subscription category continues to stabilize, with ARR down just 2% sequentially. This decline was more than offset by sequential increase in the ARR of the cloud version of our products.

Professional services revenue was a record $53 million and accounted for 23% of total revenue, compared with 20% of total revenue in Q2 of 2019. Strong demand for our expertise and a higher mix of our incident response services allowed us to maintain high utilization rates and chargeability, which translated into record gross margin of 57% for services. Lower travel, which is charged back to customer at cost or 0% gross margin was also a factor.

The increase in services gross margin helped drive our total gross margin to 72% consistent with Q2 of 2019 and above our guidance range of 68% to 69%. Operating expenses declined $17 million from Q2 of 2019, reflecting our reduced cost structure, following the first-half 2020 restructurings, as well as roughly $8 million to $10 million of lower travel and entertainment and lower facilities operating costs due to the worldwide shutdown related to COVID-19.

The combination of higher than expected revenue, improved gross margin and lower costs translated into record operating income of $22 million and earnings per share of $0.09.

Turning to the balance sheet and cash flow. Our balance sheet remains very healthy. We ended the quarter with cash and short-term investments of $914 million. The cash balance reflects payment of a significant portion of the Q2 restructuring charge and the repurchase of $96 million of the $120 million in Series A’s convertible notes. The total amount of convertible notes outstanding is now approximately $1.1 billion.

We ended the quarter with $120 million receivables, a decrease of $20 million from the $140 million in ARR at the end of Q1. DSOs declined to our historical range at 54 days, a decrease of 20 days from the end of Q1 due to good billings linearity and collections of some of the outstanding receivables carried over from Q1.

Our strong collection performance resulted in operating cash flow of $15 million and free cash flow of $9 million. Total deferred revenue at quarter-end was approximately $893 million, a decrease of $27 million sequentially and $20 million from the end of Q2 of 2019.

Product and related deferred revenue decreased by almost $66 million from a year ago, as appliance sales and the related subscriptions and support from prior periods are fully amortized. The year-over-year decline in product and related deferred revenue was partially offset by a $20 million increase in platform, cloud and managed services deferred revenue.

Note that deferred revenue associated with professional services projects declined about $3 million on a sequential basis from the near record levels of Q1. With increased capacity in our strategic consulting business from hiring over the last year, we were able to work through some of the backlog of committed projects.

Our top line results validate the resilience of the business and the relevance of our strategy. While the improvement of our operating profit and cash flow demonstrates our resolve to transform our operating model and deliver profitable growth.

Now, let’s turn to our current outlook for Q3 and the second-half of the year. As we’ve discussed before, changes in average contract length, the timing of large transactions and subsequent renewals, customer preference for on-premise versus cloud form factors and periodic billings, all have the potential to impact the quarter-by-quarter billings mix and growth rates. This is especially true in the current environment.

As a result, we are not guiding to billings number for either Q3 or for the year. However, with more than 90% of our non-services revenue recognized from the balance sheet, we have good visibility into our revenue and operating model, and we are comfortable guiding to revenue, operating profit and earnings per share.

I’m pleased to say that with the continued momentum we are seeing early in the third quarter, as well as the strong revenue and operating results posted in Q2, we are raising our guidance for revenue, operating margin and earnings per share for the second-half of 2020 and the year.

For Q3, we expect revenue in the range of $225 million to $229 million, gross margin of between 70% and 71%, operating margin of between 7.5% and 8.5% and fully diluted earnings per share of between $0.06 and $0.08.

For 2020, we are raising our revenue guidance range to $905 million to $925 million, an increase of $25 million at the midpoint from the previous guidance. We now expect gross margin of between 70.5% and 71.5%, compared to our prior period expectation of 69% to 70%. This range assumes our services gross margin returns to a more sustainable range of 52% to 53% in the second-half of the year.

We are raising our operating margin guidance range to 6.5% to 7.5%, which reflects our increased revenue range and our reduced cost structure, as well as lower travel and facility operating costs as compared to 2019. Embedded in this guidance, our assumptions about the ongoing impact of the COVID-19 pandemic on our operating metrics that you should consider as you build your models.

First, we do expect T&E and facilities operating costs to increase from the lows in Q2, as restrictions are lifted in certain international regions. As we outlined in our Q1 call, we expect the restructurings we did in the first-half to reduce our operating costs by about $25 million in 2020, compared to 2019, and this remains our expectation. We also expect to see a continued decline in the average contract length by about two months compared to a year ago.

And finally, we remain somewhat cautious about the potential impact of the pandemic on services billings and revenue growth rates. More specifically, our current outlook does not anticipate a sequential increase in services revenue in Q3. Also, we do not expect to see the same surge in prepaid services billings we saw in Q4 of last year when services billings exceeded $70 million.

As noted, this is based on what we know and believe as of today. There’s a lot of uncertainty that has been created because of the COVID-19 pandemic. But I believe we have proven the resilience of our business. We do – we are doing our best to provide you with guidance, while operating in this uncertain environment. But I’m confident in our ability to deliver on improved revenue and profitability outlook as we continue to transform our business.

Operator, we’ll now open the call for questions.

Question-and-Answer Session

Operator

Thank you. [Operator Instructions] Our first question comes from Sterling Auty with JPMorgan. Your line is now open.

Matthew Parron

Hi, guys. This is Matt on for Sterling. Thanks for taking the question.

Kevin Mandia

Hi, Matt.

Matthew Parron

With regards to the impacts you’re seeing from COVID on the business, which products are you seeing? Did you see increased demand for throughout the quarter?

Kevin Mandia

So similar to last quarter, we actually saw Intel and cloud endpoint performed very well in the COVID environment. Services, which is one area that we thought might be impacted more significantly by COVID, actually had an incredibly strong quarter. We saw a very high mix of incident response engagements, which because of the elevated threat environment, we were firing on all cylinders there as well.

Matthew Parron

Got it. That’s very helpful. And then one follow-up. With regards to the services margin, long-term, do you think that the current environment maybe shifts, how much of the deployment that you can do remotely and that, that could potentially benefit the operating margin line? Thanks.

Kevin Mandia

Yes. Really, the only impact from a services margin perspective, there were two components to it. The first component was a higher mix of incident response, which is at a higher rate per hour. So that obviously benefited the services gross margin. And then the fact that we’re not doing a lot of on-site travel. And so, that helped, because we don’t have a component of what we’re charging at very low margin.

So, when we get reimbursed for travel, that’s basically at cost. So that does bring down the overall gross margin. I would expect that going forward, the new norm will probably continue to deliver a lot of stuff remotely, but there’ll be occasions for on-site engagements as well.

Matthew Parron

Great. Thank you.

Kevin Mandia

Thank you, Matt. Thank you.

Operator

Thank you. Our next question comes from Gregg Moskowitz with Mizuho. Your line is now open.

Gregg Moskowitz

Okay. Thanks very much and nice to chat with you guys. I guess, my first question is just on Verodin/validation. I think a strong argument can be made that the ability to implement and enforce security controls is more relevant in the current environment than ever, which I think Brad was talking about as well. What I’m wondering is, how much evangelism, if you will, is required today in order to help customers understand the value-add of that service?

Kevin Mandia

This is Kevin speaking. I think there’s still a little bit of evangelism. There’s not real space there yet. So what I’m observing is a couple of patterns. And first, it’s – our sales force has warmed up to it. So you’re going to see, in my opinion, pipelines increasing nicely, and I like that. We’ve got the behavior amongst our entire sales force that it’s a relevant service.

The second thing, though, is it depends on the state and maturity of their customer. And what will happen is a lot of times, if you red team a customer and they have two years of remediation to do, they don’t need to do continual red teaming. So this is something that there’s almost like your red team somebody, they do the remediation to that, and then the amount of drills, they do get more incremental and a little bit faster.

So right now, I’d say, validation is something the 1A Enterprises and the mature teams are doing or will be doing shortly. And for the folks that are less mature, they may do it once, do a couple of quarters of remediation and then get back to doing it on a more repeated basis. But it’s still in emerging market, I’m just confident that it’s going to be one that matters.

We had a multi-decade run of patch management, let’s just patch everything. But this is even better than that. This is unvarnished truth, doesn’t attack work or not. And to me, that is something you can take up to the Board and have a very tangible and simple conversation rather than, well, we scanned 122,000 hosts. We had 57,000 vulnerabilities. We rack and stack those into four different buckets from critical to non-critical, and then here’s where we’re at in our remediation drills. Nobody understands it, nobody can comprehend it.

So I’m giving you a longer answer than what you asked for, but we like the growth that we’re seeing with validation. But again, if you go to Gartner, or you go to other analysts, they’re saying, this is a five years out sort of thing. Our goal is to let people know the value of it now, that it just provides more value now than so many other alternatives when you’re trying to tweak the knobs on your security instrumentation.

Gregg Moskowitz

Okay. That’s really helpful, Kevin. Thanks for that.

Kevin Mandia

Thank you.

Gregg Moskowitz

And then Mandiant Advantage, I think, it’s interesting as well.

Kevin Mandia

Yes.

Gregg Moskowitz

How should we think about the price uplift for Mandiant Advantage versus the standalone threat Intel and validation? And then also, will there be some sort of promotional pricing for existing customers that have already bought one service, but not the other?

Frank Verdecanna

Yes, Gregg, it will be an uplift, obviously. But it’ll really depend on the level of service they’ll be getting and how much they’re going to deploy it within their environment. But we will have an opportunity for some strategic customers to actually adopt it in Q3, and we’ll have some promos that we roll out in Q4 as well to get a decent amount of existing customer base on it.

Gregg Moskowitz

Great. Thank you.

Kevin Mandia

Thank you, Gregg.

Operator

Thank you. Our next question comes from Jonathan Ruykhaver with Baird. Your line is now open.

Jonathan Ruykhaver

Yes, good afternoon. I’m wondering if you can elaborate more on the smaller number of new logos added in the quarter just the challenges you’re seeing on adding new customers, is it a certain segment of the market you server or is it broad-based? Is it something you expect to continue?

Frank Verdecanna

Hi, Jonathan, this Frank. Yes, I think in this environment, there’s plus and minuses in this environment. The plus is, we are seeing a little bit higher renewal rates. We’re also seeing a little bit more traction from follow-on business with existing customers.

One of the downsides is your new customer acquisition is a little bit more challenging in this environment, because in a lot of cases, your sales force is obviously not able to be on-site and selling a new product to a new customer, I think, is a little bit more challenging in this environment.

So, intuitively, that wasn’t surprised. Yes, that we did see year-over-year decline. But I think, if you look at kind of the large strategic customers, every aspect of our business from pipeline to every other key metric are trending really well. So, all customers aren’t created equally, and so new customer logos is a metric, but by no means one of the more significant ones.

Jonathan Ruykhaver

Okay, that’s helpful. So I guess, that leads me into my second question just around the platform adoption. Can you talk to us about the products that are leading the charge in terms of adoption? Have you seen any change there related to COVID?

Frank Verdecanna

Yes, similar to Q1, we saw a little bit of more uptick than we had seen in 2019 on Intel and cloud endpoint. So those seem to be things that become probably a little bit more important in this environment. That – those were probably the only really changes that kind of pre-COVID.

We have seen – to our surprise, we have seen an entire – our entire services be able to be delivered remotely. And pre-COVID, we delivered a lot of services remotely, but not everything. And so, it was really good to see things like training that customers typically like on-site to be able to deliver that remotely in Q2.

Jonathan Ruykhaver

So no real change in demand trends around EOD, like some managed defense?

Frank Verdecanna

No. No, I think it’s pretty similar. It’s probably the only negative impact in some of those areas where we are – we did see contract length come down a little bit, which is not surprising that in this environment customers are oftentimes committing to a lot less paid upfront dollar engagement.

Jonathan Ruykhaver

Right. Okay, good. Thank you.

Kevin Mandia

Thank you, Jonathan.

Operator

Thank you. And our next question comes from Fatima Boolani with UBS. Your line is now open.

Fatima Boolani

Good evening, everyone. Thanks for taking the question. Brad, maybe I’ll start with you and welcome to the team. I’m curious about the key objectives for you as Chief Strategy Officer and the top initiatives that you plan to undertake in your role?

Brad Maiorino

Yes, thank you. So first is, it’s really about taking kind of my experience and applying it to our strategy. And that’s – how do we go to market with what products and when. And just really being that in-house customer representing and evangelizing internally what our customers want and then turning around and evangelizing that externally.

Fatima Boolani

That’s helpful. And, Frank, if I may follow-up for you. If you can help us put a finer point on the geographic performance and certainly vertical-based performance, anything to call out there in terms of acute areas of weakness and particularly, as the pandemic has sort of traveled globally and certain geographies and areas have lifted restrictions? I’m wondering how that sort of impacted the business in 2Q and how you’re sort of envisioning or incorporating that in your outlook for the year? And that’s it for me. Thank you.

Frank Verdecanna

Sure. So, Fatima, I think from a geo perspective, obviously, the COVID pandemic has kind of had them flowed in different areas. But as we look at it from a delivery perspective, from a new customer acquisition perspective, it really hasn’t changed that much kind of pre-COVID, post-COVID.

I think, there has been certain pockets and certain areas that probably saw a little bit more pressure at different points in the quarter. But even those areas within a full 90-day period, it seems to kind of ebb and flow. So I would say, from a geo perspective, just not a lot of difference by geo relating specifically to COVID. I think most of the various impact on things like contract length has been more across the Board.

Fatima Boolani

And just the same question on a vertical basis, an end market basis?

Frank Verdecanna

We’ve seen probably a little bit less in the kind of harder hit industries like oil and gas and transportation. But other than that, it really hasn’t been very much different from a vertical perspective. We had a very strong state and local quarter in the second quarter. We’ll have a very strong fed quarter this quarter. So it follows kind of the typical patterns.

Fatima Boolani

Very helpful. Thank you so much.

Kevin Mandia

Thank you, Fatima.

Operator

Thank you. And our next question comes from Gur Talpaz with Stifel. Your line is now open.

Christopher Speros

Hi. This is actually Chris Speros on for Gur. For Kevin…

Kevin Mandia

Yes.

Christopher Speros

…you mentioned in the prepared remarks that you were planning on adding incremental services to the Mandiant Consulting business. Can you talk about what services you plan to add and what’s driving those additions?

Kevin Mandia

Absolutely. One of the things that we’re the best at is responding to breaches, it’s really hard to forecast that. Even though we have 17 years of history doing it, you tend to not know who is going to get compromised tomorrow and what to do about it.

So what you start doing is, saying, if you want to have more predictable revenues and knowing where your folks going to be working six weeks out, we do a lot of that with red teaming, but we got to get into what we call more strategic services. And the interesting thing is, with our specialty, I think last quarter, over 40% of our services revenues and maybe even higher than that were from responding to breaches. It’s again hard to schedule it.

But when you do those things, we’re writing these remediation plans. And here’s what to do about it. And most of the time when we’re the first ones through the door, the pros from Dover, we are being asked to take somebody from security point A to security point B, how do we get better and how do we get there?

And over the years, we’ve kind of punted on those. And we said, you know what, that, that’s somebody else’s job, they can come in and do that. I believe right now, we’ve got all this incredible frontline expertise. We’re responding to these breaches. We’re figuring out what happened and what to do about it. And then we’re getting on the plane and flying back and we can’t do that.

We got to go the extra mile and start doing those transformation services in greater volumes. They’re more predictable. They’re stabilized. The spikes that you can get in services over time to get a bunch of incidents one quarter and not as many the next. And it also – another reason why we brought in Brad and we have Charles Carmichael internally running this is that Mandiant over the last six or seven years, we really haven’t concentrated on the top of the pyramid for consulting.

We’ve hired a whole bunch of frontline responders. We have a whole bunch of directors managing it. They’re unbelievably busy. They’re unbelievably chargeable. But then what the other consulting firms would call the partner level, we don’t have a lot of people. And if you want scale and services, that’s where you have to hire, that’s how you get it.

So we’re focusing on strategic services. We’re focusing Jurgen Kutscher, who runs that on hiring at the top of the consulting pyramid to grow it. And we’re absolutely phenomenal at it. That’s one of the main thing.

So everybody thinks, wow, you respond to breaches, that’s just so tactical. It means you actually have total command of the strategy around transforming security operations. I believe we may write more transformation plan than anybody on the planet. We just don’t help our customers go through them. So we’re going to start doing it.

Christopher Speros

Thank you, Kevin. That’s a great color. And one for Frank. Can you talk about how we should expect the appliance business to trend through the back-half of the year?

Frank Verdecanna

Yes, I think we’ll see a little bit more stabilization on the product and related business. If you look at the first two quarters of 2020, the compares were against heavy product refresh quarters in 2019. As you recall, we did the End of Life for the X300 appliances at March 31 last year. So Q1 and Q2 had some pretty significant refresh activity. Q3 is more of an apples-to-apples.

So, I think you’re going to see stabilization there. And like I mentioned earlier, we are seeing a little bit of an uptick in our renewal rate. So we feel like that we’ll see that part of the business stabilize at the back-half of the year.

Christopher Speros

Great. Thanks, guys.

Kevin Mandia

Thank you, Chris.

Operator

Thank you. Our next question comes from Rob Owens with Piper Sandler. Your line is now open.

Rob Owens

Great. Thanks for taking my question.

Kevin Mandia

How are you, Rob?

Rob Owens

I’m doing well. How are you doing?

Kevin Mandia

Fantastic.

Rob Owens

Excellent. Kevin, can you kind of just play for us the COVID continuum relative to how the quarter played out on a linearity perspective. And we went into this at the end of March, which is usually a busy period. But curious as to your big deals are up, your logos were down quarter-over-quarter….

Kevin Mandia

Right.

Rob Owens

DSOs look good. How did the linearity play out? And how did the quarter take shape?

Kevin Mandia

Yes. And Rob, you’re not going to like my answer, because in these 90 days, the linearity was better than ever before. I mean, we couldn’t explain it at the time of going through it and I’ve seen other CEOs say the same thing. It was almost like people push back against the COVID pressure and our linearity, we were always ahead during the quarter.

The whole quarter, our sales professionals and what they predicted kind of fell right in line with what they said all along. So we did not feel the impact. In fact, we felt almost the opposite, better linearity, more discipline amongst the buyer. And yes, things fell in line for us.

Rob Owens

Well, actually, I like that answer, Kevin. So I think you misinterpreted my response. So I think that…

Kevin Mandia

Got it.

Rob Owens

…that then begs the second question relative to your guidance.

Kevin Mandia

Yes.

Rob Owens

And I think the midpoint of the range, you lose about 5 points of growth quarter-over-quarter. Understand that this is the first full comp you have relative to Verodin. How much is associated with that versus just the general environment? And, of course, the thoughts on the federal Senate? Thanks.

Frank Verdecanna

I think, Rob, this is Frank. The current environment, we are similar to last quarter when we gave guidance. We are expecting some level of impact from COVID on the services side. So we are expecting a sequential down quarter on the services side, that may not happen.

But as we look at it today, Q2, that team was incredibly chargeable. I mean, yes, there’s no – well, it’s very unlikely that the mix will be as high of incident response engagements and it’s very unlikely we can maintain that level of chargeability in the third quarter, because the third quarter tends to be a little bit seasonal on the services side. There are more vacations, the summer slowdown in Europe, all kind of hits in the third quarter.

And so that’s why you see from a revenue guidance perspective, a little bit of sequentially, potentially down quarter-over-quarter. But as we look forward, we’ve been adding to the services team. So we feel very good about that longer-term. And I think with the growth on the platform cloud side, I think, you’re going to see continued contributions there. And, like we talked about a little bit earlier on the stabilization on the product and related, I think, we’ll see a little bit of…

Kevin Mandia

Yes.

Frank Verdecanna

…benefit there as well.

Kevin Mandia

And some of the color, Rob, having run that thing for over 16 years now, what I observed in Q2 is, we said no to a lot of jobs, and you can’t always control the inbounds when there’s a breach. But I felt like our nose were a little higher in Q2 based on capacity. But when that happens, you do get a little bit of burnout.

When you get burnout, sometimes folks come off a couple of jobs and you have to give them a week to collect themselves, and that week is hitting in Q3 for us. And then at one of our last new hires, I just know the attendance at our last consulting onboarding was about 77 folks. When you add that many people, there’s also that half step backwards to go two steps forward.

When you onboard in this environment, I’m not convinced I know what the new normal is for onboarding. Does it take them one engagement to be up to speed? Four engagements to get up to speed? Because I do know we’re working. We’re working remotely. We’re working in a little bit differently. But there’s no question, onboarding is probably going to take a tiny bit longer with on the job training.

And then I think we’re going to have to change. We did fixed fee jobs. You pay for us upfront. I think we’re one of the only consulting cores running that way. I think in the COVID environment, we’re going to have to change that a little bit. And we’re a products company, we like billings, billings, collect upfront. That’s not a services business, but we’ve run our services in the model of it almost being a product.

I think one of the ways we can continue the growth there is to start changing that payment cycle. Let’s do the services first and then charge for it. And that’s okay, and we may have to do a little bit more of that through this current environment.

Rob Owens

All right. Thank you, guys.

Kevin Mandia

Thank you, Rob.

Frank Verdecanna

Thank you, Rob.

Operator

Thank you. Our next question comes from Saket Kalia with Barclays Capital. Your line is now open.

Saket Kalia

Okay, great. Hey, guys, thanks for taking my questions here. How are you?

Kevin Mandia

Doing great, Saket. How are you?

Saket Kalia

Good, good. Hey, Kevin, maybe just to start with you.

Kevin Mandia

Sure.

Saket Kalia

In your prepared commentary, you touched on some new SKUs that were available for network security in the public cloud. You spent a lot of time with customers, as well as Brad. I mean, I’m wondering what your customers are telling you about their desire to put an added layer of security like FireEye on what they may already have in the public cloud, if they have anything. Any thoughts on that?

Kevin Mandia

Yes, it’s a little early to tell. But I can tell you for the 1A Enterprises, FireEye has always been that second layer of assuredness, right? That’s how we are in the network. In a way, that’s how we were on endpoint with forensics and on e-mail, and we’re kind of building into that layer one.

So I believe this. The customers that have adopted FireEye, when they go to the cloud, it’s just far more probable. They’re going to bring us along with them, because they’ve learned to rely on our technology to defend their networks. It may create some new opportunities for us as well. And we got to do it regardless. I’m glad we did the work.

But right now, it’s a little early to tell. We have a 15-year run of the appliance business and only a couple of year run of cloudifying that capability. But now, it’s really cloud native and we’ll see how it does it. So that’s a long-winded answer, Saket, to tell you this. 1A Enterprise, they want two layers of defense, they’ll do it. Down market or smaller businesses may not be as reliant on that [on the second quarter.] [ph]

Saket Kalia

Yep, sure. Sure. Frank, maybe my follow-up for you. Maybe derivative of a question that was asked earlier just about the core products business. But I want to focus in on sort of product ARR specifically, and how you think about that going forward? I guess, the question is, do you feel like you could sort of stabilize here in that $300 million range on product and related ARR?

And maybe you could talk about some of the dynamics in that? Because you mentioned the amortization of product that we all know, could you just talk about some of the puts and talks to that, that product and related ARR and how we should sort of think about that going forward?

Frank Verdecanna

Yes. I thought, if you look at in Q2, you did see some level of stabilization on sequential decline of 2%. There, obviously, is some customers that migrate from on-premise to cloud, and so there is some movement of dollars between buckets. So, I won’t say, it will – it will be stabilized forever at $300 million or so. But I think we’ll see it in a stabilized range going forward.

And like I talked about a little bit earlier that Q3, we didn’t – it wasn’t – Q3 2019 wasn’t a huge refresh quarter. So I think, you’ll see some product stabilization there on the year-over-year compare.

Yes, I think the important thing to keep understanding as you look at FireEye as a whole, the product and related business, while stabilized, it’s generating a significant amount of cash that we’re now able to invest in the growth areas of the business.

So as we look at and as we get more efficient as a company, the more mature areas are really becoming a kind of a cash cow for us. And that’s really helps us invest significantly in areas that we believe will continue growing.

Saket Kalia

Got it. Very helpful. Thanks, guys.

Kevin Mandia

Thank you, Saket.

Operator

Thank you. And our next question comes from Tal Liani with Bank of America. Your line is now open.

Daniel Bartus

Hey, thanks, guys. This is actually Dan Bartus on for Tal, and thanks for taking our questions here. First for Kevin, interesting to hear that you guys are going to be managing third-party endpoints – endpoint products going forward. Can you just talk a little bit more about the strategy there? Maybe how many vendors you’d be interested in supporting, or some other areas of security that you think ends for you guys to start managing?

Kevin Mandia

Yes. So by the way, it’s been the plan all along, I guess, maybe before FireEye bought us and then we had a five-year period, where we’ll be holding the FireEye products. It’s that – you’re not going to own every damn account on endpoint period. And the demand for our expertise in a second set of eyes to look at every single alert is something almost everybody I talked to once, and they’re not going to throw out their endpoint for our endpoint just to get that.

So it just makes sense for us to go in and say, what do you got and can we support it? And we should have a list of supported products. One of the best things about being on the frontlines of every breach is, we know exactly the detection efficacy of everybody’s products. Granted, you can have user error and you configure them wrong and most products are probably only use it 60% of their potential.

But we’re just sitting there on the frontline seeing what gets evaded, how it gets evaded? And we need to apply that knowledge to more than just our technology period. It’s just – it’s more valuable for us to do that. We can do that. And it’s just time we start doing it. So that’s the rationale behind doing it for the managed defense.

And by the way, we even do it in services. You can always show up to a breach and say, “Hey, no matter what you’ve got, we’re not going to use it. We’re going to use our own stuff.” We do have technology-enabled services. But we have responded to incidents collecting data using other technology, you have to be able to do it. It’s as simple as well. I was just about to have an analogy that compared Microsoft with WordPerfect. But I don’t think WordPerfect is around anymore.

But the bottom line is, we use different technology to get the damn job done and we got to elongate that. So we’re going to have supported products inside of managed defense, that’s being run by Marshall Heilman and will support other endpoint technologies. And that’s the number one use case for managed defense, verify that we have a damn problem. Answer the question every day all the time, are we compromised or not? And that’s what managed defense does. And I just think, we – it should be growing faster than it is. This is probably the fastest way to unlock growth.

Daniel Bartus

Great. That sounds good. And then quickly for Frank, good to see the ARR growth improved up to 8%. I think that’s the best over the last year-over-year there. Can you just help us breakout what you attribute to Verodin in that growth, if that’s possible? Thanks.

Frank Verdecanna

Yes. So we did see, obviously, Verodin continue growing and continuing to have nice traction year-over-year. We did grow 27% in the platform cloud category. From an overall billing perspective, the Verodin growth is probably close to half of that growth.

Daniel Bartus

Okay. Thanks, guys.

Kevin Mandia

Thank you very much.

Operator

Thank you. Our next question comes from Hamza Fodderwala with Morgan Stanley. Your line is now open.

Hamza Fodderwala

All right. Thank you for taking my question. Hope you’re doing well. Just a quick question on my end. Clearly, Q2 demand was really durable. I’m wondering what you’re seeing as far as early demand trends are concerned in July, particularly with some of the high profile breaches recently? Is that helping to create any new pipeline into the back-half? Just any thoughts you have there?

Kevin Mandia

The one challenge when you mentioned that I immediately went to the 30% to 40% of our services revenue comes within quarter sometimes in regards to those breaches. We worked a bunch of big ones in Q2. We’ve probably got a couple of big ones right now, but some of the headline breaches, by the way, aren’t ones that are big headline breaches from a response standpoint. And so, I won’t comment on those specifically, but they weren’t going to be big jobs for us.

Frank, I don’t have a good answer for this. I mean, early on…

Frank Verdecanna

I think the best way to look at it is typically, when we have significant amount of breach activity, yes, there’s typically a fair amount of pull-through from those breaches over the next, call it, two to three quarters. And so the the fact that Q2 was a really significant breach quarter and incident response quarter that does kind of play well for the back-half of the year, because a lot of those engagements will have significant either product or solutions kind of pull-through.

What we’re seeing early in Q3, yes, we have seen some kind of high-profile breaches, but Q2 was a really high mix of breaches. So we’ll see where Q3 end, but so far, we still see a lot of activity going on there.

Kevin Mandia

Yes. And I think there’s always adaptation. We’ve always done our incident response work remotely. That’s just what we do. You need the pros from Dover. We send the expertise in minutes and help you out.

But one of the things I’m certain we’ll have to do is, our strategic consulting has always done with some on-site visits, on-site interviews and things of that nature. We’re going to have to evolve a little bit on how we do that, build a little bit more about validation, having dashboards, so that we can interact with our customers remotely in a more effective way. And we’re building that with the Verodin platform, that ability to attack test and rinse and repeat. But I’m certain we’re going to have to look at the way we do our strategic consulting and change some of those methodologies based on a work from home environment.

Hamza Fodderwala

Got it. Thank you.

Operator

Thank you. Our next question comes from Shaul Eyal with Oppenheimer. Your line is now open.

Shaul Eyal

Thank you. Good afternoon, guys. Congrats on the strong performance and the outlook for the second-half.

Kevin Mandia

Thank you.

Shaul Eyal

Kevin, I wanted to focus specifically on your e-mail related product.

Kevin Mandia

Sure.

Shaul Eyal

Are you seeing Microsoft being more pronounced and more visible in this market and in recent quarters?

Kevin Mandia

Yes, absolutely. I think that we went through O365. What you’re seeing, in my opinion, and solely my opinion is the cloud suite of e-mail like Google Suite and O365 are definitely doing – they’re winning, because the alternative is us doing e-mail ourselves. And even as a CEO, I found it far easier for us to outsource that capability than insource it. And so that’s a good thing.

So I think more and more companies are choosing third-party e-mail as their e-mail. And then by the way, once you do that as a third-party, you have to have security platforms as well. So we are seeing growth in our cloud, e-mail, ETP, as we call it, but we are not seeing growth in our on-prem appliance. And I don’t think too many people will see in the future on-prem e-mail gateways being successful. So bottom line, yes, Microsoft is, in my opinion, do an exceptional job winning enterprise e-mail period.

Shaul Eyal

Got it. No, that’s extremely helpful. Thank you for that. And maybe on billable hours or billable rates…

Kevin Mandia

Yes.

Shaul Eyal

I would imagine that stayed relatively subtle, maybe have you been able to slightly up these rates – expand these rates a little bit?

Kevin Mandia

We’re not increasing our rate. And a lot of folks, it’s kind of interesting. People will think we’re – that the rate itself can be perceived as high when we’re responding to breaches or doing other things. But the reality is, is we have more experienced folks and the overall cost of a lot of what we do is actually less than folks that send a whole bunch of folks at a lower rate. Eight people at $200 an hour is more than two people at $400 an hour and you get the same results.

But we don’t really do that. I mean, in reality, different services have different rates. We, over time, have lowered the rate, if anything, although our average rate right now is high because of the incident response, where we have shown a willingness to lower the rates for what I would call strategic government work, where we just think it’s strategically important to be involved in different security operations in – across the globe, by the way, with different Intel agencies or different Departments of Defense.

So in the – so I think in the long run, because just the way we run that, though, our hourly rates always hovered at around the same plus or minus 2%, the same thing. I think, it’ll stay there, but the range of the rate has grown a little bit.

Shaul Eyal

Understood. Thank you so much.

Kate Patterson

We have time for one more question.

Kevin Mandia

Yes. Thank you. One more?

Kate Patterson

One more.

Kevin Mandia

Sure.

Operator

Thank you. And that question comes from Brian Essex with Goldman Sachs. Your line is now open.

Kevin Mandia

Brian, how are you?

Brian Essex

Hi, guy. Hey, good. How are you? Thanks for squeezing me in. I appreciate it.

Kevin Mandia

Sure.

Brian Essex

Just one quick question for you. Just wondering any incremental contribution progress with the iboss partnership, just wondering how that’s going on the platform and kind of what to expect there going forward?

Kevin Mandia

Yes. First off, love the technology of iboss and I looked at the performance. And obviously, we could probably do better there and train our sales force. And I think right now might be relatively specialized sale for us, where our sales engineers that get it or just better at, I think, positioning it. And I look at it as – it’s like a Zscaler thing, right? You get the FireEye protection…

Brian Essex

Yes.

Kevin Mandia

…but you get to just kind of use the eyeballs agent throughout all your traffic. We got room for improvement there. But on paper, the partnership looks great. They send all the data and it can go through all our virtual appliances.

Frank Verdecanna

And Brian, just from a timing perspective, we had trained the sales force in Q1 on that.

Kevin Mandia

Yes.

Frank Verdecanna

So it does take a couple of quarters to build the pipeline. But if you look at where we sit today, we’ve got a lot of nice deals in the pipeline for Q3 and Q4. So we’re hopeful that we’ll see some nice traction there.

Brian Essex

Right, that’s helpful. Maybe, Frank, just a real quick follow-up. So thank you for that. On cloud managed services, I know you talked about training your sales force.

Kevin Mandia

Yes.

Brian Essex

And I understand you’ve had some rationalization on the hardware side of the business. How has hiring been there? What does the sales force look like in terms of new hires and maturity? And how can we expect that to support growth going forward as we look at potentially stabilization hardware side of the business?

Frank Verdecanna

Yes. When we look at kind of hiring across the Board, I think, given FireEye’s position in the marketplace with the level of intelligence and expertise we have, it’s an area that we’re very successful from. I look at a lot of the people that we bring aboard and we have a lot of talented new individuals coming aboard that I think can really help take us to the next level.

I think that’s been an area of strength for us for quite sometime. And I think we feel really good about our ability to hire and our ability to kind of grow the growth areas of the business.

Brian Essex

And is there a certain percentage of the sales force that’s still kind of getting up to maturity? Or is this kind of a steady state hiring just to support growth as you go along kind of process?

Frank Verdecanna

No, I think it’s always evolving. But no, I think, we feel really good about kind of a lot of the enablement that we’ve been working on for some of the newer areas of the business. And I think Verodin, our Mandiant Validation is a perfect example of if you looked at the pipeline being built right well after the acquisition over the next couple of quarters, then you look at the pipeline being built after we went through a full kind of enablement and training, I think, the sales force got it.

And I think they built a pretty significant pipeline that I think will drive significant growth there. So I think we’ve got the right resources to Board. We think they’re in the right level of as far as enablement goes. And so we should be in a good spot there.

Brian Essex

Okay, that’s helpful. Thank you.

Kevin Mandia

Thank you.

Operator

Thank you. I’m not showing any further questions at this time. I’d now like to turn the call back over to Kevin Mandia for closing remarks.

Kevin Mandia

Yes. I did write a couple of closing remarks right now. I’ll spit them out at New Jersey auctioneer speed, because I know we’ve been on for over an hour. But in closing, I just want to provide a quick update on the four priorities we outlined for 2020.

Our first priority was we intend to be the best world at incident response, red teaming and threat intelligence. When I reviewed the first-half of 2020, we are performing more investigations at a faster pace this year than last year. And in third-party appraisals of our incident response and threat intelligence, we’re in the top right, so I feel we’re doing our jobs there.

Our second priority was to extend our dynamic threat detection and expertise to defend cloud-based infrastructures. We addressed this priority with our acquisition of Cloud Advisory in the launch of our cloud security assessment service and consulting and our network security 9.0 release in the second quarter, which included our enhancements to support secure migration of workloads in the major cloud providers.

Our third priority was to deliver our expertise on-demand seamlessly through our technology, where experts are available at the point where our customers need them most. And again, we developed expertise on-demand not to sell more services, but the differentiate our technology. I know, in my years of doing computer security at the Pentagon, I would have loved if we had a button to click on to get help.

So we give that to our customers. And we are seeing our customers take advantage of this button, and our on-demand capability with their expertise on-demand revenue use up over 300% year-over-year, still a small number, but they’re using it. And that’s what we wanted.

And finally, we want to be the best enrolled at security validation. We intend to make the process of measuring security effectiveness against the most current attacks as simple, continuous and as commonplace as we can make it. And the Mandiant Advantage portal that integrates our threat intelligence and validation will close the security gap between the attackers emerging techniques and the safeguards that are just too slow to adapt, or stop or detect these attacks.

So I’m very pleased that we’re making progress in all our objectives. I want to thank everybody for joining us today. Thank you for your interest in FireEye. And I look forward to speaking to all of you in 90 days. Until then, please stay safe and healthy. Thank you very much.

Operator

Ladies and gentlemen, this concludes today’s conference call. Thank you for participating. You may now disconnect.