FireEye CEO And CFO On Election Cybersecurity, A Renewed Channel Push And Company Restructuring

The New Era Of FireEye

The last quarter was one of upheaval for FireEye. The Milpitas, Calif. security vendor ended the quarter with rising sales and billings, following announcements of a company restructuring, layoffs and major product developments. CRN spoke with CEO Kevin Mandia and CFO Michael Berry about the progress FireEye has made on its restructuring, a renewed push into the midmarket and the channel after slow momentum there, and new technology solutions. The executives also addressed the growing threat concerns around the election. Take a look at what they had to say about the future of FireEye and what security threats might be on the horizon.

What do you think of the election from a cybersecurity perspective right now?

Mandia: At the end of the day, I think [this] week will be tough to call – half of my brain says Russia will stay quiet for the week and the other half says maybe we will see something special. I don't think it will have any direct influence on election systems. There is always a way to get voter confidence down by publishing false information, the astroturfing kind of stuff. But, taken out the election, we're just seeing more from Russia since the fall of 2014 … They have clearly changed the rules of engagement. Then, in 2016, during another election year, suddenly we see them add a third ingredient, where not only did their [operational security] get worse, their scale got bigger and the rules of engagement changed as to how brash and bold they are – they don't go away. The fourth thing we've observed is that they've started to release documents … That's just breaking the rules of the playground. Lots of changes. I'm fascinated.

What changing dynamics have you seen around Russia and China in the threat landscape?

Mandia: I'm fascinated by what I've observed in my 20 years of responding to breaches, where I've gotten to live with government-on-government, and that was primarily Russia and China hacking each other, .gov versus .gov and .mil against .mil. Fast forward to 2014, we saw and we published a report this year called "Red Line Drawn" that showed the Chinese cyber-espionage campaigns in the United States came down dramatically since 2014. In fact, really starting in 2013. We have reached rules of engagement with China where the threat against the West is still there, but what's called fair game has shrunk. In certain industries, there is less risk. Now, let's get to the Russian government. It is absolutely astonishing. For the first time in my 20 years of responding to breaches, we have folks on the front line responding to more breaches from Russia today than from China. That's my opinion, having glanced at what we're doing. That just shows you that the times have changed. It will always be like this, next time maybe Iran will emerge or North Korea is rearing its head every once and a while with an intrusion here or there.

What were some of the key financial highlights from FireEye's third quarter?

Mandia: I think the first thing that matters most is that we accomplished what we set out to do in Q3. The headline is that we delivered financial results that exceeded our guidance ranges on all of our key metrics and that we just kept our focus on balanced growth and our path to profitability … We operated through a restructure and changes in sales leadership but still delivered our results.

Berry: We exceeded billings and revenue. From a product perspective, email performed very well. Also, our iSight intelligence had a very good quarter. We did a great job managing expenses. We completed the restructuring in Q3. There's nothing else planned. We completed it; we took the structuring charge and we're moving on. We also exceeded our cash flow guidance. We feel really good as we go into Q4. From an efficiency perspective, we actually had the best operating margin in the company's history. It was a very good quarter. The employees all just pulled together and did a great job.

What were some of the key technology highlights from the quarter?

Mandia: We released our on-premise version of MVX … [FireEye Founder Ashar Aziz] developed that first as a virtualization technology and we've added machine learning, analytics, behavioral models and other things to that. We did a separation of the network-centric component and then that analytical brain we call MVX. We delivered the on-premise version in Q3, and we did two transactions already with it in Q3 … [We also made enhancements to] our endpoint and FireEye-as-a-Service. But, when you boil it down, one of the key statistics I saw in Q3 is we had 47 customers spend over $1 million on our technology and 41 of those bought multiple products from us. For those security-conscious enterprises that recognize they need an aggressive defense against advanced threats and even the treats that everyone else misses, they still turn to FireEye.

With the restructuring, do you see FireEye as where you want it to be right now from a business perspective?

Berry: The answer is yes. What we wanted to do was we wanted it to be one-and-done because it's always a distracting thing. It doesn't mean that we aren’t always looking at our business, and we're trying to optimize, reallocate and focus on things that drive returns, but something like [a restructuring] is very, very disruptive to the company. We feel good about that going into 2017. We have continued to maintain that we are still on the path to profitability by the end of 2017. The restructuring was a big part of that.

Drilling into the upcoming Cloud MVX offering – what's the opportunity for partners around that technology?

Berry: We think this is one of the great opportunities for our partners. Not only do we think some of our existing customers will want to adopt it, although we do so well in the enterprise market that they will want the private cloud version, but this is really something we can penetrate that lower enterprise to the midmarket. This is really where we are hoping it will be a big driver of growth in the partner community. We will roll it out in the U.S. first, and then it will be available globally shortly after that. We did Essentials earlier in the year. It's done okay, but we really think Cloud MVX is going to be a big driver [in the midmarket]. We hope partners really jump in.

Mandia: I think we've always been generally accepted as pioneers in the dynamic inspection and I think we've always been accepted as the best detection in this space, and now what we're doing is making the price point close enough so that more folks can make that decision when they're doing the balance between price and efficacy. We will take the best efficacy now. I think that the channel is going to respond well and the partners will respond well.

Where are you seeing wins around MVX?

Mandia: One was at a financial institution that is wildly conservative and has already adopted our appliance-based technology and recognized that they loved our detection efficacy and went straight from beta into their production environment with it. The other one was a government agency. Those are really the early adopters of technology. The government agencies that have to have shields up with more aggression and the financial institutions. That MVX separation also allows us, and this is the critical Q4 release that we have, to offer our Cloud MVX, with the detection ability where we have distributed network sensors, have it at the price point where we can broaden the aperture for the market segments that we're relevant to, and have the ability to generally have better detection available to a broader range of folks.

Are these solutions designed to double down on the midmarket space, as partners say they aren't seeing much traction with Essentials?

Berry: Hopefully it changes it. Number one, our price points don’t play that well in the midmarket right now, so this will be priced much more aggressively. It will also be a subscription offering. That's really been our biggest issue. Plus, from a go-to-market perspective, we do so well in the large enterprises. Part of the Cloud MVX is certainly to address that market, but also we will have some enterprise customers that will want to deploy in a hybrid environment as well, so we think it checks the box in both of those areas.

How does this MVX change the dynamic of how FireEye works with partners? Are you looking to push more business through the channel?

Berry: We certainly are. We have some great partners and we would like to make sure that is a better relationship. It's painful for us to read some of the partner checks at the end of the quarter because we do have a lot of great partners. Our goal is to make sure they understand that we do value them and that we want to make sure they are involved. Again, we have a bunch that do really well with us, not only with fulfillment but also driving business. Cloud MVX, for us, is [a sign] that we understand that we need to appeal to more organizations, not just the very large enterprises. This is the first step down that path. Keep in mind, too, that we do offer email in the cloud and that, again, is priced very effectively for the midmarket. We also hope that it's not just going to be Cloud MVX, but also email and there will be other things coming down the path, as well. Also, iSight does very well in that market also.

It looks like you're expanding iSight through Cloud MVX and a relationship with Microsoft. Can you talk about that?

Berry: That's an OEM relationship [with Microsoft]. I think what it really does is it validates the value of [threat intelligence]. We get a lot of questions about how intel is generic, everyone has it. Our answer to that is: bologna. We have the best intelligence out there, as we like it say it's nation-grade intelligence probably second only to the U.S. government. I think this is a great proof point that our intel is the best, so [Microsoft] will wrap that into their product. It's hard to get a relationship like that with a company like Microsoft, so it's really great to see them moving forward with that.

Multiple big vendors say people buy their solutions for their threat intelligence. How is yours different?

Mandia: First, there's threat data and then there's threat intelligence. Threat data is just bad IP addresses, bad domain names and all of that stuff … You cannot have timely and great intelligence unless you do two things: one, respond to every breach that matters and two, have intelligence analysts globally. We do both of those … How do product companies, if that's all they do, get smarter about how those technologies get evaded and circumvented? The answer is they can't. At every breach we respond to, there's a firewall there. Why did it miss it? Because if all you do is wait until someone else has a breach and then respond and wait for that threat intelligence to be passed on to you, you are six to nine months behind the problem … What we’re up against is a bunch of product companies that have no idea what the bad guys are doing today, none whatsoever, so they develop a consortium in hopes that they can learn from each other's products … A lot of it, no offense to well-intentioned people, is dated and inactionable by the time it gets disseminated. Our data, we're learning things today, and our customers are safeguarded today … but when we respond to breaches most of our customers are protected from the evasion techniques that day.