Yahoo Finance SecureWorks Corp. (SCWX) Q4 2018 Earnings Conference Call Transcript
Image source: The Motley Fool.
SecureWorks Corp. (NASDAQ: SCWX)
Q4 2018 Earnings Conference Call
March 27, 2019, 8:00 a.m. ET
Contents:
Prepared Remarks
Questions and Answers
Call Participants
Prepared Remarks:
Operator
Good morning, and welcome to the SecureWorks Fourth Quarter and Full Year Fiscal 2019 Financial Results Conference Call. Following prepared remarks, we will conduct a question-and-answer session. (Operator Instructions) At this time, all participants are in a listen-only mode. We are webcasting this call live on the SecureWorks Investor Relations website. After the completion of the call, a recording of the call will be made available on the same site.
Now I will turn the call over to Teri Miller, VP and Chief Accounting Officer. You may begin.
Teri L. Miller -- Vice President and Chief Accounting Officer
Good morning, everyone, and thank you for joining us today to review SecureWorks' financial results for the fourth quarter and full year fiscal 2019. This call is being recorded. The call is also being broadcast live over the Internet and can be accessed on the Investor Relations section of SecureWorks website at investors.secureworks.com.
The webcast will be archived at the same location for one year. This morning, SecureWorks issued a press release announcing results for its fourth quarter and full fiscal year ended February 1st, 2019. You can access this press release on the Investor Relations section of the SecureWorks website.
During this call, management will make forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. These forward-looking statements include, but are not limited to guidance with respect to GAAP, non-GAAP revenue and net loss per share as well as adjusted earnings before interest, taxes, depreciation and amortization.
Our forward-looking statements involve risks and uncertainties that could cause actual results to differ materially from those anticipated by these statements. You can find a description of these risks and uncertainties in this morning's earnings press release and in the Company's annual report on Form 10-K for the year ended February 1st, 2019, which will be available on our Investor Relations website and on the Securities and Exchange Commission's website later this afternoon.
All forward-looking statements made on this call are based on assumptions that we believe to be reasonable as of this date, March 27th, 2019. We undertake no obligation to update our forward-looking statements after this call as a result of new information or future events. Some of the financial measures we use on this call are expressed on a non-GAAP basis. These non-GAAP measures exclude stock-based compensation, the impact of purchase accounting, amortization of intangibles and the related tax effect of these items.
We have provided reconciliations of the non-GAAP financial measures to GAAP financial measures in today's earnings press release available on our website. Non-GAAP measures are not intended to be considered in isolation from a substitute for or superior to our GAAP results, and we encourage you to consider all measures when analyzing SecureWorks' performance. Also, as a reminder, all financial information discussed is non-GAAP and growth rates are compared to the prior year period unless otherwise stated.
With us on today's call are Michael Cote, President and Chief Executive Officer of SecureWorks; and Wayne Jackson, Chief Financial Officer. Following their prepared remarks, we will take your questions. We would appreciate you limiting your initial questions to two, so that we may allow as many of you to ask questions as possible in our allotted time. In the event you have additional questions that are not covered by others, please feel free to reach (ph) you and we will do our best to come back to you. Thank you for your cooperation on this.
Now, I would like to turn the call over to Mr. Cote.
Michael R. Cote -- President and Chief Executive Officer
Thank you, Terri, and thank you, everyone for joining us this morning for our fourth quarter 2019 earnings call. Our fourth quarter was good and marks the end of another great year for SecureWorks. Revenue was $131 million for the quarter and $519 million for the year, which was up 11% over fiscal 2018. Our international regions had an impressive year with 50% revenue growth over fiscal 2018.
We were exiting the year with gross margin of 56% for the second quarter in a row and improved overall gross margin for the year. EBITDA was $4.8 million in the fourth quarter and $11.8 million for the full year, a $25 million improvement over fiscal 2018. Cash flow from operations was $31 million in the quarter and a record $57 million for the full year, and we reported non-GAAP earnings per share of $0.02 for both the quarter and the full year, our first positive EPS year.
From a go-to market perspective, the value of fourth quarter annualized sales contracts, which we refer to as ACV, increased 15% sequentially from Q3. All regions and teams in the U.S. increased ACV sequentially as well as EMEA, which had another strong quarter. Fourth quarter ACV results helped drive a $1 million sequential MRR increase to $36.2 million, one of the larger quarterly increases in the past three years.
In fiscal 2019, ACV was the highest in the Company's history and quota carrier productivity increased 12%. We delivered strong financial results in fiscal 2019 and achieved significant milestones in the advancement of our strategy to deliver software-driven security solutions and operating efficiencies throughout the business. I want to thank the entire SecureWorks team for their accomplishments over the last year and for their dedication to delivering on our customer commitments.
Earlier this month, we celebrated our 20th anniversary as a Company. Since SecureWorks was founded in 1999, the threat landscape and security industry have changed dramatically. Threat actors have become well-funded, coordinated and are using advanced technology to disrupt and steal from organizations large and small.
The attack surface has expanded through the surge of connected devices driven by the evolution of software-defined networks and the expansion of the Internet of Things. Within the industry, we've seen numerous vendors come and go, yet, the number of security industry participants has risen to over 2,500.
This presents two challenges; overwhelming choices for the market and point products that did not provide unified visibility or coordinated responses of organization's full ecosystem. SecureWorks has also changed and evolved over the years. When I joined in 2002, we were still a start-up company. Like many other start-ups, we had a nominal revenue stream and were running out of cash.
This year we crossed the $0.5 billion mark in revenue, generated positive EBITDA for the first time as a public Company and has operating cash flow of $57 million, which is over 4 times greater than our EBITDA.
Over the years, several notable things have endured and continued to contribute to our success; the passion to fulfill our purpose of securing human progress; execution on our mission to protect organizations in the digitally connected world; our continuous innovation. We've developed proprietary technology and threat intelligence leveraging our multi-vendor approach to create a true network effect and our customer-first approach in all we do. These enduring qualities have earned SecureWorks a position as a leader in the industry and have formed the foundation of our strategy to deliver software-driven security solutions.
Key aspects of this strategy include, software. We are developing software-driven security solutions that use the latest advances in technology including cloud capabilities that apply our powerful intelligence and that leverage partnerships in the broader security community.
Next, integrated solutions and services. Managed security solutions and professional services delivered in combination with our software allow customers to have the best available defenses, while leveraging their existing security investments.
Our flexible solutions are targeted to customers at various points in their security maturity journey and are delivered seamlessly and at scale increasing velocity and efficiency for our customers and our business. As I reflect upon fiscal '19, I would call out a couple of examples of strategic milestones we've achieved.
The launch of our Red Cloak Partner program. This combination of SecureWorks' Red Cloak Analytics with best of breed endpoint providers leverages the strengths of each party for the benefit of our common customers. We launched our Endpoint Threat Detection solution with CrowdStrike end of December closing several opportunities and building a strong pipeline.
In addition to Carbon Black and CrowdStrike, the first two partners in the program, we are continuing discussions with selected parties, who clearly see the common customer value of participating in the program. We also collaborated with Dell to introduce Dell SafeGuard and Response, a portfolio of next generation endpoint security solutions sold by the global Dell Salesforce.
This modern approach to security simplifies the buying process allowing Dell's commercial customers to order these new solutions alongside their new PC. The partnership we have with CrowdStrike is the foundation of this offering, which became available earlier this month through Dell and its authorized channel partners.
This offering is a prime example of the powerful solution that we create through partnership, collaboration and coordination within the security community. In a very short period of time, we've already seen encouraging momentum with a strong pipeline building. We are pleased to be working with our Dell Technologies family and leveraging their expertise and powerful distribution capabilities.
We have also invested in advancing software enabled delivery. Having realized speed and efficiency gains from leveraging digital playbooks internally, we launched our Orchestration and Automation solution for customers earlier this month.
Our Orchestration and Automation solution provides playbooks to automate customer specific security workflows. A broad set of integrations enables a unified view of a customer's environment, adding context to enrich infinite data and automation of response activities.
Using the Ansible open source engine, SecureWorks' unique do it with you approach ensures that customer specific playbooks and automated responses are aligned with the best practices gleaned from our extensive array of incident response engagements each year. Because our software design leverages SecureWorks' deep security operations expertise, customers can be certain they are automating the right responses in the context of both their environment and the threat.
Another recent success with software-enabled delivery is our self-service provisioning capability, which was launched in December. This allows our customers to range security coverage of their network ecosystem, which more rapidly including asset discovery on one-click device activation. All new customers are auto enrolled and over 25% of our existing customers have already been converted. As we start our new fiscal year, I am very optimistic about our ability to continue bringing new innovative solutions to market like the SafeGuard solution in partnership with Dell.
We are making investments in sales and marketing to support this important opportunity, which I anticipate will have an incremental positive impact on our fiscal '20 results. We will continue driving our strategy by launching our first app on the new application framework we've previously discussed. This threat detection and response app has been in beta since early December. During the beta we have been working with a group of our enterprise customers that have mature security programs and experienced teams.
These customers have provided positive feedback regarding the app's ease of use and more importantly, the ability to detect previously undetected threats, automate investigation, and scale remediation. Our plans in fiscal '20 also include accelerated investments in the development of additional security apps as well as expansion of the underlying framework to ensure success of this component of our strategy. I look forward to providing more details about our progress with both of these important strategic initiatives on next quarter's call.
I will now turn it over to Wayne to talk about our fourth quarter performance in more detail. Wayne?
R. Wayne Jackson -- Chief Financial Officer
Thanks, Mike, and good morning, everyone. First, I echo Mike's comment that FY '19 was a very strong year in many ways.
In addition to double-digit revenue growth, we improved our operating leverage, delivered positive EBITDA for the first time as a public Company and generated record cash flow from operations. Our FY '19 accomplishments position us to invest in strategic priorities that will continue driving growth in FY '20. In the fourth quarter of FY '19, revenue was $130.7 million, an 8% increase over Q4 FY '18 and a 1.8% decrease sequentially.
Fourth quarter revenue was below our expectations, primarily as a result of a delay in the solutions transition for the large customer we have spoken about previously. We are now substantially ramped under the terms of the new contract and seeing gross margin improvements as expected.
Despite the lower fourth quarter revenue, overall gross margin was strong at 56% and lower operating expenses allowed us to generate $4.8 million of EBITDA, hitting the higher end of our guidance range. Our average annual subscription revenue per customer was $103,000 this quarter, and we closed 16 deals with total contract value greater than $1 million in the fourth quarter.
A couple of notable examples of new large deals that we signed in the fourth quarter include a two-year $4.5 million agreement with a US-based insurance company. Our MDR Package solution launched in Q2 was the foundation of this deal, coupling Red Cloak Analytics with our Advanced Remediation Management offering.
A second notable example is a three-year $1.2 million deal with a large US-based transportation company. In this case, we converted a stand-alone consulting engagement into a broader MSS victory. We exited the quarter with monthly recurring revenue of $36.2 million, an increase from $35.1 million last quarter.
Annual recurring revenue as of the end of the year was $434 million. Consulting revenue grew 17.2% year-over-year and comprise 24.7% of total revenue for the quarter. We anticipate our subscription to consulting revenue mix will continue at the 75% to 76% level for the next several quarters as incident response and other consulting services are an important component of a comprehensive security solution for our customers.
Revenue retention ending FY '19 was 89% versus 96% at the end of FY '18. Excluding the impact of a large customer referenced earlier ending FY '19 revenue retention was 93%. Our churn is still largely service churn versus customer churn, and we believe with our continued innovation and launch of new offerings as well as improved account management processes implemented in the second half of FY '19 that we will drive notable progress in this area in FY '20.
Finally, revenue outside the US grew to 24% of total revenue in the fourth quarter, up from 18% last year on the consistently strong growth in the UK, Middle East and Japan. Gross margin totaled $73.2 million in the fourth quarter of FY '19 or 56% of revenue compared with prior year fourth quarter gross margin of $64.5 million or 53.3% of revenue.
Full year gross margins expanded for the fifth year in a row to 55.3%, driven by margin improvements in both MSS and Consulting. Fourth quarter operating expenses totaled $71.8 million compared with $73.8 million last year.
FY '19 operating expenses of $288.6 million increased only $3.8 million or 1.3% year-over-year including incremental investments in the development of our new software application framework. Operating expenses as a percentage of revenue were 55.6% for the full year compared with 60.8% in FY '18.
Operating leverage benefited from sales productivity improvement and efficiencies driven by sales investments last year. Research and development expenses totaled 15.7% of revenue in the quarter and 16.1% of revenue for the year compared with 16.4% for the full year last year.
As noted earlier, we will continue to invest in innovative technologies throughout FY '20 to further advance both our new application framework initiatives and apps that leverage the new framework as well as our Orchestration and Automation capabilities.
Sales and marketing expenses were approximately 27% of revenue in the fourth quarter and 26.8% for the year, down from 29.7% for the prior full year. The decrease is primarily related to the sales rep productivity improvements Mike mentioned as well as continued leverage in our historical sales and marketing investments.
General and administrative expenses totaled 12.2% of revenue in the fourth quarter and 12.7% for the full year compared with 14.7% last year. Adjusted EBITDA in Q4 was $4.8 million compared with a $5.7 million loss last year. We also delivered non-GAAP net income of $1.5 million compared to a net loss of $5.3 million last year as the margin on higher revenue offset the increased R&D investments in FY '19.
Non-GAAP earnings per share were $0.02. Regarding cash flow and balance sheet items. Based on improved profitability as well as prior system investments and ongoing focus on working capital management, operating cash flow was $31.2 million in the fourth quarter, including $20.4 million received from Dell related to the monetization of our tax attributes.
Operating cash flow for the year was $57.2 million and free cash flow was $47 million for the year or $26.6 million, excluding collection of the tax receivable. DSO was 98 days at the end of FY '19, down from 119 days at the end of last year. We finished the year with cash of $129.6 million and have an uncapped $30 million credit facility, which was recently extended for an additional year on similar terms. The Board also approved a $15 million increase to our existing stock repurchase program.
Now for FY '20 guidance. In the first quarter of FY '20, we expect both GAAP and non-GAAP revenue to be in the range of $131 million to $133 million and we expect non-GAAP net loss per share to be between $0.05 and $0.06. For FY '20, we expect the following.
We expect GAAP and non-GAAP revenue to be in the range of $565 million to $575 million. Our adjusted EBITDA to be positive for the full year in the range of $2 million to $6 million, and our non-GAAP net loss per share to be $0.09 to $0.13 per share. We expect cash provided by operations to be between $25 million and $35 million. For phasing purposes, recall that we typically see negative cash flow in Q1 due to the payment of annual incentive compensation.
We expect GAAP net loss per share to be in the range of $0.60 to $0.64. For modeling purposes, we estimate that the tax benefit rate will be approximately 24.2% for the full year. A few items of specific note relative to guidance. The annual revenue guidance of $565 million to $575 million, which is consistent with what we shared last quarter anticipate sequential acceleration related to key growth opportunities that will ramp throughout the year.
Also our first quarter estimates include additional sales and marketing investments associated with the new SafeGuard solutions in partnership with Dell. We expect the revenue from these solutions to ramp up quickly quarter-to-quarter and have a positive contribution to our result in FY '20, but is dilutive to EBITDA in Q1.
Additionally, FY '20 guidance includes an incremental $15 million to $18 million investment in R&D over FY '19, as we prepare to launch the first app on our new software application framework and continue expanding the framework in our app portfolio.
We had a great FY '19. Mike and I are both very pleased with the financial performance and along with the rest of the SecureWorks team are excited about the opportunities as we move into FY '20. Finally, as was reported in our 8-K this morning, I will be leaving the Company by the end of FY '20. I joined the Company in 2015 to assist with transitioning SecureWorks from a wholly owned subsidiary of Dell Technologies to a stand-alone public Company.
With the IPO three years behind us, the time has come for me to move on, and I will do so once my successor is named. I've agreed to stay on with SecureWorks until the end of the fiscal year to assist with this transition.
I will now return the call to Mike.
Michael R. Cote -- President and Chief Executive Officer
Thanks, Wayne. Before I turn it over the operator for questions, I would first like to thank Wayne for his contributions to our organization during a very important period in our Company's history. And I want to thank the entire team for their hard work and dedication to our customers and our organization.
We work closely with and have the support of an outstanding Board of Directors to make key strategic investments, focused on driving long-term success. As I think about our performance this year, I'm certainly pleased with our progress and I am more excited and optimistic about our future than ever before.
We have significant opportunities to accelerate our growth and continue our leadership within the industry, which will create value for our customers, employees, and shareholders. On behalf of the entire SecureWorks team, we appreciate your continued interest and support.
Operator, you can now open the line for questions.
Questions and Answers:
Operator
Thank you, sir. I will now open the call for questions. (Operator Instructions). We'll take our first question from Sterling Auty with JPMorgan. Go ahead please.
Sterling Auty -- JPMorgan -- Analyst
Thanks. Good morning, guys. Actually, I want to start with this one. I want to, kind of, understand Dell's vision here with SecureWorks. On one hand, you've got great support in terms of the go-to market in the partnership program that you've got. And on the other hand, you know, we see the headlines in Reuters talking about Dell exploring the sale of SecureWorks. You know any kind of high level commentary you can give in terms of the vision that they've got for SecureWorks going forward, just so we can do it in a public forum and all kind of hear it at once that'd be great?
Michael R. Cote -- President and Chief Executive Officer
Sure, Sterling. This is Mike Cote. Good morning, and thanks for the question. I think the best way to answer that question is the Dell SafeGuard and Response announcements that we had, which has a unified PC security and device management solution that they can bring to market where SecureWorks is front and center in that solution. It's a portfolio of next generation endpoint security solutions including CrowdStrike's next gen antivirus and EDR solutions bundled with the SecureWorks' Red Cloak Analytics. Our management of the endpoint in our Incident Response services. The solutions are sold through the overall global Dell sales team and includes a group of security specialists that we mentioned, part of which were picking up the costs in our P&L from an investment perspective.
And I think both the Dell organization and the SecureWorks organization are very excited about the opportunities we have, not only there, but as I mentioned in the prepared remarks, there's other things that we're exploring to be a key part of the security pillar from a Dell's strategy.
Sterling Auty -- JPMorgan -- Analyst
Okay. And then one follow-up from my side. You talked about the second half, the improvements or the items you are going to improve the retention rate. Can you remind us what those specific actions are and what do you anticipate the impact can be on that customer retention number in this fiscal year?
Michael R. Cote -- President and Chief Executive Officer
Let me take the first part of it, and then I'll see if Wayne has anything to add or whether I covered it fully. We have a specific executive focus on retention and I think as we've mentioned earlier, there were parts of our offering relating to retention as the market has evolved.
We've come up with the new offerings over the last, if you will, 12 months. And just as a refresher, Q1 of last year we came up with the detect and prevent solutions for the small to medium-sized business market. We came out in Q2 with the Managed Detection and Response solution for the higher-end enterprise market we came and some of, I should say, the commercial marketplace. In Q3 of last year, we came out with the endpoint partner program.
In Q4 we had the advanced endpoint threat detection, which we announced with CrowdStrike and Carbon Black. And then in Q1 of this year we've gone public to announce the Orchestration and Automation. The Dell SafeGuard and Response, which has got a strong pipeline building with the Dell sales organization. And we talked about the threat detection and response app.
So, I would say, there's a couple of things that in your question, Sterling, and that includes the new offerings that we've come out with, which will contribute both to retention and accelerated growth. We believe later in this year, it includes a focus on, in particular, North America on territory plans, account plans, pursuit plans and executive sponsor program, much like we've done in EMEA over the last few years.
R. Wayne Jackson -- Chief Financial Officer
Yes, Sterling, good morning. This is Wayne. I'll just add a couple of things. One, the data is compelling. When we have multiple solutions at a client, they have better security outcomes. We have better relationships and then -- and therefore retention is higher. And then to Mike's point, as we roll out the new solutions, not only will that generate new incremental revenue, it will help us in our revenue retention for existing clients.
Sterling Auty -- JPMorgan -- Analyst
All right, great. Thank you.
Michael R. Cote -- President and Chief Executive Officer
Thank you.
Operator
Your next question is from the line of Fatima Boolani with UBS. Go ahead please.
Katherine McCracken -- UBS -- Analyst
Hi, this is Katherine McCracken on for Fatima. Just moving off of that last question in terms of the newer offerings and your expectations for fiscal year '20. Can you talk a little bit more about what's specifically baked into the guidance?
R. Wayne Jackson -- Chief Financial Officer
Sure. Good morning. This is Wayne. I'll take that one. Our guidance for both the quarter and the full year assumes the rollout of really all of these solutions at staged. We believe there will be some incremental impact in Q1 of the Dell SafeGuard. That will ramp quickly into Q2 and beyond. The TDR rollout that we talked about will not be in Q1, it will begin to ramp in Q2 and gain momentum in Q3 and Q4. Those are probably the two largest incremental items that we've talked about.
Katherine McCracken -- UBS -- Analyst
Okay, got it. That's helpful. And then just as a follow-up, I think, you mentioned in the prepared remarks improvements you'd seen in sales productivity. Can you talk specifically about how that relates to the US sales force and any leadership changes you'd made in the last quarter?
Michael R. Cote -- President and Chief Executive Officer
Sure. This is Mike. I'll take that. Thank you, Katherine. It's sort of a two-part question you had there. Addressing the first part, there were no substantial leadership changes in North America other than the fact that we did fill the North American sales leader with a strong, experienced executive that joined us in the last month or two.
And effectively as we talked about in the prepared remarks, to answer your first part of your question. Our sales productivity occurred in all markets and all regions including North America. So we had the highest ACV or annual contract value, which is what we measure in the history of the Company.
The per quota carrier productivity went up 12% across the organization and again North America increased. ACV was up 15% in Q4 over Q3, and the reasons for that, I would say, are a couple of things. One is, because the new executive didn't start until really the beginning of Q1 this year, it was the new offerings that we've come out with which are simplified pricing and packaging in a more modular repeatable approach. I think it's better management.
Jeff -- as I mentioned, Geoff Haydon, joined us about a year ago and has put his -- the team in place. And we've rolled out some -- some easier to use sales place. Actually just had our sales kick off in the last couple of weeks and there was a tremendous amount of excitement going into this fiscal year.
And so we've got some real momentum picking up quickly with the Dell organization on the Dell SafeGuard and Response. So, I would tell you, overall, I feel the best about our sales team and our whole go-to market engine as I have in probably the last three years.
Katherine McCracken -- UBS -- Analyst
Okay. Got it. Thanks so much.
Operator
Thank you. Your next question is from the line of Jonathan Ho from William Blair. Your question please.
Jonathan Ho -- William Blair -- Analyst
Hi. Good morning. Can you hear me OK?
Michael R. Cote -- President and Chief Executive Officer
We can. Good morning, Jonathan.
Jonathan Ho -- William Blair -- Analyst
So, I just wanted to give you some congratulations as well, Wayne, in terms of the opportunity, and it's just been great to work with you over this time. But just maybe starting with the international growth. Can you talk a little bit about the opportunity there to make investments and sort of the stronger growth that we've seen on that side of the business, maybe what's been driving that and where you've been seeing strength?
Michael R. Cote -- President and Chief Executive Officer
Sure, Jonathan. Thank you for the question. It's Mike. I have mentioned on prior calls that the leadership team we have and the organization that has been put in place over in EMEA, which consists of the UK and the Middle East and parts of mainland Europe has been strong and continue to produce for a long time.
We've got a strong and experienced leader and leadership team. They have some best-in-class processes that have been put in place, as I mentioned earlier about -- with regard to territory planning and account planning and pursuit planning and executive sponsor programs. We have continued to invest in that market both from a go-to market perspective as well as from a delivery perspective.
And the solutions that I mentioned earlier detect and prevent at MDR and the Red Cloak Partner program, the advanced endpoint threat detection, the Orchestration and Automation solutions, the Dell SafeGuard and Response and TDR, are all going to be offered in EMEA as well as in North America. In the Asian market, we've got a very strong brand from an incident response perspective and have grown tremendously there. And, I think, that's probably the quick summary of all the various points. But I'm excited and feel really good about the growth we've had both in Asia and EMEA on a consistent basis. And as we mentioned, the pieces of the puzzle are coming together and Q4 was very strong in North America as well.
Jonathan Ho -- William Blair -- Analyst
Got it. And then in terms of the investments that you need to make to drive the growth from some of these products, can you talk a little bit about how this impacts either your go-to market from a sales overlay perspective or whether you need to invest incrementally in terms of R&D in the coming year as well? Thank you.
Michael R. Cote -- President and Chief Executive Officer
Sure. I'll touch on that and then, Wayne, feel free to add anything.
R. Wayne Jackson -- Chief Financial Officer
Sure.
Michael R. Cote -- President and Chief Executive Officer
This is Mike again, Jonathan. On the go-to market front, there has been no specific investment relating to go-to market other than on the Dell SafeGuard and Response that I mentioned earlier either in the Q&A or in our prepared remarks.
What we've done to leverage the overall Dell sales force is to -- we had an agreement with Dell where we are picking up a portion of the security specialists on a flat amount per quarter. So, you can expect to see a little bit more of those costs in Q1, and we're hoping the revenue with the pipeline is built already will begin to ramp and accelerate as the year goes on.
Other than that, there is very little incremental go-to market investments on the growth expectations we have. So the go-to market organizations have been put in place. I'm excited about the productivity increase of 12% during the year and expect continued increase in productivity into fiscal '20 and quite frankly beyond.
On the R&D investment front, I think, Wayne said that we were going to look to make some R&D incremental investments during the year and we're doing that with regard to, in particular, the threat detection and response app that we're coming out with, and the success that we've seen to date. In the next 60 days or so, we expect to (ph) GA that application.
So, we'll be investing in incremental apps and dollars in R&D on the framework itself based upon the successes that we see in the market and where we see it makes a lot of sense. But I'm excited about the progress and the opportunities we have in -- on the R&D front to come out with some really cool things.
It is worth saying just for a minute to go up. The TDR application, when it's launched, what we will be selling is software or really a software-as-a-solution application. The way it's sold, the way it's delivered, it is -- the initial applications are without any service. So, it's really for people that are in the more matured category and we'll be looking to get the benefit of the network effect and our intelligence. Over time, we will expand this to the market that wants us to do it with them.
So, we'll add a service rep around it over time. And the initial features include detection used cases and detectors based on our advanced analytic capabilities, collaborative investigation opportunities and integrated software-driven response and SOAR applications.
Operator
Thank you so much. Your next question is from the line of Matt Hedberg with RBC Capital Markets. Go ahead please.
Matthew Swanson -- RBC Capital Markets -- Analyst
Thanks. This is actually Matt Swanson on for Matt. You know when you were launching your SOAR product at RSA, I know you've talked a little bit about the differentiation from off-the-shelf competitors with the do it with you approach. Could you just kind of talk about how this product is differentiated in the market, and how you feel you're bringing kind of a unique value with some of the consulting services in your previous expertise?
Michael R. Cote -- President and Chief Executive Officer
Yes. So, Matt, this is Mike Cote. I think the first thing, I would say is, well, there's a couple things. One is we do a front-end assessment to help build the used cases and also use and leverage the used cases that we've built across our internal organization as well as the other customers that we were working with around the globe.
So, we really have kind of the best practices from an operating perspective, and there will be ongoing tuning for these clients as well as we work this through and roll it out. The other thing that I think is of importance is the fact that we are doing this with Ansible so from the open source technology.
So, we're not trying to make this proprietary. We're trying to do this in a manner that our clients can use it in an open environment and in a collaborative environment.
Matthew Swanson -- RBC Capital Markets -- Analyst
That's great. And then if I can just ask one kind of I guess at the highest of high level, how are you guys thinking about the security spending environment in FY '20? And then just, I mean, with things like SOAR and some of the new products you're adding. Is there anything you're noticing about how priorities are changing and security budgets maybe toward more automation, more I guess help needed by customers from you?
Michael R. Cote -- President and Chief Executive Officer
Matt, that's a good question. This is Mike Cote again. I -- In the market I would tell you that I see there continuing to be an increased focus, and I would expect market demand to be high for security solutions. But your insight is very good in that, I think, that the focus is going to be more on a return on investment for the dollar spent. Please show me the risk. If I were a Board member or a CEO what's the risk reduction. So, how are we automating the detection, investigation and response aspect of things to really have human beings both in the organization or where people have used SecureWorks or others for help.
How are we putting human beings to do the best, what is best for them rather than doing the more routine and mundane things. So, the key, in my opinion, in some of the Board meetings of our clients and customers that I've sat in relate and focus on looking for a risk reduction and return on investment and finding a way to measure the dollar spent.
One of the things, by the way, I'm sorry -- one of the things just to add real quick is, and I think you know that we have on our website and it's not a -- it's a product, it's really something we're trying to offer is our security maturity model, which is an easy to fill out questionnaire that can show comparisons versus other customers and others in the industry in a manner, I should say, customers and non-customers because there's people that have filled it out that are not yet a customer of SecureWorks.
So, it's really an offering focused on trying to measure where companies are in the security maturity and helping them report that and then how depending on where they want to be in that security maturity, how they can take steps to mature along that process. So, our new offerings are really focused on automating and responding in a manner and using the security maturity models a way that kind of helps put things in context.
Matthew Swanson -- RBC Capital Markets -- Analyst
All right. Thanks for the time.
Michael R. Cote -- President and Chief Executive Officer
Thank you.
Operator
We have a question from the line of Melissa Franchi with Morgan Stanley. Go ahead please.
Melissa Franchi -- Morgan Stanley -- Analyst
Good morning. Thanks for taking my question. I wanted to follow-up on the SOAR discussion from the prior question. So, with security vendors like Palo Alto and Splunk increasingly investing in Orchestration and Automation, do you feel like those vendors start to become more competitive with you guys just either directly with the SOAR capabilities or maybe even indirectly as more of the functionality gets automated and perhaps you need less services to help with that Orchestration?
Michael R. Cote -- President and Chief Executive Officer
Well, so we are not -- you kind of had two questions in there. So, let me make sure, Melissa, I -- this is Mike again, and thank you for the question. Let me make sure I'm addressing your question specifically and that I don't answer it incorrectly. We specifically took the approach of using an open source software solution because we don't believe software in automating the security expertise and the security intelligence is where the value is. We believe the value is on the expertise and intelligence in the playbooks, and not in the software.
So, our view would be that we can work collaboratively with any off-the-shelf source solution that exists and Ansible as an open source product can clearly plug into that. But the differentiator in the market is not going to be our services. It's going to be our ability to write applications and playbooks and security intelligence that we have where we can do it in a specific client perspective where the client can help do it and we can leverage it across our client base for the core parts of the steps that need to be taken from a source perspective. I was a little confused with your question, Melissa, as far as that I addressed. I wasn't sure which part of competitor you're talking about, the services, (multiple speakers) -- OK.
Melissa Franchi -- Morgan Stanley -- Analyst
Yes. I'm just wondering if like the extent to which actions get more automated if that reduces the need for your services?
Michael R. Cote -- President and Chief Executive Officer
Well, yes, I am happy -- quite frankly, I'd be happy for that to happen because it means that applying the intelligence becomes much more repetitive and the stack of activities we can do will go up the pipeline rather than dealing with the rudimentary things.
So, we would -- we are not looking -- we are looking to say that SOAR activities in our opinion, the activity action itself, automation should happen throughout everyone's network and it should make it easy. The differentiation is going to be on the intelligence and the expertise and being able to do that collaboratively across the industry and applying it in the best interest of our customers.
Melissa Franchi -- Morgan Stanley -- Analyst
Okay, that's very helpful. And then on the revenue retention rate. Thank you for the color on the initiatives that you guys are undertaking to improve that rate. And I know that you had the headwind from the large customer transition, but absent that, what do you think is driving the increased churn that we've seen over the past few quarters, and is there any competitive factors at play?
Michael R. Cote -- President and Chief Executive Officer
So, this is Mike again, thank you for the question. You had a two-part question there, and I would say that I don't view it as competitive factors in the marketplace. As we've mentioned and this is continued throughout fiscal '19. It's more service churn than it is logo churn and it's relating to exactly, actually the question that Matt asked earlier in my opinion, where customers are looking to reallocate their dollars, which we are supportive of and worked with them where they can get better security efficacy and efficiency in what they're doing.
And we've been focused on ensuring that the customers that have multiple of our solutions, end up getting -- we end up getting a higher retention rate and they end up getting a better solution with better outcomes. It's the reason why if you go through the six new offerings that we've announced over the last year or so have been announced and laid out in the structure and the timing of which we announced them because we're looking to make sure we can move strategically and quickly up the spectrum to provide more value to our clients.
Melissa Franchi -- Morgan Stanley -- Analyst
Very good. Thank you very much.
Operator
The next question is from the line of Saket Kalia from Barclays. Go ahead please.
Saket Kalia -- Barclays -- Analyst
Hey, good morning guys. Thanks for taking my questions here.
R. Wayne Jackson -- Chief Financial Officer
Good morning.
Michael R. Cote -- President and Chief Executive Officer
Good morning. Hey, first maybe for you, Mike, just to pick up on that last question around churn. So, understand that the churn is more service churn rather than customer churn. But can you go one level deeper on what particular -- on whether you're seeing any particular services more common to be churn than others, for example, maybe it's firewall management, for example, that is an easier one for a customer to reallocate, for example, or perhaps that's going from a do-it-for-me to a do-it-with-me type of reallocation. Can you talk about any commonalities that you are seeing in which offerings are particularly prone to that sort of churn?
Sure, Saket. I'm happy to do that and that's a good question. I would tell you that the biggest area and it's a solution that goes back multiple years is where is detection only. So, we're basically be where we will be monitoring devices on a customer's network and doing detection and then raising the flag relating to that detection to them -- for them. It's the reason why we've moved from detection only to some of the bundles and incremental solutions around detect and prevent or the MDR solution we have or the Red Cloak Partner program. So, you know, we have pretty consistently quite frankly seen it be in the detect line.
Saket Kalia -- Barclays -- Analyst
Got it. That's very helpful. And then maybe for you, Wayne. First of all, I'll echo my congrats on your announcement. On the fiscal '20 guide maybe two-part questions. First, how are you thinking about MRR growth in fiscal '20. And then secondly, I think, the cash flow guide in '20 is down year-over-year. I know that the tax receivable from Dell can kind of, you know, can kind of move and ebb and flow. Can you talk about whether that's playing any part to the cash flow dynamic year-over year?
R. Wayne Jackson -- Chief Financial Officer
Sure. Good morning. Thank you, Saket. Let me take them in inverse order. The cash flow is two things. One, the Dell receivable is down, as I mentioned in my prepared remarks about $20 million for fiscal '19. I'll give you a range $6 million to $8 million is what we anticipate for next year and that's two things. It's a lower tax rate to begin with and secondly, as we approach as our losses decrease then the amount of tax benefit Dell will be able to use will reduce.
So, that number certainly has some impact to it. And then the other part is just we're going to spend $15 million to $18 million incremental spend in the R&D space. So, I think, if you kind of reconcile all that you'll get close. CapEx is about the same, as I didn't mention that in my prepared remarks, but it's about the same as it's been. It was $12 million of $14 million. I'll just go ahead and give you a range. It's $12 million to 14 million for this year.
And then back to MRR. One of the -- we guided revenue in the third quarter as some of these new revenue streams come on, they will not be traditional MRR. Some of them will be one-off type of revenue streams. That's why we just we pivoted to giving guidance revenue. We certainly will provide MRR at the end of each period going forward.
Saket Kalia -- Barclays -- Analyst
Got it. That's very helpful. Thanks guys.
R. Wayne Jackson -- Chief Financial Officer
Thank you.
Michael R. Cote -- President and Chief Executive Officer
Thank you.
Operator
Thank you. The next question is from the line of Walter Pritchard from Citi. Go ahead please.
Walter Pritchard -- Citi -- Analyst
Hi, thanks. Two questions. First, just on the Dell side. I'm wondering maybe if you could help us. I think in the past you had various --.
Michael R. Cote -- President and Chief Executive Officer
Walter, we lost. Walter, I'm sorry, we lost you there for a minute.
Walter Pritchard -- Citi -- Analyst
Can you hear me now?
Michael R. Cote -- President and Chief Executive Officer
We can. Yes. Thank you.
Walter Pritchard -- Citi -- Analyst
Okay. Sorry about that. So I'm wondering on the Dell side, if you could talk -- I understand what you're doing on your end. Could you talk about what changes or initiatives Dell may have going on their end to help drive the sales of the new offerings there and then I had a follow-up for Wayne on EBITDA?
Michael R. Cote -- President and Chief Executive Officer
So, this is Mike. Thank you for the question. On the Dell side, they have sold endpoint solution attached to their box, the PCs when they've sold it. So, historically, had it been a -- an unmanaged solution, it did not have our Red Cloak Analytics attached to it. And it did not have an incident response retainer where something to happen. So, it's an expanded offering, but our historical view of the -- our historical knowledge of the security -- of the amount sold over the last five years, if you will. And the impact that can happen is sort of what leads to our optimism or good feeling about this enhanced security solution that we have. From a security overlay team, there's an overlay team that Dell has from a security overlay go-to market perspective that's been in place for many, many years at least six to eight years that I'm aware of having been a part of Dell for eight years now and that overlay team, as I mentioned earlier we are -- they are focused on -- a portion of that overlay team is focused on selling (ph) desk solution, the Dell SafeGuard and Response solution, and we are incurring parts of those costs on a fixed amount in our P&L starting in fiscal '20. So, this will be a bundling with their hardware sales and it's something that they've historically done over time.
Walter Pritchard -- Citi -- Analyst
And I guess that leads to the second question just around EBITDA maybe a little lower than we're expecting in fiscal '20. Could you help us understand between that cost there. I know you had some R&D cost that picked up in the second half of fiscal '19. What the drivers are if the EBITDA be lower and then how you think about that going forward?
R. Wayne Jackson -- Chief Financial Officer
Yes, I think, the biggest piece is, again the investment that we are excited to be making in the R&D space around TDR, the framework and also the app portfolio as we develop and roll out the first half and then the subsequent apps, $15 million to $18 million incremental spend over FY '19 is the largest piece. And then the other piece is the incremental sales and marketing that we've committed to pay Dell for the sales force on SafeGuard. Those two pieces together are really the reconciliation. Does that makes sense?
Walter Pritchard -- Citi -- Analyst
Thank you. It does, yes.
Operator
The next question is from the line of Gabriela Borges from Goldman Sachs. Go ahead please.
Gabriela Borges -- Goldman Sachs -- Analyst
Hi. Good morning. Mike, I wanted to revisit some of the numbers that were discussed at the time of the IPO three years ago, (ph) despite industry growth in the 10% to 15% range, the potential for SecureWorks doing EBITDA margin north of 20% longer term. Maybe just give us your holistic view over the last three years. What do you think the biggest limitations have been to getting to that consistent call it mid-teens revenue growth number and margin expansion, and then going forward what do you think changes or what's your conviction level and being able to get margin expansion along with the revenue growth? Thanks.
Michael R. Cote -- President and Chief Executive Officer
Sure, Gabriela. Thanks for the question. I think if we went back and looked at these calls and the scripts over the last few years, the answer on a go-to market has been the difficulty we've had and inconsistency we've had from some go-to market perspectives, which is the reason why Geoff Haydon coming in from a management team perspective, the new North American leader coming in our fiscal '19 as we've gotten the go-to market engine in the best position, I believe, we've been in the last three years, with last year being -- last year fiscal '19 being the highest ACV we've had in history of the Company. Our quota carrier productivity increased 12%, which is probably, not probably, which is the largest increase we've had in the last three year period of time.
I think that results from a handful of things, including the new offerings that we've discussed, the six that I've outlined, the simplified pricing and packaging with resulting in a more modular approach, the sales plays that we've implemented.
And some real momentum that we have with regard to the Dell organization. So, it's the items that I've outlined earlier that have taken some time to put in place, but I'm really excited about the positive results we've seen toward the end of the fiscal year.
From a gross margin perspective and an EBITDA perspective, I think, the last two quarters we've shown have increased to 56%, moving clearly in the best way -- in a strong direction, I think, gross margin, if you go back to the IPO days, it's 51.8%. Today, we exited 2019 at 55.3%, so we had a 350 basis point increase over that three-year period.
Actually, the fourth quarter was 56%. So, that would be, I think, a little north of a 400% increase over that period of time. And it's been through the automation items that both Wayne and I mentioned in our prepared remarks, things like self-service provisioning, the SOAR application that we are applying internally and now rolling out as a capability for our clients in a solution and the bundles and the sales productivity.
So, quite frankly, as I look at 2016 to 2019 and that's going from a revenue of $342 million to revenue of $519 million from a gross margin of, as I mentioned, 51.8% to exiting the year with 56% and EBITDA of negative $48 million to positive $12 million or $60 million increase in EBITDA. It feels pretty good about everything that we've done in the last three years and the optimism and excitement I have relates to the productivity in the last few years and the team we have in place.
Gabriela Borges -- Goldman Sachs -- Analyst
That's very helpful color. Thank you. And the follow up is on the competitive landscape in the endpoint market. One of the things we've noticed over the past couple of years is, endpoint vendors adding more detection capabilities, adding more managed EDR capabilities. Can you just level set us on the competitive environment. How are you seeing that change and how much of your services business today is tied to managing endpoints? Thanks.
Michael R. Cote -- President and Chief Executive Officer
So, this is Mike again. Thanks, Gabriela. I would say as far as the endpoint market, yes, there's increased capabilities around the solution. It's the reason we came out with the endpoint partner program where we can be a broader part of the security program for our customers and we're doing this in a manner where, as I mentioned, we have CrowdStrike today and Carbon Black. We have been approached by other selected endpoint vendors that we are talking with, and plan to explore the opportunity to work with in a manner that we could apply our Red Cloak Analytics and the intelligence because we believe much like the SOAR marketplace, it's not in my opinion the specific software. It's the ability to have our detection capabilities coupled with the endpoint providers and the visibility across all of the data sources where we can cross correlate between the endpoints and the networks, the cloud and the rest of the customers environment we have a visibility on.
Gabriela Borges -- Goldman Sachs -- Analyst
That's helpful. Thank you.
Michael R. Cote -- President and Chief Executive Officer
Thank you.
Operator
We do not have further questions at this time.
Teri L. Miller -- Vice President and Chief Accounting Officer
Thank you again for joining us on today's call and for all of your questions. We appreciate your support and look forward to our first quarter call in early June. If we did not get to your question during Q&A section, please do not hesitate to reach out for a follow-up.
R. Wayne Jackson -- Chief Financial Officer
Thanks, everyone.
Michael R. Cote -- President and Chief Executive Officer
Thank you, everyone. Have a good day.
R. Wayne Jackson -- Chief Financial Officer
Thank you everyone. Cheers.
Operator
You may now disconnect at this time.
Duration: 60 minutes
Call participants:
Teri L. Miller -- Vice President and Chief Accounting Officer
Michael R. Cote -- President and Chief Executive Officer
R. Wayne Jackson -- Chief Financial Officer
Sterling Auty -- JPMorgan -- Analyst
Katherine McCracken -- UBS -- Analyst
Jonathan Ho -- William Blair -- Analyst
Matthew Swanson -- RBC Capital Markets -- Analyst
Melissa Franchi -- Morgan Stanley -- Analyst
Saket Kalia -- Barclays -- Analyst
Walter Pritchard -- Citi -- Analyst
Gabriela Borges -- Goldman Sachs -- Analyst
Transcript powered by AlphaStreet
This article is a transcript of this conference call produced for The Motley Fool. While we strive for our Foolish Best, there may be errors, omissions, or inaccuracies in this transcript. As with all our articles, The Motley Fool does not assume any responsibility for your use of this content, and we strongly encourage you to do your own research, including listening to the call yourself and reading the company's SEC filings. Please see our Terms and Conditions for additional details, including our Obligatory Capitalized Disclaimers of Liability.
More From The Motley Fool
Motley Fool Transcribers has no position in any of the stocks mentioned. The Motley Fool has no position in any of the stocks mentioned. The Motley Fool has a disclosure policy.
