SecureWorks Corp (SCWX) 2017 Q2 法說會逐字稿

Good morning, and welcome to the SecureWorks second-quarter FY17 financial results conference call. Following prepared remarks, we will conduct a question-and-answer session.

(Operator Instructions)

As a reminder, this conference call is being recorded. I'd now like to hand the call over to Rebecca Gardy, Head of Investor Relations. Ms. Gardy, you may begin.

Thank you, Andrea. Good morning, everyone, and thank you for joining us today to discuss SecureWorks' financial results for the second quarter of FY17. This call is being recorded. This call is also being broadcast live over the Internet and can be accessed on the investor relations section of SecureWorks' website at Investors.SecureWorks.com. This webcast will remain available for replay until 5 PM Eastern Time on October 7, 2016.

Yesterday after market close, SecureWorks issued a press release announcing results for its fiscal quarter ended July 29, 2016. You can access this press release on the investor relations section of the SecureWorks website.

During this call, management will make forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. These forward-looking statements include guidance with respect to GAAP and non-GAAP revenue and net loss per share, as well as adjusted EBITDA. Our forward-looking statements involve risks and uncertainties that could cause actual results to differ materially from those anticipated by these statements. You can find a description of these risks and uncertainties in today's earnings press release and in the Company's quarterly report in Form 10-Q for the quarter ended July 29, 2016, which is available on our investor relations website and on the SEC's website.

All forward-looking statements made on this call are based on assumptions that we believe to be reasonable as of this date, September 7, 2016. We undertake no obligation to update our forward-looking statements after this call as a result of new information or future events.

Some of the financial measures we use on this call are expressed on a non-GAAP basis. These non-GAAP measures exclude: stock-based compensation, the impact of purchase accounting, amortization of intangibles and the related tax effect of these items. We provided reconciliations of the non-GAAP financial measures to GAAP financial measures in today's earnings press release available on our website. Non-GAAP measures are not intended to be considered in isolation from, or a substitute for, or superior to our GAAP results, and we encourage you to consider all measures when analyzing SecureWorks' performance.

With us on today's call are Michael Cote, President and Chief Executive Officer of SecureWorks; and Wayne Jackson, our Chief Financial Officer. Following their prepared remarks, we will take your questions. We would appreciate you limiting your initial questions to two so that we may allow as many of you to ask questions as possible in our allotted time. In the event you have additional questions that are not covered by others, please feel free to re-queue and we will do our best to come back to you.

Thank you for your cooperation on this, and I will now turn the call over to Mr. Cote.

Thank you, Rebecca. Good morning, everyone. We're pleased to announce another strong quarter for SecureWorks. Our second quarter was in line with expectations, and we are on track to deliver our full-year FY17 guidance.

Let's take a look at some key results. Non-GAAP revenue increased 29% year over year to $103.9 million. And non-GAAP net loss per share improved to $0.07 as compared to $0.18 last year, as we continue on our path to profitability.

As we reflect on the quarter, there are three areas that I'd like to highlight. First, our deep understanding of the cyber threat landscape and what we believe to be a change in the way clients are addressing this challenge. Second, a few recent examples that demonstrate the power and uniqueness of our security solutions. And third, a recap of announcements that we made in the quarter which support some of our strategic priorities and demonstrate our alignment with the needs of our clients.

In the second quarter, we continue to see broad-based demand for our solutions against a continued backdrop of relentless cyber threat activity. Our clients increasingly view our solutions as mission-critical, especially as hackers either identify or create new ways of infiltrating endpoints, networks and systems.

As the Internet of Things grows and the world becomes increasingly connected, vulnerability to cyber-attacks increase everywhere. Despite deploying multiple layers of defenses, companies -- and for that matter, governments -- continue to get hacked.

Everyone wants a measurable way to manage their security spend and ensure they have orchestrated-coordinated their security ecosystem between their multiple-point products. They want a system that allows them to prevent attacks that can be prevented, detect those that can't be prevented, respond rapidly and appropriately when a breach occurs, and predict how and where the threat actor will strike next. And that is what we do.

We know threat actors adapt quickly to each new defense, so companies need the skills, intelligence and tools to have an early warning system to respond. Security teams are limited in this regard, as human capital is increasingly difficult to source and train, and visibility to threats is limited to only their systems and experience.

We have visibility across all of the various security devices at our 4,300 clients in 59 countries, which is why I'm so excited about our intelligence-driven information security solutions. Our highly automated software-driven technology, the Counter Threat Platform, or CTP, leverages over 16 years of visibility into the global threat landscape in a vendor-agnostic manner to discover malicious activity.

We deliver countermeasures, dynamic intelligence and valuable context, limiting human intervention to only a fraction of the 190 billion events our platform ingests and analyzes every day. Our results this quarter are evidence that the actionable intelligence we deliver to our clients is helping solve their security challenges.

I'd like to highlight a few examples that illustrate the type of value we delivered to our clients since our last call. The first one deals with ransomware, which cyber criminals increasingly use because of its success rate and the related financial rewards. Based on these ransomware campaigns, cyber criminals are manufacturing more complex variance in an attempt to outpace traditional security controls.

No industry or vertical is immune, and we have seen frequent attempts across our entire client base. Specifically, we've seen an 81% increase in ransomware since January of this year.

One such example is the ransomware referred to as MiniCryptxxx, where a conventional email sandbox protection is not feasible based upon its use of anti-analysis techniques. The malware was engineered to require launch codes to be entered at the command line, and therefore, did not trigger detection in the sandbox. SecureWorks has developed a way to detect this malware when it attempts to delete all local computer backups during deployment.

Another example of how we leverage threat intelligence with the Counter Threat Platform to protect multiple clients from the same threat was recently highlighted when an executive of a major global financial organization received a personalized phishing attempt with an attachment. The content prompted the executive to click a link to a PDF document, which redirected him to a realistic log-in page for a well-known search engine website. This phishing site was more sophisticated than typical, as it dynamically generated the phishing landing page and routed the user through to the real website after they had entered their username and password.

As a result of the selection of a senior executive and the higher-than-normal sophistication of this attack, we developed a global countermeasure applied to our CTP. Since then, we have been steadily blocking pages that use this script.

One attack on one client results in SecureWorks protecting all of our clients, with approximately 270 additional detections in the last quarter. Capturing a single set of executive credentials which a user may reuse for corporate systems or which may allow access to a trusted mailbox that can be used for social engineering, can be the small chink in the armor that an adversary needs to crack a corporation wide open.

In all cases, we are able to detect and alert our clients of this activity before the threat actor can take advantage of this technique. While others may not have the resources to protect against such attacks, the network effect of our CTP protects our clients against this and other focused threats.

Another recent example I'd like to share occurred in July when we detected an advanced threat actor attempting to compromise a global engineering and construction company with previously unknown technique. We were able to leverage our detection of this new adversary technique, finding the needle in the haystack by creating a global countermeasure applied across our client base -- again, due to the power and scale of our Counter Threat Platform.

This action resulted in the just-in-time protection of a Global 1000 manufacturing company that was being targeted by the same threat actor using a variant of this technique. The adversary was targeting the software distribution servers of our client, and this could have led to catastrophic consequences by potentially compromising legitimate software. Even if this threat actor's specific tactic evolves, which they typically do, we have already created multiple ways to detect variants of this technique, effectively sending this adversary back to the drawing board once again.

These examples illustrate that as the threat actor evolves their tactics, we evolve as well. As the cross-platform security needs of clients change, we respond in a way that static-point products simply cannot, and certainly not at the pace the adversary does.

Investing in our CTP technology to deliver its scale, this level of actionable intelligence to our clients around the world is one of our key strategic priorities and differentiators. For 16 years, SecureWorks has helped protect on-premise environment across the globe.

Another of our strategic priorities is the extension of our solutions to the cloud. In June, we announced that we are now extending our threat intelligence expertise and the capabilities of our CTP to the cloud with our purpose-built solutions for Amazon Web Services. We now offer a comprehensive security solution for both on-premise environments and where organizations have ported legacy applications to the cloud.

Our clients benefit from the comprehensive view into the security of their data and applications regardless of where they reside. Our vendor-agnostic approach ensures SecureWorks is closely aligned with our clients, providing them with an orchestrated way to leverage the various technology solutions they already have in place.

Our partnership with best-of-breed product companies also plays a critical role in ensuring our clients have the best overall security program to match their objectives, while creating and expanding the marketplace for our solutions. In mid-July we announced that we integrated key portions of our proprietary attacker database with Palo Alto Networks Next-Generation Security Platform. Combining these capabilities, our managed Palo Alto Networks Next-Generation Firewall Solution delivered to our advanced threat intelligence and immediately protections from threats before they enter our clients' environments.

I'm excited about the future for SecureWorks. We are well-positioned against the ever-changing cyber threat landscape. Our solutions offer our clients the global visibility, scale and actionable intelligence that point products alone simply cannot. The automated and data-rich nature of our CTP allows clients to meet the growing needs and the growing risks stemming from greater connectedness, without increasing headcount or adding complexity to their environments.

And now I'll turn it over to Wayne to discuss the financial highlights for the quarter.

Thanks, Mike. Good morning, everyone. I'll start with a review our second-quarter results, and then provide third-quarter and full-year guidance for FY17. The following financial results are non-GAAP measures unless otherwise noted. As a reminder, the major differences between our GAAP financial results and our non-GAAP results relate to the add-back of the amortization of intelligible assets, and stock-based compensation charges. For the remainder of FY17, there's also a minor adjustment to revenue for purchase accounting adjustments made in prior years.

As we review the results, there are two themes to the quarter that I'd like to highlight. First, we delivered solid revenue growth, driven by continued demand in the core subscription business from both existing and new clients. And second, we effectively balanced cost management with investments for growth through operational leverage and management rigor.

I'm pleased to report this quarter solid performance and the progress SecureWorks continues to make on its path to profitability. Second-quarter revenue was $103.9 million and a 29% growth over the prior year. The percent of total revenue from our subscription solutions remains at approximately 80%, consistent with the prior two years.

Monthly recurring revenue, or MRR, at the end of the second quarter was $29.8 million, a 12% increase over the prior year and a sequential 3% increase. Sales to new clients and cross-selling of additional services to existing clients contributed about equally to the MRR growth.

We maintained a 99% revenue retention rate through the second quarter. Note that our measure of revenue retention is comparable to the same-store sales metric, and that it measures our capacity to grow with existing subscription clients. Historically, we have generally seen this rate move between 97% and 102%, based on the timing of cross-sales and renewals each quarter. While our revenue retention rate may fluctuate quarter to quarter, our goal every year is an annual rate of 100% or greater by year's end.

As I review our record sales pipeline, I continue to see overall strong and growing demand for our security solutions. As Mike discussed, companies continue to engage SecureWorks to strengthen their security posture. Gross margin improved to 52.6% of revenue during the quarter, a 150-basis point increase compared to the second-quarter FY16.

Year over year, we have seen the benefits of technology and scale in our delivery model, partially offset by higher hardware and third-party license costs. As a reminder, we leverage hardware as a component in our delivery of holistic solutions. We do not, however, sell hardware as a stand-alone component.

Sequentially, gross margin declined 100 basis points to 52.6% from 53.6% in the first quarter, primarily due to a modest increase in hardware cost. Operating expenses were 61.8% of revenue, down from 74.5% in the second quarter of last year and 63.7% in the first quarter of this year. This reflects management's focus on OpEx spending, ensuring scale and back-office support while continuing to invest in areas that fuel future growth.

I will break out R&D, sales and marketing, and G&A next. Research and development expenses were approximately 11.7% of revenue versus 15.6% in the prior year and 13.5% in the first quarter. Sequentially, the decline in R&D expense reflects the Company's ability to leverage a flexible staffing model to align with solutions development. R&D is an area in which we will continue to invest. And while our spend will fluctuate somewhat, we do not expect R&D to decrease significantly as a percent of revenue going forward.

Our sales and marketing expenses declined to 27.2% of revenue from 33.1% of revenue in the second quarter last year on solid revenue growth. While we continue to invest in our sales teams to pursue a growing market opportunity, the benefit of our recurring subscription business model lends itself to scale in sales and marketing.

General and administrative expenses in the second quarter were 22.9% versus 25.8% in the second quarter last year, as we realize scales in our investments in our public Company infrastructure. Our current results reflect investments in areas such as IT and product management that are included in G&A to support our revenue growth.

Our GAAP net loss was $12.1 million or $0.15 per share compared to $21.1 million or $0.30 per share in the second quarter last year. Non-GAAP loss per share was $0.07 compared to $0.18 in the prior year and $0.09 in the first quarter. The improvement demonstrates our disciplined approach to achieving profitability through controlled spend on increased revenue. Weighted average shares outstanding, both basic and fully diluted, were 80.0 million at the end of the second quarter.

The Company's adjusted EBITDA loss in the second quarter narrowed to $7 million versus an adjusted EBITDA loss $16 million last year, on increased revenue and scaling cost. We have a solid cash position of $113.3 million as of the end of the quarter. In addition, we have an untapped $30 million credit facility and no indebtedness.

Cash flow used in operations this quarter was $5.4 million. As disclosed in our cash flow statement for the period ending July 29, 2016, our transactions with Dell indicates a use of cash of $21 million year to date. As of the end of our second quarter, the amount due has decreased to approximately $700,000. Prospectively, we anticipate that our transactions with Dell will no longer be a significant use of cash, as our charges to Dell will continue to exceed Dell's charges to us under our commercial agreements.

I will provide more detail around these activities. We began the year with a net payable of $22 million, which arose primarily as a result of Dell continuing to pay vendors for payables and purchase orders that were outstanding as of August 1, 2015, the effective date of our legal carve-out. As we have discussed in the past, these commercial agreements include our transition service agreement, the fixed portion of which is approximately $1.4 million per quarter, as well as amounts due for employee payroll and benefits paid on behalf of SecureWorks.

These employee-related costs are approximately $7 million and $8 million per quarter, and fluctuate depending on the number of SecureWorks employees. Offsetting these liabilities are amounts we charge to or through Dell for sales to our clients that we make through Dell legal entities where SecureWorks has not yet established such legal entities, or for services we provide directly to Dell as a customer.

Lastly, I would like to discuss the other non-current assets line item in our balance sheet. This item includes SecureWorks' $20.7 million income tax receivable from Dell. As we discussed in the past, the tax matters agreement between Dell and SecureWorks states that Dell will reimburse SecureWorks for any utilization of our tax assets. We currently have the receivable recorded in long-term assets due to the fact that, should Dell utilize our FY17 tax asset, it would be mid to late FY18 before we would be entitled to collect the cash. Going forward, we will highlight any changes to the status of this asset, and if and when it is classified as a current receivable.

Now let's turn to our outlook for the third fiscal quarter ending on October 28, 2016, and full-year FY17. As a reminder, the fourth-quarter FY17 will have 14 weeks versus the standard 13 weeks, as SecureWorks operates on 52-, 53-week fiscal year. Next year, we will revert back to a 52-week year, so please keep this in mind when you are comparing full FY16 to FY17, or when you start to model FY18.

In the first quarter, we discussed a certain level of sales volume in the large enterprise space slipping into the second quarter. As we have expanded further into the large-enterprise market around the world, we are seeing lengthening sales cycles. We believe this is indicative of the complexity of selling in the large global organizations rather than a single macro slowdown in managed security spending. So while our second-quarter new sales were significantly higher than in the first quarter, as our conversion of pipeline returns to anticipated rates, we expect extended sales cycles to continue in the large-enterprise space as an increasing percentage of our dollars sales are derived from large global opportunities.

Based on the second-quarter performance, the aforementioned items and current market conditions, we expect the following results. For the third fiscal quarter, we expect revenue on both a GAAP and non-GAAP basis to be between $104 million and $105 million. Net loss per share to be in the range of $0.15 to $0.17, and non-GAAP net loss per share to be in the range of $0.07 to $0.09. We expect 80.009 million weighted average shares outstanding during the third quarter of FY17.

For the full fiscal year, the Company expects revenue to be between $423 million and $425 million, and non-GAAP revenue to be between $424 million and $426 million. Net loss per share to be in the range of $0.62 to $0.66, and non-GAAP net loss per share to be in the range of $0.30 to $0.33. And adjusted EBITDA loss to be between $28 million and $32 million. We also expect 77.635 million weighted average shares outstanding during the FY17.

Finally, we invested $4.5 million in the second quarter in capital expenditures to support growth in our data centers and facilities, bringing year-to-date CapEx to $7.9 million. As we continue investing for growth, we expect capital expenditures to be approximately $20 million to $22 million for the full fiscal year.

In conclusion, I am pleased with our second-quarter performance as we continue to grow revenue to scale our business and execute our strategy. We are confident in SecureWorks' position as the market leader in providing early warning capabilities and actionable intelligence to our clients in a vendor-agnostic manner.

I will now pass the call back to Mike, who will give some closing thoughts before we open the call for questions.

Thank you, Wayne. As you have just heard, we had a great start to FY17, with two solid quarters both in terms of top-line revenue growth and our momentum towards profitability. We've been intelligence-driven since 1999, building solutions to take advantage of our global visibility and the power of the Counter Threat Platform.

Our technology is superior, our teams are focused on delivering exceptional services to our clients, and we're as passionate as ever about delivering the security solutions our clients need, whether on-premise or in the cloud. Thank you, and operator, can you please open the call for questions?

Rob Quist, Pacific Crest.

Good morning, guys, Rob Owens here. First question -- can you lend a little more color to the lengthening sales cycles you are seeing, maybe give us some historical perspective? And then secondarily, can you talk about what you're seeing in terms of pricing for services -- where competition is and what kind of price you are achieving overall? Thanks.

Hi, Rob, this is Wayne. Thanks for the question. Relative to sales cycles lengthening, it's primarily in the large-enterprise space. Well, it's all in the large-enterprise space. And as we talked about in Q1, we had some slippage of some deals we thought were going to close in the first quarter -- again, almost all very large companies. We ultimately closed most of those in Q2 -- or some of those in Q2. Some are still going on.

So it's really just the complexity and the challenge of closing global deals, certainly as quickly as the SMB space. So from our perspective, it's just the lengthening. The pipeline is very strong. It's -- at the end of Q2, it was as large as it's ever been, and it continues to grow.

Is there any color relative to industry or gio on those extending cycles?

It's pretty much across all of our verticals.

Okay.

All of our verticals, from a large-enterprise perspective.

And from a geo perspective, as we mentioned, it's global. So all of those are organizations that have operations in multiple geographies -- meaning the US and EMEA and/or APJ in some fashion, either Japan and/or Australia. So it's all global organizations that have operations in multiple places.

Just to add a little more color for you, Rob, I think part of this relates to the industry and some of the maturity that's happening. As I mentioned in the prepared remarks, where people -- our boards and C-suites are beginning to look for measurable ways to look at the orchestration and coordination of their security spend. Where are they getting the most bang for their buck.

And then Rob, your second question relative to pricing. So again, let's keep in mind, we just had a really strong quarter revenue-wise, and -- obviously at some point, pricing plays into that -- we see in the large-enterprise space, it's a competitive market. Mike has shared with you before who our competitors are, both in the US and around the world. There is, in a competitive proposal, always pricing. But for the most part, we haven't seen any significant changes in pricing this quarter compared to prior quarters.

All right, thank you.

Thanks, Rob.

Sterling Auty, JPMorgan.

On the lengthening sales cycle question line, specifically, can you give us a sense why you think the sales cycles are lengthening? Is it because customers are trying to decide about whether they are going to go the managed security direction versus some other option? Or is it a longer timeframe to decide versus you versus the competition? Or something else?

So my sense is that it -- and from the meetings I've had with prospects -- is that it's really them trying to understand the best place for them to spend their dollars from a security perspective. And ensure that they are getting an orchestrated -- you know, the orchestrated value across their various point products for their whole spend.

It really feels to me like there's a bit of -- a lot of -- well, let me back up. As you guys well-know, there's a lot of companies in the industry saying the same thing. And I think the C-suites across organizations that we've talked to when I've made trips to APJ, to EMEA and to the US, to talk to some of these larger prospects, they are sitting back to try and make sure they can actually decipher the differences between the solutions that are being offered. And ensuring that they can get the appropriate bang for their buck when they spend the money.

So it doesn't feel like it's -- I mean, there's competitors involved in the process, which was part of your question. It is not one where they're not looking for help. So I see them spending money in a security solution.

Sterling, this is Wayne. If I can add to that a couple of tactical things, because I know this question is important to most people on the phone. So there's two things. One, keep in mind, when we say it's an extended sales cycle, our roots are in SMB -- small business, medium-sized businesses, US domestic businesses -- that understand kind of what we do and can help them in their smaller enterprises. Those sales cycles haven't changed.

I can tell you for my involvement every week on the large-deal pursuit opportunity team, we have -- I mean, pick a number -- it's a very long list of global clients, and those that enter our pipeline in our sales cycle process. And it takes just longer on a global organization, again, for us to, you know, explain and talk about our value proposition. And then they stress-test that. Ultimately, the client wants us to be able to help them orchestrate, help them find what's relevant to them in a cyber-threat. So that's a very tactical way, what we are seeing every month and every quarter for the last couple of quarters.

Well, I think it's worth putting in perspective the fact that the pipe is growing dramatically in the last quarter.

Strong pipe. Largest ever.

Okay. And then my one follow-up question would be, did that have a dampening effect then on the MRR that you reported? And how should we put that into the context with kind of the reiteration of the full-year guidance?

So thank you for that. MRR, as we talked about earlier, is 12% growth year over year, 3% sequentially. We feel very confident about our annual guidance that I just talked about earlier. And MRR, I believe -- think about, we disclosed our split is still 80/20, the MRR of $29.8 million. We'll go ahead and help you do the math. If you take the MRR times 6, divided by 0.8, you can see it pretty much supports our annual guidance.

And I think as Wayne mentioned, you know, we had a good sales quarter from a conversion perspective.

Got it. Thank you, guys.

Thanks.

Saket Kalia, Barclays.

Hi, guys, thanks for taking my questions here. My first one, maybe for you, Mike, you know, the commentary about customers looking for more measurable ways to orchestrate their security spending. Maybe just to broaden that question a little bit, can you talk about what you're seeing out there on the market as large enterprises that have in-house security teams maybe debate about keeping security in-house versus outsourcing it to someone like you? Any thoughts on sort of where the market is, and that sort of evolution?

That's a great question and -- where the market is, relating to that. So my sense is that the market, from a security -- well, let me try and address it this way. I think the security market is in its infancy, or maybe its early teenage years, and we are evolving from the perspective of trying to ensure that whatever the spend is. Whether it's our in-house security staff with a bunch of point products trying to manage it with the visibility that they have, to clients of SecureWorks where they've got the global visibility across our 4,300 clients in 59 countries, coupled with their internal organizations.

And I have been involved recently with some presentations -- for example, the NACD - National Association of Corporate Directors put together an event, and I was there for three hours talking to public company board of directors as they are getting more engaged to figure out -- how do they know where they are, from a threat landscape perspective, both individually and in comparison to other organizations? Is their spend and their defense posture getting better or worse for each dollar they are spending? How do they know by the visibility they have across their threat landscape -- theirs and other organizations?

So we are actually helping to try and put boards in positions to ask the right questions. And I think that part of that, we'll call those that are doing this purely in-house, trying to figure out where they can get the incremental visibility and a way to orchestrate across the various point products that they may have. So to answer your question, I'd say in the early teenage years.

Got it, that's very helpful. And then for my follow-up, just go back to the MRR question. Wayne, you know, one of the things that also might be worth noting is, it looks like you had a strong MRR result this time last year. So can you just remind us a little bit about what drove that strength last year?

And the more importantly, as those comps maybe start to normalize, is this sort of low double-digit growth something that changes, perhaps accelerates? Or do those lengthening sales cycles maybe keep us at that level, even when those comps normalize?

Thank you. So I think what you are referring to is, last year, Q2 2016 over Q2 2015 was in the low 30s year over year.

Right.

We had, from 2015 to 2016, significant increase in our pipe, significant increase in our conversion of that pipe and MRR. Which ultimately resulted in large revenue growth, including our revenue growth this quarter year over year, as the backlog has been solid over the last three quarters. So it was coming off a very strong year-over-year growth 2016 versus 2015.

I think relative to MRR -- and it's $29.8 million this year. Which, again, to your question is, are we going to see more moderate mid-teens increase? It's really a snapshot in time, right? And we have to take the MRR as of today, plus look at our pipeline that we talked about, is at a record level, our conversion rate, which in Q2 got closer back to our historical rates, and then revenue retention.

So there's three or four levers there. I don't want to get into forecasting MRR, but I think it does lead back to supporting very solidly our guidance for the year. And just remind everyone, you know, we have two more quarters relative to continuing to focus on the market and grow and increase our sales and MRR between now and the end of the year.

Very helpful. Thanks, guys.

Thank you.

Gur Talpaz, Stifel.

Hi, this is actually Chris Speros on for Gur. You guys noted that the gross margins were down a bit from Q1 due to higher hardware costs. Do you expect these higher cost to persist and depress gross margins through the back half of the year?

So this is Wayne. Thanks for the question. The hardware cost this quarter, it was very modest increase. It was 100 basis points. And for us, hardware -- there's two types of things. One, the price increased modestly. But also, the mix of that hardware -- is it a 1-gig, a 10-gig, a 60-gig? So it moves the margins a little bit.

Just to add to what Wayne said on the price increase is that our price increased from Dell due to the fact we've got an arm's length commercial agreement today versus a year ago, when we were --

Right, that's exactly right. There is some of that, that has gone through.

Okay, thank you. And also, can you talk about the demand that you are seeing for your Red Cloak agent, and what the pipeline is looking like there?

So this is Mike Cote. Thank you for the question. We are very pleased with the growth that we've had on sales from a Red Cloak perspective. And the pipeline in front of us, quite frankly, is the largest growth we've seen in any new solution that we've come out with in the history of the Company. So it has grown pretty rapidly in a short period of time. So we're cautiously optimistic.

All right, thank you.

Gabriela Borges, Goldman Sachs.

Good morning, thank you for taking my question. Maybe just a follow-up on the mix shift dynamic you're seeing as you engage more with large enterprises. Curious how much of this is a greater willingness to outsource at large enterprises, versus perhaps other go-to-market changes you may have made in terms of investments, to go after that business opportunity? And then to the extent that larger scale does materialize, does that have any impact on your ability to achieve your scale and margin targets over the medium term?

So this is Mike Cote. I think the first part of your question was go-to-market changes in the large enterprise, and we've continued to execute on our strategy of a direct go-to-market model. We do get lead generation from Dell and soon-to-be the Dell Technologies' EMC organization, but we've not made any go-to-market changes. We still continue to invest globally from a direct sales perspective. And I think the second part of your question related to gross margin?

Your ability to perhaps achieve your scale and margin targets on a faster pace if larger business does materialize over the next couple of years?

So this is Wayne. From a margin perspective, there is a little bit of difference in margin for the large enterprise versus small and medium business, but not appreciably. It really deals more with the type of solution that large enterprise or small business is looking for. And what type of solutions we are able to provide to large organizations in meeting their objective -- which is orchestration, which is relevance, which is ability to view all of their cyber threats through one pain of glass. So short term, that's kind of what we are seeing.

This is Mike. Let me just add onto what Wayne said. Which is, from a gross margin perspective -- I mentioned in the prepared remarks that today, we're seeing 190 billion events a day. And the key from a gross margin perspective is, as those number of events continue to increase -- and we mentioned this on the road show -- we made investments over the last 18 months or so into the technology and scaling of that, to ensure that we find the needle and the items of interest. Which is really the key, from a continued expansion of our gross margin over time perspective, and we feel good about the progress that we are seeing in that area and the results.

That's very helpful. And then as a follow-up, if I could, Mike, you mentioned in the prepared remarks some of the behavior you're seeing around enterprises moving to the cloud. Maybe just as the follow-up, are you seeing any difference in customers' willingness to engage on managed security as they think about hybrid models?

So I think, clearly the cloud is continuing to grow, and security is a concern for people moving into the cloud. Our first step into the cloud is those that are lifting and shifting their applications to AWS, which is largest portion of the workloads moving to the cloud today. And our capabilities are basically monitoring the industry-leading web application firewalls, and managing and monitoring IDS and IPS, as well as monitoring server groups. We virtualized our counter threat appliance, and actually virtualized our iSensor that we can use in AWS from a maintenance and monitoring perspective.

So I think that we will continue to see movement into the cloud, and I think security concerns will continue to become an increased issue for people in the cloud. And we want to be in a leading position there.

That's very helpful color, thank you.

Matt Hedberg, RBC Capital Markets.

Yes, thanks, guys. Wayne, I just had a follow-up question on gross margins, maybe just put a little finer point on it, given some your comments on the hardware cost and third-party licensing fees. Should we expect gross margins to be up sequentially for Q3 and Q4?

So Matt, let me answer it this way. We are still very focused on scaling our investments that we've made -- that Mike talked about, mentioned briefly, and we've discussed in the past -- to scale our investments in the technology and the automation of the CTP. We also expect to continue to scale our investments around our international business. And so I think relative to gross margin, as we scale both of those investments, we expect for it to continue to improve.

Okay, that's helpful. And then I know deferred revenue and accounts receivable can be lumpy for you guys. I'm curious -- or I just -- for a reminder, how should we think about deferred revenue, I guess, billings? I think in the past, you've said we should think about it on a trailing 12-month trailing basis. As you start to sign larger deals, I assume that probably it even becomes more of a point in the future. Is that still a fair point, Wayne?

Yes, so thanks for that question. Relative to the -- we do the implied billings calculation just like you guys do. But a couple of things. One, it's not really how we manage our business. It's not how we manage our business. MRR, relative to an indicator, we believe, is a much cleaner, much crisper way as an early indicator and predictor of our revenue growth, especially as long as we disclose the 80/20 split.

And the reason it's not is, we are not just a pure prepaid model. We have prepaids, we have renewals. The timing of renewals, which are generally the back half of the year -- prepaids happen throughout the year -- but also just normal trade AR transactions happen as well. So it really is lumpy. I'm looking at our calculations, and they're literally all over the board. So it's lumpy, good and bad, as far as indicators. So that's why we believe MRR is just a better metric.

Thanks, Wayne.

Thank you.

(Operator Instructions)

Melissa Gorham, Morgan Stanley.

Great, thanks for taking my question. Mike, I'm wondering if you could just remind us what percentage of your business is enterprise today versus mid-market and SMB? And then just assuming that it's growing faster, which it seems like, can you maybe just give us an indication on what your plan is in terms of hiring for enterprise sales capacity?

So on your first question, I think what we've historically disclosed, which has not changed dramatically, is, roughly 35% to 40% of our clients would be in the enterprise space, and 65% or so are in the SMB to mid-market space. And our revenue would be flip-flop that.

We are continuing to hire sales folks across the organization, and we are structured where it's SMB, mid-market, public -- which is mostly state and local, for us -- and large enterprise -- you know, LE through the G500. And we are continuing to invest and hire across the board. From a percentage perspective, our investments are probably bigger in hiring sales folks in the state and local and the large enterprises, where our current plans are.

Okay, thank you. And then just as a follow-up, I'm wondering if you could maybe give us a little more color on what you're seeing from a demand perspective, security consulting versus the managed security services (technical difficulty) was driven by managed security services. But wondering what you're seeing on the security consulting side?

Hi, Melissa, this is Wayne. So our revenue growth was equal this quarter, almost identical between our consulting practice and our subscription business. So we're still seeing strong demand. Part of that is our focus, really, on the subscription business, and leveraging our counterfeit platform. But again, strong demand and [candidly] in a large-enterprise space, some demand and some changing demand that we are staying ahead of relative to assisting the large enterprise companies in managing some of their workload.

And, Melissa, this is Mike. You were a little hard to hear. So I think part of the question may have related to the conversion of consulting engagements to subscription business. And I would tell you that we are in consistent levels than what we've had historically, maybe on the higher-end of the levels that we've had historically, from a conversion of consulting -- clients where we start with consulting engagements and then convert them to subscription.

Okay, thank you.

Fatima Boolani, UBS.

Good morning, Mike and Wayne. Thanks for taking questions. Just kind of a big-picture question for Mike, to start. I'm wondering -- taking a step back, a lot of the firewall vendors in the cybersecurity market have talked about customer trends toward platform consolidation, or consolidation towards singular vendors. So as a managed security services provider, how does that change your value proposition, if at all, as presumably these environments are getting less complex? But was curious to hear your perspective on that? And a follow-up for Wayne, if I could.

Sure. So Fatima, I don't know if I would say that it's getting less complex. It may be -- because if you remember the Afghan analogy I used on the road show, with regard to companies having 50 to 70 different Afghans and continuing to getting hacked because the point products are not orchestrated and coordinated, that they are trying to go down to fewer than 50 to 70. But the hackers are clearly evolving their tactics, techniques and procedures, as they will continue to do into the future.

So I think the issue is, having fewer point products that may work among themselves makes sense from a -- fewer vendors to work with. Assuming that either those vendors have the best solution in each of their respective areas or there is a coordination between the vendor that may be the best firewall versus the one that may be the best app firewall or endpoint solution. We've actually seen that the industry seems to be continuing to come towards us, with somebody looking in a vendor-agnostic manner to coordinate among the various products that exist on the marketplace.

That's fair and helpful, thank you. And a question for Wayne, just to drill in on the cash flow. I know there were previous expectations to be cash flow positive by FY18, and I'm wondering if the usage of your tax loss credits by Dell is going to be an incremental component to obtaining that positive free cash flow? Or if you can just help us walk through the dynamics of how you plan to obtain cash flow positivity by FY18?

Sure. Good morning, thank you for the question. Relative to the cash flow positive, I believe that our focus is to continue on our path to profitability, which I talked about continuing to scale our investments around the CTP and in our international operations. That helps improve the gross margins of course. But then also to continue to scale the investment we made in our infrastructure to, as we rolled out, to become a public Company.

That path to profitability, we still see scaling continue and EBITDA positive. We are focused on becoming EBITDA positive as soon as we can. Which, if you follow the trajectory, we believe we are on that path. Relative to cash flow and the tax asset, we've never -- a long time ago -- and I'm talking about during the IPO process, which some of the listeners or the people on the call weren't involved with. But pre-becoming a public entity, there were various scenarios where, had we gone public in FY16, then the tax matters agreement would have started earlier and we would have been reimbursed for some of our FY16 losses.

And this is a detailed explanation because I think it's important. Our FY16 losses, we would have collected in FY17 -- since we did not become public until FY17, that deferred any type of collection on the tax assets that Dell may utilize into FY18. So that source of cash really isn't included in our forecast, in the path to profitability. The profitably for us is really around obtaining positive EBITDA. And we will highlight and break out separately the cash proceeds from the tax asset as we progress toward that, depending on Dell's individual tax liability situation.

Having said all that, our goals to cash flow positive have not changed.

That's correct. Our path to EBITDA positive has not changed.

Okay. And a quick follow-up, if I can sneak one in here, just regarding the hardware cost. I'm wondering if there are any incremental -- or if there's any incremental room for procurement efficiencies with respect to your relations with Dell? And perhaps any other provider to optimize the hardware cost in the model, both from the CTP appliance perspective, as well as your CapEx profile?

So again, thanks for the question. Good question. We focus on procurement efficiencies often -- well, all the time. One of our focuses though, relative to hardware, is actually going the other way, which is using technology and to virtualize as much hardware as we can, so that our clients are on a virtual basis. Which is well-underway and progressing nicely.

Thank you so much.

John Rizzuto, SunTrust.

Good morning, gentlemen, thanks for taking the call. And I want to just follow up on that last call. A lot of speculation prior to Dell closing on EMC, potential relationship partnerships among some of those software assets that Dell acquired or gets access to via the EMC acquisition, most notably VMware.

And so there was a lot of talking about that during the road show, during the lead up to the IPO. Now the deal is closed and, you know, it's very recent. But can you elaborate a little bit more now when some of the real opportunities might start to materialize, and how you've been thinking about it over the last several months?

So John, thanks for your question. This is Mike. We have had conversations regularly -- and actually, I think we had some yesterday and more scheduled this afternoon -- with the security parts of EMC. Which, as you mention, include the VMware organization. And in particular, for example, the NSX and AirWatch opportunities that they have there, as well as with a [meet] in the [RC] team to see where there were synergist opportunities for us to work together.

And we've been exploring those at arm's length, since the two organizations are not together, from a commercial relationship, to see if there's things we could do. And now that the deal has closed, we will get into full-fledged discussions to see where we can help create more value for our clients and figure out a way to work within the Dell technologies.

Okay, got it. As you look out -- and one of the things that -- obviously you have a large enterprise base already -- and we look at the different numbers and addressable market out there, there's a lot of potential as you penetrate into your existing client base. And you do give us those numbers of how well you're doing there.

Is the dynamic changing as far as -- I know it consistently changes with each passing month, and more confidence in the services. But is there anything out there that we can look for or you're looking for to say: look, this is really starting to accelerate, or we are hitting an inflection point where we are getting more critical workloads, we are getting work penetration into these enterprises, and they are relying on us in a much broader way than what they had historically?

I think that's a great -- this is Mike again, and thank you for the question. I would tell you that we mentioned that the sales pipe is growing nicely. And we're probably in the early innings of what you described with regard to more attention -- at least, I think we've seen more attention in the last 90 days or so, from boards and C-suites focusing on this -- this being security.

And we sit in a good place to help them in a vendor-agnostic manner, being aligned with them from a solution perspective. And I think it's one of the reasons we've seen the pipe grow. That and our cloud solution that we've come out with, and the Red Cloak solution at the endpoint, which partners with the best-of-breed other endpoint technology solutions. So I think your observation is a good one, and I would say that we are in the early innings of what I hope comes to fruition the way you've laid it out.

Okay. All right, great. Well, thanks for taking the questions, and congratulations on the good quarter.

Thank you.

Thank you very much. Thank you, everyone. We appreciate you joining us on the call, and we will talk to you again next quarter. Have a great day.

This concludes today's conference call. We appreciate your participation. You may disconnect at this time.