Annual Statements Open main menu

Mandiant, Inc. - Annual Report: 2014 (Form 10-K)


 
 
 
UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549
 
 

FORM 10-K
 
(Mark One)
x
ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
For the fiscal year ended December 31, 2014

or
¨
TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
For the transition period from             to             

Commission File Number 001-36067
 

FireEye, Inc.
(Exact name of registrant as specified in its charter)
 
 
Delaware
 
20-1548921
(State or other jurisdiction of
incorporation or organization)
 
(I.R.S. Employer
Identification Number)
 
1440 McCarthy Blvd.
Milpitas, CA 95035
(408) 321-6300
(Address, including zip code, and telephone number, including area code, of registrant’s principal executive offices)
 

 Securities registered pursuant to Section 12(b) of the Act:
 
 
 
Title of each class
 
Name of each exchange on which registered
Common Stock, par value $0.0001 per share
 
The NASDAQ Global Select Market
Securities registered pursuant to Section 12(g) of the Act:
None
Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act. Yes x No ¨
Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or Section 15(d) of the Securities Exchange Act of 1934 (the “Exchange Act”). Yes ¨ No x
Indicate by check mark whether the registrant: (1) has filed all reports required to be filed by Section 13 or 15(d) of the Exchange Act during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days. Yes x No ¨
Indicate by check mark whether the registrant has submitted electronically and posted on its corporate Web site, if any, every Interactive Data File required to be submitted and posted pursuant to Rule 405 of Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit and post such files). Yes x No ¨
Indicate by a check mark if disclosure of delinquent filers pursuant to Item 405 of Regulation S-K (§229.405 of this chapter) is not contained herein, and will not be contained, to the best of registrant’s knowledge, in definitive proxy or information statements incorporated by reference in Part III of this Form 10-K or any amendment to this Form 10-K. x
Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, or a smaller reporting company. See the definitions of “large accelerated filer,” “accelerated filer” and “smaller reporting company” in Rule 12b-2 of the Exchange Act. (Check one):



 
 
 
 
 
 
 
 
 
Large accelerated filer
 
x
 
 
 
Accelerated filer
 
¨
 
 
 
 
 
 
 
 
 
Non-accelerated filer
 
¨
 
(Do not check if a smaller reporting company)
 
Smaller reporting company
 
¨
Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act). Yes ¨ No x
As of June 30, 2014, the last business day of the registrant’s most recently completed second fiscal quarter, the aggregate market value of the registrant’s common stock held by non-affiliates was approximately $4.3 billion, based on the closing price of such stock reported for such date on The NASDAQ Global Select Market. Shares of common stock held by each executive officer, director and by each person who owns 5% or more of the outstanding common stock have been excluded in that such persons may be deemed to be affiliates. This determination of affiliate status is not necessarily a conclusive determination for other purposes.
The number of outstanding shares of the registrant’s common stock was 155,666,912 as of February 26, 2015.

DOCUMENTS INCORPORATED BY REFERENCE
Portions of the registrant’s Proxy Statement for the 2015 Annual Meeting of Stockholders to be filed with the Securities and Exchange Commission within 120 days after the end of the registrant’s fiscal year ended December 31, 2014 are incorporated by reference into Part III of this Annual Report on Form 10-K.




 
 
 
 
Page 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 



SPECIAL NOTE REGARDING FORWARD-LOOKING STATEMENTS

This Annual Report on Form 10-K, including the sections entitled “Business,” “Risk Factors,” and “Management’s Discussion and Analysis of Financial Condition and Results of Operations,” contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended. The words “believe,” “may,” “will,” “potentially,” “estimate,” “continue,” “anticipate,” “intend,” “could,” “would,” “project,” “plan” “expect,” the negative and plural forms of these words and similar expressions that convey uncertainty of future events or outcomes are intended to identify forward-looking statements. These forward-looking statements include, but are not limited to, statements concerning the following:
the evolution of the threat landscape facing our customers and prospects;
our ability to educate the market regarding the advantages of our virtual machine-based security solution;
our ability to maintain an adequate rate of revenue growth;
our future financial and operating results;
our business plan and our ability to effectively manage our growth and associated investments;
beliefs and objectives for future operations;
our ability to expand our leadership position in advanced network security;
our ability to attract and retain customers;
our ability to further penetrate our existing customer base;
our expectations concerning renewal rates for subscriptions and services by existing customers;
our ability to maintain our competitive technological advantages against new entrants in our industry;
our ability to timely and effectively scale and adapt our existing technology;
our ability to innovate new products and bring them to market in a timely manner;
our ability to maintain, protect, and enhance our brand and intellectual property;
our ability to expand internationally;
the reorganization of our corporate structure and intercompany relationships and our ability to improve our overall effective tax rate;
the effects of increased competition in our market and our ability to compete effectively;
cost of revenue, including changes in costs associated with production, manufacturing and customer support;
operating expenses, including changes in research and development, sales and marketing, and general and administrative expenses;
anticipated income tax rates;
sufficiency of cash to meet cash needs for at least the next 12 months;
our ability to maintain our good standing with the United States and international governments and capture new contracts;
costs associated with defending intellectual property infringement and other claims, such as those claims discussed in “Business—Legal Proceedings”
our expectations concerning relationships with third parties, including channel partners and logistics providers;
the release of new products;
economic and industry trends or trend analysis;
the attraction and retention of qualified employees and key personnel;
future acquisitions of or investments in complementary companies, products, subscriptions or technologies; and
the effects of seasonal trends on our results of operations.



These forward-looking statements are subject to a number of risks, uncertainties, and assumptions, including those described in “Risk Factors” included in Part I, Item 1A and elsewhere in this Annual Report on Form 10-K. Moreover, we operate in a very competitive and rapidly changing environment, and new risks emerge from time to time. It is not possible for our management to predict all risks, nor can we assess the impact of all factors on our business or the extent to which any factor, or combination of factors, may cause actual results to differ materially from those contained in any forward-looking statements we may make. In light of these risks, uncertainties, and assumptions, the forward-looking events and circumstances discussed in this Annual Report on Form 10-K may not occur, or unanticipated events or circumstances that we did not foresee may materialize, either of which could cause actual results to differ materially and adversely from those anticipated or implied in our forward-looking statements.
You should not rely upon forward-looking statements as predictions of future events. Although we believe that the expectations reflected in our forward-looking statements are reasonable, we cannot guarantee that the future results, levels of activity, performance or events and circumstances described in the forward-looking statements will be achieved or occur. Moreover, neither we nor any other person assumes responsibility for the accuracy and completeness of the forward-looking statements. We undertake no obligation to update publicly any forward-looking statements for any reason after the date of this Annual Report on Form 10-K to conform these statements to actual results or to changes in our expectations, except as required by law.
You should read this Annual Report on Form 10-K and the documents that we reference in this Annual Report on Form 10-K and have filed with the SEC as exhibits to this Annual Report on Form 10-K with the understanding that our actual future results, levels of activity, performance and events and circumstances may be materially different from what we expect.



PART I
Item 1. Business
General
We provide a comprehensive cybersecurity solution for detecting, preventing and resolving advanced cyber-attacks that evade legacy signature-based security products. Our cybersecurity solutions combine our purpose-built virtual-machine technology, threat intelligence, and advanced security expertise in a suite of products and services that reduces our customers’ exposure to attacks by enabling accurate detection and rapid response. Our proprietary virtual machine-based technology delivers high efficacy detection and prevention, while also scaling in response to ever-increasing network performance requirements, to provide real-time protection to enterprises and governments worldwide. Our threat intelligence subscriptions, managed services, incident response, and consulting services complement our threat prevention products to help organizations adapt their security profile as threats evolve. This adaptive approach to cybersecurity represents a paradigm shift in how IT security has been conducted since the earliest days of the information technology industry and we believe it is imperative for organizations to invest in this new approach to protect their critical assets from the global pandemic of cybercrime, cyber espionage and cyber warfare.
The new generation of cyber-attacks on organizations, including large and small enterprises and governments worldwide, is characterized by an unprecedented escalation in the complexity and scale of advanced malware created by criminal organizations and nation-states. These modern attacks are built on dynamic, stealthy and targeted malware that penetrates defenses in multiple stages and through multiple entry points of an IT network. These highly targeted, “single-use” cyber-attacks easily circumvent legacy security solutions that rely on pattern-matching detection technologies. Additionally, because legacy solutions reference outdated signatures of past threats, they also generate a high number of false-positive alerts.
To address the shortcomings of legacy security solutions, we developed a new threat prevention platform based on our purpose-built, virtual machine-based detection engine, MVX. Our comprehensive platform combines our MVX virtualized execution engine and our cloud-based threat intelligence network to identify previously unknown threats and protect organizations at all stages of the attack lifecycle and across all primary threat vectors, including Web, email, file, endpoint and mobile.
Our over ten years of research and development in proprietary virtual machine technology, anomaly detection and associated heuristic, or experience-based, algorithms enables MVX to provide real-time, dynamic threat protection without the use of signatures while delivering high efficacy and network performance. Our MVX engine detonates, or “runs,” Web objects, suspicious attachments and files within virtual environments to detect and block the full array of next-generation threats, including attacks that leverage unknown vulnerabilities in widely used software programs, also known as “zero-day” attacks. Newly identified threats are quarantined to prevent exposure to the organization’s actual network environment, and information regarding such threats is correlated with other FireEye platforms within the organization through our management platform and sent to our Dynamic Threat Intelligence, or DTI, cloud. Our DTI cloud enables real-time global sharing of threat intelligence uploaded by our customers’ cloud-connected FireEye appliances.
In December 2013, we acquired privately held Mandiant, a leading provider of advanced endpoint security products and security incident response management solutions. FireEye and Mandiant have been strategic partners with integrated product offerings since April 2012. We believe the combination of the two companies deepens this partnership and creates the industry’s leading advanced threat protection vendor with the ability to find and stop attacks at every stage of the attack life cycle. The combination of our industry-leading security products and threat intelligence with products and services from Mandiant enables us to provide a complete solution for detecting, preventing and resolving advanced cybersecurity threats across three distinct disciplines:
First, Mandiant provided endpoint-based advanced threat detection and response solutions, and we have continued to develop Mandiant’s endpoint technology as part of our comprehensive advanced security platform. The integration of threat intelligence from our endpoint products with our web, email, file and mobile platforms enables security teams to enhance their visibility and make faster, more accurate decisions about potential security incidents occurring across an organization’s network and endpoints.
Second, Mandiant brings significant depth in intelligence on next-generation attacks and threat actors, which is continually gathered from ongoing monitoring of more than four million endpoints and by incident response and remediation teams that serve on the front lines combating the most advanced attacks. When this depth of threat intelligence is paired with the breadth of the FireEye real-time threat intelligence gathered from more than nine million virtual machines, organizations will have robust detection and contextual information about attempted attacks, including the level of risk, the identity of the attackers, and the intended target of the attacks.
Third, Mandiant’s team of highly skilled incident response experts has performed hundreds of incident response investigations across numerous industries at some of the largest organizations in the world. In addition, Mandiant brings its Managed Defense monitoring service to FireEye. The addition of these skills and expertise significantly expands our ability to offer value-added services to our customers.

6


Our cybersecurity platform includes a family of software-based appliances, cloud-based subscription services, support and maintenance and other services. Our principal threat prevention appliance families address critical vectors of attack: Web, email, file, endpoint and mobile. We also provide a family of threat prevention appliances and agents that enable rapid identification and remediation of attacks that have penetrated and are residing on an organization’s endpoints, such as desktop computers, laptops, or mobile devices. Our management appliances serve as a central nervous system unifying reporting and configuration, while monitoring and correlating attacks that simultaneously cross multiple vectors of the network, thereby increasing the efficacy of our security platform. Our management appliances enable us to share intelligence regarding threats at a local implementation level and also across the organization.
In addition, we enhance the efficacy of our solution by sharing with customers anonymized global threat data through our DTI cloud. We also offer a forensic analysis appliance that provides IT security analysts with the ability to test, characterize and conduct forensic examinations on next-generation cyber attacks by simulating their execution path with our virtual machine technology. Our cloud-based mobile threat prevention platform identifies and stops mobile threats by analyzing mobile applications within our MVX engine. Finally, we offer both incident response services to assist our customers who have been breached and our FireEye-as-a-Service managed services for comprehensive monitoring based on our security expertise.
As part of our sales strategy, we often provide prospective customers with our products for a short-term evaluation period. In such cases, our products are deployed within the prospective customer’s network, typically for a period ranging from one week to several months. During this period, the prospective customer conducts evaluations with the assistance of our system engineers and members of our security research team. These evaluations have been part of our ordinary course business practices for the past two years. In over 95% of these prospective customer evaluations, we have discovered incidents of next-generation threats that were conducting malicious activities and that successfully evaded the prospective customers’ existing security infrastructure, including traditional firewalls, next-generation firewalls, intrusion prevention systems, anti-virus software, email security and Web filtering appliances. By deploying our platform, organizations can stop inbound attacks and outbound theft of valuable intellectual property and data with a negligible false-positive rate, enabling them to avoid potentially catastrophic financial and intellectual property losses, reputational harm and damage to critical infrastructures.
Our sales model consists of a direct sales team and channel partners that collaborate to identify new sales prospects, sell products and services, and provide post-sale support. We believe this approach allows us to maintain face-to-face connectivity with our customers, including key enterprise accounts, and helps us support our partners, while leveraging their reach and capabilities. Further, we believe our leading incident response capabilities position us as a trusted advisor to our customers and offer us the opportunity to help customers prevent future breaches through the use of our products and services. As of December 31, 2014, we had approximately 3,100 end-customers, including 187 of the Fortune 500. Our customers include leading enterprises in a diverse set of industries, including telecommunications, technology, financial services, public utilities, healthcare and oil and gas, as well as leading U.S. and international governmental agencies.
For 2014, 2013 and 2012, our revenue was $425.7 million, $161.6 million and $83.3 million, respectively, representing year-over-year growth of 163% for 2014, 94% for 2013 and 148% for 2012, and our net losses were $443.8 million, $120.6 million and $35.8 million, respectively.
We primarily market and sell our virtual machine-based security platform to enterprise companies in a broad range of industries and to national, regional and local governments worldwide. Our business is geographically diversified, with 75% of our total revenue from the United States, 14% from Europe, the Middle East, and Africa (EMEA), and 8% from Asia Pacific and Japan (APAC) in 2014. As of December 31, 2014, we had approximately 3,100 end-customers, including approximately 25% of the Global 2000.
We were incorporated in Delaware in February 2004 under the name NetForts, Inc., and changed our name to FireEye, Inc. in September 2005. Our principal executive offices are located at 1440 McCarthy Blvd, Milpitas, California 95035, and our telephone number is (408) 321-6300. Our website is www.fireeye.com. Information contained on, or that can be accessed through, our website is not incorporated by reference into this report, and you should not consider information on our website to be part of this report. Our Annual Report on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K and amendments to reports filed or furnished pursuant to Sections 13(a) and 15(d) of the Securities Exchange Act of 1934, as amended, are available free of charge on the Investors portion of our web site as soon as reasonably practicable after we electronically file such material with, or furnish it to, the SEC.
We are organized and operate in a single segment. See "Management's Discussion and Analysis of Financial Condition and Results of Operations" included in Part II, Item 7 of this Annual Report on Form 10-K.
Our Products, Subscriptions and Services
Products
Threat Prevention Platform. Our Threat Prevention Platform consists of vector-specific appliance solutions that provide comprehensive next-generation threat protection, from network to endpoint, for both inbound and outbound network traffic

7


that may contain sensitive information. Our portfolio of Threat Prevention solutions includes the following appliances covering the Web, email, endpoint, file and mobile threat vectors:
Network Threat Prevention Platform (NX Series). Our Network Security NX Series appliances are deployed in-line at enterprise Internet access points to analyze all web traffic. Utilizing our MVX engine, these appliances identify and block next-generation threats deeply embedded inside web traffic, create real-time protection descriptors from the identified threats, and capture potential multi-protocol outbound communication data from threats that may already be inside the network. Our MVX engine detects advanced attacks exploiting unknown vulnerabilities as well as malicious code embedded in common Web and multimedia content. Our MVX engine executes suspicious software against a range of browsers, plug-ins, applications, and operating environments that are instrumental in tracking malicious actions. As potential threats can sometimes enter the network via user devices and may have been resident in the network previously, our MVX engine also analyzes outbound traffic for threats that may attempt to extract sensitive information or enable control of devices within the network by communicating with servers. Using our MVX engine, our Network Security platform confirms zero-day attacks, generates real-time security intelligence and captures dynamic callback destinations to defend against attacks. In September 2013, we introduced the NX 10000, a multi-gigabit throughput appliance that can be deployed in-line at Internet egress points to block Web exploits and outbound multi-protocol callbacks. In December 2013, we introduced our NX 900 to enable threat protection at various remote and branch offices as well as at the homes of an organization’s executive officers and key personnel. In June 2014, we introduced the Network Threat Prevention Platform with IPS to consolidate advanced threat prevention with traditional security. This optimizes spend, reduces false positives illuminating attacks hidden in noise, and enables compliance while driving security across known and unknown threats. In September 2014, we introduced the NX 7500 with support for Windows and Mac OSX on the same appliance.
Email Threat Prevention Platform (EX Series). Our Email Threat Prevention EX Series appliances detect and stop advanced attacks that exploit unknown operating system, browser, and application vulnerabilities as well as malicious code embedded in email content. Using our MVX engine, these appliances analyze email content as well as all email attachments, including all common file and archive formats. In particular, these appliances secure networks against spear phishing emails, which bypass traditional anti-spam and reputation-based technologies. Spear phishing attacks use individually targeted content to trick users into clicking on a malicious link or opening a document, and are frequently used by cybercriminals to extract sensitive information such as user IDs and passwords. Our MVX engine actively executes, and is able to quickly identify, links to compromised websites and malicious attachments and blocks spear-phishing emails.
Endpoint Threat Prevention Platform (HX Series). Our Endpoint Threat Prevention Platform is an appliance and endpoint agent-based system that equips security organizations to detect, analyze and resolve security incidents on desktops, laptops and other end-user devices using the threat detection algorithms of the MVX engine. Threat intelligence and alerts are correlated between our Network Threat Prevention and Endpoint Threat Prevention platforms to provide visibility across an organization and enable rapid containment. Additionally, the HX agent collects forensic data necessary for investigation and analysis of attacks. Our Endpoint Threat Prevention can be configured to sweep for indicators of compromise at regular intervals to identify new attacks and compromised devices and is a component of our FireEye as a Service offering.
File Content Security (FX Series). Our FX Series appliances analyze network file servers to detect and quarantine malicious software brought into the network by users within the organization through technologies, such as online file sharing and associated collaboration tools, which bypass traditional network security solutions. These appliances analyze files using our MVX engine and detect malicious code embedded in common file types, including PDF, Microsoft Office documents, archived files, and multimedia content such as QuickTime and other video, audio and image files. Our FX Series appliances perform recursive, scheduled, and on-demand scanning of accessible network file servers to continuously identify and quarantine resident threats.
Mobile Threat Prevention (MX Series). Our Mobile Threat Prevention product allows organizations to identify malicious mobile apps and assess risk levels for other apps for Android and Apple devices. Using our MVX technology, we have threat intelligence from more than seven million mobile applications and assigned security and privacy risk levels for each. Our Mobile Threat Prevention platform includes a downloadable app and a management solution that can integrate with a number of the major mobile device management solutions. The management solution is available as an on-premise appliance or a cloud-based solution.
Security Management Products
Central Management System. Our Central Management System, or CMS, unifies reporting, configuration, and threat intelligence sharing and manages the overall deployment of the components of our Threat Prevention Platform. CMS appliances distribute threat intelligence from the DTI cloud and provide cross-enterprise threat data correlation to identify

8


and block blended attacks across multiple attack vectors. CMS consolidates the management and reporting of activities in a unified security dashboard to provide a real-time view of an organization’s security profile.
Threat Analytics Platform (TAP). Our Threat Analytics Platform, or TAP, is a cloud-based solution that enables security teams to identify and effectively respond to cyber threats by correlating enterprise-generated security event data from any security product with real-time threat intelligence from FireEye. The platform is designed to scale by keeping as much data online and searchable as business needs demand. Search results can be exported from the user interface for use in other incident response management tools as needed.
Security Forensics Products
Forensic Analysis System (AX Series). Our Forensic Analysis System provides powerful auto-configured test environments to allow forensics teams to manually execute and inspect advanced malware, zero-day, and other advanced cyber-attacks embedded in files, email attachments, and Web objects. The Forensic Analysis System inspects single files or batches of files for malware and tracks outbound connection attempts across multiple protocols. In virtual execution mode, the Forensic Analysis System analyzes the execution path of a particular malware sample to generate a dynamic and anonymized profile that can be distributed to other FireEye appliances on the network. Malware attack profiles include identifiers of malware code, exploit URLs, and other sources of infections and attacks. To fully analyze the behavior of every unknown file, the Forensic Analysis System provides full malware life cycle analysis. Larger customers typically purchase the product to enable advanced and deeper analysis of potential malicious software outside of the real-time traffic scanning done by our Threat Prevention appliances.
Network Forensics Platform (PX Series). Our Network Forensics Platform appliances complement our Threat Prevention Platform by capturing and indexing full packets at extremely rapid speeds to allow organizations to investigate and resolve security incidents. Using our Network Forensics Platform in conjunction with our Threat Prevention Platform, security analysts can detect threats and view specific packets and sessions before, during, and after the attack to confirm what may have triggered a malware download or callback. This information can be used for rapid response and to develop future protective strategies.
Investigation Analysis System (AI Series). Our Investigative Analysis System provides a centralized, easy-to-use analytical interface to the Network Forensics Platform to provide data visualization and in-depth analytics to security analysts in a single centralized dashboard. Our Investigation Analysis System supports a number of configurations for single node and distributed architectures to optimize bandwidth and performance of metadata aggregation, queries, and analytics.
Subscription and Services
Product Subscriptions
Threat Intelligence Subscriptions
Dynamic Threat Intelligence Cloud (DTI). Our Dynamic Threat Intelligence, or DTI, cloud interconnects FireEye appliances deployed within customer networks, technology partner networks, and service providers around the world to share real-time threat intelligence. Our DTI cloud is a bi-directional system that collects threat intelligence from our appliances and our security labs and distributes updated intelligence throughout the network to provide real-time detection of advanced attacks. The network effects of a globally distributed, automated threat analysis network improve the efficacy of our Threat Prevention Platform and differentiate our security solutions. Customers are required to purchase either a one or three year DTI cloud subscription as part of their initial appliance purchase.
Advanced Threat Intelligence (ATI). Our Advanced Threat Intelligence augments our Dynamic Threat Intelligence with contextual information on threats and threat actors, including information on the identity of the attacker, likely motives, and details on attack patterns. This information can be used to search for additional compromises and enhance protective measures to prevent future attacks. ATI is an optional upgrade to our DTI Cloud subscription.
Advanced Threat Intelligence Plus (ATI+). ATI+ adds comprehensive dossiers, trends, news, and analysis on advanced cyber threat groups as well as profiles of targeted industries and information about the types of data threat groups are targeting. It also includes community threat sharing, which allows organizations to share threat intelligence with trusted partners to develop personalized community cyber defenses. Customers at this level can also benefit from our 24/7/365 critical alert and detection efficacy monitoring.
Email Threat Prevention Attachment/URL Engine. Our Email Threat Prevention Attachment/URL engine analyzes email attachments and URLs embedded in emails for next-generation threats. Customers who purchase the Email Threat Prevention appliance are also required to purchase a one or three year subscription to our Email Threat Prevention Attachment/URL engine.

9


Email Threat Prevention Cloud. Our Email Threat Prevention Cloud is a software-as-a-service (SaaS) offering that provides anti-spam, anti-virus protection and combats advanced attacks for cloud-based mailboxes using our MVX engine. FireEye EX Series appliances can be extended with our Email Threat Prevention Cloud, whereby the incoming emails are analyzed and quarantined by the anti-spam, anti-virus engine in the cloud to thwart known threats while the on-premise EX Series combats the advanced unknown threats and zero-day attacks.
Mobile Threat Prevention Subscription. Our Mobile Threat Prevention analysis engine uses a combination of semantic, dynamic, and behavioral analysis to give comprehensive mobile app threat assessments. Customers who purchase the Mobile Threat Prevention appliance or cloud offering are also required to purchase a per mobile device subscription of this analysis engine. In addition, we also offer a standalone subscription that provides for deeper on-demand app forensics and analysis by security analysts. Such live analysis gives organizations more visibility into the app detonation and the dynamic analysis process for mobile devices.
Security-as-a-Service Offerings
FireEye-as-a-Service. Our FireEye-as-a-Service offering includes our Network Security Platform and our Endpoint Security Platform solutions, managed by our security experts through our security operations centers around the world. Using automated techniques and our advanced threat intelligence, our analysts monitor and analyze network traffic, regularly sweep enterprise endpoints for new malware, and actively hunt for new attacks and adversaries. Customers receive detailed analyses of threats with the context necessary to assess risk and prioritize action, as well as recommendations for containment and response.
Customer Support and Consulting Services
Incident response and related consulting services. We have a team of cyber security experts to quickly respond to customers that have experienced a breach and help them understand the scope of the incident and quickly remediate the attack. Our cyber security experts will inform customers who is behind the attack (i.e., organized crime, nation state or malicious insider) and how much damage was done, and will work with them to recover from the incident while minimizing the impact of the event on the organization. We have performed hundreds of successful security investigations across all industries, organization sizes and technical environments. As part of our services, we can help customers scope their own security programs, provide litigation support and forensics, and assist with threat and vulnerability assessments. These consulting services are marketed under the Mandiant brand.
Training and professional services. We offer training services to our customers and channel partners through our training department and authorized training partners. These services are designed to provide education regarding implementation, use and functionality, and maintenance and support of our products. We also provide training on managing the stages of our sales cycle for our channel partners. We offer professional services to customers for large implementations where expert technical resources are required. We provide professional services both directly to our customers, and indirectly through our authorized partners, who provide similar services to the end-customer.
Customer Support and Maintenance Services. We offer technical support on our products and subscriptions. We provide multiple levels of support and have regional support centers located across the globe to help customers solve technical challenges that they may encounter. In addition to post-sales support activities, our support organization works with our product management and engineering teams to ensure the attainment of defined pre-requisite quality levels for our products and services prior to release. Like our subscription services, our support and maintenance contracts have terms of either one or three years.
Our products are designed to address security requirements for small-to-mid sized businesses, remote offices, large enterprises, governments and service providers. We offer multiple appliance models, each with various features and capabilities. The list price of our products ranges from approximately $8,000 to $350,000 based on throughput and other performance requirements.
For contributions to total revenue by significant class of revenues, see "Management's Discussion and Analysis of Financial Condition and Results of Operations" included in Part II, Item 7 of this Annual Report on Form 10-K.
Our Technology
The key technologies underlying our platform have been built from the ground up to address next-generation threats. Our foundational technologies are: (i) line rate anomaly detection, (ii) proprietary MVX, (iii) exploit stage monitoring, (iv) cross correlation, and (v) evolved network security architecture. We have built our technology over 10 years of research and development, and we believe it represents a significant competitive advantage for us.
Custom Anomaly Detector. Commercial anomaly detectors are common place in IT security. While such anomaly detectors are the foundation for IPS solutions, they generate a significant number of false positives, making their efficacy in detecting IT security threats challenging. We have custom built our anomaly detector with a focus on helping to filter potentially suspicious data from benign traffic. This filtering allows for most normal traffic to pass through and any other traffic to be executed in our virtual machine.

10


While our virtual machine can ultimately process all traffic, using an anomaly detector helps to increase network throughput and limit the amount of traffic that requires virtual execution. We are constantly improving the efficacy of our anomaly detector as we discover new threats in our virtual machine. Our anomaly detector also receives updates from our DTI cloud in the attributes, or markers, it looks for when inspecting potentially suspicious data. Uniquely, because the line rate anomaly detector is designed to feed suspicious flows to our MVX engine, it can focus on minimizing missed attacks by aggressively categorizing traffic as suspicious. Any potential false alerts in the output of this system are automatically weeded out by our MVX engine, which confirms whether a suspicious flow or object is malicious. Because we first identify suspicious flows with our line rate anomaly detector and then, through a separate process, use our MVX engine to determine whether such suspicious flows are malicious, our solution is able to achieve negligible false-positive rates and missed attacks, which are the desired results of the ideal detection engine.
Proprietary MVX Engine. Our appliances utilize a proprietary virtual execution engine to execute potentially suspicious software code. We have built our virtual execution engine to take advantage of advances in multi-core processing and run on many-core network processors. As we do not use a commercially available virtual machine, we are not encumbered by any incremental overhead beyond the execution of our environments and the detection of threats. We are also free to make modifications to the code base of our virtual execution engine, which our competitors are not able to do. Our virtual execution engine mimics operating systems and configurations of several user devices, including several popular operating systems, applications and Web browsers. Once the unknown software code is loaded into this environment, our engine monitors the software’s behavior. Using a proprietary behavior analysis technology, our appliances determine if the actions the code is taking in the virtual environment are malicious or benign. We have developed our MVX engine over the past 10 years to provide high performance next-generation threat protection while maintaining high threat detection efficacy, negligible false-positive rates, and minimal impact on network performance.
Exploit Stage Monitoring. Our appliances are able to monitor the full spectrum of data that enters the network. This allows visibility into all stages of an attack, including the exploit phase, where an attacker first compromises a program. The exploit object can be embedded in any piece of content, such as an ordinary Web page. This stage is invisible to legacy network security technologies that are focused on examining files and executables once they are written to the hard drive on a host computer. Next-generation threats often encrypt the malware file they download, making virtual execution impossible unless it has been monitored at the exploit phase. In the exploit phase, our appliance collects the encryption key necessary to properly execute the program in a virtual environment. We are also able to detect threats by running the exploit, not just the malware, through our virtual execution engine, which provides greater defense efficacy because we have an additional point at which we can detect suspicious behavior.
Multi-Vector Cross Correlation. Our MPS appliances, when deployed with the CMS appliance, communicate in real time on threat information as well as receive updates from our DTI cloud. This awareness allows our appliances, which are specific to threat vectors, to communicate threat data to each other in real time to prevent sophisticated multi-vector threats, particularly blended attacks. This cross-fertilization of traffic information enables our appliances to piece together seemingly benign components of a broader blended or multi-vector attack. Cross correlation requires MPS appliances that target different vectors and our CMS appliance to work in concert.
Evolved Network Security Architecture. Our appliances are designed to operate as part of a comprehensive architecture to defend networks against next-generation threats. This allows appliances to be deployed at the right vectors and have visibility into the traffic streams necessary to detect and block next-generation threats. The ability to monitor all traffic and file stores is critical to detecting next-generation threats that will enter through multiple vectors and move laterally across the network. This is impossible for legacy network security providers to achieve with architectures that were built around traditional threats and file scanning, which do not have visibility into the traffic sources next-generation threats utilize during attacks.
Advanced Endpoint Validation and Containment. Our Endpoint Threat Prevention System is an appliance and endpoint agent-based solution that enables real-time automated validation of security incidents across thousands of endpoints to contain the impact of an incident. The Endpoint Threat Prevention System allows customers to uncover attacks in their environment by identifying indicators of compromise, or IOCs, on endpoints left behind by attacker activity. Suspicious hosts are flagged using non-signature based intelligence so customers can confirm the scope of the attack, identify and contain all compromised hosts and quickly secure their networks.
The Endpoint Threat Prevention Platform enables security operations teams to correlate network and endpoint activity. Organizations can automatically investigate alerts generated by FireEye Threat Prevention Platforms, log management and network security products, apply proprietary intelligence from FireEye, or sweep for IOCs, to identify the devices that have been compromised and assess the potential risk. Further, organizations can quickly triage the incident to understand the details and contain compromised endpoints with a single click.
Automatically investigate alerts from network- devices. Create IOCs automatically from alerts generated in network devices. Confirm threat alerts at all endpoints to identify critical issues and investigate tens or hundreds of thousands of endpoints in a matter of minutes.
Agent Anywhere. Investigate any endpoint even when they’re not on your network.

11


Easy to understand interface. Transform front-line analysts into investigators by making it simple and straightforward to quickly interpret data and follow up appropriately.
Unified endpoint dashboard. In addition, our Endpoint Threat Prevention platform provides a unified dashboard that allows administrators to view malicious activity both on conventional endpoints like PCs as well as mobile devices.
Customers
Our customer base has grown from approximately 450 end-customers at the end of 2011 to approximately 3,100 end-customers as of December 31, 2014, including 187 of the Fortune 500. We provide products, subscriptions and services to customers of varying sizes, including enterprises, governmental agencies and educational and nonprofit organizations. Our customers include leading enterprises in a diverse set of industries, including telecommunications providers, financial services entities, Internet search engines, social networking sites, stock exchanges, electrical grid operators, networking vendors, oil and gas companies, healthcare and pharmaceutical companies and leading U.S. and international governmental agencies. Our business is not dependent on any particular end-customer as no end-customer represented more than 10% of our revenue for any of the years ended December 31, 2014, 2013 and 2012. Carahsoft Technology Corporation, a reseller, accounted for approximately 11% of our revenue for the years ended December 31, 2014 and 2013. For the years ended December 31, 2013 and 2012, Accuvant, another reseller, accounted for approximately 11% and 10% of our revenue, respectively.
Backlog
Orders for services for multiple years are typically billed shortly after receipt of the order and are included in deferred revenue. The timing of revenue recognition for services may vary depending on the contractual service period or when the services are rendered. Products are shipped and billed shortly after receipt of an order. We do not believe that our product backlog at any particular time is meaningful because it is not necessarily indicative of future revenue in any given period, as the fulfillment of such orders may be delayed. Additionally, the majority of our product revenue comes from orders that are received and shipped in the same quarter.
Sales and Marketing
Sales. Our sales organization consists of a direct sales team and channel partners who work in collaboration with our direct sales team to identify new sales prospects, sell products, subscriptions and services, and provide post-sale support. Our direct field sales team is responsible for securing enterprise and government accounts globally. Our direct inside sales organization is responsible for securing medium and smaller organizations that are focused on protecting key assets. We also recently built a strategic account management team to support and expand sales within our customer base. Our sales cycle varies by industry and could last multiple months, although some deals close in only a few weeks given the typically shorter deployment time of our products as compared to traditional network security products. We also have a dedicated team focused on channel sales who work with our direct sales organization to manage the relationships with our channel partners and work with our channel partners in winning and supporting customers. We believe this direct-touch sales approach allows us to leverage the benefits of the channel as well as maintain a face-to-face connection with our customers, including key enterprise accounts. We expect to continue to grow our sales headcount in all markets, particularly in countries where we currently do not have a direct sales presence. In the quarter ended December 31, 2014, nearly a third of our engagements with prospects were led by channel partners.
Our sales organization is supported by sales engineers with deep technical domain expertise who are responsible for pre-sales technical support, solutions engineering for our customers, proof of concept work and technical training for our channel partners. We believe that, by providing a proof of concept to potential customers, we are able to contrast the effectiveness of our platform versus our competitors in identifying suspicious and potentially malicious software code in their actual IT environments. Our sales engineers also act as the liaison between customers and our marketing and product development organizations.
Marketing. Our marketing is focused on building our brand reputation and the market awareness of our platform, driving customer demand and a strong sales pipeline, and working with our channel partners around the globe. Our marketing team consists primarily of corporate marketing, channel marketing, account/lead development, operations and corporate communications. Marketing activities include demand generation, advertising, product launch activities, managing our corporate Website and partner portal, trade shows and conferences, press and analyst relations, and customer awareness. We are also actively engaged in driving global thought leadership programs through blogs and media and developing rich content such as the global cyber maps and threat reports.
Technology Alliance Partners
FireEye has built a robust ecosystem of Technology Alliance Partners who, through integration and joint go-to-market efforts, extend the breadth and depth of cyber security and protection customers gain from FireEye.  Spanning multiple technology categories, including network monitoring vendors, security information and event management vendors, network equipment vendors, forensic software vendors and web application Firewall vendors. These partnerships acknowledge and help to ease the complications that enterprises face when implementing the layered security solutions required to protect against the most persistent and advanced threats. Multi-vendor, integrated solution design is made easier and the time to realize the value of the solution is accelerated.

12


Government Affairs
We maintain relationships with several governments around the globe. Our thought leadership in defending against next-generation threats has helped to shape the legislative, regulatory and policy environment to better enhance these governments’ individual and collective cyber posture. As part of this effort, we contribute to the evolving standard-making processes, help define best practices in various jurisdictions and help organizations of all sizes better understand the cyber threat landscape. We also help governments identify future needs and requirements. In the United States, David G. DeWalt, our Chief Executive Officer, is a member of President Obama’s National Security Telecommunications Advisory Committee, which provides recommendations to the President on how to assure vital telecommunications links through any event or crisis, and help the nation maintain a reliable, secure and resilient national communications posture. Through these and related activities, we engage on the front lines of emerging cybersecurity related public policy and use our knowledge and insight to improve the cybersecurity of our government and industry customers.
Manufacturing
The manufacturing of our security products is outsourced to principally one third-party contract manufacturer. This approach allows us to reduce our costs as it reduces our manufacturing overhead and inventory and also allows us to adjust more quickly to changing customer demand. Our manufacturing partner assembles our products using design specifications, quality assurance programs, and standards that we establish, and it procures components and assembles our products based on our demand forecasts. These forecasts represent our estimates of future demand for our products based upon historical trends and analysis from our sales and product management functions as adjusted for overall market conditions.
Our primary contract manufacturer is Flextronics Telecom Systems, Ltd., or Flextronics. The manufacturing agreement we have entered into with Flextronics does not provide for any minimum purchase commitments and had an initial term of one year and automatically renews for one-year terms, unless either party gives written notice to the other party not less than 90 days prior to the last day of the applicable term. Additionally, this agreement may be terminated by either party (i) with advance written notice provided to the other party, subject to certain notice period limitations, or (ii) with written notice, subject to applicable cure periods, if the other party has materially breached its obligations under the agreement.
Research and Development
We invest substantial resources in research and development to enhance our virtual execution engine, build add-on functionality and improve our core technology. We believe that both hardware and software are critical to expanding our leadership in the security industry. Our engineering team has deep networking and security expertise and works closely with customers to identify their current and future needs. In addition to our focus on hardware and software, our research and development team is focused on research into next-generation threats, which is required to respond to the rapidly changing threat landscape.
Research and development expense totaled $203.2 million, $66.0 million and $16.5 million for the years ended December 31, 2014, 2013 and 2012, respectively. We plan to continue to significantly invest in resources to conduct our research and development efforts.
Competition
We operate in the intensely competitive IT security market which is characterized by constant change and innovation. Changes in the threat landscape and broader IT infrastructures result in evolving customer requirements for the protection from next-generation threats. Several vendors have both recently introduced new products to compete with our solutions and are incorporating features to compete with our products. Our current and potential future competitors fall into six general categories:
large networking vendors such as Cisco and Juniper that may emulate or integrate features similar to ours into their own products;
large companies such as Intel, IBM and HP that have acquired large IT security specialist vendors in recent years and have the technical and financial resources to bring competitive solutions to the market;
independent security vendors such as Palo Alto Networks and Trend Micro that offer products that claim to perform similar functions to our platform;
small and large companies, including new entrants, that offer point solutions that compete with some of the features present in our platform;
providers of traditional IT security solutions, such as Symantec, that we may compete with in the future; and
other providers of incident response services.
As our market grows and new IT budgets are created to support next-generation threat protection, it will attract more highly specialized vendors as well as larger vendors that may continue to acquire or bundle their products more effectively. The principal competitive factors in our market include:

13


ability to deliver the combination of technology, intelligence and expertise necessary to combat the current threat landscape;
ability to detect next-generation threats by overcoming the limitations of signature-based approaches;
efficacy of the virtual machine technology in terms of detecting the maximum number of threats;
scalability, throughput and overall performance of the virtual machine technology;
visibility into all stages of an attack, especially the exploit phase;
ability to achieve low false-positive rates;
solutions that help detect, prevent, analyze and respond to the most advanced threats;
breadth and richness of the shared threat data the appliances have access to;
ability to process all data entering a network on premise;
brand awareness and reputation;
strength of sales and marketing efforts;
product extensibility and ability to integrate with other technology infrastructures;
price and total cost of ownership; and
ability to provide a comprehensive solution of products and services for detecting, preventing and resolving advanced cybersecurity threats.
We believe we compete favorably with our competitors on the basis of these factors as a result of the features and performance of our platform, the ease of integration of our products with technological infrastructures, the breadth of our services and solution offerings and the relatively low total cost of ownership of our products. However, many of our competitors have substantially greater financial, technical and other resources, greater name recognition, larger sales and marketing budgets, deeper customer relationships, broader distribution, and larger and more mature intellectual property portfolios.
Intellectual Property
Our success depends in part upon our ability to protect our core technology and intellectual property. We rely on, among other things, patents, trademarks, copyrights and trade secret laws, confidentiality safeguards and procedures, and employee non-disclosure and invention assignment agreements to protect our intellectual property rights. We have 26 issued patents and 110 patent applications pending in the United States. We also have a number of foreign counterparts of these patents and patent applications, consisting of 19 pending applications under the Patent Cooperation Treaty, four pending applications in the European Patent Office and three nationally outside the United States. Our issued patents expire between 2025 and 2031. We cannot assure you whether any of our patent applications will result in the issuance of a patent or whether the examination process will result in patents of valuable breadth or applicability. In addition, any patents that may issue may be contested, circumvented, found unenforceable or invalidated, and we may not be able to prevent third parties from infringing them. We also license software from third parties for integration into our products, including open source software and other software available on commercially reasonable terms.
We control access to and use of our proprietary software, technology and other proprietary information through the use of internal and external controls, including contractual protections with employees, contractors, end-customers and partners, and our software is protected by U.S. and international copyright, patent and trade secret laws. Despite our efforts to protect our software, technology and other proprietary information, unauthorized parties may still copy or otherwise obtain and use our software, technology and other proprietary information. In addition, we intend to expand our international operations, and effective patent, copyright, trademark, and trade secret protection may not be available or may be limited in foreign countries.
Our industry is characterized by the existence of a large number of patents and frequent claims and related litigation regarding patent and other intellectual property rights. If we become more successful, we believe that competitors will be more likely to try to develop products that are similar to ours and that may infringe our proprietary rights. It may also be more likely that competitors or other third parties will claim that our products infringe their proprietary rights. In particular, large and established companies in the IT security industry have extensive patent portfolios and are regularly involved in both offensive and defensive litigation. From time-to-time, third parties, including certain of these large companies and non-practicing entities, may assert patent, copyright, trademark, and other intellectual property rights against us, our channel partners, or our end-customers, whom our standard license and other agreements obligate us to indemnify against such claims. Successful claims of infringement by a third party, if any, could prevent us from distributing certain products or performing certain services, require us to expend time and money to develop non-infringing solutions, or force us to pay substantial damages (including, in the United States, treble damages if we are found to have willfully infringed patents), royalties or other fees. We cannot assure you that we do not currently infringe, or that we will not in the future infringe, upon any third-party patents or other proprietary rights. For example, we are currently a party to claims alleging, among other things, patent infringement, which are in the early stages of litigation. See “Risk Factors—Risks Related to Our Business and

14


Our Industry—Claims by others that we infringe their proprietary technology or other rights could harm our business” for additional information.
Business Seasonality
For discussion of seasonal trends, see our quarterly results of operations discussion within "Management's Discussion and Analysis of Financial Condition and Results of Operations" included in Part II, Item 7 of this Annual Report on Form 10-K.
Employees
As of December 31, 2014, we had approximately 2,500 employees. None of our employees is represented by a labor organization or is a party to any collective bargaining arrangement. We have never had a work stoppage, and we consider our relationship with our employees to be good.
Facilities
We currently lease approximately 223,000 square feet of space for our corporate headquarters in Milpitas, California under lease agreements that expire at various dates through 2018. We maintain additional offices throughout the United States and various international locations including, Australia, Dubai, India, Ireland, Japan, South Korea, Singapore, Taiwan, Turkey and the United Kingdom. We believe that our current facilities are adequate to meet our ongoing needs, and that, if we require additional space, we will be able to obtain additional facilities on commercially reasonable terms.
Legal Proceedings
The information set forth under "Litigation" in Note 9 contained in the "Notes to Consolidated Financial Statements" in Item 8 of Part II of this Annual Report on Form 10-K is incorporated herein by reference.
Item 1A.  Risk Factors
Our operations and financial results are subject to various risks and uncertainties including those described below. The risks and uncertainties described below are not the only ones we face. Additional risks and uncertainties that we are unaware of, or that we currently believe are not material, also may become important factors that affect us. If any of the following risks or others not specified below materialize, our business, financial condition and results of operations could be materially adversely affected. In that case, the trading price of our common stock could decline.
Risks Related to Our Business and Our Industry
If the IT security market does not continue to adopt our virtual machine-based security platform, our sales will not grow as quickly as anticipated, or at all, and our business, results of operations and financial condition would be harmed.
We are seeking to disrupt the IT security market with our virtual machine-based security platform. Our platform interoperates with but does not replace most signature-based IT security products. Enterprises and governments that use signature-based security products, such as firewalls, intrusion prevention systems, or IPS, anti-virus, or AV, and Web and messaging gateways, for their IT security may be hesitant to purchase our virtual machine-based security platform if they believe that signature-based products are more cost effective, provide substantially the same functionality as our platform or provide a level of IT security that is sufficient to meet their needs. Currently, most enterprises and governments have not allocated a fixed portion of their budgets to protect against next-generation advanced cyber attacks. As a result, to expand our customer base, we need to convince potential customers to allocate a portion of their discretionary budgets to purchase our platform. However, even if we are successful in doing so, any future deterioration in general economic conditions may cause our customers to cut their overall IT spending, and such cuts may fall disproportionately on products and services like ours, for which no fixed budgetary allocation has been made. If we do not succeed in convincing customers that our platform should be an integral part of their overall approach to IT security and that a fixed portion of their annual IT budgets should be allocated to our platform, our sales will not grow as quickly as anticipated, or at all, which would have an adverse impact on our business, results of operations and financial condition.
Even if there is significant demand for virtual machine-based security solutions like ours, if our competitors include functionality that is, or is perceived to be, better than or equivalent to that of our platform in signature-based or other products that are already generally accepted as necessary components of an organization’s IT security architecture, we may have difficulty increasing the market penetration of our platform. Furthermore, even if the functionality offered by other IT security providers is different and more limited than the functionality of our platform, organizations may elect to accept such limited functionality in lieu of adding products from additional vendors like us.
If enterprises and governments do not continue to adopt our virtual machine-based security platform for any of the reasons discussed above or for other reasons not contemplated, our sales would not grow as quickly as anticipated, or at all, and our business, results of operations and financial condition would be harmed.

15


If we fail to effectively manage our growth, our business, financial condition and results of operations would be harmed.
Our headcount increased from more than 1,600 employees as of December 31, 2013 to approximately 2,500 employees as of December 31, 2014. We expect our headcount to continue to grow rapidly. In addition, our number of end-customers increased from more than 1,900 to approximately 3,100 over the same period. This rapid growth has placed significant demands on our management and our operational and financial infrastructure. To improve our infrastructure, we have recently implemented a new enterprise resource planning system, including revenue recognition and management software, and we plan to implement additional systems. There is no assurance that we will be able to successfully scale improvements to our enterprise resource planning system or other systems and processes in a manner that keeps pace with our growth or that such systems will be effective in preventing or detecting errors, omissions or fraud.
As part of our efforts to improve our internal systems, processes and controls, we have licensed technology from third parties. The support services available for such third-party technology is outside of our control and may be negatively affected by consolidation in the software industry. In addition, if we do not receive adequate support for the software underlying our systems, processes and controls, our ability to provide products and services to our customers in a timely manner may be impaired, which may cause us to lose customers, limit us to smaller deployments of our platform or increase our technical support costs.
To manage this growth effectively, we must continue to improve our operational, financial and management systems and controls by, among other things:
effectively attracting, training and integrating a large number of new employees, particularly members of our sales and management teams;
further improving our key business applications, processes and IT infrastructure, including our data centers, to support our business needs;
enhancing our information and communication systems to ensure that our employees and offices around the world are well coordinated and can effectively communicate with each other and our growing base of channel partners and customers;
improving our internal control over financial reporting and disclosure controls and procedures to ensure timely and accurate reporting of our operational and financial results; and
appropriately documenting and testing our IT systems and business processes.
These and other improvements in our systems and controls will require significant capital expenditures and the allocation of valuable management and employee resources. If we fail to implement these improvements effectively, our ability to manage our expected growth, ensure uninterrupted operation of key business systems and comply with the rules and regulations applicable to public reporting companies would be impaired, and our business, financial condition and results of operations would be harmed.
Our limited operating history makes it difficult to evaluate our current business and prospects and may increase the risk that we will not be successful.
We were founded in 2004, and our first commercially successful product was shipped in 2008. Since then, we have continued to expand our platform, both organically and through acquisitions, including through the addition of Mandiant’s endpoint threat detection, response and remediation products; advanced threat intelligence capabilities; and incident response and security consulting services. The majority of our revenue growth began in 2010. Our limited operating history and our acquisition of Mandiant in December 2013 make it difficult to evaluate our current business and prospects and plan for and model our future growth. We have encountered and will continue to encounter risks and uncertainties frequently encountered by rapidly growing companies in developing markets.
If our assumptions regarding these risks and uncertainties are incorrect or change in response to changes in the IT security market, our results of operations and financial results could differ materially from our plans and forecasts. Although we have experienced rapid growth for the past several years, there is no assurance that such growth will continue. Any success we may experience in the future will depend in large part on our ability to, among other things:
maintain and expand our customer base and the ways in which customers use our products and services;
expand revenue from existing customers through increased or broader use of our products and services within their organizations;
convince customers to allocate a fixed portion of their annual IT budgets to our products and services;
improve the performance and capabilities of our platform through research and development;
effectively expand our business domestically and internationally, which will require that we rapidly expand our sales force and service professionals and fill key management positions, particularly internationally; and
successfully compete with other companies that currently provide, or may in the future provide, solutions like ours that protect against next-generation advanced cyber attacks.

16


If we are unable to achieve our key objectives, including the objectives listed above, our business and results of operations will be adversely affected and the fair market value of our common stock could decline.
Real or perceived defects, errors or vulnerabilities in our products or services, the misconfiguration of our products, the failure of our products or services to block malware or prevent a security breach, or the failure of customers to take action on attacks identified by our products could harm our reputation and adversely impact our business, financial position and results of operations.
Because our products and services are complex, they have contained and may contain design or manufacturing defects or errors that are not detected until after their deployment. Our products also provide our customers with the ability to customize a multitude of settings, and it is possible that a customer could misconfigure our products or otherwise fail to configure our products in an optimal manner. Such defects and misconfigurations of our products could cause our products or services to be vulnerable to security attacks, cause them to fail to secure networks and detect and block threats, or temporarily interrupt the networking traffic of our customers. In addition, because the techniques used by computer hackers to access or sabotage networks change frequently and generally are not recognized until launched against a target, there is a risk that an advanced attack could emerge that our products and services are unable to detect or prevent. Moreover, as our products and services are adopted by an increasing number of enterprises and governments, it is possible that the individuals and organizations behind advanced malware attacks will begin to focus on finding ways to defeat our products and services. If this happens, our networks, products, services and subscriptions could be targeted by attacks specifically designed to disrupt our business and undermine the perception that our products and services are capable of providing superior IT security, which, in turn, could have a serious impact on our reputation as a provider of virtual machine-based security solutions. Any breach or perceived security breaches of our network could materially and adversely affect our business, financial condition and results of operations.
If any of our customers becomes infected with malware after using our products or services, such customer could be disappointed with our products and services, regardless of whether our products or services blocked the theft of any of such customer’s data or would have blocked such theft if configured properly. Similarly, if our products detect attacks against a customer but the customer has not permitted our products to block the theft of customer data, customers and the public may erroneously believe that our products were not effective. For any security breaches against customers that use our services, such as customers that have hired us to monitor their networks and endpoints through our own or our co-branded security operation centers, breaches against those customers may result in customers and the public believing that our products and services failed. Furthermore, if any enterprises or governments that are publicly known to use our products or services are the subject of an advanced cyber attack that becomes publicized, our other current or potential customers may look to our competitors for alternatives to our products and services. Real or perceived security breaches of our customers’ networks could cause disruption or damage to their networks or other negative consequences and could result in negative publicity to us, damage to our reputation, declining sales, increased expenses and customer relations issues.
Furthermore, our products and services may fail to detect or prevent malware, viruses, worms or similar threats for any number of reasons, including our failure to enhance and expand our products and services to reflect industry trends, new technologies and new operating environments, the complexity of the environment of our clients and the sophistication of malware, viruses and other threats. In addition, from time to time, firms test our products against other security products. Our products may fail to detect or prevent threats in any particular test for a number of reasons, including misconfiguration. To the extent potential customers, industry analysts or testing firms believe that the occurrence of a failure to detect or prevent any particular threat is a flaw or indicates that our products or services do not provide significant value, our reputation and business could be harmed. Failure to keep pace with technological changes in the IT security industry and changes in the threat landscape could adversely affect our ability to protect against security breaches and could cause us to lose customers.
Any real or perceived defects, errors or vulnerabilities in our products and services, or any other failure of our products and services to detect an advanced threat, could result in:
a loss of existing or potential customers or channel partners;
delayed or lost revenue and harm to our financial condition and results of operations;
a delay in attaining, or the failure to attain, market acceptance;
the expenditure of significant financial and product development resources in efforts to analyze, correct, eliminate, or work around errors or defects, to address and eliminate vulnerabilities, or to identify and ramp up production with alternative third-party manufacturers;
an increase in warranty claims, or an increase in the cost of servicing warranty claims, either of which would adversely affect our gross margins;
harm to our reputation or brand; and
litigation, regulatory inquiries, or investigations that may be costly and further harm our reputation.

17


If we do not effectively expand and train our direct sales force, we may be unable to add new customers or increase sales to our existing customers, and our business will be adversely affected.
We continue to be substantially dependent on our direct sales force to obtain new customers and increase sales with existing customers. There is significant competition for sales personnel with the skills and technical knowledge that we require. Our ability to achieve significant revenue growth will depend, in large part, on our success in recruiting, training and retaining sufficient numbers of sales personnel to support our growth, particularly in international markets. New hires require significant training and may take significant time before they achieve full productivity. Our recent hires and planned hires may not become productive as quickly as we expect, and we may be unable to hire or retain sufficient numbers of qualified individuals in the markets where we do business or plan to do business. In addition, because we continue to grow rapidly, a large percentage of our sales force is new to our company. If we are unable to hire and train a sufficient number of effective sales personnel, or the sales personnel we hire are not successful in obtaining new customers or increasing sales to our existing customer base, our business will be adversely affected.
Recent and future acquisitions and investments could disrupt our business and harm our financial condition and operating results.
Our success will depend, in part, on our ability to expand our platform and grow our business in response to changing technologies, customer demands and competitive pressures. In some circumstances, we may decide to do so through the acquisition of complementary businesses and technologies rather than through internal development, including, for example, our 2013 acquisition of Mandiant Corporation, or Mandiant, a provider of advanced endpoint security products and security incident response solutions and our 2014 acquisition of nPulse Technologies, or nPulse. The identification of suitable acquisition candidates can be difficult, time-consuming and costly, and we may not be able to successfully complete acquisitions that we target in the future. The risks we face in connection with acquisitions, including our acquisitions of Mandiant and nPulse, include:
diversion of management time and focus from operating our business to addressing acquisition integration challenges;
coordination of research and development and sales and marketing functions;
integration of product and service offerings;
retention of key employees from the acquired company;
changes in relationships with strategic partners as a result of product acquisitions or strategic positioning resulting from the acquisition;
cultural challenges associated with integrating employees from the acquired company into our organization;
integration of the acquired company’s accounting, management information, human resources and other administrative systems;
the need to implement or improve controls, procedures, and policies at a business that prior to the acquisition may have lacked sufficiently effective controls, procedures and policies;
financial reporting, revenue recognition or other financial or control deficiencies of the acquired company that we don’t adequately address and that cause our reported results to be incorrect;
liability for activities of the acquired company before the acquisition, including intellectual property infringement claims, violations of laws, commercial disputes, tax liabilities and other known and unknown liabilities;
unanticipated write-offs or charges; and
litigation or other claims in connection with the acquired company, including claims from terminated employees, customers, former stockholders or other third parties.
Our failure to address these risks or other problems encountered in connection with our past or future acquisitions and investments could cause us to fail to realize the anticipated benefits of these acquisitions or investments, cause us to incur unanticipated liabilities, and harm our business generally. For example, we completed our acquisition of Mandiant in December 2013, and a significant amount of the acquisition integration risks remain. Future acquisitions could also result in dilutive issuances of equity securities. For example, in December 2013, we issued approximately 16.9 million shares of common stock and assumed options to purchase approximately 4.6 million shares of our common stock in connection with our acquisition of Mandiant, and in May 2014, we issued 295,681 shares of common stock and assumed options to purchase 63,490 shares of common stock in connection with our acquisition of nPulse. There is also a risk that future acquisitions will result in the incurrence of debt, contingent liabilities, amortization expenses, incremental operating expenses or the write-off of goodwill, any of which could harm our financial condition or operating results.
Fluctuating economic conditions make it difficult to predict revenue for a particular period, and a shortfall in revenue may harm our operating results.
Our revenue depends significantly on general economic conditions and the demand for products in the IT security market. Economic weakness, customer financial difficulties, and constrained spending on IT security may result in decreased revenue and

18


earnings. Such factors could make it difficult to accurately forecast our sales and operating results and could negatively affect our ability to provide accurate forecasts to our contract manufacturers and manage our inventory purchases, contract manufacturer relationships and other costs and expenses. In addition, concerns regarding the impact of the U.S. federal sequestration on the IT budgets of various agencies of the U.S. government, as well as continued budgetary challenges in the United States and Europe and geopolitical turmoil in many parts of the world have and may continue to put pressure on global economic conditions and overall spending on IT security. General economic weakness may also lead to longer collection cycles for payments due from our customers, an increase in customer bad debt, restructuring initiatives and associated expenses, and impairment of investments. Furthermore, the continued weakness and uncertainty in worldwide credit markets, including the sovereign debt situation in certain countries in the European Union, may adversely impact the ability of our customers to adequately fund their expected capital expenditures, which could lead to delays or cancellations of planned purchases of our platform.
Uncertainty about future economic conditions also makes it difficult to forecast operating results and to make decisions about future investments. Future or continued economic weakness for us or our customers, failure of our customers and markets to recover from such weakness, customer financial difficulties, and reductions in spending on IT security could have a material adverse effect on demand for our platform and consequently on our business, financial condition and results of operations.
Our results of operations are likely to vary significantly from period to period, which could cause the trading price of our common stock to decline.
Our results of operations have varied significantly from period to period, and we expect that our results of operations will continue to vary as a result of a number of factors, many of which are outside of our control and may be difficult to predict, including:
our ability to attract new and retain existing customers;
the budgeting cycles, seasonal buying patterns and purchasing practices of customers;
the timing of shipments of our products and length of our sales cycles;
changes in customer or reseller requirements or market needs;
changes in the growth rate of the IT security market, particularly the market for threat protection solutions like ours that target next-generation advanced cyber attacks;
the timing and success of new product and service introductions by us or our competitors or any other change in the competitive landscape of the IT security market, including consolidation among our customers or competitors;
the level of awareness of IT security threats, particularly advanced cyber attacks, and the market adoption of our platform;
deferral of orders from customers in anticipation of new products or product enhancements announced by us or our competitors;
our ability to successfully expand our business domestically and internationally;
reductions in customer renewal rates for our subscriptions;
decisions by organizations to purchase IT security solutions from larger, more established security vendors or from their primary IT equipment vendors;
changes in our pricing policies or those of our competitors;
any disruption in, or termination of, our relationship with channel partners;
our inability to fulfill our customers’ orders due to supply chain delays or events that impact our manufacturers or their suppliers;
insolvency or credit difficulties confronting our customers, affecting their ability to purchase or pay for our products, subscriptions and services, or confronting our key suppliers, particularly our sole source suppliers, which could disrupt our supply chain;
the cost and potential outcomes of existing and future litigation, including, without limitation, the purported stockholder class action lawsuits described under the "Litigation" subheading in Note 9 Commitments and Contingencies contained in the "Notes to Condensed Consolidated Financial Statements" in Item 8 of Part II of this Annual Report on Form 10-K;
seasonality in our business;
general economic conditions, both domestic and in our foreign markets;
future accounting pronouncements or changes in our accounting policies or practices;

19


the amount and timing of operating costs and capital expenditures related to the expansion of our business;
a change in our mix of products, subscriptions and services; and
increases or decreases in our expenses caused by fluctuations in foreign currency exchange rates.
Any of the above factors, individually or in the aggregate, may result in significant fluctuations in our financial and other operating results from period to period. As a result of this variability, our historical results of operations should not be relied upon as an indication of future performance. Moreover, this variability and unpredictability could result in our failure to meet our operating plan or the expectations of investors or analysts for any period. If we fail to meet such expectations for these or other reasons, the market price of our common stock could fall substantially, and we could face costly lawsuits, including securities class action suits.
We have had operating losses each year since our inception, and may not achieve or maintain profitability in the future.
We have incurred operating losses each year since 2004, including net losses of $443.8 million, $120.6 million and $35.8 million during the years ended December 31, 2014, 2013 and 2012, respectively. We expect our operating expenses to increase in the future as we expand our sales and marketing efforts and continue to invest in research and development of our technologies. These efforts may be more costly than we expect, and we may not be able to increase our revenue to offset our increased operating expenses. Our revenue growth may slow or our revenue may decline for a number of other reasons, including reduced demand for our platform, increased competition, a decrease in the growth or size of the IT security market, particularly the market for solutions that target the next generation of advanced cyber attacks, or any failure to capitalize on growth opportunities. Any failure to increase our revenue as we grow our business could prevent us from achieving or, if achieved, maintaining profitability. If we are unable to meet these risks and challenges as we encounter them, our business, financial condition and results of operations may suffer.
In addition, we may have difficulty achieving profitability under U.S. GAAP, due to stock-based compensation, intangible amortization and other non-cash charges.
We expect our revenue growth rate to decline.
From the year ended December 31, 2010 to the year ended December 31, 2014, our revenue grew from $11.8 million to $425.7 million, which represents a compounded annual growth rate of approximately 145%. We expect that, to the extent our revenue increases to higher levels, our revenue growth rate will decline, and we may not be able to generate sufficient revenue to achieve or maintain profitability. We also expect our costs to increase in future periods, which could negatively affect our future operating results if our revenue does not increase. In particular, we expect to continue to expend substantial financial and other resources on:
research and development related to our platform, including investments in our research and development team;
sales and marketing, including a significant expansion of our sales organization, particularly in international markets;
international expansion of our business;
expansion of our professional services organization; and
general administration expenses, including legal and accounting expenses related to being a public company.
These investments may not result in increased revenue or growth in our business. If we are unable to increase our revenue at a rate sufficient to offset the expected increase in our costs, our business, financial position and results of operations will be harmed, and we may not be able to achieve or maintain profitability over the long term.
Seasonality may cause fluctuations in our revenue.
We believe there are significant seasonal factors that may cause us to record higher revenue in some quarters compared with others. We believe this variability is largely due to our customers’ budgetary and spending patterns, as many customers spend the unused portions of their discretionary budgets prior to the end of their fiscal years. For example, we have historically recorded our highest level of revenue in our fourth quarter, which we believe corresponds to the fourth quarter of a majority of our customers. Similarly, we have historically recorded our second-highest level of revenue in our third quarter, which corresponds to the fourth quarter of U.S. federal agencies and other customers in the U.S. federal government. Our rapid growth rate over the last couple years may have made seasonal fluctuations more difficult to detect. If our rate of growth slows over time, seasonal or cyclical variations in our operations may become more pronounced, and our business, results of operations and financial position may be adversely affected.
We face intense competition and could lose market share to our competitors, which could adversely affect our business, financial condition and results of operations.
The market for security products and services is intensely competitive and characterized by rapid changes in technology, customer requirements, industry standards and frequent new product introductions and improvements. We anticipate continued challenges from current competitors, which in many cases are more established and enjoy greater resources than us, as well as by new entrants into the industry. If we are unable to anticipate or effectively react to these competitive challenges, our competitive position could weaken, and we could experience a decline in our growth rate or revenue that could adversely affect our business and results of operations.

20


Our competitors and potential competitors include large networking vendors such as Cisco Systems, Inc. and Juniper Networks, Inc. that may emulate or integrate virtual-machine features similar to ours into their own products; large companies such as Intel, IBM, and HP that have acquired large IT security specialist vendors in recent years and have the technical and financial resources and broad customer bases needed to bring competitive solutions to the market; independent IT security vendors such as Sourcefire (which was acquired by Cisco Systems, Inc.) and Palo Alto Networks that offer products that claim to perform similar functions to our platform; small and large companies that offer point solutions that compete with some of the features present in our platform; and other providers of incident response services. Other IT providers offer, and may continue to introduce, security features that compete with our platform, either in stand-alone security products or as additional features in their network infrastructure products. Many of our existing competitors have, and some of our potential competitors could have, substantial competitive advantages such as:
greater name recognition, longer operating histories and larger customer bases;
larger sales and marketing budgets and resources;
broader distribution and established relationships with channel and distribution partners and customers;
greater customer support resources;
greater resources to make acquisitions;
lower labor and research and development costs;
larger and more mature intellectual property portfolios; and
substantially greater financial, technical and other resources.
In addition, some of our larger competitors have substantially broader product offerings and may be able to leverage their relationships with distribution partners and customers based on other products or incorporate functionality into existing products to gain business in a manner that discourages users from purchasing our products, subscriptions and services, including by selling at zero or negative margins, product bundling or offering closed technology platforms. Potential customers may also prefer to purchase from their existing suppliers rather than a new supplier regardless of product performance or features. As a result, even if the features of our platform are superior, customers may not purchase our products. In addition, new innovative start-up companies, and larger companies that are making significant investments in research and development, may invent similar or superior products and technologies that compete with our platform. Our current and potential competitors may also establish cooperative relationships among themselves or with third parties that may further enhance their resources. If we are unable to compete successfully, or if competing successfully requires us to take costly actions in response to the actions of our competitors, our business, financial condition and results of operations could be adversely affected.
Our sales cycles can be long and unpredictable, and our sales efforts require considerable time and expense. As a result, our sales, billings and revenue are difficult to predict and may vary substantially from period to period, which may cause our results of operations to fluctuate significantly.
Our results of operations may fluctuate, in part, because of the resource intensive nature of our sales efforts, the length and variability of our sales cycle and the short-term difficulty in adjusting our operating expenses. Our results of operations depend in part on sales to large organizations. The length of our sales cycle, from proof of concept to delivery of and payment for our platform, is typically three to nine months but can be more than a year. To the extent our competitors develop products that our prospective customers view as equivalent to ours, our average sales cycle may increase. Because the length of time required to close a sale varies substantially from customer to customer, it is difficult to predict exactly when, or even if, we will make a sale with a potential customer. As a result, large individual sales have, in some cases, occurred in quarters subsequent to or in advance of those we anticipated, or have not occurred at all. We are billing an increasing number of large deals and the loss or delay of one or more of these large transactions in a quarter could impact our results of operations for that quarter and any future quarters for which revenue from that transaction is delayed. Furthermore, some sales (such as product sales) generally result in immediate recognition of revenue, while other sales, such as product subscription sales, require the recognition of revenue over periods of one year or longer typically. As a result of these factors, it is difficult for us to forecast our revenue accurately in any quarter based on our internal forecasts of billings. Because a substantial portion of our expenses are relatively fixed in the short term, our results of operations will suffer if our revenue falls below our or analysts’ expectations in a particular quarter, which could cause the price of our common stock to decline.
If we are unable to sell additional products, subscriptions and services, as well as renewals of our subscriptions and services, to our customers, our future revenue and operating results will be harmed.
Our future success depends, in part, on our ability to expand the deployment of our platform with existing customers by selling them additional products, subscriptions and services. This may require increasingly sophisticated and costly sales efforts and may not result in additional sales. In addition, the rate at which our customers purchase additional products, subscriptions and services depends on a number of factors, including the perceived need for additional IT security as well as general economic conditions. If our efforts to sell additional products, subscriptions and services to our customers are not successful, our business may suffer.

21


Further, existing customers that purchase our platform have no contractual obligation to renew their subscriptions and support and maintenance services after the initial contract period, and given our limited operating history, we may not be able to accurately predict our renewal rates. Our customers’ renewal rates may decline or fluctuate as a result of a number of factors, including the level of their satisfaction with our platform, our customer support, customer budgets and the pricing of our platform compared with the products and services offered by our competitors. If our customers renew their subscriptions, they may renew for shorter contract lengths or on other terms that are less economically beneficial to us. We cannot assure you that our customers will renew their subscriptions, and if our customers do not renew their subscriptions or renew on less favorable terms, our revenue may grow more slowly than expected, not grow at all, or even decline.
We also depend on our installed customer base for future support and maintenance revenue. We offer our support and maintenance agreements for terms that generally range between one and five years. If customers choose not to renew their support and maintenance agreements or seek to renegotiate the terms of their support and maintenance agreements prior to renewing such agreements, our revenue may decline.
Reliance on shipments at the end of each quarter could cause our revenue for the applicable period to fall below expected levels.
As a result of customer buying patterns and the efforts of our sales force and channel partners to meet or exceed their sales objectives, we have historically received a substantial portion of sales orders and generated a substantial portion of revenue during the last few weeks and days of each quarter. A significant interruption in our IT systems, which manage critical functions such as order processing, revenue recognition, financial forecasts, inventory and supply chain management, and trade compliance reviews, or our supply chain could result in delayed order fulfillment and decreased revenue for that quarter. If expected revenue at the end of any quarter is delayed for any reason, including the failure of anticipated purchase orders to materialize, our logistics or channel partners’ inability to ship products prior to quarter-end to fulfill purchase orders received near the end of the quarter, our failure to manage inventory to meet demand, our inability to release new products on schedule, any failure of our systems related to order review and processing, or any delays in shipments based on trade compliance requirements, our revenue for that quarter could fall below our expectations and the estimates of market analysts, which could adversely impact our business and results of operations and cause a decline in the trading price of our common stock.
If we do not accurately anticipate and respond promptly to changes in our customers’ technologies, business plans or security needs, our competitive position and prospects could be harmed.
Many of our customers operate in markets characterized by rapidly changing technologies and business plans, which require them to add numerous network access points and adapt to increasingly complex IT networks, incorporating a variety of hardware, software applications, operating systems and networking protocols. As their technologies and business plans grow more complex, we expect these customers to face new and increasingly sophisticated methods of attack. We face significant challenges in ensuring that our platform effectively identifies and responds to these advanced and evolving attacks without disrupting our customers’ network performance. As a result of the continued rapid innovations in the technology industry, including the rapid growth of smart phones, tablets and other devices, the trend of “bring your own device” in enterprises, and the rapidly evolving Internet of Things ("IOT"), we expect the networks of our customers to continue to change rapidly and become more complex.
We have identified a number of new products and enhancements to our platform that we believe are important to our continued success in the IT security market. There can be no assurance that we will be successful in developing and marketing, on a timely basis, such new products or enhancements or that our new products or enhancements will adequately address the changing needs of the marketplace. In addition, some of our new products and enhancements may require us to develop new hardware architectures that involve complex, expensive and time-consuming research and development processes. Although the market expects rapid introduction of new products and enhancements to respond to new threats, the development of these products and enhancements is difficult and the timetable for commercial release and availability is uncertain, as there can be significant time lags between initial beta releases and the commercial availability of new products and enhancements. We may experience unanticipated delays in the availability of new products and enhancements to our platform and fail to meet customer expectations with respect to the timing of such availability. If we do not quickly respond to the rapidly changing and rigorous needs of our customers by developing, releasing and making available on a timely basis new products and enhancements to our platform that can adequately respond to advanced threats and our customers’ needs, our competitive position and business prospects will be harmed. Furthermore, from time to time, we or our competitors may announce new products with capabilities or technologies that could have the potential to replace or shorten the life cycles of our existing products. There can be no assurance that announcements of new products will not cause customers to defer purchasing our existing products.
Additionally, the process of developing new technology is expensive, complex and uncertain. The success of new products and enhancements depends on several factors, including appropriate component costs, timely completion and introduction, differentiation of new products and enhancements from those of our competitors, and market acceptance. To maintain our competitive position, we must continue to commit significant resources to developing new products or enhancements to our platform before knowing whether these investments will be cost-effective or achieve the intended results. There can be no assurance that we will successfully identify new product opportunities, develop and bring new products or enhancements to market in a timely manner, or achieve market acceptance

22


of our platform, or that products and technologies developed by others will not render our platform obsolete or noncompetitive. If we expend significant resources on researching and developing products or enhancements to our platform and such products or enhancements are not successful, our business, financial position and results of operations may be adversely affected.
Disruptions or other business interruptions that affect the availability of our Dynamic Threat Intelligence, or DTI, cloud or other cloud-based products and services we offer or may offer could adversely impact our customer relationships as well as our overall business.
When a customer purchases one or more of our threat prevention appliances, it must also purchase a subscription to our DTI cloud for a term of either one or three years. Our DTI cloud enables global sharing of threat intelligence uploaded by any of our customers’ cloud-connected FireEye appliances. We also offer additional cloud-based platforms such as our Email Threat Prevention, Mobile Threat Prevention and Threat Analytics Platforms and provide security solutions through our own and our co-branded security operation centers.
Our customers depend on the continuous availability of our DTI and other cloud-based products and services. Our cloud-based products and services are vulnerable to damage or interruption from a variety of sources, including damage or interruption caused by fire, earthquake, power loss, telecommunications or computer systems failure, cyber attack, human error, terrorist acts and war. Our data centers and networks may experience technical failures and downtime, may fail to distribute appropriate updates, or may fail to meet the increased requirements of a growing customer base, any of which could temporarily or permanently expose our customers’ networks, leaving their networks unprotected against the latest security threats or, in the case of technical failures and downtime of security operation centers, all security threats.
In addition, there may also be system or network interruptions if new or upgraded systems are defective or not installed properly. Moreover, interruptions in our subscription updates could result in a failure of our DTI cloud to effectively update customers’ hardware products and thereby leave our customers more vulnerable to attacks. Interruptions or failures in our service delivery could cause customers to terminate their subscriptions with us, could adversely affect our renewal rates, and could harm our ability to attract new customers. Our business would also be harmed if our customers believe that our DTI cloud or other cloud-based products and services are unreliable.
In addition, we provide our cloud-based products and services through third-party data center hosting facilities located in the United States and other countries. While we control and have access to our servers and all of the components of our network that are located in our data centers, we do not control the operation of these facilities. The owners of the data center facilities have no obligation to renew their agreements with us on commercially reasonable terms, or at all. If we are unable to renew these agreements on commercially reasonable terms, or if one of our data center operators is acquired, we may be required to transfer our servers and other infrastructure to new data center facilities, and we may incur significant costs and possible service interruption in connection with doing so.
If we are unable to maintain successful relationships with our channel partners and technology alliance partners, or if our channel partners or technology alliance partners fail to perform, our ability to market, sell and distribute our platform will be limited, and our business, financial position and results of operations will be harmed.
In addition to our direct sales force, we rely on our indirect channel partners to sell and support our platform. We derive a substantial portion of our revenue from sales of our products through our indirect channel, and we expect that sales through channel partners will continue to be a significant percentage of our revenue. We also partner with our technology alliance partners to design go-to-market strategies that combine our platform with products or services provided by our technology alliance partners.
Our agreements with our channel partners and our technology alliance partners are generally non-exclusive, meaning our partners may offer customers products from several different companies, including products that compete with ours. If our channel partners do not effectively market and sell our platform, choose to use greater efforts to market and sell their own products or those of our competitors, or fail to meet the needs of our customers, our ability to grow our business and sell our platform may be adversely affected. Our channel partners and technology alliance partners may cease marketing our platform with limited or no notice and with little or no penalty, and new channel partners require extensive training and may take several months or more to achieve productivity. The loss of a substantial number of our channel partners, our possible inability to replace them, or the failure to recruit additional channel partners could materially and adversely affect our results of operations. In addition, sales by channel partners are more likely than direct sales to involve collectability concerns, particularly in developing markets. Our channel partner structure could also subject us to lawsuits or reputational harm if, for example, a channel partner misrepresents the functionality of our platform to customers or violates applicable laws or our corporate policies.
Our ability to achieve revenue growth in the future will depend in part on our success in maintaining successful relationships with our channel partners, and in training our channel partners to independently sell and deploy our platform. If we are unable to maintain our relationships with these channel partners or otherwise develop and expand our indirect sales channel, or if our channel partners fail to perform, our business, financial position and results of operations could be adversely affected.

23


We rely on our management team and other key employees and will need additional personnel to grow our business, and the loss of one or more key employees or our inability to attract and retain qualified personnel, including members for our board of directors, could harm our business.
Our future success is substantially dependent on our ability to attract, retain and motivate the members of our management team and other key employees throughout our organization, including key employees obtained through our recent acquisition of Mandiant, and recent additions to our Worldwide Sales management team. Competition for highly skilled personnel is intense, especially in the San Francisco Bay Area and the Washington D.C. Area, where we have a substantial presence and need for highly skilled personnel. We may not be successful in attracting or retaining qualified personnel to fulfill our current or future needs. Our competitors may be successful in recruiting and hiring members of our management team or other key employees, including key employees obtained through our acquisition of Mandiant, and it may be difficult for us to find suitable replacements on a timely basis, on competitive terms, or at all. Also, to the extent we hire employees from mature public companies with significant financial resources, we may be subject to allegations that such employees have been improperly solicited, or that they have divulged proprietary or other confidential information or that their former employers own such employees’ inventions or other work product.
In addition, we believe that it is important to establish and maintain a corporate culture that facilitates the maintenance and transfer of institutional knowledge within our organization and also fosters innovation, teamwork, a passion for customers and a focus on execution. Our Chief Executive Officer, our President, our Senior Vice President of Worldwide Sales, our Senior Vice President of Engineering and certain other key members of our management and finance teams have only been working together for a relatively short period of time. If we are not successful in integrating these key employees into our organization, such failure could delay or hinder our product development efforts and the achievement of our strategic objectives, which could adversely affect our business, financial condition and results of operations.
Our employees, including our executive officers, work for us on an “at-will” basis, which means they may terminate their employment with us at any time. We do not maintain key person life insurance policies on any of our key employees. If one or more of our key employees resigns or otherwise ceases to provide us with their service, our business could be harmed.
Our current research and development efforts may not produce successful products or enhancements to our platform that result in significant revenue, cost savings or other benefits in the near future, if at all.
We must continue to dedicate significant financial and other resources to our research and development efforts if we are to maintain our competitive position. However, developing products and enhancements to our platform is expensive and time consuming, and there is no assurance that such activities will result in significant new marketable products or enhancements to our platform, design improvements, cost savings, revenue or other expected benefits. If we spend significant resources on research and development and are unable to generate an adequate return on our investment, our business and results of operations may be materially and adversely affected.
If we are unable to increase sales of our platform to large organizations while mitigating the risks associated with serving such customers, our business, financial position and results of operations may suffer.
Our growth strategy is dependent, in part, upon increasing sales of our platform to large enterprises and governments. Sales to large customers involve risks that may not be present (or that are present to a lesser extent) with sales to smaller entities. These risks include:
increased purchasing power and leverage held by large customers in negotiating contractual arrangements with us;
more stringent or costly requirements imposed upon us in our support service contracts with such customers, including stricter support response times and penalties for any failure to meet support requirements;
more complicated implementation processes;
longer sales cycles and the associated risk that substantial time and resources may be spent on a potential customer that ultimately elects not to purchase our platform or purchases less than we hoped;
closer relationships with, and dependence upon, large technology companies who offer competitive products; and
more pressure for discounts and write-offs.
In addition, because security breaches with respect to larger, high-profile enterprises are likely to be heavily publicized, there is increased reputational risk associated with serving such customers. If we are unable to increase sales of our platform to large enterprise and government customers while mitigating the risks associated with serving such customers, our business, financial position and results of operations may suffer.

24


Because we depend on a limited number of manufacturers to build the appliances used in our platform, we are susceptible to manufacturing delays and pricing fluctuations that could prevent us from shipping customer orders on time, or on a cost-effective basis, which may result in the loss of sales and customers.
We depend on a limited number of third-party manufacturers, primarily Flextronics Telecom Systems, Ltd., as sole source manufacturers for our appliances used in our platform. Our reliance on third-party manufacturers reduces our control over the manufacturing process and exposes us to risks, including reduced control over quality assurance, product costs, product supply and timing. Any manufacturing disruption by these third-party manufacturers could severely impair our ability to fulfill orders on time. If we are unable to manage our relationships with these third-party manufacturers effectively, or if these manufacturers suffer delays or disruptions for any reason, experience increased manufacturing lead-times, capacity constraints or quality control problems in their manufacturing operations, or fail to meet our future requirements for timely delivery, our ability to ship products to our customers would be severely impaired, and our business and results of operations would be harmed.
In addition, we may be deemed to manufacture or contract to manufacture products that contain certain minerals that have been designated as “conflict minerals” under the Dodd-Frank Wall Street Reform and Consumer Protection Act. As a result, in future periods, we may be required to diligence the origin of such minerals and disclose and report whether or not such minerals originated in the Democratic Republic of the Congo or adjoining countries. The implementation of these new requirements could adversely affect the sourcing, availability, and pricing of minerals used in the manufacture of our products. In addition, we may incur additional costs to comply with the disclosure requirements, including costs related to determining the source of any of the relevant minerals and metals used in our products.
Our third-party manufacturers typically fulfill our supply requirements on the basis of individual orders. We are subject to a risk of supply shortages and changes in pricing terms because we do not have long-term contracts with our third-party manufacturers that guarantee capacity, the continuation of particular pricing terms or the extension of credit limits. Our contract with our primary manufacturer permits it to terminate such contract at its convenience, subject to prior notice requirements. Any production interruptions for any reason, such as a natural disaster, epidemic, capacity shortages, or quality problems at one of our manufacturing partners would negatively affect sales of our products and adversely impact our business and results of operations.
We may be unable to protect our intellectual property adequately, which could harm our business, financial condition and results of operations.
We believe that our intellectual property is an essential asset of our business. We rely on a combination of patent, copyright, trademark and trade secret laws, as well as confidentiality procedures and contractual provisions, to establish and protect our intellectual property rights in the United States and abroad. The efforts we have taken to protect our intellectual property may not be sufficient or effective, and our trademarks, copyrights and patents may be held invalid or unenforceable. For example, a third party is contesting the validity of claims of two of our United States patents in Inter Partes Reviews by the U.S. Patent and Trademark Office. Any U.S. or other patents issued to us may not be sufficiently broad to protect our proprietary technologies, and given the costs of obtaining patent protection, we may choose not to seek patent protection for certain of our proprietary technologies. We may not be effective in policing unauthorized use of our intellectual property, and even if we do detect violations, litigation may be necessary to enforce our intellectual property rights. Any enforcement efforts we undertake, including litigation, could be time-consuming and expensive, could divert management’s attention and may result in a court determining that our intellectual property rights are unenforceable. If we are not successful in cost-effectively protecting our intellectual property rights, our business, financial condition and results of operations could be harmed.
Claims by others that we infringe their proprietary technology or other rights could harm our business.
Technology companies frequently enter into litigation based on allegations of patent infringement or other violations of intellectual property rights. In addition, patent holding companies seek to monetize patents they have purchased or otherwise obtained. As we face increasing competition and gain an increasingly higher profile, the possibility of intellectual property rights claims against us grows. From time to time, third parties have asserted, and we expect that third parties will continue to assert, claims of infringement of intellectual property rights against us. For example, we are currently a party to suits by both a practicing and non-practicing entity alleging, among other things, patent infringement, each of which are in the early stages of litigation. Third parties may in the future also assert claims against our customers or channel partners, whom our standard license and other agreements obligate us to indemnify against claims that our products infringe the intellectual property rights of third parties. While we intend to increase the size of our patent portfolio, many of our competitors and others may now and in the future have significantly larger and more mature patent portfolios than we have. In addition, future litigation may involve patent holding companies or other patent owners who have no relevant product offerings or revenue and against whom our own patents may therefore provide little or no deterrence or protection. Any claim of intellectual property infringement by a third party, even a claim without merit, could cause us to incur substantial costs defending against such claim, could distract our management from our business and could require us to cease use of such intellectual property. Furthermore, because of the substantial amount of discovery required in connection with intellectual property litigation, there is a risk that some of our confidential information could be compromised by the discovery process.

25


Although third parties may offer a license to their technology or other intellectual property, the terms of any offered license may not be acceptable, and the failure to obtain a license or the costs associated with any license could cause our business, financial condition and results of operations to be materially and adversely affected. In addition, some licenses may be non-exclusive, and therefore our competitors may have access to the same technology licensed to us. If a third party does not offer us a license to its technology or other intellectual property on reasonable terms, or at all, we could be enjoined from continued use of such intellectual property. As a result, we may be required to develop alternative, non-infringing technology, which could require significant time (during which we could be unable to continue to offer our affected products, subscriptions or services), effort, and expense and may ultimately not be successful. Furthermore, a successful claimant could secure a judgment or we may agree to a settlement that prevents us from distributing certain products, providing certain subscriptions or performing certain services or that requires us to pay substantial damages, royalties or other fees. Any of these events could harm our business, financial condition and results of operations.
We incorporate technology from third parties into our products, and our inability to obtain or maintain rights to the technology could harm our business.
We incorporate technology from third parties into our products. We cannot be certain that our suppliers and licensors are not infringing the intellectual property rights of third parties or that the suppliers and licensors have sufficient rights to the technology in all jurisdictions in which we may sell our products. Some of our agreements with our suppliers and licensors may be terminated for convenience by them. If we are unable to obtain or maintain rights to any of this technology because of intellectual property infringement claims brought by third parties against our suppliers and licensors or against us, or if we are unable to continue to obtain such technology or enter into new agreements on commercially reasonable terms, our ability to develop and sell products, subscriptions and services containing such technology could be severely limited, and our business could be harmed. Additionally, if we are unable to obtain necessary technology from third parties, including certain sole suppliers, we may be forced to acquire or develop alternative technology, which may require significant time, cost and effort and may be of lower quality or performance standards. This would limit and delay our ability to offer new or competitive products and increase our costs of production. If alternative technology cannot be obtained or developed, we may not be able to offer certain functionality as part of our products, subscriptions and services. As a result, our margins, market share and results of operations could be significantly harmed.
Our products and subscriptions contain third-party open source software components, and failure to comply with the terms of the underlying open source software licenses could restrict our ability to sell our products and subscriptions.
Our products and subscriptions contain software modules licensed to us by third-party authors under “open source” licenses. The use and distribution of open source software may entail greater risks than the use of third-party commercial software, as open source licensors generally do not provide warranties or other contractual protections regarding infringement claims or the quality of the code. Some open source licenses contain requirements that we make available source code for modifications or derivative works we create based upon the type of open source software we use. If we combine our proprietary software with open source software in a certain manner, we could, under certain open source licenses, be required to release the source code of our proprietary software to the public. This would allow our competitors to create similar products with lower development effort and time and ultimately could result in a loss of sales for us.
Although we monitor our use of open source software to avoid subjecting our products and subscriptions to conditions, the terms of many open source licenses have not been interpreted by U.S. courts, and there is a risk that these licenses could be construed in ways that could impose unanticipated conditions or restrictions on our ability to commercialize products and subscriptions incorporating such software. Moreover, we cannot assure you that our processes for controlling our use of open source software in our products and subscriptions will be effective. From time to time, we may face claims from third parties asserting ownership of, or demanding release of, the open source software or derivative works that we developed using such software (which could include our proprietary source code), or otherwise seeking to enforce the terms of the applicable open source license. These claims could result in litigation. If we are held to have breached the terms of an open source software license, we could be required to seek licenses from third parties to continue offering our products on terms that are not economically feasible, to re-engineer our products, to discontinue the sale of our products if re-engineering could not be accomplished on a timely or cost-effective basis, or to make generally available, in source code form, our proprietary code, any of which could adversely affect our business, results of operations and financial condition.
We rely on revenue from subscriptions and service contracts, and because we recognize revenue from subscriptions and service contracts over the term of the relevant subscription or service period, downturns or upturns in sales are not immediately reflected in full in our results of operations.
Subscription and services revenue accounts for a significant portion of our total revenue, comprising 58%, 45%, and 37% for the years ended December 31, 20142013 and 2012, respectively. Sales of new or renewal subscription and service contracts may decline or fluctuate as a result of a number of factors, including customers’ level of satisfaction with our products and subscriptions, the actual or perceived efficacy of our security solutions, the prices of our products and subscriptions, the prices of products and subscriptions offered by our competitors or reductions in our customers’ spending levels. If our sales of new or renewal subscription and service contracts decline, our revenue and revenue growth may decline and adversely affect our business. In addition, we recognize subscription and service revenue ratably over the term of the relevant service period, which is generally between one to five years. As a result,

26


much of the subscription and service revenue we report each quarter is derived from subscription and service contracts that we sold in prior quarters. Consequently, a decline in new or renewed subscription or service contracts in any one quarter will not be fully reflected in revenue in that quarter but will negatively affect our revenue in future quarters. Accordingly, the effect of significant downturns in new or renewed sales of our subscriptions or services is not reflected in full in our results of operations until future periods. Also, it is difficult for us to rapidly increase our subscription revenue through additional sales in any period, as revenue from new and renewal subscription contracts must be recognized ratably over the applicable service period. Furthermore, any increases in the average term of subscriptions contracts would result in revenue for those subscription contracts being recognized over longer periods of time.
U.S. federal, state and local government sales are subject to a number of challenges and risks that may adversely impact our business.
Sales to U.S. federal, state, and local governmental agencies have accounted for, and may in the future account for, a significant portion of our revenue. Sales to such government entities are subject to the following risks:
selling to governmental agencies can be highly competitive, expensive and time consuming, often requiring significant upfront time and expense without any assurance that such efforts will generate a sale;
government certification requirements applicable to our products may change and, in doing so, restrict our ability to sell into the U.S. federal government sector until we have attained the revised certification;
government demand and payment for our products and services may be impacted by public sector budgetary cycles and funding authorizations, with funding reductions or delays adversely affecting public sector demand for our products and services;
we sell our platform to governmental agencies through our indirect channel partners, and these agencies may have statutory, contractual or other legal rights to terminate contracts with our distributors and resellers for convenience or due to a default, and any such termination may adversely impact our future results of operations;
governments routinely investigate and audit government contractors’ administrative processes, and any unfavorable audit could result in the government refusing to continue buying our platform, which would adversely impact our revenue and results of operations, or institute fines or civil or criminal liability if the audit were to uncover improper or illegal activities; and
governments may require certain products to be manufactured in the United States and other relatively high-cost manufacturing locations, and we may not manufacture all products in locations that meet these requirements, affecting our ability to sell these products to governmental agencies.
Our ability to maintain customer satisfaction depends in part on the quality of our professional service organization and technical and other support services, including the quality of the support provided on our behalf by certain channel partners. Failure to maintain high-quality customer support could have a material adverse effect on our business, financial condition and results of operations.
Once our platform is deployed within our customers’ networks, our customers depend on our technical and other support services, as well as the support of our channel partners, to resolve any issues relating to the implementation and maintenance of our platform. If we or our channel partners do not effectively assist our customers in deploying our platform, succeed in helping our customers quickly resolve post-deployment issues, or provide effective ongoing support, our ability to sell additional products, subscriptions or services as part of our platform to existing customers would be adversely affected and our reputation with potential customers could be damaged. Many larger organizations have more complex networks and require higher levels of support than smaller customers. If we fail to meet the requirements of our larger customers, it may be more difficult to execute on our strategy of upselling and cross selling with these customers. Additionally, if our channel partners do not effectively provide support to the satisfaction of our customers, we may be required to provide this level of support to those customers, which would require us to hire additional personnel and to invest in additional resources. We are also in the process of expanding our professional services organization. It can take significant time and resources to recruit, hire, and train qualified technical support and professional services employees. We may not be able to hire such resources fast enough to keep up with demand, particularly when the sales of our platform exceed our internal forecasts. To the extent that we or our channel partners are unsuccessful in hiring, training, and retaining adequate support resources, our ability and the ability of our channel partners to provide adequate and timely support to our customers will be negatively impacted, and our customers’ satisfaction with our platform will be adversely affected. Additionally, to the extent that we need to rely on our sales engineers to provide post-sales support while we are ramping our professional services organization, our sales productivity will be negatively impacted, which would harm our results of operations.

27


The sales prices of our products, subscriptions and services may decrease, which may reduce our gross profits and adversely impact our financial results.
The sales prices for our products, subscriptions and services may decline for a variety of reasons, including competitive pricing pressures, discounts, a change in our mix of products and subscriptions, anticipation of the introduction of new products or subscriptions, or promotional programs. Competition continues to increase in the market segments in which we participate, and we expect competition to further increase in the future, thereby leading to increased pricing pressures. Larger competitors with more diverse product and service offerings may reduce the price of products or subscriptions that compete with ours or may bundle them with other products and subscriptions. Additionally, although we price our products and subscriptions worldwide in U.S. dollars, currency fluctuations in certain countries and regions may negatively impact actual prices that partners and customers are willing to pay in those countries and regions, or the effective prices we realize in our reporting currency. Furthermore, we anticipate that the sales prices and gross profits for our products will decrease over product life cycles. We cannot assure you that we will be successful in developing and introducing new offerings with enhanced functionality on a timely basis, or that our new product and subscription offerings, if introduced, will enable us to maintain our prices and gross profits at levels that will allow us to maintain positive gross margins and achieve profitability.
Managing the supply of our products and their components is complex. Insufficient supply and inventory may result in lost sales opportunities or delayed revenue, while excess inventory may harm our gross margins.
Our third-party manufacturers procure components and build our products based on our forecasts, and we generally do not hold inventory for a prolonged period of time. These forecasts are based on estimates of future demand for our products, which are in turn based on historical trends and analyses from our sales and marketing organizations, adjusted for overall market conditions. In order to reduce manufacturing lead times and plan for adequate component supply, from time to time we may issue forecasts for components and products that are non-cancelable and non-returnable.
Our inventory management systems and related supply chain visibility tools may be inadequate to enable us to make accurate forecasts and effectively manage the supply of our products and product components. Supply management remains an area of increasing focus as we balance the need to maintain supply levels that are sufficient to ensure competitive lead times against the risk of obsolescence because of rapidly changing technology and customer requirements. If we ultimately determine that we have excess supply, we may have to reduce our prices and write-down inventory, which in turn could result in lower gross margins. Alternatively, insufficient supply levels may lead to shortages that result in delayed revenue or loss of sales opportunities altogether as potential customers turn to competitors’ products that may be readily available. Additionally, any increases in the time required to manufacture or ship our products could result in supply shortfalls. If we are unable to effectively manage our supply and inventory, our results of operations could be adversely affected.
Because some of the key components in our products come from limited sources of supply, we are susceptible to supply shortages or supply changes, which could disrupt or delay our scheduled product deliveries to our customers and may result in the loss of sales and customers.
Our platform relies on key components, including a motherboard and chassis, which our third-party manufacturers purchase on our behalf from a sole source provider. The manufacturing operations of some of our component suppliers are geographically concentrated in Asia, which makes our supply chain vulnerable to regional disruptions. A localized health risk affecting employees at these facilities, such as the spread of a pandemic influenza, could impair the total volume of components that we are able to obtain, which could result in substantial harm to our results of operations. Similarly, a fire, flood, earthquake, tsunami or other disaster, condition or event such as political instability, terrorist act, civil unrest or a power outage that adversely affects any of these component suppliers’ facilities could significantly affect our ability to obtain the components needed for our products, which could result in a substantial loss of sales and revenue and a substantial harm to our results of operations.
We do not have volume purchase contracts with any of our component suppliers, and they could cease selling to us at any time. In addition, our component suppliers change their selling prices frequently in response to market trends, including industry-wide increases in demand, and because we do not have contracts with these suppliers, we are susceptible to price fluctuations related to raw materials and components. If we are unable to pass component price increases along to our customers or maintain stable pricing, our gross margins and results of operations could be negatively impacted. If we are unable to obtain a sufficient quantity of these components in a timely manner for any reason, sales of our products could be delayed or halted or we could be forced to expedite shipment of such components or our products at dramatically increased costs, which would negatively impact our revenue and gross margins. Additionally, poor quality in any of the sole-sourced components in our products could result in lost sales or lost sales opportunities. If the quality of the components does not meet our or our customers’ requirements, if we are unable to obtain components from our existing suppliers on commercially reasonable terms, or if any of our sole source providers cease to remain in business or continue to manufacture such components, we could be forced to redesign our products and qualify new components from alternate suppliers. The resulting stoppage or delay in selling our products and the expense of redesigning our products could result in lost sales opportunities and damage to customer relationships, which would adversely affect our business and results of operations.

28


Our failure to adequately protect personal information could have a material adverse effect on our business.
A wide variety of provincial, state, national, and international laws and regulations apply to the collection, use, retention, protection, disclosure, transfer and other processing of personal data. These data protection and privacy-related laws and regulations are evolving and may result in ever-increasing regulatory and public scrutiny and escalating levels of enforcement and sanctions. Our failure to comply with applicable laws and regulations, or to protect such data, could result in enforcement action against us, including fines, imprisonment of company officials and public censure, claims for damages by customers and other affected individuals, damage to our reputation and loss of goodwill (both in relation to existing customers and prospective customers), any of which could have a material adverse effect on our operations, financial performance and business. Evolving and changing definitions of personal data and personal information within the European Union, the United States, and elsewhere, especially relating to classification of IP addresses, machine identification, location data and other information, may limit or inhibit our ability to operate or expand our business, including limiting technology alliance partners that may involve the sharing of data. Even the perception of privacy concerns, whether or not valid, may harm our reputation, inhibit adoption of our products by current and future customers, or adversely impact our ability to attract and retain workforce talent.
If the general level of advanced cyber attacks declines, or is perceived by our current or potential customers to have declined, our business could be harmed.
Our business is substantially dependent on enterprises and governments recognizing that advanced cyber-attacks are pervasive and are not effectively prevented by legacy security solutions. High visibility attacks on prominent enterprises and governments have increased market awareness of the problem of advanced cyber attacks and help to provide an impetus for enterprises and governments to devote resources to protecting against advanced cyber attacks, such as testing our platform, purchasing it, and broadly deploying it within their organizations. If advanced cyber attacks were to decline, or enterprises or governments perceived that the general level of advanced cyber attacks have declined, our ability to attract new customers and expand our offerings within existing customers could be materially and adversely affected. A reduction in the threat landscape could increase our sales cycles and harm our business, results of operations and financial condition.
Our technology alliance partnerships expose us to a range of business risks and uncertainties that could have a material adverse impact on our business and financial results.
We have entered, and intend to continue to enter, into technology alliance partnerships with third parties to support our future growth plans. Such relationships include technology licensing, joint technology development and integration, research cooperation, co-marketing activities and sell-through arrangements. We face a number of risks relating to our technology alliance partnerships that could prevent us from realizing the desired benefits from such partnerships on a timely basis or at all, which, in turn, could have a negative impact on our business and financial results.
Technology alliance partnerships require significant coordination between the parties involved, particularly if a partner requires that we integrate its products with our products. This could involve a significant commitment of time and resources by our technical staff and their counterparts within our technology alliance partner. The integration of products from different companies may be more difficult than we anticipate, and the risk of integration difficulties, incompatible products and undetected programming errors or defects may be higher than the risks normally associated with the introduction of new products. It may also be more difficult to market and sell products developed through technology alliance partnerships than it would be to market and sell products that we develop on our own. Sales and marketing personnel may require special training, as the new products may be more complex than our other products.
We invest significant time, money and resources to establish and maintain relationships with our technology alliance partners, but we have no assurance that any particular relationship will continue for any specific period of time. Generally, our agreements with these technology alliance partners are terminable without cause with no or minimal notice or penalties. If we lose a significant technology alliance partner, we could lose the benefit of our investment of time, money and resources in the relationship. In addition, we could be required to incur significant expenses to develop a new strategic alliance or to determine and implement an alternative plan to pursue the opportunity that we targeted with the former partner.
If our estimates or judgments relating to our critical accounting policies are based on assumptions that change or prove to be incorrect, our results of operations could fall below our publicly announced guidance or the expectations of securities analysts and investors, resulting in a decline in our stock price.
The preparation of financial statements in conformity with generally accepted accounting principles, or GAAP, requires management to make estimates and assumptions that affect the amounts reported in the condensed consolidated financial statements and accompanying notes. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, as provided in the section entitled “Management’s Discussion and Analysis of Financial Condition and Results of Operations,” the results of which form the basis for making judgments about the carrying values of assets, liabilities, equity, revenue and expenses that are not readily apparent from other sources. Our results of operations may be adversely affected if our assumptions change or if actual circumstances differ from those in our assumptions, which could cause our results of operations

29


to fall below our publicly announced guidance or the expectations of securities analysts and investors, resulting in a decline in our stock price. Significant assumptions and estimates used in preparing our condensed consolidated financial statements include those related to assets, liabilities, revenue, expenses and related disclosures.
We are exposed to the credit risk of some of our distributors and resellers and to credit exposure in weakened markets, which could result in material losses.
Most of our sales are on an open credit basis. Although we have programs in place that are designed to monitor and mitigate these risks, we cannot assure you these programs will be effective in reducing our credit risks, especially as we expand our business internationally. If we are unable to adequately control these risks, our business, results of operations and financial condition could be harmed.
Our failure to raise additional capital or generate the significant capital necessary to expand our operations and invest in new products could reduce our ability to compete and could harm our business.
We intend to continue to make investments to support our business growth and may require additional funds to respond to business challenges, including the need to develop new products and enhancements to our platform, improve our operating infrastructure or acquire complementary businesses and technologies. Accordingly, we may need to engage in equity or debt financings to secure additional funds. If we raise additional equity financing, our stockholders may experience significant dilution of their ownership interests and the per share value of our common stock could decline. Furthermore, if we engage in debt financing, the holders of debt would have priority over the holders of common stock, and we may be required to accept terms that restrict our ability to incur additional indebtedness. We may also be required to take other actions that would otherwise be in the interests of the debt holders and force us to maintain specified liquidity or other ratios, any of which could harm our business, results of operations, and financial condition. If we need additional capital and cannot raise it on acceptable terms, we may not be able to, among other things:
develop or enhance our products and subscriptions;
continue to expand our sales and marketing and research and development organizations;
acquire complementary technologies, products or businesses;
expand operations, in the United States or internationally;
hire, train and retain employees; or
respond to competitive pressures or unanticipated working capital requirements.
Our failure to do any of these things could harm our business, financial condition and results of operations.
If our products do not effectively interoperate with our customers’ IT infrastructure, installations could be delayed or cancelled, which would harm our business.
Our products must effectively interoperate with our customers’ existing or future IT infrastructure, which often has different specifications, utilizes multiple protocol standards, deploys products from multiple vendors, and contains multiple generations of products that have been added over time. As a result, when problems occur in a network, it may be difficult to identify the sources of these problems. If we find errors in the existing software or defects in the hardware used in our customers’ infrastructure or problematic network configurations or settings, we may have to modify our software or hardware so that our products will interoperate with our customers’ infrastructure. In such cases, our products may be unable to provide significant performance improvements for applications deployed in our customers’ infrastructure. These issues could cause longer installation times for our products and could cause order cancellations, either of which would adversely affect our business, results of operations and financial condition. In addition, government and other customers may require our products to comply with certain security or other certifications and standards. If our products are late in achieving or fail to achieve compliance with these certifications and standards, or our competitors achieve compliance with these certifications and standards, we may be disqualified from selling our products to such customers, or may otherwise be at a competitive disadvantage, either of which would harm our business, results of operations, and financial condition.
Failure to comply with governmental laws and regulations could harm our business.
Our business is subject to regulation by various U.S. federal, state, local and foreign governments. In certain jurisdictions, these regulatory requirements may be more stringent than those in the United States. Noncompliance with applicable regulations or requirements could subject us to investigations, sanctions, mandatory product recalls, enforcement actions, disgorgement of profits, fines, damages, civil and criminal penalties, injunctions or other collateral consequences. If any governmental sanctions are imposed, or if we do not prevail in any possible civil or criminal litigation, our business, results of operations, and financial condition could be materially adversely affected. In addition, responding to any action will likely result in a significant diversion of management’s attention and resources and an increase in professional fees. Enforcement actions and sanctions could harm our business, reputation, results of operations and financial condition.

30


We generate a significant amount of revenue from sales to resellers, distributors and customers outside of the United States, and we are therefore subject to a number of risks associated with international sales and operations.
We have a limited history of marketing, selling, and supporting our platform internationally. As a result, we must hire and train experienced personnel to staff and manage our foreign operations. To the extent that we experience difficulties in recruiting, training, managing, and retaining international employees, particularly managers and other members of our international sales team, we may experience difficulties in sales productivity in, or market penetration of, foreign markets. We also enter into strategic distributor and reseller relationships with companies in certain international markets where we do not have a local presence. If we are not able to maintain successful strategic distributor relationships with our international channel partners or recruit additional channel partners, our future success in these international markets could be limited. Business practices in the international markets that we serve may differ from those in the United States and may require us to include non-standard terms in customer contracts, such as extended payment or warranty terms. To the extent that we enter into customer contracts in the future that include non-standard terms related to payment, warranties, or performance obligations, our results of operations may be adversely impacted.
Additionally, our international sales and operations are subject to a number of risks, including the following:
greater difficulty in enforcing contracts and managing collections, as well as longer collection periods;
higher costs of doing business internationally, including costs incurred in establishing and maintaining office space and equipment for our international operations;
fluctuations in exchange rates between the U.S. dollar and foreign currencies in markets where we do business;
management communication and integration problems resulting from cultural and geographic dispersion;
risks associated with trade restrictions and foreign legal requirements, including any importation, certification, and localization of our platform that may be required in foreign countries;
greater risk of unexpected changes in regulatory practices, tariffs, and tax laws and treaties;
compliance with anti-bribery laws, including, without limitation, compliance with the U.S. Foreign Corrupt Practices Act of 1977, as amended, the U.S. Travel Act and the UK Bribery Act 2010, violations of which could lead to significant fines, penalties and collateral consequences for our company;
heightened risk of unfair or corrupt business practices in certain geographies and of improper or fraudulent sales arrangements that may impact financial results and result in restatements of, or irregularities in, financial statements;
the uncertainty of protection for intellectual property rights in some countries;
general economic and political conditions in these foreign markets;
foreign exchange controls or tax regulations that might prevent us from repatriating cash earned outside the United States;
political and economic instability in some countries; and
double taxation of our international earnings and potentially adverse tax consequences due to changes in the tax laws of the United States or the foreign jurisdictions in which we operate.
These and other factors could harm our ability to generate future international revenue and, consequently, materially impact our business, results of operations and financial condition.
We are exposed to fluctuations in currency exchange rates, which could negatively affect our financial condition and results of operations.
Our sales contracts are denominated in U.S. dollars, and therefore our revenue is not subject to foreign currency risk. However, a strengthening of the U.S. dollar could increase the real cost of our products, subscriptions and services to our customers outside of the United States, which could adversely affect our financial condition and results of operations. In addition, we are incurring an increasing portion of our operating expenses outside the United States. These expenses are denominated in foreign currencies and are subject to fluctuations due to changes in foreign currency exchange rates. We do not currently hedge against the risks associated with currency fluctuations but may do so in the future.
We are subject to governmental export and import controls that could subject us to liability or impair our ability to compete in international markets.
Our products are subject to U.S. export controls, specifically the Export Administration Regulations and economic sanctions enforced by the Office of Foreign Assets Control. We incorporate standard encryption algorithms into our products, which, along with the underlying technology, may be exported outside of the U.S. only with the required export authorizations, including by license, license exception or other appropriate government authorizations, which may require the filing of an encryption registration and

31


classification request. Furthermore, U.S. export control laws and economic sanctions prohibit the shipment of certain products and services to countries, governments, and persons targeted by U.S. sanctions. While we have taken precautions to prevent our products and services from being exported in violation of these laws, in certain instances in the past we shipped our encryption products prior to obtaining the required export authorizations and/or submitting the required requests, including a classification request and request for an encryption registration number, resulting in an inadvertent violation of U.S. export control laws. As a result, in February 2013, we filed a Voluntary Self Disclosure with the U.S. Department of Commerce’s Bureau of Industry and Security, or BIS, concerning these potential violations. In June 2013, BIS notified us that it had completed its review of this matter and closed its review with the issuance of a warning letter. No monetary penalties were assessed. Even though we take precautions to ensure that our channel partners comply with all relevant regulations, any failure by our channel partners to comply with such regulations could have negative consequences, including reputational harm, government investigations and penalties.
In addition, various countries regulate the import of certain encryption technology, including through import permit and license requirements, and have enacted laws that could limit our ability to distribute our products or could limit our customers’ ability to implement our products in those countries. Changes in our products or changes in export and import regulations may create delays in the introduction of our products into international markets, prevent our customers with international operations from deploying our products globally or, in some cases, prevent the export or import of our products to certain countries, governments or persons altogether. Any change in export or import regulations, economic sanctions or related legislation, shift in the enforcement or scope of existing regulations, or change in the countries, governments, persons or technologies targeted by such regulations, could result in decreased use of our products by, or in our decreased ability to export or sell our products to, existing or potential customers with international operations. Any decreased use of our products or limitation on our ability to export or sell our products would likely adversely affect our business, financial condition and results of operations.
Our business is subject to the risks of earthquakes, fire, power outages, floods and other catastrophic events, and to interruption by man-made problems such as terrorism.
A significant natural disaster, such as an earthquake, a fire, a flood, or significant power outage could have a material adverse impact on our business, results of operations, and financial condition. Our corporate headquarters and servers hosting our cloud services are located in California, a region known for seismic activity. In addition, natural disasters could affect our supply chain, manufacturing vendors, or logistics providers’ ability to provide materials and perform services such as manufacturing products or assisting with shipments on a timely basis. In the event that our or our service providers’ information technology systems or manufacturing or logistics abilities are hindered by any of the events discussed above, shipments could be delayed, resulting in missed financial targets, such as revenue and shipment targets, for a particular quarter. In addition, acts of terrorism and other geo-political unrest could cause disruptions in our business or the business of our supply chain, manufacturers, logistics providers, partners, or customers or the economy as a whole. Any disruption in the business of our supply chain, manufacturers, logistics providers, partners or end-customers that impacts sales at the end of a fiscal quarter could have a significant adverse impact on our financial results. All of the aforementioned risks may be further increased if the disaster recovery plans for us and our suppliers prove to be inadequate. To the extent that any of the above should result in delays or cancellations of customer orders, or the delay in the manufacture, deployment or shipment of our products, our business, financial condition and results of operations would be adversely affected.
If we fail to comply with environmental requirements, our business, financial condition, results of operations and reputation could be adversely affected.
We are subject to various environmental laws and regulations including laws governing the hazardous material content of our products and laws relating to the collection and recycling of electrical and electronic equipment. Examples of these laws and regulations include the European Union, or EU, Restrictions on the Use of certain Hazardous Substances in Electronic Equipment Directive and the EU Waste Electrical and Electronic Equipment Directive as well as the implementing legislation of the EU member states. Similar laws and regulations have been passed or are pending in China, South Korea and Japan and may be enacted in other regions, including in the United States, and we are, or may in the future be, subject to these laws and regulations.
Our failure to comply with past, present, and future laws could result in reduced sales of our products, substantial product inventory write-offs, reputational damage, penalties, and other sanctions, any of which could harm our business and financial condition. We also expect that our products will be affected by new environmental laws and regulations on an ongoing basis. To date, our expenditures for environmental compliance have not had a material impact on our results of operations or cash flows, and although we cannot predict the future impact of such laws or regulations, they will likely result in additional costs and may increase penalties associated with violations or require us to change the content of our products or how they are manufactured, which could have a material adverse effect on our business, results of operations and financial condition.
The enactment of legislation implementing changes in the U.S. taxation of international business activities or the adoption of other tax reform policies could materially impact our financial position and results of operations.
Recent changes to U.S. tax laws, including limitations on the ability of taxpayers to claim and utilize foreign tax credits and the deferral of certain tax deductions until earnings outside of the United States are repatriated to the United States, as well as changes to U.S. tax laws that may be enacted in the future, could impact the tax treatment of our foreign earnings. Due to expansion of our

32


international business activities, any changes in the U.S. taxation of such activities may increase our worldwide effective tax rate and adversely affect our financial condition and operating results.
If we do not achieve increased tax benefits as a result of our new corporate structure, our operating results and financial condition may be negatively impacted.
We generally conduct our international operations through wholly-owned subsidiaries and report our taxable income in various jurisdictions worldwide based upon our business operations in those jurisdictions. In 2013, we completed the reorganization of our corporate structure and intercompany relationships to more closely align our corporate organization with the expansion of our international business activities. Although we anticipate achieving a reduction in our overall effective tax rate in the future as a result of this new corporate structure, we may not realize any benefits. Our intercompany relationships are subject to complex transfer pricing regulations administered by taxing authorities in various jurisdictions. The relevant taxing authorities may disagree with our determinations as to the income and expenses attributable to specific jurisdictions. If such a disagreement were to occur, and our position were not sustained, we could be required to pay additional taxes, interest and penalties, which could result in one-time tax charges, higher effective tax rates, reduced cash flows and lower overall profitability of our operations. In addition, if the intended tax treatment of our new corporate structure is not accepted by the applicable taxing authorities, changes in tax law negatively impact the structure or we do not operate our business consistent with the structure and applicable tax laws and regulations, we may fail to achieve any tax advantages as a result of the new corporate structure, and our future operating results and financial condition may be negatively impacted.
We could be subject to additional tax liabilities.
We are subject to U.S. federal, state, local and sales taxes in the United States and foreign income taxes, withholding taxes and transaction taxes in numerous foreign jurisdictions. Significant judgment is required in evaluating our tax positions and our worldwide provision for taxes. During the ordinary course of business, there are many activities and transactions for which the ultimate tax determination is uncertain. In addition, our tax obligations and effective tax rates could be adversely affected by changes in the relevant tax, accounting and other laws, regulations, principles and interpretations, including those relating to income tax nexus, by recognizing tax losses or lower than anticipated earnings in jurisdictions where we have lower statutory rates and higher than anticipated earnings in jurisdictions where we have higher statutory rates, by changes in foreign currency exchange rates, or by changes in the valuation of our deferred tax assets and liabilities. We may be audited in various jurisdictions, and such jurisdictions may assess additional taxes, sales taxes and value-added taxes against us. Although we believe our tax estimates are reasonable, the final determination of any tax audits or litigation could be materially different from our historical tax provisions and accruals, which could have a material adverse effect on our operating results or cash flows in the period or periods for which a determination is made.
Our ability to use our net operating losses to offset future taxable income may be subject to certain limitations.
In general, under Section 382 of the Internal Revenue Code of 1986, as amended, or the Code, a corporation that undergoes an “ownership change” is subject to limitations on its ability to utilize its pre-change net operating losses, or NOLs, to offset future taxable income. Our existing NOLs may be subject to limitations arising from previous ownership changes. Future changes in our stock ownership, some of which are outside of our control, could result in an ownership change under Section 382 of the Code and adversely affect our ability to utilize our NOLs in the future. Furthermore, our ability to utilize NOLs of companies that we may acquire in the future may be subject to limitations. There is also a risk that due to regulatory changes, such as suspensions on the use of NOLs, or other unforeseen reasons, our existing NOLs could expire or otherwise be unavailable to offset future income tax liabilities. For these reasons, we may not be able to utilize a material portion of the NOLs reflected on our balance sheet, even if we attain profitability.
Risks Related to Ownership of Our Common Stock
If securities or industry analysts do not publish research or reports about our business, or publish inaccurate or unfavorable research reports about our business, our share price and trading volume could decline.
The trading market for our common stock, to some extent, depends on the research and reports that securities or industry analysts publish about us or our business. We do not have any control over these analysts. If one or more of the analysts who cover us should downgrade our shares or change their opinion of our shares, industry sector or products, our share price would likely decline. If one or more of these analysts ceases coverage of our company or fails to regularly publish reports on us, we could lose visibility in the financial markets, which could cause our share price or trading volume to decline.
We may fail to meet our publicly announced guidance or other expectations about our business and future operating results, which would cause our stock price to decline.
We have provided and may continue to provide guidance about our business and future operating results. In developing this guidance, our management must make certain assumptions and judgments about our future performance. Furthermore, analysts and investors may develop and publish their own projections of our business, which forms a consensus about our future performance. Our business results may vary significantly from such guidance or the consensus due to a number of factors, many of which are outside

33


of our control, and which could adversely affect our operations and operating results. Furthermore, if we make downward revisions of our previously announced guidance, or if our publicly announced guidance of future operating results fails to meet expectations of securities analysts, investors or other interested parties, the price of our common stock would decline.
The price of our common stock has been and may continue to be volatile, and the value of your investment could decline.
The trading price of our common stock has been volatile since our initial public offering, and is likely to continue to be volatile. Since the date of our initial public offering, the price of our common stock has ranged from $24.81 to $97.35 through February 26, 2015, and the last reported sale price on February 26, 2015 was $45.41. The trading price of our common stock may fluctuate widely in response to various factors, some of which are beyond our control. These factors include:
announcements of new products, services or technologies, commercial relationships, acquisitions or other events by us or our competitors;
changes in how customers perceive the effectiveness of our platform in protecting against advanced cyber attacks or other reputational harm;
publicity concerning cyber attacks in general or high profile cyber attacks against specific organizations;
price and volume fluctuations in the overall stock market from time to time;
significant volatility in the market price and trading volume of technology and/or growth companies in general and of companies in the IT security industry in particular;
fluctuations in the trading volume of our shares or the size of our public float;
actual or anticipated changes or fluctuations in our results of operations;
whether our results of operations, and in particular, our revenue growth rates, meet the expectations of securities analysts or investors;
actual or anticipated changes in the expectations of investors or securities analysts, whether as a result of our forward-looking statements, our failure to meet such expectation or otherwise;
litigation involving us, our industry, or both;
regulatory developments in the United States, foreign countries or both;
general economic conditions and trends;
major catastrophic events;
sales of large blocks of our common stock; or
departures of key personnel.
In addition, if the market for technology stocks or the stock market in general experiences a loss of investor confidence, the trading price of our common stock could decline for reasons unrelated to our business, results of operations or financial condition. The trading price of our common stock might also decline in reaction to events that affect other companies in our industry even if these events do not directly affect us. In the past, following periods of volatility in the market price of a company’s securities, securities class action litigation has often been brought against that company. The price of our common stock has been highly volatile since our IPO in September 2013, and beginning in June 2014, several law suits alleging violations of securities laws were filed against us, our directors and certain of our executive officers. This and any future securities litigation could result in substantial costs and divert our management’s attention and resources from our business. This could have a material adverse effect on our business, results of operations and financial condition.
Sales of substantial amounts of our common stock in the public markets, or sales of our common stock by our executive officers and directors under Rule 10b5-1 plans, could adversely affect the market price of our common stock.
Sales of a substantial number of shares of our common stock in the public market, or the perception that such sales could occur, could adversely affect the market price of our common stock and may make it more difficult for you to sell your common stock at a time and price that you deem appropriate. In addition, certain of our executive officers and directors have adopted, and other executive officers and directors may in the future adopt, written plans, known as “Rule 10b5-1 Plans,” under which they have contracted, or may in the future contract, with a broker to sell shares of our common stock on a periodic basis to diversify their assets and investments. Sales made by our executive officers and directors pursuant to Rule 10b5-1, regardless of the amount of such sales, could adversely affect the market price of our common stock.

34


The issuance of additional stock in connection with financings, acquisitions, investments, our stock incentive plans or otherwise will dilute all other stockholders.
Our amended and restated certificate of incorporation authorizes us to issue up to 1,000,000,000 shares of common stock and up to 100,000,000 shares of preferred stock with such rights and preferences as may be determined by our board of directors. Subject to compliance with applicable rules and regulations, we may issue shares of common stock or securities convertible into our common stock from time to time in connection with a financing, acquisition, investment, our stock incentive plans or otherwise. For example, in December 2013, we issued approximately 16.9 million shares of common stock and assumed options to purchase approximately 4.6 million shares of our common stock in connection with our acquisition of Mandiant, and in May 2014, we issued 295,681 shares of common stock and assumed options to purchase 63,490 shares of our common stock in connection with our acquisition of nPulse Technologies. Any future issuances could result in substantial dilution to our existing stockholders and cause the trading price of our common stock to decline.
We do not intend to pay dividends for the foreseeable future.
We have never declared or paid any dividends on our common stock. We intend to retain any earnings to finance the operation and expansion of our business, and we do not anticipate paying any cash dividends in the future. As a result, you may only receive a return on your investment in our common stock if the market price of our common stock increases.
The requirements of being a public company may strain our resources, divert management’s attention and affect our ability to attract and retain qualified board members.
As a public company, we are subject to the reporting requirements of the Securities Exchange Act of 1934, as amended, or the Exchange Act, the listing requirements of the NASDAQ Stock Market and other applicable securities rules and regulations. Compliance with these rules and regulations has increased and will continue to increase our legal and financial compliance costs, has made and will continue to make some activities more difficult, time-consuming or costly, and has increased and will continue to increase demand on our systems and resources. Among other things, the Exchange Act requires that we file annual, quarterly and current reports with respect to our business and results of operations and maintain effective disclosure controls and procedures and internal control over financial reporting. In order to maintain and, if required, improve our disclosure controls and procedures and internal control over financial reporting to meet this standard, significant resources and management oversight may be required. As a result, management’s attention may be diverted from other business concerns, which could harm our business and results of operations. Although we have already hired additional employees to comply with these requirements, we may need to hire even more employees in the future, which will increase our costs and expenses.
Because we are no longer an “emerging growth company” as defined in the JOBS Act, we are subject to the independent auditor attestation requirements of Section 404 of the Sarbanes-Oxley Act, enhanced disclosure obligations regarding executive compensation in our periodic reports and proxy statements, and the requirements of holding a nonbinding advisory vote on executive compensation and stockholder approval of any golden parachute payments not previously approved. While we were able to determine in our management's report for fiscal 2014 that our internal control over financial reporting is effective, as well as provide an unqualified attestation report from our independent registered public accounting firm to that effect, we have and will continue to consume management resources and incur significant expenses for Section 404 compliance on an ongoing basis. In the event that our chief executive officer, chief financial officer, or independent registered public accounting firm determines in the future that our internal control over financial reporting is not effective as defined under Section 404, we could be subject to one or more investigations or enforcement actions by state or federal regulatory agencies, stockholder lawsuits or other adverse actions requiring us to incur defense costs, pay fines, settlements or judgments and causing investor perceptions to be adversely affected and potentially resulting in a decline in the market price of our stock.
In addition, changing laws, regulations and standards relating to corporate governance and public disclosure are creating uncertainty for public companies, increasing legal and financial compliance costs, and making some activities more time consuming. These laws, regulations and standards are subject to varying interpretations, in many cases due to their lack of specificity, and as a result, their application in practice may evolve over time as new guidance is provided by regulatory and governing bodies. This could result in continuing uncertainty regarding compliance matters and higher costs necessitated by ongoing revisions to disclosure and governance practices. We intend to invest resources to comply with evolving laws, regulations, and standards, and this investment will increase our general and administrative expense and a diversion of management’s time and attention from revenue-generating activities to compliance activities. If our efforts to comply with new laws, regulations, and standards are unsuccessful, regulatory authorities may initiate legal proceedings against us and our business may be harmed.
We also expect that being a public company and these new rules and regulations will make it more expensive for us to obtain and maintain director and officer liability insurance, and in the future, we may be required to accept reduced coverage or incur substantially higher costs to obtain coverage. These factors could also make it more difficult for us to attract and retain qualified executive officers and members of our board of directors, particularly to serve on our audit committee and compensation committee.

35


In addition, as a result of our disclosure obligations as a public company, we have reduced strategic flexibility and are under pressure to focus on short-term results, which may adversely impact our ability to achieve long-term profitability.
We are obligated to maintain proper and effective internal control over financial reporting. We may not complete our analysis of our internal control over financial reporting in a timely manner, or this internal control may not be determined to be effective, which may adversely affect investor confidence in our company and, as a result, the value of our common stock.
We are required, pursuant to the Exchange Act, to furnish a report by management on, among other things, the effectiveness of our internal control over financial reporting. This assessment will need to include disclosure of any material weaknesses identified by our management in our internal control over financial reporting, as well as a statement that our auditors have issued an attestation report on our internal controls.
While we were able to determine in our management's report for fiscal 2014 that our internal control over financial reporting is effective, as well as provide an unqualified attestation report from our independent registered public accounting firm to that effect, we may not be able to complete our evaluation, testing, and any required remediation in a timely fashion or our independent registered public accounting firm may not be able to formally attest to the effectiveness of our internal control over financial reporting in the future. During the evaluation and testing process, if we identify one or more material weaknesses in our internal control over financial reporting that we are unable to remediate before the end of the same fiscal year in which the material weakness is identified, we will be unable to assert that our internal controls are effective. If we are unable to assert that our internal control over financial reporting is effective, or if our independent registered public accounting firm is unable to attest to the effectiveness of our internal controls or determine we have a material weakness in our internal controls, we could lose investor confidence in the accuracy and completeness of our financial reports, which would cause the price of our common stock to decline.
Our charter documents and Delaware law could discourage takeover attempts and lead to management entrenchment.
Our amended and restated certificate of incorporation and amended and restated bylaws contain provisions that could delay or prevent a change in control of our company. These provisions could also make it difficult for stockholders to elect directors who are not nominated by the current members of our board of directors or take other corporate actions, including effecting changes in our management. These provisions include:
a classified board of directors with three-year staggered terms, which could delay the ability of stockholders to change the membership of a majority of our board of directors;
the ability of our board of directors to issue shares of preferred stock and to determine the price and other terms of those shares, including preferences and voting rights, without stockholder approval, which could be used to significantly dilute the ownership of a hostile acquiror;
the exclusive right of our board of directors to elect a director to fill a vacancy created by the expansion of our board of directors or the resignation, death or removal of a director, which prevents stockholders from being able to fill vacancies on our board of directors;
a prohibition on stockholder action by written consent, which forces stockholder action to be taken at an annual or special meeting of our stockholders;
the requirement that a special meeting of stockholders may be called only by our board of directors, the chairperson of our board of directors, our chief executive officer or our president (in the absence of a chief executive officer), which could delay the ability of our stockholders to force consideration of a proposal or to take action, including the removal of directors;
the requirement for the affirmative vote of holders of at least 66 2/3% of the voting power of all of the then outstanding shares of the voting stock, voting together as a single class, to amend the provisions of our amended and restated certificate of incorporation relating to the management of our business (including our classified board structure) or certain provisions of our amended and restated bylaws, which may inhibit the ability of an acquiror to effect such amendments to facilitate an unsolicited takeover attempt;
the ability of our board of directors to amend the bylaws, which may allow our board of directors to take additional actions to prevent an unsolicited takeover and inhibit the ability of an acquiror to amend the bylaws to facilitate an unsolicited takeover attempt; and
advance notice procedures with which stockholders must comply to nominate candidates to our board of directors or to propose matters to be acted upon at a stockholders’ meeting, which may discourage or deter a potential acquiror from conducting a solicitation of proxies to elect the acquiror’s own slate of directors or otherwise attempting to obtain control of us.
In addition, as a Delaware corporation, we are subject to Section 203 of the Delaware General Corporation Law, which may prohibit large stockholders, in particular those owning 15% or more of our outstanding voting stock, from merging or combining with us for a specified period of time.

36


Item 1B. Unresolved Staff Comments
None.
Item 2. Properties
Our corporate headquarters is located in Milpitas, California where we currently lease approximately 223,000 square feet of space under lease agreements that expire at various dates through 2018. We maintain additional offices throughout the United States and various international locations, including Australia, Dubai, India, Ireland, Japan, South Korea, Singapore, Taiwan, Turkey and the United Kingdom. We believe that our current facilities are adequate to meet our ongoing needs, and that, if we require additional space, we will be able to obtain additional facilities on commercially reasonable terms.
Item 3.  Legal Proceedings
The information set forth under "Litigation" in Note 9 contained in the "Notes to Consolidated Financial Statements" in Item 8 of Part II of this Annual Report on Form 10-K is incorporated herein by reference.
Item 4.  Mine Safety Disclosures
Not applicable.

37


PART II

Item 5. Market for Registrant's Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities
Market Information
Our common stock, $0.0001 par value per share, began trading on The NASDAQ Global Select Market on September 20, 2013, where its prices are quoted under the symbol “FEYE.”
Holders of Record
As of December 31, 2014, there were 200 holders of record of our common stock. Because many of our shares are held by brokers and other institutions on behalf of stockholders, we are unable to estimate the total number of stockholders represented by these record holders.
Price Range of Our Common Stock
The following table sets forth the reported high and low sales prices of our common stock for the periods indicated, as regularly quoted on The NASDAQ Global Select Market:
Year Ended December 31, 2014:
High
Low
First Quarter
$
97.35

$
40.41

Second Quarter
$
65.65

$
25.58

Third Quarter
$
41.82

$
27.06

Fourth Quarter
$
34.55

$
24.81

 
 
 
Year Ended December 31, 2013:
High
Low
Third Quarter (from September 20, 2013)
$
44.89

$
35.25

Fourth Quarter
$
44.55

$
33.30

Stock Performance Graph
The following performance graph shall not be deemed “filed” for purposes of Section 18 of the Exchange Act or otherwise subject to the liabilities under that Section, and shall not be deemed to be incorporated by reference into any of our filings under the Securities Act or the Exchange Act, except as shall be expressly set forth by specific reference in such filing.
The following graph compares the cumulative total return of our common stock with the total return for the Standard & Poor's 500 Index and the Standard & Poor's Information Technology Index from September 20, 2013 (the date our common stock commenced trading on The NASDAQ Global Select Market) through December 31, 2014. The graph assumes that $100 was invested on September 20, 2013 in our common stock, the Standard & Poor's 500 Index and the Standard & Poor's Information Technology Index, and assumes reinvestment of any dividends. The stock price performance on the following graph is not necessarily indicative of future stock price performance.

38


 
9/13
9/13
10/13
11/13
12/13
1/14
2/14
3/14
4/14
5/14
6/14
7/14
8/14
9/14
10/14
11/14
12/14
FireEye, Inc.
$
100.00

$
115.36

$
105.28

$
106.58

$
121.14

$
202.75

$
237.89

$
171.03

$
109.06

$
91.31

$
112.64

$
98.61

$
86.50

$
84.89

$
94.42

$
84.14

$
87.72

S&P 500
$
100.00

$
103.14

$
107.88

$
111.16

$
113.98

$
110.04

$
115.07

$
116.04

$
116.90

$
119.64

$
122.11

$
120.43

$
125.25

$
123.49

$
126.51

$
129.91

$
129.58

S&P Information Technology
$
100.00

$
102.88

$
107.61

$
111.88

$
116.52

$
113.59

$
118.86

$
119.18

$
119.52

$
124.04

$
126.94

$
128.80

$
133.90

$
132.99

$
135.27

$
142.38

$
139.96


Dividend Policy
We have never declared or paid, and do not anticipate declaring or paying in the foreseeable future, any cash dividends on our capital stock. Any future determination as to the declaration and payment of dividends, if any, will be at the discretion of our board of directors, subject to applicable laws, and will depend on then existing conditions, including our financial condition, operating results, contractual restrictions, capital requirements, business prospects, and other factors our board of directors may deem relevant.
Recent Sales of Unregistered Securities
There were no sales of unregistered securities during the period covered by this Annual Report, other than those previously reported in a Quarterly Report on Form 10-Q or in a Current Report on Form 8-K.
Use of Proceeds
Our initial public offering of common stock was effected through Registration Statements on Form S-1 (File Nos. 333-190338 and 333-191275), which were declared or became effective on September 19, 2013. There has been no material change in the use of

39


proceeds from our initial public offering as described in our final prospectus filed with the SEC pursuant to Rule 424(b) and other periodic reports previously filed with the SEC.
Issuer Purchases of Equity Securities
The table below provides information with respect to repurchases of unvested shares of our common stock made pursuant our 2008 Stock Plan during the fourth quarter of 2014.
Period
Total Number of Shares Purchased (1)
 
Average Price Paid Per Share
 
Total Number of Shares Purchased as Part of Publicly Announced Plans or Programs
 
Maximum Number of Shares that May Yet be Purchased Under the Plans or Programs
October 1 - October 31, 2014
101,153

 
$
1.65

 

 

November 1 - November 30, 2014

 

 

 

December 1 - December 31, 2014

 

 

 

 
 
 
 
 
 
 
 
Total
101,153

 
$
1.65

 

 

(1)
Under our 2008 Stock Plan, certain participants may exercise options prior to vesting, subject to a right of a repurchase by us. All shares in the above table were shares repurchased as a result of us exercising this right and not pursuant to a publicly announced plan or program.
Securities Authorized for Issuance Under Equity Compensation Plans
See Item 12 of Part III of this Annual Report on Form 10-K regarding information about securities authorized for issuance under our equity compensation plans.
Item 6. Selected Consolidated Financial Data
The following selected historical financial data should be read in conjunction with Item 7, “Management’s Discussion and Analysis of Financial Condition and Results of Operations,” and our financial statements and the related notes appearing in Item 8, “Financial Statements and Supplementary Data,” of this Annual Report on Form 10-K to fully understand the factors that may affect the comparability of the information presented below.
The statements of operations data for the years ended December 31, 2014, 2013 and 2012 and the balance sheet data as of December 31, 2014 and 2013 are derived from our audited financial statements appearing in Item 8, “Financial Statements and Supplementary Data,” of this Annual Report on Form 10-K. The statements of operations for the years ended December 31, 2011 and 2010 and the balance sheet data as of December 31, 2012, 2011 and 2010 are derived from audited financial statements not included in this Annual Report on Form 10-K. Our historical results are not necessarily indicative of the results to be expected in the future.

40


 
Year Ended December 31,
 
2014

2013

2012

2011

2010
 
(In thousands, except per share data)
Consolidated Statements of Operations Data:
 
 
 
 
 
 
 
 
 
Revenue:
 
 
 
 
 
 
 
 
 
Product
$
178,246

 
$
88,253

 
$
52,265

 
$
24,888

 
$
9,270

Subscription and services
247,416

 
73,299

 
31,051

 
8,770

 
2,495

Total revenue
425,662

 
161,552

 
83,316

 
33,658

 
11,765

Cost of revenue:
 
 
 
 
 
 
 

 
 
Product(1)
58,980

 
28,912

 
14,467

 
5,690

 
2,054

Subscription and services
116,113

 
18,853

 
3,163

 
1,590

 
277

Total cost of revenue
175,093

 
47,765

 
17,630

 
7,280

 
2,331

Total gross profit
250,569

 
113,787

 
65,686

 
26,378

 
9,434

Operating expenses:
 
 
 
 
 
 
 
 
 
Research and development(1)
203,187

 
66,036

 
16,522

 
7,275

 
5,291

Sales and marketing(1)
401,151

 
167,466

 
67,562

 
30,389

 
11,357

General and administrative(1)
121,099

 
52,503

 
15,221

 
4,428

 
1,943

Restructuring charges
4,327

 

 

 

 

Total operating expenses
729,764

 
286,005

 
99,305

 
42,092

 
18,591

Operating loss
(479,195
)
 
(172,218
)
 
(33,619
)
 
(15,714
)
 
(9,157
)
Interest income
713

 
68

 
7

 
3

 
3

Interest expense
(26
)
 
(525
)
 
(537
)
 
(194
)
 
(158
)
Other income (expense), net
(1,936
)
 
(7,257
)
 
(2,572
)
 
(806
)
 
(156
)
Loss before income taxes
(480,444
)
 
(179,932
)
 
(36,721
)
 
(16,711
)
 
(9,468
)
Provision for (benefit from) income taxes
(36,654
)
 
(59,297
)
 
(965
)
 
71

 
13

Net loss attributable to common stockholders
$
(443,790
)
 
$
(120,635
)
 
$
(35,756
)
 
$
(16,782
)
 
$
(9,481
)
Net loss per share attributable to common stockholders, basic and diluted
$
(3.12
)
 
$
(2.66
)
 
$
(3.28
)
 
$
(1.99
)
 
$
(1.30
)
Weighted-average shares used to compute net loss per share attributable to common stockholders
142,176

 
45,271

 
10,917

 
8,447

 
7,271

(1)    Includes share-based compensation expense as follows:
 
Year Ended December 31,
 
2014

2013

2012

2011

2010
 
(In thousands)
Stock-Based Compensation Expense:
 
 
 
Cost of product revenue
$
888

 
$
469

 
$
115

 
$
31

 
$
4

Cost of subscription and services revenue
17,037

 
2,341

 
55

 
8

 

Research and development
28,968

 
6,958

 
1,465

 
148

 
60

Sales and marketing
66,773

 
10,748

 
1,672

 
360

 
63

General and administrative
38,186

 
8,342

 
3,536

 
168

 
10

Total stock-based compensation expense
$
151,852

 
$
28,858

 
$
6,843

 
$
715

 
$
137


41


 
As of December 31,
 
2014
 
2013
 
2012
 
2011
 
2010
Consolidated Balance Sheet Data:
(In thousands)
Cash and cash equivalents
$
146,363

 
$
173,918

 
$
60,200

 
$
10,676

 
$
7,665

Working capital, excluding deferred revenue and costs
531,547

 
219,707

 
75,074

 
18,319

 
10,302

Total assets
1,758,881

 
1,376,313

 
125,273

 
35,646

 
15,676

Total deferred revenue
352,543

 
187,514

 
76,406

 
30,102

 
6,266

Total long-term debt, current portion

 

 
1,231

 
1,400

 
497

Total long-term debt, non-current portion

 

 
10,916

 
4,528

 
3,174

Preferred stock warrant liability

 

 
3,529

 
994

 
189

Total stockholders’ equity (deficit)
$
1,250,828

 
$
1,048,102

 
$
5,390

 
$
(14,651
)
 
$
1,348

Item 7.    Management's Discussion and Analysis of Financial Condition and Results of Operations
The following discussion and analysis of our financial condition and results of operations should be read in conjunction with our financial statements and related notes appearing elsewhere in this Annual Report on Form 10-K. In addition to historical financial information, the following discussion contains forward-looking statements that reflect our plans, estimates and beliefs. Our actual results could differ materially from those contained in or implied by any forward-looking statements. Factors that could cause or contribute to these differences include those under “Risk Factors” included in Part I, Item 1a or in other parts of this Annual Report on Form 10-K.
Overview
We provide a comprehensive cybersecurity solution for detecting, preventing and resolving advanced cyber-attacks that evade legacy signature-based security products. Our cybersecurity solutions combine our purpose-built virtual-machine technology, threat intelligence, and advanced security expertise in a suite of products and services that reduces our customers’ exposure to attacks by enabling accurate detection and rapid response. Our proprietary virtual machine-based technology delivers high efficacy detection and prevention, while also scaling in response to ever-increasing network performance requirements, to provide real-time protection to enterprises and governments worldwide. Our threat intelligence subscriptions, managed services, incident response, and consulting services complement our threat prevention products to help organizations adapt their security profile as threats evolve. This adaptive approach to cybersecurity represents a paradigm shift in how IT security has been conducted since the earliest days of the information technology industry and we believe it is imperative for organizations to invest in this new approach to protect their critical assets from the global pandemic of cybercrime, cyber-espionage and cyber-warfare.
We were founded in 2004 to address the fundamental limitations of legacy signature-based technologies in detecting and blocking sophisticated cyber-attacks. From 2004 to 2008, we focused our efforts on research and development to build our virtual machine technology. We released our first product, the Network Threat Prevention appliance, in 2008. Our Network Threat Prevention appliance is designed to analyze and block advanced attacks via the Web. Since that time, we have continued to enhance our product portfolio, releasing our Email Threat Prevention appliance in 2011 and our File Content Security appliance in 2012. Our Email Threat Prevention product and File Content Security appliance address advanced threats that are introduced through email attachments and file shares. As a result of the acquisition of Mandiant, we sell an Endpoint Threat Prevention Platform that equips organizations to detect, analyze and resolve security incidents on desktops, laptops and other end-user devices using the threat detection algorithms of the MVX engine. Our Mobile Threat Prevention service allows organizations to identify malicious mobile apps and asses risk levels of other apps for Android and Apple devices. Due to the scale of our customer deployments and our customers’ desire for deeper analysis of potential malicious software, we also provide management and analysis appliances, specifically our Central Management System, or CMS, our Threat Analytics Platform, or TAP, and our Security Forensic Products. We support and enhance the functionality of our products through our Dynamic Threat Intelligence, or DTI, and optional upgrade to Advanced Threat Intelligence, or ATI, cloud, a subscription service that offers global threat intelligence sharing and provides a closed-loop system that leverages the network effects of a globally distributed, automated threat analysis network. We have also begun to offer FireEye-as-a-Service, which includes our Network Platform and Endpoint Security Platform solutions, managed by our security experts through our security operations centers around the world. In addition to our product and subscription services, we offer professional services, including incident response and related consulting services for our customers who have experienced a cyber-security breach, or require assistance assessing the vulnerability of their networks. We also offer training services to educate customers in the implementation and use and functionality of our products, and other professional services to assist as technical resources. Our over 10 years of research and development in virtual machine technology, anomaly detection and associated heuristic algorithms have enabled us to provide signature-less threat protection against next-generation cyber-attacks.
We primarily market and sell our virtual machine-based security platform and related subscriptions and services to Global 2000 companies in a broad range of industries and governments worldwide. As of December 31, 2014, we had approximately 3,100 end-customers, including 187 of the Fortune 500.

42


We have experienced rapid growth over the last several years, increasing our revenue at a compound annual growth rate of 145% from 2010 to 2014. We have also increased our number of employees from 35 as of December 31, 2008 to approximately 2,500 as of December 31, 2014. We expect to continue rapidly scaling our organization to meet the needs of our customers and to pursue opportunities in new and existing markets. We intend to continue to invest in the development of our sales and marketing teams, with a particular focus on expanding our network of international channel partners, opening sales offices, hiring key sales and marketing personnel and carrying out associated marketing activities in key geographies.  As of December 31, 2014, we were selling our solution to end-customers across 76 countries, and we expect revenue from international sales to grow as a percentage of our overall revenue. We intend to continue to invest in our product development organization to enhance the functionality of our existing platform, introduce new products and subscriptions, and build upon our technology leadership. Due to our continuing investments to scale our business, particularly internationally, reorganize our corporate structure for improved tax efficiency, pursue new opportunities, enhance our product functionality, introduce new products and build upon our technology leadership in advance of, and in preparation for, our expected increase in sales and expansion of our customer base, we are continuing to incur expenses in the near term for which we may not realize any long-term benefit. As a result, we do not expect to be profitable for the foreseeable future.
During the years ended December 31, 2014, 2013 and 2012, our revenue was $425.7 million, $161.6 million and $83.3 million, representing year-over-year growth of 163%, 94% and 148%, respectively. Our net losses were $443.8 million $120.6 million and $35.8 million during the years ended December 31, 2014, 2013 and 2012, respectively. During the year ended December 31, 2014, approximately 75%, 8% and 14% of our revenue came from the United States, Asia Pacific and Japan (APAC), and Europe, the Middle East and Africa (EMEA), respectively. During the year ended December 31, 2013, approximately 72%, 10% and 14% of our revenue came from the United States, APAC and EMEA, respectively. During the year ended December 31, 2012, approximately 80%, 8% and 8% of our revenue came from the United States, APAC and EMEA, respectively.
In September 2013, we completed our initial public offering (“IPO”) in which we issued and sold 17,450,000 shares of common stock (inclusive of 2,275,000 shares of common stock from the full exercise of the over-allotment option granted to the underwriters) at a price of $20.00 per share. We received aggregate proceeds of $324.6 million from the sale of shares of common stock, net of underwriters’ discounts and commissions, but before deducting paid and unpaid offering expenses of approximately $3.6 million. Immediately prior to the closing of the IPO, all shares of our outstanding convertible preferred stock automatically converted into 74,221,533 shares of common stock.
On December 30, 2013, we acquired privately held Mandiant Corporation, or Mandiant, the leading provider of advanced endpoint security products and security incident response management solutions. We believe this combination creates the industry’s leading advanced threat protection vendor with the ability to detect, prevent and resolve cyber attacks at every stage of the attack life cycle. Under the terms of the merger agreement governing the transaction, we delivered to the former security holders of Mandiant merger consideration with an aggregate value equal to approximately $1,020.3 million, consisting of approximately $106.5 million in net cash and an aggregate of 21.5 million shares and options to purchase shares of our common stock. The results of operations of Mandiant have been included in our consolidated statements of operations since December 30, 2013, the acquisition date. The balance sheet as of December 31, 2013 reflects items assumed from the Mandiant acquisition.
In March 2014, we completed a follow-on public offering in which we issued and sold 5,582,215 shares of common stock at a price of $82.00 per share. We received aggregate proceeds of $446.5 million from the sale of shares of common stock, net of underwriters’ discounts and commissions of $11.2 million, but before deducting offering expenses of approximately $2.2 million. Another 8,417,785 shares were sold by certain selling stockholders, which included 796,846 shares sold pursuant to the exercise of vested outstanding options by our employees. We did not receive any of the proceeds from the sales of shares by the selling stockholders.
We believe that the growth of our business and our short and long term success are dependent upon many factors, including our ability to extend our technology leadership, grow our base of end-customers, expand deployment of our platform within existing end-customers, and focus on end-customer satisfaction. While these areas present significant opportunities for us, they also pose challenges and risks that we must successfully address in order to sustain the growth of our business and improve our operating results.
We have experienced rapid growth and increased demand for our products and services over the last few years. To manage any future growth effectively, we must continue to improve and expand our information technology and financial infrastructure, our operating and administrative systems and controls, and our ability to manage headcount, capital, and processes in an efficient manner. Additionally, we face intense competition in our market, and to succeed, we need to innovate and offer products that are differentiated from existing infrastructure products, as well as effectively hire, retain, train, and motivate qualified personnel and senior management. If we are unable to successfully address these challenges, our business, operating results, and prospects could be adversely affected.
For a description of factors that may impact our future performance, see the disclosure below under “—Factors Affecting our Performance.”
Our Business Model
We generate revenue from sales of our products, subscriptions and services. Our product revenue consists primarily of revenue from the sale of our threat prevention platform of vector-specific appliances and cloud-based security solutions, consisting of Network Threat Prevention, Email Threat Prevention, Endpoint Threat Prevention, File Content Security and Mobile Threat Prevention. We also offer

43


security management products including our Central Management System and our Threat Analytics Platform, and security forensics products including our Forensic Analysis System, Network Forensics Platform and Investigation Analysis System. We offer this portfolio as a complete solution to protect customers from the next generation of cyber-attacks at all stages of the attack lifecycle and across all primary threat vectors, including web, email, file, endpoint and mobile. Because the typical customer has more web entry points to protect than email and file entry points, customers that purchase our threat prevention portfolio generally purchase more Network Threat Prevention appliances than Email Threat Prevention or File Content Security appliances. As a result, Network Threat Prevention accounts for the largest portion of our threat prevention product revenue. In addition, because most malicious attacks occur through the web threat vector, smaller customers and customers who do not have the budget to purchase the full threat prevention portfolio often only purchase Network Threat Prevention. While we have experienced steady growth in sales of our Email Threat Prevention appliance since its introduction in 2011, these sales have not contributed as quickly to the growth in our overall product revenue because prior to June 2014, revenue associated with Email Threat Prevention was recognized ratably over the longer of the contractual term or the estimated period the customer was expected to benefit from the product. Beginning in June 2014, we started shipping all Email Threat Prevention appliances with software that allows customers to benefit from the product without the associated subscription services.As a result, revenue from sales of Email Threat Prevention appliances is now being recognized at the time of shipment, consistent with our other product offerings. Finally, we introduced our File Content Security appliance in the second quarter of 2012. To date, revenue from our File Content Security appliances represents a small percentage of our product revenue.
We require customers to purchase a subscription to our DTI cloud and support and maintenance services when they purchase any part of our product portfolio. Our customers generally purchase these subscriptions and services for a one or three year term, and revenue from such subscriptions is recognized ratably over the subscription period. Sales of these subscriptions and services have increased our deferred revenue. As of December 31, 2014 and 2013, our total deferred revenue was $352.5 million and $187.5 million, respectively. Amortization of this growing deferred revenue has increased our subscription and services revenue as a percentage of total revenue. For the years ended December 31, 20142013 and 2012, subscription and services revenue as a percentage of total revenue was 58%, 45%, and 37%, respectively. While most of the growth in our subscription and services revenue during such years relates to the amortization of the initial subscription and services agreements, renewals of such agreements have also contributed to this growth. Our renewal rate for subscriptions expiring in 2014 and 2013 was in excess of 90%, and we expect to maintain high renewal rates in the future due to the significant value we believe these subscriptions and services add to the efficacy of our product portfolio.
We have also begun to offer FireEye-as-a-Service, which includes our Network Platform and Endpoint Security Platform solutions, managed by our security experts through our security operations centers around the world. In addition to our product and subscription services, we offer professional services, including incident response and related consulting services for our customers who have experienced a cyber-security breach, or require assistance assessing the vulnerability of their networks. We also offer training services to educate customers in the implementation and use and functionality of our products, and other professional services to assist as technical resources.
Key Business Metrics
We monitor the key business metrics set forth below to help us evaluate growth trends, establish budgets, measure the effectiveness of our sales and marketing efforts, and assess operational efficiencies. We discuss revenue and gross margin below under “Components of Operating Results.” Deferred revenue, billings, net cash flow provided by (used in) operating activities, and free cash flow are discussed immediately below the following table.
 
 
Year Ended or as of December 31,
 
 
2014
 
2013
 
2012
 
 
(Dollars in thousands)
Product revenue
 
$
178,246

 
$
88,253

 
$
52,265

Subscription and services revenue
 
247,416

 
73,299

 
31,051

Total revenue
 
$
425,662

 
$
161,552

 
$
83,316

Year-over-year percentage increase
 
163
%
 
94
%
 
148
%
Gross margin percentage
 
59
%
 
70
%
 
79
%
Deferred revenue, current
 
$
203,877

 
$
110,535

 
$
43,750

Deferred revenue, non-current
 
$
148,666

 
$
76,979

 
$
32,656

Billings (non-GAAP)
 
$
590,691

 
$
256,561

 
$
129,620

Net cash provided by (used in) operating activities
 
$
(131,270
)
 
$
(69,762
)
 
$
21,500

Free cash flow (non-GAAP)
 
$
(198,985
)
 
$
(127,322
)
 
$
2,652

Deferred revenue. Our deferred revenue consists of amounts that have been invoiced but have not yet been recognized as revenue as of the period end. The majority of our deferred revenue consists of the unamortized balance of revenue from subscriptions to our DTI cloud, Managed Defense offerings and support and maintenance contracts. Because invoiced amounts for subscriptions and services can

44


be for multiple years, we classify our deferred revenue as current or non-current depending on when we expect to recognize the related revenue. If the deferred revenue is expected to be recognized within 12 months, it is classified as current. Otherwise, the deferred revenue is classified as non-current. We monitor our deferred revenue balance because it represents a significant portion of revenue to be recognized in future periods. For the year ended December 31, 2013, deferred revenue includes the addition of $16.1 million of deferred revenue assumed in connection with the Mandiant acquisition.
Billings. Billings is a non-GAAP financial metric that we define as revenue recognized in accordance with generally accepted accounting principles, or GAAP, plus the change in deferred revenue from the beginning to the end of the period. We consider billings to be a useful metric for management and investors, as a supplement to the corresponding GAAP measure, because billings drive deferred revenue, which is an important indicator of the health and visibility of trends in our business, and represents a significant percentage of future revenue. However, it is important to note that other companies, including companies in our industry, may not use billings, may calculate billings differently, may have different billing frequencies, or may use other financial measures to evaluate their performance, all of which could reduce the usefulness of billings as a comparative measure. For the year ended December 31, 2013, billings exclude the addition of $16.1 million of deferred revenue assumed in connection with the Mandiant acquisition. A reconciliation of billings to revenue, the most directly comparable financial measure calculated and presented in accordance with GAAP, is provided below:
 
Year ended December 31,
 
2014
 
2013
 
2012
 
(in thousands)
Revenue
$
425,662

 
$
161,552

 
$
83,316

Deferred revenue, end of period
352,543

 
187,514

 
76,406

Less: deferred revenue, beginning of period
187,514

 
76,406

 
30,102

Less: Mandiant deferred revenue assumed

 
16,099

 

Billings (non-GAAP)
$
590,691

 
$
256,561

 
$
129,620

Net cash provided by (used in) operating activities. We monitor net cash provided by (used in) operating activities as a measure of our overall business performance. Our net cash provided by (used in) operating activities is driven in large part by sales of our products and from up-front payments for both subscriptions and support and maintenance services. Monitoring net cash provided by (used in) operating activities enables us to analyze our financial performance without the non-cash effects of certain items such as depreciation, amortization, and stock-based compensation costs, thereby allowing us to better understand and manage the cash needs of our business.
Free cash flow. Free cash flow is a non-GAAP financial measure we define as net cash provided by (used in) operating activities, the most directly comparable GAAP financial measure, less purchases of property and equipment and demonstration units. We consider free cash flow to be a liquidity measure that provides useful information to management and investors about the amount of cash generated by our business that, after the purchases of property and equipment and demonstration units, can be used by us for strategic opportunities, including investing in our business, making strategic acquisitions and strengthening our balance sheet if and when generated. However, it is important to note that other companies, including companies in our industry, may not use free cash flow, may calculate free cash flow differently, or may use other financial measures to evaluate their performance, all of which could reduce the usefulness of free cash flow as a comparative measure. A reconciliation of free cash flow to cash flow provided by (used in) operating activities is provided below:
 
 
Year Ended December 31,
 
 
2014
 
2013
 
2011
 
 
(In thousands)
Cash flow provided by (used in) operating activities
 
$
(131,270
)
 
$
(69,762
)
 
$
21,500

Less: purchase of property and equipment and demonstration units
 
(67,715
)
 
(57,560
)
 
(18,848
)
Free cash flow (non-GAAP)
 
$
(198,985
)
 
$
(127,322
)
 
$
2,652

Net cash used in investing activities
 
$
(382,511
)
 
$
(148,469
)
 
$
(20,215
)
Net cash provided by financing activities
 
$
486,226

 
$
331,949

 
$
48,239

Factors Affecting our Performance
Market Adoption. We rely on market education to raise awareness of today’s next-generation cyber attacks, articulate the need for our virtual machine-based security solution and, in particular, the reasons to purchase our products. Our prospective customers often do not have a specific portion of their IT budgets allocated for products that address the next generation of advanced cyber attacks. We invest heavily in sales and marketing efforts to increase market awareness, educate prospective customers and drive adoption of our solution. This market education is critical to creating new IT budget dollars or allocating IT budget dollars across enterprises and governments for next-generation threat protection solutions, and in particular, our platform. Our investment in market education has also increased

45


awareness of us and our solution in international markets. However, we believe that we will need to invest additional resources in targeted international markets to drive awareness and market adoption. The degree to which prospective customers recognize the mission critical need for next-generation threat protection solutions, and subsequently allocate budget dollars for our platform, will drive our ability to acquire new customers and increase renewals and follow-on sales opportunities, which, in turn, will affect our future financial performance.
Sales Productivity. Our sales organization consists of a direct sales team, made up of field and inside sales personnel, and indirect channel sales teams to support our channel partner sales. We utilize a direct-touch sales model whereby we work with our channel partners to secure prospects, convert prospects to customers, and pursue follow-on sales opportunities. To date, we have primarily targeted large enterprise and government customers, who typically have sales cycles from three to nine months, but can be more than a year. We have also recently expanded our inside sales teams to pursue customers in the small and medium enterprise, or SME, market.
Our growth strategy contemplates increased sales and marketing investments internationally. Newly hired sales and marketing resources will require several months to establish prospect relationships and drive overall sales productivity. In addition, sales teams in certain international markets will face local markets that have not had significant market education about advanced security threats that our platform addresses. All of these factors will influence the timing and overall levels of sales productivity, impacting the rate at which we will be able to convert prospects to sales and drive revenue growth.
Renewal Rates. New or existing customers that purchase one of our appliances are required to purchase a one or three year subscription to our DTI cloud and support and maintenance services. New or existing customers that purchase one of our Forensic Analysis System or Central Management System appliances are required to purchase support and maintenance services for a term of one or three years.
We believe our renewal rate is an important metric to measure the long-term value of customer agreements and our ability to retain our customers. We calculate our renewal rate by dividing the number of renewing customers that were due for renewal in any rolling 12 month period by the number of customers that were due for renewal in that rolling 12 month period. Our renewal rate at December 31, 2014 and 2013 was in excess of 90%. These high renewal rates are primarily attributable to the incremental value added to our appliances by our DTI cloud and support and maintenance services. As DTI cloud subscriptions and support and maintenance services represented 58%, 45% and 37% of our total revenue during the years ended December 31, 2014, 2013 and 2012, respectively, we expect our ability to maintain high renewal rates for these subscriptions and services to have a material impact on our future financial performance.
Follow-On Sales. After the initial sale to a new customer, we focus on expanding our relationship with such customer to sell additional products, subscriptions and services. To grow our revenue, it is important that our customers make additional purchases of our products, subscriptions and services. Sales to our existing customer base can take the form of incremental sales of appliances, subscriptions and services, either to deploy our platform into additional parts of their network or to protect additional threat vectors. Our opportunity to expand our customer relationships through follow-on sales will increase as we add new customers, broaden our product portfolio to support more threat vectors, add new services, increase network performance and enhance functionality. Follow-on sales lead to increased revenue over the lifecycle of a customer relationship and can significantly increase the return on our sales and marketing investments. With some of our most significant customers, we have realized follow-on sales that were multiples of the value of their initial purchases.
Components of Operating Results
Revenue
We generate revenue from the sales of our products, subscriptions and services. As discussed further in “—Critical Accounting Policies and Estimates—Revenue Recognition” under “Management’s Discussion and Analysis of Financial Condition and Results of Operations” below, revenue is recognized when persuasive evidence of an arrangement exists, delivery has occurred, the fee is fixed or determinable, and collectability is reasonably assured.
Our total revenue consists of the following:
Product revenue. Our product revenue is generated from sales of our appliances which we recognize at the time of shipment, provided that all other revenue recognition criteria have been met.
Subscription and services revenue. Subscription and services revenue is generated primarily from our DTI cloud, FireEye-as-a-Service, support and maintenance services and other professional services. Our DTI cloud subscription is determined as a percentage of the price of the related appliance. We recognize revenue from subscriptions and support and maintenance services over the one or three year contract term, as applicable. Professional services revenue, which includes incident response, are generally offered on a time-and-material basis and are recognized as the services are delivered.
Cost of Revenue
Our total cost of revenue consists of cost of product revenue and cost of subscription and services revenue. Personnel costs associated with our operations and global customer support organizations consist of salaries, benefits, bonuses and stock-based compensation. Overhead costs consist of certain facilities, depreciation and information technology costs.
Cost of product revenue. Cost of product revenue primarily consists of costs paid to our third-party contract manufacturers for our appliances and personnel and other costs in our manufacturing operations department. Our cost of product revenue also

46


includes product testing costs, allocated costs and shipping costs. We expect our cost of product revenue to increase as our product revenue increases.
Cost of subscription and services revenue. Cost of subscription and services revenue consists of personnel costs for our global customer support organization and allocated costs. We expect our cost of subscription and services revenue to increase as our customer base grows and as we hire additional professional services personnel.
Gross Margin
Gross margin, or gross profit as a percentage of revenue, has been and will continue to be affected by a variety of factors, including the average sales price of our products, subscriptions and services, manufacturing costs, the mix of products sold, and the mix of revenue among products, subscriptions and services. We expect our gross margins to fluctuate over time depending on the factors described above.
Operating Expenses
Our operating expenses consist of research and development, sales and marketing, and general and administrative expense. Personnel costs are the most significant component of operating expenses and consist of salaries, benefits, bonuses, stock-based compensation and, with regard to sales and marketing expense, sales commissions. Operating expenses also include overhead costs for facilities, IT and depreciation.
Research and development. Research and development expense consists primarily of personnel costs and allocated overhead. Research and development expense also includes prototype related expenses. We expect research and development expense to continue to increase in absolute dollars as we continue to invest in our research and product development efforts to enhance our product capabilities, address new threat vectors and access new customer markets, although such expense may fluctuate as a percentage of total revenue.
Sales and marketing. Sales and marketing expense consists primarily of personnel costs, incentive commission costs and allocated overhead. We expense commission costs as incurred. Sales and marketing expense also includes costs for market development programs, promotional and other marketing activities, travel, office equipment, depreciation of proof-of-concept evaluation units and outside consulting costs. We expect sales and marketing expense to continue to increase in absolute dollars as we increase the size of our sales and marketing organizations and expand our international operations, although such expense may fluctuate as a percentage of total revenue.
General and administrative. General and administrative expense consists of personnel costs, professional services and allocated overhead. General and administrative personnel include our executive, finance, human resources, facilities and legal organizations. Professional services consist primarily of legal, auditing, accounting and other consulting costs. We expect general and administrative expense to continue to increase in absolute dollars as we have recently incurred, and expect to continue to incur, additional general and administrative expenses as we grow our operations and comply with public company regulations, including higher legal, corporate insurance, and accounting expenses.
Interest Income
Interest income consists of interest earned on our cash and cash equivalent and investment balances. We have historically invested our cash in money-market funds and other short-term, high quality investments. We expect interest income to vary each reporting period depending on our average investment balances during the period, types and mix of investments and market interest rates.
Interest Expense
Interest expense historically has consisted of interest on our outstanding debt. See Note 8 to our consolidated financial statements included elsewhere in this Annual Report on Form 10-K for more information about our past debt arrangements.
Other Expense, Net
Other expense, net historically has consisted of the change in fair value of our preferred stock warrant liability. Upon the completion of our initial public offering, the preferred stock warrant liability was reclassified to stockholders’ equity, at which time it was no longer subject to fair value accounting. Other factors impacting other expense, net include gains or losses on the disposal of fixed assets, foreign currency re-measurement gains and losses and foreign currency transaction gains and losses. We expect other expense, net to fluctuate depending on foreign exchange rate movements.
Provision for (Benefit from) Income Taxes
Provision for (benefit from) income taxes consists primarily of U.S. federal and state income taxes in the United States and income taxes in certain foreign jurisdictions in which we conduct business. Income in certain countries may be taxed at statutory tax rates that are lower than the U.S. statutory tax rate. As a result, our overall effective tax rate over the long term may be lower than the U.S. federal statutory tax rate due to a larger proportion of net income which was subject to foreign income tax rates that are lower than the U.S. federal statutory rate.

47


Results of Operations
The following tables summarize our results of operations for the periods presented and as a percentage of our total revenue for those periods. The period-to-period comparison of results is not necessarily indicative of results for future periods.
 
 
Year Ended December 31,
 
 
2014
 
2013
 
2012
 
 
(In thousands)
Revenue:
 
 
 
 
 
 
Product
 
$
178,246

 
$
88,253

 
$
52,265

Subscription and services
 
247,416

 
73,299

 
31,051

Total revenue
 
425,662

 
161,552

 
83,316

Cost of revenue:
 
 
 
 
 
 
Product
 
58,980

 
28,912

 
14,467

Subscription and services
 
116,113

 
18,853

 
3,163

Total cost of revenue
 
175,093

 
47,765

 
17,630

Total gross profit
 
250,569

 
113,787

 
65,686

Operating expenses:
 
 
 
 
 

Research and development
 
203,187

 
66,036

 
16,522

Sales and marketing
 
401,151

 
167,466

 
67,562

General and administrative
 
121,099

 
52,503

 
15,221

Restructuring charges
 
4,327

 

 

Total operating expenses
 
729,764

 
286,005

 
99,305

Operating loss
 
(479,195
)
 
(172,218
)
 
(33,619
)
Interest income
 
713

 
68

 
7

Interest expense
 
(26
)
 
(525
)
 
(537
)
Other expense, net
 
(1,936
)
 
(7,257
)
 
(2,572
)
Loss before income taxes
 
(480,444
)
 
(179,932
)
 
(36,721
)
Benefit from income taxes
 
(36,654
)
 
(59,297
)
 
(965
)
Net loss attributable to common stockholders
 
$
(443,790
)
 
$
(120,635
)
 
$
(35,756
)

48


 
 
Year Ended December 31,
 
 
2014
 
2013
 
2012
 
 
(As a percentage of total revenue)
Revenue:
 
 
 
 
 
 
Product
 
42
 %
 
55
 %
 
63
 %
Subscription and services
 
58

 
45

 
37

Total revenue
 
100

 
100

 
100

Cost of revenue:
 
 
 
 
 
 
Product
 
14

 
18

 
17

Subscription and services
 
27

 
12

 
4

Total cost of revenue
 
41

 
30

 
21

Total gross profit
 
59

 
70

 
79

Operating expenses:
 
 
 
 
 
 
Research and development
 
48

 
41

 
20

Sales and marketing
 
94

 
104

 
81

General and administrative
 
28

 
32

 
18

Restructuring charges
 
1

 

 

Total operating expenses
 
171

 
177

 
119

Operating loss
 
(112
)
 
(107
)
 
(40
)
Interest income
 

 

 

Interest expense
 

 

 
(1
)
Other expense, net
 
(1
)
 
(4
)
 
(3
)
Loss before income taxes
 
(113
)
 
(111
)
 
(44
)
Benefit from income taxes
 
(9
)
 
(36
)
 
(1
)
Net loss attributable to common stockholders
 
(104
)%
 
(75
)%
 
(43
)%
Comparison of the Years Ended December 31, 2014 and 2013
Revenue
 
Year Ended December 31,
 
2014
 
2013
 
Change  
 
Amount
 
% of Total Revenue
 
Amount
 
% of Total Revenue
 
Amount
 
%
 
(Dollars in thousands)
Revenue:
 
 
 
 
 
 
 
 
 
 
 
Product
$
178,246

 
42
%
 
$
88,253

 
55
%
 
$
89,993

 
102
%
Subscription and services
247,416

 
58

 
73,299

 
45

 
174,117

 
238

Total revenue
$
425,662

 
100
%
 
$
161,552

 
100
%
 
$
264,110

 
163
%
Revenue by geographic region:
 
 
 
 
 
 
 
 
 
 
 
United States
$
319,144

 
75
%
 
$
116,730

 
72
%
 
$
202,414

 
173
%
EMEA
57,721

 
14

 
22,845

 
14

 
34,876

 
153

APAC
34,284

 
8

 
16,004

 
10

 
18,280

 
114

Other
14,513

 
3

 
5,973

 
4

 
8,540

 
143

Total revenue
$
425,662

 
100
%
 
$
161,552

 
100
%
 
$
264,110

 
163
%
Product revenue increased by $90.0 million, or 102%, during the year ended December 31, 2014 compared to the year ended December 31, 2013. The increase in product revenue was primarily driven by growth in our installed base of customers, which grew from approximately 2,000 as of December 31, 2013 to approximately 3,100 as of December 31, 2014, as well as follow-on purchases from customers expanding their initial deployments of our product portfolio. Our Network Threat Prevention product continued to account for the largest portion of our product revenue as customers that purchase our product portfolio generally purchase more Network Threat Prevention appliances than our other appliances, reflecting the fact that their networks typically have more Web entry points than email, file, endpoint or mobile entry points to protect.

49


Subscription and service revenue increased by $174.1 million, or 238%, during the year ended December 31, 2014 compared to the year ended December 31, 2013. This increase is comprised of an increase in subscription revenue of $78.9 million, an increase in professional services revenue of $68.7 million and an increase in support and maintenance revenue of $26.5 million. The increase in subscription revenue of $78.9 million and the increase in support and maintenance revenue of $26.5 million is primarily due to initial customer purchases of $117.9 million and subscription revenue resulting from our acquisition of Mandiant. Additionally, there is an increase of $57.4 million in the amortization of deferred subscription and support and maintenance revenue related to renewals for the year ended December 31, 2014. Given our high renewal rate and increasing base of customers, we expect revenue from the amortization of deferred subscription and services revenue related to renewals to increase as a percentage of our total revenue from deferred subscription and services revenue. Our renewal rate for subscription and services agreements expiring in the 12 months ended December 31, 2014 was in excess of 90%.
International revenue increased $61.7 million, or 138%, during the year ended December 31, 2014 compared to the year ended December 31, 2013, which reflects our increasing international market presence.
Cost of Revenue and Gross Margin
 
Year Ended December 31,
 
2014
 
2013
 
   Change
 
Amount
 
Gross 
Margin
 
Amount
 
Gross 
Margin
 
Amount  
 
%
 
(Dollars in thousands)
 
 
Cost of revenue:
 
 
 
 
 
 
 
 
 
 
 
Product
$
58,980

 
 
 
$
28,912

 
 
 
$
30,068

 
104
%
Subscription and services
116,113

 
 
 
18,853

 
 
 
97,260

 
516

Total cost of revenue
$
175,093

 
 
 
$
47,765

 
 
 
$
127,328

 
267
%
Gross margin:
 
 
 
 
 
 
 
 
 
 
 
Product
 
 
67
%
 
 
 
67
%
 
 
 
 
Subscription and services
 
 
53
%
 
 
 
74
%
 
 
 
 
Total gross margin
 
 
59
%
 
 
 
70
%
 
 
 
 
The cost of product revenue increased $30.1 million, or 104%, during the year ended December 31, 2014 compared to the year ended December 31, 2013. The increase in cost of product revenue was driven primarily by an increase in product revenue and the amortization of intangible assets from our acquisition of Mandiant.
The cost of subscription and services revenue increased $97.3 million, or 516%, during the year ended December 31, 2014 compared to the year ended December 31, 2013. The increase in cost of subscription and services revenue was primarily driven by increasing personnel costs, including a 135% increase in headcount driven primarily by the inclusion of the professional services organization from our acquisition of Mandiant, as well as amortization of intangible assets from our acquisition of Mandiant.
Gross margin decreased for the year ended December 31, 2014 compared to the year ended December 31, 2013, driven by a substantial shift in our revenue mix wherein subscription and services revenue went from 45% of our total revenues in 2013 to 58% of our total revenues in 2014, coupled with lower margins attributable to sales of our subscription and services relative to sales of our products. The decrease in subscription and services gross margin was primarily due to our increased investment in customer support personnel and infrastructure and by the amortization of intangible assets resulting from our acquisition of Mandiant.

50


Operating Expenses
 
Year Ended December 31,
 
2014
 
2013
 
Change
 
Amount
 
% of Total Revenue
 
Amount
 
% of Total Revenue
 
Amount
 
%
 
(Dollars in thousands)
Operating expenses:
 
 
 
 
 
 
 
 
 
 
 
Research and development
$
203,187

 
48
%
 
$
66,036

 
41
%
 
$
137,151

 
208
%
Sales and marketing
401,151

 
94

 
167,466

 
104

 
233,685

 
140

General and administrative
121,099

 
28

 
52,503

 
32

 
68,596

 
131

Restructuring charges
4,327

 
1

 

 

 
4,327

 
100

Total operating expenses
$
729,764

 
171
%
 
$
286,005

 
177
%
 
$
443,759

 
155
%
Includes stock-based compensation expense of:
 
 
 
 
 
 
 
 
 
 
 
Research and development
$
28,968

 
 
 
$
6,958

 
 
 


 
 
Sales and marketing
66,773

 
 
 
10,748

 
 
 


 
 
General and administrative
38,186

 
 
 
8,342

 
 
 


 
 
Total
$
133,927

 
 
 
$
26,048

 
 
 
 
 
 
Research and Development
Research and development expense increased $137.2 million, or 208%, during the year ended December 31, 2014 compared to the year ended December 31, 2013. The increase was primarily driven by a $103.8 million increase in personnel costs, of which $22.0 million was related to stock-based compensation charges, largely as a result of a 41% increase in headcount, including a full year's impact of headcount increases resulting from our acquisition of Mandiant, to support continued investment in our future product and service offerings. Additionally, overhead allocations increased by $17.5 million, driven by higher facility and IT costs to support departmental expansion, and depreciation increased by $7.7 million related to increased capital expenditures.
Sales and Marketing
Sales and marketing expense increased $233.7 million, or 140%, during the year ended December 31, 2014 compared to the year ended December 31, 2013. The increase was primarily driven by a $186.1 million increase in personnel costs, of which $56.0 million was related to stock-based compensation charges, largely as a result of a 73% increase in headcount, including a full year's impact of headcount increases resulting from our acquisition of Mandiant, as well as a $45.4 million increase in commissions associated with higher sales, and increased travel costs of $11.3 million related to sales trips and attendance at marketing events. In addition, overhead allocations increased by $15.1 million, driven by higher facility and IT costs to support departmental expansion, and amortization of intangibles increased by $12.3 million from customer relationship and trademark intangibles resulting from our acquisition of Mandiant.
General and Administrative
General and administrative expense increased $68.6 million, or 131%, during the year ended December 31, 2014 compared to the year ended December 31, 2013. The increase was primarily driven by a $53.3 million increase in personnel costs, of which $29.8 million was related to stock-based compensation charges, largely as a result of a 73% increase in headcount, including a full year's impact of headcount increases resulting from our acquisition of Mandiant. In addition, overhead allocations increased by $5.4 million, driven by higher facility and IT costs to support departmental expansion.
Restructuring Charges
During the year ended December 31, 2014, we incurred restructuring charges of $4.3 million, of which $1.6 million related to workforce reductions and $2.7 million related to facility consolidations, as part of our plans initiated in August 2014 to reduce our cost structure and improve efficiency.

51


Interest Income
 
Year Ended December 31,
 
Change
 
2014
 
2013
 
Amount 
 
% 
 
(Dollars in thousands)
Interest income
$
713

 
$
68

 
$
645

 
949
%
Interest income increased during the year ended December 31, 2014 compared to the year ended December 31, 2013 due to interest earned on higher average balances in our cash and cash equivalents and investments. As a result of proceeds generated from our initial public offering in September 2013, we were able to pay off our debt in 2013.
Interest Expense
 
Year Ended December 31,
 
Change 
 
2014
 
2013
 
Amount 
 
% 
 
(Dollars in thousands)
Interest expense
$
(26
)
 
$
(525
)
 
$
(499
)
 
(95
)%
Interest expense decreased during the year ended December 31, 2014 compared to the year ended December 31, 2013 due to lower bank borrowings.
Other Expense, Net
 
Year Ended December 31,
 
Change 
 
2014
 
2013
 
Amount 
 
 
(Dollars in thousands)
Other expense, net
$
(1,936
)
 
$
(7,257
)
 
$
(5,321
)
 
(73
)%
The decrease in other expense, net during the year ended December 31, 2014 compared to the year ended December 31, 2013 was primarily due to the absence of any expense for the fair value revaluation of our preferred stock warrant liability during the year ended December 31, 2014. Upon the closing of our IPO in September 2013, the preferred stock warrants were converted into common stock warrants, and the warrant liability was then reclassified to stockholders’ equity. Subsequently, we no longer recorded any mark-to-market changes in the fair value of these warrants, and as such, there was no related expense during the year ended December 31, 2014.
Benefit from Income Taxes
 
Year Ended December 31,
 
2014
 
2013
 
(Dollars in thousands)
Benefit from income taxes
$
(36,654
)
 
$
(59,297
)
Effective tax rate
7.6
%
 
33.0
%
The decrease in our tax benefit from income taxes during the year ended December 31, 2014 compared to the year ended December 31, 2013 was primarily due to recognizing fewer U.S. federal and state net operating losses and tax credits for which no valuation allowance is required because we had fewer incremental acquisition-related deferred tax liabilities available as a source of income. Our effective tax rate for the year ended December 31, 2014 was different from the U.S. statutory tax rate applied to our pretax loss primarily as the result of the recording of certain U.S. federal and state net operating losses and tax credits for which no valuation allowance is required, partially offset by different tax rates in foreign jurisdictions which are indefinitely reinvested. No valuation allowance is required to the extent of our scheduled future reversals of our acquisition-related deferred tax liabilities. Our effective tax rate for the year ended December 31, 2013 was different from the U.S. statutory tax rate applied to our pretax loss primarily due to tax benefits from the valuation allowance release on U.S. deferred tax assets offset by different tax rates in foreign jurisdictions which are indefinitely reinvested.

52


Comparison of the Years Ended December 31, 2013 and 2012
Revenue
 
Year Ended December 31,
 
2013
 
2012
 
Change  
 
Amount
 
% of Total Revenue
 
Amount
 
% of Total Revenue
 
Amount
 
%
 
(Dollars in thousands)
Revenue:
 
 
 
 
 
 
 
 
 
 
 
Product
$
88,253

 
55
%
 
$
52,265

 
63
%
 
$
35,988

 
69
%
Subscription and services
73,299

 
45

 
31,051

 
37

 
42,248

 
136

Total revenue
$
161,552

 
100
%
 
$
83,316

 
100
%
 
$
78,236

 
94
%
Revenue by geographic region:
 
 
 
 
 
 
 
 
 
 
 
United States
$
116,730

 
72
%
 
$
66,556

 
80
%
 
$
50,174

 
75
%
EMEA
22,845

 
14

 
6,628

 
8

 
16,217

 
245

APAC
16,004

 
10

 
6,488

 
8

 
9,516

 
147

Other
5,973

 
4

 
3,644

 
4

 
2,329

 
64

Total revenue
$
161,552

 
100
%
 
$
83,316

 
100
%
 
$
78,236

 
94
%
Product revenue increased by $36.0 million, or 69%, during the year ended December 31, 2013 compared to the year ended December 31, 2012. The increase in product revenue was primarily driven by growth in our installed base of customers, which grew from approximately 1,000 as of December 31, 2012 to approximately 2,000 as of December 31, 2013, as well as follow-on purchases from customers expanding their initial deployments of our product portfolio. Our Network Threat Prevention product accounted for the largest portion of our product revenue as customers that purchase our product portfolio generally purchase more Network Threat Prevention appliances than our other appliances, reflecting the fact that their networks typically have more Web entry points than email, file, endpoint or mobile entry points to protect.
Subscription and service revenue increased by $42.2 million, or 136%, during the year ended December 31, 2013 compared to the year ended December 31, 2012. This increase is comprised of an increase in subscription revenue of $24.1 million, an increase in professional services revenue of $3.2 million and an increase in support and maintenance revenue of $14.9 million. The increase in subscription revenue of $24.1 million and the increase in support and maintenance revenue of $14.9 million is primarily due to initial customer purchases of $52.0 million. Additionally, there was an increase of $18.0 million in the amortization of deferred subscription and support and maintenance revenue related to renewals for the year ended December 31, 2013. Given our high renewal rate and increasing base of customers, we expect revenue from the amortization of deferred subscription and services revenue related to renewals to increase as a percentage of our total revenue from deferred subscription and services revenue. Our renewal rate for subscription and services agreements expiring in the 12 months ending December 31, 2013 was in excess of 90%.
International revenue increased $28.1 million, or 167%, during the year ended December 31, 2013 compared to the year ended December 31, 2012, which reflects our increasing international market presence.
Cost of Revenue and Gross Margin
 
Year Ended December 31,
 
2013
 
2012
 
   Change
 
Amount
 
Gross 
Margin
 
Amount 
 
Gross 
Margin
 
Amount  
 
%
 
(Dollars in thousands)
 
 
Cost of revenue:
 
 
 
 
 
 
 
 
 
 
 
Product
$
28,912

 
 
 
$
14,467

 
 
 
$
14,445

 
100
%
Subscription and services
18,853

 
 
 
3,163

 
 
 
15,690

 
496

Total cost of revenue
$
47,765

 
 
 
$
17,630

 
 
 
$
30,135

 
171
%
Gross margin:
 
 
 
 
 
 
 
 
 
 
 
Product
 
 
67
%
 
 
 
72
%
 
 
 
 
Subscription and services
 
 
74
%
 
 
 
90
%
 
 
 
 
Total gross margin
 
 
70
%
 
 
 
79
%
 
 
 
 

53


Total cost of product revenue increased $14.4 million, or 100%, during the year ended December 31, 2013 compared to the year ended December 31, 2012. The increase in cost of product revenue was driven primarily by an increase in product revenue and an increase in personnel costs in our manufacturing operations department, as we continued to add capacity and build out our global supply chain.
The cost of subscription and services revenue increased by $15.7 million, or 496%, during the year ended December 31, 2013 compared to the year ended December 31, 2012. The increase in cost of subscription and services revenue was primarily driven by increased personnel costs in customer support.
Gross margin decreased for the year ended December 31, 2013 compared to the year ended December 31, 2012. The decrease in product gross margin was driven by our increased investment in our manufacturing operations department to increase capacity. The decrease in subscription and services gross margin was primarily due to an increase in our investment in customer support personnel and infrastructure.
Operating Expenses
 
Year Ended December 31,
 
2013
 
2012
 
Change
 
Amount
 
% of Total Revenue
 
Amount
 
% of Total Revenue
 
Amount
 
%
 
(Dollars in thousands)
Operating expenses:
 
 
 
 
 
 
 
 
 
 
 
Research and development
$
66,036

 
41
%
 
$
16,522

 
20
%
 
$
49,514

 
300
%
Sales and marketing
167,466

 
104

 
67,562

 
81

 
99,904

 
148

General and administrative
52,503

 
32

 
15,221

 
18

 
37,282

 
245

Total operating expenses
$
286,005

 
177
%
 
$
99,305

 
119
%
 
$
186,700

 
188
%
Includes stock-based compensation expense of:
 
 
 
 
 
 
 
 
 
 
 
Research and development
$
6,958

 
 
 
$
1,465

 
 
 


 
 
Sales and marketing
10,748

 
 
 
1,672

 
 
 


 
 
General and administrative
8,342

 
 
 
3,536

 
 
 


 
 
Total
$
26,048

 
 
 
$
6,673

 
 
 


 
 
Research and Development
Research and development expense increased $49.5 million, or 300%, during the year ended December 31, 2013 compared to the year ended December 31, 2012, primarily due to a $24.3 million increase in personnel costs and a $1.3 million increase in related consulting costs as we increased our headcount and consultants to support continued investment in our future product and service offerings, and a $2.9 million increase in nonrecurring engineering activities. Additionally, overhead allocations and depreciation related to capital expenditures for departmental expansion increased by $18.6 million during the year ended December 31, 2013.
Sales and Marketing
Sales and marketing expense increased $99.9 million, or 148%, during the year ended December 31, 2013 compared to the year ended December 31, 2012, primarily due to a $56.9 million increase in personnel costs of which $13.2 million related to increased commissions for higher headcount and billings, a $4.7 million increase in depreciation expense, a $1.1 million increase in recruiting expenses related to new hires, a $6.8 million increase in travel-related costs and a $2.6 million increase in marketing activity, primarily related to an increase in lead generation services and costs associated with trade shows and conventions, website development and partner programs. The change was also attributable to a $2.0 million increase in consulting costs and a $23.8 million increase in overhead allocations driven by the increase in sales and marketing personnel.
General and Administrative
General and administrative expense increased $37.3 million, or 245%, during the year ended December 31, 2013 compared to the year ended December 31, 2012, primarily due to a $14.3 million increase in personnel costs, a $13.1 million increase in professional services, including legal, accounting and recruiting services, and a $0.8 million increase in consulting costs. The change was also attributable to a $5.6 million increase in overhead allocations associated with departmental expansion. The increase in personnel costs, professional services and consulting costs was primarily a result of growth in our operations and our preparations to operate as a public company.

54


Interest Income
 
Year Ended December 31,
 
Change
 
2013
 
2012
 
Amount 
 
% 
 
(Dollars in thousands)
Interest income
$
68

 
$
7

 
$
61

 
871
%
The change in interest income resulted from the significant increase in the average balances in cash and cash equivalents during the year ended December 31, 2013 compared to the year ended December 31, 2012.
Interest Expense
 
Year Ended December 31,
 
Change 
 
2013
 
2012
 
Amount 
 
% 
 
(Dollars in thousands)
Interest expense
$
(525
)
 
$
(537
)
 
$
(12
)
 
(2
)%
The decrease in interest expense resulted from decreased bank borrowings during the year ended December 31, 2013 compared to the year ended December 31, 2012.
Other Expense, Net
 
Year Ended December 31,
 
Change 
 
2013
 
2012
 
Amount 
 
 
(Dollars in thousands)
Other expense, net
$
(7,257
)
 
$
(2,572
)
 
$
4,685

 
182
%
The increase in other expense, net was primarily due to an increase in the estimated fair value of our preferred stock warrant liability during the year ended December 31, 2013 compared to the year ended December 31, 2012. At the time of our IPO, our preferred stock warrants were converted into common stock warrants, and the warrant liability was reclassified to stockholders’ equity. We will not incur expenses related to these warrants in future periods.
Benefit from Income Taxes
 
Year Ended December 31,
 
2013
 
2012
 
(Dollars in thousands)
Benefit from income taxes
$
(59,297
)
 
$
(965
)
Effective tax rate
33.0
%
 
2.6
%
The increase in our tax benefit from income taxes during the year ended December 31, 2013 is primarily due to the release of the valuation allowance on the majority of U.S. deferred tax assets resulting from recording a deferred tax liability on acquisition related intangibles for which no tax benefit will be derived, partially offset by different tax rates in foreign jurisdictions. The tax benefit from income taxes for the year ended December 31, 2012 is primarily due to a reduction of the valuation allowance for U.S. deferred tax assets resulting from recording a deferred tax liability on acquisition related intangibles for which no tax benefit will be derived, partially offset by an increase in pre-tax income related to international operations.
Quarterly Results of Operations
The following unaudited quarterly statements of operations data for each of the eight quarters in the period ended December 31, 2014 have been prepared on a basis consistent with our audited annual financial statements included in this Annual Report on Form 10-K and include, in our opinion, all normal recurring adjustments necessary for the fair presentation of the financial information contained in those statements. Our historical results are not necessarily indicative of the results that may be expected in the future. The following quarterly financial data should be read in conjunction with our audited financial statements and the related notes included in this Annual Report on Form 10-K.

55


 
Three Months Ended
 
December 31, 2014
 
September 30, 2014
 
June 30, 2014
 
March 31, 2014
 
December 31, 2013
 
September 30, 2013
 
June 30, 2013
 
March 31, 2013
 
(In thousands)
Revenue:
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Product
$
67,936

 
$
48,375

 
$
37,683

 
$
24,252

 
$
32,296

 
$
23,729

 
$
17,240

 
$
14,988

Subscription and services
75,046

 
65,836

 
56,806

 
49,728

 
24,966

 
18,923

 
15,982

 
13,428

Total revenue
142,982

 
114,211

 
94,489

 
73,980

 
57,262

 
42,652

 
33,222

 
28,416

Cost of revenue:
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Product
19,465

 
15,440

 
13,749

 
10,326

 
10,788

 
7,358

 
5,804

 
4,962

Subscription and services
33,827

 
29,488

 
27,831

 
24,967

 
6,372

 
6,079

 
4,482

 
1,920

Total cost of revenue
53,292

 
44,928

 
41,580

 
35,293

 
17,160

 
13,437

 
10,286

 
6,882

Total gross profit
89,690

 
69,283

 
52,909

 
38,687

 
40,102

 
29,215

 
22,936

 
21,534

Operating expenses:
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Research and development
53,102

 
54,707

 
53,408

 
41,970

 
21,466

 
20,492

 
14,016

 
10,062

Sales and marketing
118,081

 
111,625

 
94,591

 
76,854

 
56,889

 
44,414

 
37,594

 
28,569

General and administrative
31,949

 
30,119

 
31,931

 
27,100

 
23,118

 
11,704

 
10,370

 
7,311

Restructuring charges
1,558

 
2,769

 

 

 

 

 

 

Total operating expenses
204,690

 
199,220

 
179,930

 
145,924

 
101,473

 
76,610

 
61,980

 
45,942

Operating loss
(115,000
)
 
(129,937
)
 
(127,021
)
 
(107,237
)
 
(61,371
)
 
(47,395
)
 
(39,044
)
 
(24,408
)
Interest income
257

 
228

 
183

 
45

 
15

 
1

 
48

 
4

Interest expense
(9
)
 
(6
)
 
(4
)
 
(7
)
 
(6
)
 
(243
)
 
(132
)
 
(144
)
Other expense, net
(917
)
 
(636
)
 
(329
)
 
(54
)
 
(128
)
 
(4,206
)
 
(723
)
 
(2,200
)
Loss before income taxes
(115,669
)
 
(130,351
)
 
(127,171
)
 
(107,253
)
 
(61,490
)
 
(51,843
)
 
(39,851
)
 
(26,748
)
Provision for (benefit from) income taxes
(9,944
)
 
(10,320
)
 
(10,348
)
 
(6,042
)
 
(58,977
)
 
(917
)
 
384

 
213

Net loss attributable to common stockholders
$
(105,725
)
 
$
(120,031
)
 
$
(116,823
)
 
$
(101,211
)
 
$
(2,513
)
 
$
(50,926
)
 
$
(40,235
)
 
$
(26,961
)
 
Three Months Ended
 
December 31, 2014
 
September 30, 2014
 
June 30, 2014
 
March 31, 2014
 
December 31, 2013
 
September 30, 2013
 
June 30, 2013
 
March 31, 2013
 
(In thousands)
Revenue:
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Product
48
 %
 
42
 %
 
40
 %
 
33
 %
 
56
 %
 
56
 %
 
52
 %
 
53
 %
Subscription and services
52

 
58

 
60

 
67

 
44

 
44

 
48

 
47

Total revenue
100

 
100

 
100

 
100

 
100

 
100

 
100

 
100

Cost of revenue:
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Product
13

 
13

 
15

 
14

 
19

 
17

 
17

 
17

Subscription and services
24

 
26

 
29

 
34

 
11

 
14

 
14

 
7

Total cost of revenue
37

 
39

 
44

 
48

 
30

 
31

 
31

 
24

Total gross profit
63

 
61

 
56

 
52

 
70

 
69

 
69

 
76

Operating expenses:
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Research and development
37

 
48

 
56

 
57

 
38

 
48

 
42

 
35

Sales and marketing
83

 
98

 
100

 
104

 
99

 
104

 
113

 
101

General and administrative
22

 
26

 
34

 
36

 
40

 
27

 
32

 
26

Restructuring charges
1

 
2

 

 

 

 

 

 

Total operating expenses
143

 
174

 
190

 
197

 
177

 
179

 
187

 
162

Operating loss
(80
)
 
(113
)
 
(134
)
 
(145
)
 
(107
)
 
(110
)
 
(118
)
 
(86
)
Interest income

 

 

 

 

 

 

 

Interest expense

 

 

 

 

 
(1
)
 

 

Other expense, net
(1
)
 
(1
)
 
(1
)
 

 

 
(10
)
 
(2
)
 
(8
)
Loss before income taxes
(81
)
 
(114
)
 
(135
)
 
(145
)
 
(107
)
 
(121
)
 
(120
)
 
(94
)
Provision for (benefit from) income taxes
(7
)
 
(9
)
 
(11
)
 
(8
)
 
(103
)
 
(2
)
 
1

 
1

Net loss attributable to common stockholders
(74
)%
 
(105
)%
 
(124
)%
 
(137
)%
 
(4
)%
 
(119
)%
 
(121
)%
 
(95
)%

56


Quarterly Revenue Trends
Our quarterly revenue increased both year-over-year and sequentially for all periods presented, primarily due to increased sales to new customers, continued growth in our installed base of customers and our December 2013 acquisition of Mandiant. Comparisons of our year-over-year total quarterly revenue are more meaningful than comparisons of our sequential results, due to seasonality in the sale of our products, and to a lesser extent, subscriptions and services. Our fourth quarter has historically been our strongest quarter for sales as a result of large enterprise buying patterns. While we believe that these seasonal trends have affected, and will continue to affect, our quarterly results, our rapid growth has largely masked seasonal trends to date. We believe that our business may become more seasonal in the future. Historical patterns in our business may not be a reliable indicator of our future sales activity or performance.
Quarterly Gross Margin Trends
Total gross profit increased year-over-year for all periods presented. Total gross margin, or gross profit as a percentage of revenue, was relatively consistent over periods in 2013, and has steadily increased over periods in 2014, despite the initial decline at the beginning of 2014 when we began recognizing full quarterly results of operations from our acquisition of Mandiant; primarily a service provider. Fluctuations in our gross margin are primarily due to shifts in the mix of sales between products and subscriptions and services, as well as the types and volumes of products sold.
Quarterly Expense Trends
Total operating expenses increased year-over-year for all periods presented primarily due to the addition of personnel, both through acquisitions and organically, to expand our business and our continuous investment in the system infrastructure required to manage our growth and develop and promote our products and subscription and services. Research and development expense increased sequentially over all periods through the third quarter of 2014, as we increased our headcount to support continued investment in our future product and subscription and services offerings. Sales and marketing expense increased significantly on a sequential basis over all periods through the fourth quarter of 2014, due to increased personnel costs related to headcount increases, higher commissions expense related to higher sales, and an increase in overhead allocations associated with the increased headcount. General and administrative expense increased on a sequential basis over all periods through the second quarter of 2014, due to increased personnel costs associated with greater headcount to support the requirements of operating as a public company. General and administrative expense increased significantly in the three months ended December 31, 2013 compared to three months ended September 30, 2013, primarily due to $8.5 million of acquisition-related expenses incurred in connection with the acquisition of Mandiant. During the third quarter of 2014 we initiated a series of business restructuring plans to reduce our cost structure and improve efficiency, resulting in workforce reductions and facility consolidations. As a result, during the fourth quarter of 2014 when these activities were substantially complete, our expenses remained relatively consistent due to a very small net change in personnel during the quarter.
Liquidity and Capital Resources
 
As of December 31,
 
2014
 
2013
 
(In thousands)
Cash and cash equivalents
$
146,363

 
$
173,918

 
Year Ended December 31,
2014
 
2013
 
2012
 
(In thousands)
Cash provided by (used in) operating activities
$
(131,270
)
 
$
(69,762
)
 
$
21,500

Cash used in investing activities
(382,511
)
 
(148,469
)
 
(20,215
)
Cash provided by financing activities
486,226

 
331,949

 
48,239

Net increase (decrease) in cash and cash equivalents
$
(27,555
)
 
$
113,718

 
$
49,524

As of December 31, 2014, our cash and cash equivalents of $146.4 million were held for working capital, capital expenditures, investment in technology and business acquisition purposes, of which approximately $36.3 million was held outside of the United States. We consider the undistributed earnings of the Company’s foreign subsidiaries as of December 31, 2014 to be indefinitely reinvested outside the United States on the basis of estimates that future domestic cash generation will be sufficient to meet future domestic cash needs and our specific plan for reinvestment of the Company’s foreign subsidiaries’ undistributed earnings.
Prior to our initial public offering ("IPO") in September 2013, we financed our operations primarily through private sales of equity securities and, to a lesser extent, proceeds from our bank facility and cash generated from operations. In September 2013, we completed our IPO in which we issued and sold 17,450,000 shares of common stock (inclusive of 2,275,000 shares of common stock from the full exercise of the over-allotment option granted to the underwriters) at a price of $20.00 per share. We received aggregate proceeds of $324.6

57


million from the sale of shares of common stock, net of underwriters’ discounts and commissions, but before deducting paid and unpaid offering expenses of approximately $3.6 million.
On December 30, 2013, we acquired privately held Mandiant, a leading provider of advanced endpoint security products and security incident response management solutions. Under the terms of the merger agreement governing the transaction, we delivered to the former security holders of Mandiant merger consideration with an aggregate value equal to approximately $1.02 billion, consisting of approximately $106.5 million in net cash and an aggregate of 21.5 million shares and options to purchase shares of our common stock.
In March 2014, we completed our follow-on public offering in which we issued and sold 5,582,215 shares of common stock at a price of $82.00 per share. We received aggregate proceeds of $446.5 million from the sale of shares of common stock, net of underwriters’ discounts and commissions of $11.2 million, but before deducting offering expenses of approximately $2.2 million. Another 8,417,785 shares were sold by certain selling stockholders, which included 796,846 shares sold pursuant to the exercise of vested outstanding options by our employees. We did not receive any of the proceeds from the sales of shares by the selling stockholders.
In May 2014, we acquired privately held nPulse Technologies, a performance leader in network forensics based in Charlottesville, Virginia. This purchase consisted of $55.2 million in cash, $0.1 million of equity awards assumed, and 54,319 shares of our common stock with a fair value of $1.3 million which will vest upon the achievement of certain milestones.
We believe that our existing cash and cash equivalents and short-term investments and any cash inflow from operations will be sufficient to meet our anticipated cash needs, including cash we will consume for operations, for at least the next 12 months. Our future capital requirements will depend on many factors, including our growth rate, the timing and extent of spending to support development efforts, the expansion of sales and marketing activities, the introduction of new and enhanced product and service offerings, and the continuing market acceptance of our products. In the event that additional financing is required from outside sources, we may not be able to raise such financing on terms acceptable to us or at all. If we are unable to raise additional capital when desired, our business, operating results, and financial condition would be adversely affected.
Operating Activities
During the year ended December 31, 2014, our operating activities used cash of $131.3 million. We incurred a net loss of $443.8 million, which included net non-cash expenses of $208.4 million, primarily consisting of stock-based compensation charges, depreciation and amortization expense, and deferred tax benefit. Our net change in operating assets and liabilities provided cash of $104.1 million, primarily sourced from deferred revenue for $164.7 million as a result of increases in sales of subscriptions and support and maintenance services and accrued liabilities and compensation for $35.1 million as a result of the growth in our headcount and business expansion, partially offset by the use of cash related to accounts receivable for $97.2 million resulting from growth in our billings.
During the year ended December 31, 2013, our operating activities used cash of $69.8 million. We incurred a net loss of $120.6 million, which included a net non-cash benefit of $4.8 million, from our deferred tax benefit, partially offset by stock-based compensation charges and depreciation and amortization. Our net change in operating assets and liabilities provided cash of $55.6 million, primarily sourced from deferred revenue for $95.0 million as a result of increases in sales of subscriptions and support and maintenance services, accounts payable for $11.5 million due to growth in our business and accrued compensation for $19.4 million due to growth in our headcount. Our primary uses of operating cash related to accounts receivable for $35.1 million resulting from growth in our billings, prepaid and other current assets for $17.2 million, and accrued liabilities for $18.5 million, primarily due to the payment of transaction costs related to the Mandiant acquisition.
During the year ended December 31, 2012, our operating activities provided cash of $21.5 million. We incurred a net loss of $35.8 million, which included net non-cash expenses of $15.3 million, primarily consisting of stock-based compensation charges and depreciation and amortization. Our net change in operating assets and liabilities provided cash of $42.0 million, primarily sourced from deferred revenue for $46.3 million as a result of increases in sales of subscriptions and support and maintenance services, accounts payable for $6.2 million due to growth in our business and accrued compensation for $3.2 million due to growth in our headcount. Our primary uses of operating cash related to accounts receivable for $10.1 million, resulting from increased sales and prepaid expenses and other current assets for $3.8 million.
Investing Activities
Cash used in investing activities during the year ended December 31, 2014 was $382.5 million, primarily for the purchase of marketable securities to invest a significant portion of the cash received from our follow-on public offering and, to a lesser extent, for capital expenditures to purchase property and equipment and demonstration units and for the acquisition of nPulse. This use of cash was partially offset by $31.6 million received from the sales and maturities of certain marketable securities.
Cash used in investing activities during the year ended December 31, 2013 was $148.5 million, primarily resulting from the acquisition of Mandiant and from capital expenditures to purchase property and equipment and demonstration units.
Cash used in investing activities during the year ended December 31, 2012 was $20.2 million, primarily resulting from capital expenditures to purchase property and equipment and demonstration units.

58


Financing Activities
During the year ended December 31, 2014, financing activities provided $486.2 million in cash, primarily from net proceeds of $444.3 million from our follow-on public offering, as well as proceeds of $41.9 million from the exercise of employee stock options, net of repurchases.
During the year ended December 31, 2013, financing activities provided $331.9 million in cash, primarily from net proceeds of $321.4 million from our IPO, $10.0 million from the issuance of convertible preferred stock, additional borrowings of $10.0 million under our line of credit, proceeds of $7.3 million from the collection of notes receivable from stockholders as of December 31, 2012 and proceeds of $5.4 million from the exercise of stock options, partially offset by payments of $22.2 million on bank borrowings.
During the year ended December 31, 2012, financing activities provided $48.2 million in cash, primarily from $39.8 million from the issuance of convertible preferred stock, borrowings of $7.6 million under our line of credit and proceeds of $2.2 million from the exercise of stock options net of repurchases, partially offset by payments on bank borrowings of $1.4 million.
Contractual Obligations and Commitments
The following summarizes our contractual obligations and commitments as of December 31, 2014:
 
Payments Due by Period 
 
Total
Less Than
1 Year
1 - 3 Years
3 - 5 Years
More Than
5 Years
 
 
(In thousands)
 
Operating leases
$
43,668

$
11,091

$
15,529

$
7,482

$
9,566

Purchase obligations
15,306

8,638

6,612

56


Contract manufacturer commitments
23,217

23,217




Total
$
82,191

$
42,946

$
22,141

$
7,538

$
9,566

Total future non-cancelable minimum rental payments under operating leases of $43.7 million shown in the table above has not been reduced by future minimum sublease rentals totaling $1.1 million.
Due to the uncertainty with respect to the timing of future cash flows associated with our unrecognized tax benefits as of December 31, 2014, we are unable to make reasonably reliable estimates of the period of cash settlement with the respective taxing authorities. Therefore, approximately $1.3 million of unrecognized tax benefits classified as “Other long-term liabilities” in the accompanying consolidated balance sheets as of December 31, 2014, have been excluded from the contractual obligations table above. In addition, we are unable to make reasonably reliable estimates with respect to approximately $24.9 million in non-current deferred tax liabilities and have therefore excluded such liabilities from the table above. See Note 12 of our consolidated financial statements for a discussion of our income tax liabilities.
Off-Balance Sheet Arrangements
As of December 31, 2014 and 2013, we did not have any relationships with unconsolidated entities or financial partnerships, such as structured finance or special purpose entities, that were established for the purpose of facilitating off-balance sheet arrangements or other purposes.
Segment Information
We have one primary business activity and operate in one reportable segment.
Concentration
Carahsoft Technology Corporation, a reseller, accounted for approximately 11% of our revenue for the years ended December 31, 2014 and 2013. For the years ended December 31, 2013 and 2012, Accuvant, also a reseller, accounted for approximately 11% and 10% of our revenue, respectively. Our agreements with these resellers were made in the ordinary course of our business and may be terminated with or without cause by either party with advance notice. Although we believe we would experience some short-term disruption in the distribution of our products, subscriptions and services if these agreements were terminated, we believe such termination would not have a material adverse effect on our financial results and that alternative resellers and other channel partners exist to deliver our products to our end-customers.
Critical Accounting Policies and Estimates
Our consolidated financial statements have been prepared in accordance with U.S. generally accepted accounting principles. The preparation of these consolidated financial statements requires us to make estimates and assumptions that affect the reported amounts of assets, liabilities, revenue, expenses, and related disclosures. We base our estimates on historical experience and on various other

59


assumptions that we believe are reasonable under the circumstances. We evaluate our estimates and assumptions on an ongoing basis. Actual results may differ from these estimates. To the extent that there are material differences between these estimates and our actual results, our future financial statements will be affected.
The critical accounting policies requiring estimates, assumptions, and judgments that we believe have the most significant impact on our consolidated financial statements are described below.
Revenue Recognition
We generate revenue from the sales of products, subscriptions, support and maintenance, and other services primarily through our indirect relationships with our partners as well as end customers through a direct sales force. Our products include operating system software that is integrated into the appliance hardware and is deemed essential to its functionality. As a result, we account for product revenue in accordance with Accounting Standards Codification 605, Revenue Recognition, and all related interpretations, as all our security appliance deliverables include proprietary operating system software, which together deliver the essential functionality of our products.
Revenue is recognized when all of the following criteria are met:
Persuasive Evidence of an Arrangement Exists. We rely upon non-cancelable sales agreements and purchase orders to determine the existence of an arrangement.
Delivery has Occurred. We use shipping documents or transmissions of service contract registration codes to verify delivery.
The Fee is Fixed or Determinable. We assess whether the fee is fixed or determinable based on the payment terms associated with the transaction.
Collectability is Reasonably Assured. We assess collectability based on credit analysis and payment history.
Our products include principal security product families that address critical vectors of attack, including Web, email, endpoint, file and mobile. Our Network Threat Prevention, Endpoint Threat Prevention, File Content Security, Forensic Analysis System and Central Management System, and beginning in June 2014 our Email Threat Prevention, appliances and subscription services qualify as separate units of accounting. Therefore revenue from the sale of these products is recognized at the time of shipment. Historically, our Email Threat Prevention appliance could not function without the use of our Email Threat Prevention Attachment/URL Engine, which analyzes email attachments and URLs embedded in emails for next-generation threats. As such, our Email Threat Prevention and related services previously did not have stand-alone value and did not qualify as separate units of accounting. Therefore, Email Threat Prevention product revenue has historically been recognized ratably over the longer of the contractual term of the subscription services or the estimated period the customer was expected to benefit from the product, provided that all other revenue recognition criteria had been met. Beginning in June 2014, we started shipping all Email Threat Prevention appliances with software that allows customers to benefit from the product without the associated subscription services, and therefore, consistent with our Network and Endpoint Threat Prevention and File Content Security appliances, revenue is now recognized at the time of shipment.
At the time of shipment, product revenue generally meets the criteria for fixed or determinable fees as our partners receive an order from an end-customer prior to placing an order with us. In addition, payment from our partners is not contingent on the partners’ collection from their end-customers. Our partners do not stock products and do not have any stock rotation rights. We recognize subscription and support and maintenance services revenue ratably over the contractual service period, which is typically one or three years. Professional services revenue, including incident response and related consulting services for our customers who have experienced a cyber-security breach or who require assistance assessing the vulnerability of their networks, and training services revenue is recognized as the services are rendered.
Most of our arrangements, other than renewals of subscriptions and support and maintenance services, are multiple-element arrangements with a combination of product, subscriptions, support and maintenance, and other services. For multiple-element arrangements, we allocate revenue to each unit of accounting based on an estimated selling price at the arrangement inception. The estimated selling price for each element is based upon the following hierarchy: vendor-specific objective evidence, or VSOE, of selling price, if available, third-party evidence, or TPE, of selling price, if VSOE of selling price is not available, or best estimate of selling price, or BESP, if neither VSOE of selling price nor TPE of selling price are available. The total arrangement consideration is allocated to each separate unit of accounting using the relative estimated selling prices of each unit based on the aforementioned selling price hierarchy. We limit the amount of revenue recognized for delivered elements to an amount that is not contingent upon future delivery of additional products or services or meeting of any specified performance conditions.
To determine the estimated selling price in multiple-element arrangements, we establish VSOE of selling price using the prices charged for a deliverable when sold separately and, for subscriptions and support and maintenance, based on the renewal rates and

60


discounts offered to partners. If VSOE of selling price cannot be established for a deliverable, we establish TPE of selling price by evaluating similar and interchangeable competitor products or services in standalone arrangements with similarly situated partners. However, as our products contain a significant element of proprietary technology and offer substantially different features and functionality from our competitors, we are unable to obtain comparable pricing of our competitors’ products with similar functionality on a stand-alone basis. Therefore, we have not been able to obtain reliable evidence of TPE of selling price. If neither VSOE nor TPE of selling price can be established for a deliverable, we establish BESP primarily based on historical transaction pricing. Historical transactions are segregated based on our pricing model and our go-to-market strategy, which include factors such as type of sales channel (reseller, distributor, or end-customer), the geographies in which our products and services were sold (domestic or international), offering type (products or services), and whether or not the opportunity was identified by our sales force or by our partners. In analyzing historical transaction pricing, we evaluate whether a majority of the prices charged for a product, as represented by a percentage of list price, fall within a reasonable range. To further support the BESP of selling price as determined by the historical transaction pricing or when such information is unavailable, such as when there are limited sales of a new product, we consider the same factors we have established through our pricing model and go-to-market strategy. The determination of BESP is made through consultation with and approval by our management.
Shipping charges billed to partners are included in revenue and related costs are included in cost of revenue. Sales commissions and other incremental costs to acquire contracts are also expensed as incurred. After receipt of a partner order, any amounts billed in excess of revenue recognized are recorded as deferred revenue.
Stock-Based Compensation
Compensation expense related to stock-based transactions, including employee and non-employee director stock options, is measured and recognized in the financial statements based on the fair value of the awards granted. The fair value of each option award is estimated on the grant date using the Black-Scholes option-pricing model and a single option award approach. Stock-based compensation expense is recognized, net of forfeitures, over the requisite service periods of the awards, which is generally four years.
Our use of the Black-Scholes option-pricing model requires the input of highly subjective assumptions, including the fair value of the underlying common stock, the expected term of the option, the expected volatility of the price of our common stock, risk-free interest rates, and the expected dividend yield of our common stock. The assumptions used in our option-pricing model represent management’s best estimates. These estimates involve inherent uncertainties and the application of management’s judgment. If factors change and different assumptions are used, our stock-based compensation expense could be materially different in the future. These assumptions and estimates are as follows:
Fair Value of Common Stock. Because our common stock was not publicly traded until September 20, 2013, we were required to estimate the fair value of common stock for grants made prior to that date, as discussed in “Common Stock Valuations” below.
Risk-Free Interest Rate. We base the risk-free interest rate used in the Black-Scholes option-pricing model on the implied yield available on U.S. Treasury zero-coupon issues with a remaining term equivalent to that of the options for each option group.
Expected Term. The expected term represents the period that our stock-based awards are expected to be outstanding. We base the expected term assumption on our historical exercise behavior combined with estimates of the post-vesting holding period.
Volatility. We determine the price volatility factor based on the historical volatilities of our publicly traded peer group as we do not have a trading history for our common stock. Industry peers consist of several public companies in the technology industry that are similar to us in size, stage of life cycle, and financial leverage. We used the same set of peer group companies in all the relevant valuation estimates. We did not rely on implied volatilities of traded options in our industry peers’ common stock because the volume of activity was relatively low. We intend to continue to consistently apply this process using the same or similar public companies until a sufficient amount of historical information regarding the volatility of our own common stock share price becomes available, or unless circumstances change such that the identified companies are no longer similar to us, in which case, more suitable companies whose share prices are publicly available would be utilized in the calculation.
Dividend Yield. The expected dividend assumption is based on our current expectations about our anticipated dividend policy. Consequently, we used an expected dividend yield of zero.

61


The following table summarizes the assumptions used in the Black-Scholes option-pricing model to determine the fair value of our stock options as follows:
 
 
Year ended December 31,
 
 
2014
 
2013
 
2012
Fair value of common stock
 
$27.89 - $75.87
 
$6.05 - $42.37
 
$1.65 - $5.44
Risk-free interest rate
 
1.8% - 2.0%
 
0.6% - 2.1%
 
0.2% - 3.4%
Expected term (in years)
 
6
 
4 - 6
 
1 - 6
Volatility
 
51% - 53%
 
46% - 54%
 
49% - 53%
Dividend yield
 
—%
 
—%
 
—%
In addition to the assumptions used in the Black-Scholes option-pricing model, we must also estimate a forfeiture rate to calculate the stock-based compensation expense for our awards. Our forfeiture rate is based on an analysis of our actual forfeitures. We will continue to evaluate the appropriateness of the forfeiture rate based on actual forfeiture experience, analysis of employee turnover, and other factors. Quarterly changes in the estimated forfeiture rate can have a significant impact on our stock-based compensation expense as the cumulative effect of adjusting the rate is recognized in the period the forfeiture estimate is changed. If a revised forfeiture rate is higher than the previously estimated forfeiture rate, an adjustment is made that will result in a decrease to the stock-based compensation expense recognized in the financial statements. If a revised forfeiture rate is lower than the previously estimated forfeiture rate, an adjustment is made that will result in an increase to the stock-based compensation expense recognized in the financial statements.
We estimate the fair value of the rights to acquire stock under our ESPP using the Black-Scholes option pricing formula. Our ESPP typically provides for consecutive twelve-month offering periods and we use our peer group volatility data in the valuation of ESPP shares. We recognize such compensation expense on a straight-line basis over the employee’s requisite service period.
We account for the fair value of restricted stock units (“RSUs”) using the closing market price of our common stock on the date of grant. For new-hire grants, RSUs typically vest ratably on an annual basis over four years. For annual refresh grants, RSUs typically vest ratably on an annual basis over two to four years.
We account for the fair value of performance stock units ("PSUs") using the closing market price of our common stock on the date of grant. We begin recognizing compensation expense when we conclude that it is probable that the performance conditions will be achieved. We will reassess the probability of vesting at each reporting period and adjust our compensation cost based on the probability assessment.
We will continue to use judgment in evaluating the assumptions related to our stock-based compensation on a prospective basis. As we continue to accumulate additional data related to our common stock, we may have refinements to our estimates, which could materially impact our future stock-based compensation expense.
Income Taxes
We account for income taxes using the asset and liability method, which requires the recognition of deferred tax assets and liabilities for the expected future tax consequences of events that have been recognized in our financial statements or tax returns. In addition, deferred tax assets are recorded for the future benefit of utilizing net operating losses and research and development credit carryforwards. Valuation allowances are provided when necessary to reduce deferred tax assets to the amount expected to be realized.
We apply the authoritative accounting guidance prescribing a threshold and measurement attribute for the financial recognition and measurement of a tax position taken or expected to be taken in a tax return. We recognize liabilities for uncertain tax positions based on a two-step process. The first step is to evaluate the tax position for recognition by determining if the weight of available evidence indicates that it is more likely than not that the position will be sustained on audit, including resolution of related appeals or litigation processes, if any. The second step requires us to estimate and measure the tax benefit as the largest amount that is more than 50% likely to be realized upon ultimate settlement.
Significant judgment is required in evaluating our uncertain tax positions and determining our provision for income taxes. Although we believe our reserves are reasonable, no assurance can be given that the final tax outcome of these matters will not be different from that which is reflected in our historical income tax provisions and accruals. We adjust these reserves in light of changing facts and circumstances, such as the closing of a tax audit or the refinement of an estimate. To the extent that the final tax outcome of these matters is different than the amounts recorded, such differences may impact the provision for income taxes in the period in which such determination is made.
Significant judgment is also required in determining any valuation allowance recorded against deferred tax assets. In assessing the need for a valuation allowance, we consider all available evidence, including scheduled reversal of deferred tax liabilities, past operating results, estimates of future taxable income, and the feasibility of tax planning strategies. For the year ended December 31, 2014, we recorded federal and state and certain foreign valuation allowances on deferred tax assets in excess of the scheduled future reversal of our acquisition-related deferred tax liabilities. For the year ended December 31, 2013, we reversed our valuation allowance on all of our

62


U.S. federal and certain state deferred tax assets as a result of the scheduled future reversal of acquisition-related deferred tax liabilities as of that date. As we reverse deferred tax liabilities in subsequent periods, we will re-establish a valuation allowance in these jurisdictions if it is determined that it is not more likely than not that these deferred tax assets can be realized outside of the scheduled reversal of deferred tax liabilities.
Estimates of future taxable income are based on assumptions that are consistent with our plans. Assumptions represent management’s best estimates and involve inherent uncertainties and the application of management’s judgment. Should actual amounts differ from our estimates, the amount of our tax expense and liabilities could be materially impacted.
We do not provide for a U.S. income tax liability on undistributed foreign earnings of our foreign subsidiaries. The earnings of non-U.S. subsidiaries are indefinitely reinvested in non-U.S. operations.
Contract Manufacturer Liabilities
We outsource most of our manufacturing, repair, and supply chain management operations to our independent contract manufacturers and payments to them are a significant portion of our product cost of revenue. Although we could be contractually obligated to purchase manufactured products, we generally do not own the manufactured products. Product title transfers from our independent contract manufacturers to us and immediately to our partners upon shipment. Our independent contract manufacturers assemble our products using design specifications, quality assurance programs, and standards that we establish, and they procure components and assemble our products based on our demand forecasts. These forecasts represent our estimates of future demand for our products based upon historical trends and analysis from our sales and product management functions as adjusted for overall market conditions. If the actual component usage and product demand are significantly lower than forecast, we accrue for costs for contractual manufacturing commitments in excess of our forecasted demand, including costs for excess components or for carrying costs incurred by our contract manufacturers. To date, we have not accrued any significant costs associated with this exposure.
Loss Contingencies
We are subject to the possibility of various loss contingencies arising in the ordinary course of business. We consider the likelihood of loss or impairment of an asset, or the incurrence of a liability, as well as our ability to reasonably estimate the amount of loss, in determining loss contingencies. An estimated loss contingency is accrued when it is probable that an asset has been impaired or a liability has been incurred and the amount of loss can be reasonably estimated. If we determine that a loss is possible and the range of the loss can be reasonably determined, then we disclose the range of the possible loss. We regularly evaluate current information available to us to determine whether an accrual is required, an accrual should be adjusted or a range of possible loss should be disclosed.
Warranties
We generally provide a one-year warranty on hardware. We do not accrue for potential warranty claims as a component of cost of product revenue as all product warranty claims are satisfied under our support and maintenance contracts.
Goodwill
Goodwill is the excess of the aggregate purchase price paid over the fair value of the net tangible assets acquired. Goodwill is not amortized and is tested for impairment at least annually or whenever events or changes in circumstances indicate that the carrying value may not be recoverable. We have determined that we operate as one reporting unit and have selected December 1 as the date to perform our annual impairment test. In the valuation of our goodwill, we must make assumptions regarding estimated future cash flows to be derived from our business. If these estimates or their related assumptions change in the future, we may be required to record impairment for these assets. The first step of the impairment test involves comparing the fair value of the reporting unit to its net book value, including goodwill. If the net book value exceeds its fair value, then we would perform the second step of the goodwill impairment test to determine the amount of the impairment loss. The impairment loss would be calculated by comparing our implied fair value to our net book value. In calculating our implied fair value of goodwill, our fair value would be allocated to all of the other assets and liabilities based on their fair values. The excess of our fair value over the amount assigned to our other assets and liabilities is the implied fair value of goodwill. An impairment loss would be recognized when the carrying amount of goodwill exceeds its implied fair value. There was no impairment of goodwill recorded for the years ended December 31, 2014, 2013 or 2012.
Business Combinations
We account for all of our acquisitions using the acquisition method as required under the provisions of FASB ASC 805, Business Combinations. The fair value of purchase consideration is allocated to the tangible assets acquired, liabilities assumed and intangible assets acquired, based on their estimated fair values. The excess of the fair value of purchase consideration over the values of these identifiable assets and liabilities is recorded as goodwill.
When determining the fair value of assets acquired and liabilities assumed, management makes significant estimates and assumptions, especially with respect to intangible assets. Critical estimates in valuing certain identifiable assets include, but are not limited to, expected long-term market growth, customer retention, future expected operating expenses, costs of capital, and appropriate discount rates. Management’s estimates of fair value are based upon assumptions believed to be reasonable, but which are inherently uncertain and unpredictable and, as a result, actual results may differ from estimates.

63


Recent Accounting Pronouncements
In May 2014, the FASB issued an accounting standard update related to revenue from contracts with customers. This standard provides a single model for revenue arising from contracts with customers and supersedes current revenue recognition guidance. The core principle of the guidance is that an entity should recognize revenue to depict the transfer of promised goods or services to customers in an amount that reflects the consideration to which the entity expects to be entitled in exchange for those goods or services. The guidance is effective for us beginning in the first quarter of 2017. Early adoption is not permitted. The guidance permits companies to either apply the requirements retrospectively to all prior periods presented, or apply the requirements in the year of adoption, through a cumulative adjustment. We are currently evaluating the impact the adoption will have on our consolidated financial statements and related disclosures.
In August 2014, the FASB issued ASU 2014-15, Disclosures of Uncertainties About an Entity’s Ability to Continue as a Going Concern. This standard provides guidance on how and when reporting entities must disclose going-concern uncertainties in their financial statements. The guidance is effective for us beginning in the first quarter of 2017. Early adoption is permitted.

64


Item 7A.  Quantitative and Qualitative Disclosures About Market Risk
Foreign Currency Exchange Risk
Our sales contracts are primarily denominated in U.S. dollars. A portion of our operating expenses are incurred outside the United States and are denominated in foreign currencies and are subject to fluctuations due to changes in foreign currency exchange rates, particularly changes in the Indian Rupee, British Pound Sterling, Japanese Yen and Euro. Additionally, fluctuations in foreign currency exchange rates may cause us to recognize transaction gains and losses in our statement of operations. The effect of a hypothetical 10% adverse change in foreign exchange rates on monetary assets and liabilities at December 31, 2014 would not be material to our financial condition or results of operations. To date, foreign currency transaction gains and losses and exchange rate fluctuations have not been material to our financial statements, and we have not engaged in any foreign currency hedging transactions.
As our international operations continue to grow, our risks associated with fluctuations in currency rates will become greater, and we will continue to reassess our approach to managing this risk. In addition, currency fluctuations or a weakening U.S. dollar can increase the costs of our international expansion, and the currently strengthening U.S. dollar could slow international demand as products and services priced in U.S. dollars become more expensive.
Interest Rate Risk
We had cash and cash equivalents and investments of $402.2 million and $173.9 million as of December 31, 2014 and 2013, respectively, consisting of bank deposits, money market funds, certificates of deposit and bonds issued by corporate institutions and U.S. government agencies. Such interest-earning instruments carry a degree of interest rate risk. To date, fluctuations in interest income have not been significant.
We do not enter into investments for trading or speculative purposes and have not used any derivative financial instruments to manage our interest rate risk exposure. We have not been exposed to, nor do we anticipate being exposed to, material risks due to changes in interest rates.
We had no debt outstanding as of December 31, 2014 and 2013. The debt outstanding prior to the fourth quarter of 2013 related to an outstanding line of credit in the amount of $20.0 million, which was repaid in October 2013. The line of credit has expired as of December 31, 2014.
A hypothetical 10% change in interest rates during any of the periods presented would not have had a material impact on our financial statements.
Item 8. Financial Statements and Supplementary Data
INDEX TO CONSOLIDATED FINANCIAL STATEMENTS
 
Page
Certain supplementary financial information required by this Item 8 is included in Item 7 under the caption “Quarterly Results of Operations.”

65


REPORT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM

To the Board of Directors and Stockholders of
FireEye, Inc.
Milpitas, California

We have audited the accompanying consolidated balance sheets of FireEye, Inc. and subsidiaries (the "Company") as of December 31, 2014 and 2013, and the related consolidated statements of operations, comprehensive loss, stockholders' equity (deficit), and cash flows for each of the three years in the period ended December 31, 2014. Our audits also included the financial statement schedule listed in the Index at Item 15. These financial statements and financial statement schedule are the responsibility of the Company's management. Our responsibility is to express an opinion on these financial statements based on our audits.
We conducted our audits in accordance with the standards of the Public Company Accounting Oversight Board (United States). Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement. An audit includes examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements. An audit also includes assessing the accounting principles used and significant estimates made by management, as well as evaluating the overall financial statement presentation. We believe that our audits provide a reasonable basis for our opinion.
In our opinion, such consolidated financial statements present fairly, in all material respects, the financial position of FireEye, Inc. and subsidiaries as of December 31, 2014 and 2013, and the results of their operations and their cash flows for each of the three years in the period ended December 31, 2014, in conformity with accounting principles generally accepted in the United States of America. Also, in our opinion, such financial statement schedule, when considered in relation to the basic consolidated financial statements taken as a whole, presents fairly, in all material respects, the information set forth therein.
We have also audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States), the Company's internal control over financial reporting as of December 31, 2014, based on the criteria established in Internal Control - Integrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Treadway Commission and our report dated March 2, 2015 expressed an unqualified opinion on the Company's internal control over financial reporting.


/s/ DELOITTE & TOUCHE LLP

San Jose, California
March 2, 2015


66


FIREEYE, INC.
Consolidated Balance Sheets
(In thousands, except per share data)

 
 
As of December 31,
 
 
2014
 
2013
ASSETS
 
 
 
 
Current assets:
 
 
 
 
Cash and cash equivalents
 
$
146,363

 
$
173,918

Short-term investments
 
255,845

 

Accounts receivable, net of allowance for doubtful accounts of $586 and $20 at December 31, 2014 and 2013, respectively
 
193,182

 
95,772

Inventories
 
7,952

 
5,663

Deferred tax assets, current portion
 
25,126

 
14,584

Prepaid expenses and other current assets
 
28,669

 
25,230

Total current assets
 
657,137

 
315,167

Property and equipment, net
 
82,298

 
64,765

Goodwill
 
750,288

 
706,327

Intangibles assets, net
 
261,625

 
281,377

Deposits and other long-term assets
 
7,533

 
8,677

TOTAL ASSETS
 
$
1,758,881

 
$
1,376,313

 
 
 
 
 
LIABILITIES AND STOCKHOLDERS’ EQUITY
 
 
 
 
Current liabilities:
 
 
 
 
Accounts payable
 
$
34,057

 
$
34,128

Accrued and other current liabilities
 
24,596

 
17,677

Accrued compensation
 
64,551

 
41,625

Deferred revenue, current portion
 
203,877

 
110,535

Total current liabilities
 
327,081

 
203,965

Deferred revenue, non-current portion
 
148,666

 
76,979

Deferred tax liabilities, non-current portion
 
24,903

 
45,147

Other long-term liabilities
 
7,403

 
2,120

Total liabilities
 
508,053

 
328,211

Commitments and contingencies (NOTE 9)
 

 

Stockholders' equity:
 
 
 
 
Convertible preferred stock, par value of $0.0001 per share; 100,000 shares authorized, none issued or outstanding as of December 31, 2014 and 2013
 

 

Common stock, par value of $0.0001 per share; 1,000,000 shares authorized, 152,860 and 137,758 shares issued and outstanding as of December 31, 2014 and 2013, respectively
 
15

 
14

Additional paid-in capital
 
1,918,546

 
1,271,590

Accumulated other comprehensive loss
 
(441
)
 

Accumulated deficit
 
(667,292
)
 
(223,502
)
Total stockholders’ equity
 
1,250,828

 
1,048,102

TOTAL LIABILITIES AND STOCKHOLDERS’ EQUITY
 
$
1,758,881

 
$
1,376,313

See accompanying notes to the consolidated financial statements.  

67

Table of Contents
FIREEYE, INC.
Consolidated Statements of Operations
(In thousands, except per share data)


 
 
Year Ended December 31,
 
 
2014
 
2013
 
2012
Revenue:
 
 
 
 
 
 
Product
 
$
178,246

 
$
88,253

 
$
52,265

Subscription and services
 
247,416

 
73,299

 
31,051

Total revenue
 
425,662

 
161,552

 
83,316

Cost of revenue:
 
 
 
 
 
 
Product
 
58,980

 
28,912

 
14,467

Subscription and services
 
116,113

 
18,853

 
3,163

Total cost of revenue
 
175,093

 
47,765

 
17,630

Total gross profit
 
250,569

 
113,787

 
65,686

Operating expenses:
 
 
 
 
 
 
Research and development
 
203,187

 
66,036

 
16,522

Sales and marketing
 
401,151

 
167,466

 
67,562

General and administrative
 
121,099

 
52,503

 
15,221

Restructuring charges
 
4,327

 

 

Total operating expenses
 
729,764

 
286,005

 
99,305

Operating loss
 
(479,195
)
 
(172,218
)
 
(33,619
)
Interest income
 
713

 
68

 
7

Interest expense
 
(26
)
 
(525
)
 
(537
)
Other expense, net
 
(1,936
)
 
(7,257
)
 
(2,572
)
Loss before income taxes
 
(480,444
)
 
(179,932
)
 
(36,721
)
Benefit from income taxes
 
(36,654
)
 
(59,297
)
 
(965
)
Net loss attributable to common stockholders
 
$
(443,790
)
 
$
(120,635
)
 
$
(35,756
)
Net loss per share attributable to common stockholders, basic and diluted
 
$
(3.12
)
 
$
(2.66
)
 
$
(3.28
)
Weighted average shares used to compute net loss per share attributable to common stockholders, basic and diluted
 
142,176

 
45,271

 
10,917

See accompanying notes to the consolidated financial statements.





68

Table of Contents
FIREEYE, INC
Consolidated Statements of Comprehensive Loss
(In thousands)


 
Year Ended December 31,
 
2014
 
2013
 
2012
Net loss
$
(443,790
)
 
$
(120,635
)
 
$
(35,756
)
Change in net unrealized loss on available-for-sale investments, net of tax
(441
)
 

 

Comprehensive loss
$
(444,231
)
 
$
(120,635
)
 
$
(35,756
)
See accompanying notes to the consolidated financial statements.

69

Table of Contents
FIREEYE, INC.
Consolidated Statement of Stockholders' Equity (Deficit)
(In thousands)

 
Convertible Preferred Stock
 
Common Stock
 
Additional Paid-In Capital
 
Notes Receivable from Stockholders
 
Accumulated Other Comprehensive Loss
 
Accumulated Deficit
 
Total Stockholders’ Equity
 
Shares
 
Amount
 
Shares
 
Amount
 
Balance at December 31, 2011
59,841

 
$
5

 
11,797

 
$
1

 
$
52,605

 
$
(151
)
 
$

 
$
(67,111
)
 
$
(14,651
)
Net proceeds from issuance of Series F convertible preferred stock
4,274

 
1

 

 

 
44,778

 

 

 

 
44,779

Issuance of common stock related to Tall Maple Systems, Inc. acquisition

 

 
150

 

 
816

 

 

 

 
816

Issuance of common stock related to Ensighta Security, Inc. acquisition

 

 
423

 

 
2,300

 

 

 

 
2,300

Issuance of common stock upon stock option exercises with notes receivable

 

 
4,260

 

 

 

 

 

 

Vesting of stock options exercised with notes receivable

 

 

 
1

 
816

 
(817
)
 

 

 

Issuances of common stock upon stock option exercises

 

 
3,212

 

 
716

 

 

 

 
716

Accrued interest for notes receivable from stockholders

 

 

 

 
35

 
(35
)
 

 

 

Issuance of restricted stock

 

 
2,686

 

 

 

 

 

 

Repurchase of unvested restricted common stock

 

 
(93
)
 

 
(214
)
 

 

 

 
(214
)
Vesting of early exercise of equity awards

 

 

 

 
557

 

 

 

 
557

Stock-based compensation

 

 

 

 
6,843

 

 

 

 
6,843

Net loss

 

 

 

 

 

 

 
(35,756
)
 
(35,756
)
Balance at December 31, 2012
64,115

 
6

 
22,435

 
2

 
109,252

 
(1,003
)
 

 
(102,867
)
 
5,390

Issuance of common stock in connection with initial public offering, net of offering costs

 

 
17,450

 
2

 
320,977

 

 

 

 
320,979

Conversion of convertible preferred stock to common stock in connection with initial public offering
(64,590
)
 
(6
)
 
74,222

 
7

 
(1
)
 

 

 

 

Conversion of preferred stock warrant to common stock warrant in connection with initial public offering

 

 

 

 
10,067

 

 

 

 
10,067

Issuance of common stock related to the acquisition of Secure DNA Managed Services, Inc.

 

 
50

 

 
800

 

 

 

 
800

Issuance of common stock related to the acquisition of Mandiant, Inc.

 

 
16,921

 
2

 
791,115

 

 

 

 
791,117

Payment of note receivable from stockholder, net of early exercises

 

 

 

 
828

 
1,003

 

 

 
1,831

Net proceeds from issuance of Series F convertible preferred stock
475

 

 

 

 
4,994

 

 

 

 
4,994

Issuance of common stock for equity awards, net of repurchases

 

 
6,680

 
1

 
2,393

 

 

 

 
2,394

Vesting of early exercise of equity awards

 

 

 

 
2,307

 

 

 

 
2,307

Stock-based compensation

 

 

 

 
28,858

 

 

 

 
28,858

Net loss

 

 

 

 

 

 

 
(120,635
)
 
(120,635
)
Balance at December 31, 2013

 

 
137,758

 
14

 
1,271,590

 

 

 
(223,502
)
 
1,048,102

Issuance of common stock in connection with follow-on public offering, net of offering costs

 

 
5,582

 

 
444,295

 

 

 

 
444,295

Issuance of common stock for equity awards, net of repurchases and tax witholdings

 

 
8,030

 
1

 
20,658

 

 

 

 
20,659

Issuance of common stock related to nPulse Technologies, Inc. acquisition

 

 
296

 

 
1,398

 

 

 

 
1,398

Issuance of common stock related to employee stock purchase plan

 

 
1,194

 

 
21,228

 

 

 

 
21,228

Assumption of vested options related to the acquisition of Mandiant, Inc.

 

 

 

 
3,135

 

 

 

 
3,135

Vesting of early exercise of equity awards

 

 

 

 
4,390

 

 

 

 
4,390

Stock-based compensation

 

 

 

 
151,852

 

 

 

 
151,852

Unrealized loss on investments

 

 

 

 

 

 
(441
)
 

 
(441
)
Net loss

 

 

 

 

 

 

 
(443,790
)
 
(443,790
)
Balance at December 31, 2014

 
$

 
152,860

 
$
15

 
$
1,918,546

 
$

 
$
(441
)
 
$
(667,292
)
 
$
1,250,828

See accompanying notes to the consolidated financial statements.

70

Table of Contents
FIREEYE, INC.
Consolidated Statements of Cash Flows
(In thousands)


 
 
Year Ended 
 December 31,
 
 
2014
 
2013
 
2012
CASH FLOWS FROM OPERATING ACTIVITIES:
 
 
 
 
 
 
Net loss
 
$
(443,790
)
 
$
(120,635
)
 
$
(35,756
)
Adjustments to reconcile net loss to net cash provided by (used in) operating activities:
 
 
 
 
 
 
Depreciation and amortization
 
94,136

 
20,758

 
6,917

Stock-based compensation
 
151,852

 
28,858

 
6,843

Deferred income taxes
 
(39,869
)
 
(61,028
)
 
(1,241
)
Other
 
2,261

 
6,648

 
2,732

Changes in operating assets and liabilities, net of assets acquired and liabilities assumed in business combinations:
 
 
 
 
 
 
Accounts receivable
 
(97,165
)
 
(35,145
)
 
(10,106
)
Inventories
 
(2,024
)
 
(3,089
)
 
(817
)
Prepaid expenses and other assets
 
1,450

 
(17,219
)
 
(3,753
)
Accounts payable
 
(3,193
)
 
11,504

 
6,189

Accrued liabilities
 
11,403

 
(18,488
)
 
511

Accrued compensation
 
23,658

 
19,381

 
3,165

Deferred revenue
 
164,728

 
95,010

 
46,303

Other long-term liabilities
 
5,283

 
3,683

 
513

Net cash provided by (used in) operating activities
 
(131,270
)
 
(69,762
)
 
21,500

CASH FLOWS FROM INVESTING ACTIVITIES:
 
 
 
 
 
 
Acquisition of business, net of cash acquired
 
(55,058
)
 
(89,240
)
 
(889
)
Purchase of property and equipment and demonstration units
 
(67,715
)
 
(57,560
)
 
(18,848
)
Purchase of short-term investments
 
(390,360
)
 

 

Maturity of short-term investments
 
99,541

 

 

Sale of short-term investments
 
31,577

 

 

Lease deposits
 
(496
)
 
(1,669
)
 
(478
)
Net cash used in investing activities
 
(382,511
)
 
(148,469
)
 
(20,215
)
CASH FLOWS FROM FINANCING ACTIVITIES:
 
 
 
 
 
 
Net proceeds from initial public offering
 

 
321,389

 

Net proceeds from follow-on public offering
 
444,338

 

 

Borrowing from line of credit
 

 
10,000

 
7,619

Repayment of line of credit
 

 
(20,000
)
 

Repayment of term loan
 

 
(2,150
)
 
(1,405
)
Net proceeds from issuance of convertible preferred stock
 

 
9,988

 
39,785

Proceeds from exercise of equity awards
 
41,888

 
5,428

 
2,240

Repayment of notes receivable from stockholders
 

 
7,294

 

Net cash provided by financing activities
 
486,226

 
331,949

 
48,239

Net change in cash and cash equivalents
 
(27,555
)
 
113,718

 
49,524

Cash and cash equivalents, beginning of year
 
173,918

 
60,200

 
10,676

Cash and cash equivalents, end of year
 
$
146,363

 
$
173,918

 
$
60,200

SUPPLEMENTAL DISCLOSURES OF CASH FLOW INFORMATION:
 
 
 
 
 
 
Cash paid for income taxes
 
$
2,489

 
$
474

 
$
22

Cash paid for interest
 
$
27

 
$
578

 
$
508

SUPPLEMENTAL DISCLOSURES OF NON-CASH INVESTING AND FINANCING ACTIVITIES:
 
 
 
 
 
 
Deferred initial public offering costs in accounts payable and accrued liabilities
 
$
43

 
$
412

 
$

Common stock issued in connection with acquisitions
 
$
1,398

 
$
791,917

 
$
3,116

Conversion of preferred stock warrants to common stock warrants
 
$

 
$
10,067

 
$

Purchases of property and equipment and demonstration units in accounts payable
 
$
6,716

 
$
6,435

 
$
2,874

Proceeds receivable from issuance of convertible preferred stock
 
$

 
$

 
$
4,994

See accompanying notes to the consolidated financial statements.

71

Table of Contents
FIREEYE, INC.
Notes to Consolidated Financial Statements



1. Description of Business and Summary of Significant Accounting Policies
Description of Business
FireEye, Inc., with principal executive offices located in Milpitas, California, was incorporated as NetForts, Inc. on February 18, 2004, under the laws of the State of Delaware, and changed its name to FireEye, Inc. on September 7, 2005.
FireEye, Inc. and its wholly owned subsidiaries (collectively, the “Company”, “we”, “us” or “our”) is a leader in stopping advanced cyber attacks that use advanced malware, zero-day exploits, and APT (“Advanced Persistent Threat”) tactics. Our solutions supplement traditional and next-generation firewalls, IPS (“Intrusion Prevention Systems”), anti-virus, and gateways, which cannot stop advanced threats, leaving security holes in networks. We offer a solution that detects and blocks attacks across both Web and email threat vectors as well as latent malware resident on file shares. Our solutions address all stages of an attack lifecycle with a signature-less engine utilizing stateful attack analysis to detect zero-day threats.
In September 2013, we completed our initial public offering (“IPO”) in which we issued and sold 17,450,000 shares of common stock (inclusive of 2,275,000 shares of common stock from the full exercise of the over-allotment option granted to the underwriters) at a price of $20.00 per share. We received aggregate proceeds of $324.6 million from the sale of shares of common stock, net of underwriters’ discounts and commissions, but before deducting paid and unpaid offering expenses of approximately $3.6 million. Immediately prior to the closing of the IPO, all shares of our outstanding convertible preferred stock automatically converted into 74,221,533 shares of common stock.
In March 2014, we completed our follow-on public offering in which we issued and sold 5,582,215 shares of common stock at a price of $82.00 per share. We received aggregate proceeds of $446.5 million from the sale of shares of common stock, net of underwriters’ discounts and commissions of $11.2 million, but before deducting offering expenses of approximately $2.2 million. Another 8,417,785 shares were sold by certain selling stockholders, which included 796,846 shares sold pursuant to the exercise of vested outstanding options by our employees. We did not receive any of the proceeds from the sales of shares by the selling stockholders.
We sell the majority of our products, subscriptions and services to end-customers through distributors, resellers, and strategic partners, with a lesser percentage of sales directly to end-customers.
Basis of Presentation and Consolidation
The consolidated financial statements include the accounts of FireEye, Inc. and its wholly owned subsidiaries and have been prepared in conformity with accounting principles generally accepted in the United States of America (“U.S. GAAP”). All intercompany balances and transactions have been eliminated in consolidation.
Use of Estimates
The preparation of consolidated financial statements in conformity with U.S. GAAP requires management to make estimates and assumptions that affect the reported amounts of assets and liabilities and disclosure of contingent assets and liabilities at the date of the consolidated financial statements and the reported amounts of revenue and expenses during the reporting period. Such management estimates include, but are not limited to, the best estimate of selling price for our products, subscriptions and services, commissions expense, bonus expense, future taxable income, contract manufacturer liabilities, litigation and settlement costs and other loss contingencies, fair value of equity awards, achievement of targets for performance stock units and the purchase price allocation of acquired businesses. We base our estimates on historical experience and also on assumptions that we believe are reasonable. Changes in facts or circumstances may cause us to change our assumptions and estimates in future periods, and it is possible that actual results could differ from current or revised future estimates.
Concentrations
Financial instruments that subject us to concentrations of credit risk consist primarily of cash and cash equivalents, short-term investments, and accounts receivable. We maintain a substantial portion of our cash and cash equivalents in money market funds invested in U.S. Treasury related obligations. Management believes that these financial institutions are financially sound and, accordingly, are subject to minimal credit risk. Deposits held with banks may exceed the amount of insurance provided on such deposits.
Our short-term investments primarily consist of notes and bonds issued by corporate institutions and U.S. Government agencies. All of our investments are highly-rated by credit rating agencies and are issued by organizations with reputable credit, and therefore bear minimal credit risk.

72


Our accounts receivables are primarily derived from a diverse set of customers across various geographical locations. We perform ongoing credit evaluations of our customers and generally do not require collateral on accounts receivable. We maintain an allowance for doubtful accounts for estimated potential credit losses. See Note 16 for information on major customers.
We rely primarily on a single contract manufacturer to assemble our products. In some cases we rely on sole suppliers for a certain number of our components.
Foreign Currency Translation and Transactions
The functional currency of our foreign subsidiaries is the U.S. dollar. We translate all monetary assets and liabilities denominated in foreign currencies into U.S. dollars using the exchange rates in effect at the balance sheet dates and other assets and liabilities using historical exchange rates.
Foreign currency denominated revenue and expenses have been re-measured using the average exchange rates in effect during each period. Foreign currency re-measurement gains and losses have been included in other income (expense) and have not been significant for the years ended December 31, 2014, 2013 and 2012.
Cash and Cash Equivalents
We consider all highly liquid investments with original maturities of three months or less at date of purchase to be cash equivalents. We determine the appropriate classification of our investments at the time of purchase, and evaluate such designation at each balance sheet date.
Short-term Investments
We classify our investments in debt and equity securities as available-for-sale and record these investments at fair value. Investments with an original maturity of three months or less at the date of purchase are considered cash equivalents, while all other investments are classified as short-term or long-term based on the nature of the investments, their maturities, and their availability for use in current operations. Unrealized gains and losses are reported as a component of other comprehensive loss. Realized gains and losses are determined based on the specific identification method, and are reflected in our Consolidated Statements of Operations. We regularly review our investment portfolio to identify and evaluate investments that have indicators of possible impairment. Factors considered in determining whether a loss is other-than-temporary include, but are not limited to: the length of time and extent a security’s fair value has been below its cost, the financial condition and near-term prospects of the investee, the credit quality of the security’s issuer, likelihood of recovery and our intent and ability to hold the security for a period of time sufficient to allow for any anticipated recovery in value. For our debt instruments, we also evaluate whether we have the intent to sell the security or it is more likely than not that we will be required to sell the security before recovery of its cost basis.
Investments are considered to be impaired when a decline in fair value is judged to be other-than-temporary. Fair value is calculated based on publicly available market information or other estimates determined by management. If the cost of an investment exceeds its fair value, we evaluate, among other factors, general market conditions, credit quality of debt instrument issuers, the duration and extent to which the fair value is less than cost, and whether we have plans to sell the security, or it is more likely than not that we will be required to sell the security, before recovery. Once a decline in fair value is determined to be other-than-temporary, an impairment charge is recorded to other income (expense) and a new cost basis in the investment is established.
Fair Value of Financial Instruments
We define fair value as the price that would be received from selling an asset, or paid to transfer a liability, in an orderly transaction between market participants at the measurement date. When determining the fair value measurements for assets and liabilities which are required to be recorded at fair value, we consider the principal or most advantageous market in which to transact and the market-based risk. We apply fair value accounting for all financial assets and liabilities that are recognized or disclosed at fair value in the financial statements on a recurring basis. The carrying amounts reported in the consolidated financial statements approximate the fair value for cash and cash equivalents, accounts receivable, accounts payable, and accrued liabilities, due to their short-term nature.
Accounts Receivable
Trade accounts receivable are recorded at the invoiced amount, net of allowances for doubtful accounts. The allowance for doubtful accounts is based on our assessment of the collectability of accounts. Management regularly reviews the adequacy of the allowance for doubtful accounts by considering the age of each outstanding invoice, each partner’s expected ability to pay, and the collection history with each partner, when applicable, to determine whether a specific allowance is appropriate. Accounts receivable deemed uncollectible are charged against the allowance for doubtful accounts when identified.
Inventories
Inventories are stated at the lower of cost or market. Provisions have been made to reduce all slow-moving, obsolete or unusable inventories to their net realizable values. We purchase completed units from contract manufacturers. Accordingly, substantially all

73


inventories are finished goods with an immaterial balance of replacement parts. As of December 31, 2014 and 2013, the provisions for excess and obsolete inventories were not significant.
Deferred Costs of Revenue
Deferred cost of revenue consists of direct and incremental costs related to product revenue deferred in accordance with the Company’s revenue recognition policy. Deferred cost of revenue that will be realized within the succeeding 12 month period is classified as current, and included in prepaid expenses and other current assets on the consolidated balance sheets. The remaining balance is classified as non-current, and included in deposits and other long-term assets.
Property and Equipment
Property and equipment are recorded at cost. Depreciation is computed using the straight-line method over the estimated useful lives of the assets, generally two to five years.
The estimated useful lives of property and equipment are described below:
Property and Equipment
 
Useful Life
Computer equipment and software
 
2 to 5 years
Leasehold improvements
 
Shorter of estimated useful life or remaining lease term
Furniture and fixtures
 
5 years
Machinery and equipment
 
2 to 5 years
Demonstration Units
Product demonstration units are included in prepaid expenses and other current assets on the consolidated balance sheets. Demonstration units are recorded at cost and are amortized over the estimated useful life from the date of transfer from inventory, generally 12 months. We generally do not resell units that have been used for demonstration purposes.
Impairment of Long-Lived Assets
We evaluate events and changes in circumstances that could indicate carrying amounts of long-lived assets may not be recoverable. When such events or changes in circumstances occur, we assess the recoverability of long-lived assets by determining whether or not the carrying value of such assets will be recovered through undiscounted expected future cash flows. If the total of the future undiscounted cash flows is less than the carrying amount of an asset, we record an impairment charge for the amount by which the carrying amount of the assets exceeds the fair value of the asset. Through December 31, 2014 we have not written down any of our long-lived assets as a result of impairment.
Business Combinations
We have accounted for all of our acquisitions using the acquisition method as required under the provisions of FASB ASC 805, Business Combinations. The company allocates the fair value of purchase consideration to the tangible assets acquired, liabilities assumed and intangible assets acquired, based on their estimated fair values. The excess of the fair value of purchase consideration over the values of these identifiable assets and liabilities is recorded as goodwill.
When determining the fair value of assets acquired and liabilities assumed, management makes significant estimates and assumptions, especially with respect to intangible assets. Critical estimates in valuing certain identifiable assets include, but are not limited to, expected long-term market growth, future expected operating expenses, costs of capital, and appropriate discount rates. Management’s estimates of fair value are based upon assumptions believed to be reasonable, but which are inherently uncertain and unpredictable and, as a result, actual results may differ from estimates.
Goodwill and Purchased Intangibles
Goodwill represents the excess of the aggregate purchase price paid over the fair value of the net tangible assets acquired. Goodwill is not amortized and is tested for impairment at least annually or whenever events or changes in circumstances indicate that the carrying value may not be recoverable. The Company has determined that it operates as one reporting unit and has selected December 1 as the date to perform its annual impairment test.
In the valuation of its goodwill, the Company must make assumptions regarding estimated future cash flows to be derived from the Company. If these estimates or their related assumptions change in the future, the Company may be required to record impairment for these assets. The first step of the impairment test involves comparing the fair value of the reporting unit to its net book value, including goodwill. If the net book value exceeds its fair value, then the Company would perform the second step of the goodwill impairment test to determine the amount of the impairment loss. The impairment loss would be calculated by comparing the implied fair value of the Company to its net book value. In calculating the implied fair value of the Company’s goodwill, the fair value of the Company would be allocated to all of the other assets and liabilities based on their fair values. The excess of the fair value of the

74


Company over the amount assigned to its other assets and liabilities is the implied fair value of goodwill. An impairment loss would be recognized when the carrying amount of goodwill exceeds its implied fair value. There was no impairment of goodwill recorded for the years ended December 31, 2014, 2013 or 2012.
Purchased intangible assets with finite lives are carried at cost, less accumulated amortization. Amortization is computed over the estimated useful lives of the respective assets. Purchased intangible assets with indefinite lives are assessed for potential impairment annually or when events or circumstances indicate that their carrying amounts might be impaired.
Warranties
We generally provide a one-year warranty on hardware. We do not accrue for potential warranty claims as a component of cost of product revenue as all product warranty claims are satisfied under our support and maintenance contracts.
Deferred Revenue
Deferred revenue consists of amounts that have been invoiced but that have not been recognized as revenue. Deferred revenue that will be realized during the succeeding 12 month period is recorded as current, and the remaining deferred revenue is recorded as non-current.
Contract Manufacturer Liabilities
We outsource most of our manufacturing, repair, and supply chain management operations to our independent contract manufacturers and payments to such manufacturers are a significant portion of our product cost of revenue. Although we could be contractually obligated to purchase manufactured products, we generally do not own the manufactured products. Product title transfers from our independent contract manufacturers to us and to our partners upon shipment. Our independent contract manufacturers assemble our products using design specifications, quality assurance programs, and standards that we establish, and they procure components and assemble our products based on our demand forecasts. These forecasts represent our estimates of future demand for our products based upon historical trends and analysis from our sales and product management functions as adjusted for overall market conditions. If the actual component usage and product demand are significantly lower than forecast, we may accrue for costs for contractual manufacturing commitments in excess of our forecasted demand, including costs for excess components or for carrying costs incurred by our contract manufacturers. To date, we have not accrued any significant costs associated with this exposure.
Revenue Recognition
We generate revenue from the sales of products, subscriptions, support and maintenance, and professional services primarily through our indirect relationships with our partners as well as end customers through our direct sales force. Our products include operating system software that is integrated into the appliance hardware and is deemed essential to its functionality. As a result, we account for product revenue in accordance with Accounting Standards Codification 605, Revenue Recognition, and all related interpretations, as all of our security appliance deliverables include proprietary operating system software, which together delivers the essential functionality of our products. Our professional services consist primarily of time and materials based contracts, and the revenue is recognized as costs are incurred at amounts represented by the agreed-upon billing amounts. Revenue from fixed-price professional services engagements are recognized under the proportional performance method of accounting.
Revenue is recognized when all of the following criteria are met:
Persuasive Evidence of an Arrangement Exists. We rely upon non-cancelable sales agreements and purchase orders to determine the existence of an arrangement.
Delivery has Occurred. We use shipping documents or transmissions of service contract registration codes to verify delivery.
The Fee is Fixed or Determinable. We assess whether the fee is fixed or determinable based on the payment terms associated with the transaction.
Collectability is Reasonably Assured. We assess collectability based on credit analysis and payment history.
Our products include principal security product families that address critical vectors of attack, including Web, email, endpoint, file and mobile. Our Network Threat Prevention, Endpoint Threat Prevention, File Content Security, Forensic Analysis System and Central Management System appliance and subscription services qualify as separate units of accounting. Therefore, Network Threat Prevention, Endpoint Threat Prevention, File Content Security, Forensic Analysis System and Central Management System appliance product revenue is recognized at the time of shipment. Historically, our Email Threat Prevention appliance could not function without the use of our Email Threat Prevention Attachment/URL Engine, which analyzes email attachments and URLs embedded in emails for next-generation threats. As such, our Email Threat Prevention and related services previously did not have stand-alone value and did not qualify as separate units of accounting. Therefore, Email Threat Prevention product revenue has historically been recognized ratably over the longer of the contractual term of the subscription services or the estimated period the customer was expected to benefit from the product, provided that all other revenue recognition criteria had been met. Beginning in June 2014, we started shipping all Email Threat Prevention appliances with software that allows customers to benefit from the product without the associated subscription

75


services. Consistent with our Network and Endpoint Threat Prevention and File Content Security products, revenue therefore is recognized at the time of shipment.
At the time of shipment, product revenue meets the criteria for fixed or determinable fees. In addition, payment from our partners is not contingent on the partners' collection from their end-customers. Our partners do not stock products and do not have any stock rotation rights. We recognize subscription and support and maintenance service revenue ratably over the contractual service period, which is typically one or three years. Professional services revenue, including incident response and related consulting services for our customers who have experienced a cyber-security breach or who require assistance assessing the vulnerability of their networks, and training services revenue is recognized as the services are rendered.
Most of our arrangements, other than renewals of subscriptions and support and maintenance services, are multiple-element arrangements with a combination of product, subscriptions, support and maintenance, and other services. For multiple-element arrangements, we allocate revenue to each unit of accounting based on an estimated selling price at the arrangement inception. The estimated selling price for each element is based upon the following hierarchy: vendor-specific objective evidence (“VSOE”) of selling price, if available, third-party evidence (“TPE”) of selling price, if VSOE of selling price is not available, or best estimate of selling price (“BESP”), if neither VSOE of selling price nor TPE of selling price are available. The total arrangement consideration is allocated to each separate unit of accounting using the relative estimated selling prices of each unit based on the aforementioned selling price hierarchy. We limit the amount of revenue recognized for delivered elements to an amount that is not contingent upon future delivery of additional products or services or meeting of any specified performance conditions.
To determine the estimated selling price in multiple-element arrangements, we seek to establish VSOE of selling price using the prices charged for a deliverable when sold separately and, for subscriptions and support and maintenance, based on the renewal rates and discounts offered to partners. If VSOE of selling price cannot be established for a deliverable, we seek to establish TPE of selling price by evaluating similar and interchangeable competitor products or services in standalone arrangements with similarly situated partners. However, as our products contain a significant element of proprietary technology and offer substantially different features and functionality from our competitors, we are unable to obtain comparable pricing of our competitors’ products with similar functionality on a standalone basis. Therefore, we have not been able to obtain reliable evidence of TPE of selling price. If neither VSOE nor TPE of selling price can be established for a deliverable, we establish BESP primarily based on historical transaction pricing. Historical transactions are segregated based on our pricing model and our go-to-market strategy, which include factors such as type of sales channel (reseller, distributor, or end-customer), the geographies in which our products and services were sold (domestic or international), offering type (products, subscriptions or services), and whether or not the opportunity was identified by our sales force or by our partners. In analyzing historical transaction pricing, we evaluate whether a majority of the prices charged for a product, as represented by a percentage of list price, fall within a reasonable range. To further support the best estimate of selling price as determined by the historical transaction pricing or when such information is unavailable, such as when there are limited sales of a new product, we consider the same factors we have established through our pricing model and go-to-market strategy. The determination of BESP is made through consultation with and approval by our management. We have established the estimated selling price of all of our deliverables using BESP.
Shipping charges billed to partners are included in revenue and related costs are included in cost of revenue. Sales commissions and other incremental costs to acquire contracts are also expensed as incurred and are recorded in sales and marketing expense. After receipt of a partner order, any amounts billed in excess of revenue recognized are recorded as deferred revenue.
Advertising Costs
Advertising costs, which are expensed and included in sales and marketing expense when incurred, were $2.3 million, $0.8 million and $1.1 million during the years ended December 31, 2014, 2013 and 2012, respectively.
Software Development Costs
The costs to develop software have not been capitalized as we believe our current software development process is essentially completed concurrent with the establishment of technological feasibility. As such, all software development costs are expensed as incurred and included in research and development expense on the consolidated statements of operations. As of December 31, 2014 and 2013, capitalized software development costs have not been material.
Stock-Based Compensation
Compensation expense related to stock-based transactions, including employee and non-employee director awards and our 2013 Employee Stock Purchase Plan (the "ESPP"), is measured and recognized in the financial statements based on fair value. The fair value of each option award is estimated on the grant date using the Black-Scholes option-pricing model and a single option award approach. This model requires that at the date of grant we determine the fair value of the underlying common stock, the expected term of the award, the expected volatility of the price of our common stock, risk-free interest rates, and expected dividend yield of our common stock. The fair value of restricted stock awards and restricted stock units is based on the closing market price of our common stock on the date of grant. The stock-based compensation expense, net of forfeitures, is recognized using a straight-

76


line basis over the requisite service periods of the awards, which is generally four years. We estimate a forfeiture rate to calculate the stock-based compensation for our awards. Our forfeiture rate is based on an analysis of our actual historical forfeitures.
We account for stock options issued to non-employees based on the fair value of the awards determined using the Black-Scholes option-pricing model. The fair value of stock options granted to non-employees is remeasured as the stock options vest, and the resulting change in value, if any, is recognized in the statement of operations during the period the related services are rendered.
Income Taxes
We account for income taxes using the asset and liability method, which requires the recognition of deferred tax assets and liabilities for the expected future tax consequences of events that have been recognized in our financial statements or tax returns. In addition, deferred tax assets are recorded for the future benefit of utilizing net operating losses and research and development credit carry forwards. Valuation allowances are provided when necessary to reduce deferred tax assets to the amount expected to be realized.
We apply the authoritative accounting guidance prescribing a threshold and measurement attribute for the financial recognition and measurement of a tax position taken or expected to be taken in a tax return. We recognize liabilities for uncertain tax positions based on a two-step process. The first step is to evaluate the tax position for recognition by determining if the weight of available evidence indicates that it is more likely than not that the position will be sustained on audit, including resolution of related appeals or litigation processes, if any. The second step requires us to estimate and measure the tax liability as the largest amount that is more likely than not to be realized upon ultimate settlement. We recognize interest and penalties related to unrecognized tax benefits within the income tax expense line in the accompanying consolidated statements of operations. Accrued interest and penalties are included within other long-term liabilities in the consolidated balance sheets.
Net Loss Per Share Attributable to Common Stockholders
We calculate our basic and diluted net loss per share attributable to common stockholders in conformity with the two-class method required for companies with participating securities. Under the two-class method, in periods when the Company has net income, net income attributable to common stockholders is determined by allocating undistributed earnings, calculated as net income less current period convertible preferred stock non-cumulative dividends, between common stock and the convertible preferred stock. In computing diluted net income attributable to common stockholders, undistributed earnings are re-allocated to reflect the potential impact of dilutive securities. The Company’s basic net loss per share attributable to common stockholders is calculated by dividing the net loss attributable to common stockholders by the weighted-average number of shares of common stock outstanding for the period. The diluted net loss per share attributable to common stockholders is computed by giving effect to all potential dilutive common stock equivalents outstanding for the period. For purposes of this calculation, options to purchase common stock are considered common stock equivalents, but have been excluded from the calculation of diluted net loss per share attributable to common stockholders as their effect is anti-dilutive.
Recent Accounting Pronouncements
In May 2014, the FASB issued an accounting standard update related to revenue from contracts with customers. This standard provides a single model for revenue arising from contracts with customers and supersedes current revenue recognition guidance. The core principle of the guidance is that an entity should recognize revenue to depict the transfer of promised goods or services to customers in an amount that reflects the consideration to which the entity expects to be entitled in exchange for those goods or services. The guidance is effective for us beginning in the first quarter of 2017. Early adoption is not permitted. The guidance permits companies to either apply the requirements retrospectively to all prior periods presented, or apply the requirements in the year of adoption, through a cumulative adjustment. We are currently evaluating the impact the adoption will have on our consolidated financial statements and related disclosures.
In August 2014, the FASB issued ASU 2014-15, Disclosures of Uncertainties About an Entity’s Ability to Continue as a Going Concern. This standard provides guidance on how and when reporting entities must disclose going-concern uncertainties in their financial statements. The guidance is effective for us beginning in the first quarter of 2017. Early adoption is permitted.
2. Fair Value Measurements
The accounting guidance for fair value measurements provides a framework for measuring fair value on either a recurring or nonrecurring basis, whereby the inputs used in our valuation techniques are assigned a hierarchical level. The following are the three levels of inputs to measure fair value:
Level 1: Observable inputs that reflect quoted prices (unadjusted) for identical assets or liabilities in active markets.

77


Level 2: Inputs that reflect quoted prices for identical assets or liabilities in less active markets; quoted prices for similar assets or liabilities in active markets; benchmark yields, reported trades, broker/dealer quotes, inputs other than quoted prices that are observable for the assets or liabilities; or inputs that are derived principally from or corroborated by observable market data by correlation or other means.
Level 3: Unobservable inputs that reflect our own assumptions incorporated in valuation techniques used to measure fair value. These assumptions are required to be consistent with market participant assumptions that are reasonably available.
We consider an active market to be one in which transactions for the asset or liability occur with sufficient frequency and volume to provide pricing information on an ongoing basis, and consider an inactive market to be one in which there are infrequent or few transactions for the asset or liability, the prices are not current, or price quotations vary substantially either over time or among market makers. Where appropriate, our own or the counterparty’s non-performance risk is considered in measuring the fair values of assets.
The following table presents the fair value of our financial assets and liabilities using the above input categories (in thousands):
 
As of December 31, 2014
 
As of December 31, 2013
Description
Level 1
 
Level 2
 
Level 3
 
Total
 
Level 1
 
Level 2
 
Level 3
 
Total
Cash equivalents:
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Money market funds
$
13,069

 
$

 
$

 
$
13,069

 
$
132,518

 
$

 
$

 
$
132,518

U.S. Government agencies
 
 
12,950

 
 
 
12,950

 
 
 
 
 
 
 

Total cash equivalents
$
13,069

 
$
12,950

 
$

 
$
26,019

 
$
132,518

 
$

 
$

 
$
132,518

Short-term investments:
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Certificates of deposit

 
4,994

 

 
4,994

 

 

 

 

Corporate notes and bonds

 
142,984

 

 
142,984

 

 

 

 

U.S. Government agencies

 
107,867

 

 
107,867

 

 

 

 

Total short-term investments
$

 
$
255,845

 
$

 
$
255,845

 
$

 
$

 
$

 
$

Total assets measured at fair value
$
13,069

 
$
268,795

 
$

 
$
281,864

 
$
132,518

 
$

 
$

 
$
132,518

3. Short-Term Investments
Our investments consisted of the following as of December 31, 2014 (in thousands):
 
Available-for-Sale Securities
 
Amortized Cost
 
Gross Unrealized Gains
 
Gross Unrealized Losses
 
Estimated Fair Value
 
Cash and Cash Equivalents
 
Short-Term Investments
Certificates of deposit
$
5,000

 

 
$
(6
)
 
$
4,994

 
$

 
$
4,994

Corporate notes and bonds
143,215

 
4

 
(235
)
 
142,984

 

 
142,984

U.S. Government agencies
121,021

 
1

 
(205
)
 
120,817

 
12,950

 
107,867

Total
$
269,236

 
$
5

 
$
(446
)
 
$
268,795

 
$
12,950

 
$
255,845

The following table presents our investments that had gross unrealized losses, the duration of which was less than twelve months, as of December 31, 2014 (in thousands):
 
Total
 
Estimated Fair Value
 
Unrealized Loss
Certificates of deposit
$
3,793

 
$
(6
)
Corporate notes and bonds
130,920

 
(235
)
U.S. Government agencies
109,868

 
(205
)
Total
$
244,581

 
$
(446
)
There were no investments with unrealized losses for twelve months or greater as of December 31, 2014.
Unrealized losses related to these investments are due to interest rate fluctuations as opposed to credit quality. In addition, we do not intend to sell, and it is not more likely than not that we would be required to sell, these investments before recovery of their cost basis. As a result, there is no other-than-temporary impairment for these investments as of December 31, 2014.

78


The following table summarizes the contractual maturities of our investments at December 31, 2014 (in thousands):
 
Amortized Cost
 
Fair Value
Due within one year
$
158,252

 
$
158,140

Due within one to two years
110,984

 
110,655

Total
$
269,236

 
$
268,795

All available-for-sale securities have been classified as current, based on management's intent and ability to use the funds in current operations.
4. Property and Equipment
Property and equipment, net consisted of the following (in thousands):
 
 
As of December 31,
 
 
2014
 
2013
Computer equipment and software
 
$
85,171

 
$
57,403

Leasehold improvements
 
34,522

 
15,660

Furniture and fixtures
 
12,022

 
6,035

Machinery and equipment
 
447

 
756

Total property and equipment
 
132,162

 
79,854

Less: accumulated depreciation and amortization
 
(49,864
)
 
(15,089
)
Total property and equipment, net
 
$
82,298

 
$
64,765

Depreciation and amortization expense related to property and equipment and demonstration units during the years ended December 31, 2014, 2013 and 2012 was $46.8 million, $19.2 million and $6.9 million, respectively.
5. Business Combinations
Acquisitions in 2014
On May 9, 2014, we acquired all outstanding shares of privately held nPulse Technologies, Inc. (“nPulse”), a performance leader in network forensics based in Charlottesville, Virginia. The acquisition of nPulse strengthens our position as a leader in advanced threat detection and incident response management solutions.
The total purchase consideration of $56.6 million consisted of $55.2 million in cash, $0.1 million of equity awards assumed, and 54,319 shares of our common stock, with a fair value of $1.3 million which will vest upon the achievement of milestones. The number of shares was fixed at the completion of the acquisition, and is the maximum number of shares that can vest over a period of approximately three and half years from the acquisition date.
The acquisition of nPulse was accounted for in accordance with the acquisition method of accounting for business combinations with FireEye as the accounting acquirer. We expensed the related acquisition costs of $0.5 million in general and administrative expenses. Under the acquisition method of accounting, the total purchase consideration is allocated to the preliminary tangible and identifiable intangible assets acquired and liabilities assumed based on their estimated fair values. The total purchase price was allocated using information currently available to us. As a result, we may continue to adjust the preliminary purchase price allocation after obtaining more information regarding asset valuations, liabilities assumed, and revisions of preliminary estimates for up to a year following the acquisition date. Total allocation of the preliminary purchase price allocation is as follows (in thousands):
 
 
Amount
Net tangible liabilities assumed
 
$
(1,833
)
Intangible assets
 
24,700

Deferred tax asset
 
442

Deferred tax liability
 
(8,368
)
Goodwill
 
41,671

Total preliminary purchase price allocation
 
$
56,612

None of the goodwill is deductible for U.S. federal income tax purposes.

79


Intangible assets consist primarily of developed technology, customer relationships and in-process research and development. Developed technology intangible includes a combination of patented and unpatented technology, trade secrets, computer software and research processes that represent the foundation for the existing and planned new products and services. Customer relationships intangible relates to nPulse’s ability to sell existing, in-process and future products and services to its existing and potential customers. The in-process research and development intangible represents the estimated fair value of acquired research projects which have not reached technological feasibility at acquisition date but are expected to be developed into products and services within one year of the acquisition date. The preliminary estimated useful life and fair values of the identifiable intangible assets are as follows (in thousands):
 
 
Preliminary Estimated Useful Life (in years)
 
Amount
Developed technology
 
6
 
$
10,100

Customer relationships
 
8
 
8,000

In-process research and development
 
N/A
 
6,600

Total
 
 
 
$
24,700

The results of operations of nPulse have been included in our consolidated statements of operations from the acquisition date, though revenue and net income from nPulse were not material for the year ended December 31, 2014. Pro forma results of operations have not been presented because the acquisition was not material to our results of operations.
Acquisitions in 2013
On December 30, 2013, we acquired privately held Mandiant Corporation (“Mandiant”), a leading provider of advanced end point security products and security incident response management solutions. We believe this acquisition creates an advanced threat protection vendor with the ability to find and stop attacks at every stage of the attack life cycle.
At the closing on December 30, 2013, we acquired all the outstanding shares of capital stock of Mandiant for 16,123,011 shares of our common stock and $106.5 million in cash. Under the terms and conditions of the Merger Agreement, each outstanding share of Mandiant common stock was converted into the right to receive (a) $5.22 in cash, without interest, and subject to applicable withholding tax, and (b) 0.8126 of a share of our common stock. This transaction is referred to herein as the merger. In connection with the merger, all of the outstanding stock options and restricted stock awards of Mandiant were converted into stock options and restricted stock awards, respectively, denominated in shares of our common stock. The common stock issued, along with the fair value of vested equity awards assumed and cash payment, resulted in a purchase price of $900.8 million for accounting purposes. The total purchase consideration is as follows (in thousands):
 
 
Amount  
Cash
 
$
106,538

Fair value of common stock
 
704,414

Fair value of equity awards assumed
 
89,838

Total purchase consideration
 
$
900,790

The acquisition of Mandiant was accounted for in accordance with the acquisition method of accounting for business combinations with FireEye as the accounting acquirer. We expensed the related acquisition costs in the amount of $8.5 million in general and administrative expenses. Under the acquisition method of accounting, the total purchase price as shown in the table above is allocated to the tangible and identifiable intangible assets acquired and liabilities assumed based on their fair values. The total purchase price allocation was finalized in calendar year 2014. The following is the total purchase price allocation of the purchase consideration based on all available information as of December 31, 2014 (in thousands):
 
 
Amount  
Net tangible assets
 
$
10,797

Intangible assets
 
276,200

Deferred tax liability
 
(91,111
)
Goodwill
 
704,904

Total purchase price allocation
 
$
900,790

As noted above, in connection with the acquisition, we also assumed and exchanged Mandiant’s outstanding stock options and restricted stock awards. The assumed options and restricted stock awards continue to have the same terms and conditions as set forth in the original stock option and restricted stock award agreements. The fair values of the equity awards assumed were determined

80


using a Black-Scholes-Merton option-pricing model. The fair values of unvested equity awards of $119.5 million is being recorded as operating expense over the remaining requisite service periods as they relate to post-combination services, while the fair values of vested equity based awards of $89.8 million were included in total purchase price as they relate to pre-combination services.
None of the goodwill recorded as part of the Mandiant acquisition is deductible for U.S. federal income tax purposes.
Intangible assets consist primarily of developed technology, content, customer relationship and other intangible assets. Content intangibles represent threat intelligence, which is continually gathered from ongoing monitoring of endpoints and by incident response and remediation teams. The intangible assets attributable to customer relationships relate to Mandiant’s ability to sell existing, in-process and future versions of its products and services to its existing customers. Developed technology intangibles includes a combination of patented and unpatented technology, trade secrets, and computer software and processes that represent the foundation for planned new products and services. The useful life and fair values of the identifiable intangible assets are as follows (in thousands):
 
 
Useful Life (in years)
 
Amount  
Developed technology
 
4 - 6
 
$
54,600

Customer relationships
 
8
 
65,400

In-process research and development
 
N/A
 
1,400

Content
 
10
 
128,600

Contract backlog
 
1 - 3
 
13,800

Trade names
 
4
 
12,400

Total
 
 
 
$
276,200

The results of operations of Mandiant have been included in our consolidated statements of operations from the acquisition date, though Mandiant operations made no material contribution to our revenue or expenses for the year ended December 31, 2013. The following table presents pro forma results of operations of the Company and Mandiant as if the companies had been combined as of January 1, 2012, and includes pro forma adjustments related to the amortization of acquired intangible assets and share-based compensation expense. Direct and incremental transaction costs are excluded from the year ended December 31, 2013 pro forma condensed combined financial information presented below, and included in the year ended December 31, 2012 pro forma condensed combined financial information presented below. The tax benefit of $28.0 million that resulted from the acquisition is presented in the year ended December 31, 2012 pro forma condensed combined financial information presented below. The pro forma condensed combined financial information is presented for informational purposes only. The unaudited pro forma results of operations are not necessarily indicative of results that would have occurred had the acquisition taken place at the beginning of the earliest period presented, or of future results. Included in the pro forma results are fair value adjustments based on the fair values of assets acquired and liabilities assumed as of the acquisition date. Subsequent to the issuance of the Company’s fiscal 2013 consolidated financial statements, we determined that the supplemental information on an unaudited pro forma basis relating to the pro forma net loss for the periods presented were not correct due to incorrect calculations of the tax impact for certain pro forma adjustments included in the pro forma results of the combined operations. We previously reported pro forma net loss of $223.7 million and $77.9 million for the periods ended December 31, 2013 and 2012, respectively. Accordingly, we have corrected the pro forma net loss within the supplemental information on an unaudited pro forma basis, as if the Mandiant acquisition had been consummated on January 1, 2012. The revised disclosure is as follows (in thousands):
 
 
Year ended December 31,
 
 
2013
 
2012
Pro forma revenue
 
$
266,458

 
$
157,555

Pro forma loss from operations
 
(296,476
)
 
(130,885
)
Pro forma net loss
 
$
(246,617
)
 
$
(74,893
)
On September 3, 2013, we acquired all outstanding shares of Secure DNA Managed Services, Inc. and certain affiliated entities (collectively, “Secure DNA”), a security solutions provider based in Honolulu, Hawaii, focused on network monitoring and management, secured hosting, cloud e-mail protection, incident response and other network security related services. The acquisition of Secure DNA provides us with the developed technology platform that will facilitate the delivery of the advanced security services for all our products.
We accounted for the acquisition of Secure DNA as a purchase of a business. We expensed the related acquisition costs, consisting primarily of legal expenses in the amount of $0.2 million, and these expenses were presented as general and administrative expenses on the consolidated statements of operations for the year ended December 31, 2013. Under the acquisition method of accounting, the total purchase price was allocated to the tangible and identifiable intangible assets acquired and liabilities assumed.

81


The total purchase consideration of $4.9 million consisted of $4.1 million in cash and the issuance of 50,000 shares of our common stock with a fair value of $16.00 per share on the acquisition date. We also assumed deferred tax liabilities related to the fair value of the developed technology and customer relationships we obtained in the acquisition as well as other assumed liabilities related to normal operations. Primarily as a result of the deferred tax liabilities assumed in the acquisition, we recognized goodwill of $2.3 million equal to the excess of the purchase consideration over the fair value of the assets acquired and the liabilities assumed. None of the goodwill is deductible for income tax purposes.
The acquisition also included a contingent obligation of up to $3.0 million, consisting of 190,000 shares of our common stock with a fair value of $16.00 per share on the acquisition date, to certain employees from Secure DNA if specified product and service milestones are met within the two years of the acquisition date. As the obligation is contingent upon their continuous employment with us, the contingent obligation is being recorded as compensation expense ratably over the respective service periods. As of December 31, 2014, certain milestones were achieved resulting in the vesting of 152,000 shares of common stock.
The following table summarizes the consideration paid and the fair values of the assets acquired and liabilities assumed at the acquisition date for the Secure DNA acquisition (in thousands):
 
 
Amount  
Developed technology
 
$
1,300

Customer relationships
 
1,900

Deferred tax liabilities
 
(1,290
)
Net assets acquired
 
665

Goodwill
 
2,302

Fair value of total consideration transferred
 
$
4,877

The results of operations of Secure DNA have been included in our consolidated statements of operations from the acquisition date. Pro forma results of operations have not been presented because the acquisition was not material to our results of operations.
Acquisitions in 2012
On December 14, 2012, we acquired certain assets of Tall Maple Systems, Inc. (“Tall Maple”), a software platform provider that developed software applications to simplify the development cycle and reduce the time to market of Linux-based Internet appliances. We accounted for the acquisition of Tall Maple as a purchase of a business. We expensed the related acquisition costs, consisting primarily of legal expenses in the amount of $19,000 during the year ended December 31, 2012. These legal expenses were presented as general and administrative expenses on the consolidated statements of operations for the year ended December 31, 2012. The total purchase consideration of $816,000 consisted of the issuance of 150,000 shares of our common stock with a fair value of $5.44 per share on the acquisition date. The acquisition of Tall Maple provided us with developed technology. We determined that the fair value of the developed technology was approximately equal to the purchase consideration and that no other identifiable intangible or tangible assets were acquired and no liabilities were assumed. Accordingly, we did not recognize any goodwill with the acquisition of Tall Maple.
On December 20, 2012, we acquired all outstanding shares of Ensighta Security, Inc. (“Ensighta”), a company that develops a software application that enables automatic security analysis of mobile apps on android based mobile devices. We accounted for the acquisition of Ensighta as a purchase of a business. We expensed the related acquisition costs, consisting primarily of legal expenses in the amount of $328,000 during the year ended December 31, 2012. These legal expenses were presented as general and administrative expenses on the consolidated statements of operations for the year ended December 31, 2012. The total purchase consideration of $3.2 million consisted of $888,000 in cash and the issuance of 422,668 shares of our common stock with a fair value of $5.44 per share on the acquisition date. The acquisition of Ensighta provided us with developed technology and allowed us to enhance our workforce. We also assumed deferred tax liabilities related to the fair value of the developed technology we obtained in the acquisition as well as other assumed liabilities related to normal operations. Primarily as a result of the deferred tax liabilities assumed in the acquisition, we recognized goodwill of $1.3 million which represents the excess of the purchase consideration over the fair value of the assets acquired and the liabilities assumed. None of the goodwill is expected to be deductible for income tax purposes.

82


The following table summarizes the consideration paid and the fair values of the assets acquired and liabilities assumed at the acquisition date for the Ensighta acquisition (in thousands):
 
 
Amount  
Developed technology
 
$
3,378

Deferred tax liabilities
 
(1,274
)
Net assets acquired
 
(190
)
Goodwill
 
1,274

Fair value of total consideration transferred
 
$
3,188

The results of operations of Tall Maple, Ensighta and Secure DNA have been included in our consolidated statements of operations from the acquisition date. Pro Forma results of operations have not been presented because the acquisitions were not material to our results of operations.
Goodwill and Purchased Intangible Assets
The changes in the carrying amount of goodwill for the years ended December 31, 2014 and 2013 are as following (in thousands):
 
 
Amount
Balance as of December 31, 2012
 
$
1,274

Goodwill acquired
 
705,053

Balance as of December 31, 2013
 
706,327

Goodwill acquired
 
41,538

Deferred tax adjustments
 
1,156

Other adjustments
 
1,267

Balance as of December 31, 2014
 
$
750,288

Intangible assets consist of the following (in thousands):
 
 
As of December 31,
 
 
2014
 
2013
Developed technology
 
$
78,193

 
$
60,093

Content
 
128,600

 
128,500

Customer relationships
 
75,300

 
67,900

Contract backlog
 
13,800

 
12,600

Trade names
 
12,400

 
12,400

Total intangible assets subject to amortization
 
308,293

 
281,493

Less: accumulated amortization
 
(46,668
)
 
(1,516
)
Net intangible assets subject to amortization
 
261,625

 
279,977

In-process research and development
 

 
1,400

Total net intangible assets
 
$
261,625

 
$
281,377

The developed technology, content and contract backlog will be amortized to cost of sales over the economic life of the related assets, which was estimated to be three to ten years as of the acquisition date. The customer relationships and trade names will be amortized to sales and marketing expense over the economic life of the related assets, which was estimated to be four to eight years as of the acquisition date. As of December 31, 2014, all in-process research and development obtained in our acquisitions of Mandiant and nPulse was completed. Amortization expense of intangible assets for the years ended December 31, 2014, 2013 and 2012 was $45.2 million, $1.5 million and zero, respectively.

83


The expected annual amortization expense of intangible assets as of December 31, 2014 is presented below (in thousands):
Years Ending December 31, 
 
Amount
2015
 
$
47,064

2016
 
46,448

2017
 
40,503

2018
 
29,346

2019
 
27,574

2020 and thereafter
 
70,690

Total
 
$
261,625

Out of Period Adjustments
During the year ended December 31, 2014, we made adjustments to correct errors related to the purchase of Mandiant, which resulted in an increase in additional paid-in capital of $3.1 million, an increase in intangible assets of approximately $0.7 million, a decrease in current liabilities of $1.2 million and an increase in goodwill of approximately $1.2 million.
Because these errors, both individually and in the aggregate, were not material to the prior years’ financial statements and the impact of correcting these errors in the current period is not material to the December 31, 2014 consolidated financial statements, we recorded the correction of these errors in the December 31, 2014 consolidated financial statements.
6. Restructuring Charges
We initiated a series of business restructuring plans beginning in August 2014 to reduce our cost structure and improve efficiency, resulting in workforce reductions and the consolidation of certain real estate facilities. These activities have been substantially completed as of December 31, 2014.
Restructuring costs totaled $4.3 million for the year ended December 31, 2014.
The following table sets forth a summary of the restructuring activities which took place during the year ended December 31, 2014 (in thousands):
 
 
Severance and related costs
 
Facilities
 
Total
Balance, December 31, 2013
 
$

 
$

 
$

Provision for restructuring charges
 
1,583

 
1,124

 
2,707

Cash payments and other adjustments
 
(1,583
)
 
(359
)
 
(1,942
)
Balance, December 31, 2014
 
$

 
$
765

 
$
765

The provision for restructuring charges shown above excludes $1.6 million of non-cash fixed asset write-offs.
The remaining restructuring balance of $0.8 million as of December 31, 2014 relates to non-cancelable lease costs, which the Company expects to pay over the terms of the related obligations through the third quarter of 2017, less estimated sublease income.
7. Deferred Revenue
Deferred revenue consists of the following (in thousands):
 
 
As of December 31,
 
 
2014
 
2013
Product, current
 
$
10,718

 
$
13,823

Subscription and services, current
 
193,159

 
96,712

Total deferred revenue, current
 
203,877

 
110,535

Product, non-current
 
4,891

 
6,711

Subscription and services, non-current
 
143,775

 
70,268

Total deferred revenue, non-current
 
148,666

 
76,979

Total deferred revenue
 
$
352,543

 
$
187,514


84


8. Long-term Debt
Loan Agreements
In August 2005, we entered into a loan agreement (the “First Loan Agreement”) with two lenders that provided for borrowings under an equipment facility and a growth capital facility up to $1.0 million and $3.0 million, respectively.
In June 2010, we entered into a second loan agreement (the “Second Loan Agreement”) with a lender, which was later amended in August 2011, that provided for: (1) a revolving line of credit facility, (2) an equipment facility, (3) a term loan and a (4) growth facility.
The Company had no amounts outstanding under its First Loan Agreement as of December 31, 2014 and 2013.
The Company had no amounts outstanding under its Second Loan Agreement, and was in compliance with all financial-related covenants, as of December 31, 2014 and 2013.
We drew down zero, $10.0 million and $7.6 million under the revolving line of credit facility during the years ended December 31, 2014, 2013 and 2012, respectively. In October 2013, we repaid the outstanding borrowings in the amount of $20.0 million.
We made no borrowings under the equipment facility, term loan or growth facility during the years ended December 31, 2014, 2013 and 2012. During the year ended December 31, 2013, we paid off all remaining balances outstanding. All loan agreements and credit facilities expired as of, or by, December 31, 2014.
Warrants
Under the terms of our First and Second Loan Agreements, we issued fully vested warrants to purchase 245,899 shares of Series A-2 convertible preferred stock, 118,942 shares of Series B convertible preferred stock, 100,000 shares of Series D convertible preferred stock and 60,661 shares of Series E convertible preferred stock. Upon the closing of our initial public offering in September 2013, all the shares underlying these warrants were converted from preferred stock to common stock.
9. Commitments and Contingencies
Leases
We lease our facilities under various non-cancelable operating leases, which expire on various dates through the year ending December 31, 2024. Rent expense is recognized using the straight-line method over the term of the lease. Rent expense, net of sublease income, was $10.7 million, $3.7 million and $0.8 million for the years ended December 31, 2014, 2013 and 2012, respectively.
The aggregate future non-cancelable minimum rental payments on our operating leases, as of December 31, 2014, are as follows (in thousands):
Years Ending December 31, 
 
Amount 
2015
 
$
11,091

2016
 
8,649

2017
 
6,880

2018
 
3,664

2019
 
3,818

2020 and thereafter
 
9,566

Total
 
$
43,668

Total future non-cancelable minimum rental payments have not been reduced by future minimum sublease rentals totaling $1.1 million.
We are party to letters of credit totaling $1.9 million, $0.9 million and zero as of December 31, 2014, 2013 and 2012, respectively, issued primarily in support of operating leases at several of our facilities. These letters of credit are collateralized by a line with our bank. No amounts have been drawn against these letters of credit.
Contract Manufacturer Commitments
Our independent contract manufacturers procure components and assemble our products based on our forecasts. These forecasts are based on estimates of future demand for our products, which are in turn based on historical trends and an analysis from our sales and product marketing organizations, adjusted for overall market conditions. In order to reduce manufacturing lead times and plan for adequate supply, we may issue forecasts and orders for components and products that are non-cancelable. As of December 31, 2014 and 2013, we had non-cancellable open orders of $23.2 million and $16.7 million, respectively. We are required to record a liability for firm, noncancelable and unconditional purchase commitments with contract manufacturers and suppliers for quantities in excess of our future demand forecasts. As of December 31, 2014 and 2013, we have not accrued any significant costs for such noncancelable commitments.

85


Purchase Obligations
As of December 31, 2014, we had approximately $15.3 million of non-cancellable firm purchase commitments primarily for purchases of software and services. Amounts which the company has received delivery of the goods or services under purchase orders outstanding at December 31, 2014, are reflected in the Consolidated Balance Sheet as accounts payable or accrued liabilities and are excluded from the $15.3 million.
Litigation
We accrue for contingencies when we believe that a loss is probable and that we can reasonably estimate the amount of any such loss. We have made an assessment of the probability of incurring any such losses and whether or not those losses are estimable.
On June 20, 2014, a purported stockholder class action lawsuit was filed in the Superior Court of California, County of Santa Clara, against the Company, the members of our Board of Directors, our Chief Financial Officer, and the underwriters of our March 2014 follow-on public offering.  On July 17, 2014, a substantially similar lawsuit was filed in the same court against the same defendants. The complaints allege violations of the federal securities laws on behalf of a purported class consisting of purchasers of the Company's common stock pursuant or traceable to the registration statement and prospectus for the follow-on public offering, and seek unspecified compensatory damages and other relief.  The Company intends to defend the litigation vigorously.  Based on information currently available, the Company has determined that the amount of any possible loss or range of possible loss is not reasonably estimable.
On November 24, 2014, a purported stockholder class action lawsuit was filed in the United States District Court for the Northern District of California against the Company and certain of its officers. The action is purportedly brought on behalf of a putative class of all persons who purchased or otherwise acquired the Company’s securities between January 2, 2014, and November 4, 2014. The complaint seeks, among other things, compensatory damages and attorneys’ fees and costs on behalf of the putative class. The Company intends to defend the litigation vigorously. Based on information currently available, the Company has determined that the amount of any possible loss or range of possible loss is not reasonably estimable.
On January 28, 2015, certain of the Company’s officers and directors were named as defendants in a putative derivative action filed in the Superior Court of California, County of Santa Clara. The Company is named as a nominal defendant. The complaint purports to allege claims for breach of fiduciary duty and unjust enrichment.
We are also subject to legal proceedings, claims and litigation, including intellectual property litigation, arising in the ordinary course of business. Such matters are subject to many uncertainties and outcomes, and are not predictable with assurance.
To the extent there is a reasonable possibility that a loss exceeding amounts already recognized may be incurred, and the amount of such additional loss would be material, we will either disclose the estimated additional loss or state that such an estimate cannot be made. We do not currently believe that it is reasonably possible that additional losses in connection with litigation arising in the ordinary course of business would be material.
Indemnification
Under the indemnification provisions of our standard sales related contracts, we agree to defend our customers against third-party claims asserting infringement of certain intellectual property rights, which may include patents, copyrights, trademarks, or trade secrets, and to pay judgments entered on such claims. Our exposure under these indemnification provisions is generally limited to the total amount paid by our customer under the agreement. However, certain agreements include indemnification provisions that could potentially expose us to losses in excess of the amount received under the agreement. In addition, we indemnify our officers, directors, and certain key employees for actions taken while they are or were serving in good faith in such capacities. Through December 31, 2014, there have been no claims under any indemnification provisions.
10. Common Shares Reserved for Issuance
Prior to its IPO, the Company had outstanding 11,164,000 shares designated as Series A convertible preferred stock, 10,985,000 shares designated as Series B convertible preferred stock, 7,049,000 designated as Series C convertible preferred stock, 26,231,000 designated as Series D convertible preferred stock, 4,412,000 designated as Series E convertible preferred stock, and 4,274,000 designated as Series F convertible preferred stock. Immediately prior to the completion of the Company’s IPO in September 2013, all shares of outstanding preferred stock automatically converted into 74,221,553 shares of common stock. After its IPO, the Company had 100,000,000 shares of preferred stock authorized, none of which were issued and outstanding as of December 31, 2014 and 2013.
Under our amended and restated certificate of incorporation, we are authorized to issue 1,000,000,000 shares of common stock with a par value of $0.0001 per share as of December 31, 2014 and 2013. Each share of common stock outstanding is entitled to one vote. The holders of common stock are also entitled to receive dividends whenever funds are legally available and when declared by the Board of Directors, subject to the prior rights of holders of all classes of convertible preferred stock outstanding.

86


As of December 31, 2014 and 2013, we had reserved shares of common stock for issuance as follows (in thousands):
 
 
As of December 31,
 
 
2014
 
2013
Reserved under stock award plans
 
38,879

 
40,226

Warrants to purchase common stock
 

 
312

ESPP
 
2,683

 
2,500

Total
 
41,562

 
43,038

11. Equity Award Plans
We have operated under our 2013 Equity Incentive Plan (“2013 Plan”) since our initial public offering ("IPO") in September 2013. Our 2013 Plan provides for the issuance of restricted stock and the granting of options, stock appreciation rights, performance shares, performance units and restricted stock units to our employees, officers, directors and consultants. Awards granted under the 2013 Plan vest over the periods determined by the Board of Directors or compensation committee of the Board of Directors, generally four years, and stock options granted under the 2013 Plan expire no more than ten years after the date of grant. In the case of an incentive stock option granted to an employee who at the time of grant owns stock representing more than 10% of the total combined voting power of all classes of stock, the exercise price shall be no less than 110% of the fair value per share on the date of grant, and the award shall expire five years from the date of grant. For options granted to any other employee, the per share exercise price shall be no less than 100% of the fair value per share on the date of grant. In the case of a non-statutory stock options and options granted to consultants, the per share exercise price shall be no less than 100% of the fair value per share on the date of grant. Stock that is purchased prior to vesting is subject to our right of repurchase at any time following termination of the participant for so long as such stock remains unvested. Approximately 13.3 million shares of our common stock were reserved for future grants as of December 31, 2014 under the 2013 Plan. As of January 1, 2015, an additional 7,642,993 shares of common stock became available for future grants under our 2013 Plan pursuant to provisions thereof that automatically increase the share reserve under such plan each year.
In August 2013, our Board of Directors adopted, and our stockholders approved, our Employee Stock Purchase Plan ("ESPP"), which became effective upon adoption. Our ESPP allows eligible employees to acquire shares of our common stock at 85% of the lower of the fair market value of our common stock on the first trading of each offering period or on the exercise date. Each offering period is approximately twelve months starting on the first trading date on or after May 15 and November 15 of each year. Participants may purchase shares of common stock through payroll deductions of up to 15% of their eligible compensation, subject to purchase limits of 3,000 shares for each normal purchase period or $25,000 worth of stock for each calendar year.
Our ESPP provides for annual increases in the number of shares available for issuance on the first day of each fiscal year equal to the lesser of: 1% of the outstanding shares of our common stock on the first day of such fiscal year; 3,700,000 shares; or such other amount as may be determined by our Board of Directors. As of December 31, 2014, an aggregate of 2,683,163 shares of common stock were available for future issuance under our ESPP. As of January 1, 2015, an additional 1,528,598 shares of common stock became available for future issuance under our ESPP pursuant to the provisions thereof that automatically increase the share reserve under such plan each year.
From time to time, we also grant restricted common stock or restricted stock awards outside of our equity incentive plans to certain employees in connection with acquisitions.
Stock-Based Compensation
We record stock-based compensation based on the fair value of stock options on grant date using the Black-Scholes option-pricing model. We determine the fair value of shares of common stock to be issued under the ESPP using the Black-Scholes option-pricing model. The fair value of restricted stock units and restricted stock awards equals the market value of the underlying stock on the date of grant. We granted performance-based restricted stock units and restricted stock awards to certain employees which vest upon the achievement of certain performance conditions, subject to the employees' continued service relationship with us. We assess the probability of vesting at each reporting period and adjust our compensation cost based on this probability assessment. We recognize such compensation expense on a straight-line basis over the service provider's requisite service period. We determined valuation assumptions as follows:
Fair Value of Common Stock
Prior to our IPO, the fair value of the common stock underlying the stock option awards was determined by our board of directors. Given the absence of a public trading market, our Board of Directors considered numerous objective and subjective factors to determine the fair value of our common stock at each meeting at which awards were approved. These factors included, but were not limited to (i) contemporaneous third-party valuations of common stock; (ii) the rights and preferences of convertible preferred stock relative to common stock; (iii) the lack of marketability of common stock; (iv) developments in the business; and (v) the likelihood of achieving




a liquidity event, such as an initial public offering or sale of the Company, given prevailing market conditions. After the completion of our IPO, we have been using the listed stock price on the date of grant as the fair value of our common stock.
Risk-Free Interest Rate
We base the risk-free interest rate used in the Black-Scholes option-pricing model on the implied yield available on U.S. Treasury zero-coupon issues with an equivalent expected term of the options for each option group.
Expected Term
The expected term represents the period that our stock-based awards are expected to be outstanding. We base the expected term assumption on our historical behavior combined with estimates of post-vesting holding periods.
Volatility
We determine the price volatility factor based on the historical volatilities of our peer group as we did not have sufficient trading history for our common stock.
Dividend Yield
The expected dividend assumption is based on our current expectations about our anticipated dividend policy.
The following table summarizes the assumptions used in the Black-Scholes option-pricing model to determine fair value of our stock options:
 
 
Year Ended December 31,
 
 
2014
 
2013
 
2012
Fair value of common stock
 
$27.89 - $75.87
 
$6.05 - $42.37
 
$1.65 - $5.44
Risk-free interest rate
 
1.8% - 2.0%
 
0.6% - 2.1%
 
0.2% - 3.4%
Expected term (in years)
 
6
 
4 - 6
 
1 - 6
Volatility
 
51% - 53%
 
46% - 54%
 
49% - 53%
Dividend yield
 
—%
 
—%
 
—%
The following table summarizes the assumptions used in the Black-Scholes option-pricing model to determine fair value of our common shares to be issued under the ESPP:
 
 
Year Ended December 31,
 
 
2014
 
2013
Fair value of common stock
 
$27.08 - $32.32
 
$20.00
Risk-free interest rate
 
0.1%
 
0.1%
Expected term (in years)
 
0.5 - 1.0
 
0.7 - 1.2
Volatility
 
35% - 45%
 
42% - 45%
Dividend yield
 
— %
 
— %
Total stock-based compensation expense related to stock options, ESPP and restricted stock units and awards is included in the consolidated statements of operations as follows (in thousands):
 
 
Year Ended December 31,
 
 
2014
 
2013
 
2012
Cost of product revenue
 
$
888

 
$
469

 
$
115

Cost of subscription and services revenue
 
17,037

 
2,341

 
55

Research and development
 
28,968

 
6,958

 
1,465

Sales and marketing
 
66,773

 
10,748

 
1,672

General and administrative
 
38,186

 
8,342

 
3,536

Total
 
$
151,852

 
$
28,858

 
$
6,843

As of December 31, 2014, total compensation cost related to stock-based awards not yet recognized was $303.1 million, net of estimated forfeitures, which is expected to be amortized on a straight-line basis over the weighted-average remaining vesting period of approximately three years.

88


Stock Option Activity
A summary of the activity for our stock option changes during the reporting periods and a summary of information related to options vested and expected to vest and options exercisable are presented below (in thousands, except per share and contractual life amounts and years):
 
 
Options Outstanding
 
 
Number of
Shares
 
Weighted-
Average
Exercise
Price 
 
Weighted-
Average
Grant Date Fair Value
 
Weighted-
Average
Contractual
Life (years)
 
 
Aggregate
Intrinsic
Value
Balance — December 31, 2011
 
14,711

 
$
0.42

 
 
 
8.6
 
$
11,227

Option granted
 
11,341

 
$
1.92

 
$
1.35

 
 
 
 
Options exercised
 
(7,472
)
 
$
1.27

 
 
 
 
 
$
6,682

Options canceled
 
(1,244
)
 
$
1.06

 
 
 
 
 
 
Balance — December 31, 2012
 
17,336

 
$
0.98

 
 
 
8.3
 
$
77,250

Option granted
 
13,182

 
$
9.57

 
$
5.71

 
 
 
 
Options exercised
 
(6,222
)
 
$
0.88

 
 
 
 
 
$
41,599

Options canceled
 
(1,453
)
 
$
3.60

 
 
 
 
 
 
Options assumed in acquisition
 
4,579

 
$
5.93

 
 
 
 
 
 
Balance — December 31, 2013
 
27,422

 
$
5.82

 
 
 
8.3
 
$
1,036,224

Option granted
 
676

 
$
72.60

 
$
72.60

 
 
 
 
Options exercised
 
(7,642
)
 
$
2.97

 
 
 
 
 
$
271,236

Options cancelled
 
(1,941
)
 
$
9.10

 
 
 
 
 
 
Options assumed in acquisition
 
63

 
$
20.60

 
 
 
 
 
 
Balance — December 31, 2014
 
18,578

 
$
9.13

 
 
 
7.4
 
$
445,636

Options vested and expected to vest — December 31, 2014
 
18,148

 
$
9.01

 
 
 
7.4
 
$
436,741

Options exercisable — December 31, 2014
 
8,590

 
$
5.48

 
 
 
6.6
 
$
227,063

In connection with our acquisition of Mandiant in December 2013, we assumed stock options covering an aggregate of 4.6 million shares of our common stock. At the date of the acquisition, 2.1 million of the stock options were vested and its fair value was recorded as part of the purchase consideration. The fair value related to the assumed 2.5 million unvested stock options are recognized as post-combination compensation costs and is being expensed ratably over the respective remaining service periods.
Additional information regarding options outstanding as of December 31, 2014 is as follows (in thousands, except per share data and years):
 
 
Options Outstanding 
 
Options Exercisable 
Exercise Price Range
 
Number of Shares
 
Weighted-
Average
Remaining
Contractual
Life (Years)
 
Weighted-
Average
Exercise
Price
 
Number of Shares
 
Weighted-
Average
Exercise
Price
$0.06 — $0.57
 
2,168

 
4.6
 
$
0.24

 
2,095

 
$
0.23

$0.75 — $1.65
 
2,355

 
6.5
 
$
1.42

 
1,487

 
$
1.37

$2.48 — $3.66
 
1,329

 
7.6
 
$
2.96

 
549

 
$
2.93

$5.44 — $5.44
 
2,851

 
7.9
 
$
5.44

 
1,081

 
$
5.44

$6.61 — $7.92
 
1,277

 
6.4
 
$
6.90

 
857

 
$
6.82

$7.93 — $7.93
 
2,752

 
7.9
 
$
7.93

 
932

 
$
7.93

$8.09 — $9.68
 
2,011

 
8.4
 
$
9.33

 
628

 
$
9.32

$10.25 — $13.00
 
2,494

 
8.4
 
$
11.94

 
720

 
$
11.91

$20.00 — $74.35
 
1,301

 
8.7
 
$
49.26

 
241

 
$
38.89

$75.87 — $75.87
 
40

 
9.2
 
$
75.87

 

 
$

$0.06 - $75.87
 
18,578

 
7.4
 
$
9.13

 
8,590

 
$
5.48


89


Restricted Common Stock, Restricted Stock Awards (“RSA”) and Restricted Stock Units (“RSU”) Activity
A summary of the activity for our restricted common stock, RSAs and RSUs during the reporting periods and a summary of information related to unvested restricted common stock, RSAs and RSUs and those expected to vest are presented below (in thousands, except per share data and years):
 
 
Number of Shares
 
Weighted-
Average
Grant-Date Fair Value
 
Weighted-
Average
Contractual
Life (years)
 
Aggregate
Intrinsic
Value
Unvested balance — December 31, 2011
 
1,220

 
 
 
 
 
 
Granted
 
2,687

 
$
2.72

 
 
 
 
Vested
 
(898
)
 
 
 
 
 
 
Canceled/forfeited
 

 
 
 
 
 
 
Unvested balance — December 31, 2012
 
3,009

 
 
 
 
 
 
Granted
 
1,949

 
$
31.59

 
 
 
 
Vested
 
(2,115
)
 
 
 
 
 
 
Canceled/forfeited
 
(262
)
 
 
 
 
 
 
Granted in connection with acquisitions
 
1,021

 
$
37.65

 
 
 
 
Unvested balance — December 31, 2013
 
3,602

 
 
 
 
 
 
Granted
 
6,734

 
$
42.12

 
 
 
 
Vested
 
(1,482
)
 
 
 
 
 
 
Canceled/forfeited
 
(809
)
 
 
 
 
 
 
Granted in connection with acquisitions
 
296

 
$
26.44

 
 
 
 
Unvested balance — December 31, 2014
 
8,341

 
 
 
1.7
 
$
263,416

Expected to vest — December 31, 2014
 
7,819

 
 
 
1.7
 
246,926

During the years ended December 31, 2014, 2013 and 2012, we issued 1,713,596, 2,062,938, and 351,953 shares, respectively, of restricted common stock, restricted stock awards or restricted stock units to certain employees which vest upon the achievement of certain performance conditions in addition to a continued service relationship with the Company.
In connection with our acquisition of Mandiant in December 2013, we issued 797,698 shares of our restricted stock at a value of $43.69 per share. These awards continue to have the same terms and conditions as set forth in the original restricted stock award agreements, and will vest over the weighted-average remaining vesting period of approximately two years.
In connection with our acquisition of nPulse in May 2014, we issued 295,681 restricted stock awards at a value of $26.44 per share. Of these awards, 54,319 were issued to former shareholders as purchase consideration, while the other 241,362 were issued into escrow for employees continuing with the Company. The vesting of all these awards is over a period of approximately three and a half years from the acquisition date, subject to the achievement of specified performance milestones. For those issued to employees vesting is also contingent upon continued service with the Company. As such, compensation expense is being recorded over the requisite service period of three and half years.
12. Income Taxes
Loss before benefit from income taxes consisted of the following (in thousands):
 
 
Year Ended December 31,
 
 
2014
 
2013
 
2012
United States
 
$
(269,426
)
 
$
(94,455
)
 
$
(37,316
)
Foreign
 
(211,018
)
 
(85,477
)
 
595

Total
 
$
(480,444
)
 
$
(179,932
)
 
$
(36,721
)

90


The benefit from income taxes consisted of the following (in thousands):
 
 
Year Ended December 31,
 
 
2014
 
2013
 
2012
Federal:
 
 

 
 
 
 
Current
 
$
11

 
$

 
$
(1,181
)
Deferred
 
(36,208
)
 
(56,212
)
 

State:
 
 
 
 
 
 

Current
 
255

 
86

 
(62
)
Deferred
 
(3,263
)
 
(4,564
)
 

Foreign:
 
 
 
 
 
 

Current
 
2,945

 
1,478

 
278

Deferred
 
(394
)
 
(85
)
 

Total
 
$
(36,654
)
 
$
(59,297
)
 
$
(965
)
Reconciliation of the federal statutory income tax rate to the effective tax rate is as follows:
 
 
Year Ended December 31,
 
 
2014
 
2013
 
2012
Federal statutory rate
 
35.0
 %
 
35.0
 %
 
35.0
 %
Effect of:
 
 
 
 
 
 

State taxes, net of federal tax benefit
 
0.6

 
2.5

 
2.7

Change in valuation allowance
 
(11.2
)
 
13.4

 
(31.7
)
Research and development tax credit
 
1.2

 
0.8

 
3.0

Convertible preferred stock warrants
 

 
(1.3
)
 
(2.4
)
Stock-based compensation
 
(1.9
)
 
2.9

 
(3.2
)
Foreign differential
 
(15.6
)
 
(17.1
)
 

Non-deductible/non-taxable items
 
(0.2
)
 

 

Other, net
 
(0.3
)
 
(3.2
)
 
(0.8
)
Total
 
7.6
 %
 
33.0
 %
 
2.6
 %
The components of the deferred tax assets and liabilities are as follows (in thousands):
 
 
As of December 31,
 
 
2014
 
2013
Deferred tax assets:
 
 
 
 
Net operating loss carryforwards
 
$
67,451

 
$
46,903

Accruals and reserves
 
9,549

 
6,471

Stock-based compensation
 
45,843

 
17,555

Fixed assets
 
6,906

 
752

Deferred revenue
 
23,095

 
10,546

Research and development credits
 
14,959

 
6,541

Other deferred tax assets
 
802

 
156

Gross deferred tax assets
 
168,605

 
88,924

Valuation allowance
 
(54,872
)
 
(4,186
)
Total deferred tax assets
 
113,733

 
84,738

Deferred tax liabilities:
 
 
 
 
Acquisition related intangibles
 
(112,928
)
 
(114,187
)
Other deferred tax liabilities
 
(326
)
 
(1,114
)
Total deferred tax liabilities
 
(113,254
)
 
(115,301
)
Total net deferred tax assets/(liabilities)
 
$
479

 
$
(30,563
)

91



A valuation allowance is provided when it is more likely than not that the deferred tax asset will not be realized. Our valuation allowance increased by approximately $50.7 million during 2014 primarily as a result of additional deferred tax assets recorded during the year for stock-based compensation, net operating loss carryforwards and research and development credits.
As of December 31, 2014, we had federal and state net operating loss carry forwards of approximately $376.9 million and $244.8 million, respectively, available to reduce future taxable income, if any. If not utilized, the federal net operating loss carry forwards will expire from the years ending December 31, 2024 through 2034 while state net operating loss carry forwards will expire from the years ending December 31, 2015 through 2034.
We also have federal and state research and development tax credit carry forwards of approximately $10.2 million and $6.9 million, respectively. If not utilized, the federal credit carry forwards will expire in various amounts from the years ended December 31, 2024 through 2034. The state credit will carry forward indefinitely.
Utilization of the net operating loss carry forwards and credits may be subject to an annual limitation due to the ownership change limitations provided by the Internal Revenue Code of 1986, as amended, and similar state provisions. The annual limitation may result in the expiration of net operating losses and credits before utilization.
As a result of certain realization requirements of ASC 718, the table of deferred tax assets shown above does not include certain deferred tax assets as of December 31, 2014 that arose directly from tax deductions related to equity compensation greater than compensation recognized for financial reporting. Equity will be increased by $79.5 million if and when such deferred tax assets are ultimately realized. The Company uses ASC 740 ordering when determining when excess tax benefits have been realized.
As of December 31, 2014, we had $21.3 million of unrecognized tax benefits, of which $20.0 million would affect income tax expense if recognized, before consideration of our valuation allowance. As of December 31, 2014, our federal, state, and foreign returns for all years are still open to examination. We do not expect the unrecognized tax benefits to change significantly over the next 12 months. We recognize both interest and penalties associated with uncertain tax positions as a component of income tax expense. During the years ended December 31, 2014, 2013 and 2012, we recognized interest and penalties of $115,000, $71,000 and $29,000, respectively. As of December 31, 2014 and 2013, our total accrual for interest and penalties was $215,000 and $100,000, respectively. The ultimate amount and timing of any future cash settlements cannot be predicted with reasonable certainty.
A reconciliation of gross unrecognized tax benefit is as follows (in thousands):
 
 
Year Ended December 31,
 
 
2014
 
2013
 
2012
Unrecognized tax benefits at the beginning of the period
 
$
10,887

 
$
1,172

 
$
699

Additions for tax positions related to the current year
 
10,452

 
8,789

 
474

Increases related to prior year tax positions
 

 
947

 

Decreases related to prior year tax positions
 
(52
)
 

 

Decreases based on settlements with taxing authorities
 

 
(21
)
 

Lapse of statute of limitations
 
(23
)
 

 
(1
)
Unrecognized tax benefits at the end of the period
 
$
21,264

 
$
10,887

 
$
1,172

As of December 31, 2014, we have not made any tax provision for U.S. federal and state income taxes on approximately $6.6 million of undistributed earnings in foreign subsidiaries, which we expect to reinvest outside of the U.S. indefinitely. If we were to repatriate these earnings to the U.S., we would be subject to U.S. income taxes and subject to an adjustment for foreign tax credits and foreign withholding taxes. Determination of the amount of unrecognized deferred tax liability related to these earnings is not practicable.
The benefit for income taxes for the year ended December 31, 2014 reflects an effective tax rate of 7.6%. The tax benefit is primarily due to the portion of the increase in U.S. deferred tax assets, primarily related to current year operating losses and stock-based compensation for which no U.S. valuation allowance is required. The valuation allowance is not required to the extent that deferred tax liabilities on acquisition-related intangibles are available as a source of income for the U.S deferred tax assets. The tax benefit was also partially due to the reduction in U.S. deferred tax liabilities previously established in purchase accounting, partially offset by foreign taxes and state minimum taxes.
The benefit for income taxes for the years ended December 31, 2013 and 2012 reflect effective rates of 33.0% and 2.6%, respectively. In both years, the tax benefit is primarily due to a reduction of the U.S. valuation allowance resulting from recording a deferred tax liability on the acquisition-related intangibles for which no benefit will be derived, partially offset by foreign taxes and state minimum taxes.

92



13. Net Loss per Share
Basic loss per share is calculated by dividing net loss by the weighted-average number of common shares outstanding during the period, less shares subject to repurchase, and excludes any dilutive effects of employee share-based awards and warrants. Diluted net income per common share is computed giving effect to all potential dilutive common shares, including common stock issuable upon exercise of stock options, and unvested restricted common stock and stock units. As we had net losses for the years ended December 31, 2014, 2013 and 2012, all potential common shares were determined to be anti-dilutive.
The following table sets forth the computation of net loss per common share (in thousands, except per share amounts):
 
 
Year Ended December 31,
 
 
2014
 
2013
 
2012
Numerator:
 
 
 
 
 
 
Net loss
 
$
(443,790
)
 
$
(120,635
)
 
$
(35,756
)
Denominator:
 
 
 
 
 
 
Weighted average number of shares outstanding — basic and diluted
 
142,176

 
45,271

 
10,917

Net loss per share — basic and diluted
 
$
(3.12
)
 
$
(2.66
)
 
$
(3.28
)
The following outstanding options, unvested shares and units, ESPP shares, warrants, and convertible preferred stock were excluded (as common stock equivalents) from the computation of diluted net loss per common share for the periods presented as their effect would have been anti-dilutive (in thousands):
 
 
As of December 31,
 
 
2014
 
2013
 
2012
Options to purchase common stock
 
18,578

 
27,422

 
17,336

Unvested early exercised common shares
 
2,382

 
4,877

 
7,832

Unvested restricted stock awards and units
 
8,341

 
3,602

 

Convertible preferred stock
 

 

 
73,747

Warrants to purchase convertible preferred stock
 

 

 
616

Warrants to purchase common stock
 

 
312

 

ESPP shares
 
124

 
249

 

14. Employee Benefit Plan
We have established a 401(k) tax-deferred savings plan (the “401(k) Plan”), which permits participants to make contributions by salary deduction pursuant to Section 401(k) of the Internal Revenue Code of 1986, as amended. We maintain the 401(k) Plan that provides our eligible employees with an opportunity to save for retirement on a tax-advantaged basis. In addition, until January 2015 we maintained a tax qualified plan for employees of the Mandiant subsidiary that was assumed in the Mandiant acquisition. All participants’ interests in their deferrals are 100% vested when contributed under both 401(k) plans. We are responsible for administrative costs of the 401(k) Plan and have made no matching contributions into our 401(k) Plan since inception. The Mandiant 401(k) plan had provided for a match of 100% of the first 4% of an eligible employee’s compensation contributed. Matching contributions under the Mandiant 401(k) plan were 100% vested when made. Under both 401(k) plans, pre-tax contributions are allocated to each participant’s individual account and are then invested in selected investment alternatives according to the participants’ directions. Each 401(k) plan is intended to qualify under Sections 401(a) and 501(a) of the Code. As a tax-qualified retirement plan, contributions to each 401(k) plan and earnings on those contributions are not taxable to the employees until distributed from the 401(k) plan, and all contributions are deductible by us when made. Our contributions to the Mandiant 401(k) plan were $2.9 million, zero and zero for the years ended December 31, 2014, 2013 and 2012, respectively. In January 2015, the former Mandiant 401(k) plan was merged into the 401(k) Plan.
15. Related Party Transactions
Acquisition of Mandiant
Our Chief Executive Officer (“CEO”) and Chairman of our board of directors, served as the Chairman of the board of directors of Mandiant from April 2011 to October 2013, and served as an advisor to Mandiant from October 2013 until the closing of the merger in December 2013. In addition, as of immediately prior to the completion of the merger, the CEO held 740,166 shares of Mandiant common stock, of which 328,960 shares were unvested shares subject to forfeiture in the event of his termination as a service provider to Mandiant. Pursuant to the terms of the equity agreements governing the CEO’s shares of Mandiant common stock, all of the CEO’s unvested Mandiant shares immediately vested in connection with the merger. Upon the closing of the merger, after giving effect to the vesting acceleration described in the preceding sentence, the CEO received aggregate merger consideration of approximately $28.6 million,

93


consisting of approximately $3.9 million in cash and 601,439 shares of our common stock, of which 87,335 shares were deposited into a third-party escrow account as partial security for the indemnity obligations of Mandiant and its former stockholders.
16. Segment and Major Customers Information
We conduct business globally and are primarily managed on a geographic basis. Our chief executive officer, who is our chief operating decision maker, reviews financial information presented on a consolidated basis accompanied by information about revenue by geographic region for purposes of allocating resources and evaluating financial performance. There are no segment managers who are held accountable for operations, operating results, and plans for levels, components, or types of products or services below the consolidated unit level. Accordingly, we are considered to be in a single reportable segment and operating unit structure.
Revenue by geographic region based on the billing address is as follows (in thousands):
 
 
Year Ended December 31,
 
 
2014
 
2013
 
2012
Revenue:
 
 
 
 
 
 
United States
 
$
319,144

 
$
116,730

 
$
66,556

EMEA
 
57,721

 
22,845

 
6,628

APAC
 
34,284

 
16,004

 
6,488

Other
 
14,513

 
5,973

 
3,644

Total revenue
 
$
425,662

 
$
161,552

 
$
83,316

Long lived assets by geographic region based on physical location is as follows (in thousands):
 
 
As of December 31, 2014
 
 
2014
 
2013
Property and Equipment, net:
 
 
 
 
United States
 
$
66,807

 
$
54,520

International
 
15,491

 
10,245

Total
 
$
82,298

 
$
64,765

Summarized below are individual customers whose revenue accounted for or exceeded 10% of the total Company's revenue:
 
 
Year Ended December 31,
 
 
2014
 
2013
 
2012
Percentage of Revenue:
 
 
 
 
 
 
Carahsoft Technology Corporation
 
11%
 
11%
 
*
Accuvant
 
*
 
11%
 
10%
* Less than 10%
Summarized below are individual customers whose net accounts receivable balance accounted for or exceeded 10% of the total Company's net accounts receivable balance:
 
 
As of December 31, 2014
 
 
2014
 
2013
Percentage of Accounts Receivable:
 
 
 
 
Accuvant
 
*
 
12%
Westcon
 
15%
 
*
* Less than 10%

94


Item 9. Changes in and Disagreements With Accountants on Accounting and Financial Disclosure
None.
Item 9A. Controls and Procedures
Limitations on Effectiveness of Controls
In designing and evaluating our disclosure controls and procedures, management recognizes that any controls and procedures, no matter how well designed and operated, can provide only reasonable assurance of achieving the desired control objectives. In addition, the design of disclosure controls and procedures must reflect the fact that there are resource constraints and that management is required to apply its judgment in evaluating the benefits of possible controls and procedures relative to their costs.
Evaluation of Disclosure Controls and Procedures
Our management, with the participation of our Chief Executive Officer and Chief Financial Officer, evaluated the effectiveness of our disclosure controls and procedures as of December 31, 2014. The term "disclosure controls and procedures," as defined in Rule 13a-15 under the Securities Exchange Act of 1934, as amended (or the “Exchange Act”), means controls and other procedures of a company that are designed to ensure that information required to be disclosed by a company in the reports that it files or submits under the Exchange Act is recorded, processed, summarized and reported, within the time periods specified in the SEC’s rules and forms. Disclosure controls and procedures include, without limitation, controls and procedures designed to ensure that information required to be disclosed by a company in the reports that it files or submits under the Exchange Act is accumulated and communicated to management, including our principal executive and principal financial officers, as appropriate to allow timely decisions regarding required disclosure.
Based on our evaluation, our chief executive officer and chief financial officer concluded that, as of December 31, 2014, our disclosure controls and procedures were effective at the reasonable assurance level.
Management’s Annual Report on Internal Control Over Financial Reporting
Management is responsible for establishing and maintaining adequate internal control over financial reporting as defined in Rule 13a-15(f) under the Securities Exchange Act of 1934.
Under the supervision and with the participation of our management, including our principal executive officer and principal financial officer, we conducted an evaluation of the effectiveness of our internal control over financial reporting as of December 31, 2014 based on the criteria related to internal control over financial reporting described in Internal Control - Integrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Treadway Commission. Based on our evaluation, management concluded that our internal control over financial reporting was effective as of December 31, 2014.
Deloitte & Touche LLP, the independent registered public accounting firm that audited the consolidated financial statements included in this Form 10-K, has issued a report, included herein, on the effectiveness of the Company's internal control over financial reporting as of December 31, 2014.
Changes in Internal Control over Financial Reporting
There were no changes in our internal control over financial reporting identified in connection with the evaluation required by Rule 13a-15(d) and 15d-15(d) of the Exchange Act that occurred during the quarter ended December 31, 2014 that have materially affected, or are reasonably likely to materially affect, our internal control over financial reporting.
REPORT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM
To the Board of Directors and Stockholders of
FireEye, Inc.
Milpitas, California
We have audited the internal control over financial reporting of FireEye, Inc. and subsidiaries (the "Company") as of December 31, 2014, based on criteria established in Internal Control - Integrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Treadway Commission. The Company's management is responsible for maintaining effective internal control over financial reporting and for its assessment of the effectiveness of internal control over financial reporting, included in the accompanying Management’s Annual Report on Internal Control over Financial Reporting. Our responsibility is to express an opinion on the Company's internal control over financial reporting based on our audit.
We conducted our audit in accordance with the standards of the Public Company Accounting Oversight Board (United States). Those standards require that we plan and perform the audit to obtain reasonable assurance about whether effective internal control over financial reporting was maintained in all material respects. Our audit included obtaining an understanding of internal control over financial reporting, assessing the risk that a material weakness exists, testing and evaluating the design and operating effectiveness of internal control based on the assessed risk, and performing such other procedures as we considered necessary in the circumstances. We believe that our audit provides a reasonable basis for our opinion.

95


A company's internal control over financial reporting is a process designed by, or under the supervision of, the company's principal executive and principal financial officers, or persons performing similar functions, and effected by the company's board of directors, management, and other personnel to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company's internal control over financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company's assets that could have a material effect on the financial statements.
Because of the inherent limitations of internal control over financial reporting, including the possibility of collusion or improper management override of controls, material misstatements due to error or fraud may not be prevented or detected on a timely basis. Also, projections of any evaluation of the effectiveness of the internal control over financial reporting to future periods are subject to the risk that the controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.
In our opinion, the Company maintained, in all material respects, effective internal control over financial reporting as of December 31, 2014, based on the criteria established in Internal Control - Integrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Treadway Commission.
We have also audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States), the consolidated financial statements and financial statement schedule as of and for the year ended December 31, 2014 of the Company and our report dated March 2, 2015 expressed an unqualified opinion on those financial statements and financial statement schedule.


/s/ DELOITTE & TOUCHE LLP

San Jose, California
March 2, 2015

Item 9B. Other Information
On February 26, 2015, Kevin Mandia was promoted from Chief Operating Officer to President of the Company.  The biographical information about Mr. Mandia, other than his current age (he is now 44), and other information required by Items 401(b), (d), (e) and Item 404(a) of Regulation S-K are contained in the Company’s Form 8-K filed with the SEC on January 2, 2014 reporting, among other things, the completion of the Company’s acquisition of Mandiant Corporation, and such information is incorporated by reference herein.

96


PART III
Item 10. Directors, Executive Officers and Corporate Governance
The information required by this item is incorporated by reference to our Proxy Statement for our 2015 Annual Meeting of Stockholders to be filed with the SEC within 120 days after the end of the fiscal year ended December 31, 2014.
As part of our system of corporate governance, our board of directors has adopted a code of business conduct and ethics. The code applies to all of our employees, officers (including our principal executive officer, principal financial officer, principal accounting officer or controller, or persons performing similar functions), agents and representatives, including our independent directors and consultants, who are not employees of ours, with regard to their FireEye-related activities. Our code of business conduct and ethics is available on our website at www.fireeye.com. We will post on this section of our website any amendment to our code of business conduct and ethics, as well as any waivers of our code of business conduct and ethics, that are required to be disclosed by the rules of the SEC or the NASDAQ Stock Market.
Item 11. Executive Compensation
The information required by this item is incorporated by reference to our Proxy Statement for our 2015 Annual Meeting of Stockholders to be filed with the SEC within 120 days after the end of the fiscal year ended December 31, 2014.
Item 12. Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters
The information required by this item is incorporated by reference to our Proxy Statement for our 2015 Annual Meeting of Stockholders to be filed with the SEC within 120 days after the end of the fiscal year ended December 31, 2014.
Item 13. Certain Relationships and Related Transactions, and Director Independence
The information required by this item is incorporated by reference to our Proxy Statement for our 2015 Annual Meeting of Stockholders to be filed with the SEC within 120 days after the end of the fiscal year ended December 31, 2014.
Item 14. Principal Accountant Fees and Services
The information required by this item is incorporated by reference to our Proxy Statement for our 2015 Annual Meeting of Stockholders to be filed with the SEC within 120 days after the end of the fiscal year ended December 31, 2014.

97


PART IV
Item 15. Exhibits, Financial Statement Schedules
Documents filed as part of this report are as follows:
1. Consolidated Financial Statements:
Our Consolidated Financial Statements are listed in the “Index to Consolidated Financial Statements” in Part II, Item 8 of this Annual Report on Form 10-K.
2. Financial Statement Schedules:
Schedule II - Valuation and Qualifying Accounts is included below, and should be read in conjunction with the Consolidated Financial Statements included in Part II, Item 8 of this Annual Report on Form 10-K. All other schedules have been omitted because they are not required, not applicable, or the required information is included elsewhere in this Annual Report on Form 10-K.
3. Exhibits:
The documents listed in the Exhibit Index of this Annual Report on Form 10-K are incorporated by reference or are filed with this report, in each case as indicated therein (numbered in accordance with Item 601 of Regulation S-K).
SCHEDULE II
VALUATION AND QUALIFYING ACCOUNTS
(in thousands)
Allowance for doubtful accounts receivable
 
Balance at beginning of period
 
Charged to cost and expenses
 
Write-offs, net of recoveries
 
Balance at end of period
Year ended December 31, 2012
 
$

 
$
20

 
$

 
$
20

Year ended December 31, 2013
 
20

 

 

 
20

Year ended December 31, 2014
 
$
20

 
$
566

 
$

 
$
586


98


SIGNATURES

Pursuant to the requirements of Section 13 or 15(d) of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned, thereunto duly authorized, on March 2, 2015.  
 
 
 
 
 
 
 
 
 
 
 
FIREEYE, INC.
 
 
 
 
 
 
 
 
 
 
 
 
By:
 
/s/ DAVID G. DEWALT
 
 
 
 
 
 
David G. DeWalt
 
 
 
 
 
 
Chief Executive Officer
 
POWER OF ATTORNEY

KNOW ALL THESE PERSONS BY THESE PRESENTS, that each person whose signature appears below constitutes and appoints David G. DeWalt, Michael J. Sheridan and Alexa King, and each of them, his or her attorneys-in-fact, each with full power of substitution, for him or her in any and all capacities, to sign any and all amendments to this Annual Report on Form 10-K, and to file the same, with exhibits thereto and other documents in connection therewith, with the Securities and Exchange Commission, hereby ratifying and confirming all that each said attorneys-in-fact or his substitute or substitutes, may do or cause to be done by virtue hereof.
Pursuant to the requirements of the Securities Exchange Act of 1934, this report has been signed below by the following persons on behalf of the registrant and in the capacities and on the dates indicated.

Signature
 
Title
 
Date
 
 
 
 
 
/S/ DAVID G. DEWALT
David G. DeWalt
 
Chief Executive Officer and Chairman of the Board
(Principal Executive Officer)
 
March 2, 2015
 
 
 
 
 
/S/ MICHAEL J. SHERIDAN
Michael J. Sheridan
 
Senior Vice President and Chief Financial Officer
(Principal Financial and Accounting Officer)
 
March 2, 2015
 
 
 
 
 
/S/ ASHAR AZIZ
Ashar Aziz
 
Founder, Chief Strategy Officer, and Vice Chairman of the Board
 
March 2, 2015
 
 
 
 
 
/S/ KIMBERLY ALEXY
Kimberly Alexy
 
Director
 
March 2, 2015
 
 
 
 
 
/S/ RONALD E. F. CODD
Ronald E. F. Codd
 
Director
 
March 2, 2015
 
 
 
 
 
/S/ WILLIAM M. COUGHRAN JR.
William M. Coughran Jr.
 
Director
 
March 2, 2015
 
 
 
 
 
/S/ ROBERT F. LENTZ
Robert F. Lentz
 
Director
 
March 2, 2015
 
 
 
 
 
/S/ ENRIQUE SALEM
Enrique Salem
 
Director
 
March 2, 2015

99


EXHIBT INDEX
 
 
Incorporated by Reference
Exhibit No.
Description of Exhibit
Form
File No.
Exhibit
Filing Date
2.1+
Agreement and Plan of Reorganization, dated as of December 30, 2013, by and among the Registrant, Mercury Merger Corporation, Mercury Merger LLC, Mandiant Corporation and Shareholder Representative Services LLC.
8-K
001-36067
2.1
January 2, 2014
 
 
 
 
 
 
3.1
Amended and Restated Certificate of Incorporation of the Registrant.
8-K
001-36067
3.1
September 25, 2013
 
 
 
 
 
 
3.2
Amended and Restated Bylaws of the Registrant.
S-1/A
333-190338
3.4
August 21, 2013
 
 
 
 
 
 
4.1
Form of the Registrant's common stock certificate.
S-1/A
333-190338
4.1
September 9, 2013
 
 
 
 
 
 
10.1†
Form of Indemnification Agreement between the Registrant and certain of its officers and directors.
S-1
333-190338
10.1
August 2, 2013
 
 
 
 
 
 
10.2†
Employee Incentive Plan.
S-1
333-190338
10.17
August 2, 2013
 
 
 
 
 
 
10.3†
Change of Control Severance Policy for Officers.
S-1/A
333-190338
10.27
August 21, 2013
 
 
 
 
 
 
10.4†
2004 Stock Option Plan, as amended, including form agreements under 2004 Stock Option Plan.
S-1
333-190338
10.5
August 2, 2013
 
 
 
 
 
 
10.5†
2008 Stock Plan, as amended, including form agreements under 2008 Stock Plan.
S-1/A
333-190338
10.6
September 9, 2013
 
 
 
 
 
 
10.6†
2013 Equity Incentive Plan, including form agreements under 2013 Equity Incentive Plan.
S-1/A
333-193717
10.6
March 3, 2014
 
 
 
 
 
 
10.7†
2013 Employee Stock Purchase Plan.
S-1/A
333-190338
10.8
September 9, 2013
 
 
 
 
 
 
10.8†
Mandiant Corporation 2011 Equity Incentive Plan, as amended, including form agreements under Mandiant Corporation 2011 Equity Incentive Plan.
S-1
333-193717
10.8
February 3, 2014
 
 
 
 
 
 
10.9†
Outside Director Compensation Policy.
10-Q
001-36067
10.1
November 5, 2014
 
 
 
 
 
 
10.10†
Offer Letter between the Registrant and David DeWalt, dated November 19, 2012, as amended and currently in effect.
S-1/A
333-190338
10.9
August 21, 2013
 
 
 
 
 
 
10.11†
Offer Letter between the Registrant and Ashar Aziz, dated November 26, 2012.
S-1
333-190338
10.10
August 2, 2013
 
 
 
 
 
 
10.12†
Offer Letter between the Registrant and Enrique Salem, dated February 2, 2013.
S-1
333-190338
10.11
August 2, 2013
 
 
 
 
 
 
10.13†
Offer Letter between the Registrant and Ronald E. F. Codd, dated July 28, 2012.
S-1
333-190338
10.12
August 2, 2013
 
 
 
 
 
 
10.14†
Offer Letter between the Registrant and Kimberly Alexy, dated December 12, 2014.
8-K
001-36067
10.1
January 8, 2015
 
 
 
 
 
 
10.15†
Offer Letter between the Registrant and Michael J. Sheridan, dated August 1, 2013.
S-1/A
333-190338
10.13
August 21, 2013
 
 
 
 
 
 
10.16†
Offer Letter between the Registrant and John McGee, dated July 4, 2014.
10-Q
001-36067
10.2
November 5, 2014
 
 
 
 
 
 
10.17†
Offer Letter between the Registrant and Alexa King, dated August 1, 2013.
S-1/A
333-190338
10.16
August 21, 2013
 
 
 
 
 
 
10.18†
Offer Letter, between the Registrant and Kevin Mandia, dated December 24, 2013.
8-K
001-36067
10.1
January 2, 2014
 
 
 
 
 
 

100


10.19†
Consideration Holdback Agreement, dated as of December 30, 2013, by and between Kevin Mandia and the Registrant.
8-K
001-36067
10.2
January 2, 2014
 
 
 
 
 
 
10.20†
Key Employee Non-Competition Agreement, dated as of December 30, 2013, by and between Kevin Mandia and the Registrant.
8-K
001-36067
10.3
January 2, 2014
 
 
 
 
 
 
10.21
Lease, dated as of January 15, 2008, by and between the Registrant and Silicon Valley CA-I, LLC, as amended and currently in effect.
S-1/A
333-190338
10.3
August 21, 2013
 
 
 
 
 
 
10.22
Sixth Amendment, dated as of January 23, 2014, to the Lease dated as of January 15, 2008 by and between the Registrant and Silicon Valley CA-I, LLC.
10-Q
001-36067
10.3
May 14, 2014
 
 
 
 
 
 
10.23
Seventh Amendment, dated as of March 24, 2014, to the Lease dated as of January 15, 2008 by and between the Registrant and Silicon Valley CA-I, LLC.
10-Q
001-36067
10.4
May 14, 2014
 
 
 
 
 
 
10.24
Lease, dated as of March 11, 2010, by and between the Registrant and Silicon Valley CA-I, LLC, as amended, assigned and currently in effect.
S-1
333-190338
10.4
August 2, 2013
 
 
 
 
 
 
10.25
Amended and Restated Loan and Security Agreement, dated as of August 26, 2011, between the Registrant and Silicon Valley Bank, as amended and currently in effect.
S-1
333-193717
10.22
February 3, 2014
 
 
 
 
 
 
10.26††
Flextronics Design and Manufacturing Services Agreement, dated as of September 28, 2012, by and between the Registrant and Flextronics Telecom Systems, Ltd.
S-1/A
333-190338
10.19
September 9, 2013
 
 
 
 
 
 
10.27
Amendment to Flextronics Design and Manufacturing Services Agreement, effective as of August 1, 2013, by and among the Registrant, FireEye Ireland Limited and Flextronics Telecom Systems, Ltd.
10-Q
001-36067
10.3
November 5, 2014
 
 
 
 
 
 
10.28
Design Statement of Work A-1 to Flextronics Design and Manufacturing Services Agreement, dated December 4, 2013, by and among the Registrant, FireEye Ireland Limited and Flextronics Telecom Systems, Ltd.
10-Q
001-36067
10.4
November 5, 2014
 
 
 
 
 
 
10.29
Amended and Restated Investors’ Rights Agreement, dated as of December 30, 2013, by and among the Registrant and the parties listed therein.
S-1
333-193717
10.24
February 3, 2014
 
 
 
 
 
 
21.1*
List of subsidiaries of the Registrant.
 
 
 
 
 
 
 
 
 
 
23.1*
Consent of Deloitte & Touche LLP, independent registered public accounting firm.
 
 
 
 
 
 
 
 
 
 
24.1
Power of Attorney (included on the signature page to this Annual Report on Form 10-K).
 
 
 
 
 
 
 
 
 
 
31.1*
Rule 13a-14(a) / 15(d)-14(a) Certification of Principal Executive Officer.
 
 
 
 
 
 
 
 
 
 
31.2*
Rule 13a-14(a) / 15(d)-14(a) Certification of Principal Financial Officer.
 
 
 
 
 
 
 
 
 
 
32.1**
Certifications of Chief Executive Officer and Chief Financial Officer pursuant to 18 U.S.C. Section 1350, as adopted pursuant to Section 906 of the Sarbanes-Oxley Act of 2002.
 
 
 
 
 
 
 
 
 
 
101.INS*
XBRL Instance Document.
 
 
 
 
 
 
 
 
 
 
101.SCH*
XBRL Taxonomy Extension Schema Document.
 
 
 
 
 
 
 
 
 
 

101


101.CAL*
XBRL Taxonomy Extension Calculation Linkbase Document.
 
 
 
 
 
 
 
 
 
 
101.DEF*
XBRL Taxonomy Extension Definition Linkbase Document.
 
 
 
 
 
 
 
 
 
 
101.LAB*
XBRL Taxonomy Extension Label Linkbase Document.
 
 
 
 
 
 
 
 
 
 
101.PRE*
XBRL Taxonomy Extension Presentation Linkbase Document.
 
 
 
 
 
 
 
 
 
 
*     Filed herewith.
**    Furnished herewith.
+     The schedules and other attachments to this exhibit have been omitted. The Registrant agrees to
furnish a copy of any omitted schedules or attachments to the SEC upon request.
†     Indicates a management contract or compensatory plan or arrangement.
††    Portions of this exhibit have been granted confidential treatment by the Securities and Exchange
Commission.

102