FireEye acquires Verodin for $250 million

FireEye announced the acquisition of Verodin, the leader in validating the effectiveness of cyber security controls. The transaction closed today and is valued at approximately $250 million in cash and stock, net of acquired net cash and excluding assumed unvested options, based on the closing price of FireEye’s common stock on May 24, 2019.

The combination is expected to be accretive to revenue, cash flow from operations and non-GAAP operating income in 2020, and add approximately $20 million to billings in 2019 and more than $70 million to billings in 2020.

The Verodin Security Instrumentation Platform adds significant new capabilities to the FireEye portfolio by identifying gaps in security effectiveness due to equipment misconfiguration, changes in the IT environment, evolving attacker tactics, and more. Equipped with FireEye frontline intelligence, the Verodin platform will measure and test security environments against both known and newly discovered threats, empowering organizations to identify risks in their security controls before a breach occurs, and rapidly adapt their defenses to the evolving threat landscape.

“Security effort does not equal security effectiveness. That is why security-conscious customers red-team their networks – they need the unvarnished truth of how effective their security programs are. Verodin gives us the ability to automate security effectiveness testing using the sophisticated attacks we spend hundreds of thousands of hours responding to, and provides a systematic, quantifiable, and continuous approach to security program validation,” said Kevin Mandia, chief executive officer at FireEye. “We believe there is no better way to train people and instrument better security than by continually attacking the environment and adapting security controls to the real threats. Finally, organizations will have a reliable and consistent way to quantify cyber risk in a manner understandable to frontline technicians and in the Board room.”

“Cyber security today is based on assumptions – that technologies work as vendors claim, products are deployed and configured correctly, processes are fully effective, and changes to the environment are properly understood, communicated and implemented. However, the reality is much different for almost every organization and often they discover this only after being on the wrong side of a breach,” said Chris Key, Verodin co-founder and chief executive officer prior to the acquisition. “By joining FireEye, Verodin extends its ability to help customers take a proactive approach to understanding and mitigating the unique risks, inefficiencies and vulnerabilities in their environments.”

The Verodin platform complements existing cyber security products and technology-enabled services. Verodin will integrate with FireEye Helix security orchestration capabilities to help customers prioritize and automate continuous improvement of security controls. Customers will also be able to implement Verodin cyber security measurement and validation solutions “as-a-service” through the FireEye Managed Defense service and as an Expertise On Demand automated service.

Acquisition-related update to Q2 and 2019 outlook and preliminary 2020 impact

Based on the company’s preliminary evaluation of the Verodin business and the anticipated impact of purchase accounting on Verodin deferred revenue balances, guidance ranges for the second quarter and full year 2019 have been updated to reflect the acquisition.

Additionally, FireEye currently expects the acquisition of Verodin to contribute over $70 million to 2020 billings and be accretive to 2020 revenue, cash flow and non-GAAP operating income.

For the second quarter of 2019, FireEye currently expects:

• Revenue in the range of $213 million to $217 million.
• Billings in the range of $207 million to $222 million.
• Non-GAAP gross margin as a percent of revenue in the range of 74 percent to 75 percent.
• Non-GAAP operating margin as a percent of revenue in the range of 0 percent to 2 percent.
• Non-GAAP net income per diluted share between $0.00 and $0.02.
• Cash flow generated by operations between negative $7 million and negative $12 million.

Non-GAAP net income per diluted share for the second quarter assumes interest income on cash and cash equivalents and short-term investments will offset cash interest expense associated with the company’s convertible senior notes, provision for income taxes of between $1.5 million and $2.0 million, and weighted average diluted shares outstanding of approximately 210 million.

For 2019, FireEye currently expects:

• Revenue in the range of $890 million to $900 million.
• Billings in the range of $935 million to $955 million.
• Non-GAAP gross margin as a percent of revenue of approximately 75 percent.
• Non-GAAP operating margin as a percent of revenue between 4 percent and 5 percent.
• Non-GAAP net income per diluted share between $0.12 and $0.16.
• Cash flow generated by operations between $95 million and $115 million.

Non-GAAP net income per diluted share for 2019 assumes interest income on cash and cash equivalents and short-term investments will offset cash interest expense associated with the company’s convertible senior notes, provision for income taxes of between $6 million and $8 million, and weighted average diluted shares outstanding of approximately 215 million.