2015 ANNUAL REPORT THE FIREEYE THREAT MANAGEMENT PLATFORM | | | | FIED CONSO| | | NI LE | U | | | | S E | E C E D | C I R ET | PA E | U E C V R T | P R R A | D N I HINE D T E | N AC INT | A M E EE L P IR Y Y S F E S R | | S E A A E V A D | S E V | S S N T L E I S S E A R N T | I T | S G A A A I N A I H D R T N | M Y A I | S Y I M T NT IC E T E V | L | I R | R | V U | I A | C C N D | N A | L O E E YZE ESP | AND R | S | | | | | | | O | | R | N CHESTRATIO As attacks change, defense measures must evolve. At FireEye we believe that next-generation security architectures need to be adaptive and nimble to have true long-term relevance. To achieve this, we’ve combined state-of-the-art products, highly skilled security experts and real-time threat intelligence in a comprehensive threat management platform that extends from the endpoint to the network perimeter and into the cloud. The foundation of our platform is an intelligent core that combines FireEye’s patented virtual machine-based detection and analytics technology with Mandiant’s deep incident-derived insights and iSIGHT Partners’ vast threat intelligence gleaned from worldwide tracking of over 16,000 adversaries. Together, these capabilities provide early visibility into new threats and allow organizations to reduce risk across the entire attack lifecycle. FIREEYE AS MOBILE NETWORK MANAGEMENT AND A SERVICE Identify, analyze and Combat web-based ORCHESTRATION Around the clock Correlate, analyze and block mobile attacks cyber attacks technology, intelligence automate organization-wide and expertise ENDPOINT MANDIANT FORENSICS EMAIL Detect, analyze and Actionable intelligence CONSULTING Identify, analyze and resolve incidents on to improve incident Empowering organizations block email attacks the endpoint response to protect their assets ANALYTICS THREAT CONTENT FUEL PARTNER Identify threats and INTELLIGENCE Combat malware in PROGRAM Closing the gaps in today’s improve response in Intelligence to identify, block data centers and file security challenges real time and respond to attacks servers TO OUR STOCKHOLDERS: BY MANY MEASURES, 2015 WAS AN IMPRESSIVE YEAR FOR FIREEYE. WE DELIVERED STRONG PERFORMANCE IN OUR MOST IMPORTANT OPERATING METRICS, RELEASED POWERFUL ENHANCEMENTS TO OUR ADVANCED THREAT MANAGEMENT PLATFORM, AND EXPANDED OUR REACH WITH NEW STRATEGIC PARTNERS. For the year, revenue grew 46 percent, billings1 were up 35 percent, and cash flow from operations increased to positive $37 million from negative $131 million in 2014. Important key metrics, such as new customer additions, transactions greater than $1 million, and multi-product adoption, demonstrated continued gains across the platform and around the globe. We delivered these results while continuing to build out our global infrastructure and developing a pipeline of innovative cloud-based and cloud-enabled solutions that we plan to launch in the year ahead.2 To best understand what we’re building toward, it’s important to recognize the fundamental changes underway in the security market. 1 Billings are a non-GAAP metric mathematically equivalent to revenue plus the change in deferred revenue. A reconciliation of billings to revenue can be found in the table at the end of this publication. FireEye | 2015 ANNUAL REPORT 1 2 Cautionary statement regarding forward-looking statements in this letter can be found on page 4. Four significant trends continue to increase the complexity of the cyber security problem and create opportunity for disruption: Q First, attacks are escalating as the number of sophisticated attackers increases and the attack surface expands with the interconnection of everything from computers to mobile to Internet of Things devices. Q Second, management of the security environment is becoming increasingly difficult as the number of vendors and feature-specific products multiplies. Q Third, cyber security and physical security are converging as the networks that control critical infrastructure come under attack. Q And finally, the transition to “as a service” cloud and hybrid IT architectures is accelerating, shifting the focus from securing the network perimeter to protecting valuable digital assets on the endpoint and in the cloud. FireEye is well positioned to benefit from these trends. History has shown that technology alone cannot solve the problem. While machine learning, big data, analytics, and behavioral analysis are important, it is only through the combination of human intelligence and machine-based intelligence that these highly sophisticated and complex problems will be addressed. Through internal development and strategic acquisition, we have built a scalable threat management platform that can be delivered either on-premise, in the cloud or as a service. The breadth and sophistication of our intelligence-led platform, combined with flexible delivery options, enables us to reduce the risk, mask the complexity and lower the total cost of cyber security for our customers. The market opportunity is significant – Gartner estimates that security spending will grow to more than $100 billion annually by 2019 from $68 billion in 2014. Security services are expected to account for two-thirds of this spending, with security outsourcing representing the fastest growing segment.3 FireEye as a Ser- vice (FaaS), our disruptive investigation and response subscription service, uniquely addresses this opportunity. Over the past two years, we’ve built FaaS into an around- the-clock, around-the-world service capability, delivered from seven advanced threat response centers on four continents. By the end of 2015, we had successfully scaled FireEye as a Service into a global business with hundreds of customers worldwide. The shift to “as a service” delivery of our technology, intelligence and expertise is paralleled by a transition in our financial model. Growing customers’ preference for our cloud-based solutions and FireEye as a Service means that recurring product subscriptions are the fastest growing segment of our business. With our industry 3 Gartner Forecast: Information Security, Worldwide, 2013-2019, 4Q15 Update 2 FireEye | 2015 ANNUAL REPORT leading customer satisfaction scores, high customer retention, and 2015 BILLINGS1 BY CATEGORY subscription renewal rates above 90 percent, this transition to recurring subscriptions has positive implications for our long term business. Professional Services 15% Product At the same time, we have continued to invest resources in the 27% detection, prevention and automation technologies that differentiate our solutions and allow us to deliver FireEye as a Service in a cost Support & effective, margin accretive manner. In the fourth quarter of 2015 Maintenance $797 17% million we released the next generation of our MVX engine with dramatic improvements in detection capacity and analysis speeds. The new MVX architecture also enables the virtual appliances and cloud-based solutions which expand our addressable market to include millions of remote offices and smaller customers. We made equally significant Product Subscription enhancements to our endpoint, forensics and analytics solutions, and 41% completed the work necessary to internationalize our platform. 2015 REVENUE BY REGION In the first quarter of 2016, we completed the strategic acquisitions Rest of World of iSIGHT Partners, a leader in threat intelligence, and Invotas, an Asia- 5% innovator in security orchestration and automation. These acquisitions Pacific 12% add new intelligence and functionality across our platform of products and services, helping us reduce our customers’ cyber risk and lower the total cost of ownership. Earlier this year we also EMEA added strategic partners and launched new services that will play an $623 13% million important role in extending our platform to the networks that control critical infrastructure. U.S. 70% In closing, I believe we have an extraordinary opportunity to redefine our industry. Our mission to reduce the impact of cyber attacks for our customers drives our strategy, our growth, and ultimately, our shareholder value. We know there is still much hard work to be done, HEADCOUNT BY FUNCTION but when I pause to reflect on how far we’ve come over the past few Consulting & Research & years and how much further we can go, I couldn’t be more excited and Support Development optimistic. 26% 27% On behalf of the FireEye management team and board of directors, * I thank you for your support. 3,100 Admin Sincerely, 10% Sales & Marketing 37% David G. DeWalt Chairman of the Board and Chief Executive Officer * As of 12/31/15. rounded to the nearest hundred. FireEye | 2015 ANNUAL REPORT 3 SELECTED FINANCIAL DATA Balance sheet metrics for year-end 2013 include the net assets, deferred revenue, cash and cash equivalents, and stockholders’ equity of Mandiant, which FireEye acquired on 12/30/13. Dollars in thousands 2011 2012 2013 2014 2015 Revenue $33,658 $83,316 $161,552 $425,662 $622,967 Deferred revenue $30,102 $76,406 $187,514 $352,543 $526,998 Cash and cash equivalents and short term investments $10,676 $60,200 $173,918 $402,208 $1,169,877 Cash flow from operations $5,111 $21,500 ($69,762) ($131,270) $37,015 Total assets $35,646 $125,273 $1,376,313 $1,758,881 $2,441,473 Total stockholders’ equity $(14,651) $5,390 $1,048,102 $1,250,828 $1,044,372 4,400 $623 CUSTOMERS* REVENUE DEFERRED $527 (millions) REVENUE (millions) 3,100 $426 $353 2,000 $162 $188 900 $83 500 $76 $34 $30 ‘11 ‘12 ‘13 ‘14 ‘15 ‘11 ‘12 ‘13 ‘14 ‘15 ‘11 ‘12 ‘13 ‘14 ‘15 * As of 12/31. Rounded to nearest hundred. FORWARD-LOOKING STATEMENTS The letter to stockholders contains forward-looking statements, including statements related to expectations and beliefs regarding expected growth, product releases and the security market. These forward-looking statements involve risks and uncertainties, as well as assumptions which, if they do not fully materialize or prove incorrect, could cause our results to differ materially from those expressed or implied by such orward-lookingf statements.