In Re Fireeye, Inc. Securities Litigation 14-CV-05204-Consolidated

Home , FireEye

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 1 of 84

1 Lionel Z. Glancy (#134180) Ex Kano S. Sams II (#192936)

2 Robert V. Prongay (#270796) GLANCY PRONGAY & MURRAY LLP

3 1925 Century Park East, Suite 2100 Los Angeles, California 90067

4 Telephone: (310) 201-9150 Facsimile: (310) 201-9160

5 Email: [email protected] [email protected]

6 [email protected]

7 Attorneys for Lead Plaintiff Vijay Fadia and Co-Lead Counsel for the Class

8 Jonathan Gardner (pro hac vice)

9 Angelina Nguyen (pro hac vice) LABATON SUCHAROW LLP

10 140 Broadway New York, New York 10005

11 Telephone: (212) 907-0700 Facsimile: (212) 818-0477

12 Email: [email protected] [email protected]

13 Attorneys for Lead Plaintiff State-Boston

14 Retirement System and Co-Lead Counsel for the Class

15 UNITED STATES DISTRICT COURT

16 NORTHERN DISTRICT OF CALIFORNIA, SAN JOSE DIVISION

17 )

18 Case No.: 5:14-cv-05204-EJD 19 IN RE FIREEYE, INC. 20 SECURITIES LITIGATION CONSOLIDATED AMENDED CLASS

21 ACTION COMPLAINT

22 ) 23 )

24 )

CONSOLIDATED AMENDED CLASS ACTION COMPLAINT CASE NO. 5:14- CV-05204-EJD Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 2 of 84

1 TABLE OF CONTENTS

2 I. NATURE OF THE ACTION ...... 1 3 II. JURISDICTION AND VENUE ...... 8 4 III. PARTIES ...... 5

6 IV. CONTROL PERSON ALLEGATIONS ...... 11

7 V. SUBSTANTIVE ALLEGATIONS ...... 1

8 A. The Company And Its Business ...... 1

9 B. FireEye Acquires Mandiant and Touts an Integrated Product Solution Featuring Mandiant’s Endpoint Threat Detection ...... 1 10 C. Defendants Conceal Significant Problems With Mandiant’s Flagship MIR 11 Product...... 2

12 D. Defendants Update Market on “Smooth” and “Rapid” Mandiant

13 Integration...... 2

14 E. Defendants Sell Millions in Stock Following FireEye’s Secondary Offering...... 2 15 F. FireEye Misses Consensus Product Revenue in 1Q14 ...... 2 16 G. In Reality, Integration Problems, Channel Friction, And Competition 17 Adversely Impact Product Sales ...... 2

18 1. Integration Problems Cause Delays in Sales Cycles...... 2

19 2. Integrating Sale of Mandiant Services Causes Channel Friction ...... 3

20 3. Increasing Competition Reduces The Pipeline ...... 3 21 H. FireEye Announces A Change in Revenue Recognition For Its Email 22 Product And Appoints a New Head of Sales ...... 3

23 I. FireEye Introduces FireEye-as-a-Service, A New Subscription Service ...... 3

24 VI. DEFENDANTS’ MATERIALLY FALSE AND MISLEADING STATEMENTS

25 ANDOMISSIONS ...... 4

26 A. Class Period Financials ......

27 B. January 2, 2014 8-K Attaching Press Release Announcing Mandiant Acquisition...... 41 28 CONSOLIDATED AMENDED CLASS ACTION COMPLAINT i CASE NO. 5:14- CV-05204-EJD Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 3 of 84

1 C. January 2, 2014 Call Announcing Mandiant Acquisition ...... 4

2 D. February 11, 2014 4Q13 Earnings Call ...... 4

3 E. May 6, 2014 1Q14 Earnings Call ...... 4

4 F. May 20, 2014 JP Morgan Global Technology Media Telecom Conference ...... 5

5 G. May 29, 2014 Cowen Technology Media & Telecom Conference ...... 5

6 H. June 3, 2014 Bank of America Merrill Lynch Global Technology

7 Conference...... 5

8 I. August 5, 2014 2Q14 Earnings Call ......

9 J. August 11, 2014 Pacific Crest Global Technology Leadership Forum......

10 K. September 3, 2014 Citi Global Technology Conference ......

11 L. September 18, 2014 FireEye Tech Talk ......

12 VII. THE ENTIRE TRUTH IS FINALLY REVEALED ......

13 VIII. ADDITIONAL SCIENTER ALLEGATIONS ......

14 IX. CLASS ACTION ALLEGATIONS ......

15 X. APPLICABILITY OF PRESUMPTION OF RELIANCE UNDER THE 16 AFFILIATED UTE DOCTRINE, AND/OR, IN THE ALTERNATIVE, THE FRAUD ON THE MARKET DOCTRINE ...... 6 17 XI. NO SAFE HARBOR ...... 18 XII. LOSS CAUSATION/ECONOMIC LOSS ...... 19

20 COUNT I Violation Of Section 10(b) Of The Exchange Act And Rule 10b-5(b) Promulgated Thereunder Against All Defendants ...... 7

21 COUNT II Violation Of Section 10(b) Of The Exchange Act And Rule 10b-5(a) and (c) 22 Promulgated Thereunder Against All Defendants ...... 7

23 COUNT III Violation Of Section 20(a) Of The Exchange Act Against the Individual Defendants...... 7 24 JURY TRIAL DEMANDED ...... 25

OLIDATED AMENDED CLASS ACTION COMPLAINT ii NO. 5:14- CV-05204-EJD Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 4 of 84

1 Lead Plaintiffs State-Boston Retirement System (“State-Boston”) and Vijay Fadia 2 (“Fadia”) (collectively, “Plaintiffs”), by their undersigned attorneys, hereby bring thi

3 Consolidated Amended Class Action Complaint (the “Complaint”) against FireEye, Inc 4 (“FireEye” or the “Company”), David G. DeWalt (“DeWalt”), Michael J. Sheridan (“Sheridan”)

5 and Kevin Mandia (“Mandia”). The allegations herein are based on Plaintiffs’ persona 6 knowledge as to their own acts and on information and belief as to all other matters, such 7 information and belief having been informed by the investigation conducted by and under the 8 supervision of their counsel, which included interviews of former employees of FireEye and 9 other persons with knowledge of the matters alleged herein; these confidential witnesse 10 (“CWs”) will be identified herein by number (CW1, CW2, etc.), 1 and review and analysis o

11 publicly available information, including United States Securities and Exchange Commission 12 (“SEC”) filings by FireEye, as well as regulatory filings and reports, securities analysts’ report

13 and advisories about the Company, press releases and other public statements issued by the 14 Company, and media reports about the Company. Plaintiffs believe that substantial additiona

15 evidentiary support will exist for the allegations set forth herein after a reasonable opportunity 16 for discovery. On behalf of themselves and the class they seek to represent, Plaintiffs allege a 17 follows:

18 I. NATURE OF THE ACTION 19 1. This action is brought on behalf of a class of purchasers of FireEye 20 between January 2, 2014 and November 4, 2014 inclusive (the purchasers being the “Class” a 21 the time frame being the “Class Period”). Plaintiffs seek remedies under the Securities Exchan 22 Act of 1934, 15 U.S.C. §§ 78a et seq. (the “Exchange Act”). 23 2. FireEye, founded in 2004, develops and markets products and services related

24 network security, including the real-time detection of and protection from threats from t 25 internet, through email, and from other sources. FireEye’s systems claim to offer protectio

26 superior to those of traditional products that rely on matching data with an existing database

28 1 All CWs will be described in the masculine to protect their identities. CONSOLIDATED AMENDED CLASS ACTION COMPLAINT 1 CASE NO. 5:14- CV-05204-EJD Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 5 of 84

1 previously identified programs, or “signatures.” The Company purports to be an industry leade

2 in protecting networks against advanced persistent threats (APTs), particularly unknown

3 previously undetected threats known as “zero day” threats, using quarantining or “sandboxing

4 to detect novel malware that signature-based technologies are unable to detect. The “sandbox” i

5 an emulation environment run inside FireEye’s Multi-Vector Virtual Machine Execution (MVX

6 engine, a virtual machine that “detonates” suspected files and analyzes their behavior to asses

7 whether they are malicious. Prior to and during the Class Period, FireEye described its busines

8 as generating substantial revenue from the sale of the Company’s product portfolio, includin

9 software-based malware protection systems such as its Web MPS and File MPS. FireEye serve

10 more than 2,700 customers in over 67 countries.

11 3. The Company sells its products and services through both its direct sales

12 and its value-added reseller (“VAR”) channel. The direct sales team is made up of field

13 inside sales personnel. The Company also utilizes an indirect channel sales teams to sup

14 channel partner sales, or a “direct-touch sales model” wherein the support team works

15 channel partners to secure prospects, convert prospects to customers, and pursue follow-on

16 opportunities. FireEye primarily targets large enterprise and government customers.

17 4. FireEye’s offerings include physical appliances and subscription services.

18 MVX engine is deployed in on-premise purpose-built appliances. These machines include a

19 proprietary hypervisor and other software logic and can contain up to about 200 virtual machine

20 (“VMs”) in a single appliance, with each VM in turn containing approximately 10 MVX engines

21 The appliances scan web and email traffic and are usually deployed at points on the network

22 through which such traffic passes.

23 5. According to FireEye’s Form 10-K for fiscal year 2014, revenue for

24 Company’s product appliances usually is recognized at the time of shipment 2 and

25 2 One product, the Email Threat Prevention appliance, historically could not functi 26 without accompanying services and was billed ratably; as of June 2014, however, FireE announced a policy change – that appliance would be shipped with the necessary software 27 function without associated subscription services, and revenue for the appliance would, goi

28 forward, be recognized at shipment.

OLIDATED AMENDED CLASS ACTION COMPLAINT 2 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 6 of 84

1 revenue is recognized ratably over the contractual service period, which is typically one to fi 2 I years. 3 6. FireEye went public in September 2013 at $20 per share. In December 2013, the 4 Company acquired privately-held Mandiant Corporation (“Mandiant”), a computer forensics

5 specialist and acknowledged leader in endpoint security, incident response, and remediation 6 with more than two million endpoints installed globally, for 21.5 million shares (at a value o

7 $884M), $106.5M in net cash, and performance incentives. Mandiant, known for investigator 8 that act like a “cyber-SWAT” team for companies that have been hacked, also offered software 9 products that detected threats on a network’s endpoints. Endpoints refer to remote devices

10 accessing a corporate network, such as desktop or laptop computers, tablets, smartphones, etc 11 In comparison, FireEye’s products focused on detecting threats at strategic points on the

12 network, but not the endpoints.

13 7. The January 2, 2014 press release announcing the Mandiant acquisition stated tha 14 “[t]he combination of FireEye and Mandiant brings together two highly complementary

15 companies, each a recognized leader and innovator in security, and creates an organization

16 uniquely qualified to meet organizations’ needs for real-time detection, contextual th 17 intelligence, and rapid incident response.” The press release further stated that “Mandiant 18 been a strategic alliance partner of FireEye since April 2012. The combination of the

19 companies is a natural extension of this partnership and their integrated product offering, w 20 both companies announced in February 2013.”

21 8. The press release also noted that Kevin Mandia, Mandiant’s founder and chi 22 executive officer prior to the acquisition, would be chief operating officer of FireEye, and quote 23 Mandia as saying that “[t]he combination of FireEye and Mandiant will deliver end-to-e

24 protection and meaningful value to customers... By joining FireEye and Mandiant, we will

25 able to deliver fully integrated products and services that help organizations protect themsel 26 from attacks.” According to the press release, Mandiant’s endpoint threat detection and respo

27 products would be “incorporated as a core element of the FireEye Oculus platform.”

OLIDATED AMENDED CLASS ACTION COMPLAINT 3 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 7 of 84

1 9. On the January 2, 2014 analyst call discussing the Mandiant acquisition, DeW 2 further emphasized the “proven synergy potential” between the two companies:

3 We formalized our partnership almost a year ago with the announced integration of the Mandiant Infinite Response platform 4 or MIR with our FireEye web and email MPS solutions. Many customers have now deployed this integrated solution, proving the 5 synergy potential between the companies.... In addition to the full lifecycle remediation capabilities, we see many synergies between 6 the companies. First of all, FireEye can now leverage the MIR endpoint management framework to port our virtual machine- 7 based technology to the endpoint, expanding our TAM -- our total addressable market -- and creating an end-to-end solution capable 8 of protecting any company at any part of the architecture. 9 10. DeWalt also highlighted the ability of the combined company to “quickly

10 products and the opportunity to “cross-sell” to the companies’ respective customer bases: 11 To further expand on the synergies, I believe there’s a number of additional near-term opportunities, including the ability to sell 12 FireEye’s existing products into Mandiant’s base of more than 500 customers, of which we have less than 20% overlap. Also, the 13 ability to sell Mandiant’s endpoint and cloud solutions into FireEye’s base of more than 1,500 customers, of which we have 14 less than 10% overlap. 15 With more than 50% of Mandiant’s bookings in products and subscriptions, the opportunity to grow products even faster is a 16 reality; also, the ability to sell Mandiant’s products and services internationally in the more than 40 countries where FireEye is now 17 present. Today Mandiant has less than 5% of its sales outside the US. This will be a key synergy opportunity for the joint 18 companies. 19 11. DeWalt further stated that an “immediate short-term synergy will be the length o 20 the FireEye sales cycle. Being closer to the breach created by the Mandiant service engine

21 significantly shorten the product cycles and increase the average sales price.” 22 12. In response to an analyst question regarding whether the combined 23 “over time this looks like a traditional software company, or is it always going to have a he

24 consulting services mix to the business?”, DeWalt stated “I think it looks more like a pr

25 company than anything else, clearly” and “[o]n the Mandiant side it is becoming more and

26 product as well. This is a business that started out 100/zero services/product and now is 27 than 50% product/services. So it is evolving in that direction as well, I think almost the

28 path that FireEye is on.”

OLIDATED AMENDED CLASS ACTION COMPLAINT 4 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 8 of 84

1 13. Even as DeWalt touted the combined company’s “product” synergies, however, 2 I Defendants were aware of a serious flaw in the latest version of the Mandiant Infinite 3 (“MIR”) endpoint threat detection product. According to a former sales engineer with 4 I (and later with the combined company), changes made to the MIR product in November 201 5 caused significant scalability issues, such that MIR was unable to scale past 3,000-4,000 6 endpoints without dropping offline, when the product was supposed to monitor 10,000 endpoint 7 per server. Those problems – with an estimated resolution date of early 2015 – led many o 8 Mandiant’s legacy customers to abandon the combined company for competitors like 9 CrowdStrike and AccessData. In other words, one of the primary reasons FireEye identified a 10 driving the Mandiant acquisition – the ability to “integrate” FireEye’s products with MIR –

11 suffered serious setbacks from the beginning of the Class Period. 12 14. FireEye completed a follow-on offering of its stock on March 6, 2014,

13 which the Company raised approximately $1.1 billion and sold 14 million shares at $82.00

14 share, more than four times the price at its initial public offering (“IPO”). Mere days after 15 follow-on offering, the Individual Shares sold their shares at $79.54, near the all-time hi

16 earning tens of millions of dollars in profits. 17 15. Yet Defendants failed to disclose that FireEye – contrary to the synergies 18 touted – experienced multiple difficulties integrating Mandiant throughout the Class P 19 leading to problems selling the combined company’s products and, correspondingly, to a he

20 services revenue component. As detailed below, former employees of the combined com 21 describe (1) a significant slowdown in sales resulting from mass confusion and chaos at the 22 level as the consolidated field personnel struggled with selling unfamiliar products and 23 forced to share sales territories from the sheer increase in their numbers as a result of the me 24 (2) pushback from customers that did not want to be pitched on cross-sales of services; (3

25 lengthening of sales cycles from integration inefficiencies; (4) friction with FireEye’s channe

26 partners caused by FireEye’s competing with the channel over FireEye’s new services

27 particularly as services have higher margins for channel sellers than products; (5) problems with 28 the updated version of Mandiant’s core MIR solution, which DeWalt had touted as an

OLIDATED AMENDED CLASS ACTION COMPLAINT 5 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 9 of 84

1 “integrated solution” at the beginning of the Class Period, leading to customers leaving

2 competitors and a shrinking pipeline; (6) increasing competition in the marketplace for leg

3 FireEye products; and (7) legacy Mandiant customers that did not want to upgrade to

4 combined company solution because it was significantly more expensive.

5 16. Throughout the Class Period, Defendants failed to disclose that their 6 sales were suffering, even as FireEye’s revenue began shifting increasingly toward servi 7 revenue, meaning less up-front revenue in the Company’s reported financials. On the Febru 8 11, 2014 4Q 13 earnings call, DeWalt continued to reiterate the Company’s purported focus 9 selling product: 10 We have a series of new products rolling out, going into the first quarter and the second order that we haven’t announced yet, that 11 are really organic between the two. We think we’ve got a really nice place now to add products to the sales and marketing engine 12 we put in place.

13 ....Our ability to scale of the Mandiant business is really a matter of selling products now. We’re going to continue to scale services 14 people, but not at a faster pace than we are going to be selling products.... As we sell more and more product, it’s all about the 15 automation of that service component. 16 17. Additionally, DeWalt denied that competition was affecting FireEye’s

17 sales, even though analysts noted that FireEye faced increasing competition, with a May 2014 18 Deutsche Bank report stating that “FireEye now has a host of emerging rivals and at the recent 19 RSA event it felt like every security IT vendor was selling an APT solution.” DeWalt, however

20 responded to an analyst’s question regarding competition on the May 6, 2014 1Q14 earnings cal 21 that “[t]he head-to-head battles with any competitor in the market has resulted in near flawless

22 execution and win rates. I would say 100%, but I’m sure there is one out there that we lost to

23 some competitor, but our win rates are dramatic when competing head to head with a produc 24 bake-off,” and further stating that a competing product named WildFire from Palo Alto 25 Networks had had no impact on the Company’s business: 26 [O]ur renewal rates are spectacular, first of all. Second of all, our win rate is spectacular; any conversions to a competitor that you 27 just named, to my knowledge, is zero. I have not seen a single transaction when somebody moves from FireEye to Wildfire . When 28 I look at Wildfire, that product is highly ineffective in the marketplace where these types of attacks, a million reasons I could OLIDATED AMENDED CLASS ACTION COMPLAINT 6 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 10 of 84

1 go on and on about. But I have not seen any of that, I don’t anticipate seeing any of that.

2 In fact, there [are] many accounts where we go into where Wildfire 3 was already sold and we had FireEye behind it, and on top of that our detection efficacy doesn’t change one bit, whether that product 4 was in front of us or behind it. The way I look at this is that technology is having almost zero influence on these advanced 5 detection models that are out there, in my opinion. So I just don’t see that technology as something that is there right now to 6 changing our business model. 7 So a little -- a little aggressive statement, but it is what it is. I don’t see them as a major factor for us right now.

8 9 18. On the same analyst call, DeWalt also asserted that “we generated

10 growth in incremental pipeline for the Company,” contrary to accounts from former emp 11 that pipelines were shrinking as Mandiant software problems caused legacy Mandiant 12 to leave for competitors. 13 19. FireEye’s shift towards services revenue as a result of the undisclosed

14 with product sales and competition led to lower reported quarterly revenues because ser

15 revenue – being rated over the term of the services contract – was largely deferred. 16 Company’s reported 1Q 14 results constituted the first partial disclosure to the market

17 product sales were being adversely affected, as product revenue (which analysts, e.g. , Deu 18 Bank, viewed as “driv[ing] overall momentum”) fell meaningfully short of analysts’ estim 19 In response, FireEye’s stock price plummeted 22.84% to close at $28.65 per share on May 7 20 2014 on unusually heavy trading volume, with 23,205,700 shares traded compared with

21 average daily trading volume over the Class Period of 5,850,012 shares. 22 20. In August 2014, when FireEye announced 2Q 14 results, the market learned 23 the Company had managed to meet product revenue expectations at the same time as it learne 24 that FireEye also had boosted product revenue through a “policy change” that resulted i

25 recognizing revenue at shipment for its email appliance, which historically had require

26 accompanying subscription services and thus previously had been reported as services revenue 27 A JP Morgan analyst observed that the change in revenue recognition was “a major contributo 28 to the increase in revenue guidance for FY14 along with the upside in 2Q14 billings.”

OLIDATED AMENDED CLASS ACTION COMPLAINT 7 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 11 of 84

1 21. The Company also announced on the August 2014 earnings call that a new he

2 of global sales would displace the former head, in addition to the realization of “cost saving

3 from “personnel... consolidation[].” DeWalt explicitly denied, however, that the sales force w 4 being restructured, and failed to disclose any elongation of sales cycles.

5 22. The disclosure that product sales were artificially boosted and that a new head 6 sales had been appointed amid “cost savings” from “personnel consolidation” caused shares 7 fall a further 11.42%, to close at $30.78 per share on August 6, 2014 on unusually heavy tradi 8 volume, with 12,839,900 shares traded compared with an average daily trading volume over 9 Class Period of 5,850,012 shares. 10 23. Finally, on November 4, 2014, Defendants acknowledged a pronounced shift i

11 revenue from product to services, announcing revenues at the low end of their previous guidanc

12 and lower than analysts’ consensus expectations. Defendants attributed the shift t 13 “outperformance” of FireEye-as-a-Service, a new subscription service (“SaaS”) the Compan 14 had announced in September 2014 – a mere two weeks before the end of the third quarter. A 15 Citigroup analyst cut his price target in response, stating that analyst consensus revenu

16 estimates would decline given the reduction in product revenue, and that FireEye’s growth woul 17 be difficult to estimate given the changes in its revenue recognition practices and its introductio

18 of subscription models like FireEye-as-a-Service. 19 24. In reaction to FireEye’s disappointing product revenue, the Company’s share

20 plummeted 14.98%, on unusually heavy trading volume, with 25,224,200 shares trade

21 compared with an average daily trading volume over the Class Period of 5,850,012 shares.

22 II. JURISDICTION AND VENUE 23 25. The claims asserted herein arise under and pursuant to Sections 10(b) and 20(a) o 24 the Exchange Act [15 U.S.C. §§ 78j(b) and 78t(a)] and Rule 10b-5 promulgated thereunder b 25 the Securities and Exchange Commission (“SEC”) [17 C.F.R. § 240.10b-5]. 26 26. This Court has jurisdiction over the subject matter of this action pursuant to 2 27 U.S.C. § 1331 and Section 27 of the Exchange Act [15 U.S.C. § 78aa].

OLIDATED AMENDED CLASS ACTION COMPLAINT 8 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 12 of 84

1 27. Venue is proper in this District pursuant to Section 27 of the Exchange Act, 2 28 U.S.C. § 1391(b).

3 28. In connection with the acts alleged in this Complaint, Defendants, directly 4 indirectly, used the means and instrumentalities of interstate commerce, including, but

5 limited to, the mails, interstate telephone communications and the facilities of the natio 6 I securities markets. 7 III. PARTIES 8 29. On May 1, 2015, the Court appointed State-Boston and Fadia to serve as L 9 Plaintiffs in this securities class action pursuant to the Private Securities Litigation Reform

10 of 1995 (the “PSLRA”), Pub. L. 104-67, 109 Stat. 737.

11 30. Lead Plaintiff State-Boston is a defined-benefit governmental pension 12 headquartered in Boston, Massachusetts and governed by a five-member board. As of Decem 13 31, 2013, Boston managed approximately $5.39 billion in assets on behalf of approxima 14 44,000 beneficiaries. As set forth in the certification annexed State-Boston’s Motion 15 Appointment as Lead Plaintiff, incorporated by reference herein, State-Boston purc 16 FireEye’s securities on the open market during the Class Period and suffered damages as a

17 of the misconduct alleged herein. 18 31. Lead Plaintiff Fadia purchased more than 32,000 FireEye shares during the Cla 19 Period and retained those shares throughout the Class Period. As set forth in the certificatio

20 annexed to Fadia’s Motion for Appointment as Lead Plaintiff, incorporated by reference herei 21 Fadia purchased FireEye’s securities on the open market during the Class Period and suffere 22 damages as a result of the misconduct alleged herein. 23 32. Defendant FireEye offers a comprehensive cybersecurity solution, through a suit

24 of products and services, for detecting, preventing and resolving advanced cyber-attacks tha

25 evade legacy signature-based security products. FireEye was incorporated in Delaware i 26 February 2004 under the name NetForts, Inc., and changed its name to FireEye, Inc. i 27 September 2005. FireEye has principal executive offices at 1440 McCarthy Blvd, Milpitas 28 California 95035. The Company completed its IPO in September 2013. FireEye’s commo

OLIDATED AMENDED CLASS ACTION COMPLAINT 9 NO. 5:14- CV-05204-EJD Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 13 of 84

1 stock trades on the NASDAQ Global Select Market (“NASDAQ”) under the ticker symbol 2 I “FEYE.” 3 33. Defendant DeWalt is the current Chairman of the Board and Chief 4 Officer (“CEO”), and has served in those capacities since May 2012 and November 201

5 respectively. Before joining FireEye, DeWalt was President, Chief Executive Officer, an 6 Director of McAfee, Inc. from April 2007 until February 2011, when McAfee was acquired b 7 Intel Corporation. Before McAfee, DeWalt held various positions at EMC Corporation, 8 company specializing in information infrastructure technology, as well as Documentum. Al 9 with his executive duties, DeWalt has served on the board of directors for several organizati 10 including Delta Air Lines, Inc., Polycom, Inc., and Jive Software, Inc. DeWalt was Chairman o 11 the Board at Mandiant from May 2012 until FireEye’s IPO in September 2013. He holds a B.S 12 in computer science from the University of Delaware. DeWalt was a direct and substantia

13 participant in the fraud. 14 34. Defendant Sheridan is Chief Financial Officer (CFO) and Senior Vice Presiden

15 of the Company, and has served in those capacities since June 2011. Before FireEye, Sheridan

16 oversaw all financial endeavors for several technology companies, including Mimosa Systems 17 Playlist, Inc., social media giant Facebook, IGN Entertainment (now part of News Corp.), and

18 network security company SonicWALL. Sheridan received a B.S. in commerce from Santa 19 Clara University. Sheridan was a direct and substantial participant in the fraud.

20 35. Defendant Mandia was Chief Operating Officer (“COO”) and Senior Vice 21 President of the Company during the Class Period, and currently is President of the Company 22 Mandia is the founder and was CEO of Mandiant prior to its acquisition by FireEye. Mandia 23 has overseen all operations at the Company since December 2013, when FireEye acquired 24 Mandiant. Before Mandiant, Mandia was the Director of Computer Forensics at Foundstone 25 (acquired by McAfee Corporation) from 2000 to 2003, and the Director of Information Security 26 for Sytex (later acquired by Lockheed Martin) from 1998 to 2000. Mandia was also a United 27 States Air Force Officer, where he was a computer security officer in the 7th Communications 28 Group at the Pentagon, and a special agent in the Air Force Office of Special

OLIDATED AMENDED CLASS ACTION COMPLAINT 10 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 14 of 84

1 Mandia holds a B.S. in computer science from Lafayette College and a M.S. in forensic scie 2 from The George Washington University. Mandia was a direct and substantial participant in

3 I fraud. 4 36. Defendants DeWalt, Sheridan, and Mandia are collectively referred to as 5 “Individual Defendants.” The Individual Defendants, together with FireEye, are collecti 6 I referred to as the “Defendants.” 7 IV. CONTROL PERSON ALLEGATIONS 8 37. The Individual Defendants, because of their positions of control and authority a 9 senior executive officers (and as Director for DeWalt), had access to the adverse, undisclose 10 information about FireEye’s business through their access to internal corporate documents an 11 information, conversations and associations with other corporate officers and employee

12 attendance at management and Board of Directors meetings and committees thereof, and report

13 and other information provided to them in connection therewith.

14 38. Each of the above officers of FireEye, by virtue of his high-level position with th 15 Company, directly participated in the management of the Company, and was directly involved i 16 the day-to-day operations of the Company at the highest levels. The Individual Defendant

17 participated in drafting, preparing, and/or approving the public statements and communication

18 complained of herein and were aware of, or recklessly disregarded, the material misstatement

19 contained therein and omissions therefrom, and were aware of their materially false an

20 misleading nature. Both DeWalt and Sheridan repeatedly portrayed the Mandiant acquisition a

21 smooth and failed to disclose the problems with integration and competition that affected produc

22 sales during the Class Period, even though product revenue historically had comprised almos 23 half of total revenues, and the market viewed product sales as driving overall momentum of the 24 Company’s business. Product revenue, including sales trends, were fundamental aspects o 25 FireEye’s business that the Individual Defendants followed, tracked, and were aware of, o

26 should have followed, tracked and been aware of, at all times.

27 39. The Individual Defendants, as senior executive officers of the Company,

28 able to and did control the content of the various SEC filings, press releases, and other p

OLIDATED AMENDED CLASS ACTION COMPLAINT 11 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 15 of 84

1 statements pertaining to the Company during the Class Period. The Individual Defendants were

2 provided with copies of the documents and statements alleged herein to be materially false and

3 misleading prior to or shortly after their issuance or had the ability and opportunity to preven 4 their issuance or cause them to be corrected. Accordingly, the Individual Defendants are

5 responsible for the accuracy of the public reports, releases, and other statements detailed herein 6 and are primarily liable for the misrepresentations and omissions contained therein. 7 40. As senior officers and controlling persons of a publicly-held company whose 8 securities were, during the relevant time, registered with the SEC pursuant to the Exchange Act 9 traded on the NASDAQ, the Individual Defendants each had a duty to promptly disseminate

10 accurate and truthful information with respect to the Company’s operations and business, and to

11 correct any previously issued statements that were or had become materially misleading o

12 untrue, so that the market price of the Company’s publicly-traded securities would be based upon 13 truthful and accurate information. The Individual Defendants’ wrongdoing during the Clas 14 Period violated these specific requirements and obligations. 15 41. Each of the Individual Defendants is liable as a primary participant in a wrongfu

16 scheme and course of business that operated as a fraud and deceit on purchasers of FireEye’

17 securities during the Class Period, which included the dissemination of materially false an

18 misleading statements (both affirmative statements and statements rendered misleading becaus

19 of material omission) regarding FireEye’s product sales and the Mandiant integration, includin 20 the undisclosed problems with Mandiant’s flagship MIR product. The scheme: (i) deceived th 21 investing public regarding FireEye’s operations and business, and the true value of FireEye’

22 securities; and (ii) caused Plaintiff and other members of the Class to purchase FireEye’

23 securities at artificially inflated prices, which fell as the truth concerning FireEye’s produc

24 revenue deceleration became known. 25 42. In making the statements complained of herein, the Individual Defendants, w

26 were senior officers and controlling persons of FireEye, were acting on behalf of the Company 27 the regular course of business. Therefore, each of the statements made by the Individu 28 Defendants is attributable to the Company.

OLIDATED AMENDED CLASS ACTION COMPLAINT 12 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 16 of 84

1 V. SUBSTANTIVE ALLEGATIONS 2 A. The Company And Its Business 3 43. Based in Milpitas, California, FireEye had approximately 2,700 employees as 4 December, 2014, and claims to provide a comprehensive cybersecurity solution for detecti

5 preventing and resolving cyber-attacks that evade legacy signature-based security products. T 6 Company’s cybersecurity solutions combine its purpose-built virtual-machine technology, thr 7 intelligence, and advanced security expertise in a suite of products and services. FireEye off 8 intelligence subscriptions, managed services, incident response, and consulting services 9 complement its threat prevention products.

10 44. FireEye’s threat detection “platform” or system combines its virtual machi 11 based detection engine, MVX, and its cloud-based threat intelligence network to ident

12 previously unknown threats. The MVX engine is deployed in on-premise purpose-

13 appliances. These machines include a proprietary hypervisor and other software logic and

14 contain up to about 200 VMs in a single appliance, with each VM in turn containin

15 approximately 10 MVX engines. The appliances scan web and email traffic and are usuall 16 deployed at points on the network through which such traffic passes. 17 45. FireEye appliances scan everything, including known and unknown threats acros

18 all key “vectors” (web, email, file and mobile). As data objects pass through a FireEy

19 appliance, they are analyzed using FireEye’s custom-built anomaly detector and associate 20 heuristic or experienced-based algorithms that attempt to filter suspicious data (potentiall

21 exploit objects or code) from benign traffic. These suspicious web objects, attachments and file

22 are then copied and loaded onto a VM or virtual sandbox environment that mimics operati

23 systems and device configurations, “fooling” the malware into thinking that it’s on re

24 computers by simulating their execution path. 25 46. This methodology allows for newly identified threats to be quarantined

26 sandboxed to prevent further exposure. In this virtual environment, the FireEye engine (us

27 sensors inside the sandbox) monitors the behavior of the suspicious data and determines if

28 actions are malicious or benign (for example, a PDF file is not supposed to be able to open

OLIDATED AMENDED CLASS ACTION COMPLAINT 13 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 17 of 84

1 network connection, and if the sensor detects that is able to, this is a sign that the PDF may

2 malware that is trying to communicate with an external master server). Sandboxed threats

3 “detonated,” akin to exploding a bomb in a remote and safe place. The resulting 4 I intelligence is then sent to FireEye’s cloud-based Dynamic Threat Intelligence (“DTI”) 5 which allows for threat intelligence sharing among vector-specific VMs, updating the 6 algorithms and protecting against multi-vector threats. 7 47. FireEye’s revenue consists of “product revenue” and “subscription and 8 revenue.” Product revenue is generated from sales of the Company’s appliances. Prior to June 9 2014, product revenue for the Company’s Web MPS, File MPS, MAS and CMS appliances was

10 recognized at the time of shipment, whereas revenue for the Company’s Email MPS appliances

11 were recognized ratably over the longer of the contractual term of the subscription service or the

12 estimated period the customer was expected to benefit from the product. In June 2014, however 13 FireEye announced a change in its policy, and that revenue for the Email appliances would

14 going forward, be recognized at the time of shipment, as with its other products. 15 48. FireEye generated subscription and services revenue primarily from its

16 cloud, the Email MPS Attachment/URL engine prior to June 2014, and support and maintena

17 services. The Company determined DTI cloud subscription as a percentage of the price of

18 related appliance. The Company recognized revenue from subscriptions and support

19 maintenance services over the one or three year contract term, as applicable. 20 49. The Company sells its products and services through both its direct sales

21 and its value-added reseller channel. Although no end-customer represented more than 10% o

22 revenue for any of the years ended December 31, 2014, 2013 and 2012, FireEye reported in it 23 Form 10-K for FY14 that Carahsoft Technology Corporation, a channel reseller, accounted fo

24 approximately 11% of revenue for FY13 and FY14, and Accuvant, another reseller, accounte 25 for approximately 11% and 10% of revenue in FY13 and FY12, respectively.

26 50. Investors viewed the Company’s product revenue as a critical measure o 27 FireEye’s growth. For example, a May 7, 2014 Deutsche Bank report stated that product 28 “drive overall momentum. Moreover, because product revenue was recognized up-front,

OLIDATED AMENDED CLASS ACTION COMPLAINT 14 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 18 of 84

1 shipping, higher product revenues meant higher total reportable revenues per quarter,

2 compared with services revenue, which was deferred over one or three years per contract length.

3 B. FireEye Acquires Mandiant and Touts an Integrated Product Solution Featuring Mandiant’s Endpoint Threat Detection

5 51 In December 2013, the Company acquired privately-held Mandiant, a 6 provider of advanced endpoint security products and security incident response 7 solutions, with more than two million endpoints installed globally, for 21.5 million shares (at 8 value of $884M), $106.5M in net cash, and performance incentives. 9 52. FireEye’s January 2, 2014 press release announcing the Mandiant 10 highlighted Mandiant’s endpoint products first (followed by its incident response and

11 consulting services), and asserted that those endpoint products were “already integrated with 12 FireEye platform”: 13 Endpoint Threat Detection, Response, and Remediation Products 14 Mandiant pioneered and continues to lead the industry for endpoint-based advanced threat detection and response. 15 Mandiant’s endpoint products, which are already integrated with the FireEye platform , enable security teams to make faster, more 16 accurate decisions about potential security incidents while eliminating blind spots by connecting the dots with the FireEye 17 network-based threat detection and prevention platform.

18 53. The press release also touted the companies’ “integrated product offering,” 19 I that “Mandiant has been a strategic alliance partner of FireEye since April 2012. 20 combination of the two companies is a natural extension of this partnership and their

21 product offering, which both companies announced in February 2013 .” 22 54. Defendants continued to emphasize the combined company’s

23 opportunities and offerings on the January 2, 2014 analyst call announcing the

24 acquisition. DeWalt stated that: 25 Mandiant generates over 50% of its sales through its products and subscription offerings targeted at the endpoint. The combination of 26 our companies significantly moves us forward in completing the circle of protection around organizations, networks, and endpoints 27 with our MVX virtual machine-based technology, and provides us with significant opportunities to upsell and cross-sell our products 28 and recurring subscriptions into our respective customer bases.

OLIDATED AMENDED CLASS ACTION COMPLAINT 15 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 19 of 84

55. DeWalt highlighted the “integrated” solution combining Mandiant’s endpo 2 MIR platform with FireEye’s web and email solutions, calling it proof of the “synergy

3 between the two companies: 4 We recognize Mandiant’s leadership and innovative approach in incident response and remediation and began collaborating nearly 5 two years ago. We formalized our partnership almost a year ago with the announced integration of the Mandiant Infinite Response 6 platform or MIR with our FireEye web and email MPS solutions. 7 Many customers have now deployed this integrated solution, proving the synergy potential between the companies. In fact, 8 some of the most important Fortune 500 companies now run this combined offering in production.

9 10 56 DeWalt stressed the importance of Mandiant’s MIR product: 11 [W]e see many synergies between the companies. First of all, FireEye can now leverage the MIR endpoint management 12 framework to port our virtual machine-based technology to the endpoint, expanding our TAM -- our total addressable market -- 13 and creating an end-to-end solution capable of protecting any company at any part of the architecture.

15 57 DeWalt further stated that the acquisition would allow FireEye to “cross-sell”

16 products to Mandiant’s legacy customers and vice versa, and that the product sales cycle 17 I shorten: 18 To further expand on the synergies, I believe there’s a number of additional near-term opportunities, including the ability to sell 19 FireEye’s existing products into Mandiant’s base of more than 500 customers, of which we have less than 20% overlap. Also, the 20 ability to sell Mandiant’s endpoint and cloud solutions into FireEye’s base of more than 1,500 customers, of which we have 21 less than 10% overlap. 22 With more than 50% of Mandiant’s bookings in products and subscriptions, the opportunity to grow products even faster is a 23 reality; also, the ability to sell Mandiant’s products and services internationally in the more than 40 countries where FireEye is now 24 present. Today Mandiant has less than 5% of its sales outside the US. This will be a key synergy opportunity for the joint 25 companies. 26 We also believe an immediate short-term synergy will be the length of the FireEye sales cycle. Being closer to the breach 27 created by the Mandiant service engine can significantly shorten the product cycles and increase the average sales price.

OLIDATED AMENDED CLASS ACTION COMPLAINT 16 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 20 of 84

58. Not surprisingly, analysts focused on the effect of the acquisition on products, 2 DeWalt again highlighted Mandiant’s MIR product:

3 Keith Weiss - Morgan Stanley – Analyst 4 [W]hat do you guys acquire today in terms of product, sort of the existing integration with Mandiant that you have today, that is 5 going to go into your sales guys’ tool bag on day one? 6 David DeWalt - FireEye, Inc. - Chairman, CEO 7 But this is the most exciting part, I think, of the combination, although the services side is a huge opportunity globally as well.

8 But when you look at the products, this really completes FireEye. 9 When we think about the vision we had set out to do earlier this year, we wanted to put virtual machines at every important 10 architecture point in the customer enterprise. So initially we have products that we can put into the FireEye sales teams.

11 What we call the Mandiant Infinite Response platform, this is an 12 endpoint solution that can sit on up to hundreds of thousands of host agents. Some of them are running in the biggest Fortune 500 13 companies in the world. 14 And what we can do is, again, take detection out of the network, pass it immediately to the endpoint, and remediate it in seconds. So 15 we have a really strong endpoint management platform. 16 There is sort of a heavier version of that that is called MIR and a lighter version of that called MSO, which is the Mandiant Security 17 Operations, MSO. That comes in an appliance form factor, can drop right into the FireEye sales and install base as well as cross- 18 sell into the Mandiant base. So those two big products sitting on the endpoint are really prime-time products to sell.

20 59. DeWalt further mentioned another combined product called IPS, based 21 Mandiant’s forensic capabilities, “in the next 60 to 90 days,” and referred to the strong

22 synergies”: 23 Then you alluded as well, there is another set of products that they offer. They have a series of sensors that they deploy as part of their 24 managed defense. These are some of the most critical and advanced intelligence signatures in the world.

25 A lot of what [Mandia] does and his team is collecting forensics. 26 These intelligence signatures can load onto our IPS product that we are working on. This product was just coming out in beta; we hope 27 to have it in production here in the next 60 to 90 days . And a real opportunity for us to create another major add-on product for the 28 Company and really unique, because it combines some Mandiant

OLIDATED AMENDED CLASS ACTION COMPLAINT 17 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 21 of 84

capabilities and some FireEye capabilities all into a combined offering that we have been working on.

2 ***

3 So the product synergies here are very strong. There’s other 4 products I will just say are in the pipeline as well that we are not announcing today, but we really feel good about some of the 5 product direction. 6 60. Sheridan reiterated that “product” would continue to be a “major growth driver”: 7 In terms of the long-term target model and our targets for operating margin and EBITDA margins and so forth, it is not going to 8 change it significantly, because if you look at the two businesses they are actually very similar. There is a bigger service component; 9 but as I mentioned in my comments, on a combined basis services are only going to make up 15% to 17% of our current makeup of 10 revenues. 11 So the product and the recurring subscriptions will continue to be major growth drivers for both. So I would expect that that target 12 model is going to be pretty close to what we discussed historically. 13 61. In addition to another analyst’s question regarding product versus service 14 Sheridan repeated that: 15 Yes. Raimo, yes, we talked about the 15% to 17% for 2014; and without talking about specific percentages outside of that time 16 frame, I would tell you that the products and the recurring subscriptions of course will grow faster as a business than the 17 services. 18 This is in no way to diminish the critical nature of the services. They’re strong margins; they’re premium; and they create a lot of 19 pull for the products. But if we execute on the strategy we are articulating, you will continue to see that product and product 20 subscription and recurring revenue growth outpace the service part of the business, which would therefore imply that s ervices as 21 a percentage should move to a smaller percentage than that over time.

22 23 Sheridan repeated that product would outpace services in response to a third analyst:

24 Gregg Moskowitz - Cowen and Company – Analyst 25 Then just for Kevin or Mike, I know that in total Mandiant had been growing over 50% and you expect product to grow faster than 26 the overall business going forward. Just wondering if in 2013, if there were significant differences in the growth rates by segment 27 across recurring subscriptions, products, and incident response.

OLIDATED AMENDED CLASS ACTION COMPLAINT 18 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 22 of 84

1 Michael Sheridan - FireEye, Inc. - SVP, CFO 2 So we haven’t broken out those numbers; but as I mentioned before, generally speaking what you would expect in 2013 is what 3 I discussed for 2014, which is that the product and recurring subscription part of the business has grown faster.

5 62. Yet another analyst asked whether the combined company would have a 6 services component, but Defendants again reiterated that product was the focus: 7 Brent Thill - UBS – Analyst 8 Dave, do you think over time this looks like a traditional software company, or is it always going to have a heavier consulting 9 services mix to the business? 10 David DeWalt - FireEye, Inc. - Chairman, CEO 11 Yes, Brent, that’s a good question.... I think it looks more like a product company than anything else, clearly. I mean, Mike 12 Sheridan articulated this is 82% to 85% product and product subscriptions. We have 15% to 17%-ish coming from services in 13 the model that he outlined. That is pretty traditional software, big software kinds of companies, if you are thinking of the Oracles and 14 SAPs of the world. So we don’t think we are out of bounds with that.

15 ***

16 So you think of the service now, as you think of these models, this 17 is what I think security is going to: combinations of products and services where the majority will be product, a large majority ; but a 18 critical and essential element of it for security will be services components.

20 63. The market responded positively to the purported product enhancement from

21 merger. A January 2, 2014 TheStreet.com article noted that “[t]he merger should help FireEye

22 strengthen its current cybersecurity products.” Further strengthening this impression, in a

23 separate January 2, 2014 press release, FireEye increased its guidance for 4Q13, with expected

24 revenue of between $55 million and $57 million for 4Q13, compared to previous guidance o 25 $52 million to $54 million; total revenue for FY13 of between $159 million and $161 million

26 compared to previous estimates of between $156 million and $158 million; total 4Q13 billings o 27 $95 to $100 million, compared with previous guidance of $82 to $86 million; and total billing

OLIDATED AMENDED CLASS ACTION COMPLAINT 19 NO. 5:14- CV-05204-EJD Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 23 of 84

1 for FY13 of between $254 and $259 million, compared with previous guidance of $240 to 2 I million. 3 64. On January 3, 2014, the day after FireEye announced the Mandiant

4 and increased guidance, the Company’s stock price soared, closing up 39%.

5 C. Defendants Conceal Significant Problems With Mandiant’s Flagship MIR Product

6 7 65. At the time the Mandiant acquisition was announced, Defendants were aware 8 Mandiant had significant issues with the MIR endpoint product that was ostensibly the m 9 reason FireEye acquired Mandiant. 10 66. CW1 was a former Sales Engineer in Houston, Texas for Mandiant, and 11 FireEye following the acquisition, from July 2013 to August 2014. As a Sales Engineer,

12 worked in conjunction with the sales team as the key technical advisor for Mandiant’s pro

13 offerings. He reported to John Bradshaw, Worldwide Director of Sales Engineers.

14 67. According to CW1, the issues with the integration of Mandiant’s products 15 FireEye’s products began immediately following the acquisition. CW1 indicated that there

16 significant product issues on the Mandiant side while trying to integrate these products 17 FireEye, noting that “FireEye only elongated the pain that their customers were feeling 18 these product issues.” CW1 stated that the internal estimates for fixing these issues (at the

19 of his departure in August 2014) were 1Q and 2Q of 2015. CW1 observed “that was too long

20 a paying customer to suffer through.”

21 68. According to CW1, the main issue was with MIR, a solution whereby a ser

22 could have up to 10,000 endpoints monitored. If a customer had additional endpoints, such 23 20,000 endpoints, they needed two servers. CW1 stated that Mandiant did some infrastruct

24 changes on the backend of this product in November 2013. As a result of these changes, 25 had scalability issues and was unable to scale past 3,000-4,000 endpoints without

26 offline.

27 69. CW1 stated that FireEye continued to sell MIR to customers and had its 28 teams “babysit” the customers until they developed a fix for this product in the e

OLIDATED AMENDED CLASS ACTION COMPLAINT 20 NO. 5:14- CV-05204-EJD Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 24 of 84

1 timeframe. According to CW1, after a customer bought MIR it took approximately one qua 2 to roll the product out. CW1 indicated that FireEye was trying to stall the customers w

3 workarounds as they deployed the product. Customers with 10,000 endpoints, for example, w 4 told that it was going to take some time and testing, and control procedure changes, before t

5 could expeditiously have all 10,000 endpoints running. CW1 noted that the idea was to “s 6 things down with the customers as best as you can until the fix comes out.” CW1 stated 7 FireEye continued to tell customers that MIR could fully scale when they knew the product 8 flawed and unable to. He added, “we kept telling the customers that one box could han 9 10,000 endpoints when, in reality, it couldn’t handle half of that.” 10 70. CW1 noted that FireEye received very irate customer feedback on MIR during 11 tenure with the Company. According to CW1, many of these customers wanted to return

12 product or drop the solution entirely. Certain customers that had their solutions managed 13 Mandiant through FireEye’s Managed Services, were (and still are) getting an older version 14 the software which is much more stable, but those customers buying the product that planned

15 managing the product themselves get the flawed, most recent version of MIR. CW1 stated th

16 many of those customers left for competitors such as CrowdStrike and AccessData. 17 71. CW1 stated that FireEye knew immediately about these issues after acquiri 18 Mandiant because the flawed version of MIR came out in November 2013 and the acquisiti

19 was in January 2014.

20 D. Defendants Update Market on “Smooth” and “Rapid” Mandiant Integration

21 22 72. On the February 11, 2014 4Q13 earnings call, DeWalt updated the market on th 23 Mandiant integration by saying: “From a personnel perspective, the two organizations are highl

24 complementary. We’re already working together in a number of projects before the acquisition

25 and, as a result, the integration is progressing rapidly and smoothly.”

26 73. Contrary to CW1’s observations regarding significant problems integrating MIR

27 with FireEye’s solution, DeWalt emphasized “Mandiant’s endpoint products, which were alread

28 integrated with the FireEye platform before the acquisition...and are now be [ sic] marketed a

OLIDATED AMENDED CLASS ACTION COMPLAINT 21 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 25 of 84

1 the endpoint solution of the FireEye platform.” DeWalt then stated that “[t]he engineering

2 product management teams have been fully integrated and are already tightly connected and

3 at work at planning additional enhancements as well as entirely new offerings.” 4 74. DeWalt again highlighted “product synergies,” stating that “[t]o summarize

5 integration effort, we’re moving along quickly to bring the two organizations together. As 6 teams meet with one another, the synergies across every segment of the combined product 7 map become more and more evident.” 8 75. DeWalt acknowledged that “[d]eveloping a strong channel is also critical 9 reaching the scale necessary to execute on this vision” of the combined company, and praised

10 reaction of channel partners to the acquisition and integration: 11 I’m pleased to say that the customer and partner response to this vision has been overwhelmingly positive . In the past few weeks, 12 we’ve hosted a series of webcasts for customers, partners, and prospects. Participation had run in to the thousands on each, and 13 every time, the participants have been highly engaged.... Last week, we hosted Momentum, as I mentioned, our annual partner 14 event in conjunction with our internal sales kickoff, where we trained another 350 channel representatives, including 135 reps 15 from international distributors and resellers. In addition to the benefits of having partners train side-by-side with the FireEye 16 sales team, one of the highlights of Momentum was the partner showcase, featuring more than 20 technology alliance partners.

17 ***

18 I wish you all could’ve been at our Momentum event. It was 19 absolutely emotional and moving to see the mission that Mandiant had, the mission that FireEye had, teams coming together, the 20 teams working together, the eye of the tiger that we had, the partners feeling that, the training that they felt. It was all creating 21 an environment that you only wish you had as an executive, and we gathered that. There were a lot of good surprises, positive 22 things. The partners rallied for us, and we hope the best is yet to come.

24 76. DeWalt continued to highlight the importance of products for the

25 company, stating that “We have a series of new products rolling out, going into the first quarte

26 and the second order that we haven’t announced yet, that are really organic between the two. W

27 think we’ve got a really nice place now to add products to the sales and marketing engine we pu 28 in place.” To that end, DeWalt also stated that:

OLIDATED AMENDED CLASS ACTION COMPLAINT 22 NO. 5:14- CV-05204-EJD Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 26 of 84

1 Our ability to scale of the Mandiant business is really a matter of selling products now. We’re going to continue to scale services

2 people, but not at a faster pace than we are going to be selling products.

3 We talked about 15% to 17% would be service oriented in our

4 model, moving forward on the last call. There’s no change to that. As we sell more and more product, it’s all about the automation of

5 that service component.

6 E. Defendants Sell Millions in Stock Following FireEye’s Secondary Offering

7 77. On March 6, 2014 FireEye completed a secondary offering of its stock. T

8 Company raised approximately $1.1 billion and sold 14 million shares at $82.00 per share, m

9 than four times the IPO price.

10 78. Mere days after the follow-on offering, the Individual Defendants sold t

11 shares at $79.54, near all-time highs, and earned tens of millions of dollars in proceeds.

19 F. FireEye Misses Consensus Product Revenue in 1Q14

20 79. On May 6, 2014, FireEye announced 1Q14 results and disclosed that product

21 revenue only grew 62% y/y to $24.3 million, versus consensus of $30.2 million. According to a

22 May 7, 2014 Barclays analyst report, “management... noted that several large customers opted

23 for subscription vs. product deals which also impacted product growth this quarter.”

24 80. Similarly, a May 7, 2014 Deutsche Bank analyst report viewed the decrease in

25 product revenue growth as a “negative” but also noted that management was “sticking to their”

26 product/services mix guidance for 2014:

27 [P]roduct sales (which drive overall momentum) of $24.3m were light compared to our $26.0m estimate and at 33% of the overall

28 mix were below the 40%-45% mix that FireEye guided to for 2014 . Mandiant product sales were <$1m, implying ~55% product sales OLIDATED AMENDED CLASS ACTION COMPLAINT 23 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 27 of 84

1 growth for standalone FireEye, down from 60%-80% growth throughout 2013. FireEye said that 1Q14 deals simply skewed 2 more to subscription/services... and that they are sticking to their 40%-45% mix guidance for 2014.

3 4 81. Other analysts noted the decline in product revenue of 25% quarter over quarter.

5 A May 7, 2014 Cowen and Co. analyst report stated that “product revenue was 6 lighter than expected... [it] was disappointing and fell meaningfully short of the Street’s ~$3 7 I forecast.” A May 7, 2014 Morgan Stanley analyst report noted that “despite 60% growth in 8 customer base and >130% growth in sales capacity in Q1, product billings lagged, up 9 estimated ~42% YoY organically in Q1, a deceleration from 78% growth in Q4.” The Mor 10 Stanley report also noted, however, that management had highlighted continued strong prod

11 growth from the Mandiant integration despite the disappointing 1Q14 results: 12 [M]anagement noted several positive indicators for continued strong top-line growth, including the quick pace of integration of 13 the Mandiant business and significant new product both in the market today (mobile security, cloud-based email, threat 14 monitoring, high-end/low-end appliances) and coming in 2014 (4 new services, including the GA of its IPS solution.)

15 16 82. Notwithstanding the underperformance of product, DeWalt touted the 17 benefits of the combined company on the May 6, 2014 1Q14 earnings call: 18 In Q1 we had a record number of transactions, a record number of new customers. We also had a record number of deals that over $1 19 million, and a record number of partner-assisted transactions. Including the Mandiant business, we had a record number of 20 cross-sell opportunities, with 15 significant deals where we sold Mandiant and FireEye together. These included some of the largest 21 transactions in the quarter, and included a Fortune 500 insurance company, large high tech companies and large retailers.

23 83. A May 7, 2014 Wells Fargo analyst report stated that “New Product 24 Continues. As expected, FEYE saw many cross-sell transactions with Mandiant 25 including several multi-million deals.” 26 84. DeWalt also denied that competition was affecting FireEye’s product sales, 27 though analysts noted that FireEye faced increasing competition, with a May 5, 2014 28 Bank report stating that “FireEye now has a host of emerging rivals and at the recent RSA

OLIDATED AMENDED CLASS ACTION COMPLAINT 24 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 28 of 84

1 it felt like every security IT vendor was selling an APT solution.” At the May 20, 2014 2 Morgan Global Tech Media Telecom Conference, DeWalt also referenced the RSA event:

3 Sterling Auty - JPMorgan - Analyst 4 The other thing that I wanted to touch upon, because it’s tough for the investors. So if we go prior to FireEye even going public, I 5 think when you were talking about advanced persistent threats and the type of model that you had, it was very unique. Suddenly, you 6 come public, and there’s lots of media attention, etc. Now I pick up and I go to a website, if I go to Fortinet, or if I go to Palo Alto, or if 7 I go to Sourcefire, if I go to a number of these – I see a lot of the same terminology. I see APT protection. I see Zero-day protection. 8 How is it for an investor, let alone a customer, easy to understand exactly are you still different or are these solutions good enough to 9 actually compete with what you have? 10 Dave DeWalt - FireEye, Inc. - CEO 11 You were at the event called RSA. Some of you probably know this. Thirteen hundred-plus security vendors there . I think every 12 one of them said they had an APT solution now .... So yes, the competition is starting to market in the direction of, I’ve got an 13 APT too.... 14 85. On the 1Q14 call, DeWalt responded to an analyst’s question

15 competition by stating that “[t]he head-to-head battles with any competitor in the market 16 I resulted in near flawless execution and win rates. I would say 100%, but I’m sure there is 17 out there that we lost to some competitor, but our win rates are dramatic when competing head 18 head with a product bake-off,” and further stating that a competing product named 19 from Palo Alto Networks had had no impact on the Company’s business: 20 [O]ur renewal rates are spectacular, first of all. 21 Second of all, our win rate is spectacular; any conversions to a competitor that you just named, to my knowledge, is zero. I have 22 not seen a single transaction when somebody moves from FireEye to Wildfire . When I look at Wildfire, that product is highly 23 ineffective in the marketplace where these types of attacks, a million reasons I could go on and on about. But I have not seen 24 any of that, I don’t anticipate seeing any of that. 25 In fact, there [are] many accounts where we go into where Wildfire was already sold and we had FireEye behind it, and on top of that 26 our detection efficacy doesn’t change one bit, whether that product was in front of us or behind it. The way I look at this is that 27 technology is having almost zero influence on these advanced detection models that are out there, in my opinion. So I just don’t 28 see that technology as something that is there right now to changing our business model. OLIDATED AMENDED CLASS ACTION COMPLAINT 25 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 29 of 84

1 So a little – a little aggressive statement, but it is what it is. I don’t see them as a major factor for us right now.

3 86. DeWalt further asserted that “we generated explosive growth in

4 pipeline for the Company.... I alluded to a little bit some of the explosive pipeline growth we

5 having, and lead generation that’s occurring. The amount of proof of values that we have in 6 pipeline, and all that kind of capulates [ sic] on our optimism for the remainder of the year.” 7 87. DeWalt also responded to direct questions on the status of the 8 integration, but did not disclose any problems: 9 Melissa Gorham - Morgan Stanley - Analyst 10 Question for Dave on the integration of Mandiant, just wondering if you are now well integrated with Mandiant or if there is more 11 work to do from a go-to-market and distribution perspective, and just wondering if you have any anecdotal color on how the 12 integration is resonating with your customer base?

13 David DeWalt - FireEye Inc - Chairman, CEO 14 We made a lot of progress. If you recall from our acquisition announcement back in early January, the nice part about this 15 combination was we were quite familiar with each other beforehand.

16 We had the products integrated at least at some level, and the 17 endpoint platform and network platform that FireEye had, had ways of handshaking intelligence that we could do detection to 18 response. We are integrating that even further. 19 In fact, we’ve now integrated a whole work flow, a single pane of glass, so we can go from network events to remediation and 20 response on endpoints, to a common console. We are working on extended endpoint features that we’ll announce soon and there is 21 more development under way there, so we are off to a really good start from a products point of view.

22 ....Then we have a number of other new products coming out, 23 intelligence products. Product-wise, pretty far along, but always more integration to do and more work to do.

25 88. DeWalt also stated that the sales teams were “fully integrated” and did 26 disclose any issues with FireEye’s channel partners following the acquisition: 27 On the go-to-market side, almost from the first day we integrated the go-to-market model, meaning that the FireEye sales team 28 would sell every Mandiant product. And it is one of the reasons why we are not breaking out everything either, is because the go- OLIDATED AMENDED CLASS ACTION COMPLAINT 26 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 30 of 84

to-market model is fully integrated at this point; from the comp plans, to what they sell, to how they deliver it . We also trained and 2 certified all the partner channels and got them up to speed on a combined FireEye/Mandiant product, albeit halfway or three- 3 quarters of the way through the quarter, but we made progress with both the field and telesales models of FireEye, with the partner and 4 channel models of FireEye.

5 89. DeWalt detailed the importance of the channel partners to FireEye: 6 But the three areas I really focus myself on is first, recruiting partners and getting partners to sign with us and commit with us 7 and getting them on board. 8 *** 9 The second metric that is important is the amount of leads coming from that partner community, and I mentioned a little earlier we 10 had 50% of our business or more coming from partners now in closing. That we’re assisting them in the close. That’s a really nice 11 metric that’s expanding. 12 And really, the third metric is how many no-touch deals are we getting from the channel, as well, and I noted that was a record for 13 us in the number of no-touch deals we received. Of course, we’re a channel company entirely, meaning 90% plus of our business goes 14 through the channel, we don’t have direct models here. 15 So when you look at these metrics of how many you signed up, how many leads you have coming in that closed, and how many no 16 touches you have the trends and indications are in the right direction for us in terms of what we are doing.

18 90. DeWalt summed up his positive message by reiterating: 19 So, you know, my main message is this. We’ve performed very well this past quarter, I feel. We had one of our best quarters ever 20 on so many fronts. I mentioned them, the size of our expansion in products, in pipeline, marketing activities, competitive edges, 21 competitive win rates . It is the best, you know, we felt like we could do and deliver this quarter, so that felt good. We raised 22 guidance, the outlook looks positive for the Company. The competitive landscape looks good .

23 24 91. On the news that product revenue was significantly below market 25 however, FireEye’s stock price declined 22.84%.

OLIDATED AMENDED CLASS ACTION COMPLAINT 27 NO. 5:14- CV-05204-EJD Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 31 of 84

1 G. In Reality, Integration Problems, Channel Friction, And Competition Adversely Impact Product Sales

2 1. Integration Problems Cause Delays in Sales Cycles

3 4 92. CW2 was a former Regional Sales Manager at FireEye from September 2011

5 through September 12, 2014. CW2 sold all of FireEye’s products (Malware Protection Platfor 6 as well as Mandiant’s services (after the acquisition) to customers in the southeast regio 7 including Florida, Georgia and Bermuda. During part of his tenure at the Company, CW 8 reported to Bill Kurpiel, the Senior Director of Sales, who reported to Jeff Williams, Senior Vi 9 President of Sales, Americas. who in turn reported to DeWalt. CW2 later reported to Jo 10 McGee, VP of North America, 3 when his job transitioned.

11 93. According to CW2, the Mandiant acquisition added 500 employees to the 12 force. CW2 stated that the drastic increase in inexperienced personnel had a detrimental a 13 disruptive effect on many of FireEye’s processes including training, sales processes a

14 ultimately revenue generation. CW2 further stated that the Mandiant acquisition created “a lot

15 confusion” that slowed down FireEye’s sales. CW2 recalled that when fiscal 2014 started, the

16 was mass confusion, caused in part by a complete lack of integration between Mandiant’s a 17 FireEye’s respective systems in 1Q14. 18 94. CW2 recalled mass confusion at the sales level, specifically. He explained 19 FireEye kept “rebranding” products and the sales personnel did not even know the name of th

20 product from one day to the next. According to CW2, the Mandiant acquisition created a lot o 21 difficulty and havoc for the FireEye personnel that were in the field trying to make sales. H

22 explained that the addition of so many new sales people as a result of the acquisition create

23 chaos in the marketplace. For example, in 2014, CW2’s region, which he had handled for ove 24 two years, was divided between six people, so CW2 lost a lot of his own pipeline to others 25 CW2 stated that the new people did not have the institutional knowledge that he had, and in an

26 event, no-one knew how to integrate the new Mandiant services into sales.

27 3 CW2 explained that Williams had been in charge of Global Sales until the Compan 28 brought in McGee in August 2014. Williams then reported to McGee.

OLIDATED AMENDED CLASS ACTION COMPLAINT 28 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 32 of 84

1 95. CW2 further stated that because Mandiant’s systems were not integrated into 2 FireEye’s, people did not know who was supposed to sell what, where, resulting in a “total los

3 of brain power” when they could no longer rely on the field to assist the new people because 4 “even the field doesn’t know what’s going on anymore.” CW2 explained that “just the shee

5 fact of adding people delayed” sales dramatically. He explained that the new personnel did no 6 know the technology or the nuances of FireEye’s products so the “ramp” took a very long time 7 Conversely, sales personnel could not even quote Mandiant services for months. 8 96. CW2 further stated that although the acquisition might have looked good “on 9 paper,” in reality “the execution was atrocious.” CW2 recalled that prior to the acquisition, he

10 could get equipment orders out within a week, but once Mandiant was involved the sales cycle 11 increased to a month or more. According to CW2, the increase in sales cycle occurred because

12 after the acquisition, “you don’t get one [FireEye] without the other [Mandiant],” causing majo 13 delays in the sales cycle. CW2 recalled attending meetings where, given all the problems tha 14 they were having, ways to improve the sales process were frequently discussed.

15 97. According to CW2, immediately after the acquisition he (and all the sales force

16 were encouraged by management to sell services over product, and were instructed

17 management to focus on getting retainer agreements in place – even though FireEye did n

18 charge for being placed on retainer – so that if a customer suffered a security breach, FireE

19 would have direct and rapid access to its systems.

20 98. According to CW2, the directive to promote service and/or zero dollar retai 21 took a tremendous amount of time away from selling products. CW2 recalled that in 2Q14, ther

22 was a sales promotion (“SPIFF”) to do “eval-less” (no testing) deals by selling services. CW

23 explained that he and the others in the field were incentivized to sell services by giving them

24 more money to promote them, even though prior to that time, CW2 had “zero, maybe one” dea

25 without a customer testing the product in the over two year time period that he was at th 26 Company. According to CW2, many of the newer sales representatives focused on the service 27 because they were incentivized by the SPIFF, and by doing so they slowed down the sales o

28 products.

OLIDATED AMENDED CLASS ACTION COMPLAINT 29 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 33 of 84

1 99. According to CW2, FireEye and Mandiant were “two different worlds.” He 2 explained that when the sales team would approach a customer, there would be two different

3 people/departments within the organization that would be making the decision depending if it

4 was a product or service issue. CW2 stated that the addition of Mandiant did not open any sales

5 opportunities in his region. He noted that even though the field sales team received a directive to 6 push Mandiant and its services, customers did not want to “talk” about Mandiant and its services 7 100. CW2 stated that the integration was a nightmare, particularly given the cultur 8 clash between the two companies. He described Mandiant as a “federal company” based out o 9 Washington DC where people wore suits and ties, whereas FireEye was traditionally “ver 10 loose,” they would ship things out fast and get the deal done whereas Mandiant was “ver

11 regimented and process oriented.” CW2 recalled efforts internally to rectify the problems. 12 101. According to CW2, FireEye used Salesforce to track sales. CW2 recalled tha

13 sales personnel were definitely reporting the problems in the field to Williams as well as CW2’ 14 direct manager, Jim Brannigan. 15 102. CW3 was a former Senior Director of Infrastructure and was employed at th 16 Company from March 2010 to August 2014, beginning his tenure as a consultant at FireEye an 17 then transitioning to be the Director of IT, then the Senior Director of Infrastructure at th 18 Company. He reported directly to the Chief Information Officer, who in turn reported to DeWalt 19 CW3 was responsible for various IT functions at FireEye including the corporate infrastructure

20 customer base and, at one point, the cloud. 21 103. CW3 stated that the Mandiant integration was difficult and the

22 expectations unattainable. CW3 noted that the Company decided to do a mass lay-off in Au 23 2014 – the same time McGee was brought in as head of sales – because the Mandiant integr

24 was not going well. According to CW3, “it took forever to do anything” which imp 25 “business as a whole.” CW3 stated that ultimately FireEye lost a “percentage” of bus 26 because of the execution problems, and characterized the integrations as a “near nightmare.” 27 104. CW3 further stated that another problem with the integration was on the 28 level, as the sales personnel at FireEye were expected to sell “this massive list of stuff” fo

OLIDATED AMENDED CLASS ACTION COMPLAINT 30 NO. 5:14- CV-05204-EJD Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 34 of 84

1 the acquisition and no one knew how to do it. CW3 stated that at the field level there was a 2 “inability” for the sales people “get their arms around” what they needed to sell.

3 105. CW1 also observed the many integration issues, including the issues integratin 4 the most recent MIR product with FireEye’s platform, see supra §V.C.

5 106. CW4 was a former Director of Strategic Solutions at Mandiant and then th 6 combined Company from November 2013 to May 2014, and Chief Cyber Solutions Strategis 7 from May 2014 to September 2014. According to CW4, there were “so many” problems relate 8 to the acquisition and integration of Mandiant. CW4 stated that a “huge amount of issues 9 stemmed from the different grades of quality of personnel from each Company, along wit

10 multiple people from each of the companies serving in duplicate roles. 11 107. CW4 explained that the integration went so poorly because of a completel 12 different caliber of people, product and customer (business) development, and that it wa 13 immediately apparent following the acquisition that the two different cultures did not mesh wit

14 one another. CW4 stated he was amazed at how quickly it became clear that was no synerg 15 between the two companies. 16 108. According to CW4, everything that happens at FireEye is led by DeWalt, w

17 was viewed as a “god.” CW4 noted that at all FireEye offices (including Europe) there had to

18 a picture of DeWalt hanging on the wall. According to CW4, “there is one boss, o

19 controller.” 20 109. CW4 recalled attending many meetings where revenue and projections of 21 business units, Mandiant and FireEye, were discussed. CW4 recalled discussions as early

22 within the first week or two of the acquisition that the FireEye side of the business was suffering 23 CW4 attended meetings in Washington, D.C. where they would look at the projections and

24 consensus was “this is just crazy.” According to CW4, one thing that really upset him and h 25 Mandiant colleagues was that FireEye operated with two different sets of sales and projection

26 numbers. CW4 stated that there were figures within Salesforce, and another set of figures on

27 completely separate spreadsheet that were generated by a separate system. According to CW 28 he and others were being held accountable for the numbers on the spreadsheet rather than thos

OLIDATED AMENDED CLASS ACTION COMPLAINT 31 NO. 5:14- CV-05204-EJD Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 35 of 84

1 that they could access through Salesforce. CW4 described the spreadsheets as an

2 reporting mechanism” that were sent to DeWalt and other senior executives, and that the

3 spreadsheets were “not a reflection of reality.” 4 110. CW5 was a former Senior Manager of ISS from August 2013 to January 2015

5 CW5 described himself as a Manager of FireEye’s back-office business. He reported to Alden 6 Huen, Senior Manager of Business Systems. 7 111. According to CW5, the Company’s business analytics team used Salesforce 8 CW5 worked on integrating FireEye’s Salesforce system with Mandiant’s. CW5 stated that Jim 9 Crum, Business System Manager, Salesforce, was in charge of Salesforce at FireEye, and was 10 CW5’s counterpart when the Company introduced new products. 11 112. CW5 stated that from a systems perspective, the Mandiant integration was 12 difficult. He explained that even by the time he left the Company in January 2015, Mandiant stil 13 had not brought over some of their systems because they were continuing to rely on a financia

14 system named NetSuite. CW5 further stated that Mandiant also used a program called OpenAir

15 a product management software that manages services and feeds into Salesforce. CW5 stated 16 that FireEye did not use OpenAir prior to the acquisition.

17 2. Integrating Sale of Mandiant Services Causes Channel Friction 18 113. CW2 also described problems with channel partners as a result of the acquisition 19 He explained that historically, FireEye sold its products through the channel partners including 20 Northrop Grumman, Lockheed Martin, FishNet Security, and Oculent, etc. The channel would

21 represent, i.e. , purchase products for, FireEye’s customers. According to CW2, the channe

22 provided services to those customers along with other products. CW2 stated that when FireEye

23 acquired Mandiant, however, FireEye began competing directly with the channel’s primary

24 source of revenue, namely, services. He explained that FireEye sold services at a lower margin

25 ruining the relationships that FireEye had with its channel partners. CW2 further stated that once 26 Mandiant was brought in, the channel customers “did not trust” FireEye because of the services

27 component. CW2 recalled that it became “very apparent immediately” that the loss of channe 28 business was a “very big deal.”

OLIDATED AMENDED CLASS ACTION COMPLAINT 32 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 36 of 84

1 3. Increasing Competition Reduces The Pipeline 2 114. CW1 witnessed the Company’s pipeline getting “extremely small” as custom

3 experiencing issues with the most recent version of the MIR product, see §V.C. supra, left

4 competitors, and decided to resign from the Company in August 2014.

5 115. CW5 observed that FireEye encountered a lot of competition in the marketpla 6 when it came to its legacy products. According to CW5, the Mandiant customers were reluct 7 to give up the end-point detection product (MIR) that Mandiant had previously provided th 8 customers. It was CW5’s understanding that the customers were reluctant to replace with 9 upgrade to FireEye’s new integrated product because it was significantly more expensive 10 According to CW5, his team wanted to integrate Mandiant’s systems with FireEye’s but could

11 not because the old Mandiant product required that Mandiant maintain their NetSuite software 12 CW5 noted that anything that required NetSuite also required FireEye to keep the legacy 13 Mandiant Salesforce running and their business applications “alive,” making it apparent which

14 customers had refused to purchase or upgrade to the integrated FireEye product. 15 116. According to CW5, the Company had good visibility into every sale. CW5 stated 16 that when a sales opportunity was logged into their systems, it included a percentage o

17 probability of closing. CW5 stated that the Company had reports through their Oracle Busines 18 Intelligence software (“OBIEE”) that broke down each product sale in real-time, or at leas

19 nightly by warehouse. According to CW5, the Cloud Services and the Mobile Email Prevention

20 products did not sell well and “did nothing,” and it was very clear in 1Q14 that they would not be

21 successful. 22 117. CW6 was a former Senior Revenue Manager at FireEye in the United Kingdo 23 from May 2014 to August 2014. He interfaced the U.S.-based revenue. CW6 stated that

24 quarter-end, the executives and personnel like him were all in a “war room” on the last days o 25 the quarter calling sales personnel to see if specific deals would close by quarter-end. CW6 26 further stated that DeWalt, Sheridan, and Mandia were “definitely hands-on.” CW6 stated tha 27 in 2Q14, the executives were on the phone and knew the likelihood of specific deals closing

28 quarter-end.

OLIDATED AMENDED CLASS ACTION COMPLAINT 33 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 37 of 84

1 118. CW6 confirmed that FireEye used Salesforce to track deals, and that

2 updated everyone at FireEye “constantly.” CW6 stated that within Salesforce, one could tell the

3 likelihood of each deal closing by quarter end, and “what deals were where.” According to 4 CW6, as with most software companies, most deals at FireEye closed in the last week or day o

5 the quarter. He explained that because of this, it was important to track which deals where a 6 certain points, with anyone with experience in the industry exactly what is happening with thei 7 deals. According to CW6, there are accordingly very few surprises at quarter end. 8 119. CW7 was a former Senior Director of Sales from May 2014 to April 2015. 9 was part of the sales teams and confirmed that the Company actively used Salesforce to tra 10 each deal. CW7 participated in weekly calls with various regions to discuss sales. According 11 CW7, the weekly calls were led by the area vice presidents, and there were also quarte

12 meetings with the entire sales force.

13 H. FireEye Announces A Change in Revenue Recognition For Its Email Product And Appoints a New Head of Sales

14 15 120. On August 5, 2014, FireEye announced 2Q14 results and issued a separate

16 release announcing that John McGee, formerly Executive Vice President, Worldwide 17 Operations for Informatica, had joined FireEye as the Company’s Senior Vice 18 Worldwide Sales. The press release noted that the former head of sales, Jeff Williams, 19 to Senior Vice President, Americas Sales, reporting to McGee. 20 121. On the earnings call the same day, DeWalt touted the combined Company’s

21 product engine” and the “conversion rate” to product sales from customers using

22 services: 23 Finally, through the efforts of our engineering, threat research, and infinite response teams at the combined Company, we accelerated 24 our new product engine, and transformed FireEye from a Company with just two network-based products a year ago to one with 20- 25 plus products today, integrated across the Endpoint network and the cloud, all wrapped with a suite of services, including our 26 Managed Defense offering, which is now deployed worldwide. 27 *** 28 Finally, Mandiant’s respected Infinite Response practice has expanded to our go-to-market strategies with services-led sales OLIDATED AMENDED CLASS ACTION COMPLAINT 34 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 38 of 84

1 models. When we lead with Infinite Response services, the conversion rate for product sales or Managed Defense is very 2 high.

3 122. DeWalt further stated that “[w]e also increased the number and the value of 4 that included multiple products , including cross-sell of FireEye and Mandiant products.... 5 successful as we have been with the largest of the G2K, or the Global 2,000, there’s still ple

6 of opportunity in this market segment, in terms of both new logos, and the opportunity to cr 7 sell and up-sell to the existing customers we have.” 8 123. DeWalt noted the importance of product sales to the Company’s growth 9 purported competitive edge in announcing the new head of sales: 10 As the Company moves into this critical next phase of our growth , I’m also very excited to announce that Jeff Williams, our current 11 head of sales, will be staying on as our new Senior Vice President of Americas, reporting to John. In this capacity, Jeff will continue 12 to be a vital part of our global Executive Management Team, and help drive the Company to the next level.

13 On the product front, we’ve continued to invest in both platform 14 expansion and enhancements to our existing products, as well as threat-detection technology and threat intelligence. I believe that 15 maintaining this balance between enhancements to existing products, and the introduction of new products, all supported by 16 the industry’s most comprehensive threat intelligence, is the key to maintaining our multi-year technology lead in supporting our 17 growth. 18 124. DeWalt denied that appointing a new head of sales implied a

19 reorganization or any problems in the sales force:

20 Rick Sherlund - Nomura Asset Management – Analyst 21 [O]n John McGee, are you planning on any changes, restructuring and so forth of the sales organization? We’ve found historically 22 that can be kind of disruptive. If you can address what your plans might be there?

23 Dave DeWalt - FireEye Inc - Chairman, CEO

24 [T]he answer to your question is no, we’re not do anything 25 restructuring in sales operations. We’re tuning it a little bit.... But for the most part, sales is doing great. We’re scaling 26 internationally. We have multi-vectors of sales we’re doing, both inside sales, partner sales, service-led sales, and product sales. For 27 the most part we feel pretty good about what we’re doing. We’re just trying to bring in some new leadership to help get us to the 28 next level, and quite frankly, just augment what we’ve got. No major change there. OLIDATED AMENDED CLASS ACTION COMPLAINT 35 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 39 of 84

125. Sheridan similarly did refer to an official restructuring of the sales force,

2 only to “cost savings” from personnel “consolidations”:

3 We’ve had sufficient time as combined operations to identify opportunities for cost synergies, and we have initiated a process in 4 the third quarter to optimize our spending.

5 We expect to achieve these cost savings in Q3 and Q4 of this year, and we expect that they will relate primarily to personnel 6 resources and facilities consolidations. We expect to incur one- time charges in the next two quarters related to these efforts, and 7 these charges will primarily be comprised of severance cost and excess lease commitments.

8 126. In response to a question on whether the integration had shortened the sales

9 DeWalt claimed that it had:

10 Rick Sherlund - Nomura Asset Management – Analyst

11 [O]n the sales cycle, any comments in terms of with Mandiant, has 12 it – and the branding benefit you get from that and the publicity around Target and some of the others? Have you seen any material 13 shortening of the sales cycle?

14 Dave DeWalt - FireEye Inc - Chairman, CEO 15 One of the things that Mike alluded to in his script was improving our cross-sell between FireEye’s base and Mandiant’s base, and 16 Mandiant’s stuff back to FireEye.... We like what we’re seeing. They are shortening the sales cycle, especially where the Infinite 17 Responding-led model starts. 18 127. Similarly, in response to another question regarding sales cycles, DeWalt failed 19 disclose that the Company seen an elongation in sales cycles, and denied that competition 20 having an effect on business:

21 Rob Owens - Pacific Crest Securities – Analyst 22 [D]ave, as you look at the market place, you mentioned you’re doing a better job of cross-selling. Talk about new customer 23 acquisition, because it seems like there’s a lot of noise out there from competition. Are you seeing any elongation in sale cycles , or 24 just how that’s playing out?

25 Dave DeWalt - FireEye Inc - Chairman, CEO 26 I think that’s the heart of what we watch and monitor here .... We certainly did a lot better in Q2 than we did in Q1 when it came to 27 cross-selling of FireEye-Mandiant technology, and even selling multiple products, as Mike mentioned, into FireEye cases in the 28 FireEye customers. Then it’s just the upsell is the last one – selling more product to the same customer. All those keep moving OLIDATED AMENDED CLASS ACTION COMPLAINT 36 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 40 of 84

1 positively. The competition really hasn’t had any impact that’s of notice. Quite frankly, our win rates are extraordinarily high across 2 the board.... whenever we’ve competed directly, we have a very high win rate – near 100% win rates.

3 4 128. When yet another analyst asked about competition, DeWalt again denied

5 there was any adverse effect: 6 Daniel Ives - FBR Capital Markets – Analyst 7 [I]’m curious in terms of, not just sales cycles, but competition- wise, are you starting to see any changes out there, as more of 8 your competitors are going after the same space – almost copycat solutions? Are you seeing any changes out there in the field?

9 Dave DeWalt - FireEye Inc - Chairman, CEO

10 I would tell you similar to I think what Rob was asking-- Rob 11 Owens was asking, we haven’t . Sales cycles have been very consistent. The average sales price discounts have been consistent. 12 We certainly see the news much like you do about competitors kind of copying FireEye’s model here, and talking about 13 sandboxes or virtual machines or some sort of improved detection. But the proof is when we compete head-on, and we feel we have a 14 substantial gap. 15 129. On the same earnings call, Sheridan disclosed a policy change in recognizi

16 revenue for FireEye’s email product, from having revenue recognized ratably to having 17 for the email product recognized at the time of shipment: 18 [N]ear the end of the second quarter we made changes to our e- mail product that will allow us to recognize revenue for this 19 product in period rather than a ratable basis. For all e-mail shipments prior to this change, those billings will continue to be 20 amortized ratably over the life of the initial contract. 21 130. Sheridan then claimed that “[b]ecause this change was implemented late in

22 second quarter, it did not have a significant impact on our Q2 reported results.” 23 131. An August 6, 2014 JP Morgan analyst report however, observed that the 24 in revenue recognition was “a major contributor to the increase in revenue guidance for FYi

25 along with the upside in 2Q14 billings,” and noted that the “[r]evenue recognition change 26 likely spur a lot of noise/discussion” as “[w]e could see the market questioning the move.”

OLIDATED AMENDED CLASS ACTION COMPLAINT 37 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 41 of 84

1 132. The disclosure that product sales were – and would continue to be – 2 boosted by the revenue recognition change, and that a new head of sales had been hired

3 displaced the former head of sales, caused shares to fall a further 11.42%.

4 I. FireEye Introduces FireEye-as-a-Service, A New Subscription Service 5 133 In a September 17, 2014 press release, FireEye introduced FireEye-as-a- 6 as new subscription service for customers: 7 The new FireEye as a ServiceTM offering is an on-demand security management offering that allows organizations to apply FireEye’s 8 technology, intelligence and expertise to find and stop cyber attacks. The second new offering announced today, FireEye® 9 Advanced Threat IntelligenceTM, provides access to threat data and analytical tools that help identify attacks and provide context about 10 the tactics and motives of specific threat actors. 11 *** 12 With FireEye as a Service, organizations can choose to manage their own security operations, offload security operations to 13 FireEye, or co-manage operations with FireEye or a FireEye partner. When organizations choose FireEye as a Service, they tap 14 into FireEye’s team of expert threat analysts located in security operations centers around the world to hunt for attackers in their 15 organization by applying FireEye’s unique combination of technology, intelligence and expertise.... [FireEye-as-a-Service is] 16 available as a subscription to customers that have purchased FireEye products.

18 134. At a September 18, 2014 call to discuss the new offering, DeWalt stated that: 19 So, some of the announcements we’re making today are really significant, in my opinion. The culmination of FireEye and 20 Mandiant now eight months, nine months into the acquisition and merger between the two firms, and I can’t be more pleased, quite 21 honestly. Everything that we had told you at the beginning of this acquisition is coming true and more. We’re finding ourselves with 22 a tremendous amount of synergy, not just in the people and the expertise that Mandiant has brought, but also the intelligence and 23 the products. 24 135 Less than two months later, however, FireEye stunned the market when

25 reported 3Q14 results. Specifically, on November 4, 2011, Defendants acknowledged

26 pronounced and unexpected shift in revenue from product to services, announcing revenues 27 the low end of their previous guidance and lower than analysts’ consensus expectation 28 Defendants attributed the shift to “outperformance” of FireEye-as-a-Service. In response

OLIDATED AMENDED CLASS ACTION COMPLAINT 38 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 42 of 84

1 Citigroup analyst cut his price target, stating that analyst consensus revenue estimates would 2 decline given the reduction in product revenue, and that FireEye’s growth would be difficult to

3 estimate given the changes in its revenue recognition practices and its introduction o

4 subscription models like FireEye-as-a-Service.

5 136. A November 5, 2014 Cowen analyst report titled “Downgrade: Growth Should 6 Better than This; Moving to Market Perform” blamed competition, noting that “channel tension 7 re: Mandiant has increased. We are also more incrementally concerned that the co.’s high 8 pricing, combined with the presence of several ‘good enough’ alternatives (PANW, CHKP 9 Lastline, et al.), could be curbing the co.’s growth potential.” 10 137. A November 5, 2014 William Blair analyst report focused on the deceleration

11 product revenue, stating that: 12 We believe some investors will view the light revenue results with skepticism, given the slower-than-anticipated growth of product 13 revenue. We expect the stock to open materially lower reflecting the disappointment and increasing fears over competition and 14 sustainability of the business model . We view the results as acceptable, but are concerned that product billings were not 15 stronger given the investments the company has made in expanding its salesforce, which we believe should be translating 16 into stronger results. 17 138. A November 5, 2014 Stephens analyst report noted that FireEye-as-a-Service 18 been “introduced just two weeks before the end of the quarter” and that “FireEye’s host of

19 products...seem to have not yet made a meaningful impact on the business.” 20 139. A November 5, 2014 Deutsche Bank report questioned whether the shift

21 revenue to subscription revenue was the sole cause of the disappointing results, and implied

22 competition was a factor: 23 On a sequential basis, 3Q14 product revenue growth and the mid- point of the 4Q14 revenue and billings guidance imply growth 24 rates below that of 2013 ( despite a favorable revenue recognition change on FEYE’s email appliance).... FEYE missed product 25 revenue expectations in 1Q14, billings expectations in 2Q14 (blaming shorter invoicing durations) and now product revenue 26 and guidance expectations on the 3Q14 call. FEYE also recently replaced its head of sales. We worry that something other than a 27 standard ‛ subscription mix shift is at work (are customers pushing- back on FEYE’s appliance model or price points?). We are 28 unwilling to make a cautious extrapolation to PANW

OLIDATED AMENDED CLASS ACTION COMPLAINT 39 NO. 5:14- CV-05204-EJD Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 43 of 84

1 (USD106.71), CTiKP (USD72.84) and other security vendors, which are posting very strong results.

3 VI. DEFENDANTS’ MATERIALLY FALSE AND MISLEADING STATEMENTS AND OMISSIONS

4 A. Class Period Financials

6 140. Defendants’ failure to disclose the Mandiant integration issues and their imp

7 on the Company’s business during the Class Period, including (1) problems with the updat

8 version Mandiant’s core MIR solution at the time of the acquisition leading to integration issu

9 with FireEye’s platform, causing customers to leave for competitors and a shrinking pipeline ( s

10 ¶¶66-71, 114); (2) a significant slowdown in sales resulting from mass confusion and chaos

11 the sales level as the consolidated field personnel struggled with selling unfamiliar products a

12 were forced to share sales territories from the sheer increase in their numbers as a result of t

13 merger (see ¶¶92-100, 102-104); (3) lengthening of sales cycles as a result of problems in

14 field (see ¶¶93, 95-98, 103-104, 112); (4) pushback from customers that did not want to

15 pitched on cross-sales of services ( see ¶¶99, 115); (5) friction with FireEye’s channel partn

16 caused by Mandiant’s service offerings ( see ¶113); (6) increasing competition in the marketpl

17 for legacy FireEye products ( see ¶¶115, 116); and (7) legacy Mandiant customers that did

18 want to upgrade to the combined company solution because it was significantly more expens

19 (see ¶115), rendered the Company’s Class Period figures for product revenue and product

20 product subscription revenue (which incorporated misleading product revenue) false

21 misleading, because product revenue was negatively impacted by the undisclosed integration

22 competition issues. Those misleading figures are set forth in the following table:

23 4Q13 FY13 1Q14 2Q14

24 Product Revenue $32.3 M $88.3 M $24.3 M $37.7 M 25 8-K 2/11/14 8-K 2/11/14 8-K 5/6/14 8-K 8/5/14

26 Product and $46.7M $131.3 M $47.1 M $65.7 M Product Subscrip- Transcript Transcript Transcript Transcript 27 tion Revenue (Sheridan) 2/11/14 (Sheridan) 2/11/14 (Sheridan) 5/6/14 (Sheridan) 8/5/14

OLIDATED AMENDED CLASS ACTION COMPLAINT 40 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 44 of 84

1 141. The 1Q14 and 2Q14 Forms 10-Q and the March 3, 2014 Form 10-K

2 certifications signed by DeWalt and Sheridan, required under the Sarbanes-Oxley Act of

3 (“SOX”), representing that the “report does not contain any untrue statement of a material fact

4 omit to state a material fact necessary to make the statements made, in light of the

5 under which such statements were made, not misleading with respect to the period covered 6 this report.” 7 B. January 2, 2014 8-K Attaching Press Release Announcing Mandiant Acquisition

8 9 142. On January 2, 2014 the Company filed a Form 8-K attaching a press 10 I announcing the Mandiant acquisition. The press release contained the following false 11 misleading statements regarding Mandiant’s end-point products and their integration with 12 FireEye platform:

13 Endpoint Threat Detection, Response, and Remediation Products

14 Mandiant pioneered and continues to lead the industry for 15 endpoint-based advanced threat detection and response. Mandiant’s endpoint products, which are already integrated with 16 the FireEye platform , enable security teams to make faster, more accurate decisions about potential security incidents while 17 eliminating blind spots by connecting the dots with the FireEye network-based threat detection and prevention platform.

18 ***

19 Mandiant has been a strategic alliance partner of FireEye since 20 April 2012. The combination of the two companies is a natural extension of this partnership and their integrated product offering, 21 which both companies announced in February 2013. 22 143. These statements regarding Mandiant’s products and their integration with 23 FireEye platform were false and misleading because of Defendants’ failure to disclose pro 24 I with the updated version Mandiant’s core MIR solution at the time of the acquisition, leading 25 integration issues with FireEye’s platform and a shrinking pipeline as dissatisfied customers

26 for competitors. See ¶¶66-71, 114.

OLIDATED AMENDED CLASS ACTION COMPLAINT 41 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 45 of 84

1 C. January 2, 2014 Call Announcing Mandiant Acquisition

2 144. On the January 2, 2014 call announcing the Mandiant acquisition, DeWalt

3 the following false and misleading statements regarding (1) Mandiant’s end-point products 4 their integration with the FireEye platform; and (2) the synergies of the acquisition:

5 We recognize Mandiant’s leadership and innovative approach in incident response and remediation and began collaborating nearly 6 two years ago. We formalized our partnership almost a year ago with the announced integration of the Mandiant Infinite Response 7 platform or MIR with our FireEye web and email MPS solutions. 8 Many customers have now deployed this integrated solution, proving the synergy potential between the companies . In fact, some 9 of the most important Fortune 500 companies now run this combined offering in production. I believe this acquisition 10 perfectly aligns to our strategy which we outlined on our IPO roadshow.

11 In addition to the full lifecycle remediation capabilities, we see 12 many synergies between the companies. First of all, FireEye can now leverage the MIR endpoint management framework to port 13 our virtual machine-based technology to the endpoint, expanding our TAM – our total addressable market -- and creating an end-to- 14 end solution capable of protecting any company at any part of the architecture.

15 16 145. The statements regarding the “integrated” FireEye and Mandiant 17 “proving the synergy potential between the companies” were false and misleading because at the 18 time of the acquisition, the latest update to Mandiant’s MIR solution led to significant integration

19 problems with FireEye’s platform. In particular, where customers were told the solution could 20 handle up to 10,000 endpoints, in reality the solution could only scale up to half that. Thi

21 caused customer dissatisfaction and drove customers to competitors such as CrowdStrike and

22 AccessData. See ¶¶67-70. Similarly, the statement regarding FireEye’s ability to use the MIR 23 framework to expand its platform and generate more “TAM” is false and misleading because o 24 DeWalt’s failure to disclose the significant integration problems with the latest version of MIR 25 Id. 26 146. On the same call, DeWalt made the following false and misleading

27 regarding MIR and product sales:

OLIDATED AMENDED CLASS ACTION COMPLAINT 42 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 46 of 84

Keith Weiss - Morgan Stanley – Analyst 2 [W]hat do you guys acquire today in terms of product, sort of the existing integration with Mandiant that you have today, that is 3 going to go into your sales guys’ tool bag on day one? 4 David DeWalt - FireEye, Inc. - Chairman, CEO 5 But this is the most exciting part, I think, of the combination, although the services side is a huge opportunity globally as well. 6 But when you look at the products, this really completes FireEye . When we think about the vision we had set out to do earlier this 7 year, we wanted to put virtual machines at every important architecture point in the customer enterprise. So initially we have 8 products that we can put into the FireEye sales teams . 9 What we call the Mandiant Infinite Response platform, this is an endpoint solution that can sit on up to hundreds of thousands of 10 host agents. Some of them are running in the biggest Fortune 500 companies in the world.

11 And what we can do is, again, take detection out of the network, 12 pass it immediately to the endpoint, and remediate it in seconds. So we have a really strong endpoint management platform.

13 There is sort of a heavier version of that that is called MIR and a 14 lighter version of that called MSO, which is the Mandiant Security Operations, MSO. That comes in an appliance form factor, can 15 drop right into the FireEye sales and install base as well as cross- sell into the Mandiant base. So those two big products sitting on 16 the endpoint are really prime-time products to sell. 17 ***

18 So the product synergies here are very strong. There’s other products I will just say are in the pipeline as well that we are not 19 announcing today, but we really feel good about some of the product direction.

20 21 147. These statements regarding the MIR products “drop[ping] right into the FireE

22 sales and install base” and being “prime-time products to sell,” as well as the statement that t 23 “product synergies here are very strong,” were false and misleading because DeWalt failed 24 disclose that the latest update to Mandiant’s MIR solution led to significant integration proble

25 with FireEye’s platform. See ¶¶67-71. 26 148. On the same call, Sheridan made the following false and misleading

27 regarding the product/services revenue mix at the combined company:

OLIDATED AMENDED CLASS ACTION COMPLAINT 43 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 47 of 84

Keith Weiss - Morgan Stanley - Analyst 2 [I]n terms of the long-term model, long-term targets that you have put out there, particularly for the operating margin line, does this 3 change the target margin profile for FireEye in any appreciable way, given the services content at Mandiant? And does it change 4 the time frame for getting to that target margin profile?

5 Michael Sheridan - FireEye, Inc. - SVP, CFO 6 In terms of the long-term target model and our targets for operating margin and EBITDA margins and so forth, it is not going to 7 change it significantly, because if you look at the two businesses they are actually very similar. There is a bigger service component; 8 but as I mentioned in my comments, on a combined basis services are only going to make up 15% to 17% of our current makeup of 9 revenues. 10 So the product and the recurring subscriptions will continue to be major growth drivers for both.

11 ***

12 Raimo Lenschow - Barclays Capital - Analyst

13 And then a question for Mike as well. Like, how do we have to 14 think about from a long-term model? You guided for a 15% to 17% in services next year. How do you think about that?....

15 Michael Sheridan - FireEye, Inc. - SVP, CFO

16 Raimo, yes, we talked about the 15% to 17% for 2014; and without 17 talking about specific percentages outside of that time frame, I would tell you that the products and the recurring subscriptions of 18 course will grow faster as a business than the services.... But if we execute on the strategy we are articulating, you will continue to see 19 that product and product subscription and recurring revenue growth outpace the service part of the business, which would 20 therefore imply that services as a percentage should move to a smaller percentage than that over time.

21 ***

22 Gregg Moskowitz - Cowen and Company - Analyst

23 Then just for Kevin or Mike, I know that in total Mandiant had 24 been growing over 50% and you expect product to grow faster than the overall business going forward. Just wondering if in 2013, if 25 there were significant differences in the growth rates by segment across recurring subscriptions, products, and incident response.

26 Michael Sheridan - FireEye, Inc. - SVP, CFO

27 So we haven’t broken out those numbers; but as I mentioned 28 before, generally speaking what you would expect in 2013 is what

OLIDATED AMENDED CLASS ACTION COMPLAINT 44 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 48 of 84

1 I discussed for 2014, which is that the product and recurring subscription part of the business has grown faster.

3 149. These statements regarding product revenue continuing to be a “major 4 I driver” and that product would grow faster than services were misleading because 5 failed to disclose that integration issues were causing significant confusion and chaos in the s 6 force and lengthening sales cycles ( see ¶¶92-100, 102-104, 112); and integration issues with 7 latest version of Mandiant’s MIR product were causing customers to leave for competitors. 8 ¶¶67-71, 114. 9 150. On the same call, DeWalt made the following misleading statements 10 I product revenue: 11 Brent Thill - UBS – Analyst 12 Dave, do you think over time this looks like a traditional software company, or is it always going to have a heavier consulting 13 services mix to the business?

14 David DeWalt - FireEye, Inc. - Chairman, CEO 15 Yes, Brent, that’s a good question. Happy new year to you as well. I think it looks more like a product company than anything else , 16 clearly. 17 I mean, Mike Sheridan articulated this is 82% to 85% product and product subscriptions. We have 15% to 17%-ish coming from 18 services in the model that he outlined. 19 That is pretty traditional software, big software kinds of companies, if you are thinking of the Oracles and SAPs of the 20 world. So we don’t think we are out of bounds with that. 21 ***

22 On the Mandiant side it is becoming more and more product as well. This is a business that started out 100/zero services/product 23 and now is more than 50% product/services. So it is evolving in that direction as well, I think almost the same path that FireEye is 24 on. 25 151. These statements regarding product revenue being the major component for

26 company were misleading because DeWalt failed to disclose that integration issues – i

27 separate financial systems – were causing significant confusion and chaos in the sales force

28 lengthening sales cycles (see ¶¶92-100, 102-104, 112), driving down product revenue;

OLIDATED AMENDED CLASS ACTION COMPLAINT 45 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 49 of 84

1 integration issues with the latest version of Mandiant’s MIR product were causing customers

2 leave for competitors. See ¶¶67-71, 114. 3 D. February 11, 2014 4Q13 Earnings Call

4 152. On the February 11, 2014 4Q13 earnings call, DeWalt made the following

5 and misleading statements regarding the status of the Mandiant acquisition and the channel: 6 Now that we are about five weeks into the post announcement of Mandiant, I’d like to give you an update on the integration of our 7 people and the products, as well as the tremendous response we’ve had from our customers and from our partners.

8 Over the course of many years and transactions I’ve had in 9 technology, I’ve learned that the most important aspect of business integrations are the people. From a personnel perspective, the two 10 organizations are highly complementary. We’re already working together in a number of projects before the acquisition, and, as a 11 result, the integration is progressing rapidly and smoothly. 12 *** 13 To summarize the integration effort, we’re moving along quickly to bring the two organizations together. As the teams meet with 14 one another, the synergies across every segment of the combined product road map become more and more evident .

15 ***

16 While we continue to build out our partner ecosystem in a targeted 17 way in 2014, our focus is shifting to our partners to drive business across the sales cycle.

18 Last week, we hosted Momentum, as I mentioned, our annual 19 partner event in conjunction with our internal sales kickoff, where we trained another 350 channel representatives, including 135 20 reps from international distributors and resellers. 21 153. These statements regarding the status of the Mandiant integration pro 22 “rapidly” and “smoothly” are false and misleading because DeWalt failed to disclose that th

23 combined companies’ sales force was in “chaos,” with sales personnel having difficulty sellin

24 unfamiliar product and cross-selling customers, being forced to deal with separate product an

25 services decision-makers at customers, Mandiant’s systems not being integrated into FireEye’

26 and lengthening sales cycles. See ¶¶92-100, 102-104, 112. 27 154. The statement regarding the partner ecosystem was misleading because DeW 28 failed to disclose that selling Mandiant services was causing friction with the channel

OLIDATED AMENDED CLASS ACTION COMPLAINT 46 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 50 of 84

1 that sold competing services at higher margin, leading to a significant loss of channel busines 2 See ¶113.

3 155. On the same call, DeWalt made the following false and misleading 4 I regarding product: 5 Our ability to scale [off] the Mandiant business is really a matter of selling products now. We’re going to continue to scale services 6 people, but not at a faster pace than we are going to be selling products.

7 We talked about 15% to 17% would be service oriented in our 8 model, moving forward on the last call. There’s no change to that. As we sell more and more product , it’s all about the automation of 9 that service component. 10 156. These statements regarding product are false and misleading because DeWal 11 failed to disclose that the combined sales force was in “chaos,” with sales personnel having 12 difficulty selling unfamiliar product and cross-selling customers, being forced to deal w

13 separate product and services decision-makers at customers, Mandiant’s systems not bei

14 integrated into FireEye’s, and lengthening sales cycles. See ¶¶92-100, 102-104, 112. DeW 15 further failed to disclose that problems with Mandiant’s MIR product were causing customers

16 leave for competitors, shrinking the pipeline. See ¶¶66-71, 114. 17 157. On the same call, DeWalt made the following false and misleading stateme

18 regarding channel partners: “We focused heavily on Mandiant products this past week with t 19 350 of our partners, and we made great progress.” 20 158. This statement is false and misleading because DeWalt failed to disclose t

21 selling Mandiant services was causing friction with the channel partners that sold competi

22 services at higher margin, leading to a significant loss of channel business. See ¶113. 23 E. May 6, 2014 1Q14 Earnings Call 24 159. On the May 6, 1Q14 earnings call, DeWalt made the following mi

25 statement regarding the sales force: 26 We then had our most successful sales training and partner event every at our inaugural Momentum conference in Las Vegas. This 27 event included nearly 1,000 salespeople and partner personnel, with a focus on certification and education. The net result was 28 more than 8,000 hours of training.

OLIDATED AMENDED CLASS ACTION COMPLAINT 47 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 51 of 84

1 160. This statement was misleading because DeWalt failed to disclose that in real 2 (1) the sales force was in disarray, with sales personnel in the field confused about how

3 integrate Mandiant’s services offerings and legacy Mandiant sales personnel ignorant ab 4 FireEye’s products (see ¶¶93-95, 104); and (2) the rapid increase in sales force resulting in cha 5 as the two companies’ systems were not integrated, such that sales personnel did not know w 6 was selling what, where. See ¶¶93-95, 112, 115. 7 161. On the same call, DeWalt made the following misleading statement regard 8 pipeline: “Moreover, in the subsequent 60 days we conducted more than 40 field seminar eve 9 in more than 40 cities, as we also conducted 20 webinar events, all to introduce 10 Mandiant/FireEye value proposition. All in all, we generated explosive growth in 11 pipeline for the Company.” 12 162. This statement regarding pipeline growth was misleading because DeWalt 13 to disclose that problems with the latest version of Mandiant’s MIR product had

14 customers to leave for competitors and the pipeline to shrink. See ¶¶66-71, 114. 15 163. On the same call, DeWalt made the following misleading statement reg

16 cross-selling: “Including the Mandiant business, we had a record number of cross-

17 opportunities, with 15 significant deals where we sold Mandiant and FireEye together. 18 included some of the largest transactions in the quarter, and included a Fortune 500 insu

19 company, large high tech companies and large retailers.” 20 164. This statement was misleading because DeWalt failed to disclose that the 21 force was having significant difficulty cross-selling products, with customers unwilling to

22 pitched on Mandiant’s services or unwilling to replace/upgrade legacy Mandiant solutions w

23 FireEye products because of their expense. See ¶¶99, 115. 24 165. On the same call, DeWalt made the following misleading statements regarding

25 channel:

26 David DeWalt - FireEye Inc - Chairman, CEO 27 Our two-tiered partner strategy, including both distribution and value added resellers, now totaling more than 700 partners 28 worldwide. This component generated more than 50% of the leads that closed in the quarter, as well as our highest percentage of no- OLIDATED AMENDED CLASS ACTION COMPLAINT 48 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 52 of 84

touch deals. Our partner registrations were also up dramatically in Q1.

2 ***

3 Sanjit Singh - Wedbush Securities – Analyst

4 [W]here do you see your partners, maybe your strategic partners, 5 your large partners, where are necessity now and where do you see that going in the future in terms of them being able to carry more 6 of the load, more of the selling effort, so we can start to see more of the sales to marketing leverage over the next couple years? 7 Where are we now, and where are we going? 8 David DeWalt - FireEye Inc - Chairman, CEO 9 I think you are hitting on a really important aspect.... But the three areas I really focus myself on is first, recruiting partners and 10 getting partners to sign with us and commit with us and getting them on board. Remember we went from less than 200 one year 11 ago to 700 one year later, so a bit of a jump there. It takes the partners a little longer to ramp than even our own sales force.

12 The second metric that is important is the amount of leads coming 13 from that partner community, and I mentioned a little earlier we had 50% of our business or more coming from partners now in 14 closing. That we’re assisting them in the close. That’s a really nice metric that’s expanding.

15 And really, the third metric is how many no-touch deals are we 16 getting from the channel, as well, and I noted that was a record for us in the number of no-touch deals we received . Of course, we’re a 17 channel company entirely, meaning 90% plus of our business goes through the channel, we don’t have direct models here.

18 So when you look at these metrics of how many you signed up, 19 how many leads you have coming in that closed, and how many no touches you have the trends and indications are in the right 20 direction for us in terms of what we are doing. 21 166. These statements regarding channel partners were misleading because De 22 failed to disclose that Mandiant’s services offering was causing significant friction with

23 partners who sold competing services, causing a loss of channel business. See ¶113. 24 167. On the same call, DeWalt made the following misleading statements

25 competition:

26 Rick Sherlund - Nomura Asset Management – Analyst 27 David, I wonder if you could talk about the competitive environment out there. I know at RSA, a number of your 28 competitors said – oh, we do this also. I’m curious, you know, how much confusion, if any, you are running into out in the market? OLIDATED AMENDED CLASS ACTION COMPLAINT 49 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 53 of 84

David DeWalt - FireEye Inc - Chairman, CEO 2 Probably is most germane one in the competitive landscape is we continue to feel extraordinarily confident, I don’t know how else to 3 describe it. 4 The head-to-head battles with any competitor in the market has resulted in near flawless execution and win rates. I would say 5 100%, but I’m sure there is one out there that we lost to some competitor, but our win rates are dramatic when competing head to 6 head with a product bake-off.... We have a very unique advantage of people and process and product that none of the competition 7 has. I think that’s really showing up in results from us competing head to head.

8 ***

9 Sterling Auty - JPMorgan Chase & Co. – Analyst

10 You mentioned the high renewal rates... I would be curious what 11 the renewal rates are for solutions that are actually in a Palo Alto environment where the customer has a choice to potentially all to 12 environment where they have the chance to move to Wildfire or even the free version of Wildfire?

13 David DeWalt - FireEye Inc - Chairman, CEO

14 [O]ur renewal rates are spectacular, first of all.

15 Second of all, our win rate is spectacular; any conversions to a 16 competitor that you just named, to my knowledge, is zero . I have not seen a single transaction when somebody moves from FireEye 17 to Wildfire. When I look at Wildfire, that product is highly ineffective in the marketplace where these types of attacks, a 18 million reasons I could go on and on about. But I have not seen any of that, I don’t anticipate seeing any of that.

19 In fact, there [are] many accounts where we go into where Wildfire 20 was already sold and we had FireEye behind it, and on top of that our detection efficacy doesn’t change one bit, whether that product 21 was in front of us or behind it. The way I look at this is that technology is having almost zero influence on these advanced 22 detection models that are out there, in my opinion. So I just don’t see that technology as something that is there right now to 23 changing our business model. 24 So a little – a little aggressive statement, but it is what it is. I don’t see them as a major factor for us right now.

25 ***

26 We had one of our best quarters ever on so many fronts. I 27 mentioned them, the size of our expansion in products , in pipeline, marketing activities, competitive edges, competitive win rates . It is 28 the best, you know, we felt like we could do and deliver this quarter, so that felt good. OLIDATED AMENDED CLASS ACTION COMPLAINT 50 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 54 of 84

1 We raised guidance, the outlook looks positive for the Company. The competitive landscape looks good .

3 168. These statements regarding competition were misleading because DeWalt 4 to disclose that customers dissatisfied with the problematic latest version of MIR were leaving

5 for competitors; that legacy Mandiant customers did not want to upgrade to FireEye’s produc 6 because of its expense; and that the Company’s customer pipeline was shrinking. See ¶¶66-71 7 114, 115. DeWalt further failed to disclose that integration problems were leading to delays in 8 product sales cycles. See ¶¶93, 95-98, 103-104, 112. 9 169. On the same call, DeWalt made the following misleading statements regarding 10 Mandiant integration:

11 Melissa Gorham - Morgan Stanley – Analyst 12 Question for Dave on the integration of Mandiant, just wondering if you are now well integrated with Mandiant or if there is more 13 work to do from a go-to-market and distribution perspective, and just wondering if you have any anecdotal color on how the 14 integration is resonating with your customer base?

15 David DeWalt - FireEye Inc - Chairman, CEO 16 We made a lot of progress. If you recall from our acquisition announcement back in early January, the nice part about this 17 combination was we were quite familiar with each other beforehand.

18 We had the products integrated at least at some level, and the 19 endpoint platform and network platform that FireEye had, had ways of handshaking intelligence that we could do detection to 20 response. We are integrating that even further. 21 In fact, we’ve now integrated a whole work flow, a single pane of glass, so we can go from network events to remediation and 22 response on endpoints, to a common console. We are working on extended endpoint features that we’ll announce soon and there is 23 more development under way there, so we are off to a really good start from a products point of view .

24 ***

25 On the go-to-market side, almost from the first day we integrated 26 the go-to-market model, meaning that the FireEye sales team would sell every Mandiant product. And it is one of the reasons 27 why we are not breaking out everything either, is because the go- to-market model is fully integrated at this point ; from the comp 28 plans, to what they sell, to how they deliver it. We also trained and certified all the partner channels and got them up to speed on a OLIDATED AMENDED CLASS ACTION COMPLAINT 51 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 55 of 84

1 combined FireEye/Mandiant product, albeit halfway or three- quarters of the way through the quarter, but we made progress with 2 both the field and telesales models of FireEye, with the partner and channel models of FireEye.

3 4 170. These statements that Mandiant’s and FireEye’s products were integrated; that

5 Company was “off to a really good start from a product point of view”; that the sales team 6 “fully integrated,” and the statement regarding the partner channel were misleading bec 7 DeWalt failed to disclose that (1) the sales force was in disarray, with sales personnel in the 8 confused about how to integrate Mandiant’s services offerings and legacy Mandiant s 9 personnel ignorant about FireEye’s products ( see ¶¶93-95, 104); (2) the rapid increase in s 10 force resulting in chaos as the two companies’ systems were not integrated, such that s

11 personnel did not know who was selling what, where ( see ¶¶93-95, 112, 115); and 12 Mandiant’s services offering was causing significant friction with channel partners who

13 competing services, causing a loss of channel business (s ee ¶113). 14 171. On the same call, DeWalt made the following misleading statements

15 product revenue:

16 Daniel Ives - FBR & Co. – Analyst 17 Maybe you could talk, I mean (inaudible) subscription (inaudible) talk about maybe some of the dynamics going on with licenses. I 18 think that’s what a lot of investors are focused on, especially here with the interim-adjusted results.... just the dynamic in terms of 19 what is happening on the license side versus the subscription side this quarter. I mean, there are some questions like, did any licenses 20 flow into the firm, just a question about that in the quarter.

21 David DeWalt - FireEye Inc - Chairman, CEO 22 If you look at it on a bookings basis, minus back log a bit, and you take a look at the product and product subscriptions business of 23 FireEye, and the product and product subscriptions business of Mandiant, both those businesses grew at 50% or greater. So, you 24 know, that’s an important point here, because Mandiant business and the FireEye business both were very healthy from what I think 25 you’re alluding to, which is licenses, which is really what we think of as product and product subscriptions, so both models were 26 really good. 27 172. The statement that product “looked good” was false and misleading 28 DeWalt failed to disclose that the combined companies’ sales force was in “chaos,” with

OLIDATED AMENDED CLASS ACTION COMPLAINT 52 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 56 of 84

1 personnel having difficulty selling unfamiliar product and cross-selling customers, being forced 2 to deal with separate product and services decision-makers at customers, Mandiant’s systems no

3 being integrated into FireEye’s, and lengthening sales cycles. See ¶¶92-100, 102-104, 112, 115 4 DeWalt further failed to disclose that problems with Mandiant’s MIR product were causing

5 customers to leave for competitors, shrinking the pipeline. See ¶¶67-71, 114. 6 173. On the same call, DeWalt made the following misleading statements 7 sales force productivity and pipeline growth: 8 Sanjit Singh - Wedbush Securities – Analyst 9 I had a question on sales force productivity. You are in the midst of an integration. You have a bunch of new salespeople that has 10 joined the team over the past 12 to 18 months, and then you have, as you said, Dave, 20 to 24 products now. So how do you manage 11 and evaluate that sales force productivity, given that the second half of the year street estimates do imply a pretty significant ramp 12 on a revenue and a billings basis?

13 David DeWalt - FireEye Inc - Chairman, CEO 14 I think that’s a great question. We inspect it very closely, with a lot of metrics, as the team knows. You look at it so many different 15 ways. You have sort of these bottoms up analysis.... what you want to inspect is how many you have, how many are ramped, 16 what’s the productivity per ramped rep and does that add up to what the plan is or what the guidance is or what the consensus is, 17 do you have enough gaps between all that and how do you model that.

18 Mike and I spent a lot of time reviewing that from a bottoms up 19 point of view making sure ramped capacity is coming in the model properly. And then, of course, you look geographically around the 20 world. Ramp capacity happens quicker in some markets than other markets, but we feel confident that this sales coming online well 21 and performing.

22 I alluded to a little bit some of the explosive pipeline growth we are having, and lead generation that’s occurring. The amount of 23 proof of values that we have in the pipeline, and all that kind of capulates on our optimism for the remainder of the year.

24 25 174. These statements regarding sales force productivity and “explosive”

26 growth were misleading because DeWalt failed to disclose that the combined sales force was 27 “chaos,” with sales personnel having difficulty selling unfamiliar product and cross

28 customers, being forced to deal with separate product and services decision-makers at

OLIDATED AMENDED CLASS ACTION COMPLAINT 53 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 57 of 84

1 Mandiant’s systems not being integrated into FireEye’s, and lengthening sales cycles. See ¶¶92- 2 100, 102-104, 112, 115. DeWalt further failed to disclose that in the 2Q, sales personnel were

3 incentivized to obtain “no fee” retainers with customers over selling product. See ¶¶97-98. 4 DeWalt also failed to disclose that problems with Mandiant’s MIR product were causing

5 customers to leave for competitors, shrinking the pipeline, and that channel friction was 6 a loss in business. See ¶¶67-71, 113, 114.

7 F. May 20, 2014 JP Morgan Global Technology Media Telecom Conference 8 175 At the May 20, 2014 JP Morgan conference, DeWalt made the fo 9 misleading statements regarding competition and product sales: 10 Sterling Auty - JPMorgan - Analyst 11 So do you have a primary competitor within that environment? And I think also from the investors’ standpoint, when you’re 12 looking at a new opportunity, is it primarily a company that says, oh my goodness, I need APT protection and I do an APT RFP – 13 that they’re sitting there saying, okay, I’m going to bring in these three companies? Or how does that sales opportunity evolve, and 14 who do you see most often as the other alternative that a customer might be considering?

15 Dave DeWalt - FireEye, Inc. - CEO

16 [M]ost times we walk in to a customer, and we say, hey, try our 17 technology, and if you like it, buy it; If we don’t find anything, and we’re not helpful with the technology, then we lose out. We do a 18 very good job showing the value of our product, and typically, that results in some sort of bake-off. And then we have an evaluation 19 maybe as Palo Alto’s WildFire or Sourcefire’s capability, or name a vendor. And so we’ll do a little competition there. But our win 20 rates are very high in that model, particularly after we’ve shown the technology to a company.

21 The other model, which is maybe even more explosive for the 22 company, is we lead after an incident response. This is where Mandiant’s model became very powerful for the company. We’re 23 responding to hundreds of breach incidences around the world. Every time there’s a major breach, we get in very high in the 24 organization, oftentimes to the Board of Directors, the audit committees, CEOs, and now post-Target and other types of major 25 breaches, they’re taking these things very, very seriously. So what happens after an incident response? Very quick product sales . 26 Because Mandiant and the brand walks in, and they evaluate what’s happening in the architecture. They discover a major 27 breach, and then the company’s like, well what do you recommend? And we oftentimes get very high conversions, over 28 90% conversions to a product or a product subscription, post the incident response. OLIDATED AMENDED CLASS ACTION COMPLAINT 54 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 58 of 84

1 176. The statement regarding high win rates was misleading because DeWalt failed 2 disclose that problems with Mandiant’s MIR product were causing customers to leave

3 competitors, shrinking the pipeline, and that channel friction was causing a loss in business. 4 ¶¶67-71, 113, 114.

5 177. The statement that product sales were “very quick” was misleading 6 DeWalt failed to disclose that the combined companies’ sales force was in “chaos,” with sale 7 personnel having difficulty selling unfamiliar product and cross-selling customers, being force 8 to deal with separate product and services decision-makers at customers, Mandiant’s systems no 9 being integrated into FireEye’s, and lengthening sales cycles due to the integration issues. Se 10 ¶¶92-100, 102-104, 112, 115. DeWalt further failed to disclose that in the 2Q, sales personne

11 were incentivized to obtain “no fee” retainers with customers over selling product. See ¶¶97-98.

12 G. May 29, 2014 Cowen Technology Media & Telecom Conference

13 178. At the May 29, 2014 Cowen conference, Sheridan made the following mi

14 statements regarding product revenue and cross selling:

15 Gregg Moskowitz - Cowen and Company – Analyst 16 Having said that, there were many who were... a little bit more in the way of product revenue. And maybe you could sort of talk to 17 some of the dynamics around that.

18 Mike Sheridan - FireEye, Inc. - SVP, CFO 19 I think there was probably one central point of confusion on that. When I had issued our annual guidance for the year, I said the 20 product revenue in our business would be 40% to 45% of the mix. And we have reiterated that guidance, by the way, for the year . But 21 if you look at our business, it is a seasonal business. The first half is lower and the second half is higher, and it is the total that falls 22 within that range. 23 So, what we have explained [since] those numbers came out is we are still on track for that 40% to 45%. But having Q1/Q2 a bit 24 below that range and Q3/Q4 in or in the higher end to that range was really one factor. The other factor is actually related to trends 25 we are seeing in the business that we consider very positive.

26 Gregg Moskowitz - Cowen and Company - Analyst 27 And, then, with Mandiant, maybe you could talk about some of the cross-selling that you have seen so far, realizing that it is early 28 days. And then, more importantly, when do you expect going

OLIDATED AMENDED CLASS ACTION COMPLAINT 55 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 59 of 84

1 forward, particularly as the integration of around product and product and systems and sales all gets tighter?

2 Mike Sheridan - FireEye, Inc. - SVP, CFO

3 So we had a good start. We completed the acquisition on 4 December 30 and the first thing that we did was we brought the two sales forces together. And in Q1 we spent about 8000 hours 5 worth of training to get both sales forces up to speed on our technologies.

6 ***

7 And what we reported in the first quarter was we had several deals 8 where we actually were selling and cross-selling across both platforms. So we had a good start. We are continuing that process.

9 10 179. The statements regarding product revenue were misleading because S 11 failed to disclose that the combined sales force was in “chaos,” with sales personnel 12 difficulty selling unfamiliar product and cross-selling customers, being forced to deal wit

13 separate product and services decision-makers at customers, Mandiant’s systems not bein

14 integrated into FireEye’s, and lengthening sales cycles due to the integration issues. See ¶¶92 15 100, 102-104, 112, 115. Sheridan further failed to disclose that in the 2Q, sales personnel wer 16 incentivized to obtain “no fee” retainers with customers over selling product, leading to a declin

17 in product sales. See ¶¶97-98. 18 180. The statements regarding cross selling and sales force training were mi 19 because Sheridan failed to disclose that sales personnel were having difficulty selling unfamilia

20 product and cross-selling customers. See ¶¶92-100, 102-104, 115. 21 H. June 3, 2014 Bank of America Merrill Lynch Global Technology Conference 22 181. At the June 3, 2014 Bank of America Conference, DeWalt made the following

23 misleading statements regarding product revenue:

24 Tal Liani - BofA Merrill Lynch – Analyst 25 Product revenue. Last quarter product revenues were weak and the consent was that that this was a sign of a slowdown. And you 26 explained it on the conference call. Can you discuss again what happened last quarter with product revenues and why it is not a 27 sign for a forthcoming slowdown in activity?

OLIDATED AMENDED CLASS ACTION COMPLAINT 56 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 60 of 84

1 Dave DeWalt - FireEye, Inc. - Chairman and CEO 2 I guess there is a difference between weak and strong at least on the perception because we felt like (multiple speakers) whoever’s 3 model was there. I just look at it this way, product and product subscriptions is our product. So the mix between product revenue 4 and product subscription revenue is not a factor for the way we look at our business. In fact we almost like more product 5 subscription than we like product because it creates a longer-term ratable business model for the company and we think it creates 6 stickier opportunity than hardware at point of customer, point-of- sale.

7 ***

8 So we had a blend difference between product and product 9 subscription in the quarter largely due to one major factor which was Mandiant.... So it is just important that it is complicated on 10 the models and it is also important to look at it in totality, at least that is how we look and we do not in our go-to-market model 11 distinguish a difference in the way we pay our reps or go to market trying to get them to do more product content versus product 12 subscription content versus support or services so a dollar is a dollar across those four components.

13 14 182. The statements regarding product revenue were false and misleading 15 DeWalt failed to acknowledge that product revenue and sales were decelerating due to th

16 negative impact of integration issues, including that sales personnel were having difficul

17 selling unfamiliar product and cross-selling customers, and were being forced to deal wi

18 separate product and services decision-makers at customers, Mandiant’s systems not bein

19 integrated into FireEye’s, and lengthening sales cycles as a result. See ¶¶92-100, 102-104, 11 20 115. DeWalt further failed to disclose that in the 2Q, sales personnel were incentivized to obta 21 “no fee” retainers with customers over selling product, leading to a decline in product sales. S 22 ¶¶97-98.

23 I. August 5, 2014 2Q14 Earnings Call 24 183 On the August 5, 2014 2Q14 earnings call, DeWalt made the followi

25 misleading statement regarding cross selling: “We also increased the number and the value o 26 deals that included multiple products, including cross-sell of FireEye and Mandiant products.” 27 184. This statement was misleading because DeWalt failed to disclose that

28 personnel were having difficulty selling unfamiliar product and cross-selling customers

OLIDATED AMENDED CLASS ACTION COMPLAINT 57 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 61 of 84

¶¶92-100, 102-104, 112, 115), and that in the 2Q, sales personnel were incentivized to obtain 2 I fee” retainers with customers over selling product, leading to a decline in product sales. 3 ¶¶97-98. 4 185. On the same call, DeWalt made the following misleading statement regarding

5 sales force, cross-selling, and sales cycles: 6 Rick Sherlund - Nomura Asset Management – Analyst 7 First on John McGee, are you planning on any changes, restructuring and so forth of the sales organization? We’ve found 8 historically that can be kind of disruptive. If you can address what your plans might be there?

9 Dave DeWalt - FireEye Inc - Chairman, CEO

10 We’re really excited to have John come aboard, number one. But 11 we really have kind of a best of both worlds, frankly. We have Jeff Williams, who’s done an amazing job helping to build this 12 Company from sort of zero to $0.5 billion range here. He’s taking over the big portion of the Americas operation, which as you know 13 is 65% to 70% of our business. John’s taking over global sales. John’s had a track record of running and operating billion-dollar- 14 plus businesses, so we’re excited to have both of them.

15 But the answer to your question is no, we’re not do [sic] anything restructuring in sales operations.

16 ***

17 But for the most part, sales is doing great. We’re scaling 18 internationally. We have multi-vectors of sales we’re doing, both inside sales, partner sales, service-led sales, and product sales. For 19 the most part we feel pretty good about what we’re doing . We’re just trying to bring in some new leadership to help get us to the 20 next level, and quite frankly, just augment what we’ve got. No major change there.

21 Rick Sherlund - Nomura Asset Management - Analyst

22 [O]n the sales cycle, any comments in terms of with Mandiant, has 23 it – and the branding benefit you get from that and the publicity around Target and some of the others? Have you seen any material 24 shortening of the sales cycle?

25 Dave DeWalt - FireEye Inc - Chairman, CEO 26 One of the things that Mike alluded to in his script was improving our cross-sell between FireEye’s base and Mandiant’s base, and 27 Mandiant’s stuff back to FireEye. We made some really good traction. We went from like 15 or so cross sales from Q4 to Q1 in 28 our first-quarter of operation, and now had triple that in the next quarter of operations. OLIDATED AMENDED CLASS ACTION COMPLAINT 58 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 62 of 84

1 We’re seeing some good things. The number of companies that we’ve cross-sold to is picking up.... We like what we’re seeing. 2 They are shortening the sales cycle, especially where the Infinite Responding-led model starts.

3 4 186. DeWalt’s statement that “we’re not doing any restructuring in sales operati

5 and that there was “no major change there” was false and misleading because DeWalt failed 6 disclose that there had been lay-offs in August as a result of problems with the integration. 7 ¶103. 8 187. The statements regarding cross selling and shortening the sales cycle 9 misleading because DeWalt failed to disclose that the sales force was having difficulty

10 unfamiliar product and cross-selling product to customers, and sales cycles were

11 from integration issues including separate financial systems and general confusion. See ¶¶92 12 100, 102-104, 112, 115. 13 188. On the same call, DeWalt made the following misleading statements

14 competition, cross-selling, and sales cyles:

15 Rob Owens - Pacific Crest Securities – Analyst 16 And Dave, as you look at the market place, you mentioned you’re doing a better job of cross-selling. Talk about new customer 17 acquisition, because it seems like there’s a lot of noise out there from competition. Are you seeing any elongation in sale cycles, or 18 just how that’s playing out?

19 Dave DeWalt - FireEye Inc - Chairman, CEO

20 I think that’s the heart of what we watch and monitor here.... We certainly did a lot better in Q2 than we did in Q1 when it came to 21 cross-selling of FireEye-Mandiant technology, and even selling multiple products, as Mike mentioned, into FireEye cases in the 22 FireEye customers. Then it’s just the upsell [in] the last one – selling more product to the same customer. All those keep moving 23 positively. The competition really hasn’t had any impact that’s of notice. Quite frankly, our win rates are extraordinarily high across 24 the board. 25 We recognize we’re not in all markets in all segments. But at the same time, whenever we’ve competed directly, we have a very 26 high win rate – near 100% win rates.... When I look at that compared to where we’re at with competition, I feel good about it.

OLIDATED AMENDED CLASS ACTION COMPLAINT 59 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 63 of 84

1 189. The statements that cross-selling was improving and that the competition had

2 no impact are misleading because DeWalt failed to disclose that (1) the sales force was

3 difficulty cross-selling products ( see ¶¶99, 115); and (2) problems with Mandiant’s MIR

4 were causing customers to leave for competitors, shrinking the pipeline, and that channel

5 was causing a loss in business. See ¶¶66-71, 113, 114. 6 190. DeWalt’s failure to disclose that sales cycles were lengthening was misleadi 7 because sales personnel were having difficulty selling unfamiliar product and cross-sell 8 customers, and were forced to deal with separate product and services decision-makers 9 customers, Mandiant’s systems not being integrated into FireEye’s, and lengthening sales cyc 10 as a result. See ¶¶92-100, 102-104, 112, 115. DeWalt further failed to disclose that in the 2

11 sales personnel were incentivized to obtain “no fee” retainers with customers over

12 product, leading to a decline in product sales. See ¶¶97-98. 13 191. On the same call, DeWalt made the following misleading statements 14 I competition and sales cycles: 15 Daniel Ives - FBR Capital Markets – Analyst 16 Tom, I’m curious in terms of, not just sales cycles, but competition-wise, are you starting to see any changes out there, as 17 more of your competitors are going after the same space -- almost copycat solutions? Are you seeing any changes out there in the 18 field?

19 Dave DeWalt - FireEye Inc - Chairman, CEO 20 Daniel, this is Dave. I would tell you similar to I think what Rob was asking – Rob Owens was asking, we haven’t. Sales cycles 21 have been very consistent . The average sales price discounts have been consistent. We certainly see the news much like you do about 22 competitors kind of copying FireEye’s model here, and talking about sandboxes or virtual machines or some sort of improved 23 detection. But the proof is when we compete head-on , and we feel we have a substantial gap.

24 25 192. The statement regarding sales cycles being consistent was misleading 26 DeWalt failed to disclose that sales personnel were having difficulty selling unfamiliar

27 and cross-selling customers, and were being forced to deal with separate product and 28 decision-makers at customers, Mandiant’s systems not being integrated into FireEye’s,

OLIDATED AMENDED CLASS ACTION COMPLAINT 60 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 64 of 84

1 lengthening sales cycles as a result. See ¶¶92-100, 102-104, 112, 115. DeWalt further failed 2 disclose that in the 2Q, sales personnel were incentivized to obtain “no fee” retainers

3 customers over selling product, leading to a decline in product sales. See ¶¶97-98. 4 193. The statement regarding competition was misleading because DeWalt failed

5 disclose that problems with Mandiant’s MIR product were causing customers to leave 6 competitors, shrinking the pipeline, and that channel friction was causing a loss in business. 7 ¶¶66-71, 113, 114. 8 194. On the same call, DeWalt and Sheridan made the following misleading 9 regarding pipeline: 10 Dave DeWalt - FireEye Inc - Chairman, CEO 11 As we look into the second half with enterprise spending, you tend to see a lot more opportunity if you’re us, as we worked during the 12 first half of the year to build pipeline and close it in the second half of the year. For all the factors that I just described, that’s why 13 you’re seeing an increase of that growth rate a bit, as you get into the first nine months versus the Q4 quarter; just because again, a 14 lot of things get teed up. A lot of renewal opportunity. A lot of opportunity for us to close bigger transactions. We think the 15 pipeline and outlook looks good there . Mike, do you want to add onto that?

16 Michael Sheridan - FireEye Inc - SVP, CFO

17 As I mentioned in my comments, we are seeing a good increase in 18 the number of accounts that are purchasing products across Mandiant, FireEye, nPulse, and so forth. That’s a primary driver. I 19 think in terms of confidence, certainly just the fact that we’re guiding it, we believe that the road is there. We believe the pipeline 20 is there. We think our sales force is making great progress ramping up. Yes, we’re heading into the second half with an 21 optimistic view. 22 195. These statements regarding the strength of the pipeline and the success of

23 sales force in cross-selling product were misleading because Sheridan failed to disclose that (1

24 the sales force was having difficulty cross-selling products ( see ¶¶99, 115); and (2) problem

25 with Mandiant’s MIR product were causing customers to leave for competitors, shrinking th

26 pipeline, and that channel friction was causing a loss in business. See ¶¶66-71, 113, 114.

OLIDATED AMENDED CLASS ACTION COMPLAINT 61 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 65 of 84

1 J. August 11, 2014 Pacific Crest Global Technology Leadership Forum 2 196. At the August 11, 2014 Pacific Crest forum, Sheridan failed to disclose that

3 cycles were lengthening in response to the following question on sales cycles, which

4 response did not address: 4

5 Unidentified Participant 6 We’ve been a little bit on the competitive landscape – very noisy and continues to pick up considerably. Any impact that you guys 7 are seeing relative to sales cycles? And is new customer acquisition stalling as a result of the noise?

8 9 197. Sheridan’s failure to disclose that sales cycles were lengthening was misleadi 10 I because sales personnel were having difficulty selling unfamiliar product and 11 customers, and were forced to deal with separate product and services decision-makers

12 customers, Mandiant’s systems not being integrated into FireEye’s, and lengthening sales cyc

13 as a result. See ¶¶92-100, 102-104, 112, 115. Sheridan further failed to disclose that proble

14 with Mandiant’s MIR product were causing customers to leave for competitors, shrinking

15 pipeline, and that channel friction was causing a loss in business. See ¶¶66-71, 113, 114. 16 198. At the same forum, Sheridan made the following misleading statements

17 channel partners:

18 Unidentified Participant 19 And along that point, if I can interject, how do avoid channel conflict along those lines? Because Mandiant offers services, 20 managed services. A lot of your [top] channel partners offer services and managed services. And so as that ramps and there’s a 21 better integration there, how do you avoid channel conflict?

22 Michael Sheridan - FireEye, Inc. - SVP, CFO 23 It’s a great question. It’s one that we had to spend a lot of time with our channel – and I’ll start at the end and then work 24 backwards.

25 Where we are today is, our channel remains very engaged. We haven’t lost our channel partners. As you can see in Q2, we’ve 26 done just the opposite. They remain very strong, in terms of

27 4 Sheridan’s response addressed only the question regarding new customer acquisition, 28 competition generally.

OLIDATED AMENDED CLASS ACTION COMPLAINT 62 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 66 of 84

1 relationships.... So many channel partners will offer a managed service where they will say to a company, you’ve got all this stuff 2 deployed; we’ll help you manage it.

3 If you compare that to what we mean in terms of incident response and breach response and this deep cyber-security expertise, threat- 4 intelligence kind of thing – they’re generally not in that business.

5 Now, it’s not 100% one way or the other. And where there is some cross-over, we’ve got very talented channel – internal channel 6 executives and others that will establish rules of engagement as to how to deal with those conflicts, such that we can maintain good 7 relationships. And I think we’ve been very successful with that . 8 *** 9 But the bottom line is, we’ve spent a lot of time with the channel to ensure that those conflicts are addressed. Where there could be 10 overlap, we establish rules of engagement to deal with them. But in the significant majority of the time, it really hasn’t been a 11 problem . 12 199. The statements that relationships with the channel were strong were 13 because Sheridan failed to disclose that selling Mandiant services was causing friction with

14 channel partners that sold competing services at higher margin, leading to a significant loss o 15 I channel business. See ¶113.

16 K. September 3, 2014 Citi Global Technology Conference

17 200. At the September 3, 2014 Citi conference Mandia and Sheridan mi 18 denied that there had been a sales force restructuring:

19 Walter Pritchard - Citi – Analyst 20 And Kevin, for you, you came from the Mandiant side, the Company has gone through an integration there I think on the 21 conference in Q2 you talked about making some restructuring moves around just sort of bringing the companies together. Can 22 you update us on the integration and was that restructuring planned or was that sort of --?

23 Kevin Mandia - FireEye, Inc. - SVP, COO

24 I don’t think that was restructuring. Mike, do you want to talk to 25 that? I mean, what we were really doing there.

26 Michael Sheridan 27 Yes. I mean, I think the word restructuring would imply something very different than what we did. Restructuring would be, gee, we 28 wanted to invest in this particular product, and so we hired these

OLIDATED AMENDED CLASS ACTION COMPLAINT 63 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 67 of 84

1 people and now we don’t think it’s a great idea so we’re going to take them out and –

2 Kevin Mandia - FireEye, Inc. - SVP, COO

3 I don’t know the exact word but that was something –

4 Michael Sheridan

5 We’re going to have some overlap in employees. We may have 6 hired into some regions that now, in retrospect, may not have been exactly where we should have made our bets. There’s going to be 7 those kinds of things. So I wanted to talk about that on the call, and I refer to it as cost alignment and cost optimization which is 8 exactly what it is because as we move towards that target model, we’re going to continue to do so with an eye towards growth but 9 also recognizing that we have to be efficient.

10 201. Mandia’s and Sheridan’s failure to disclose that the Company had

11 employees (see ¶103) because of integration issues that negatively impacted product sales

12 materially misleading. See ¶¶92-100, 102-104, 112, 115.

13 L. September 18, 2014 FireEye Tech Talk

14 202. On the September 18, 2014 FireEye Tech Talk call, DeWalt made the fo

15 misleading statements regarding the Mandiant integration:

16 The culmination of FireEye and Mandiant now eight months, nine 17 months into the acquisition and merger between the two firms, and I can’t be more pleased, quite honestly. Everything that we had 18 told you at the beginning of this acquisition is coming true and more. We’re finding ourselves with a tremendous amount of 19 synergy, not just in the people and the expertise that Mandiant has brought, but also the intelligence and the products.

20 203. This statement regarding the “tremendous amount of synergy” and the success

21 the integration was misleading because DeWalt failed to disclose that (1) the sales force was in

22 disarray, with sales personnel in the field confused about how to integrate Mandiant’s service

23 offerings and legacy Mandiant sales personnel ignorant about FireEye’s products ( see ¶¶93-95

24 104); (2) the rapid increase in sales force resulting in chaos as the two companies’ systems were

25 not integrated, such that sales personnel did not know who was selling what, where ( see ¶¶93-95

26 112, 115); and (3) Mandiant’s services offering was causing significant friction with channe

27 partners who sold competing services, causing a loss of channel business (s ee ¶113).

OLIDATED AMENDED CLASS ACTION COMPLAINT 64 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 68 of 84

1 I VII. THE ENTIRE TRUTH IS FINALLY REVEALED 2 204. Only two weeks after FireEye announced FireEye-as-a-Service on September 17,

3 2014, the Company stunned the market by disclosing a pronounced shift in revenue from produc 4 to services, as well as revenues at the low end of their previous guidance and lower tha

5 analysts’ consensus expectations – in other words, a marked deceleration in product revenu 6 growth leading to lower reported revenues as service revenues are largely deferred. Defendant 7 attributed the shift to “outperformance” of FireEye-as-a-Service, a new subscription servic 8 (“SaaS”) the Company had announced in September 2015 – only two weeks before the end of th 9 third quarter. A Citigroup analyst cut his price target in response, stating that analyst consensu

10 revenue estimates would decline given the reduction in product revenue, and that FireEye’

11 growth would be difficult to estimate given the changes in its revenue recognition practices an 12 its introduction of subscription models like FireEye-as-a-Service. 13 205. A November 5, 2014 William Blair analyst report highlighted the deceleration

14 product revenue, stating that: 15 We believe some investors will view the light revenue results with skepticism, given the slower-than-anticipated growth of product 16 revenue. We expect the stock to open materially lower reflecting the disappointment and increasing fears over competition and 17 sustainability of the business model . We view the results as acceptable, but are concerned that product billings were not 18 stronger given the investments the company has made in expanding its salesforce, which we believe should be translating 19 into stronger results. 20 206. A November 5, 2014 Stephens analyst report observed that FireEye-as-a- 21 had been “introduced just two weeks before the end of the quarter” and that “FireEye’s host

22 new products...seem to have not yet made a meaningful impact on the business.” 23 207. In reaction to FireEye’s disappointing product revenue, the Company’s

24 plummeted 14.98%, on unusually heavy trading volume, with 25,224,200 shares

25 compared with an average daily trading volume over the Class Period of 5,850,012 shares.

26 VIII. ADDITIONAL SCIENTER ALLEGATIONS 27 208. During the Class Period, DeWalt and Sheridan reaped the rewards of Defendants 28 fraud while FireEye’s stock price was artificially inflated. As shown in the tables below, DeW

OLIDATED AMENDED CLASS ACTION COMPLAINT 65 NO. 5:14- CV-05204-EJD Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 69 of 84

1 sold 485,656 shares of his FireEye stock for net proceeds of over $38.5 million. In co

2 DeWalt had no proceeds in the time periods both before and after the Class Period.

3 sold 121,733 shares of his FireEye stock for net proceeds of over $9.5 million. In co

4 Sheridan had no proceeds in the time periods both before and after the Class Period.

5 Pre-Class Period 9/20/13 – 1/1/14

8 Class Period 1/2/14 – 11/4/14

14 Post-Class Period 11/5/14 – 6/12/15

20 IX. CLASS ACTION ALLEGATIONS

21 209. Plaintiffs bring this action as a class action pursuant to Federal Rule of Civi

22 Procedure 23(a) and (b)(3) on behalf of a Class, consisting of all purchasers of FireEye’

23 securities between January 2, 2014 and November 4, 2014 inclusive and who were damage

24 when the truth about the deceleration in FireEye’s product revenue was disclosed. Exclude

25 from the Class are Defendants, the officers and directors of the Company, at all relevant times

26 members of their immediate families and their legal representatives, heirs, successors or assign

27 and any entity in which Defendants have or had a controlling interest.

OLIDATED AMENDED CLASS ACTION COMPLAINT 66 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 70 of 84

1 210. The members of the Class are so numerous that joinder of all members i 2 impracticable. Throughout the Class Period, FireEye had more than 137,000,000 shares o

3 common stock outstanding that traded on the NASDAQ. While the exact number of Clas

4 members is unknown to Plaintiffs at this time and can only be ascertained through appropriate

5 discovery, Plaintiffs believe that there are hundreds or thousands of members in the proposed 6 Class. Record owners and other members of the Class may be identified from record 7 maintained by FireEye or its transfer agent and may be notified of the pendency of this action by 8 mail, using the form of notice similar to that customarily used in securities class actions. 9 211. Plaintiffs’ claims are typical of the claims of the members of the Class as al

10 members of the Class are similarly affected by Defendants’ wrongful conduct in violation o 11 federal law that is complained of herein. 12 212. State-Boston and Fadia will fairly and adequately protect the interests of

13 members of the Class and have retained counsel competent and experienced in class

14 securities litigation. 15 213. Common questions of law and fact exist as to all members of the Class

16 predominate over any questions solely affecting individual members of the Class. Among

17 questions of law and fact common to the Class are:

18 (a) whether the federal securities laws were violated by Defendants’ acts as 19 I herein; 20 (b) whether statements made (or omissions) by Defendants to the investing publi 21 during the Class Period misrepresented (or omitted) to state material facts about FireEye’ 22 business, in particular its product sales and product revenue following the Mandiant acquisitio 23 during the Class Period, as well as the Company’s operations and management;

24 (c) whether the Defendants made their misstatements or misrepresentations with th

25 required scienter; and

26 (d) to what extent the members of the Class have sustained damages and the

27 measure of damages.

OLIDATED AMENDED CLASS ACTION COMPLAINT 67 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 71 of 84

1 214. A class action is superior to all other available methods for the fair and efficie

2 adjudication of this controversy since joinder of all members is impracticable. Furthermore,

3 the damages suffered by individual Class members may be relatively small, the expense a 4 burden of individual litigation make it impossible for members of the Class to individua

5 redress the wrongs done to them. There will be no difficulty in the management of this action 6 I a class action. 7 X. APPLICABILITY OF PRESUMPTION OF RELIANCE UNDER THE AFFILIATED UTE DOCTRINE, AND/OR, IN THE ALTERNATIVE, 8 THE FRAUD ON THE MARKET DOCTRINE 9 215. Plaintiffs are entitled to a presumption of reliance under Affiliated Ute v. Un 10 States, 406 U.S. 128 (1972), because the claims asserted herein against the Defendants

11 primarily predicated upon omissions of material fact which there was a duty to disclose. 12 216. Plaintiffs are entitled to a presumption of reliance because, as more fully alleg

13 above, the Defendants failed to disclose material information regarding the Mandiant integrati 14 issues that negatively impacted product sales and product revenue, elongated sales cycles, a

15 caused customers to leave for competitors. 16 217. Alternatively, Plaintiffs are entitled to a presumption of reliance under the fra

17 on the market doctrine of the Defendants’ material misrepresentations and omissions, because

18 all relevant times, the market for FireEye’s securities was an efficient market for the followi

19 reasons, among others:

20 (a) FireEye’s stock met the requirements for listing, and was listed and active 21 traded on the NASDAQ, a highly efficient and automated market;

22 (b) As a regulated issuer, FireEye filed periodic public reports with the SEC (and w 23 eligible to file SEC Form S-1) and the NASDAQ;

24 (c) FireEye regularly communicated with public investors via established mark

25 communication mechanisms, including through regular disseminations of press releases on t

26 national circuits of major newswire services and through other wide-ranging public disclosur

27 such as communications with the financial press and other similar reporting services; and

OLIDATED AMENDED CLASS ACTION COMPLAINT 68 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 72 of 84

1 (d) FireEye was followed by numerous investor research services that

2 publicly available reports, as well as by several securities analysts (including Tal Liani and Eri

3 Ghernati at Bank of America Merrill Lynch; Raimo Lenschow, Saket Kalia, Stefan 4 I David Wang, Chris Hogan, Harris Heyer, and Andrew Kisch at Barclays; Walter Pritchard 5 Citigroup; Gregg Moskowitz, Matthew Broome, Christine Arnold, Charles Rhyee, and Co 6 Synesael at Cowen and Company; Karl Keirstead, Jobin Mathew, and Imtiaz Koujalgi 7 Deutsche Bank; Shebly Seyrafi at FBN Securities; Daniel Ives and Jim Moore at FBR Capi 8 Markets; Hendi Susanto at Gabelli & Company; Greg Dunham and Matthew Niknam 9 Goldman Sachs; Michael Kim at Imperial Capital; Sterling Auty, Saket Kalia, Kenneth 10 Talanian Jr., Darren Jue, Jackson E. Ader, and Sumeet Surana at J.P. Morgan; Erik Suppiger a 11 John Lucia at JMP Securities; Keith Weiss and Melissa Gorham at Morgan Stanley; R 12 Sherlund at Nomura Asset Management; Shaul Eyal at Oppenheimer; Rob Owens at Paci 13 Crest Securities; Andrew J. Nowinski and Ryan R. Bergan at Piper Jaffray; Jonathan Ruykha

14 and Nathan Leiphardt at Stephens Inc.; Gur Talpaz at Stifel Nicolaus; Richard Williams, Sr 15 Nandury, and Srini Sundararajan at Summit Research; Frederick Ziegel at Topeka Capi 16 Markets; Brent Thill, Reid Menge, John Byun, and Fatima Boolani at UBS Investment Resear 17 Sanjit Singh, Rohit Chopra, and Ryan Flanagan at Wedbush; Gray Powell and Pr 18 Parasuraman at Wells Fargo; and Jonathan Ho and John Weidemoyer at William Blair 19 Company) at major brokerage firms who wrote reports that were distributed to the sales fo

20 and certain customers of their respective brokerage firms. Each of these reports was publi

21 available and entered the public marketplace. 22 218. As a result of the foregoing, the market for FireEye’s securities promptly

23 current information regarding FireEye from all publicly available sources and reflected 24 information in FireEye’s stock price. Under these circumstances, all purchasers of FireEye’

25 securities during the Class Period suffered similar injury through their purchase of FireEye’

26 securities at artificially inflated prices and a presumption of reliance applies.

OLIDATED AMENDED CLASS ACTION COMPLAINT 69 NO. 5:14- CV-05204-EJD Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 73 of 84

1 XI. NO SAFE HARBOR 2 219. The statutory safe harbor provided for forward-looking statements under

3 circumstances does not apply to any of the allegedly false statements pleaded in this Com 4 Many of the specific statements pleaded herein were not identified as “forward-

5 statements” when made. To the extent there were any forward-looking statements, there were 6 meaningful cautionary statements identifying important factors that could cause actual results 7 differ materially from those in the purportedly forward-looking statements. Further, most of t 8 identified false and misleading statements and omissions herein are not forward looki 9 statements, but are statements of current and historic fact regarding FireEye’s practices. 10 220. To the extent that any of the false and misleading statements identified herein a

11 mixed statements of current fact and forward looking projection, the portion of those stateme

12 relating to current fact are not protected by the safe harbor. 13 221. Alternatively, to the extent that the statutory safe harbor does apply to a 14 forward-looking statements pleaded herein, Defendants are liable for those false forward-looki

15 statements because at the time each of those forward-looking statements was made, the parti

16 speaker knew that the particular forward-looking statement was false, and/or the forward-loo

17 statement was authorized and/or approved by an executive officer of FireEye who knew 18 those statements were false when made.

19 XII. LOSS CAUSATION/ECONOMIC LOSS 20 222. Defendants’ wrongful conduct, as alleged herein, directly and proximately cause 21 the damages suffered by Plaintiffs and the Class. 22 223. During the Class Period, as detailed herein, Defendants engaged in a scheme t 23 deceive the market and a course of conduct which artificially inflated the price of FireEye’

24 securities by (1) misrepresenting that the Mandiant integration was progressing “smoothly” an 25 “rapidly”; and (2) failing to disclose significant integration issues from the Mandiant acquisition 26 including problems integrating the latest Mandiant MIR product with the FireEye platform tha 27 drove customers to competitors, confusion in the combined sales force over selling unfamilia

28 products to customers that were unwilling to be “cross-sold,” incentives to get retainers in p

OLIDATED AMENDED CLASS ACTION COMPLAINT 70 NO. 5:14- CV-05204-EJD Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 74 of 84

1 over selling product; and elongation of product sales cycles as a result of the disruption 2 by these integration issues, resulting in product revenue deceleration.

3 224. The truth about FireEye’s integration problems and product sales decline

4 partially disclosed in a press release issued after the market closed on May 6, 2014 in wh

5 Defendants announced product revenue (which analysts, e.g. , Deutsche Bank, viewed 6 “driv[ing] overall momentum”) that meaningfully fell short of analysts’ estimates. In respon 7 FireEye’s stock price plummeted 22.84% to close at $28.65 per share on May 7, 2014 8 unusually heavy trading volume, with 23,205,700 shares traded compared with an average d 9 trading volume over the Class Period of 5,850,012 shares. 10 225. The truth about FireEye’s continuing problems with product sales and integratio 11 issues was further partially disclosed (1) in a press release issued after the market closed o 12 August 5, 2014 in which Defendants announced a revenue recognition change that would allo 13 the Company to record revenue at shipping for its email appliance product, rather than th 14 historical recognition over a contractual term; and (2) in a press release issued after the mark

15 closed on August 5, 2014 in which Defendants announced the appointment of a new global hea

16 of sales, and on the August 5, 2014 earnings call in which Defendants acknowledged “co

17 savings” from “personnel consolidation.” In response, FireEye’s stock price fell a furth 18 11.42%, to close at $30.78 per share on August 6, 2014 on unusually heavy trading volume, wit 19 12,839,900 shares traded compared with an average daily trading volume over the Class Perio

20 of 5,850,012 shares. 21 226. The entire truth about FireEye’s decelerating product revenue was final 22 disclosed in a press release issued after the market closed on November 4, 2014 in whic 23 Defendants announced a pronounced shift in revenue from product to services, as well a

24 revenues at the low end of their previous guidance and lower than analysts’ consensu

25 expectations. In response, FireEye’s stock price plummeted 14.98%, on unusually heavy tradin

26 volume, with 25,224,200 shares traded compared with an average daily trading volume over th 27 Class Period of 5,850,012 shares.

OLIDATED AMENDED CLASS ACTION COMPLAINT 71 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 75 of 84

1 COUNT I 2 Violation Of Section 10(b) Of The Exchange Act And Rule 10b-5(b) 3 Promulgated Thereunder Against All Defendants 4 227. Plaintiffs repeat and reallege each and every allegation contained above as if fully

5 I set forth herein. 6 228. During the Class Period, Defendants carried out a plan, scheme and course o 7 conduct which was intended to and, throughout the Class Period, did: (i) deceive the investing 8 public regarding FireEye’s business, operations, management and the intrinsic value of FireEye’ 9 securities; and (ii) cause Plaintiff and other members of the Class to purchase securities a

10 artificially inflated prices. In furtherance of this unlawful scheme, plan and course of conduct 11 Defendants, and each of them, took the actions set forth herein. 12 229. Defendants (a) employed devices, schemes, and artifices to defraud; (b) made

13 untrue statements of material fact and/or omitted to state material facts necessary to make the

14 statements not misleading; and (c) engaged in acts, practices, and a course of business which

15 operated as a fraud and deceit upon the purchasers of the Company’s securities in an effort to

16 maintain artificially high market prices for FireEye’s securities in violation of Section 10(b) o 17 the Exchange Act and Rule 10b-5. All Defendants are sued as primary participants in the

18 wrongful and illegal conduct charged herein. 19 230. Defendants, individually and in concert, directly and indirectly, by the use, mean

20 or instrumentalities of interstate commerce and/or of the mails, engaged and participated in a

21 continuous course of conduct to conceal adverse material information about the adverse i

22 of integration issues from the Mandiant acquisition on product sales and product revenue durin 23 the Class Period, as specified herein. 24 231. The Defendants employed devices, schemes and artifices to defraud, while

25 possession of material adverse non-public information, and engaged in acts, practices, and

26 course of conduct as alleged herein in an effort to assure investors of FireEye’s value an

27 performance and continued substantial growth, which included the making of, or t

28 participation in the making of, untrue statements of material facts and omitting to state materi

OLIDATED AMENDED CLASS ACTION COMPLAINT 72 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 76 of 84

1 facts necessary in order to make the statements made about FireEye, the integration of

2 and FireEye’s product sales and product revenue in the light of the circumstances under w

3 they were made, not misleading, as set forth more particularly herein, and engaged i 4 transactions, practices and a course of business which operated as a fraud and deceit upon

5 purchasers of FireEye’s securities during the Class Period. 6 232. Each of the Individual Defendants’ primary liability arises from the fo 7 facts: (i) the Individual Defendants were high-level executives and/or directors at the Compa 8 during the Class Period and members of the Company’s management team or had cont 9 thereof; (ii) each of these Defendants, by virtue of his responsibilities and activities as a sen

10 officer of the Company was privy to and participated in the creation, development and report

11 of the Company’s internal budgets, plans, projections and/or reports; (iii) each of th 12 Defendants enjoyed significant personal contact and familiarity with the other Defendants a

13 was advised of and had access to other members of the Company’s management team, inter

14 reports and other data and information about the Company’s finances, operations, and sales at

15 relevant times; and (iv) each of these Defendants was aware of the Company’s dissemination 16 information to the investing public which they knew or recklessly disregarded was materia 17 false and misleading, or failed to disclose material information that made those statements fa

18 and misleading. 19 233. The Defendants had actual knowledge of the misrepresentations and omissions o 20 I material facts set forth herein, or acted with reckless disregard for the truth in that they failed 21 ascertain and to disclose such facts, even though such facts were available to them. Defendants

22 material misrepresentations and/or omissions were done knowingly or recklessly and for the

23 purpose and effect of concealing the problems stemming from the Mandiant acquisition and thei 24 detrimental impact on the sales force, product sales, and product revenue from the investing

25 public and supporting the artificially inflated price of the Company’s securities. A 26 demonstrated by Defendants’ misstatements of the Mandiant integration, FireEye’s produc

27 sales, and product revenue throughout the Class Period, Defendants, if they did not have actua 28 knowledge of the misrepresentations and omissions alleged, were reckless in failing to obtain

OLIDATED AMENDED CLASS ACTION COMPLAINT 73 NO. 5:14- CV-05204-EJD Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 77 of 84

1 such knowledge by deliberately refraining from taking those steps necessary to discover 2 those statements were false or misleading.

3 234. As a result of the dissemination of the materially false and misleading i

4 and failure to disclose material facts, as set forth above, the market price of FireEye’s securitie

5 was artificially inflated during the Class Period. In ignorance of the fact that market price o 6 FireEye’s securities was artificially inflated, and relying directly or indirectly on the false an 7 misleading statements made by Defendants, or upon the integrity of the market in which th 8 securities trade, and/or on the absence of material adverse information that was known to o 9 recklessly disregarded by Defendants but not disclosed in public statements by Defendant 10 during the Class Period, Plaintiffs and the other members of the Class acquired FireEye’

11 securities during the Class Period at artificially high prices and were damaged when the value o 12 their securities declined upon disclosure of the truth about Defendants’ false and misleadin

13 statements and omissions. 14 235. At the time of said misrepresentations and omissions, Plaintiffs and

15 members of the Class were ignorant of their falsity, and believed them to be true. Had Pla

16 and the other members of the Class and the marketplace known the truth regarding the Ma 17 integration and FireEye’s product sales, which were not disclosed by Defendants, Plaintiffs an

18 other members of the Class would not have purchased or otherwise acquired their FireEye’

19 securities, or, if they had acquired such securities during the Class Period, they would not hav 20 done so at the artificially inflated prices which they paid. 21 236. By virtue of the foregoing, Defendants have violated Section 10(b) of th 22 Exchange Act, and Rule 10b-5 promulgated thereunder. 23 237. As a direct and proximate result of Defendants’ wrongful conduct, Plaintiffs an 24 the other members of the Class suffered damages in connection with their respective purchase

25 and sales of the Company’s securities during the Class Period.

OLIDATED AMENDED CLASS ACTION COMPLAINT 74 NO. 5:14- CV-05204-EJD

Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 78 of 84

1 COUNT II 2 Violation Of Section 10(b) Of The Exchange Act And Rule 10b-5(a) and (c) 3 Promulgated Thereunder Against All Defendants 4 238. Plaintiffs repeat and reallege each and every allegation contained above as if

5 I set forth herein.

6 239. This Count is brought solely and exclusively under the provisions of Rule 1 7 5(a) and (c). Accordingly, Plaintiff need not allege in this Count nor prove in this case that 8 of the Defendants made any misrepresentations or omissions of material fact for which they m 9 also be liable under Rule 10b-5(b) and/or any other provisions of law. 10 240. During the Class Period, Defendants carried out a common plan, scheme,

11 unlawful course of conduct that was intended to, and did: (i) deceive the investing public 12 including Plaintiffs and the Class; (ii) artificially inflate the market price of FireEye’s securities

13 and (iii) cause Plaintiffs to purchase FireEye’s securities at artificially inflated prices. 14 241. In furtherance of this unlawful plan, scheme and course of conduct, Defendant

15 employed devices, schemes and artifices to defraud, and knowingly and/or recklessly engaged in

16 acts, transactions, practices, and courses of business that operated as a fraud and deceit upon 17 Plaintiffs and the Class in connection with their purchases of FireEye’s securities, in violation o 18 Section 10(b) of the Exchange Act and Rule 10b-5(a) and (c) promulgated thereunder. 19 242. Defendants’ fraudulent devices, schemes, artifices and deceptive acts, practices

20 and course of business included the knowing and/or reckless suppression and concealment 21 information regarding the Mandiant integration and its detrimental impact on FireEye’s prod

22 sales and product revenue. 23 243. Plaintiffs and the Class reasonably relied upon the integrity of the market

24 which FireEye’s securities traded. 25 244. During the Class Period, Plaintiffs and the Class were unaware of Defendants 26 I fraudulent scheme and unlawful course of conduct. Had Plaintiffs and the Class known o 27 Defendants’ unlawful scheme and unlawful course of conduct, they would not have

OLIDATED AMENDED CLASS ACTION COMPLAINT 75 NO. 5:14- CV-05204-EJD Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 79 of 84

1 FireEye’s securities, or if they had, would not have done so at the artificially inflated prices 2 I for such securities. 3 245. As a direct and proximate result of Defendants’ scheme to defraud and 4 I unlawful course of conduct, Plaintiffs and the Class suffered damages in connection with 5 purchases of FireEye’s securities during the Class Period. 6 246. By reason of the foregoing, Defendants violated Section 10(b) of the Exc 7 Act and Rule 10b-5(a) and (c) promulgated thereunder, and are liable to Plaintiffs and the 8 for damages suffered in connection with their purchases of FireEye’s securities during the 9 Period. 10 COUNT III 11 Violation Of Section 20(a) Of The Exchange Act Against the Individual Defendants

12 13 247. Plaintiffs repeat and reallege each and every allegation contained above as if 14 I set forth herein. 15 248. The Individual Defendants acted as controlling persons of FireEye within the

16 meaning of Section 20(a) of the Exchange Act as alleged herein. By virtue of their high-leve

17 positions, and their ownership and contractual rights, participation in and/or awareness of 18 Company’s core operations and/or intimate knowledge of the false statements filed by 19 Company with the SEC and otherwise disseminated to the investing public, the Individ 20 Defendants had the power to influence and control and did influence and control, directly 21 indirectly, the decision-making of the Company, including the content and dissemination of

22 various statements which Plaintiffs contend are false and misleading. The Individual Defenda

23 were provided with or had unlimited access to copies of the Company’s reports, press relea

24 public filings and other statements regarding the Mandiant integration and FireEye’s prod

25 sales and product revenue prior to and/or shortly after these statements were issued and had

26 ability to prevent the issuance of the statements or cause the statements to be corrected. 27 249. In particular, each of the Individual Defendants had direct and supervi 28 involvement in the day-to-day operations of the Company and, therefore, is presumed to h

OLIDATED AMENDED CLASS ACTION COMPLAINT 76 NO. 5:14- CV-05204-EJD Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 80 of 84

1 had the power to control or influence the particular transactions giving rise to the 2 I violations as alleged herein, and exercised the same. 3 250. As set forth above, FireEye violated Section 10(b) and Rule 10b-5 by its acts a

4 omissions as alleged in this Complaint. By virtue of their positions as controlling persons,

5 Individual Defendants are liable pursuant to Section 20(a) of the Exchange Act as cont 6 persons of FireEye, the primary violator. As a direct and proximate result of the Individ 7 Defendants’ wrongful conduct, Plaintiffs and other members of the Class suffered damages 8 connection with their purchases of the Company’s securities during the Class Period. 9 WHEREFORE, Plaintiffs pray for relief and judgment, as follows:

10 (a) Determining that this action is a proper class action and certifying 11 Boston and Fadia as class representatives under Rule 23 of the Federal Rules of Civil Pro

12 and Labaton Sucharow LLP and Glancy Prongay & Murray LLP as co-Lead Counsel;

13 (b) Awarding compensatory damages in favor of Plaintiffs and the other Clas

14 members against all Defendants, jointly and severally, for all damages sustained as a result o 15 Defendants’ wrongdoing, in an amount to be proven at trial, including interest thereon;

16 (c) Awarding Plaintiffs and the Class their reasonable costs and expense 17 incurred in this action, including counsel fees and expert fees; and

18 (d) Such other and further relief as the Court may deem just and proper. 19 JURY TRIAL DEMANDED 20 Plaintiffs hereby demand a trial by jury.

22 I Dated: June 29, 2015 Respectfully submitted,

23 LABATON SUCHAROW LLP

24 By: s/ Jonathan Gardner 25 Jonathan Gardner (pro hac vice) Angelina Nguyen (pro hac vice) 26 140 Broadway New York, New York 10005 27 Telephone: (212) 907-0700 Facsimile: (212) 818-0477

OLIDATED AMENDED CLASS ACTION COMPLAINT 77 NO. 5:14- CV-05204-EJD Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 81 of 84

1 Attorneys for Plaintiff State-Boston Retirement System and 2 Co-Lead Counsel for the Class

3 GLANCY PRONGAY & MURRAY LLP Lionel Z. Glancy (#134180) 4 Ex Kano S. Sams II (#192936)

5 Robert V. Prongay (#270796) 1925 Century Park East, Suite 2100 6 Los Angeles, California 90067 Telephone: (310) 201-9150 7 Facsimile: (310) 201-9160

8 Attorneys for Plaintiff Vijay Fadia

9 and Co-Lead Counsel for the Class

OLIDATED AMENDED CLASS ACTION COMPLAINT 78 NO. 5:14- CV-05204-EJD Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 82 of 84

1 CERTIFICATE OF SERVICE

2 I hereby certify that on June 29, 2015, I authorized the electronic filing of the forego

3 with the Clerk of the Court using the CM/ECF system which will send notification of such fi

4 to the e-mail addresses denoted on the attached Electronic Mail Notice List, and I hereby cer

5 that I caused to be mailed the foregoing document or paper via the United States Postal Serv

6 to the non- CM/ECF participants indicated on the attached Manual Notice List.

7 I certify under penalty of perjury under the laws of the United States of America that

8 foregoing is true and correct. Executed on June 29, 2015.

9 s/ Jonathan Gardner Jonathan Gardner 10 LABATON SUCHAROW LLP 140 Broadway 11 New York, New York 10005 Telephone: (212) 907-0700 12 Fax: (212) 818-0477

13 E-mail: [email protected]

CERTIFICATE OF SERVICE CASE NO. 5:14- CV-05204-EJD Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 83 of 84

1 Mailing Information for a Case 5:14-cv-05204-EJD

2 John E Collins v. FireEye, Inc. et al 3 Electronic Mail Notice List 4 The following are those who are currently on the list to receive e-mail notices for this case.

5 • Boris Feldman 6 [email protected]

7 • Jonathan Gardner 8 [email protected],[email protected],[email protected], 9 [email protected],[email protected],[email protected], 10 [email protected]

11 • John Jasnoch 12 [email protected],[email protected]

13 • Nicole Catherine Lavallee

14 [email protected],[email protected]

15 • Marisa C. Livesay 16 [email protected],[email protected]

17 • Angelina Nguyen 18 [email protected]

19 • Robert Vincent Prongay 20 [email protected] ,[email protected],[email protected], 21 [email protected]

22 • Rachele R. Rickert 23 [email protected],[email protected],[email protected]

24 • Laurence M. Rosen 25 [email protected],[email protected]

26 • Ignacio Evaristo Salceda 27 [email protected],[email protected]

IFICATE OF SERVICE NO. 5:14- CV-05204-EJD Case 5:14-cv-05204-EJD Document 72 Filed 06/29/15 Page 84 of 84

1 • Ex Kano S. Sams , II 2 [email protected] 3 • Shimon Yiftach 4 [email protected]

5 Manual Notice List

6 The following is the list of attorneys who are not on the list to receive e-mail notices for this c 7 (who therefore require manual noticing). You may wish to use your mouse to select and copy

8 this list into your word processing program in order to create notices or labels for these

9 recipients. 10 ~ (No manual recipients)

IFICATE OF SERVICE NO. 5:14- CV-05204-EJD