Document
Table of Contents


 
UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549
———————————————
FORM 10-K
———————————————
(Mark One)
x
ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
For the fiscal year ended December 31, 2017
or
¨
TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
For the transition period from __________ to __________             
Commission File Number 001-38253
FORESCOUT TECHNOLOGIES, INC.
(Exact name of registrant as specified in its charter)
———————————————
Delaware
51-0406800
State or other jurisdiction of
incorporation or organization
(I.R.S. Employer
Identification No.)
190 West Tasman Drive
San Jose, California 95134
(Address of principal executive offices, including zip code)
(408) 213-3191
(Registrants telephone number, including area code)
Securities registered pursuant to Section 12(b) of the Act:
Title of each class
 
Name of each exchange on which registered
Common Stock, par value $0.001 per share
 
The NASDAQ Global Market
Securities registered pursuant to Section 12(g) of the Act:
None
Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act. Yes  ¨    No  x
 
Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or Section 15(d) of the Act. Yes  ¨    No  x

Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days.    Yes  x    No  ¨

Indicate by check mark whether the registrant has submitted electronically and posted on its corporate Web site, if any, every Interactive Data File required to be submitted and posted pursuant to Rule 405 of Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit and post such files).    Yes  x    No  ¨

Indicate by check mark if disclosure of delinquent filers pursuant to Item 405 of Regulation S-K (§229.405 of this chapter) is not contained herein, and will not be contained, to the best of registrant’s knowledge, in definitive proxy or information statements incorporated by reference in Part III of this Form 10-K or any amendment to this Form 10-K. x


Table of Contents


Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, a smaller reporting company, or an emerging growth company. See the definitions of “large accelerated filer,” “accelerated filer,” “smaller reporting company,” and “emerging growth company” in Rule 12b-2 of the Exchange Act.
Large accelerated filer
¨
 
Accelerated filer
¨
Non-accelerated filer
x
(Do not check if a smaller reporting company)
Smaller reporting company
¨
 
 
 
Emerging growth company
x

If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. x

Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Act).    Yes  ¨    No  x
 
The aggregate market value of voting stock held by non-affiliates of the registrant, based on the closing price of a share of the registrant’s common stock on December 29, 2017, as reported by The NASDAQ Global Market on such date was approximately $493,541,535. The registrant has elected to use December 29, 2017, which was the last business day of the registrant’s most recently completed fiscal year, as the calculation date because on June 29, 2017 (the last business day of the registrant’s most recently completed second fiscal quarter), the registrant was a privately-held company. Shares of common stock held by each executive officer, director, and holder of 5% or more of the outstanding common stock have been excluded in that such persons may be deemed to be affiliates. This determination of affiliate status is not necessarily a conclusive determination for other purposes.

On February 19, 2018, 38,367,757 shares of the registrant’s common stock, $0.001 par value, were outstanding.

DOCUMENTS INCORPORATED BY REFERENCE

Portions of the information called for by Part III of this Annual Report on Form 10-K are hereby incorporated by reference where indicated from the definitive proxy statement for the registrant’s annual meeting of stockholders, which will be filed with the Securities and Exchange Commission not later than 120 days after the registrant’s fiscal year ended December 31, 2017.




FORESCOUT TECHNOLOGIES, INC.
ANNUAL REPORT ON FORM 10-K
FOR THE YEAR ENDED DECEMBER 31, 2017



TABLE OF CONTENTS
 
 
 
 
 
 
 
 
 
Page
 
 
 
 
 
 
Item 1.
Item 1A.
Item 1B.
Item 2.
Item 3.
Item 4.
 
 
 
 
 
Item 5.
Item 6.
Item 7.
Item 7A.
Item 8.
Item 9.
Item 9A.
Item 9B.
 
 
 
 
 
Item 10.
Item 11.
Item 12.
Item 13.
Item 14.
 
 
 
 
 
Item 15.
Item 16.
 
 


3

Table of Contents


SPECIAL NOTE REGARDING FORWARD-LOOKING STATEMENTS
This Annual Report on Form 10-K contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities and Exchange Act of 1934, as amended, which statements involve substantial risks and uncertainties. Forward-looking statements generally relate to future events or our future financial or operating performance. In some cases, you can identify forward-looking statements because they contain words such as “may,” “will,” “should,” “expects,” “plans,” “anticipates,” “could,” “intends,” “target,” “projects,” “contemplates,” “believes,” “estimates,” “predicts,” “potential” or “continue” or the negative of these words or other similar terms or expressions that concern our expectations, strategy, plans or intentions. Forward-looking statements contained in this Annual Report on Form 10-K include, but are not limited to, statements about:
the evolution of the cyberthreat landscape facing enterprises in the United States and other countries;
developments and trends in the domestic and international markets for network security products and related services;
our expectations regarding the size of our target market;
our ability to educate prospective end-customers about our technical capabilities and the use and benefits of our products and to achieve increased market acceptance of our solution;
our beliefs and objectives regarding our prospects and our future results of operations and financial condition;
the effects of increased competition in our target markets and our ability to compete effectively;
our business plan and our ability to manage our growth effectively;
our expectations concerning the productivity of our expanding sales force as our sales representatives become more seasoned;
our growth strategy to maintain and extend our technology leadership, expand and diversify our end-customer base, deepen our existing end-customer relationships, and attract and retain highly skilled security professionals;
our ability to enhance our existing products and technologies and develop or acquire new products and technologies;
our plans to attract new end-customers, retain existing end-customers, and increase our annual revenue;
our expectations concerning renewal rates for services and maintenance by existing end-customers and growth of our recurring revenue retention;
our expectations regarding our relationships with third parties, including further development of our relationships with our manufacturer, value-added resellers and channel partners, alliance partners, and our technology and distribution partners;
our plans to expand our international operations;
our expectations regarding future acquisitions of, or investments in, complementary companies, services, or technologies;
our ability to continue to generate a significant portion of our revenue from public sector customers;
the effects on our business of evolving information security and data privacy laws and regulations, government export or import controls and any failure to comply with the U.S. Foreign Corrupt Practices Act and similar laws;
our ability to maintain, protect, and enhance our brand and intellectual property;

4

Table of Contents


fluctuations in our results of operations and other operating measures;
our expectations regarding changes in our cost of revenue, gross margins, and operating costs and expenses;
our expectations regarding the portions of our revenue represented by product revenue and maintenance and professional services revenue;
our expectations concerning the impact on our results of operations of development of our distribution programs and sales through our channel partners;
the impact on our revenue, gross margin, and profitability of future investments in the enhancement of ForeScout CounterACT, ForeScout Enterprise Manager, and ForeScout Extended Modules and expansion of our sales and marketing programs;
sufficiency of our existing liquidity sources to meet our cash needs; and
our potential use of foreign exchange forward contracts to hedge our foreign currency risk.
We caution you that the foregoing list may not contain all of the forward-looking statements made in this Annual Report on Form 10-K.
You should not rely upon forward-looking statements as predictions of future events. We have based the forward-looking statements contained in this Annual Report on Form 10-K primarily on our current expectations and projections about future events and trends that we believe may affect our business, financial condition, operating results, cash flows, or prospects. The outcome of the events described in these forward-looking statements is subject to risks, uncertainties, and other factors described in the section titled “Risk Factors” and elsewhere in this Annual Report on Form 10-K. Moreover, we operate in a very competitive and rapidly changing environment. New risks and uncertainties emerge from time to time and it is not possible for us to predict all risks and uncertainties that could have an impact on the forward-looking statements contained in this Annual Report on Form 10-K. We cannot assure you that the results, events, and circumstances reflected in the forward-looking statements will be achieved or occur, and actual results, events or circumstances could differ materially from those described in the forward-looking statements.
The forward-looking statements made in this Annual Report on Form 10-K relate only to events as of the date on which the statements are made. We undertake no obligation to update any forward-looking statements made in this Annual Report on Form 10-K to reflect events or circumstances after the date of this Annual Report on Form 10-K or to reflect new information or the occurrence of unanticipated events, except as required by law. We may not actually achieve the plans, intentions or expectations disclosed in our forward-looking statements and you should not place undue reliance on our forward-looking statements. Our forward-looking statements do not reflect the potential impact of any future acquisitions, mergers, dispositions, joint ventures, or investments we may make.
You should read this Annual Report on Form 10-K and the documents that we reference in this Annual Report on Form 10-K and have filed with the Securities and Exchange Commission as exhibits to this Annual Report on Form 10-K with the understanding that our actual future results, levels of activity, performance, and events and circumstances may be materially different from what we expect.

5

Table of Contents


PART I
ITEM 1. BUSINESS
Overview
We transform security through visibility. We have pioneered an agentless approach to network security to protect organizations against the emerging threats that exploit the billions of Internet of Things, or IoT, devices connected to organizations’ networks. Over 28 billion devices will be connected to the internet by the year 2020, according to ABI Research, and a growing percentage of them will be used for business purposes through Bring Your Own Device, or BYOD, and Enterprise IoT initiatives. According to the 2017 Strategic Roadmap for IoT Network Technology by Gartner, Inc., or Gartner, (January 2017), 63 million IoT devices will be attempting to connect to the enterprise network each second by 2020. While IoT brings tremendous value to an organization, the traditional approach of relying on a corporate-installed software agent to secure a device has significant limitations in today’s world. Organizations cannot effectively deploy agents on non-corporate-issued devices and many Enterprise IoT devices are developed using a wide variety of platforms and operating systems that cannot support agents. As the volume and variety of devices increases, organizations’ abilities to manage devices decreases, creating a major gap in visibility.
The threat landscape is rapidly evolving, and attackers are now leveraging the gap in device visibility to gain access to organizations. New attacks are stealthy, targeted, and pervasive and can target known and unknown software vulnerabilities that can persist undetected inside a network for months. As organizations invest billions of dollars to protect their traditional devices—personal computers, servers, and mobile systems—attackers are shifting their focus to the less secure BYOD and IoT devices, which have exponentially increased the attack surface within organizations. Attackers use these unsecured devices and a lack of IT control to enter a network and traverse through systems, gathering information before executing an attack. The response to such attacks is often both uncoordinated and manual because existing security systems operate in silos and security teams often lack the ability to share information and coordinate an attack response.
Organizations need a new approach to security that gives them the ability to see and control the devices connected to their networks. Over the past ten years, ForeScout has developed proprietary agentless technology that discovers and classifies IP-based devices in real time as they connect to the network and continuously monitors and assesses their security posture. Our solution supports heterogeneous wired and wireless networks, as well as both virtual and cloud infrastructures, while scaling to meet the needs of globally distributed organizations. We have built an extensive repository of policies that control how devices are expected to behave on the network. When a device deviates from a policy, we can immediately take action. Additionally, we offer more than 70 bi-directional workflow integrations with third-party systems that allow us to share contextual data on devices, enforce access policies, and automate security responses.
Our solution is sold as either a physical or virtual appliance through a perpetual software license, with each appliance designed to manage a certain number of connected devices within an organization. As the number of devices in the organization increases, customers purchase additional appliances. We recently started offering, in limited quantities to a small number of large enterprises, CounterACT and Enterprise Manager together as a software-only license, or Enterprise License Software. Our Enterprise License Software is either sold with separate hardware or without hardware, depending on the end-customer’s selection. End-customers typically initially deploy our solution across a region or across their wired or wireless network, then expand their usage to cover additional regions and networks. After customers achieve enhanced visibility and control of their devices, they can deploy new use cases that leverage third-party integrations licensed as add-on modules. Increasingly, we are seeing larger initial roll outs as customers recognize their significant visibility gaps and our ease of deployment. We had 48 annual end-customer deals over $1.0 million in fiscal 2017 as compared to 26 and 28 annual end-customer deals over $1.0 million in fiscal 2015 and 2016, respectively.
We sell into all industries and into organizations of all sizes, with a focus on those that are highly regulated or with a large footprint of transient devices. Our largest industries include financial services, healthcare, government agencies, high tech, and manufacturing. We target the largest accounts in each industry first to establish reference accounts for that sector. As of December 31, 2017, we have sold to over 2,700 end-customers in over 80 countries, including 18% of the Global 2000, since our inception, with more than 52 million devices under management. We utilize a high-touch direct sales force with deep security expertise and strong industry relationships. We are one of the only security providers in our market that is not part of a larger networking organization. This allows our sales representatives to solely focus on selling the value proposition of visibility and control. We sell our products predominantly through a network of value added resellers and systems integrators that provide a broad reach into various segments of the market across geographies.

6

Table of Contents


We have experienced rapid growth in recent periods. For the years ended December 31, 2015, 2016, and 2017, our revenue was $126.0 million, $166.8 million, and $220.9 million, respectively, representing year-over-year growth of 32% and 32%, respectively. For the years ended December 31, 2015, 2016, and 2017, our net loss was $27.3 million, $74.8 million, and $91.2 million respectively.
Industry Background
Enterprises lack full visibility into devices connected to their networks
Increase in the number and diversity of devices
An increasing number and variety of devices are entering and connecting to enterprise networks every day that are not manageable by IT departments. These devices include employee BYOD, such as smartphones, laptops, and tablets that are not owned by organizations, non-employee BYOD, such as devices owned by third-party contractors and others doing business within enterprises, and an increasing number of IoT devices used for corporate purposes, including point-of-sale machines, heating and air conditioning systems, printers, security cameras, and medical devices. While once a small percentage of the IT landscape, we believe that as of December 31, 2017, these types of devices can account for up to 75% of devices connected to an organization’s network. Historically, enterprises have been able to install an agent, or small piece of software, onto a corporate-managed device to secure and manage the device, and to gather characteristics about the device when it connects to a network. By integrating with an agent, organizations have been able to make a determination as to whether or not to allow a device onto a network. However, as corporate-managed devices become a smaller percentage of the total population and as BYOD and IoT become a larger percentage of the total population, this agent-based approach no longer works. IT departments cannot force users to install agents on BYOD devices and many IoT devices do not have the ability to install agents.
Increase in operating system diversity and standards
The increase in volume and diversity of connected devices has coincided with the rapid growth of new operating systems running on these devices. Traditional corporate devices typically run on open standard operating systems such as Windows, Linux, iOS, and Android. For decades, agent-based systems have worked with standard operating systems because there were few options available and it was possible to create different versions of software for each operating system. However, new device types are increasingly developed with specialized operating systems specific to each device and closed to integrations, which can lead to a vast number of operating systems in the market. This trend has made it technically unfeasible and impractical to build different versions of agent-based software for each new operating system in the market. The diversity of operating systems further complicates the management of new devices by IT departments.
Pace of new technology adoption
The fast pace of new technology adoption further complicates the visibility and manageability problem. Technology is refreshed continuously and employees expect to use new technology and have real-time access to systems, regardless of the device they are using. IT departments cannot test new technologies fast enough to keep up with the pace of change, and the default action is often to allow devices onto the network, without a consistent security policy. As more unsecured devices are allowed onto the network, the surface area of attack grows.
Adoption of cloud technologies has resulted in more complex IT environments further reducing visibility
Enterprise networks are undergoing significant change, contributing to the lack of visibility and control over IT assets. The disappearing enterprise perimeter, increase in virtualization technology and movement of workloads to the public cloud have resulted in decentralized management of IT assets as more people have direct access to virtual and cloud-based resources. The rapid adoption of cloud service providers, such as Amazon Web Services, Google Cloud, and Microsoft Azure, for applications and computing has changed the data center from a fairly static and controlled environment to a more dynamic and de-centralized environment. With increasing frequency, organizations are accessing devices in the cloud, including physical and virtual servers, and users are connecting to cloud-based environments from disparate locations. Unlike on-premise data centers which can favor infrastructure from a single vendor, cloud environments are heterogeneous, integrating a wide variety of system types and vendors. Device visibility and control needs to apply to all devices, no matter where they are located, and be able to integrate into a heterogeneous network and computing environment.

7

Table of Contents


Convergence of IT and OT expands the attack surface
Companies run their physical operations in their operational networks. Devices on those networks include SCADA devices and industrial control systems that you typically find in dams, bridges, oil and gas pipelines, manufacturing assembly lines and much of U.S. critical infrastructure. Given the criticality of these devices, they seldom can be taken offline for maintenance or patching, and agents are often impossible to install. This leaves them vulnerable to cyberattacks.
To protect themselves, companies have ‘air-gapped’ these networks by isolating them from external systems. However, as the Industrial IoT revolution is taking place, organizations have a need to connect these devices to the rest of their IT network and the cloud in order to monitor and improve business performance. As they connect these networks to the outside world, organizations are realizing they do not understand what they have connected, undermining the security of these networks and greatly increasing the risks they face.
Existing security solutions operate in silos
The average enterprise uses 75 distinct security products, according to public statements by a representative of Symantec Corporation. These solutions can be effective at determining what is good and bad based on their own intelligence and preventing an attack if it falls within the scope of their specific capability. However, point solutions generally have limited ability to leverage information generated by other solutions in order to gain a better understanding of a potential threat or coordinate a multi-system response to a threat.
Many security solutions generate alerts when they sense an attack, triggering human involvement by security teams to review alert data and determine the best course of action based on judgment. These security solutions often generate false positives and a high volume of alerts, which can result in no response, or a manual and slow response, as IT teams must gather data from multiple systems to piece together a storyline and make a determination about how to respond. In many cases, gaps in the manual review process can result in alerts not being properly investigated and followed through to completion. Human-based processes face significant challenges scaling to meet the demands of an increasingly complex and dynamic security environment.
More cyberattacks are entering organizations by leveraging gaps in network visibility and vendor silos
The significant increase in undetected and unmanaged devices on a network has increased the surface area of attack for enterprises as cybercriminals target less secure devices with the same access levels as corporate-managed devices (i.e., desktops and corporate laptops). Today, organizations face adversaries that are more sophisticated and keenly aware of safeguards designed to defend networks from malicious threats. These adversaries seek to exploit areas of vulnerability where threats can enter undetected and remain within a network for an extended period of time before executing an attack. Once in, hackers can move laterally, communicating across a distributed network and infiltrating a wide range of devices with malicious malware. Examples of recent cyberattacks illustrating these trends include:
NotPetya (IT ransomware disrupts OT systems)June 2017: The ransomware was designed to exploit a vulnerability in MS Windows.  While an earlier variant called WannaCry primarily impacted IT systems throughout the world, the NotPetya attack infiltrated OT networks, crippling supply chains in manufacturing, transportation, utilities and other industries.
FedEx delivery in Europe interrupted
Maersk lost $300 million because they couldn’t remove cargo from their ships
Reckitt Benckiser, a British consumer company, suffered production disruptions with an estimated $135 million in lost revenue
Mondelez, a multinational confectionery, food and beverage company, (Cadbury, Nabisco) incurred a loss of three percentage points from its second-quarter sales growth
Renault and Nissan had to shut down auto manufacturing plants

8

Table of Contents


The Chernobyl Nuclear Power Plant had to disconnect Microsoft Windows systems and manually conducted radiation monitoring
Ukraine’s national bank, state power company and largest airport all saw their networks crash. “The official site of the airport and the scoreboard with the schedule of flights aren't working!” Boryspil International Airport Acting Director Pavel Ryabikin wrote on Facebook. ATMs and supermarket tills were also left inoperable, flashing a message left by the hackers
Merck experienced $300 million in lost revenues and had to adjust financial guidance to the SEC
Equifax, Inc. (unauthorized entry)March-July 2017: Hackers gained access to the data of credit reporting agency Equifax because an individual in Equifax’s technology department had failed to heed security warnings and did not ensure the implementation of software fixes that could have prevented the breach. By taking advantage of the security lapse, hackers compromised the personal data of over 143 million people.
Dyn, Inc. (DDoS attack using IoT)—October 2016: Hackers executed a massive Distributed Denial of Service, or DDoS, attack on Dyn, a company used to provide core internet services to a number of web-based businesses including Amazon, Twitter, Netflix, Spotify, Airbnb, and the New York Times, among many others. Using approximately 100,000 IoT devices such as security cameras, printers, cell phones, and DVRs, hackers were able to direct an overwhelming amount of traffic at Dyn servers, overloading the servers and taking down the services reliant upon Dyn. Critical business applications were unavailable for hours, affecting thousands of businesses. Since then, the same Mirai Botnet used in the Dyn attack has been used to perpetuate several other IoT-led DDoS attacks.
Addressing the device visibility problem is one of the next major enterprise priorities in the evolution of the security industry
Over time, the evolution of new threat vectors has resulted in the introduction of new markets in security and caused a major change in cybersecurity spend.
In the 1990s, the transition from mainframe to client-server architecture, in conjunction with the introduction of the Windows OS, led to the proliferation of new viruses that would infiltrate computer systems and spread throughout a network. The anti-virus market developed in response to these threats, protecting predominantly Windows PCs with signature-based defense. According to IDC, this market grew to $4.2 billion in 2015.
In the mid-2000s, more prevalent instances of data exfiltration from organizations by company insiders and Nation States led to significant new spend on data loss prevention and encryption software to prevent data breaches.
In the 2010s, the onset of more sophisticated and zero-day attacks directed at specific companies led to a shift in security spend. The attack on Sony Pictures Entertainment, believed to be by North Korea to prevent the release of the film “The Interview,” is an example of such an advanced threat. New industry-wide spending related to advanced and persistent threats and endpoint detection and response emerged to combat these new and more damaging threats.
Today, the lack of visibility caused by the proliferation of new devices and operating systems has created the need for a new control point in security. The number of IP-based devices is rising at the same time manageability of those devices is declining. The gap demonstrates increasing vulnerability and a widening surface area of attack. We believe solving the visibility problem will become the first and most important line of defense in preventing previously undetected attacks.
Traditional NAC technology has significant limitations
The Network Access Control, or NAC, market began in 2003 as a means to drive the sales of network infrastructure products. The core technology and functionality of traditional NAC technology still exists today, but has seen limited innovation by large networking vendors since its inception and has significant limitations in today’s world.
Reliant on agents to detect devices
NAC technology relies on an 802.1x supplicant, or agent, installed on a device to allow companies to authenticate corporate-managed devices as they attempt to connect to the network. These solutions cannot detect certain devices, including BYOD and

9

Table of Contents


IoT devices, which do not have a corporate-installed agent, or run operating systems that cannot integrate with agents. To address this problem with traditional NAC technologies, enterprises have to whitelist all of the devices that cannot accept an agent, which is administratively impractical.
Limited functionality
The core functionality of a NAC solution is control, or the ability to allow or deny access to a network based on the authentication of the device at a single point in time. This “on or off” determination often does not provide organizations the flexibility to move a device to a more secure network, limit the device access to the network, or alert third-party security systems or IT administrators to a problem. Further, these systems do not continuously assess the security posture of the device after a connection is made. Because the core functionality is control, NAC does not coordinate with other third-party systems to automate a response to a threat.
Dependent on vendor-specific systems
Because the NAC market was established to drive sales of network infrastructure products, traditional NAC solutions are often dependent on vendor-specific switches and routers and are designed to only work with these systems. Organizations are then limited in their ability to adopt new technologies, or run in heterogeneous environments, such as the public cloud. Traditional vendors often bundle NAC products into a broad network solution, so they lack the ability or motivation to enable these products to work across heterogeneous environments.
Enterprises need a solution that addresses today’s network complexities and dynamic threat environment
Enterprises must address the device visibility problem and close the gap between device proliferation and device manageability. We believe that effective solutions to solve this problem require the following characteristics:
Agentless. Ability to detect a broad range of devices connecting to a network by integrating directly with network infrastructure, without relying on a corporate-installed agent.
Continuous. Ability to provide continuous visibility into connected devices after initial authentication.
Automated. Ability to immediately and automatically determine what to do with a device based on policy and behaviors.
Integrated. Ability to share and enrich data among systems to better understand the context of an environment and of device posture to automate a response.
Heterogeneous. Ability to work across multi-vendor platforms and provide the same level of visibility and control to devices on-premise, in the cloud, or in hybrid environments.
Scalable. Ability to scale within an enterprise, providing the same level of service across an environment as the number of devices grows.
Our Solution
We provide visibility and control solutions to a broad range of organizations. We have spent over a decade developing proprietary technology that allows us to discover IP-based devices as they connect to a network, classify them based on characteristics, assess their security posture based on policy and behaviors, and take action on those devices, all without the use of an agent.

10

Table of Contents


http://api.tenkwizard.com/cgi/image?quest=1&rid=23&ipage=12074827&doc=16
Key benefits of our solution include the following:
Greater visibility into devices connected to the network. Because our solution discovers the increasing proportion of IP-based devices that do not have agents, our end-customers have reported seeing up to 60% more devices on their network than previously known. We provide increased visibility into devices regardless of their physical location— on-premise, in the public cloud and in corporate data centers as well as branch offices and operational technology environments.
Continuous visibility. Our solution sees devices when they connect to the network and at all times while connected. We have the ability to detect a change in device posture, such as outdated or broken agents, as well as determine when a device is not acting the way we believe it should be based on our extensive repository of expected behaviors developed over the past 15 years.
Automated control based on policy. Once our solution discovers and classifies devices, it provides organizations a choice of what to do with these devices based on granular compliance and security policies. Organizations can set their own specific security policies upon connection. Examples of how we enforce an organization’s security policies could include the following:
Ensure latest anti-virus software is installed;
Limit third-party contractors to a section of the network that only provides access to required resources;
Update encryption software before connecting;
Block a device from the network if it fails to meet policy, such as a non-sanctioned device;
Apply device specific policy to categories of devices, such as printers; and
Immediately remove from a network if behaviors change from policy.
Once the security posture of a device is determined, we provide many options beyond allow or deny for network access, including segmenting to a more secure VLAN, alerting IT teams or third-party systems of potential threats, or quarantining devices from the network. Our solution enforces these policies automatically, without the need for human involvement.
Orchestration of actions between systems. Our solution enables third-party systems to share data to gain better context of device posture and orchestrate an automated response. We have built integrations with leading providers in the firewall, security information and event management, advanced threat detection, vulnerability assessment, endpoint protection, endpoint detection, and response markets, among others. Our technology extends the value of an organization’s existing security investments by interconnecting fragmented security tools. Examples of actions we can affect through our orchestration capabilities include:
Provide up-to-date device properties, classification, configuration and network context to ServiceNow to gain a current view of networked assets, track their movement, and remediate or retire these assets as required;
Trigger Rapid7 or Qualys to run a real-time vulnerability assessment at time of connection;

11

Table of Contents


Receive an indicator of compromise from FireEye or Palo Alto Networks and remove impacted devices from the network;
Provide Palo Alto Networks next-generation firewall, or NGFW, with device context (type, function, posture, user) to enable dynamic network segmentation; and
Share with Splunk real-time device information for accelerated incident identification and automated response.
Integrated across a heterogeneous environment. We are one of the only independent companies in our market that is not owned by a large networking company. We integrate with a diverse group of switches, routers and servers and are not constrained by a single vendor dependency. Our ability to integrate with all major network infrastructures is particularly important as workloads move to the cloud and organizations utilize heterogeneous environments serviced by many vendors. This independence allows us to be more adaptive as technologies evolve and provides end-customers with ease of implementation, freedom from vendor lock-in, and resilience to upgrade and refresh cycles.
Scalable to cover the increasing number of devices on a network. We grow as more devices come online in the enterprise. As of December 31, 2017, we had sold products with licenses covering over 52 million devices. Our high-end appliances can each manage up to 10,000 devices and we can deploy multiple appliances within a single environment. We support organizations of all sizes and scale, with our largest end-customers using us to manage over one million devices on the network. While many of our end-customers expand their initial deployment by department or use case, increasingly our end-customers are deploying initial multi-million dollar enterprise-wide deployments based on the value our appliances provide during a proof of concept.
Our Market Opportunity
According to Gartner, a total of approximately $96 billion is expected to be spent on enterprise security software and equipment in 2018; however, today’s threat landscape is evolving faster than the security market and new technologies are constantly emerging to target the new and more sophisticated and dynamic threat vectors initiated from hackers and Nation States. Organizations are adopting more technology from emerging vendors that have innovative solutions to address new forms of threats. The massive increase in BYOD and IoT devices presents a major security gap in organizations and increases their surface area of attack. Organizations have a strategic imperative to gain visibility over devices connected to their network in order to stop the proliferation of malware. We believe visibility and control solutions represent the next major control point in security, and as such, will garner a greater share of overall security spend over time as traditional defenses become less relevant in today’s dynamic threat environment.
We internally estimate that the total addressable market, or TAM, for our solution is approximately $10.8 billion for 2018. We expect our TAM to increase as the number of addressable devices is projected to nearly double over the next four years. To calculate our TAM, we first derived the total number of addressable devices within organizations worldwide based on independent third-party data, which includes global corporate-managed devices, BYOD devices, and IoT devices that would be found in an enterprise IT environment. We then excluded addressable devices that we believe are attributable to organizations that are currently outside of our core target market. For the purposes of this calculation, we define our core target market as enterprises with annual revenue greater than $500 million and government agencies. Using third-party data, we estimated the ratio of employees in organizations within our core target market to total employees in organizations worldwide. Next, we multiplied this ratio by the total number of addressable devices in organizations worldwide to estimate the total number of addressable devices in our core target market.  Finally, we multiplied the total number of addressable devices in our core target market by a conservative assumed average sales price per device.
Our Competitive Strengths
We believe we have several competitive advantages that will enable us to maintain and extend our market position as the pioneer of visibility and control solutions. Our key competitive strengths include:
Ongoing product innovation. In 2006, we made the strategic decision to develop an agentless architecture. Our core technology differentiates us in the market and positions us to capitalize on the proliferation of new device types entering the enterprise that cannot be supported by agent-based technologies. We constantly innovate on our products and have made improvements in areas such as device classification, network system integration, scalability of ForeScout

12

Table of Contents


Enterprise Manager, user interface, and high availability. In 2012, we introduced our first Extended Module, enhancing our solution by adding third-party integrations and orchestration capabilities. Our large-scale competitors still rely on agent-based solutions and lack the motivation to re-architect their solutions.
Rapid time to value. Organizations often begin realizing the benefit of our solution almost immediately after implementation as they see substantially more devices on their network than previously known. We have customers that have deployed our solution across hundreds of thousands of devices in less than 90 days. Increasingly, customers are deploying our solution more broadly after an initial proof of concept to cover wired networks (on-premise), wireless networks (remote and visitor devices), data centers, and branch offices. We can support a gradual implementation or large initial enterprise-wide deployment depending on our customer’s needs.
Broad appeal of our product across diverse customer base. We serve customers of all sizes across diverse industries and have seen particularly strong demand from customers in highly regulated industries, such as financial services, healthcare and government agencies, where the impact of an attack can be particularly severe. We also see high demand from industries with a large volume of transient devices, such as education and retail. Our customers include some of the largest enterprises in the world. As of December 31, 2017, we had sold to 18% of the Global 2000, since our inception, with more than 52 million devices under management. We are deeply integrated into our customers’ security infrastructure and have a long-term, loyal base of customers with many relationships spanning over 10 years.
Recognized market leadership. We have received multiple innovation awards from industry analysts and publications, including Frost & Sullivan, SC Magazine, Network Computing, Forbes, and CRN. In 2016, we received the JPMorgan Chase Hall of Innovation Award for Transformative Security Technology. We believe our market reputation makes us one of the most prominent vendors in an increasingly important segment in security.
Global market reach driven by direct and indirect sales strategy. We have recruited top sales talent from leading security organizations and retain the highest quality sales representatives with demonstrated success. We are one of the only vendors in our market solely focused on visibility and control and as such, our sales representatives are solely focused on selling the standalone value of our products. To many of our competitors, our category represents a relatively small portion of their overall revenue. We are also investing in our channel partners to expand our reach across organizations and geographies.
Strong leadership team of security experts. Our management team has extensive security domain expertise with a proven track record of scaling and running profitable businesses. Our Chief Executive Officer, Michael DeCesare, has over 25 years of technology industry experience, including as President of Intel Security and Executive Vice President of Worldwide Sales at McAfee. We have a deep bench of talent at the executive level, with years of industry experience at McAfee, Symantec, Tanium, and HP Enterprise Company. Our board of directors includes current and former leaders of leading public security companies including Symantec, FireEye, and McAfee.
Our Growth Strategy
We intend to execute on the following growth strategies:
Expand within our existing end-customers as more devices enter the enterprise. We expect to grow within our end-customer base as more devices come online within the enterprise. Our product revenue is directly tied to the number of licensed devices managed by our solution, therefore we sell more product as more devices come online. As of December 31, 2017, we had sold products with licenses covering over 52 million devices.
Expand within our existing end-customers as we expand to new parts of their network. End-customers often expand usage of our products as they realize the value and applicability to other areas within an organization. We expect to grow as our end-customers broaden their use of our solution across wired networks (on-premise), wireless networks (remote and visitor devices), data centers, branch offices and various geographies as well as public cloud and operational technology environments.
Grow global end-customer base. We have invested significantly, and plan to continue to invest, in our sales organization to drive new end-customer growth. Between December 31, 2014 and December 31, 2017, we have grown the number of quota-bearing sales representatives by 156% with the majority focused on the Global 2000 and government agencies.

13

Table of Contents


As of December 31, 2017, our current base of end-customers includes 18% of the Global 2000, representing a significant opportunity to expand our market reach. In the future, we also plan to increase sales to mid-size enterprises.
Increase sales of our Extended Modules. We are seeing strong demand for our Extended Modules as end-customers increasingly require coordinated information sharing and policy-based security enforcement across their networks. Our Extended Modules had an attach rate of approximately 38% for the year ended December 31, 2017, which represents the annual value of Extended Modules as a percentage of CounterACT sales on orders where both products are sold together or subsequent stand-alone Extended Module sales. As of December 31, 2017, we had a portfolio of over 20 Extended Modules. We have also established an Alliance Partner program that allows us to productize these integrations and leverage joint go-to-market efforts. Today, we have an Alliance Partnerships with CrowdStrike, CyberArk, FireEye, Fortinet, Juniper Networks, Palo Alto Networks, ServiceNow and Splunk.
Expand our presence in the market by leveraging our ecosystem of channel partners. We will continue to broaden and invest in our channel partner relationships to increase distribution of our products. We are focused on educating existing partners and investing in sales enablement to expand our market reach through our channel partner network, particularly into mid-market enterprises.
Our Products
We offer our solution across three products: (i) ForeScout CounterACT, (ii) ForeScout CounterACT Enterprise Manager, and (iii) ForeScout Extended Modules.
ForeScout CounterACT® 
CounterACT agentless technology discovers, classifies, and assesses IP-based devices. CounterACT interrogates the network infrastructure to discover devices immediately as they attempt to connect to the network. Since it does not rely on agents, our end-customers have reported seeing up to 60% more devices on their networks than previously known.
After discovering a device, CounterACT uses a combination of passive and active methods to classify the device based on its type and ownership—e.g., corporate-managed Windows, un-managed iPhone, digital security camera, or MRI device. Based on its classification, CounterACT then assesses the device security posture and allows organizations to set policies that establish the specific behavior the device is allowed to have while connected to a network.

14

Table of Contents


CounterACT collects a rich set of data for each of the devices it sees. A sample of the types of data CounterACT collects include:
http://api.tenkwizard.com/cgi/image?quest=1&rid=23&ipage=12074827&doc=17
Once CounterACT discovers a security problem on a device, its sophisticated policy manager can automatically execute a range of responses depending on the severity of the problem. Minor violations might result in a warning message sent to the end user. Employees and contractors who bring their own devices can be redirected to an automated onboarding portal. Serious violations could result in actions such as blocking or quarantining the device, reinstallation of a security agent, re-starting of an agent (such as third-party antivirus software) or process, triggering the device to retrieve an operating system patch, segmenting to a more secure VLAN, or performing other remediation actions.
The following are examples of various control actions we can take:
http://api.tenkwizard.com/cgi/image?quest=1&rid=23&ipage=12074827&doc=15

15

Table of Contents


ForeScout Extended Modules
Extended Modules expand the see and control capabilities of ForeScout CounterACT. As a result, organizations can share contextual device data with third-party systems, automate policy enforcement across disparate solutions, bridge previously siloed IT processes, accelerate system-wide responses, and rapidly mitigate risks.
Our Extended Modules represent integrations across vulnerability assessment (VA), advanced threat detection (ATD), security incidence and event management (SIEM), enterprise mobility management (EMM), endpoint protection (EPP) and endpoint detection and response (EDR), next generation firewall (NGFW), Privileged Access Management (PAM), and IT Systems Management (ITSM) vendors as well as compliance. Additionally, customers can create their own integration using our Open Integration Module (OIM).
http://api.tenkwizard.com/cgi/image?quest=1&rid=23&ipage=12074827&doc=19
_____________________
*
FireEye includes two modules: FireEye HX, FireEye NX
**
McAfee includes two modules: McAfee EPP, McAfee TIE/DxL
ForeScout CounterACT® Enterprise Manager
Enterprise Manager is our centralized security management solution for global control of all of our appliances deployed on an end-customer network. Enterprise Manager serves as a single pane of glass for every device connected to the end-customer’s network that is managed by a CounterACT appliance at any given time. It is also used to define and manage the device policies. Enterprise Manager is scalable to CounterACT deployments in networks exceeding one million devices.
Our Technology
The key technologies underlying our platform have been built from the ground up to address the visibility challenges of today. Our foundational technologies are: (i) agentless data collection, (ii) an adaptive abstraction layer, (iii) a real time and continuous policy engine, and (iv) distributed and scalable architecture. We have invested over ten years of research and development into our technology and believe it represents a significant competitive advantage for us.

16

Table of Contents


Agentless data collection. Our appliances use a combination of both active and passive methods to discover, classify and assess devices in an organization’s network. Utilizing active discovery methods, we can poll switches, VPN concentrators, and wireless controllers for a list of connected devices. Using NBT scans and NMAP, or via WMI for deeper inspection of corporate-managed devices, we can inspect workstations running Windows, Mac or Linux, without the use of agents. We also deploy passive inspection methods which allows our appliances to receive SNMP traps from switches and wireless controllers, monitor a network SPAN port to see network traffic, and leverage information such as TCP window sizes, session information, HTTP traffic, and DHCP information banners as well as NetFlow traffic data. If 802.1x is implemented, our technology can authenticate 802.1x requests to a built-in or external RADIUS server, and authorize network access. In addition, our technology can import external MAC classification data or request LDAP data. We continue to expand the methods we make available, such as the recently added Power over Ethernet (PoE).
Adaptive abstraction layer. Our abstraction layer is able to ingest billions of packets of raw data across a wide array of heterogeneous network systems. We then consolidate this data into a single pane of glass showing our end-customers a real-time depiction of the devices on their networks by type. Our solution does not require vendor-specific network equipment, upgrades of existing infrastructure, or reconfiguration of each switch and switch port to support 802.1x. As organizations adopt virtual and cloud environments, our technology has the flexibility to integrate with hypervisor technologies and cloud platforms.
The abstraction layer adapts to the IT enterprise environment and continuously enriches its information as organizations make more data available. As an example, organizations can choose to consume only NetFlow data, which is only the metadata of the actual network traffic. With this information, we can expedite detection of new devices, collect device properties such as IP address and session protocols, and understand which devices are talking to each other. If organizations choose to give our technology full access to their network traffic through a SPAN port, we can build on this and provide very granular information such as MAC address, HTTP user agent, device type, applications in use, and the ability to identify malicious traffic.
Real-time and continuous policy engine. CounterACT’s policy engine continuously checks devices against a set of policies that control how devices are expected to behave on the network. While other vendor technologies rely on periodic checks, or queries from an operator, our policy engine can do this continuously and in real-time for over one million devices. Our policies are triggered in real-time based on events occurring on a specific device. These can be network admission events, such as plugging into a switch port or change of IP address, authentication events like those received by RADIUS servers or detected by network traffic, changes in device attributes like user, opening/closing of ports, and specific traffic behavior such as how the device is communicating and what protocol it is using.
The policy engine leverages both infrastructure and host-based controls. At the network switch, our technology can change a Virtual Local Area Network, or VLAN, add an Access Control List, or ACL, or disable a switch port. At a wireless controller, we can blacklist a MAC address or change the role of a user. In addition, our technology can restrict remote VPN users. At the host, our technology can start and stop applications, update anti-virus security agents, disable peripheral devices, and request end-user acknowledgment. The policy engine applies these policies automatically regardless of a device’s location. As the device moves, the policy engine can follow it within the corporate network, cloud, or data center. We determine the type of infrastructure and, based on policy, apply the appropriate control actions.
Distributed, scalable architecture. Enterprise Manager uses distributed computing algorithms so each appliance can independently manage devices within its control. This enables organizations to expand their deployment by simply adding more appliances. Enterprise Manager virtually consolidates the device information from all appliances into a single pane of a glass view for the administrator. The algorithms allow the administrator to search for security related information such as users, processes, services across the entire deployment in real time and retrieve it in seconds.
Our Services
Maintenance and Support Services
We offer technical maintenance and support for our solution, including our Extended Modules, to our end-customers. We provide two levels of maintenance and support, including premium-level support for coverage 24 hours a day, seven days a week on a global basis. Our end-customers receive post-sale support through online portals, email and telephone, managed by a single point of contact.

17

Table of Contents


Professional Services
We offer professional services to end-customers to help them design, plan, deploy, and optimize our solution. We also provide training on CounterACT administration and emerging security best practices. We also provide professional services through our channel partners.
Our Customers
Since our inception, we have sold to over 2,700 end-customers in over 80 countries, including 18% of the Global 2000, with more than 52 million devices under management. We sell into all industries and into organizations of all sizes, including corporations and government agencies. Our end-customers generally purchase from distributors and/or VARs. For fiscal 2015, one distributor, one VAR, and one end-customer represented 14%, 11%, and 10% of our total revenue, respectively. For the year ended December 31, 2016, three distributors represented 24%, 14%, and 13% of our total revenue, respectively. For the year ended December 31, 2017, three distributors represented 30%, 21%, and 17% of our total revenue.
Customer Case Studies
The following are examples of how certain of our representative end-customers have selected, deployed, and benefited from the use of our solution.
E*Trade
Problem: E*Trade’s primary challenges revolved around visibility, specifically for a real-time asset inventory to identify devices accessing its network, while routing out rogue devices with malicious intent.
Solution and Benefits: After an evaluation period and proof of concept with three vendors, ForeScout was chosen for its ease of use and vendor agnostic design in 2014, which is ideal for E*Trade’s complex, heterogeneous network environment. Additionally, with many managed and unmanaged devices, various networking equipment, and IoT devices including printers, security cameras, badge scanners, and more, ForeScout’s agentless approach could provide E*Trade with all the visibility and control it needed to discover and classify devices across its diverse infrastructure. E*Trade initially rolled out CounterACT to deliver visibility into the devices accessing its network. In the second phase to eradicate the threat of rogue devices attempting to infiltrate the network for confidential data, E*Trade moved into asset control. Deploying ForeScout has helped E*Trade eliminate the threat of rogue devices, by identifying and then blocking their access to the network, alleviating a big gap in its security spectrum. Additionally, ForeScout has helped E*Trade realize even greater value from its existing investments with Rapid7, Inc., HP Enterprise Company’s ArcSight, and VMware, Inc.’s Airwatch by sharing information for better visibility and control using ForeScout as the real-time enforcement point.
RWJBarnabas Health
Problem: RWJBarnabas Health (RWJBarnabas) is New Jersey's largest integrated healthcare delivery system comprised of hospitals, clinics, and ambulatory centers throughout the state. RWJBarnabas needed real-time visibility to identify, classify, and control the devices that access its network. In addition, RWJBarnabas had compliance requirements, like HIPAA and HITECH, and needed to maintain a strong security posture without impeding medical care, automate endpoint policy compliance and remediation, and accommodate vendor-owned-and-managed systems. Furthermore, as RWJBarnabas continues to grow through acquisitions, it needed a way to identify, classify, and control devices so as to quickly and securely integrate acquired networks into RWJBarnabas.
Solution and Benefits: In 2015, RWJBarnabas first selected and deployed CounterACT. Leveraging CounterACT, RWJBarnabas has gained visibility and control across a diverse set of devices accessing its network, including laptops, mobile devices, medical devices, virtual machines, and more. CounterACT helps to ensure these devices meet endpoint compliance through automated remediation. And with its mergers and acquisitions activity, CounterACT provides an efficient and secure way for RWJBarnabas to classify, grant, limit, or block network access to the devices on the new entity's network while at the same time providing a comprehensive inventory of acquired IP-based device assets. Lastly, RWJBarnabas has gained additional value from its existing security tools by deploying Extended Modules to share information with its security information and event management and mobile service management solutions as well as other network monitoring tools across both wired and wireless networks.

18

Table of Contents


United States Army Medical Command
Problem: The United States Army Medical Command (MEDCOM) provides a variety of medical, training, and research services to military beneficiaries worldwide through 39 medical facilities and over 20 research labs and administrative agencies. This includes more than 70,000 personnel and 300,000 network connected devices within MEDCOM facilities, organizations and field operating agencies that require access to the MEDCOM network for the delivery of healthcare services. MEDCOM’s challenge revolved around endpoint security and the need to identify and authenticate devices as they connect, in real-time, to the network while quarantining non-compliant devices.
Solution and Benefits: In 2012, MEDCOM first selected and deployed CounterACT. In its initial deployment phase, CounterACT was used to provide visibility into devices accessing MEDCOM’s network. Following its success with device visibility, MEDCOM then moved forward with real-time, on-demand application and software inventorying to identify applications on each device and ensure they met defined criteria. This included leveraging CounterACT to enforce policy driven access control, enabling MEDCOM to grant, limit, or block access for wired, WiFi, mobile, and IoT devices accessing the network. In its latest phase, MEDCOM rolled out two of the ForeScout Extended Modules, McAfee’s ePolicy Orchestrator and Microsoft’s Systems Center Configuration Manager.
United States Marine Corps
Problem: The U.S. Marine Corps (USMC) faced the challenge of getting comprehensive visibility over the millions of devices connected to its network across hundreds of locations across the globe. The USMC also viewed their existing security solutions as lacking the ability to provide real-time network device visibility, critical to eliminating potential network and device vulnerabilities and acting as a fundamental means of protecting both non-classified and classified enclaves across the organization.
Solution and Benefits: U.S. Marine Corps Installations East (MCIEAST) under the direction and authority of HQMC C4 began a project in 2011, known as Comply to Connect. This project determined that ForeScout CounterACT was the foundation product of choice for discovery and classification. The USMC realized rapid benefits of ForeScout’s agentless solution and was able to identify a range of devices connected to its network that were previously hidden from the USMC’s IT department and then continuously profile the devices in order to gain greater insights into the devices connected onto its networks. Comply to Connect, or C2C, was incorporated into the 2017 National Defense Authorization Act, or NDAA, and was signed into law in February 2017. After recognizing the benefits of the ForeScout solution, the USMC expanded ForeScout’s deployment across the organization in a phased approach, with over 180,000 devices accessing the USMC networks under ForeScout management.
Sales and Marketing
Sales
We deploy a direct-touch channel-fulfilled strategy. Our sales cycle is typically six to 12 months, depending on the industry and size and scope of deployment. We have a direct field sales team and a dedicated team focused on managing relationships with our channel partners and working with our channel partners to support our end-customers. We expect to continue to grow our sales headcount in areas of highest demand for our solution. Generally, our sales representatives have become more productive the longer they are with us, with limited productivity in their first few quarters as they learn to sell our products and participate in field training. We focus our sales management efforts on helping our sales representatives increase productivity as they become more seasoned. As of December 31, 2017, 65% of our sales representatives have been with us for less than two years.
Our sales team is supported by sales engineers with deep technical expertise who are responsible for pre-sales technical support, solutions engineering for our end-customers, proof of concept work and technical training for our channel partners.
Marketing
Our marketing efforts are focused on building brand reputation and awareness to generate customer demand and build a strong sales pipeline, working in conjunction with our channel partners around the globe. Our team consists of corporate marketing, product marketing, partner marketing, field and digital marketing, account/lead development, operations, social media, public relations, and corporate communications. Marketing activities include demand generation, managing our corporate website and partner portal, trade shows and conferences, press, and analyst relations. Our sales development representatives also qualify sales leads and facilitate face-to-face meetings with potential customers. We actively drive thought leadership and

19

Table of Contents


tell our technology story by engaging industry analysts and top journalists at business and trade publications, as well as direct to customers via social media and other digital marketing channels.
Partner Ecosystem
We actively foster and develop our partner ecosystem to find and work with high quality partners who provide our solution to end-customers. Our sales force and strategic alliance group are responsible for cultivating these partnerships to establish new opportunities for delivering our solution to new and existing customers.
Channel Partners
We leverage the global breadth and reach of the channel ecosystem, including value-added resellers and distributors, to fulfill orders and sell to our mid-market customers. We dedicate significant resources to building in-depth relationships with our channel partners, including marketing, technical, and sales support to assist in jointly sourcing and closing sales opportunities. Our channel partners include Optiv Security, Inc., Westcon Group Inc., Dimension Data Holdings plc, and Forsythe Solutions Group Inc.
Alliances Partners
We have established an Alliance Partner program that allows us to productize technical integrations with third-party security vendors and leverage joint go-to-market efforts. Today we have an Alliance Partnerships with CrowdStrike, CyberArk, FireEye, Fortinet, Juniper Networks, Palo Alto Networks, ServiceNow and Splunk.
Research and Development
We invest substantial resources in research and development to consistently enhance features and capabilities of our solution. Our research and development team is located in Tel Aviv, Israel, San Jose, California, and Dallas, Texas. Research and development expense totaled approximately $17.8 million, $31.5 million, and $47.4 million for the years ended December 31, 2015, 2016, and 2017, respectively. We plan to continue to significantly invest in resources to conduct our research and development effort.
Competition
We operate in the intensely competitive network security market that is characterized by constant change and innovation. The threat landscape is growing faster than the security market, drawing new providers and new functionality from existing providers to address dynamic threat vectors. We compete with security providers in the following categories:
the large networking vendors, Cisco and HP Enterprise Company; and
independent security vendors that offer products that perform some of the functions of our solution.
The principal competitive factors in our market include:
effectiveness;
features and functionality;
global support capabilities;
scalability and overall performance;
time to value;
integration capabilities with heterogeneous network infrastructure and security tools;
brand awareness and reputation;
strength of sales and marketing efforts;

20

Table of Contents


size and scale of organization;
price and total cost of ownership; and
customer return on investment.
We believe we compete favorably with our competitors on the basis of these factors as a result of the features and performance of our solution, the ease of integration of our products with network infrastructure, and the breadth of our capabilities. However, many of our competitors have substantially greater financial, technical and other resources, greater name recognition, larger sales and marketing budgets, deeper customer relationships, broader distribution, and larger and more mature intellectual property portfolios.
Manufacturing
The manufacturing of our products is outsourced to a single third-party contract manufacturer, Arrow Electronics, Inc., or Arrow. This approach allows us to reduce our costs by decreasing our manufacturing overhead and inventory and also allows us to adjust more quickly to changing end-customer demand. Arrow assembles our product using design specifications, quality assurance programs and standards that we establish, and it procures components and assembles our products based on our demand forecasts. These forecasts represent our estimates of future demand for our products based on historical trends and analysis from our sales and product management functions as adjusted for overall market conditions.
We have entered into a written agreement with Arrow pursuant to which Arrow manufactures our product. This agreement continues in effect until either party terminates, with or without cause, by giving 90 days prior written notice.
Information about Segment and Geographic Revenue
Information about segment and geographic revenue is set forth in Note 14 in the Notes to our Consolidated Financial Statements included in Part II of this Annual Report on Form 10-K.
Seasonality and Backlog
We experience seasonality in our business, with sales generally stronger in our third and fourth fiscal quarters. For this reason, we do not believe that our product backlog at any particular time is meaningful because it is not necessarily indicative of future revenue in any given period as such orders may be rescheduled by our partners without penalty or delayed due to inventory constraints.
Intellectual Property
Our success depends in part upon our ability to protect our core technology and intellectual property. We rely on, among other things, patents, trademarks, copyrights, and trade secret laws, confidentiality safeguards and procedures, and employee non-disclosure and invention assignment agreements to protect our intellectual property rights. We have five U.S-issued patents, which expire between November 24, 2019 and November 13, 2033, eleven patent applications pending in the United States, and six pending foreign counterpart patent applications in a non-U.S. jurisdiction. We also have two issued foreign counterparts of one of these patents. We also license software from third parties for integration into our products, including open source software and other software available on commercially reasonable terms.
We control access to and use of our proprietary software, technology and other proprietary information through the use of internal and external controls, including contractual protections with employees, contractors, end-customers, and partners, and our software is protected by U.S. and international copyright, patent, and trade secret laws. In addition, we intend to expand our international operations and effective patent, copyright, trademark, and trade secret protection may not be available or may be limited in foreign countries.
See the section titled “Risk Factors—Failure to protect our proprietary technology and intellectual property rights could substantially harm our business and results of operations” for additional information.
Employees
As of December 31, 2017, we had 823 employees, including 813 full-time employees.

21

Table of Contents


None of our U.S or Israeli employees are represented by a labor organization or are a party to any collective bargaining arrangement. None of our employees located in France, Spain, and Germany are currently covered by industry-wide collective bargaining agreements. We have never had a work stoppage, and we consider our relationship with our employees to be good.
Corporate Information
We were incorporated in Delaware in April 2000. We completed our initial public offering in October 2017 and our common stock is listed on The NASDAQ Global Market. Our principal executive offices are located at 190 West Tasman Drive, San Jose, California 95134. Our main telephone number is (408) 213-3191.
Several trademarks and trade names appear in this prospectus. “ForeScout” and “CounterACT” are the exclusive properties of ForeScout Technologies, Inc., are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. Other trademarks, service marks, or trade names appearing in this Annual Report on Form 10-K are the property of their respective owners.
Our website address is located at www.forescout.com, and our investor relations website is located at http://investors.forescout.com/investor-relations. Copies of our Annual Reports on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K, and amendments to these reports filed or furnished pursuant to Section 13(a) or 15(d) of the Securities Exchange Act of 1934, as amended, or the Exchange Act, are available, free of charge, on our investor relations website as soon as reasonably practicable after we file such material electronically with or furnish it to the Securities and Exchange Commission, or the SEC. The SEC also maintains a website that contains our SEC filings. The address of the site is www.sec.gov. Further, a copy of this Annual Report on Form 10-K is located at the SEC’s Public Reference Room at 100 F Street, NE, Washington, D.C. 20549. Information on the operation of the Public Reference Room can be obtained by calling the SEC at 1-800-SEC-0330.
We also use our investor relations website as a channel of distribution for important company information. Important information, including press releases, analyst presentations and financial information regarding us, as well as corporate governance information, is routinely posted and accessible on our investor relations website. Information contained on, or that can be accessed through, our website or social medial sites does not constitute part of this Annual Report on Form 10-K or any other report or document we file with the SEC, and any references to our website and social media sits are intended to be inactive textual references only.
We are an emerging growth company within the meaning of the Jumpstart Our Business Startups Act of 2012, or the JOBS Act, and, as such, we have elected to comply with certain reduced public company reporting requirements. We will remain an emerging growth company until the earliest to occur of (i) the last day of the fiscal year in which we have more than $1.07 billion in annual revenue; (ii) the date we qualify as a “large accelerated filer,” with at least $700 million of equity securities held by non-affiliates; (iii) the date on which we have issued, in any three-year period, more than $1.0 billion in non-convertible debt securities; and (iv) the last day of the fiscal year ending after the fifth anniversary of the completion of this offering.


22

Table of Contents


ITEM 1A. RISK FACTORS
You should carefully consider the following risks and uncertainties described below, together with all of the other information contained in this Annual Report on Form 10-K, including the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and our financial statements and related notes. Any of the risks, if realized, could have a material adverse effect on our business, results of operations, prospects, and financial condition, and could cause the trading price of our common stock to decline, which would cause you to lose all or part of your investment. The risks and uncertainties described below are not the only ones we face. Additional risks and uncertainties not presently known to us or deemed to be material by us may impair our operations and performance.
Risks Related to Our Business
As a result of recent changes in our market, sales organization, and go-to-market strategy, our ability to forecast our future results of operations and plan for and model future growth is limited and subject to a number of uncertainties.
Although we were founded in 2000 and launched ForeScout CounterACT in 2006, much of our growth has occurred in recent periods. Our growth reflects a number of macro changes impacting the cyber security market, particularly through Bring Your Own Device, or BYOD, initiatives and the emergence of the Internet of Things, or IoT, both of which have contributed to a significant increase in the number of unmanaged devices accessing IT networks and resulted in growing demand for our products. To address this demand, we have made substantial investments in our sales force, which has almost tripled the size of our quota-bearing sales representatives from the beginning of 2015 to December 31, 2017. In addition, we are focusing on building relationships with Alliance Partners such as CrowdStrike and CyberArk to utilize their sales force resources to reach new end-customers. As a result of these recent changes in our market, sales organization and go-to-market strategies, coupled with our limited operating history, our ability to forecast our future results of operations and plan for and model future growth is limited and subject to a number of uncertainties. We have encountered and will continue to encounter risks and uncertainties frequently encountered by rapidly growing companies in developing markets. If our assumptions regarding these risks and uncertainties are incorrect or change in response to developments in the security market, our results of operations and financial results could differ materially from our plans and forecasts. If we are unable to achieve our key objectives, our business and results of operations will be adversely affected and the fair market value of our common stock could decline.
Our revenue growth rate in recent periods may not be indicative of our future performance.
Our revenue growth rate in recent periods should not be viewed as an indication of our future performance. For the years ended December 31, 2015, 2016, and 2017, our revenue was $126.0 million, $166.8 million, and $220.9 million, respectively, representing year-over-year growth of 32% and 32%, respectively. We may not achieve similar revenue growth rates in future periods. Factors that could impact our ability to increase our revenue include our ability to increase the size or efficiency of our sales force, which has expanded rapidly in recent years, our ability to achieve repeat purchases by existing end-customers, and the extent to which we are successful in securing large scale deployments, particularly among Global 2000 enterprises and public sector organizations. If we are unable to maintain consistent revenue or revenue growth, our stock price could experience volatility, and our ability to achieve and maintain profitability could be adversely affected.
We have a history of losses and may be unable to achieve or maintain profitability in the future.
We have incurred significant net losses in each year since our inception, including net losses of $27.3 million, $74.8 million, and $91.2 million for the years ended December 31, 2015, 2016, and 2017, respectively. While we have experienced revenue growth over these same periods, we may not be able to sustain or increase our growth or achieve profitability in the future or on a consistent basis. We expect our operating expenses to increase over the next several years as we continue to expend substantial financial resources on, among other things, expanding and improving the functionality of our solution through the addition of new ForeScout Extended Modules, investments in research and development and sales and marketing, and the hiring of additional employees. The return on these investments, if any, will only be realized over time and may not result in increased revenue commensurate with increases in our expenses, or at all.

23

Table of Contents


In addition, we completed our initial public offering in October 2017, and as a public company, we will incur significant accounting, legal, and other expenses that we did not incur as a private company. Achieving profitability will require us to increase revenue, manage our cost structure, and avoid significant liabilities. Revenue growth may slow, revenue may decline, or we may incur significant losses in the future for a number of reasons, including general macroeconomic conditions, increasing competition, a decrease in the growth of the markets in which we operate, the inability to expand our sales force and increase its productivity, or if we fail for any reason to continue to capitalize on growth opportunities. Additionally, we may encounter unforeseen operating expenses, difficulties, complications, delays, and other unknown factors that may result in losses in future periods. If these losses exceed our expectations or our revenue growth expectations are not met in future periods, our financial performance will be harmed and our stock price could decline.
If we are unable to increase sales of our solution to large organizations and public sector entities, while mitigating the risks associated with serving such end-customers, our business, financial position, and results of operations may suffer.
Our growth strategy is dependent, in part, upon increasing sales of our solution to large organizations and public sector entities. Sales to large organizations and public sector entities involve risks that may not be present (or that are present to a lesser extent) with sales to smaller entities. These risks include:
increased purchasing power and leverage held by large end-customers in negotiating contractual arrangements with us, including, in certain cases, clauses that provide preferred pricing of configurations with similar specifications;
more stringent or costly requirements imposed upon us in our maintenance and support contracts with such end-customers, including stricter response times and penalties for any failure to meet maintenance and support requirements (which penalties may include termination of our maintenance and support contracts with such end-customer, or refunds of amounts paid);
more complicated and costly implementation processes and network infrastructure;
longer sales cycles and the associated risk that substantial time and resources may be spent on a potential end-customer that ultimately elects not to purchase our products or purchases fewer products than we anticipated;
closer relationships with, and increased dependence upon, large technology companies who offer competitive products and have stronger brand recognition; and
increased pressure for pricing discounts.
In addition, because security breaches with respect to larger, high-profile organizations, or public sector entities are likely to be heavily publicized and because they are more likely to be targeted by cyberattackers, there is increased reputational risk associated with serving such end-customers. If we are unable to increase sales of our solution and products to large organizations and public sector entities while mitigating the risks associated with serving such end-customers, our business, results of operations, prospects, and financial condition may suffer.
Our business and operations have experienced rapid growth, and if we do not appropriately manage any future growth, or are unable to improve our systems and processes, our results of operations will be harmed.
We have experienced rapid growth over the last several years, which has placed and will continue to place significant demands on our management, administrative, operational, and financial infrastructure. As we have grown, we have had to manage an increasingly larger and more complex array of internal systems and processes to scale all aspects of our business in proportion to such rapid growth, including an expanded sales force, additional end-customer service personnel, and a new corporate headquarters, as well as more complex administrative systems related to managing increased headcount, particularly within our sales force. For instance, from January 1, 2016 to December 31, 2017, our headcount grew from 513 employees to 823 employees, and we expect to continue to expand our headcount. Our success will depend in part upon our ability to manage our growth effectively. To do so, we must continue to increase the productivity of our existing employees, particularly our sales force, and hire, train, and manage new employees as needed.
To manage the domestic and international growth of our operations and personnel, we will need to continue to improve our operational, financial, and management controls, as well as our reporting processes and procedures. In addition, we will need to implement more extensive and integrated financial and business information systems, including a new software license

24

Table of Contents


management system. These additional investments will increase our operating costs, which will make it more difficult for us to offset any future revenue shortfalls by reducing expenses in the short term. We may not be able to successfully acquire or implement these or other improvements to our systems and processes in an efficient or timely manner, or once implemented, we may discover deficiencies in their capabilities or effectiveness. We may experience difficulties in managing improvements to our systems and processes or in integrating with third-party technology. In addition, our systems and processes may fail to prevent or detect errors, omissions, or fraud. Our failure to improve our systems and processes, or their failure to operate effectively and in the intended manner, may result in the disruption of our current operations and end-customer relationships, our inability to manage the growth of our business and our inability to accurately forecast and report our revenue, expenses and earnings, any of which may materially harm our business, results of operations, prospects, and financial condition.
If we are unable to increase market awareness of our company and our solution, or fail to successfully promote or protect our brand, our competitive market position and revenue may not continue to grow or may decline.
Market awareness of the value proposition of our solution will be essential to our continued growth and our success. If our marketing efforts are unsuccessful in creating market awareness of our company and our solution, then our business, results of operations, prospects, and financial condition will be adversely affected, and we will not be able to achieve sustained growth.
Moreover, due to the intensely competitive nature of our market, we believe that building and maintaining our brand and reputation is critical to our success and that the importance of positive brand recognition will increase as competition in our market further intensifies. While we believe that we are successfully building a well-established brand and have invested and expect to continue to invest substantial resources to promote and maintain our brand, both domestically and internationally, there can be no assurances that our brand development strategies will enhance our reputation or brand recognition or lead to increased revenue.
Furthermore, an increasing number of independent industry analysts and researchers, such as Gartner, International Data Corporation, and Forrester Research, Inc., regularly evaluate, compare, and publish reviews regarding the functionality of security products and services, including our solution. The market’s perception of our solution may be significantly influenced by these reviews. We do not have any control over the content of these independent industry analysts and researchers’ reports, and our reputation and brand could be harmed if they publish negative reviews of our solution or do not view us as a market leader. The strength of our brand may also be negatively impacted by the marketing efforts of our competitors, which may include incomplete, inaccurate, and misleading statements about us, or our products and services. If we are unable to maintain a strong brand and reputation, sales to new and existing end-customers could be adversely affected, and our financial performance could be harmed.
We operate in a highly competitive market, with certain competitors having greater resources than we do, and competitive pressures from existing and new companies may adversely impact our business, results of operations, prospects, and financial condition.
The market in which we compete is highly fragmented, intensely competitive, and evolving in response to changes in the threat landscape and corporate network security infrastructures. We expect competition to intensify in the future as existing competitors bundle new and more competitive offerings with their existing products and services, and as new market entrants introduce new products into the security market. This competition could result in increased pricing pressure, reduced profit margins, increased sales and marketing expenses, and our failure to increase, or the loss of, market share, any of which could seriously harm our business, results of operations, prospects, and financial condition. If we do not keep pace with product and technology advances and otherwise keep our products and services competitive, there could be a material and adverse effect on our competitive position, revenue, and prospects for growth.
Our competitors and potential competitors include large networking vendors such as Cisco Systems, Inc., or Cisco, and HP Enterprise Company that may emulate or integrate features similar to ours into their own products; independent network security vendors that offer products that claim to perform similar functions to our solution; and small and large companies that offer point solutions that compete with some of the features present in our solution. We may also face competition from highly specialized vendors as well as larger vendors that may continue to acquire or bundle their products more effectively as our market grows and IT budgets are increased or created to support next-generation threat protection.

25

Table of Contents


Many of our current and potential competitors, such as Cisco and HP Enterprise Company, have longer operating histories, are substantially larger and have greater financial, technical, research and development, sales and marketing, manufacturing, distribution, and other resources, and greater name recognition. Such competitors also may have well-established relationships with our current and potential end-customers, extensive knowledge of our industry and the market in which we compete and intend to compete, and such competitors may emulate or integrate product features similar to ours into their own products. As a result, our competitors may be able to respond more quickly to new or emerging technologies and changes in customer requirements, or to devote greater resources to the development, marketing, promotion, and sale of their products and services than we can with respect to our products and services. They also may make strategic acquisitions or establish cooperative relationships among themselves or with other providers, thereby increasing their ability to provide a broader suite of products and services, and potentially causing our end-customers to decrease purchases of, or defer purchasing decisions with respect to, our products and services. In addition, some of our larger competitors have substantially broader product offerings and may be able to leverage their relationships with distribution partners and customers based on other products or incorporate functionality into existing products to gain business in a manner that discourages potential end-customers from purchasing our products and services, including by selling at zero or negative margins, product bundling, or offering closed technology solutions. Potential end-customers may also prefer to purchase from their existing vendors rather than a new supplier regardless of product performance or features.  Further, to the extent that one of our competitors acquires, or establishes or strengthens a cooperative relationship with, one or more of our channel partners, it could adversely affect our ability to compete. We may be required to make substantial additional investments in research and development and sales and marketing to respond to these competitive pressures, and we may not be able to compete successfully in the future. Any of the foregoing may limit our ability to compete effectively in the market and adversely affect our business, results of operations, prospects, and financial condition.
If we are unable to successfully expand our sales force while maintaining sales productivity, sales of our products, maintenance, and professional services and the growth of our business and financial performance could be harmed.
We continue to be substantially dependent on our sales force to obtain new end-customers and increase sales to existing end-customers, and we plan to continue to grow our sales force in the future. There is significant competition for sales personnel with the skills and technical knowledge that we require. Our ability to achieve significant revenue growth and profitability will depend, in large part, on our success in recruiting, training, and retaining a sufficient number of sales personnel to support our growth, particularly in international markets. New sales representative hires require significant training and may require a lengthy on-boarding process before they achieve adequate levels of productivity. Generally, our sales representatives become more productive the longer they are with us, with limited productivity in their first few quarters as they learn to sell our products and participate in field training.
Our recent hires and planned hires may not become productive as quickly as we expect, or at all, and we may be unable to hire or retain a sufficient number of qualified personnel in the markets where we do business or plan to do business. If we are unable to recruit, train, and retain a sufficient number of productive sales personnel, sales of our products, maintenance, and professional services and the growth of our business would be harmed. Additionally, if our efforts to expand our sales force do not result in increased revenue, our results of operations could be negatively impacted due to increased operating expenses associated with an expanded sales force.
Our end-customers’ purchasing cycles may cause fluctuations in our revenue.
Our business is affected by cyclical fluctuations in end-customer spending patterns, which result in some seasonal trends in the sale of our solution. Revenue in our third and fourth fiscal quarters, particularly in the last two weeks of the fourth quarter, is typically stronger due to the calendar year-end. Our public sector end-customers typically end their fiscal years during our third quarter, while many of our other end-customers end their fiscal years during our fourth quarter. Our first and second fiscal quarters typically experience lower sales, with aggregate revenue historically significantly lower in our first fiscal quarter when compared to our third and fourth fiscal quarters. Furthermore, our rapid growth rate over recent years may have made these fluctuations more difficult to detect. If our growth rate slows over time, cyclical variations in our operations may become more pronounced, and our business, results of operations, prospects, and financial condition may be adversely affected.
Reliance on shipments at the end of the quarter could cause our revenue for the applicable period to fall below expected levels.
As a result of end-customer buying patterns and the efforts of our sales force and channel partners to meet or exceed their quarterly sales objectives, we have historically received a substantial portion of sales orders and generated a substantial portion

26

Table of Contents


of revenue during the last few weeks of each fiscal quarter. If expected revenue at the end of any fiscal quarter is delayed for any reason, our revenue for that quarter could fall below our expectations and the estimates of analysts, which could adversely impact our business, results of operations, prospects, and financial condition and cause a decline in the trading price of our common stock. The reasons our expected revenue may be delayed include:
the failure of anticipated purchase orders to materialize;
our logistics partners’ inability to deliver products prior to fiscal quarter-end to fulfill purchase orders received near the end of the fiscal quarter;
our failure to manage inventory to meet demand;
our inability to release new products on schedule;
any failure of our systems related to order review and processing; or
any delays in shipments based on trade compliance requirements.
We are dependent upon lead generation strategies to drive our sales and revenue. If these marketing strategies fail to continue to generate sales opportunities, our ability to grow our revenue will be adversely affected.
We are dependent upon lead generation strategies to generate sales opportunities, such as sponsored events, tradeshows, webinars, and product demonstrations. These strategies may not be successful in continuing to generate sufficient sales opportunities necessary to increase our revenue. To the extent that targeted leads do not become, or we are unable to successfully attract, end-customers, we will not realize the intended benefits of these marketing strategies, and our ability to grow our revenue will be adversely affected.
Our business depends substantially on our ability to retain end-customers and expand our offerings to them. A decline in our end-customer retention or in our ability to expand sales to existing end-customers could harm our future results of operations.
Many organizations seek security solutions that are among the best available in the industry. For us to maintain or improve our results of operations in an industry that is rapidly evolving and places a premium on market leading solutions, it is important that we retain existing end-customers and that our end-customers expand their use of our products and services. An increasing portion of our revenue is derived from additional sales to our end-customers for both the management of additional existing devices on their networks and the influx of new devices that are added to their networks each day. During the year ended December 31, 2017, the majority of our revenue came from existing end-customers, and it is important for us to increase sales into this base. Our end-customers also have no obligation to renew their maintenance and support contracts with us upon the expiration of the initial maintenance and support contract period, which is typically a one-year or three-year term, and even if end-customers do renew, they may not renew with a similar maintenance and support contract period, or they may renew on terms that are less economically beneficial to us.
Our end-customer retention rates may decline or fluctuate as a result of a number of factors, including the level of our end-customers’ satisfaction with our solution, services and support, our prices and the prices of competing solutions or products, mergers and acquisitions affecting our end-customer base, the effects of global economic conditions, new technologies, changes in our end-customers’ spending levels, and changes in how our end-customers perceive the security threats to their organizations and the importance of our offerings to the security of their organizations.
In addition to increasing sales from our end-customers through sales of additional products, maintenance, and professional services, our sales may increase when end-customers refresh their installed base of our physical appliances, or Physical Appliances, with our latest equipment, replacing older versions of the Physical Appliances that reach the end of their useful life and are no longer supported under service contracts. Our end-customers typically refresh their installed base of our hardware appliance products every five years. Historically, these refresh cycles triggered buying cycles for new versions of our hardware appliances, which typically offer greater capacity and additional features than older versions, as well as new service contracts. If end-customers choose not to replace older versions of our products with newer products supported under our service contracts, our business, results of operations, prospects, and financial condition will be adversely affected. A refresh cycle also creates an opportunity for our competitors to try to displace our existing product deployments at our end-customers, who may be more

27

Table of Contents


inclined to consider other product solutions when they otherwise have to replace our existing products that have reached the end of their useful lives. The extent to which end-customers decide to refresh by purchasing products from our current or future competitors, as opposed to purchasing our new products, may significantly impact our current period product revenue, as well as future service revenue.
Our future success depends substantially on our ability to expand our sales to our existing end-customers with solutions we develop or acquire. If we are unable to expand our presence within our end-customer base by expanding the scope of their usage or adopting additional products, our business and revenue will be adversely affected.
If we are unable to attract new end-customers, our revenue growth and profitability will be adversely affected.
To increase our revenue and achieve and maintain profitability, we must regularly add new end-customers. In fiscal 2017, we sold our products to approximately 400 new end-customers. Numerous factors, however, may impede our ability to add new end-customers, including our inability to convert prospective end-customers that have been referred to us by our existing network into end-customers, failure to attract and effectively train new sales and marketing personnel, failure to retain and motivate our current sales and marketing personnel, failure to develop relationships with resellers, or failure to ensure the effectiveness of our marketing programs. In addition, if prospective end-customers do not perceive our solution to be of superior value and quality, we will not be able to attract the number and types of new end-customers that we are seeking.
Our results of operations may fluctuate significantly, be difficult to predict, and may not meet investor expectations.
Our results of operations have varied significantly in the past and may vary significantly in the future, from period to period due to a number of factors, many of which are outside of our control, including macroeconomic factors. These factors limit our ability to accurately predict our results of operations and include factors discussed throughout this “Risk Factors” section, including the following:
macroeconomic conditions in our markets, both domestic and international, as well as the level of discretionary IT spending available to organizations;
the timing, size, and mix of orders from, and shipments to, end-customers, including the timing of large orders, and timing of shipments;
fluctuation in demand for our products, maintenance, and professional services;
evolving conditions in the markets in which we compete;
variability and unpredictability in the rate of growth in the markets in which we compete;
our ability to continue to acquire new end-customers and increase our market share;
our sales cycles, which may lengthen as the complexity of products and competition in our markets increases and in response to macroeconomic conditions;
the level of competition in our markets, including the effect of new entrants, price competition, consolidation, and technological innovation;
market acceptance of our products, maintenance, and professional services;
any disruption in our channel or termination of our relationship with important channel partners;
product announcements, introductions, transitions, and enhancements by us or our competitors, which could result in deferrals of end-customer orders;
technological changes in our markets;
the quality and level of our execution of our business strategy and operating plan, and the effectiveness of our sales and marketing programs;
the impact of future acquisitions or divestitures;

28

Table of Contents


the cost of potential and existing litigation, which could have a material adverse effect on our business;
seasonality or cyclical fluctuations in our markets;
the need to change our pricing model or make pricing concessions to large end-customers;
changes in accounting rules and policies; and
the need to recognize certain revenue ratably over a defined period or to defer recognition of revenue to a later period.
Furthermore, a high percentage of our expenses, including those related to overhead, service and maintenance, research and development, sales and marketing, and general and administrative functions are generally fixed in the short term. As a result, if our revenue is less than forecasted, we may not be able to effectively reduce such expenses to compensate for the revenue shortfall and our results of operations will be adversely affected.
Sales to U.S. federal, state, and local government agencies and other public sector entities are subject to a number of challenges and risks that may adversely impact our business.
We currently sell our solution to various government agencies and other public sector entities, and we may in the future increase sales to government agencies and other public sector entities. For example, sales to U.S. federal, state, and local government agencies and other public sector entities accounted for 23%, 36%, and 26%, of our total revenue for the years ended December 31, 2015, 2016, and 2017, respectively, and may in the future account for a greater percentage of our total revenue. Sales to such government agencies and other public sector entities are subject to certain risks. Selling to government agencies and other public sector entities can be highly competitive, expensive, and time consuming, and can require certification requirements, often requiring significant upfront time and expense without any assurance that these efforts will result in a sale. Additionally, public sector demand and payment for our products, maintenance, and professional services may be impacted by public sector budgetary cycles, government shutdowns, and/or funding authorizations. Funding reductions, budget constraints, or delays may adversely affect public sector demand for our products, maintenance, and professional services. The vast majority of our sales to government agencies and other public sector entities are completed through our network of channel partners, and government agencies and other public sector entities may have statutory, contractual, or other legal rights to terminate contracts with our distributors and resellers for convenience or due to a default. The public sector routinely investigates and audits public sector contractors’ administrative processes, and any unfavorable audit could result in the public sector refusing to continue buying our products, maintenance, and professional services, a reduction of revenue, fines, or civil or criminal liability if the audit uncovers improper or illegal activities, which could adversely impact our results of operations.
Because we derive substantially all of our revenue and cash flows from one product, ForeScout CounterACT, the failure to achieve increased market acceptance of CounterACT would adversely affect our business, results of operations, prospects, and financial condition.
We derive and expect to continue to generate most of our revenue from our ForeScout CounterACT product and related maintenance and professional services for CounterACT for the foreseeable future. As a result, the market acceptance of CounterACT is critical to our continued success. Demand for CounterACT is affected by a number of factors beyond our control, including continued market acceptance of CounterACT by referenceable accounts for existing and new use cases, the timing of development and release of new products by our competitors, technological change, and growth or contraction in our market. Our inability to expand our sales of CounterACT to existing end-customers or increase our sales of CounterACT to new end-customers would harm our business and results of operations more seriously than if we derived significant revenue from a variety of sources.
Real or perceived defects, errors or vulnerabilities in our products, the misconfiguration of our products, the failure of our products to detect or prevent a security breach, the failure of end-customers to take action on attacks identified by our products, or the failure of our products to detect newly developed devices could harm our reputation and adversely impact our business, results of operations, prospects, and financial condition.
Because our products are complex, they have contained, and may in the future contain, design or manufacturing defects or errors that are not detected before their deployment. Our products also provide our end-customers with the ability to customize a multitude of settings, and it is possible that an end-customer could misconfigure our products or otherwise fail to configure

29

Table of Contents


our products in an optimal manner. Such defects, errors, and misconfigurations of our products could cause our products to be vulnerable to security attacks, cause them to fail to secure networks and detect and block threats, or temporarily interrupt the networking traffic of our end-customers. In addition, because the devices and techniques used by computer hackers to access or sabotage networks change frequently and generally are not recognized until widely deployed, there is a risk that an advanced attack could emerge through a device that our products are unable to detect, particularly devices without IP addresses. Moreover, as our products are adopted by an increasing number of large organizations and public sector entities, it is possible that the individuals and organizations behind cyberattacks will begin to focus on finding ways to defeat our products. If this happens, our products could be targeted by attacks specifically designed to disrupt our business and undermine the perception that our products are capable of providing superior network security, which, in turn, could have a serious impact on our reputation. Any security vulnerability or perceived security vulnerability of our products could materially and adversely affect our business, results of operations, prospects, and financial condition.
If any of our end-customers become infected with malware after using our products, such end-customer could be dissatisfied with our products or perceive that our products failed to perform their intended purpose, regardless of whether our products mitigated the actual harm of malware, blocked the theft of any of such end-customer’s data, or would have blocked such theft if the product had been configured properly. If any of our end-customers experience a security breach, such end-customers and the general public may believe that our products failed even if the cause of the breach is unrelated to the performance of our products. Furthermore, if any organizations or public sector entities that are publicly known to use our products are the subject of a cyberattack that becomes publicized, our other current or potential end-customers may believe that our products failed and be inclined to purchase alternative solutions from our competitors. Real or perceived security breaches of our end-customers’ networks could cause disruption or damage to their networks or other negative consequences and could result in negative publicity about us, damage to our brand and reputation, decreased sales, increased expenses, and end-customer relations problems.
Furthermore, our existing products are designed to detect existing IP-based devices and may fail to detect newly developed IP-based devices or devices that operate on newly developed protocols for any number of reasons, including our failure to enhance and expand our products and services to reflect industry trends, the advancement of new and existing technologies and new operating environments, the complexity of our end-customers’ network and environment, and the sophistication of malware, viruses, and other threats. To the extent potential end-customers, industry analysts or testing firms believe that the failure of our products to detect certain networked devices indicates that our products or services do not provide significant value, our reputation and business could be harmed. Failure to keep pace with technological changes in the security industry and the threat landscape could adversely affect our ability to protect against security breaches and could cause us to lose end-customers.
Any real or perceived defects, errors, or vulnerabilities in our products, or any other failure of our products to detect devices that introduce threats to an end-customer’s network, could result in:
a loss of existing or potential end-customers or channel partners;
delayed or lost revenue and harm to our financial condition and results of operations;
a delay in attaining, or the failure to attain, market acceptance for new products;
the expenditure of significant financial and product development resources in efforts to analyze, correct, eliminate, or work around errors or defects, to address and eliminate vulnerabilities, or to identify and ramp up production with alternative third-party manufacturers;
an increase in warranty claims or an increase in the cost of servicing warranty claims, either of which would adversely affect our gross margins;
harm to our reputation or brand; or
litigation, regulatory inquiries, or investigations that may be costly and further harm our reputation.
Because our products are highly complex and are subject to real or perceived defects, our business is subject to risks related to warranty claims, product returns and product liability.
We may incur significant costs in connection with a product recall and any related indemnification obligations, which could materially and adversely affect our results of operations. In addition, many of our products operate on our internally developed

30

Table of Contents


operating system, and any error in the operating system may affect those products. We have experienced in the past, and may continue to experience in the future, errors or quality problems in connection with new products and enhancements to existing products. We expect that errors or quality problems will be found from time to time in our products after commencement of commercial shipments, which could seriously harm our business.
Historically, the amount of warranty claims we have received has not been significant, but there is a risk that errors or problems with the quality of our products could result in material claims in the future. Because our end-customers install our appliances directly into their network infrastructures, any errors, defects, or other problems with our products could negatively impact their networks or other internet users, resulting in financial or other losses to our end-customers. While we typically seek by contract to limit our exposure to such damages, liability limitation provisions in our standard terms and conditions of sale, and those of our channel partners, may not be enforceable under some circumstances as a result of federal, state, or local laws or ordinances, or unfavorable judicial decisions in the United States or other countries or may not fully or effectively protect us from end-customer claims and related liabilities and costs, including indemnification obligations under our agreements with channel partners or end-customers. The sale and support of our products also entail the risk of product liability claims. We maintain insurance to protect against certain types of claims associated with the use of our products, but our insurance coverage may not adequately cover any such claims. In addition, even claims that ultimately are unsuccessful could require us to incur costs in connection with litigation, which could divert management’s time and other resources away from our business and could significantly harm the reputation of our business and products.
We rely on revenue from maintenance and professional services, which may decline, and because we recognize revenue from our support and maintenance contracts over the term of the relevant service period, downturns or upturns in sales of our support and maintenance services are not immediately reflected in full in our results of operations.
Our maintenance and professional services revenue accounted for 43%, 41%, and 45% of our revenue during the years ended December 31, 2015, 2016, and 2017, respectively. Sales of new or renewal service contracts may decline and fluctuate as a result of a number of factors, including our end-customers’ level of satisfaction with our maintenance and support services or our professional services, the prices of our services, and reductions in our end-customers’ spending levels. If our sales of new or renewal maintenance and support contracts or professional services contracts decline, our revenue and revenue growth may decline and our business will suffer. While we typically bill for support and maintenance services upfront, we recognize revenue from support and maintenance services ratably over the contractual service period, which is typically either one or three years. Our professional services revenue is generally recognized as the services are rendered. As a result, much of the service revenue from our maintenance and support contracts that we report each fiscal quarter is the recognition of deferred revenue from maintenance and support contracts entered into during previous fiscal quarters. Consequently, a decline in new or renewed maintenance and support contracts in any one fiscal quarter will not be fully or immediately reflected in revenue in that fiscal quarter but will negatively affect our revenue in future fiscal quarters. Accordingly, the effect of significant downturns in new or renewed sales of our maintenance and support services is not reflected in full in our results of operations until future periods. Also, it is difficult for us to rapidly increase our services revenue through additional sales of maintenance and support services in any period, as revenue from new and renewal maintenance and support contracts must be recognized over the applicable term of the contract. Furthermore, any increase in the average term of our maintenance and support contracts would result in revenue for such contracts being recognized over longer periods of time.
The security market is rapidly evolving and difficult to predict within the increasingly challenging cyberthreat landscape. If the security market does not evolve as we anticipate or if our target end-customers do not adopt our solution, our sales will not grow as quickly as anticipated and our stock price could decline.
We are in a new, rapidly-evolving category within the security market that focuses on providing organizations with enhanced visibility and control over their networks through an agentless and continuous monitoring solution. As such, it is difficult to predict important market trends, including how large the security market will be or when and what products end-customers will adopt. For example, organizations that currently use traditional approaches may believe that these approaches already provide them with sufficient network security. Therefore, they may continue spending their network infrastructure budgets on these products and may not adopt our solution in addition to or in lieu of such traditional products.
The introduction of new products by others, market acceptance of products based on new or alternative technologies, or the emergence of new industry standards could render our existing products obsolete or make it easier for other products to compete with our products. Moreover, many of our end-customers operate in markets characterized by rapidly changing

31

Table of Contents


technologies and cyberthreats, which require them to add numerous devices and adopt increasingly complex network infrastructures, incorporating a variety of hardware devices, software applications, operating systems, and networking protocols. As their technologies and business plans grow more complex, we expect these end-customers to face new and increasingly sophisticated methods of cyberattack. We face significant challenges in ensuring that our solution effectively identifies and responds to these advanced and evolving attacks without disrupting our end-customers’ network performance. Changes in the nature of advanced cyberthreats could result in a shift in IT budgets away from solutions such as ours. In addition, any changes in government regulation, compliance standards, or audit requirements that deemphasize the types of visibility, controls, and monitoring that our solution provides would adversely impact demand for our offerings. If solutions such as ours are not viewed by organizations as necessary, or if end-customers do not recognize the benefit of our solution as a critical layer of an effective security strategy, then our revenue may not grow as quickly as expected, or may decline, and our business could suffer.
Our future success will depend in part upon our ability to:
develop, acquire, and/or maintain competitive products;
enhance our products by adding innovative features that differentiate our products from those of our competitors;
bring products to market on a timely basis at competitive prices;
identify and respond to emerging technological trends in the market; and
respond effectively to new technological changes or new product announcements by others.
If the market for network security products does not evolve in the way we anticipate or if organizations do not recognize the benefits our solution offers in addition to or in place of existing network security products, and as a result we are unable to increase sales of our solution to end-customers, then our revenue may not grow as expected or may decline, which could adversely impact our stock price.
Our sales cycles can be long and unpredictable, and our sales efforts require considerable time and expense. As a result, our sales and the timing of our sales are difficult to predict and may vary substantially from period to period, which may cause our results of operations to fluctuate significantly.
The decision makers within our end-customers are primarily IT departments that are managing a growing set of user and compliance demands, which increases the complexity of end-customer requirements to be met in the sales cycle. The length of our sales cycle, from identification of an opportunity to delivery of and payment for our products, maintenance, and professional services, typically ranges from six to 12 months but can be longer and may vary significantly from customer to customer, with sales to large organizations and public sector entities typically taking longer to complete. To the extent our competitors develop products that our prospective end-customers view as comparable to ours, our average sales cycle may increase.  Additionally, a combination of legal, procurement, development, and IT departments are involved in testing, evaluating, and finally approving purchases, which can also make the sales cycle longer and less predictable. Moreover, sales to large organizations and public sector entities, which we target, will contribute to the growth of our revenue and involve challenges that could further increase the complexity and length of our sales cycle, such as complicated certification and bidding processes. As a result, large individual sales have, in some cases, occurred in quarters subsequent to those we anticipated or have not occurred at all. The loss or delay of one or more large transactions in a quarter could impact our results of operations for that quarter and any future quarters for which revenue from that transaction is delayed.
We may not be able to accurately predict or forecast the timing of sales, which could cause our results to vary significantly. In addition, we might devote substantial time and effort to a particular unsuccessful sales effort, and as a result we could lose other sales opportunities or incur expenses that are not offset by an increase in revenue, which could harm our business.
If our products do not successfully interoperate with our end-customers’ infrastructure, sales of our products, maintenance, and professional services could be negatively affected, which would harm our business.
Our products must interoperate with our end-customers’ existing or future infrastructures, which often have different specifications, utilize multiple protocol standards, deploy products from multiple vendors and contain multiple generations of products that have been added over time. As a result, when problems occur in a network, it may be difficult to identify the sources of these problems. If we are unable to successfully manage and interpret new protocol standards and versions or if we encounter

32

Table of Contents


problematic network configurations or settings, we may have to modify our software or hardware so that our products will interoperate with our end-customers’ infrastructures and can manage our end-customers’ traffic in the manner intended, which may divert substantial time and resources. If we find defects in the hardware installed with an end-customer, as we have in the past, we will replace the hardware as part of our normal warranty process. If we find errors or bugs in existing software that create problematic network configurations or settings, as we have in the past, we may have to issue software updates as part of our normal maintenance process. Any delays in identifying the sources of problems or in providing necessary modifications to our software or hardware could have a negative impact on our reputation and our end-customers’ satisfaction with our products, maintenance, and professional services and our ability to sell products and services could be adversely affected. In addition, public sector entities and other end-customers may require our products to comply with certain additional security or other certifications and standards. If our products are late in achieving or fail to achieve compliance with these certifications and standards, or our competitors achieve compliance with these certifications and standards, we may be disqualified from selling our products to such end-customers or at a competitive disadvantage, which would harm our business, results of operations, prospects, and financial condition.
Failure to protect our proprietary technology and intellectual property rights could substantially harm our business and results of operations.
The success of our business depends on our ability to protect and enforce our trade secrets, trademarks, copyrights, patents, and other intellectual property rights. We attempt to protect our intellectual property under patent, trademark, copyright, and trade secret laws, and through a combination of confidentiality procedures, contractual provisions, and other methods, all of which can offer only limited protection. We have five issued patents in the United States, eleven pending U.S. patent applications, two issued foreign counterpart patents and six pending foreign counterpart patent applications in a non-U.S. jurisdiction, and we plan to file additional patent applications in the future. Our issued patents expire between 2019 and 2033. Valid patents may not issue from our pending applications, and the claims eventually allowed on any patents may not be sufficiently broad to prevent competitors from using technology similar to our patented technology.
Any issued patents may be challenged, invalidated, or circumvented, and any rights granted under these patents may not actually provide adequate defensive protection or competitive advantages to us. Patent applications in the United States are typically not published until 18 months after filing or, in some cases, not at all, and publications of discoveries in industry-related literature lag behind actual discoveries. At the time of filing a patent application, we cannot be certain that we were the first to make the inventions claimed in our pending patent applications or that we were the first to file for patent protection, which could prevent our patent applications from issuing as patents or invalidate our patents following issuance. Additionally, the process of obtaining patent protection is expensive and time-consuming, and we may not be able to prosecute all necessary or desirable patent applications or pursue patent protection in all countries and jurisdictions in which we do business at a reasonable cost or in a timely manner. In addition, recent changes to the patent laws in the United States may bring into question the validity of certain categories of software patents. As a result, we may not be able to obtain adequate patent protection for our software or effectively enforce any issued patents relating to software.
Many aspects of our business rely on our unpatented or unpatentable proprietary technology and trade secrets. Despite our efforts to protect our proprietary technology and trade secrets, unauthorized parties may attempt to misappropriate, reverse engineer, or otherwise obtain and use them. The contractual provisions that we enter into with employees, consultants, partners, vendors, and end-customers may not prevent unauthorized use or disclosure of our proprietary technology or intellectual property rights and may not provide an adequate remedy in the event of unauthorized use or disclosure of our proprietary technology or intellectual property rights, which may substantially harm our business. In addition, we cannot assure you that we have entered into such agreements with all parties who may have or have had access to our confidential information, that such agreements will be fully enforceable, or that the agreements we have entered into will not be breached by the counterparty. Some license provisions protecting against unauthorized use, copying, transfer, and disclosure of our technology may be unenforceable under the laws of certain jurisdictions and foreign countries. We cannot guarantee that any of the measures we have taken will prevent misappropriation of our technology. Because we, as a provider of network security solutions, may be an attractive target for computer hackers, we may have a greater risk of unauthorized access to, and misappropriation of, our proprietary information.  Moreover, policing unauthorized use of our technologies, products and intellectual property is difficult, expensive and time-consuming, particularly in foreign countries where the laws may not be as protective of intellectual property rights as those in the United States and where mechanisms for enforcement of intellectual property rights may be weak. We may be unable to determine the extent of any unauthorized use or infringement of our products, technologies or intellectual property rights, and may not be able to take appropriate steps to mitigate harms resulting from any unauthorized use or infringement.

33

Table of Contents


From time to time, we may need to bring legal action to enforce our patents, trademarks, and other intellectual property rights, to protect our trade secrets, to determine the validity and scope of the intellectual property rights of others, or to defend against claims of infringement or invalidity. Such litigation could result in substantial costs and diversion of resources and could negatively affect our business, results of operations, financial condition, and cash flows. If we are unable to protect our intellectual property rights, we may find ourselves at a competitive disadvantage to others who need not incur the additional expense, time, and effort required to create the innovative products that have enabled us to be successful to date.
Assertions by third parties of infringement or other violations by us of their intellectual property rights, or other lawsuits asserted against us, could result in significant costs and substantially harm our business and results of operations.
Patent and other intellectual property disputes are common in the security industry. Some companies in the security industry, including some of our competitors, own large numbers of patents, copyrights, trademarks, and trade secrets, which they may use to assert claims against us or to prevent us from developing certain technologies. Third parties may assert claims of infringement, misappropriation, or other violations of intellectual property rights against us. They may also assert such claims against our end-customers whom our standard license and other agreements obligate us to indemnify against claims that our products infringe, misappropriate, or otherwise violate the intellectual property rights of third parties. As the number of products and competitors in our market increase, the number of products with overlapping functionality may increase, which in turn may result in more claims of infringement, misappropriation, and other violations of intellectual property rights. Further, as we gain an increasingly high profile, the possibility of intellectual property rights claims against us grows.  Any claim of infringement, misappropriation, or other violation of intellectual property rights by a third party, even those without merit, could cause us to incur substantial costs defending against the claim and could distract our management from our business. As an example, in 2012, a non-operating entity brought a patent infringement action against us, which we settled in 2012 for a nominal amount, but which required the payment of legal fees and diverted management’s time and attention.
For example, on October 24, 2017, Network Security Technologies, LLC, or NST, filed a lawsuit against us in the United States District Court for the District of Delaware, alleging that we infringed certain patents owned by it and sought unspecified damages.  Based upon our review of these patents, we believed we had meritorious defenses to NST’s claims and intended to vigorously defend the lawsuit; however, the outcome of any litigation, such as this, is inherently unpredictable, and as a result of this litigation, we could have been required to pay damages or seek a license or other right to continue to deliver an unmodified version of CounterACT, which may not have been made available to us at all or which may have required us to pay ongoing royalties and comply with unfavorable terms. Regardless, on February 1, 2018, NST filed a notice of voluntary dismissal without prejudice to dismiss ForeScout from the complaint.
While we expect to increase the size of our patent portfolio, the patent portfolios of our most significant competitors and potential competitors are larger than ours. This disparity between our patent portfolio and the patent portfolios of our most significant competitors may increase the risk that they may sue us for patent infringement and may limit our ability to counterclaim for patent infringement or settle through patent cross-licenses. In addition, future assertions of patent rights by third parties, and any resulting litigation, may involve other non-operating entities or other adverse patent owners who have no relevant product revenue and against whom our own patents may therefore provide little or no deterrence or protection. Given the competitive nature of the market in which we operate, there is a risk that we are infringing or otherwise violating third-party intellectual property rights.
An adverse outcome of a dispute may require us to:
pay substantial damages, including treble damages if we are found to have willfully infringed a third party’s patents or copyrights;
cease making, licensing, or using solutions that are alleged to infringe or misappropriate the intellectual property of others;
expend additional development resources to attempt to redesign our products or services or otherwise to develop non-infringing technology, which may not be successful;
enter into potentially unfavorable royalty or license agreements to obtain the right to use necessary technologies or intellectual property rights; or

34

Table of Contents


indemnify our partners and other third parties.
Any damages or royalty obligations we may become subject to and any third-party indemnity we may need to provide that result from an adverse outcome could harm our results of operations. Royalty or licensing agreements, if required or desirable, may be unavailable on terms acceptable to us or at all, and may require significant expense and expenditures. In addition, some licenses may be non-exclusive, and therefore our competitors may have access to the same technology licensed to us. Any of these events could seriously harm our business, results of operations, prospects, and financial condition.
We rely on technology that we license from third parties, including software that is integrated with our internally developed software and used with our products.
We rely on technology that we license from third parties, including third-party commercial software and open source software, which is used with certain of our products. We cannot be certain that our licensors are not infringing the intellectual property rights of third parties or that our licensors have sufficient rights to the licensed intellectual property in all jurisdictions in which we may sell our products. Some of our agreements with our licensors may be terminated for convenience by them.  If we are unable to continue to license any of this software on commercially reasonable terms, we will face delays in releases of our software or we will be required to delete this functionality from our software until equivalent, non-infringing technology can be licensed or developed and integrated into our current products. This effort could take significant time (during which we would be unable to continue to offer our affected products or services) and expense and may ultimately not be successful. In addition, our inability to obtain certain licenses or other rights might require us to engage in litigation regarding these matters, which could have a material adverse effect on our business, results of operations, prospects, and financial condition.
Our use of open source software could negatively affect our ability to sell our solution, require us to reengineer our products and possibly subject us to litigation.
We use open source software in our products and our development environments and expect to continue to use open source software in the future. Open source software is typically provided without assurances of any kind. Some open source licenses contain requirements that we make available source code for modifications or derivative works we create based upon the type of open source software we use. If we combine our proprietary software with open source software in a certain manner that is not intended under our policies or monitoring practices, we could, under certain open source licenses, be required to release the source code of our proprietary software to the public. This would allow our competitors to create similar products quickly with lower development effort and ultimately could result in a loss of sales for us. This could also result in litigation, require us to purchase costly licenses, or require us to devote additional research and development resources to change our products or services, any of which would have a negative effect on our business and results of operations. In addition, if the license terms for the open source software we utilize change, we may be forced to reengineer our offerings or incur additional costs. Although we regulate the use and incorporation of open source software into our products, we cannot be certain that we have, in all cases, incorporated open source software in our products in a manner that is consistent with the applicable open source license terms.
We are dependent on a single third-party manufacturer and a limited number of third-party logistics providers to design and manufacture our products and to fulfill orders for our products.
We depend on a single third-party manufacturer, Arrow Electronics, Inc., to manufacture and develop the hardware for our products. Our reliance on this third-party manufacturer reduces our control over the manufacturing process and exposes us to risks, including reduced control over quality assurance, product costs, and product supply and timing. This manufacturer typically fulfills our supply requirements on the basis of individual orders. We do not have a long-term contract with our third-party manufacturer that guarantees capacity, the continuation of particular pricing terms, or the extension of credit limits. Accordingly, it is not obligated to continue to fulfill our supply requirements, which could result in supply shortages, and the prices we are charged for manufacturing services could be increased on short notice. There are alternative manufacturers that could provide components and manufacture our hardware, as our agreements do not provide for exclusivity or minimum purchase quantities, but the transition and qualification from our single third-party manufacturer to another could be lengthy, costly, and difficult, diverting substantial time and resources from our operations.

35

Table of Contents


We also depend on third-party logistics providers to fulfill orders for our products. Our supply chain partners are not committed to design or manufacture our products, or to fulfill orders for our products, on a long-term basis in any specific quantity or at any specific price. From time to time, we may be required to add new supply chain partner relationships or new manufacturing or fulfillment sites to accommodate growth in orders or the addition of new products. It is time consuming and costly to qualify and implement new supply chain partner relationships and new manufacturing or fulfillment sites, and such additions increase the complexity of our supply chain management. Our ability to ship products to our end-customers could be delayed, and our business and results of operations could be adversely affected if:
we fail to effectively manage our supply chain partner relationships;
our third-party manufacturer does not meet our development schedules;
our third-party manufacturer experiences delays, disruptions, or quality control problems in manufacturing our products;
one or more of our third-party logistics providers experiences delays or disruptions or otherwise fails to meet our fulfillment schedules; or
we are required to add or replace our third-party manufacturer, third-party logistics providers, or fulfillment sites.
In addition, these supply chain partners have access to certain of our critical confidential information and could wrongly disclose or misuse such information or be subject to a breach or other compromise that introduces a vulnerability or other defect in the products manufactured by our supply chain partners, which risks cannot be fully mitigated. While we take precautions to ensure that our hardware obtained or manufactured by our supply chain partners is inspected, any espionage acts, malware attacks, theft of confidential information, or other malicious incidents perpetrated either directly or indirectly through our supply chain partners, may compromise our system infrastructure, expose us to litigation and associated expenses and lead to reputational harm that could result in a material adverse effect on our financial condition and results of operations. In addition, we are subject to risks resulting from the perception that certain jurisdictions do not comply with internationally recognized rights of freedom of expression and privacy and may permit labor practices that are deemed unacceptable under evolving standards of social responsibility. If manufacturing or logistics in these foreign countries is disrupted for any reason, including natural disasters, IT system failures, military, or government actions or economic, business, labor, environmental, public health, or political issues, or if the purchase or sale of products from such foreign countries is prohibited or disfavored, our business, results of operations, prospects, and financial condition could be adversely affected.
We rely on third-party channel partners to sell our products, maintenance, and professional services. If our partners fail to perform, or if we fail to manage and retain such partners, our ability to sell our products, maintenance, and professional services would be limited, and if we fail to optimize our channel partner model going forward, our results of operations would be harmed.
We market and sell our products, maintenance, and professional services through a direct touch, channel fulfilled model. We currently have over 600 channel partners, including system integrators, value-added resellers, and distributors. During the years ended December 31, 2015, 2016, and 2017, approximately 80%, 86%, and 90%, respectively, of our revenue was attributable to sales fulfilled through our channel partners. If we lost any of our channel partners, or if any of the channel partners responsible for a significant portion of our business becomes insolvent or suffers a deterioration in its financial or business condition and is unable to pay for our products, our results of operations could be harmed. Although we provide support to these channel partners through our direct sales and marketing activities, we depend upon these partners to generate sales opportunities and to independently manage the sales process for opportunities with which they are involved. In order to increase our revenue, we expect we will need to maintain our existing channel partners and continue to train and support them, as well as add new channel partners and effectively train, support, and integrate them with our sales process. Additionally, our entry into any new markets will require us to develop appropriate channel partners and to train them to effectively address these markets. If we are unsuccessful in these efforts, our ability to grow our business will be limited, and our business, results of operations, prospects, and financial condition will be adversely affected.
Our current system of channel distribution may not prove effective in maximizing sales of our products, maintenance, and professional services. Our products are complex and certain sales can require substantial effort and outlay of cost and resources, either by us or our channel partners. It is possible that our channel partners will be unable or unwilling to dedicate appropriate

36

Table of Contents


resources to support those sales. Furthermore, most of our channel partners do not have minimum purchase or resale requirements and may terminate our agreements with only a short notice period or otherwise cease selling our products at any time. If we are unable to develop and maintain effective sales incentive programs for our third-party channel partners, we may not be able to incentivize these partners to sell our products to end-customers and, in particular, to large organizations. They also may market, sell, and support products and services that are competitive with ours and may devote more resources to the marketing, sales, and support of those competitive products. There is no assurance that we will retain these channel partners or that we will be able to add additional or replacement channel partners in the future. The loss of one or more of our key channel partners in a given geographic area could harm our results of operations within that area, as new channel partners typically require extensive training and take several months to achieve acceptable productivity.
We also depend on some of our channel partners and our end-customers’ outsourced IT vendors to deliver professional services for our products. Once our products are deployed within our end-customers’ networks, many of our end-customers depend on the support of our channel partners and their outsourced IT vendors to resolve any issues relating to the implementation and maintenance of our solution. If our channel partners and our end-customers’ outsourced IT vendors do not effectively assist our end-customers in deploying our products, succeed in helping our end-customers quickly resolve post-deployment issues or provide effective ongoing support, our end-customer satisfaction and future sales of our products could be adversely affected.
While we require that our channel partners comply with applicable laws and regulations, they could engage in behavior or practices that expose us to legal or reputational risk.
Managing the supply of our products is complex. Insufficient supply and inventory may result in lost sales opportunities or delayed revenue, while excess inventory may harm our gross margins.
Our third-party manufacturer procures components and builds our products based on our forecasts, and we generally do not hold inventory. These forecasts are based on estimates of future demand for our products, which can be adjusted based on historical trends and analysis and for overall market conditions, and we cannot guarantee the accuracy of our forecasts. In order to reduce manufacturing lead times and plan for adequate component supply, from time to time we may issue forecasts for components and products that are non-cancelable and nonreturnable.
Our inventory management systems and related supply chain visibility tools may be inadequate to enable us to forecast accurately and effectively manage supply of our products and product components. Supply management remains an increased area of focus as we balance the need to maintain supply levels that are sufficient to ensure competitive lead times against the risk of obsolescence because of rapidly changing technology and end-customer requirements. We accrue for manufacturing cost commitments in excess of our forecasted demand. If we ultimately determine that we have excess supply, we may have to record a reserve for excess manufacturing costs or reduce our prices and write-down inventory, either of which in turn could result in lower gross margins. Alternatively, insufficient supply levels may lead to shortages that result in delayed revenue or loss of sales opportunities altogether as potential end-customers turn to competitors’ products that are readily available. Additionally, any increases in the time required to manufacture our products or ship products could result in supply shortfalls. If we are unable to effectively manage our supply and inventory, our results of operations could be adversely affected.
Our failure to adequately protect personal information in compliance with evolving legal requirements could harm our business.
A wide variety of state, federal, and international laws and regulations apply to the collection, use, retention, protection, disclosure, transfer, and other processing of personal data. For instance, in order for our solution to detect devices on a network, our solution gathers and tracks IP addresses to monitor each device on our end-customer’s networks. While we do not have immediate access to these IP addresses and other personal information, we have access to this information from time to time in connection with our maintenance and professional services. These data protection and privacy-related laws and regulations are evolving and may result in ever-increasing regulatory and public scrutiny and escalating levels of enforcement and sanctions. Our failure to comply with applicable laws and regulations, or to protect such data, could result in enforcement actions against us, including fines, imprisonment of company officials and public censure, claims for damages by end-customers and other affected individuals, damage to our reputation and loss of goodwill (both in relation to existing end-customers and prospective end-customers), any of which could harm on our operations, financial performance, and business. Evolving and changing definitions of personal data and personal information, within the European Union, the United States, and elsewhere, especially relating to classification of IP addresses, machine identification, location data, and other information, may limit or inhibit our ability to operate or expand our business, including limiting strategic partnerships that may involve the sharing of data. Even

37

Table of Contents


the perception of privacy concerns, whether or not valid, may harm our reputation and inhibit adoption of our products by current and future end-customers.
In addition, our appliances, when configured by our end-customers, may intercept and examine data in a manner that may subject the use of those appliances to privacy and data protection laws and regulations in those jurisdictions in which our end-customers operate. Any failure or perceived failure by us or by our products or services to comply with these laws and regulations may subject us to legal or regulatory actions, damage our reputation or adversely affect our ability to sell our products or services in the jurisdiction that has enacted the law or regulation. Moreover, if these laws and regulations change, or are interpreted and applied in a manner that is inconsistent with our data practices or the operation of our products and services, we may need to expend resources in order to change our business operations, data practices, or the manner in which our products or services operate. This could adversely affect our business, results of operations, prospects, and financial condition.
Reduced information technology and network infrastructure spending or adverse economic conditions may harm our business, results of operations, prospects, and financial condition.
Our business depends on the overall demand for information technology, network infrastructure, and network security products. In addition, the purchase of our products and services is often discretionary and may involve a significant commitment of capital and other resources. Currently, most organizations and public sector entities have not allocated a fixed portion of their budgets to protect against next-generation advanced cyberattacks. If we do not succeed in convincing end-customers that our products and services should be an integral part of their overall approach to network security and that a portion of their annual IT budgets should be allocated to our solution, general reductions in IT spending by our end-customers are likely to have a disproportionate impact on our business, results of operations, prospects, and financial condition.
Weak global economic conditions, or a reduction in information technology and network infrastructure spending even if economic conditions improve, could adversely impact our business, results of operations, prospects, and financial condition in a number of ways, including longer sales cycles, lower prices for our products and services, higher default rates among our distributors, reduced unit sales and lower or no growth. In addition, continued budgetary challenges in the United States and Europe and geopolitical turmoil in many parts of the world have and may continue to put pressure on global economic conditions and overall spending on network security products.
The average sales price of our products has decreased from time to time, and may decrease in the future, which may negatively impact our gross profits and results of operations.
From time to time, the average sales price of our products and services has decreased. In the future, it is possible that the average sales price of our products will decrease in response to competitive pricing pressures, increased sales discounts, new product introductions by us or our competitors, or other factors. Such pricing pressures may also be dependent upon the mix of products sold, the mix of revenue between products, maintenance, and professional services and the degree to which products, maintenance, and professional services are bundled and sold together for a package price. Therefore, to achieve and maintain profitability, we must develop and introduce new products and product enhancements on a timely basis and continually reduce our product costs. Our failure to do so would cause our revenue and gross profits to decline, which would harm our business and results of operations. Furthermore, currency fluctuations in certain countries and regions may negatively impact actual prices that partners and end-customers are willing to pay in those countries and regions. In addition, we may experience substantial period-to-period fluctuations in future results of operations in the event we experience an erosion of our average sales price.
We are dependent on the continued services and performance of our senior management and other key employees, and the loss of any of these key employees or any failure to hire and retain additional highly skilled employees could adversely affect our business, results of operations, prospects, and financial condition.
Our future performance depends on the continued services and contributions of our senior management, including our Chief Executive Officer and President, Michael DeCesare, and other key employees to execute on our business plan, and to identify and pursue new opportunities and product innovations. The loss of services of senior management or other key employees could significantly delay or prevent the achievement of our development and strategic objectives and could harm our business and our customer relationships. We do not maintain key man life insurance with respect to any officer or other employee.

38

Table of Contents


Our ability to continue to attract and retain highly skilled personnel will be critical to our future success. Competition for highly skilled personnel is frequently intense, especially in the San Francisco Bay Area, where we have a substantial presence and need for talent. We may not be successful in attracting, assimilating or retaining qualified personnel to fulfill our current or future needs. Also, to the extent we hire personnel from competitors, we may be subject to allegations that they have been improperly solicited or that they divulged proprietary or other confidential information.
In addition, we issue stock options and other equity awards as a key component of our overall compensation and recruiting and retention efforts. Our compensation arrangements, such as our equity award programs, may not always be successful in attracting new employees and retaining and motivating existing employees. We are also required under U.S. generally accepted accounting principles, or GAAP, to recognize compensation expense in our results of operations for employee stock-based compensation under our equity grant programs, which may negatively impact our results of operations and may increase the pressure to limit stock-based compensation. Further, the ability to either exercise those options and for our employees to sell their stock and vested and settled restricted stock units, or RSUs, in a public market after the completion of any applicable lock-up period may lead to a larger than normal turnover rate. Additionally, subject to certain limitations, an aggregate of approximately 900,000 shares underlying RSUs will vest and settle on April 25, 2018, 181 days after October 26, 2017, the date our Form S-1 for our initial public offering was effective with the SEC.
We are dependent on various IT systems, and failures of, or interruptions to, those systems could harm our business.
Many of our business processes depend upon our IT systems, the systems and processes of third parties and on interfaces with the systems of third parties over which we do not have control. If those systems fail or are interrupted, or if our ability to connect to or interact with one or more networks is interrupted, our processes may function at a diminished level or not at all. This would harm our ability to maintain operations and to ship products, and our financial results would likely be harmed. In addition, reconfiguring our IT systems or other business processes in response to changing business needs may be time consuming and costly. To the extent any such reconfiguration were to impact our ability to react timely to specific market or business opportunities, our financial results would likely be harmed.
Governmental regulations affecting the manufacturing of products and that contain “conflict minerals” and the import or export of our products could negatively affect our revenue and may cause reputational harm.
We may be deemed to manufacture or contract to manufacture products that contain certain minerals that have been designated as “conflict minerals” under The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, or the Dodd-Frank Act.  As a result, in future periods, we may be required to validate the origin of such minerals and disclose and report whether or not such minerals originated in the Democratic Republic of the Congo, or the DRC, or adjoining countries. For instance, the Dodd-Frank Act includes disclosure requirements regarding the use of certain minerals mined from the DRC and adjoining countries and procedures pertaining to a manufacturer’s efforts regarding the source of such minerals. Securities and Exchange Commission, or SEC, rules implementing these requirements and other international standards, such as the Organization for Economic Co-Operation and Development Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High Risk Areas, may have the effect of reducing the pool of suppliers who can supply DRC “conflict free” components and parts, and we may not be able to obtain DRC conflict free products or supplies in sufficient quantities for our products. In addition, we may incur additional costs to comply with the disclosure requirements, including costs related to determining the source of any of the relevant minerals and metals used in our products. We may also face reputational challenges with our end-customers, stockholders and other stakeholders if we are unable to verify the origins for the minerals used in our products.
In addition, the U.S. government and various foreign governments, including that of Israel, where we have significant research and development operations, have imposed controls, export license requirements and restrictions on the import or export of some technologies, especially encryption technology. If we were to fail to comply with any of these controls or requirements, including U.S. export licensing requirements, U.S. customs regulations, U.S. economic sanctions, or other laws, we could be subject to substantial civil and criminal penalties, including fines, incarceration for responsible employees and managers, and the possible loss of export or import privileges. Obtaining the necessary export license or approval for a particular sale may be time-consuming and may result in the delay or loss of sales opportunities. Furthermore, U.S. export control laws and economic sanctions prohibit the shipment of certain products to U.S. embargoed or sanctioned countries, governments, and persons. Even though we take precautions to ensure that our channel partners, who we rely on to fulfill our product orders and deliver our products to our end-customers, comply with all relevant regulations, any failure by us or by our channel partners to comply with

39

Table of Contents


such regulations could have negative consequences, including reputational harm, government investigations, and penalties. In addition, from time to time, governmental agencies have proposed additional regulation of encryption technology, such as requiring the escrow and governmental recovery of private encryption keys. Governmental regulation of encryption technology and regulation of imports or exports, or our failure to obtain required import or export approval for our products, could harm our international and domestic sales and adversely affect our revenue. In addition, failure to comply with such regulations could result in penalties, costs and restrictions on export privileges, which would harm our results of operations.
Parts of our research and development activities are located in Israel and, therefore, our results of operations may be adversely affected by political, economic, and military instability in Israel.
Parts of our research and development facilities are located in Israel. Accordingly, political, economic, and military conditions in Israel may directly affect our business. Since the establishment of the State of Israel in 1948, a number of armed conflicts have taken place between Israel and its neighboring countries. In recent years, these have included hostilities between Israel and Hezbollah in Lebanon and Hamas in the Gaza strip, both of which resulted in rockets being fired into Israel causing casualties and disruption of economic activities. In addition, Israel faces threats from more distant neighbors, in particular, Iran. Our commercial insurance does not cover losses that may occur as a result of an event associated with the security situation in the Middle East. Although the Israeli government is currently committed to covering the reinstatement value of direct damages that are caused by terrorist attacks or acts of war, we cannot assure you that this government coverage will be maintained or, if maintained, will be sufficient to compensate us fully for damages incurred. Any losses or damages incurred by us could have a material adverse effect on our business. Any armed conflict involving Israel could adversely affect our operations and results of operations.
Further, our operations could be disrupted by the obligations of personnel to perform military service. As of December 31, 2017, we had 179 employees based in Israel, certain of which may be called upon to perform up to 54 days in each three year period (and in the case of non-officers depending on their specific military commanders or officers, up to 70 or 84 days, respectively, in each three year period) of military reserve duty until they reach the age of 40 (and in some cases, up to 49 years of age) and, in certain emergency circumstances, may be called to immediate and unlimited active duty. Our operations could be disrupted by the absence of a significant number of employees related to military service, which could materially adversely affect our business and results of operations.
Several countries, principally in the Middle East, restrict doing business with Israel and Israeli companies, and additional countries may impose restrictions on doing business with Israel and Israeli companies whether as a result of hostilities in the region or otherwise. In addition, there have been increased efforts by activists to cause companies and consumers to boycott Israeli goods based on Israeli government policies. Such actions, particularly if they become more widespread, may adversely impact our ability to sell our products.
Our international operations expose us to a variety of risks.
We currently have operations in a number of foreign countries and make sales to end-customers throughout the world. Historically, the majority of our sales are into North America, Latin America, and the Americas. For example, in the years ended December 31, 2015, 2016, and 2017 approximately 18%, 17%, and 24%, respectively, of our revenue was derived from outside of the Americas, but we anticipate that our sales in markets outside of the Americas will increase as we grow and expand our international operations and sales force. In addition, we currently perform certain of our research and development and other operations in Israel and in other geographically dispersed locations outside of the United States. Our international operations and sales into international markets require significant management attention and financial resources, and subject us to certain inherent risks, including:
technical difficulties and costs associated with product localization;
challenges associated with coordinating product development efforts among geographically dispersed areas;
potential loss of proprietary information due to piracy, misappropriation, or laws that may inadequately protect our intellectual property rights;
greater difficulty in establishing, utilizing, and enforcing our intellectual property rights;

40

Table of Contents


our limited experience in establishing a sales and marketing presence, and research and development operations, together with the appropriate internal systems, processes, and controls, in certain geographic markets;
political unrest or economic instability, regulatory changes, war, or terrorism, and other unpredictable and potentially long-term events in the countries or regions where we or our end-customers do business, which could result in delayed or lost sales or interruption in our business operations;
longer payment cycles for sales in certain foreign countries;
seasonal reductions in business activity in the summer months in Europe and at other times in various countries;
the significant presence of some of our competitors in some international markets;
potentially adverse tax consequences or changes in applicable tax laws;
import and export restrictions and tariffs and other trade protection initiatives;
potential failures of our foreign employees and channel partners to comply with both U.S. and foreign laws and regulations, including antitrust laws, trade regulations, and anti-bribery and corruption laws, including the U.S. Foreign Corrupt Practices Act, or FCPA;
compliance with foreign laws, regulations, and other government controls, such as those affecting trade, privacy and data protection, the environment, corporations, and employment;
management, staffing, legal, and other costs of operating a distributed enterprise spread over various countries;
fluctuations in foreign exchange rates, which we currently do not hedge against; and
fears concerning travel or health risks that may adversely affect our ability to sell our products and services in any country in which the business sales culture encourages face-to-face interactions.
To the extent we are unable to effectively manage our international operations and these risks, our international sales or operations may be adversely affected, we may incur additional and unanticipated costs, and we may be subject to litigation or regulatory action. As a consequence, our business, results of operations, prospects, and financial condition could be seriously harmed.
Due to the global nature of our business, we could be adversely affected by violations of the U.S. FCPA or similar anti-bribery laws in other jurisdictions in which we operate and various international trade and export laws.
The global nature of our business creates various domestic and local regulatory challenges. The FCPA and similar anti-bribery laws in other jurisdictions generally prohibit U.S.-based companies and their intermediaries from making improper payments for the purpose of obtaining or retaining business to non-U.S. officials. In addition, U.S.-based companies are required to maintain records that accurately and fairly represent their transactions and have an adequate system of internal accounting controls. We operate in areas of the world that experience corruption by government officials to some degree and, in certain circumstances, compliance with anti-bribery laws may conflict with local customs and practices. Our global operations require us to import and export to and from several countries, which increases our compliance obligations. In addition, changes in such laws could result in increased regulatory requirements and compliance costs which could adversely affect our business, financial condition and results of operations. We cannot assure you that our employees or other software agents will not engage in prohibited conduct and render us responsible under the FCPA. If we are found to be in violation of the FCPA or other anti-bribery laws (either due to acts or inadvertence of our employees or due to the acts or inadvertence of others), we could suffer criminal or civil penalties or other sanctions, which could have a material adverse effect on our business.
Third parties may bring legal actions against us.
In the past, third parties have brought legal actions against us and we may, from time to time, be a party to other lawsuits in the normal course of our business. We have incurred costs to defend those lawsuits and related legal proceedings. It is likely that in the future other parties may bring legal actions against us. Such actions, even if without merit, could harm our business. Litigation in general, and intellectual property and securities litigation in particular, can be expensive, lengthy, and disruptive

41

Table of Contents


to normal business operations. Moreover, the results of complex legal proceedings are difficult to predict. An unfavorable resolution of any lawsuit could adversely affect our business, results of operations, prospects, or financial condition. Any material litigation or arbitration inevitably results in the diversion of the attention of our management and other relevant personnel. To the extent uninsured, such claims further require us to incur defense costs for us and for parties to whom we may have indemnification obligations. For example, we indemnify our channel partners in response to requests they receive from our end-customers to be indemnified for patent or other intellectual property litigation brought by third parties against our end-customers with regard to our end-customers’ use of products or services sold by our channel partners, including our own products. We also may be required to pay material amounts in settlement costs or damages. Furthermore, if the matter relates to infringement of a third party’s intellectual property, we may be required to enter into royalty or licensing agreements or to develop non-infringing technology, and injunctive relief could be entered against us. End-customer concerns with respect to material litigation can result in delayed or lost sales and reputational damage. Any of the foregoing could seriously harm our business and have a material adverse effect on our business, financial condition and results of operations.
Our operations could be significantly hindered by the occurrence of a natural disaster, terrorist attack, or other catastrophic event.
Our business operations are susceptible to outages due to fire, floods, power loss, telecommunications failures, terrorist attacks, and other events beyond our control, and our sales opportunities may also be affected by such events. In addition, a substantial portion of our facilities, including our headquarters, are located in Northern California, an area susceptible to earthquakes. We do not carry earthquake insurance for earthquake-related losses. Despite our implementation of network security measures, our servers are vulnerable to computer viruses, break-ins, and similar disruptions from unauthorized tampering with our computer systems. We may not carry sufficient business interruption insurance to compensate us for losses that may occur as a result of any of these events. In addition, acts of terrorism and other geo-political unrest could cause disruptions in our business or the business of our supply chain, manufacturers, logistics providers, partners, or end-customers or the economy as a whole. Any disruption in the business of our supply chain, manufacturers, logistics providers, partners, or end-customers that impacts sales at the end of a fiscal quarter could have a significant adverse impact on our financial results. To the extent that such events disrupt our business or the business of our current or prospective end-customers, or adversely impact our reputation, such events could adversely affect our business, results of operations, prospects, and financial condition.
If we fail to comply with environmental requirements, our business, results of operations, prospects, financial condition, and reputation could be adversely affected.
Our operations and the sale of our products are subject to various federal, state, local, and foreign environmental and safety regulations, including laws adopted by the European Union, such as the Waste Electrical and Electronic Equipment Directive, or WEEE Directive, and the Restriction of the Use of Certain Hazardous Substances in Electrical and Electronic Equipment Directive, or EU RoHS Directive, of certain metals from global hot spots. The WEEE Directive requires electronic goods producers to be responsible for marking, collection, recycling, and treatment of such products. Changes in the WEEE Directive of the interpretation thereof may cause us to incur additional costs or meet additional regulatory requirements, which could be material.
The EU RoHS Directive and similar laws of other jurisdictions limit the content of certain hazardous materials such as lead, mercury, and cadmium in the manufacture of electrical equipment, including our products. Currently, our products comply with the EU RoHS Directive requirements. However, if there are changes to this or other laws, or to their interpretation, or if new similar laws are passed in other jurisdictions, we may be required to reengineer our products or to use different components to comply with these regulations. This reengineering or component substitution could result in substantial costs to us or disrupt our operations or logistics.
We are also subject to environmental laws and regulations governing the management of hazardous materials, which we use in small quantities in our engineering labs. Our failure to comply with past, present, and future environmental and safety laws could result in increased costs, reduced sales of our products, substantial product inventory write-offs, reputational damage, penalties, third-party property damage, remediation costs and other sanctions, any of which could harm our business and financial condition. To date, our expenditures for environmental compliance have not had a material impact on our results of operations or cash flows, and although we cannot predict the future impact of such laws or regulations, they will likely result in additional costs and may increase penalties associated with violations or require us to change the content of our products or how they are manufactured, which could have a material adverse effect on our business, results of operations, prospects, and financial condition.

42

Table of Contents


We also expect that our business will be affected by new environmental laws and regulations on an ongoing basis, which may be more stringent, imposing greater compliance costs and increasing risks and penalties associated with violations which could harm our business.
Our gross margin is affected by a number of factors, and we may not be able to sustain it at present levels.
Our gross margin has been and will continue to be affected by a variety of factors, including:
market acceptance of our solution and fluctuations in demand for our solution and services;
the mix of products and services that we sell;
varying discounting rates among end-customers;
our ability to increase sales to and retain existing end-customers and to sell to new end-customers;
increased price competition and changes in product pricing;
actions taken by our competitors;
new product innovations and enhancements;
manufacturing and component costs;
availability of sufficient inventory to meet demand;
purchase of inventory in excess of demand;
our execution of our strategy and operating plans;
geographies in which sales are made; and
revenue recognition rules.
Macroeconomic factors and competitive pressures may also require us to lower prices or increase spending, and our business and results of operations may suffer. Even if we achieve our net revenue and operating expense objectives, our net income or loss and results of operations may be below our expectations and the expectations of investors if our gross margin is below expectations.
Our investments in new or enhanced products and services may not yield the benefits we anticipate.
The success of our business is predicated on our ability to develop new products and technologies and to anticipate future market requirements and applicable industry standards. We intend to continue to invest in enhancing our products by adding personnel and other resources to our research and development function. We will likely recognize costs associated with these investments earlier than the anticipated benefits. If we do not achieve the anticipated benefits from these investments, or if the achievement of these benefits is delayed, our business, results of operations, prospects, and financial condition may be adversely affected.
The process of developing new technologies is time consuming, complex, and uncertain, and requires the commitment of significant resources well in advance of being able to fully determine market requirements and industry standards. Furthermore, we may not be able to timely execute new product or technical initiatives because of errors in product planning or timing, technical difficulties that we cannot timely resolve, or a lack of appropriate resources. This could result in competitors bringing products to market before we do and a consequent decrease in our market share and net revenue. Our inability to timely and cost-effectively introduce new products and product enhancements, or the failure of these new products or enhancements to achieve market acceptance and comply with industry standards, could seriously harm our business, results of operations, prospects, and financial condition. Additionally, products and technologies developed by others, and our own introduction of new products and product enhancements, could result in the obsolescence and write-off of previously purchased or committed inventory, which would reduce our net income or increase our net loss.

43

Table of Contents


We may acquire or invest in companies, which may divert our management’s attention and result in additional dilution to our stockholders. We may be unable to integrate acquired businesses and technologies successfully or achieve the expected benefits of such acquisitions.
Our success will depend, in part, on our ability to grow our business in response to changing technologies, end-customer demands, and competitive pressures. In some circumstances, we may choose to do so through the acquisition of complementary businesses and technologies rather than through internal development. The identification of suitable acquisition candidates can be difficult, time-consuming, and costly, and we may not be able to successfully complete identified acquisitions. The risks we face in connection with acquisitions include:
encountering difficulties or unforeseen expenditures in integrating the business, technologies, products, personnel, or operations of a company that we acquire, particularly if key personnel of the acquired company decide not to work for us;
an acquisition that may disrupt our ongoing business, divert resources, increase our expenses, and distract our management;
our use of cash to pay for acquisitions, which would limit other potential uses for our cash;
if we incur debt to fund an acquisition, such debt may subject us to material restrictions on our ability to conduct our business; and
if we issue a significant amount of equity securities in connection with acquisitions, existing stockholders may be diluted and earnings per share may decrease.
The occurrence of any of these risks could have an adverse effect on our business, results of operations, prospects, and financial condition.
We face increased exposure to foreign currency exchange rate fluctuations.
Our sales contracts are primarily denominated in U.S. Dollars, and therefore, the majority of our revenue is not currently subject to foreign currency risk. However, a strengthening of the U.S. Dollar could increase the real cost of our products to our end-customers outside of the United States, which could adversely affect our financial condition and results of operations. In addition, increased international sales in the future, including through our channel partners and other partnerships, may result in greater foreign currency denominated sales, increasing our foreign currency risk. Moreover, an increasing portion of our operating expenses is incurred outside the United States, is denominated in foreign currencies, and is subject to fluctuations due to changes in foreign currency exchange rates. If we are not able to successfully hedge against the risks associated with currency fluctuations, our financial condition and results of operations could be adversely affected.
We do not currently maintain a program to hedge transactional exposures in foreign currencies. However, in the future, we may use derivative instruments, such as foreign currency forward and option contracts, to hedge certain exposures to fluctuations in foreign currency exchange rates. The use of such hedging activities may not offset any or more than a portion of the adverse financial effects of unfavorable movements in foreign exchange rates over the limited time the hedges are in place. Moreover, the use of hedging instruments may introduce additional risks if we are unable to structure effective hedges with such instruments.
If we fail to maintain an effective system of disclosure controls and internal control over financial reporting, our ability to produce timely and accurate financial statements or comply with applicable regulations could be impaired.
As a public company, we will be required to maintain internal control over financial reporting and to report any material weaknesses in such internal controls. Section 404 of the Sarbanes-Oxley Act of 2002, as amended, or the Sarbanes-Oxley Act, requires that we evaluate and determine the effectiveness of our internal control over financial reporting and, beginning with our second annual report following our initial public offering, provide a management report on internal control over financial reporting. However, while we remain an emerging growth company, we will not be required to include an attestation report on internal control over financial reporting issued by our independent registered public accounting firm.
Any failure to develop or maintain effective controls, or any difficulties encountered in their implementation or improvement, could harm our results of operations, cause us to fail to meet our reporting obligations, result in a restatement of our financial

44

Table of Contents


statements for prior periods, or adversely affect the results of management evaluations and independent registered public accounting firm audits of our internal control over financial reporting that we will eventually be required to include in our periodic reports that will be filed with the SEC. Ineffective disclosure controls and procedures and internal controls over financial reporting could also cause investors to lose confidence in our reported financial and other information, which would likely have a negative effect on the trading price of our common stock.
We are in the process of designing and implementing the internal control over financial reporting required to comply with Section 404 of the Sarbanes-Oxley Act. This process will be time consuming, costly, and complicated. If we are unable to assert that our internal control over financial reporting is effective or when required in the future, if our independent registered public accounting firm issues an adverse opinion on the effectiveness of our internal control over financial reporting, investors may lose confidence in the accuracy and completeness of our financial reports, the market price of our common stock could be adversely affected and we could become subject to investigations by the stock exchange on which our securities are listed, the SEC, or other regulatory authorities, which could require additional financial and management resources.
If we cannot maintain our corporate culture as we grow, we could lose the innovation, teamwork, passion, and focus on execution that we believe contribute to our success, and our business may be harmed.
We believe that our corporate culture has been a critical component to our success. We have invested substantial time and resources in building our team. As we grow and mature as a public company, we may find it difficult to maintain our corporate culture. Any failure to preserve our culture could negatively affect our future success, including our ability to recruit and retain personnel and effectively focus on and pursue our business strategy.
Forecasting our estimated annual effective tax rate is complex and subject to uncertainty, and there may be material differences between our forecasted and actual tax rates.
We are currently generating operating losses and have minimal tax rate uncertainty. When we begin generating operating profit, and fully utilize our net operating losses, or NOLs, forecasts of our effective tax rate will become more complex. As a multinational corporation we conduct our business in many countries and are subject to different taxation in many jurisdictions. The taxation of our business is subject to the application of multiple and conflicting tax laws and regulations as well as multinational tax conventions. Our effective tax rate will be highly dependent upon the geographic distribution of our worldwide earnings or losses, the tax regulations in each geographic region, the availability of tax credits and carryforwards, and the effectiveness of our tax planning strategies.
In addition, we are subject to examination of our income tax returns by the Internal Revenue Service and other tax authorities. If tax authorities challenge the relative mix of our U.S. and international income, our future effective income tax rates could be adversely affected. While we regularly assess the likelihood of adverse outcomes from such examinations and the adequacy of our provision for income taxes, there can be no assurance that such provision is sufficient and that a determination by a tax authority will not have an adverse effect on our business, results of operations, prospects, and financial condition.
Changes in U.S. tax laws could have a material adverse effect on our business, cash flow, results of operations or financial conditions.
Recently enacted U.S. tax legislation will significantly change the taxation of U.S.-based multinational corporations, by, among other things, reducing the U.S. corporate income tax rate, adopting elements of a territorial tax system, assessing a one-time transition tax on earnings of certain foreign subsidiaries that were previously tax deferred, and the creation of new taxes on certain foreign-sourced earnings. The legislation is unclear in some respects and will require interpretations and implementing regulations by the Internal Revenue Service, as well as state tax authorities, and the legislation could be subject to potential amendments and technical corrections, any of which could lessen or increase certain impacts of the legislation.
Our ability to use our net operating loss carry-forwards and certain other tax attributes may be limited.
As of December 31, 2017, we had federal NOLs of approximately $180.1 million, which begin to expire in 2021 if not utilized, and California and other state NOLs of $22.0 million and $76.6 million, respectively, which begin to expire in 2028 and 2018, respectively if not utilized. Subject to the following discussion, such NOLs are generally available to be carried forward to offset our future taxable income, if any, until such NOLs are used or expire.

45

Table of Contents


In general, under Section 382 of the Internal Revenue Code of 1986, as amended, or the Code, a corporation that undergoes an “ownership change” (generally defined as a greater than 50-percentage point cumulative change (by value) in the equity ownership of certain stockholders over a rolling three-year period) is subject to limitations on its ability to utilize its pre-change NOLs to offset post-change taxable income. Similar rules may apply under state tax laws. Based upon an analysis of the period from inception through November 30, 2015, we believe we may have undergone an ownership change and that a portion of our current NOLs may be subject to limitations under Section 382. Future changes in our stock ownership, some of which are outside of our control, could result in an ownership change under Section 382 of the Code. Furthermore, our ability to utilize NOLs of companies that we have acquired or may acquire in the future may be subject to limitations. There is also a risk that due to regulatory changes, such as suspensions on the use of NOLs, or other unforeseen reasons, our existing NOLs could expire or otherwise be unavailable to offset future income tax liabilities. For these reasons, we may not be able to realize a tax benefit from the use of our NOLs, whether or not we attain profitability.
Risks Related to Owning Our Common Stock
Provisions of our corporate governance documents could make an acquisition of our company more difficult and may prevent attempts by our stockholders to replace or remove our current management, even if beneficial to our stockholders.
Our amended and restated certificate of incorporation and amended and restated bylaws and the Delaware General Corporation Law, or the DGCL, contain provisions that could make it more difficult for a third party to acquire us, even if doing so might be beneficial to our stockholders.
These provisions include:
the division of our board of directors into three classes and the election of each class for three-year terms;
advance notice requirements for stockholder proposals and director nominations;
the ability of the board of directors to fill a vacancy created by the expansion of the board of directors;
the ability of our board of directors to issue new series of, and designate the terms of, preferred stock, without stockholder approval, which could be used to, among other things, institute a rights plan that would have the effect of significantly diluting the stock ownership of a potential hostile acquirer, likely preventing acquisitions that have not been approved by our board of directors;
limitations on the ability of stockholders to call special meetings and to take action by written consent; and
the required approval of holders of at least 66-2/3% of the voting power of the outstanding shares of our capital stock to adopt, amend, or repeal certain provisions of our amended and restated certificate of incorporation and amended and restated bylaws or remove directors for cause.
In addition, Section 203 of the DGCL may affect the ability of an “interested stockholder” to engage in certain business combinations, for a period of three years following the time that the stockholder becomes an “interested stockholder.”
These provisions may frustrate or prevent any attempts by our stockholders to replace or remove our current management by making it more difficult for stockholders to replace members of our board. Because our board of directors is responsible for appointing the members of our management team, these provisions could in turn affect any attempt to replace current members of our management team.
Our amended and restated bylaws designate courts in the State of Delaware and in the county of Santa Clara, California as the sole and exclusive forums for certain types of actions and proceedings that may be initiated by our stockholders, which could limit our stockholders’ ability to obtain a favorable judicial forum for disputes with us or our directors, officers, or employees.
Our amended and restated bylaws provide that, subject to limited exceptions, a state or federal court located within the State of Delaware or a state or federal court located within the county of Santa Clara, California will be the sole and exclusive forums for:
any derivative action or proceeding brought on our behalf;

46

Table of Contents


any action asserting a claim of breach of a fiduciary duty owed by any of our directors, officers, or other employees to us or our stockholders;
any action asserting a claim against us arising pursuant to any provision of the DGCL, our amended and restated certificate of incorporation or our amended and restated bylaws; or
any other action asserting a claim against us or our directors, officers, or employees that is governed by the internal affairs doctrine.
Any person or entity purchasing or otherwise acquiring any interest in shares of our capital stock shall be deemed to have notice of and to have consented to these provisions. These provisions may limit a stockholder’s ability to bring a claim in a judicial forum that it finds favorable for disputes with us or our directors, officers, or other employees, which may discourage such lawsuits against us and our directors, officers, and employees. Alternatively, if a court were to find these provisions of our amended and restated bylaws inapplicable to, or unenforceable in respect of, one or more of the specified types of actions or proceedings, we may incur additional costs associated with resolving such matters in other jurisdictions, which could adversely affect our business and financial condition.
Market volatility may affect the price of our common stock.
The price of our common stock may fluctuate significantly in response to a number of factors, most of which we cannot predict or control, including:
actual or anticipated changes or fluctuations in our results of operations and whether our results of operations meet the expectations of securities analysts or investors;
actual or anticipated changes in securities analysts’ estimates and expectations of our financial performance;
announcements of new products and solutions, services or technologies, commercial relationships, acquisitions, or other events by us or our competitors;
general market conditions, including volatility in the market price and trading volume of technology companies in general and of companies in the network security industry in particular;
changes in how current and potential end-customers perceive the effectiveness of our solution in protecting against advanced cyberattacks or other reputational harm;
sales of large blocks of our common stock, including sales by our executive officers, directors, and significant stockholders and significant releases of RSUs;
announced departures of any of our key personnel;
lawsuits threatened or filed against us or involving our industry, or both;
changing legal or regulatory developments in the United States and other countries;
general economic conditions and trends; and
other events or factors, including those resulting from major catastrophic events, war, acts of terrorism, or responses to these events.
In addition, the stock markets have experienced extreme price and volume fluctuations that have affected and continue to affect the market prices of equity securities of many technology companies. Stock prices of many technology companies have fluctuated in a manner unrelated or disproportionate to the operating performance of those companies. In the past, stockholders have instituted securities class action litigation following periods of market volatility. If we were to become involved in securities litigation, it could subject us to substantial costs, divert resources and the attention of management from our business and adversely affect our business, results of operations, prospects, and financial condition.

47

Table of Contents


Our business could be impacted as a result of actions by activist shareholders or others.
We may be subject, from time to time, to legal and business challenges in the operation of our company due to actions instituted by activist shareholders or others. Responding to such actions could be costly and time-consuming, may not align with our business strategies and could divert the attention of our board of directors and senior management from the pursuit of our business strategies. Perceived uncertainties as to our future direction as a result of shareholder activism may lead to the perception of a change in the direction of the business or other instability and may affect our relationships with our end-customers, prospective and current employees and others.
As a public company, we are subject to additional laws, regulations, and stock exchange listing standards, which impose additional costs on us and may strain our resources and divert our management’s attention.
We are subject to the reporting requirements of the Securities Exchange Act of 1934, as amended, or the Exchange Act, the Sarbanes-Oxley Act, the Dodd-Frank Act, the listing requirements of The NASDAQ Global Market, and other applicable securities laws and regulations. Compliance with these laws and regulations increases our legal and financial compliance costs and make some activities more difficult, time-consuming, or costly. For example, the Exchange Act requires us, among other things, to file annual, quarterly, and current reports with respect to our business and results of operations and maintain effective disclosure controls and procedures and internal control over financial reporting. Also, as a public company, it will be more expensive for us to obtain director and officer liability insurance, and we may be required to accept reduced coverage or incur substantially higher costs to obtain coverage. Although we have already hired additional employees to comply with these requirements, we may need to hire even more employees in the future, which will increase our costs and expenses. These factors may therefore strain our resources, divert management’s attention, and affect our ability to attract and retain qualified board members.
Since we have no current plans to pay regular cash dividends on our common stock, you may not receive any return on investment unless you sell your common stock for a price greater than that which you paid for it.
We do not anticipate paying any regular cash dividends on our common stock in the foreseeable future. Any decision to declare and pay dividends in the future will be made at the discretion of our board of directors and will depend on, among other things, our results of operations, financial condition, cash requirements, contractual restrictions, and other factors that our board may deem relevant. In addition, our ability to pay dividends is, and may be, limited by covenants of existing and any future outstanding indebtedness we or our subsidiaries incur. Therefore, any return on investment in our common stock is solely dependent upon the appreciation of the price of our common stock on the open market, which may not occur.
If securities or industry analysts do not publish research or reports about our business, if they adversely change their recommendations regarding our shares or if our results of operations do not meet their expectations, our share price and trading volume could decline.
The trading market for our shares will be influenced by the research and reports that industry or securities analysts publish about us or our business. We do not have any control over these analysts. If one or more of these analysts cease coverage of our company or fails to publish reports on us regularly, we could lose visibility in the financial markets, which in turn could cause our share price or trading volume to decline. Moreover, if one or more of the analysts who cover our company downgrade our stock or if our results of operations do not meet their expectations, our share price could decline.
We are an “emerging growth company,” and the reduced disclosure requirements applicable to emerging growth companies may make our common stock less attractive to investors.
We are an “emerging growth company,” as defined in the Jumpstart Our Business Startups Act, or JOBS Act, and may remain an emerging growth company for up to five years. For so long as we remain an emerging growth company, we are permitted and intend to rely on exemptions from certain disclosure requirements that are applicable to other public companies that are not emerging growth companies. These exemptions include not being required to comply with the auditor attestation requirements of Section 404 of the Sarbanes-Oxley Act not being required to comply with any requirement that may be adopted by the Public Company Accounting Oversight Board regarding mandatory audit firm rotation or a supplement to the auditor’s report providing additional information about the audit and the financial statements, reduced disclosure obligations regarding executive compensation and exemptions from the requirements of holding a nonbinding advisory vote on executive compensation and shareholder approval of any golden parachute payments not previously approved. We have not yet disclosed all of the

48

Table of Contents


executive compensation-related information that would be required if we were not an emerging growth company. We cannot predict whether investors will find our common stock less attractive if we rely on these exemptions. If some investors find our common stock less attractive as a result, there may be a less active trading market for our common stock and our stock price may be more volatile.
In addition, the JOBS Act provides that an emerging growth company can take advantage of an extended transition period for complying with new or revised accounting standards. This allows an emerging growth company to delay the adoption of certain accounting standards until those standards would otherwise apply to private companies. We have irrevocably elected not to avail ourselves of this exemption from new or revised accounting standards and, therefore, we will be subject to the same new or revised accounting standards as other public companies that are not emerging growth companies. We will incur increased costs as a result of operating as a public company, and our management will be required to devote substantial time to new compliance initiatives and corporate governance practices.
Our directors, executive officers, and significant stockholders have substantial control over us and could delay or prevent a change in control.
Our directors, executive officers and holders of more than 5% of our common stock, together with their affiliates, beneficially own, in the aggregate, approximately 66% of our outstanding common stock as of December 31, 2017. As a result, these stockholders, acting together, would have the ability to control the outcome of matters submitted to our stockholders for approval, including the election of directors and any merger, consolidation or sale of all or substantially all of our assets. In addition, these stockholders, acting together, would have the ability to control the management and affairs of our company. Accordingly, this concentration of ownership might adversely affect the market price of our common stock by:
delaying, deferring or preventing a change in control of the company;
impeding a merger, consolidation, takeover or other business combination involving us; or
discouraging a potential acquirer from making a tender offer or otherwise attempting to obtain control of the company.


49

Table of Contents


ITEM 1B. UNRESOLVED STAFF COMMENTS

None.

ITEM 2. PROPERTIES

Our corporate headquarters is located in San Jose, California in a facility consisting of approximately 95,950 square feet of office space under a lease that expires in 2026. Our major engineering center is located in Tel Aviv, Israel. We maintain additional offices throughout the United States and various international locations, including Australia, Canada, China, Germany, Hong Kong, Japan, the United Arab Emirates and the United Kingdom. We lease all of our facilities and do not own any real property. We intend to procure additional space as we add employees and expand geographically. We believe our facilities are adequate and suitable for our current needs and that suitable additional or alternative space will be available to accommodate the expansion of our operations if needed.

ITEM 3. LEGAL PROCEEDINGS

The information set forth under the “Litigation” subheading in Note 5. “Commitments and Contingencies” of the Notes to Consolidated Financial Statements in Part II, Item 8 of this Annual Report on Form 10-K is incorporated herein by reference.


50

Table of Contents


ITEM 4. MINE SAFETY DISCLOSURES

Not applicable.


51

Table of Contents


PART II
ITEM 5. MARKET FOR REGISTRANT’S COMMON EQUITY, RELATED STOCKHOLDER MATTERS AND ISSUER PURCHASES OF EQUITY SECURITITIES

Market Information for Common Stock
Our common stock, par value $0.001 per share, began trading on The NASDAQ Global Market under the symbol “FSCT” on October 27, 2017. Prior to that date, there was no public trading market for shares of our common stock.
The following table sets forth the reported high and low sales prices of our common stock for the period indicated, as quoted on the NASDAQ Global Market:
Period Ended:
High
 
Low
December 31, 2017 (from October 27, 2017)
 
$32.58
 
 
$21.56
Holders of Record
As of December 31, 2017, there were 265 holders of record of our common stock. Because many of our shares of common stock are held by brokers and other institutions on behalf of beneficial owners of our stock, we are unable to estimate the total number of stockholders.
Dividend Policy
We have never declared or paid cash dividends on our common stock. We currently intend to retain any future earnings to fund business development and growth, and we do not expect to pay any dividends in the foreseeable future. Any future determination to declare cash dividends will be made at the discretion of our board of directors, subject to applicable laws, and will depend on a number of factors, including our financial condition, results of operations, capital requirements, contractual restrictions, general business conditions, and other factors that our board of directors may deem relevant.
Sale of Unregistered Securities
Option and Common Stock Issuances
During the fiscal year ended December 31, 2017, prior to filing our Registration Statement on Form S-8 on October 27, 2017:
We granted to certain of our executive officers, directors, employees, consultants and other service providers an aggregate of 1,156,350 restricted stock units to be settled in shares of our common stock under our equity compensation plans.
We granted to certain of our executive officers, directors, employees, consultants, and other service providers options to purchase an aggregate of 458,099 shares of common stock under our equity incentive plans at exercise prices ranging from $16.18 to $19.78 per share.
None of the foregoing transactions involved any underwriters, underwriting discounts or commissions, or any public offering. The Company believes the offers, sales, and issuances of the above securities were exempt from registration under the Securities Act by virtue of (i) Section 4(a)(2) of the Securities Act (or, Regulation D promulgated thereunder) as transactions not involving a public offering, (ii) Rule 701 promulgated under the Securities Act as transactions pursuant to compensatory benefit plans or contracts relating to compensation as provided under such rule, or (iii) Regulation S promulgated under the Securities Act as transactions made outside of the United States. The recipients of the securities in each of these transactions represented their intentions to acquire the securities for investment only and not with a view to or for sale in connection with any distribution thereof, and appropriate legends were placed upon the stock certificates issued in these transactions. All recipients had adequate access, through their relationships with the Registrant, to information about the Registrant. The sales of these securities were made without any general solicitation or advertising.

52

Table of Contents


Use of Proceeds
On October 26, 2017, our Registration Statement on Form S-1 (File No. 333-220767) was declared effective by the SEC for our initial public offering, or IPO, of common stock. We started trading on The NASDAQ Global Market on October 27, 2017. On October 31, 2017, we closed our IPO and sold 6,072,000 shares of our common stock, including the exercise of the underwriters’ option to purchase an additional 792,000 shares, at an offering price of $22.00 per share, for an aggregate offering price of approximately $133.6 million. Upon completion of the sale of the shares of our common stock, our IPO terminated.
The underwriters for our initial public offering were Morgan Stanley & Co. LLC, J.P. Morgan Securities LLC, Citigroup Global Markets Inc., Merrill Lynch, Pierce, Fenner & Smith Incorporated, UBS Securities LLC, KeyBanc Capital Markets Inc. We paid to the underwriters of our IPO underwriting discounts and commissions totaling approximately $9.4 million and incurred estimated offering expenses of approximately $4.5 million that, when added to the underwriting discounts and commissions, amount to total expenses of approximately $13.9 million. Thus, the net offering proceeds, after deducting underwriting discounts and commission and other offering expenses and including the exercise by the underwriters of their option to purchase additional shares of our common stock, were approximately $119.7 million.
There has been no material change in the planned use of proceeds from our IPO as described in our final prospectus, dated October 26, 2017, pursuant to Rule 424(b) of the Securities Act.
Purchases of Equity Securities by the Issuer and Affiliated Purchasers
None.

53

Table of Contents


Performance Graph
This performance graph shall not be deemed “filed” for purposes of Section 18 of the Exchange Act, or incorporated by reference into any filing of ForeScout under the Securities Act of 1933, as amended (the “Securities Act”), or the Exchange Act, except as shall be expressly set forth by specific reference in such filing.
The following graph compares the cumulative total return for our common stock, the NASDAQ Composite Index and the NASDAQ Computer Index. An investment of $100 (with reinvestment of all dividends) is assumed to have been made in our common stock and in each index on October 27, 2017, the date our common stock began trading on the NASDAQ, and its relative performance is tracked through December 29, 2017, the last trading date of our 2017 fiscal year end. The returns shown are based on historical results and are not intended to suggest future performance.
http://api.tenkwizard.com/cgi/image?quest=1&rid=23&ipage=12074827&doc=20

54

Table of Contents


ITEM 6. SELECTED CONSOLIDATED FINANCIAL AND OTHER DATA
The selected consolidated financial data below should be read in conjunction with the section entitled “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and our consolidated financial statements and related notes included elsewhere in this report. Our historical results are not necessarily indicative of the results that may be expected in any future period. The selected consolidated statements of operations data for the years ended December 31, 2015, 2016, and 2017, and the consolidated balance sheet data as of December 31, 2016 and 2017 are derived from our audited consolidated financial statements included elsewhere in this Annual Report on Form 10-K. The consolidated balance sheet data as of December 31, 2015 are derived from audited consolidated financial statements which are not included in this Form 10-K. Our historical results are not necessarily indicative of our future results. The selected consolidated financial data in this section are not intended to replace our consolidated financial statements and the related notes, and are qualified in their entirety by the consolidated financial statements and related notes included elsewhere in this Annual Report on Form 10-K.
 
Year Ended December 31,
 
2015
 
2016
 
2017
 
(In thousands, except share and per share data)
Consolidated Statements of Operations Data:
 
 
 
 
 
Revenue:
 
 
 
 
 
Product
$
71,264

 
$
98,655

 
$
121,413

Maintenance and professional services
54,695

 
68,186

 
99,458

Total revenue
125,959

 
166,841

 
220,871

Cost of revenue:
 
 
 
 
 
Product (1)
16,161

 
21,678

 
24,098

Maintenance and professional services (1)
16,961

 
26,571

 
34,771

Total cost of revenue
33,122

 
48,249

 
58,869

Total gross profit
92,837

 
118,592

 
162,002

Operating expenses:
 
 
 
 
 
Research and development (1)   
17,772

 
31,490

 
47,435

Sales and marketing (1)   
70,269

 
127,815

 
151,093

General and administrative (1)   
22,874

 
30,731

 
51,206

Total operating expenses
110,915

 
190,036

 
249,734

Loss from operations
(18,078
)
 
(71,444
)
 
(87,732
)
Interest expense
(2,745
)
 
(2,577
)
 
(1,223
)
Other income (expense), net
(488
)
 
(607
)
 
316

Revaluation of warrant liabilities
(5,621
)
 
1,104

 
(727
)
Loss before income taxes
(26,932
)
 
(73,524
)
 
(89,366
)
Income tax provision
328

 
1,250

 
1,839

Net loss
$
(27,260
)
 
$
(74,774
)
 
$
(91,205
)
Deemed dividend on the conversion of Series G redeemable convertible preferred stock

 

 
12,810

Net loss attributable to common stockholders
$
(27,260
)
 
$
(74,774
)
 
$
(104,015
)
Net loss per share attributable to common stockholders, basic and diluted (2)
$
(6.61
)
 
$
(13.33
)
 
$
(9.12
)
Weighted-average shares used to compute net loss per share attributable to common stockholders, basic and diluted (2)
4,121,852
 
5,609,187
 
11,405,356

55

Table of Contents


_____________________    
(1)
Includes stock-based compensation expense as follows:
 
Year Ended December 31,
 
2015
 
2016
 
2017
 
(In thousands)
Cost of revenue:
 
 
 
 
 
Product
$
16

 
$
30

 
$
103

Maintenance and professional services
391

 
1,123

 
2,291

Research and development
1,101

 
2,311

 
6,213

Sales and marketing
2,245

 
8,084

 
14,451

General and administrative
4,959

 
5,286

 
19,538

     Total
$
8,712

 
$
16,834

 
$
42,596


(2)
See Note 12 in the Notes to our Consolidated Financial Statements included in Part II of this Annual Report on Form 10-K for a description of how we calculate net loss per share, basic and diluted.
 
December 31,
 
2014
 
2015
 
2016
 
2017
 
(In thousands)
Consolidated Balance Sheet Data:
 
 
 
 
 
 
 
Cash and cash equivalents
$
42,621

 
$
126,846

 
$
79,665

 
$
63,009

Marketable securities

 

 

 
123,384

Working capital, excluding deferred revenue
44,866

 
111,521

 
90,561

 
213,154

Total assets
76,379

 
170,870

 
167,426

 
295,662

Total deferred revenue
66,456

 
83,459

 
108,914

 
162,758

Warrant liabilities
5,882

 
5,978

 
4,874

 

Redeemable convertible preferred stock
200,501

 
279,913

 
283,854

 

Total stockholders’ (deficit) equity
$
(243,685
)
 
$
(252,802
)
 
$
(308,597
)
 
$
54,536

Non-GAAP Financial Measures
In addition to our results determined in accordance with U.S. generally accepted accounting principles, or GAAP, we monitor the non-GAAP financial metrics described below to evaluate growth trends, establish budgets, measure the effectiveness of our sales and marketing efforts and measure and assess operational efficiencies.
We define non-GAAP operating loss as loss from operations excluding stock-based compensation expense. We consider non-GAAP operating loss to be a useful metric for investors and other users of our financial information in evaluating our operating performance because it excludes the impact of stock-based compensation, a non-cash charge that can vary from period to period for reasons that are unrelated to our core operating performance. This metric also provides investors and other users of our financial information with an additional tool to compare business performance across companies and periods, while eliminating the effects of items that may vary for different companies for reasons unrelated to core operating performance.
We define free cash flow as net cash (used in) provided by operating activities less purchases of property and equipment. We consider free cash flow to be an important metric because it measures the amount of cash we use or generate and reflects changes in working capital.
A reconciliation of non-GAAP operating loss to loss from operations, the most directly comparable financial measure calculated and presented in accordance with GAAP, is provided below:

56

Table of Contents


 
Year Ended December 31,
 
2015
 
2016
 
2017
 
(In thousands)
Non-GAAP operating loss:
 
 
 
 
 
Loss from operations
$
(18,078
)
 
$
(71,444
)
 
$
(87,732
)
Add: stock-based compensation expense
8,712

 
16,834

 
42,596

Non-GAAP operating loss
$
(9,366
)
 
$
(54,610
)
 
$
(45,136
)
A reconciliation of free cash flow to net cash (used in) provided by operating activities, the most directly comparable financial measure calculated and presented in accordance with GAAP, is provided below:
 
Year Ended December 31,
 
2015
 
2016
 
2017
 
(In thousands)
Free cash flow (non-GAAP):
 
 
 
 
 
Net cash provided by (used in) operating activities
$
3,397

 
$
(38,291
)
 
$
(2,735
)
Less: purchases of property and equipment
(2,757
)
 
(22,006
)
 
(4,517
)
Free cash flow (non-GAAP)
$
640

 
$
(60,297
)
 
$
(7,252
)
Net cash used in investing activities
$
(6,065
)
 
$
(22,199
)
 
$
(127,685
)
Net cash provided by financing activities
$
86,893

 
$
13,309

 
$
113,764

It is important to note that other companies, including companies in our industry, may not use non-GAAP operating loss or free cash flow, may calculate these metrics differently, or may use other financial measures to evaluate their performance, all of which could reduce the usefulness of these non-GAAP metrics as comparative measures.
As a result, our non-GAAP operating loss and free cash flow should be considered in addition to, not as substitutes for or in isolation from, measures prepared in accordance with GAAP.
We compensate for these limitations by providing investors and other users of our financial information, reconciliations of non-GAAP operating loss to the corresponding GAAP financial measure, operating loss, and reconciliations of free cash flow to the corresponding GAAP financial measure, cash flow (used in) provided by operating activities. We encourage investors and others to review our financial information in its entirety, not to rely on any single financial measure, and to view non-GAAP operating loss and free cash flow in conjunction with the corresponding GAAP financial measure.


57

Table of Contents


ITEM 7. MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS
The following discussion and analysis of our financial condition and results of operations should be read in conjunction with the section titled “Selected Consolidated Financial Data” and our consolidated financial statements and related notes included elsewhere within this Annual Report on Form 10-K. This discussion contains forward-looking statements based upon current plans, expectations and beliefs that involve risks and uncertainties. Our actual results may differ materially from those anticipated in these forward-looking statements as a result of various factors, including those set forth under “Risk Factors” and in other parts of this Annual Report on Form 10-K. Our fiscal year end is December 31.
Overview
We generate revenue from sales of our products and associated maintenance and professional services. Our products include: ForeScout CounterACT, ForeScout Enterprise Manager, and ForeScout Extended Modules. Our CounterACT and Enterprise Manager products are sold as hardware appliances embedded with our software, or Physical Appliances, or as software only, or Virtual Appliances. We recently started offering, in limited quantities to a small number of large enterprises, CounterACT and Enterprise Manager together as a software-only license, or Enterprise License Software. Our Enterprise License Software is either sold with separate hardware or without hardware, depending on the end-customer’s selection. Our Extended Modules are sold as software add-ons to the CounterACT and Enterprise Manager products. All of our products are sold with a perpetual license. End-customers typically purchase maintenance and professional services when they purchase one or more of our products. Our support and maintenance contracts typically have a one-year or three-year term. We offer a portfolio of professional services and extended support contract options to assist with additional deployment and ongoing advanced technical support. We market and sell our products, maintenance, and professional services through a direct touch, channel-fulfilled model. Our direct sales force is responsible for cultivating relationships and selling solutions to enterprise and public sector accounts globally. We leverage the global breadth and reach of our channel ecosystem, including value-added resellers and distributors, to fulfill orders and sell to our mid-market end-customers.
Our CounterACT products are priced based on the number of devices managed on each Physical or Virtual Appliance. Our largest Physical and Virtual Appliance can manage up to 10,000 devices while our smallest Physical and Virtual Appliance can manage up to 100 devices. Our Enterprise License Software generally manages a minimum of 100,000 devices and increases the number of managed devices in increments of 100 depending on the end-customer’s requirements. Our Enterprise Manager is priced based on the number of CounterACT Physical and Virtual Appliances managed. Our high-end Enterprise Manager product can manage up to 200 CounterACT Physical and Virtual Appliances while our low-end Enterprise Manager product can manage up to five Physical and Virtual Appliances. Our Extended Modules are sold in units of 100 managed devices today.
Revenue on Physical Appliances and Enterprise License Software sold with separate hardware, or Hardware Products, is recognized at the time of delivery, provided that all other revenue recognition criteria have been met. Revenue on Virtual Appliances, Enterprise License Software sold without hardware, and Extended Modules, or Software Products, is recognized at the time of delivery if vendor-specific objective evidence of fair value, or VSOE, is established for all undelivered related items. If VSOE does not exist for one or more undelivered items, revenue from the software portion of the arrangement is deferred until the delivery of all items has begun and is then recognized ratably over the longest remaining service period, which generally is the support and maintenance term. For additional disclosure on our revenue recognition policy, see Note 1 to our consolidated financial statements.
We have made substantial investments in our sales force in recent periods in order to address the significant enterprise opportunity caused by an increase in unmanaged devices coming onto networks. While we will continue to hire sales personnel, we do not anticipate growing our sales force at the same rate in the future as we intend to gain leverage from our existing sales force as our sales representatives become more productive. In addition, we expect our Alliance Partners to help drive sales of our Extended Modules through joint use cases and go-to-market strategies. Today, we have an Alliance Partner program in place with FireEye, Inc., one of our related parties. See the section titled “Certain Relationships and Related Party Transactions, and Directors Independence” for additional information.
As of December 31, 2017, we have sold to over 2,700 end-customers in over 80 countries, including 18% of the Global 2000, since our inception. For the years ended December 31, 2015, 2016, and 2017 we sold to 10%, and 11%, and 13% of the Global 2000, respectively. Our end-customers represent a broad range of industries, including financial services, government, healthcare, technology, manufacturing, services, energy, entertainment and retail.

58

Table of Contents


We have experienced rapid growth in recent periods. For the years ended December 31, 2015, 2016, and 2017, our revenue was $126.0 million, $166.8 million, and $220.9 million, respectively, representing year-over-year increase of 32% for both periods.
Factors Affecting Our Performance
We believe that the growth of our business and our future success are dependent upon many factors, including our ability to sell to existing end-customers, to increase the deal size of the sales to our end-customers, to extend the reach of our sales force footprint to engage more end-customers, and to continue to increase the efficiency by which our sales force engages our end-customers. While each of these areas presents significant opportunities for us, they also pose significant risks and challenges that we must successfully address in order to sustain the growth of our business and improve our results of operations.
Continued Sales to Existing End-Customers
An increasing portion of our revenue is derived from additional sales to our end-customers. During the year ended December 31, 2017, approximately 87% of our revenue came from existing end-customers, and it is important for us to increase sales into this base. The chart below illustrates the importance of maintaining and growing our existing end-customer base. The chart shows revenue generated from our end-customers beginning from fiscal year 2007, the initial year of purchase for the 2007 end-customer cohort, along with the annual revenue derived from those same end-customers in each year through fiscal 2017. Each colored segment represents a new cohort of end-customers beginning in their initial year of purchase. Repeat buying patterns within our existing end-customer base reflects the persistent need for more of our products to cover an increasing number of devices on our end-customers’ networks. We have served several of our top 20 end-customers for over 10 years and have seen consistent repeat buying by annual end-customer cohort.
http://api.tenkwizard.com/cgi/image?quest=1&rid=23&ipage=12074827&doc=18
We believe the net-recurring revenue retention rate on our support and maintenance contracts is an important metric to measure our ability to retain and increase sales to our existing end-customers. We calculate the net-recurring revenue retention rate on support and maintenance contracts as the 12 month annualized value of support and maintenance contracts renewed plus the trailing 12 month annualized value of support and maintenance contracts not subject to renewal because the scheduled expiration date of the multi-year support and maintenance contract falls outside of the 12 month period under measurement plus the annualized value of new support and maintenance contracts from end-customers acquired one year prior, in the aggregate, divided by the aggregate of the 12 months annualized value of support and maintenance contracts scheduled to terminate or renew during the 12 month period plus the trailing 12 month annualized value of support and maintenance contracts not subject to renewal because the scheduled expiration date of the multi-year support and maintenance contract falls outside of the 12 month period under measurement. We believe this metric is an indication of the continuing value we provide to our end-customers

59

Table of Contents


because it shows the renewal of their support and maintenance contracts on their existing IP-based devices and the expanded value to our end-customers demonstrated by increases in the number of IP-based devices. Our net-recurring revenue retention rate on support and maintenance contracts as of December 31, 2015, 2016, and 2017 were 116%, 127%, and 126%, respectively. A net retention rate over 100% indicates that our products are expanding within our end-customer base, whereas a rate less than 100%indicates that our products are constricting within our end-customer base. Additionally, this calculation includes all changes to the annualized value of the recurring revenue from support and maintenance contracts for the designated set of support and maintenance contracts used in the calculation, which includes scheduled expiration periods, stub periods, changes in pricing, additional products purchased, lost end-customers, early renewals, decreases in the number of Physical or Virtual Appliances, decreases in the number of devices and hardware included in our Enterprise Software License and Extended Modules under contract. This metric does not take into account product revenue or professional services revenue. The annualized value of our support and maintenance contracts is a legal and contractual determination made by assessing the contractual terms with our end-customers. The annualized value of our support and maintenance contracts is not determined by reference to historical revenue, deferred revenue or any other GAAP financial measure over any period.
Increasing Deal Size of Sales to Our End-Customers
The value realized from our products has led to increased adoption and larger scale deployments. The number of annual end-customer deals over $1 million is increasing. For the years ended December 31, 2015, 2016, and 2017, we had 26, 28, and 48 deals, respectively, representing year-over-year growth of the collective value of those deals of 61% and 55%, respectively. We define an annual end-customer deal as the aggregate billings to an end-customer during a calendar year. In addition, our average deal size with end-customers excluding renewals is increasing. For the year ended December 31, 2017, our average deal size was over $217,000, an increase of 24% from the average annual deal size for the year ended December 31, 2015. We define the average deal size as the aggregate sales to end-customers during a calendar year divided by the number of end-customers purchasing in that year, excluding any end-customer for which the total value of their purchases in that year were less than five thousand dollars and excluding support and maintenance renewals, as we determined that the majority of this population was comprised of transactions not fundamental to our end-customer group and go-to-market strategy.
Extending the Reach of Our Sales Force Footprint
We have made substantial investments in our sales force in recent periods in order to address the significant enterprise opportunity caused by an increase in unmanaged devices coming onto networks. We have almost tripled the size of our quota-bearing sales representatives from the beginning of 2015 to December 31, 2017. We expect to continue to make substantial investments in our sales force to increase adoption within the Global 2000 and public sector.
Increasing the Efficiency by which Our Sales Force Engages Our End-Customers
We are focused on increasing the efficiency of our sales force. Over the last 12 months, we have increased hiring in sales enablement and marketing, enhanced sales training activities, and implemented company-wide standards for product positioning in order to instill a culture of success and discipline in our sales organization. Our sales strategy depends on attracting top talent from security organizations, expanding our sales coverage, increasing our pipeline of business, and enhancing productivity. We focus on productivity per quota-carrying sales representative across different levels within the sales organization, and the time it takes our sales representatives to reach productivity. We manage our pipeline on a quarterly basis, by sales representative, to ensure sufficient coverage of our bookings targets. Our ability to manage our sales productivity and pipeline are important factors to the success of our business.
Components of Financial Performance
Revenue
We derive revenue from sales of our products, maintenance, and professional services. Revenue is recognized when persuasive evidence of an arrangement exists, delivery has occurred, the fee is fixed or determinable, and collectability is reasonably assured.
Our revenue is comprised of the following:

60

Table of Contents


Product Revenue. Our product revenue is derived from sales of our Physical Appliances, Virtual Appliances, Extended Modules, Enterprise License Software, and hardware sold separately, which is recognized either up-front or ratably depending on the terms of the agreement and the product composition. Hardware Product revenue, which includes our Physical Appliances, Enterprise License Software sold with separate hardware and hardware sold separately, is recognized at the time of delivery, provided that all other revenue recognition criteria have been met. Software Product revenue, which includes Virtual Appliances, Enterprise License Software sold without hardware and Extended Modules, is recognized at the time of delivery if VSOE is established for all undelivered related items. If VSOE does not exist for one or more undelivered items, revenue from the software portion of the arrangement is deferred until the delivery of all items has begun and is then recognized ratably over the longest remaining service period, which generally is the support and maintenance term. Beginning on January 1, 2016, we established VSOE for professional services, and support and maintenance on Software Products, except Extended Modules. As a percentage of total revenue, we expect our product revenue to vary from quarter to quarter based on seasonal and cyclical factors.
Maintenance and Professional Services Revenue. Our maintenance revenue is derived from support and maintenance contracts with terms that are generally either one or three years. We typically bill for support and maintenance contracts upfront. We recognize revenue from support and maintenance over the contractual service period. Our professional services revenue is generally recognized as the services are rendered. We intend to invest in our professional services organization to improve the time to deliver these services. As a percentage of total revenue, we expect our maintenance and professional services revenue to vary from quarter to quarter based on seasonal and cyclical factors.
Cost of Revenue
Cost of Product Revenue. Cost of product revenue primarily consists of costs paid to our third-party contract manufacturer for our Physical Appliances, hardware sold with our Enterprise License Software and hardware sold separately. Our cost of product revenue also includes allocated costs, shipping costs, and personnel costs associated with logistics. There is no direct cost of revenue associated with our Software Products because Software Products are delivered electronically. We expect our cost of product revenue to fluctuate from quarter to quarter based on product mix; however, over time, we expect our cost of product revenue to decline as a percentage of product revenue primarily due to a shift in product mix towards increased sales of Software Products.
Cost of Maintenance and Professional Services Revenue. Cost of maintenance and professional services revenue consists of personnel costs for our global customer support and professional services organization and costs paid to third-party contractors that deliver some of our services. We expect our cost of maintenance and professional services revenue to decline over time as a percentage of our maintenance and professional services revenue as we expect to scale our customer support organization at a lower growth rate than our anticipated maintenance and professional services revenue growth rate.
Gross Margin
Gross margin, or gross profit as a percentage of revenue, has been and will continue to be affected by a variety of factors, including the mix of products sold between Hardware Products and Software Products; the mix of revenue between products, maintenance, and professional services; the average sales price of our products, maintenance and professional services; and manufacturing costs. Our gross margins vary by product, with gross margin on our high-end Physical Appliances ranging between 80% and 83% and gross margin of 62% on our low-end Physical Appliances for the years ended December 31, 2015, 2016, and 2017. Gross margin on hardware sold with Enterprise License Software or sold separately ranged between 16% and 30% for the year ended December 31, 2017. Gross margin on our Software Products was 99% for the years ended December 31, 2015, 2016, and 2017. We expect our gross margins to fluctuate from quarter to quarter based on product mix; however, over time, we expect our gross margins to increase as a percentage of product revenue primarily due to a shift in product mix towards increased sales of Software Products.
Operating Expenses
Our operating expenses consist of research and development, sales and marketing, and general and administrative expenses. Personnel costs are the most significant component of operating expenses and consists of salaries, benefits, bonuses, stock-based compensation, and with regard to sales and marketing expense, sales commissions.

61

Table of Contents


Research and Development. Research and development expense consists primarily of personnel costs. Research and development expense also includes consulting expense and allocated costs including facilities and information technology related costs. We expect research and development expense to increase in the near term in absolute dollars as we continue to invest in our future products and services; however, we expect our research and development expense to decline as a percentage of total revenue in the long term as we scale the business.
Sales and Marketing. Sales and marketing expense consists primarily of personnel costs, including commission costs. We expense commission costs as incurred. Sales and marketing expense also includes costs for market development programs, promotional and other marketing costs, travel costs, professional services, and allocated costs including facilities and information technology related costs. We expect sales and marketing expense to continue to increase in absolute dollars as we increase the size of our sales and marketing organizations; however, we expect our sales and marketing expense to decline as a percentage of total revenue in the long term as we scale the business.
General and Administrative. General and administrative expense consists of personnel costs, professional services, certain non-recurring general expenses, and allocated costs including facilities and information technology related costs. General and administrative personnel include our executive, finance, human resources, and legal organizations. Professional services consist primarily of legal, auditing, accounting, and other consulting costs. We expect general and administrative expense to increase in absolute dollars due to additional costs associated with being a public company, such as accounting, compliance, insurance, and investor relations, however, we expect our general and administrative expense to decline as a percentage of total revenue in the long term as we scale the business.
Interest Expense
Interest expense consists of interest on our outstanding indebtedness.
Other Income (Expense), Net
Other Income (Expense), net consists primarily of interest income earned on our cash and cash equivalents and foreign currency exchange losses related to transactions denominated in currencies other than the U.S. Dollar.
Revaluation of Warrant Liabilities
Revaluation of warrant liabilities includes adjustments to the estimated fair value of the preferred and common stock warrants outstanding offset by any gain realized from the exercise of outstanding warrants when the fair value of the warrants exercised is greater than the fair value of the redeemable stock. We mark-to-market our warrant liabilities on a quarterly basis. The majority of these warrants were exercised upon our IPO.
Provision for Income Taxes
Provision for income taxes consists primarily of foreign income taxes and reserves, withholding taxes, and U.S. state income taxes. We maintain a full valuation allowance for domestic net deferred tax assets. Our foreign deferred tax assets are immaterial. 


62

Table of Contents


Results of Operations
The following tables summarize our consolidated statement of operations data and such data as a percentage of our total revenue. The period-to-period comparison of results is not necessarily indicative of results for future periods.
 
Year Ended December 31,
 
2015
 
2016
 
2017
 
(In thousands)
Revenue:
 
 
 
 
 
Product
$
71,264

 
$
98,655

 
$
121,413

Maintenance and professional services
54,695

 
68,186

 
99,458

Total revenue
125,959

 
166,841

 
220,871

Cost of revenue:
 
 
 
 
 
Product (1)
16,161

 
21,678

 
24,098

Maintenance and professional services (1)
16,961

 
26,571

 
34,771

Total cost of revenue
33,122

 
48,249

 
58,869

Total gross profit
92,837

 
118,592

 
162,002

Operating expenses:
 
 
 
 
 
Research and development (1)   
17,772

 
31,490

 
47,435

Sales and marketing (1)   
70,269

 
127,815

 
151,093

General and administrative (1)   
22,874

 
30,731

 
51,206

Total operating expenses
110,915

 
190,036

 
249,734

Loss from operations
(18,078
)
 
(71,444
)
 
(87,732
)
Interest expense
(2,745
)
 
(2,577
)
 
(1,223
)
Other income (expense), net
(488
)
 
(607
)
 
316

Revaluation of warrant liabilities
(5,621
)
 
1,104

 
(727
)
Loss before income taxes
(26,932
)
 
(73,524
)
 
(89,366
)
Income tax provision
328

 
1,250

 
1,839

Net loss
$
(27,260
)
 
$
(74,774
)
 
$
(91,205
)
Deemed dividend on the conversion of Series G redeemable convertible preferred stock

 

 
12,810

Net loss attributable to common stockholders
$
(27,260
)
 
$
(74,774
)
 
$
(104,015
)
_____________________    
(1)
Includes stock-based compensation expense as follows:

63

Table of Contents


 
Year Ended December 31,
 
2015
 
2016
 
2017
 
(In thousands)
Cost of revenue:
 
 
 
 
 
Product
$
16

 
$
30

 
$
103

Maintenance and professional services
391

 
1,123

 
2,291

Research and development
1,101

 
2,311

 
6,213

Sales and marketing
2,245

 
8,084

 
14,451

General and administrative
4,959

 
5,286

 
19,538

     Total
$
8,712

 
$
16,834

 
$
42,596



 
Year Ended December 31,
 
2015
 
2016
 
2017
 
(As a percentage of total revenue)
Revenue:
 
 
 
 
 
Product
57
 %
 
59
 %
 
55
 %
Maintenance and professional services
43

 
41

 
45

Total revenue
100

 
100

 
100

Cost of revenue:
 
 
 
 
 
Product
13

 
13

 
11

Maintenance and professional services
13

 
16

 
16

Total cost of revenue
26

 
29

 
27

Total gross profit
74

 
71

 
73

Operating expenses:
 
 
 
 
 
Research and development
14

 
19

 
21

Sales and marketing
56

 
77

 
69

General and administrative
18

 
18

 
23

Total operating expenses
88

 
114

 
113

Loss from operations
(14
)
 
(43
)
 
(40
)
Interest expense
(3
)
 
(2
)
 

Revaluation of warrant liabilities
(5
)
 
1

 

Loss before income taxes
(22
)
 
(44
)
 
(40
)
Income tax provision

 
1

 
1

Net loss
(22
)%
 
(45
)%
 
(41
)%
Deemed dividend on the conversion of Series G redeemable convertible preferred stock
 %
 
 %
 
6
 %
Net loss attributable to common stockholders
(22
)%
 
(45
)%
 
(47
)%

64

Table of Contents


Comparison of the Years Ended December 31, 2015, 2016 and 2017
Revenue
 
Year Ended December 31,
 
2015 to 2016
 
2016 to 2017
 
2015
 
2016
 
2017
 
Change
 
Change
 
Amount
 
Amount
 
Amount
 
Amount
 
%
 
Amount
 
%
 
(Dollars in thousands)
Revenue:
 
 
 
 
 
 
 
 
 
 
 
 
 
Product
$
71,264

 
$
98,655

 
$
121,413

 
$
27,391

 
38
%
 
$
22,758

 
23
%
Maintenance and professional services
 
 
 

 
 

 
 
 
 
 
 
 
 
Support and maintenance
46,438

 
59,189

 
87,509

 
12,751

 
27
%
 
28,320

 
48
%
Professional services
8,257

 
8,997

 
11,949

 
740

 
9
%
 
2,952

 
33
%
Total maintenance and professional services
54,695

 
68,186

 
99,458

 
13,491

 
25
%
 
31,272

 
46
%
Total revenue
$
125,959

 
$
166,841

 
$
220,871

 
$
40,882

 
32
%
 
$
54,030

 
32
%
Product revenue increased $27.4 million, or 38%, for the year ended December 31, 2016 compared to the year ended December 31, 2015. The increase is primarily due to an increase of $14.2 million, or 25%, in Hardware Product revenue and $13.1 million, or 100%, in Software Product revenue. The increase of Software Product revenue included an increase of $2.9 million in Extended Module revenue.
Maintenance and professional services revenue increased $13.5 million, or 25%, for the year ended December 31, 2016 compared to the year ended December 31, 2015. The increase was comprised of a $7.9 million increase in revenue from support and maintenance contracts that were renewals, a $4.9 million increase in revenue from support and maintenance contracts associated with initial product sales, and a $0.7 million increase in revenue from sales of professional services.
Product revenue increased $22.8 million, or 23%, for the year ended December 31, 2017 compared to the year ended December 31, 2016. The increase was primarily due to an increase of $17.4 million, or 66%, in Software Product revenue and $5.3 million, or 7%, in Hardware Product revenue. The increase of Software Product revenue was offset by a decrease of $3.0 million in Extended Module revenue that reflected a shift from upfront to ratable revenue recognition on this Software Product revenue.
Maintenance and professional services revenue increased $31.3 million, or 46%, for the year ended December 31, 2017 compared to the year ended December 31, 2016. The increase was due to a combination of a $16.8 million increase in support and maintenance contracts associated with initial product sales, a $11.5 million increase in support and maintenance contracts that were renewals, and a $3.0 million increase in revenue from sales of professional services.

65

Table of Contents


Cost of Revenue
 
Year Ended December 31,
 
2015 to 2016
 
2016 to 2017
 
2015
 
2016
 
2017
 
Change
 
Change
 
Amount
 
Amount
 
Amount
 
Gross Profit
 
Gross Margin %
 
Gross Profit
 
Gross Margin %
 
(Dollars in thousands)
Cost of revenue:
 
 
 
 
 
 
 
 
 
 
 
 
 
Product
$
16,161

 
$
21,678

 
$
24,098

 
$
5,517

 
34
%
 
$
2,420

 
11
%
Maintenance and professional services
16,961

 
26,571

 
34,771

 
9,610

 
57
%
 
8,200

 
31
%
Total cost of revenue
$
33,122

 
$
48,249

 
$
58,869

 
$
15,127

 
46
%
 
$
10,620

 
22
%
Total cost of revenue increased $15.1 million, or 46%, for the year ended December 31, 2016 compared to the year ended December 31, 2015.
Product cost of revenue increased $5.5 million, or 34%, for the year ended December 31, 2016 compared to the year ended December 31, 2015 due to a higher volume of Hardware Products sold.
Maintenance and professional services cost of revenue increased $9.6 million, or 57%, for the year ended December 31, 2016 compared to the year ended December 31, 2015 due to increases in personnel costs related to increasing headcount. From December 31, 2015 to December 31, 2016, we increased our customer support and professional services organization’s headcount by 70%.
Total cost of revenue increased $10.6 million, or 22%, for the year ended December 31, 2017 compared to the year ended December 31, 2016.
Product cost of revenue increased $2.4 million, or 11%, for the year ended December 31, 2017 compared to the year ended December 31, 2016 due to a higher volume of Hardware Products sold.
Maintenance and professional services cost of revenue increased $8.2 million, or 31%, for the year ended December 31, 2017 compared to the year ended December 31, 2016 primarily due to an increase in personnel costs related to an average increase in headcount of 28%.
Gross Profit and Gross Margin
 
Year Ended December 31,
 
2015 to 2016
 
2016 to 2017
 
2015
 
2016
 
2017
 
Change
 
Change
 
Gross Profit
 
Gross Margin
 
Gross Profit
 
Gross Margin
 
Gross Profit
 
Gross Margin
 
Gross Profit
 
Gross Margin %
 
Gross Profit
 
Gross Margin %
 
(Dollars in thousands)
Gross profit:
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Product
$
55,103

 
77
%
 
$
76,977

 
78
%
 
$
97,315

 
80
%
 
$
21,874

 
100
 bps
 
$
20,338

 
200
 bps
Maintenance and professional services
37,734

 
69
%
 
41,615

 
61
%
 
64,687

 
65
%
 
3,881

 
(800 bps)

 
23,072

 
400
 bps
Total gross profit
$
92,837

 
74
%
 
$
118,592

 
71
%
 
$
162,002

 
73
%
 
$
25,755

 
(300 bps)

 
$
43,410

 
200
 bps
Gross profit increased by $25.8 million, or 28%, for the year ended December 31, 2016 compared to the year ended December 31, 2015. The increase in gross profit is consistent with the increases in our revenue and cost of revenue.

66

Table of Contents


Gross margin decreased by approximately 300 basis points for the year ended December 31, 2016 compared to the year ended December 31, 2015. The increase of 100 basis points in product margin was primarily due to a shift in product revenue mix from Hardware Product sales to Software Product sales, offset by a slight decrease in the average selling price of Physical Appliance products within our Hardware Products. The decrease of 800 basis points in maintenance and professional services margin was driven by headcount growth within our customer support and professional services organizations in order to support our growing installed end-customer base.
Gross profit increased by $43.4 million, or 37%, for the year ended December 31, 2017 compared to the year ended December 31, 2016. The increase in gross profit is consistent with the increases in our revenue and cost of revenue. 
Gross margin increased by approximately 200 basis points for the year ended December 31, 2017 compared to the year ended December 31, 2016. The increase of 200 basis points in product margin was driven by a shift in product revenue mix from Hardware Product sales to Software Products sales. The increase of approximately 400 basis points in margin for maintenance and professional services was primarily driven by an increased margin for professional services and a shift in services revenue mix with increased sales in maintenance as compared to sales of professional services.
Operating Expenses
 
Year Ended December 31,
 
2015 to 2016
 
2016 to 2017
 
2015
 
2016
 
2017
 
Change
 
Change
 
Amount
 
Amount
 
Amount
 
Amount
 
%
 
Amount
 
%
 
(Dollars in thousands)
Operating expenses:
 
 
 
 
 
 
 
 
 
 
 
 
 
Research and development
$
17,772

 
$
31,490

 
$
47,435

 
$
13,718

 
77
%
 
$
15,945

 
51
%
Sales and marketing
70,269

 
127,815

 
151,093

 
57,546

 
82
%
 
23,278

 
18
%
General and administrative
22,874

 
30,731

 
51,206

 
7,857

 
34
%
 
20,475

 
67
%
Total operating expenses
$
110,915

 
$
190,036

 
$
249,734

 
$
79,121

 
71
%
 
$
59,698

 
31
%
Research and development expense increased $13.7 million, or 77%, for the year ended December 31, 2016 compared to the year ended December 31, 2015, primarily due to an increase in personnel costs of $9.9 million, due to an increase in headcount of 56%, an increase in system costs of $1.3 million primarily associated with routine internal software upgrades and security enhancements, and an increase in facilities costs of $1.2 million primarily related to our new corporate headquarters in San Jose, California.
Sales and marketing expense increased $57.5 million, or 82%, for the year ended December 31, 2016 compared to the year ended December 31, 2015, primarily due to an increase in personnel costs of $35.1 million, due to an increase in headcount of 54%, and an increase of $10.3 million in commission expense driven by higher sales. Additionally, there was an increase in facilities costs of $3.8 million related to our new corporate headquarters in San Jose, California, an increase in travel and entertainment costs of $2.7 million, an increase in system costs of $2.6 million primarily associated with routine internal software upgrades and security enhancements, and an increase in demand generation activities, trade shows, and other marketing activities of $1.6 million.
General and administrative expense increased $7.9 million, or 34%, for the year ended December 31, 2016 compared to the year ended December 31, 2015, primarily due to an increase in personnel costs of $4.0 million, due to an increase in headcount of 46%, a $1.3 million settlement payment to a technology partner to settle a contract dispute following the cancellation of such technology partner’s contract with us, an increase of $0.9 million in professional fees primarily related to legal fees, and an increase in facilities costs of $0.8 million related to our new corporate headquarters in San Jose, California.
Research and development expense increased $15.9 million, or 51%, for the year ended December 31, 2017 compared to the year ended December 31, 2016, due to an increase in personnel costs of $8.7 million related to an average increase of 25% in headcount, an increase in stock-based compensation costs of $3.9 million, and an increase in allocated IT and facilities costs of $1.5 million.

67

Table of Contents


Sales and marketing expense increased $23.3 million, or 18%, for the year ended December 31, 2017 compared to the year ended December 31, 2016, due to an increase in personnel costs of $11.8 million related to an average increase of 16% in headcount, an increase in stock-based compensation expense of $6.3 million, an increase of $3.8 million in travel and entertainment costs, an increase in allocated IT and facilities costs of $1.9 million, an increase of $0.3 million in commission expense, which is due to a combination of increased commission expense driven by higher sales and a reduction in commission expense due to accelerated commission expenses in the prior year related to a very large deal. These increases are partially offset by a reduction of $1.0 million in other marketing activities costs.
General and administrative expense increased $20.5 million, or 67%, for the year ended December 31, 2017 compared to the year ended December 31, 2016, due to an increase in stock-based compensation expense of $14.1 million impacted by certain grants that had an IPO trigger, an increase in personnel costs of $4.2 million related to an average increase of 20% in headcount, an increase of $1.4 million in professional fees primarily related to consulting fees, and a combined increase of $1.8 million in costs related to travel, equipment, shared services and other costs. The increase is offset by a reduction of $1.3 million settlement payment to a technology partner during the year ended December 31, 2016 to settle a contract dispute following the cancellation of such technology partner’s contract with us. No similar transactions occurred during the year ended December 31, 2017.
Interest Expense
 
Year Ended December 31,
 
2015 to 2016
 
2016 to 2017
 
2015
 
2016
 
2017
 
Change
 
Change
 
Amount
 
Amount
 
Amount
 
Amount
 
%
 
Amount
 
%
 
(Dollars in thousands)
Interest expense
$
(2,745
)
 
$
(2,577
)
 
$
(1,223
)
 
$
168

 
(6
)%
 
$
1,354

 
(53
)%
Interest expense decreased $0.2 million, or 6%, for the year ended December 31, 2016 compared to the year ended December 31, 2015, primarily due to the payoff of our loan and security agreement on December 1, 2016. We amended our amended and restated loan and security agreement on December 22, 2016 to increase the maximum amount of credit available for borrowing under our revolving