Intrusion Inc. (INTZ) Q3 2014 Earnings Report, Transcript and Summary

Good afternoon. My name is Kaitlin and I will be your conference operator today. At this time, I would like to welcome everyone to the Intrusion, Inc. Q3, 2014 Financial Conference Call. All lines have been placed on mute to prevent any background noise. After the speakers' remarks, there will be a question-and-answer session. [Operator Instructions]. Thank you. Paxton, Chief Financial Officer, you may begin your conference.

Okay. Thanks. Welcome to this afternoon's call to review Intrusion's third quarter 2014 financial results and discuss our business. On the call with me today will be Ward Paxton, Chairman, Co-Founder, President and CEO; Joe Head, Vice President and Co-Founder of the Company. Ward will give a business update. I will discuss financial results and Joe will give an ongoing projects update. We'll be glad to answer any questions following the prepared remarks. We distributed the earnings release at around 3:05 today. A replay of today's call will be available at approximately 6:30 p.m. central tonight for one-week period. The replay conference call number is 855-859-2056. At the replay prompt, enter the conference ID 31791974. In addition, a live and archived audio webcast of the call is available on our website, intrusion.com. Please be reminded that during this call, including the question-and-answer session, we may make forward-looking statements with respect to financial results, business strategies, industry trends, and certain other matters. Forward-looking statements are based on management’s current expectations and are subject to risk and uncertainties. We may be discussing our current outlook for the current quarter and fiscal year 2014. These discussions are based on our own internal projections could change prior to the end of the period discussed. Actual results may differ substantially from projections. Information in this conference call related to financial results, projections, and other forward-looking statements is based on current expectations, and we are not responsible to update forward-looking statements. Many factors could cause our projections not to be achieved, including current economic and market conditions and other factors which can be found in our most recent filings with the SEC, including our most recent Annual Report on Form 10-K filed March 2014. Our most recent 10-Q was file today. Now I turn the call over to CEO and President, Ward Paxton.

Thank you, Mike. Welcome to Intrusion's third quarter 2014 conference call. It's good to be with you today to discuss our progress and results. Our net income in the third quarter improved slightly to about $150,000 compared to a near breakeven in the second quarter. Third quarter revenue increased to just over $2 million, up by $225,000 from the second quarter. Savant revenue in the third quarter was about $500,000 compared to $40,000 in the second quarter. Total orders in the third quarter were $3.3 million compared to $1.7 million in the second quarter. Included in the $3.3 million of orders was $700,000 of Savant orders. Savant is our newest product family and is focused in the new security market segment, which is called Advanced Persistent Threat. A lot of players in the network security business have some sort of an APT product. Of course we think that ours is the best and I’m sure you’ll share our view. Now, Mike Paxton, our Chief Financial Officer, will review our third quarter financial results that we released a little over an hour ago. Mike?

Okay. I apologize for sometimes being repetitive. Revenue for the third quarter was $2million compared to $2million in third quarter of 2013 and sequentially $1.8 million for the second quarter of 2014. Savant sales were at $500,000 this quarter, continuing to be far too low. We will continue to see slow movement in Savant sales this quarter. It has been a frustratingly slow process, but I continue to believe in the product and its need by customers to support their security applications. Gross profit margin was at 65 % for the quarter compared to 60% in the third quarter last year. Gross profit margin can be greatly affected by sales product mix of orders delivered in the quarter. In general our goal is 65%, but it will be directly attributable to the mix of products shipped. Intrusion’s third quarter 2014 operating expenses were $1.2 million, compared to $1 million for the comparable quarter in 2013 and $1.2 million in the second quarter of 2014. Operating expenses should remain consistent and future growth will be determined by decisions to invest more in sales and marketing and our research and development. Net income for the third quarter was $147,000 compared to a net income of $173,000 for the third quarter of 2013 and $22,000 loss in the sequential period of the second quarter of 2014. Breakeven will generally be at $1.8 million to $1.9 million in quarterly sales. To summarize, we increased sales sequentially. We now must continue to work with our sales team to increase sales of our commercial Savant APT product line. We hope to add new customers during the fourth quarter of 2014. Back to Ward.

Thanks Mike, after the $270,000 loss in the first quarter and the near breakeven in the second quarter, the $150,000 profit in the third quarter continues a nice trend. Improvement is too slow, but we’re moving in the right direction. Now Joe Head, my partner, Co-Founder and Senior Vice President, will discuss our products and markets. Joe?

This quarter we were happy to report new orders for both TraceCop and Savant. In our last call the beginning of Q3, we booked initial orders for three new customers for TraceCop just over $1 million. Those three contracts alone will increase our billings by $1.65 million per year. And the rest of the third quarter orders added up to $3.3 million. Best of all was two initial orders from new Savant thread analysis customers for $310,000 and $356,000 respectively. In these we installed Savant at two initial campuses and have submitted monthly reports to the customers on numerous compromises we discovered. Our sales presentation continues to be refined and is getting simpler. In a security conference two weeks ago, I said if what you heard today is true, I'm wrong. If I'm right, every speaker, every other speaker has it wrong. Actually I heard an FBI guy talk about a study they were --where they were trying to train employee not to click on emails that might be suspicious to prevent infection with malware. This is insane. Didn’t the FBI know about source links? You don’t have to click on something to have it automatically fixed and executed. It's as naive as a three year old proposing that NASA land on the sun at night when it's cooler. Spear fishing is an art. If you receive a malware in the email, you can’t overcome the threat with user training. Security is no longer credible if you base your defense on keeping malware out. Every adversary that is worth there salt uses zero-day compromises. And just for the new folks on the call, a zero day is defined as a custom designed, never seen before attack and they use those to prevent these new attacks from ever being detected. That means if you know everything, it's possible to know about targets compromised. This knowledge would not lead you to better protect PF Chang’s, Harbor Freight, Home Depot or JPMorgan against compromises by the same adversary because not one host name, not one IP address, not one infectious file checksum found at any one of these compromises was used at any other. Today’s adversaries are well funded and nimble. They build fresh tools for every victim and they steal or lease fresh drop boxes for every new victim’s secrets to be filtrated to. To another customer I explained it this way. It’s a matter of looking in the wrong direction. I said for example what if Dallas-Fort Worth airport had a rash of theft from the terminals, stuff stolen from the gates, from the airplanes and from the airport shops. If you asked the TSA to clamp down harder with their security, that would be ludicrous because they are looking in the wrong direction. The problem isn’t with the passenger and employees are bringing in that’s the problem. Theft is the exit through unmonitored doors is the problem, same with the networks we watch. Incoming inspection to look at the signatures of malware is looking the wrong way. Everything the Chinese want installed on your phone or our computer was installed by them at the factory before you bought it. The key is looking outbound. Thus my comment about the industry. Everybody still talking outside in. We are the inside out guys. We watch and make recommendations based on data leaving your network and this is the common denominator in security breaches regardless of how the compromise was made, either at the factory by a user making a mistake or by installing a software package with malware or by an employee who’s intentionally leaking secrets. Savant threat analysis will see the outflow of data. A key part of our analysis is finding flows that don’t make business sense and don’t match the patters of employees goofing off either. Over this in the last quarter, our TraceCop business has picked up a few new customers. Our Savant business was below expectation last quarter, but starting to turn around now. We’ve had two nice wins, landing two Savant customers in the third quarter. We accept one of these to add another campus this month. Rumor has it that we’ve also won our first international customer, but we are waiting this order from a resale partner. In addition, we expect another $310,000 order for Savant this month to replace inventory for a previous customer installation so that the partner has additional Savants for customer evaluations and quick response installations. A large reseller partner reports a number of additional prospects they are working, but it's too early to tell if this represents an uptick in their energy level. But the good news is that they are getting orders and doing so with internal talent that we have trained months ago. They handed additional new customers for Savant. And as our partner gains more confidence in their ability to win, it engages a larger portion of their sales force to reach a larger position of their customer base with Savant. It will be good for us. It’s been over a year to reap the first few customers, but we are glad to see their momentum increase. As we reported, we felt that our Savant product has a bigger market than we can reach with our internal sales force. We’ve been working through that large partner for the last year. The order we hoped to get last quarter was booked and installed and they surprised us with another customer win last quarter that we didn’t see coming. As Mike said, that channel has developed slower than expected, but our partners, customers remain interested and they continue to present new quotes and updated offers all the time. Our partner continues to put a healthy amount of effort into Savants sales efforts with large accounts. So we are happy to report that they are turning prospects into orders now. The first of these two major Savant customers just got their second monthly report. On the first customer, our report was briefed at the customer’s board or directors meeting with our reseller CEO and the tenants. The customer was ecstatic with the results so much so that our reseller has elevated the Savant product offering to number one on their security presentation slide deck. Just yesterday they elevated their expectations for growth and told us to get ready. We are ready and we’ve been waiting on their uptick for a year now. If they really turn on, that will be measurable for us, but we will see how this uptick and excitement translates into orders as we go forward. With thousands of salesmen, it takes a large ripple of excitement to stir all of them up. We’ve also engaged with a number of additional representatives for which we have two goals. One is direct sales to end users. And two, to identify additional players in the security industry ho need what we have. In the third quarter we got our first small order from this new channel. The new team consists of three representatives which work as reps for us. In their initial month of connections, they now have a number of security and solutions providers that are quoting Savant threat analysis to end users and making a few sales calls a week with this expanded sales team and their pace is accelerating. VJ has also moved into this area and is spending full time focused on selling Savant threat analysis to end users through new resale channels and getting new types of referral and payment scheme for Savant’s security to high threat customers globally. TraceCop continues to be a strong product. We’ve been briefing some old customers about TraceCop enhancements that they do not subscribe to, with a view to expanding this business from some of our oldest customers. With our newest employee sales guide, we’re also looking to put an analyst working on more cyber problem sets. He got his first order last quarter and he’s working four more prospects for new business. Our model so far has been to provide analysts to use all of our TraceCop product suites and reference data sets here in Dallas and they produce reports we deliver to the customer. We plan on new business from a few new customers that will increase that work. Our Savant plus TraceCop offerings detect the advanced persistent threat and how we have – and I’ve told you in the past about how we have two levels of offering in this space. Reflecting on this, we believe that the advanced persistent threat isn’t the right term, but rather defending against sophisticated adversaries is a more correct statement. ABT only addresses a minor sub part of the challenge. Our first step is threat reports, which give the customer report call on a number of scary connections that indicate the presence of compromises in a network. This report has not failed once to find compromises in every customer. This opens doors by way of a low cost engagement typically of $15,000 to $50,000 and points the way to deploying Savant within Richmond at one or more of the customer’s campuses or data centers. People have suspected the presences of deeper compromises which evade detection by firewalls, IDS systems and the like but have been unable to see them. One industry report showed that the average time to find a new compromise averages 243 days from the breach to discovery. In our work we’ve yet to find a customer with more than 90 days of network traffic logs. Most have less than 30 days. This means that once you have a breach or the FBI calls notifying you of one, we haven’t found a customer that has logs that allow them to trace back and see which hosts were infected first, in what systems the hackers breached with that first beachhead. As Target, Neiman Marcus and others continue to make the news, inability to detect long term compromises on well managed and well run networks has now firmly established. These networks were severely compromised, but the theft of millions of people private data was not detected at all for months if not years. Savant makes it easy to keep 10 years of log a huge improvement over the industry’s typical 30 days. That’s because of our patents where we can store a record of every single connection in a novel way, letting us keep more details than others for a much longer time. Customers are beginning to understand our polarity shift. Many old line security solutions focus on outside in, meaning they are trying to recognize compromises as they enter the network for the initial compromise. Intrusion is focused in the opposite direction in our analysis. We assume the enterprise is already comprised and we look for signs that your data is leaving the network, which we call inside out. We’re focused on initial sales to very large corporations through our direct sales force, representative and resale partners. Our traditional business of which TraceCop remains steady, and the new accounts for TraceCop business continue to progress as we’ve forecasted. I view the new Savant threat analysis commercial sales as a huge upside in the commercial space while our traditional business remains steady and growing slowly. All the renewals we were expecting in TraceCop have either renewed or remained in the budget for renewal when the current funds expire. And now we’ve seen a few new projects place first time TraceCop orders while we await several new projects starts to be awarded. This gives us comfort in our stable base as we have seen over the past several years with some upside in our historical customer base as we continue to invest in the security value added reseller channel where we think there’s more upside opportunity. The commercial security space is ripe for solutions that don’t leave companies like Target naively happy with the industry’s previously accepted technical approaches. You can’t overcome new threats trying to use tools that don’t work, even if you try really hard. Savant is all about visibility of all flows. While everybody else is talking signatures and keeping threats out, we are inside out guys. All the recent massive compromises were done against networks with huge security budgets and all of those massive compromises remained undetected for prolonged periods of time. It’s an obvious conclusion that outside in oriented defenses didn’t work for JP Morgan, Target, Home Depot, Harbor Freight, Neiman Marcus and others. Savant finds compromises ex-filtrating secrets where other solutions don’t. My focus is on expanding sales, just tell more people our story, get orders and grow the business. We have high level meeting with our large reseller scheduled for the next few weeks, plus scores of end user customer meetings through our other new reps scheduled. We’ll sell hard to a wider audience and be ready to scale our efforts here as soon we see more acceleration in our success selling Savant to the larger commercial market. Ward?

Thanks Joe. We have a lot of new potential customers for both the Savant advanced persistent threat business and the TraceCop business. Our expectations for growth in both business segments are significant. The whole Intrusion team is excited about the potential of our business, and are working hard to achieve our expected results. We thank you for joining our call today and for your interest. Mike?

Okay, operator can you remind the participants on how to ask questions?

[Operator Instructions] Your first question comes from the line of Walter Schenker. Your line is open.

Well, progress is better than no progress I guess, even if it’s a little disappointing. I went back and looked at the transcript from three months ago. This is to Joe more and Michael both because we had a discussion last quarter about TraceCop and the fact that you expected -- I just listened, TraceCop to accelerate in the September quarter. Joe, I thought you said you had some new customers and that TraceCop should be running at a level basically to cover the $1.8 million, $1.9 million not using it. And I went back and looked and I tried to get your well above $2 million and Michael said now about $2 million and Joes said yes, somewhat in that order and hopefully we’ll get some more. Yet TraceCop continues to run at $1.5 million. Did some stuff get pushed out? Were we too optimist? When do we see TraceCop actually start some growth?

Some of those, Walter that we’ll renew this quarter I think fulfills that things. So our hedging of a little above, a little below had to do with how quickly that they come in, things that have expired and get renewed, but it’s all -- I had no dropouts

But we have no growth either. It’s $1.5 million for the quarter just ended, it is -- if I had to go back over two years, here are better quarters, there are worse quarters, but $1.5 million is, we had some 1.8, we had 1.2 million, but that’s basically running with some quarter to quarter variability sideways. Therefore, I’m supposed to take away that looking forward you expect that to move up to a higher level.

Right. I think with the 3.3 million orders that we didn’t book $2 million and sell $2 million. We booked 3.3 and shipped two. So it’s up a bit.

Okay, could you just -- two other things. First, the people you made a positive comment about, your Savant installations, it is doing as you look at it, which is at the highest level, you are very, you’re happy, very happy it’s really doing what you thought it was capable of doing in a real commercial installation?

Yes. That was what I was really looking for. We can do our best, think it’s great and the customer can go, ho, ho hum, showing somebody cold fusion for the first time. They can say wow, that’s the biggest breakthrough everything. So what, it glows? The nice thing is that the board -- the customer’s board meeting they came back and said they’re just completely happy. They used a colloquialism about a pig and something or other, but they were happier than that. So it enthused our resale customer to increase their effort to sell more, which is good. It’s not just us thinking it, but our reseller and the end customer really love it. That’s been one of our two big installations. The second one we haven’t gotten ecstatic reports, hadn’t really gotten any meaningful feedback yet other than yeah, we got and we fixed the stuff you told us.

Okay and when you have moved beyond your secret big reseller and you’ve indicated you’ve added some smaller people. They are operating at a different level of customer or they’re just looking at the areas that the big guy hasn’t gotten to? So they’re now looking at Fortune 100 or 200 companies or they’re looking at?

The resellers so far have been looking at government, state and Federal government and international customers that are shippers, banks, insurance companies and things like oil fields and harbors. It’s a different market than our reseller has been looking at so far.

They have history in the security area?

Correct. These guys, one of them is a supplier of data centers. They’re an integrator big data centers and they’re adding security on top of it, which they’ve done in the past but it hadn’t been very effective. It’s just tip over firewalls and IDSs. So they’re adding the Savant to differentiate themselves from other suppliers.

Okay and you directly are also marketing the product?

Through them mostly, but yeah. I’m going as my name Intrusion directly to the customer with them.

Correct. That’s correct. Think it’s a little bit faster sale cycle.

We would expect, I know you said 700,000 of Savant was sold in the last quarter. Hopefully this quarter we would sell more than that?

I would hope so. Currently I’ve got a little less than that in the queue for immediate orders .I think I have about 530 or something in the queue right now.

Walter, you have to keep in mind the fourth quarter is a sleepy quarter for our road. Sometimes you get things that get delayed into the first quarter. It’s not unusual.

Again, I’m not asking revenues. Sometimes you can say to people who particularly done sales.

Same thing, orders and revenues, the fourth quarter frequently is the smallest quarter of the year.

Yep. People get into the Christmas spirit early.

Okay. I will follow up with you on the next couple of days about trying to move Joe to the big city one day.

But I’m doing end customer calls a couple of days a week.

I know.

It’s a good uptake for me.

Good. Okay, thank you.

[Operator instructions] Your next question comes from the line of [indiscernible]. Your line is open.

With APT, your sales ramp, if I’m understanding it right, is now starting to accelerate because the reseller is rolling Savant out to their salesforce compared to before where it was just the beta test clients who saw it worked great and they wanted to buy. Is that a good summary?

Yeah, you said …

Compared to three months ago, the re-sellers moving into the initial innings of the salesforce promoting Savant compared to before where the salesforce wasn’t even really involved because it was ..

Yeah that’s correct. Our reseller they had a small specialty security branch that was selling our stuff. There was a dozen or so specialists. In this last quarter they’ve incentivized the whole salesforce to sell it, but that’s it’s still in the state where they don’t all know about it. But now they have a trained person in every region, a couple of 100 folks that have been trained on and have the slide decks and supposedly know how to sell it. Everything else it will grow from a smaller group to the larger group.

Last conference call discussed forms of bad guy communications a DNS I believe malware that’s invisible to the virtualization machines, but it is visible to Savant and lights up with Savant. The companies like FireEye and Symantec, Cisco, Palo Alto, which of those are able to detect that new DNS APT attack that you described in the last conference call?

I would say all of them theoretically could if they would, but the way they would it would be a little bit cumbersome. So for all of those guys that you named, if I was working at them, I would take the DNS, the internal DNS resolvers, create a DNS log and then scrub that and start analyzing it. I’m not aware that any of those guys have such a product. It would be a sucky thing to have to do because you get so many billion DNS queries a day. I don’t think it would scale well without our patents. I’m not trying to dodge the question, but anybody could look for such of a thing, but I don’t know that they’d find it.

We’re saying theoretically they have the capability but they really can’t do it.

Correct.

All those security companies are allowing that APT DNS threat to get through and the stolen data goes back to the hacker. That’s what’s happening right now?

That is correct. There’s a few guys along the way that do some DNS sync holing which they basically go to the DNS server and they say here is a list of things to block and of the names that you listed, I believe Hewlett Packard and Cisco are the two that do some DNS sync holing. The problem is -- my comment like I said about Target, Neiman Marcus and the rest of them, if the columns made from this campus are different than have been made anywhere else in the world, they don’t know what to put on their list. We’re basically doing behavioral profiling and discovering those. To put it in prospective, if I look at the last month’s reports from our existing Savant customers, I believe about one in five or probably one in seven things we reported had DNS ex-fill. The rest were other more traditional coms using FTP or Mailer something else to get the data out. You’re right, the newest ones are DNS and in fact a new killer one got announced today.

For your team the Home Depot, the JPMorgan breaches news, that was not a surprise?

No.

Because you’ve been seeing that these bad guy communications are being let through the virtualization machines every day because you‘ve seen some of the potential clients sharing their log with you and you see how they get through all these bad communications?

Correct. They don’t even have to instantly share. We’ve had Savant installed at internet backbone level for years now. We’ve got a pretty good representative sample of the world’s coms.

Unless there are other choices, every Fortune 500 company would require Savant in order in order to be safe against this new style of APT attack. Is that correct?

Yes. I’d say yes. That’s a qualified yes. Are there alternates if we were to fall on our face? Yeah, you could start looking at traffic analysis on top of net flow or something on top of some kind of communication log to do it another way. But yeah, we have a ripe big market and that’s why I focused in the last paragraph of my comments about, it’s my job to get our sales pitch out to all of the guys that are in the value added security -- the big security integration groups. My intention is to go pitch to each of those guys that says -- name all of the security value added resellers in the world. I intend to see them all this quarter and say here’s what we can do for you and here’s -- I think it closes a blind side that you all have. Would you like some?

The last conference call you mentioned that head to head competition Savant beat out Mandiant. Also in the last conference call, it was mentioned you had six to eight likely clients to be signed out of the 15 to 20 that were in discussions. How many are likely to be signed up possibly now and in discussion with, et cetera?

I think we are still working on the group that we talked about at the last conference call. As Joe indicated, we’ve gotten two clients now with installations and expecting those to grow. So the overall set of customers is growing.

I think your summary, I was sort of sign when you were asking that question because as the salesforce is growing, we’ve lost some visibility about all the quotes that they are doing. I’ve got the same probably 15 or so on my list. Their short list of things that they expect orders from I believe was five or seven as of two days ago at the big reseller. But then on the other hand I’ve got another dozen with the new channel as well. It’s net doubled. How many would I expect to order this quarter? I don’t know the answer to that, great is the right answer. But I would hope for -- I think I’ve got three in the bag and looking for another four.

That’s this quarter out of those …

Correct.

Okay. The number of sales people that the security experts at the reseller is using for the sales ramp at Savant has increased the last three months?

Correct. They’ve gone a dozen -- originally three security experts to then 19 and now they’ve added another 200 those original guys and then those support a salesforce of lots of thousands. The number they’ve actually engaged is still small, but if the boss says, hey ding it. The one that we beat Mandiant is the one that came back from the board meeting and said they were happier than a pig and something or rather with our results. And so that’s my comment about ripples in a big pond. If they really turn on, it will be incredible for us, but we’ve been watching them mess around for a year with not a groundswell of change. So big places accelerate slowly. But I think the trend is at least positive rather than ho-hum we don’t care.

I didn’t quite get all that. So the last quarter there were about three experts and now there are 19 or 200?

Yeah. From second quarter we had three and then the third quarter they’d trained 19 and then at the beginning of this quarter they had expanded and have 200 regional security specialists that they’ve trained. And so now all of their global salesforce have a regional security guy that’s been trained on Savant.

Okay. So that’s why you feel like you could get three customers this quarter?

No. That’s -- I think when those guys turn on we are going to be seeing a lot a week. The question is when will they actually start getting orders? Will they actually make that turn on? And I’m not trying to be negative other than just to be realistic, is big places like that. If it was a small place you’d expect reaction in a month and big places ramp slowly. And those turn on the numbers I quote will be wrong grossly on the small side.

All right, final question, Keith.

What preceded the comment by the -- was it the reseller that said get ready or what preceded that optimism or comment? Was that from -- I didn’t quite catch that.

That was their comment back from their first customer, which was one of the two we installed last quarter. They got such a positive response because the CEO of their company was at the end customers’ board of directors meeting. And he got such a positive response for what we’ve been able to find and no else had that had closed real security breaches they had, that they were saying get ready for lots of orders because we are pushing you.

Okay. That was the resellers telling you get ready for a lot of orders?

Correct.

Thank you, Keith. Operator, do we have any other questions?

There are no further questions at this time.

Okay. At this time we’ll wrap up the call, thank you for participating in today’s call. If you did not receive a copy of the press release or if you have further questions, you can contact me at 972-301-3658 or email mpaxton@intrusion.com. Thanks a lot.

This concludes today’s conference call. You may now disconnect.