~~Training.~~ •Cybersecurity training.We offer ~~training services~~instructor-led and self-paced online courses to our customers and channel partners through our training department and authorized training partners. Courses draw from the full spectrum of Mandiant capabilities, including advanced cyber threat intelligence analysis, frontline incident response expertise, red teaming and malware reversing developed by Mandiant experts.

•Mandiant Expertise On Demand. Expertise On Demand is an annual subscription for flexible, pay-per-use access to our threat intelligence and expertise as microservices. Customers purchase packages of units based on their anticipated needs and use the units to access threat intelligence and Mandiant services, including our incident response retainer at pre-determined unit values. Unused units typically expire one year after purchase.

For contributions to total revenue by significant category of revenues, see "Management's Discussion and Analysis of Financial Condition and Results of Operations" included in Part II, Item 7 of this Annual Report on Form 10-K.

Our Technologies

We have developed proprietary technologies related to machine-based threat detection, ~~virtual machine-based~~continuous security controls validation, security orchestration, and automated extended detection and response. Our technologies leverage our frontline intelligence about threat ~~analysis, endpoint protection,~~actors’ tools and techniques, gathered through our incident response and security ~~orchestration.~~assessment engagements, the analysis of our machine-generated threat intelligence, and our network of security researchers, to adapt to new threats and changes in the threat environment. We use our technology in the delivery of our services, and believe these technologies, combined with our threat intelligence and security expertise, differentiate our ~~products~~products.

Security Validation. Our security validation software is designed to emulate attacker TTPs, including malware and ~~services.~~ransomware, to safely deploy and execute code within customer production IT environments to understand an organization's level of cyber preparedness.

~~Advanced Threat~~Automated Extended Detection and ~~Prevention Technologies~~Response. AtOur XDR technology uses multiple AI and machine-learning capabilities, including integrated reasoning, dynamic scoping and reprioritization, and probabilistic mathematics, to mimic security experts’ judgement at machine-speed in the ~~core~~investigation, scoping and prioritizing of ~~our detection~~security alerts. The AI and ~~protection capabilities for our network, email~~machine-learning models are trained using Mandiant frontline intelligence and ~~endpoint security solutions is our proprietary, purpose-built MVX engine~~expertise to learn from, and ~~intelligence-driven analysis technologies. Our MVX engine combines dynamic inspection with machine learning, advanced analytics and~~adapt to, the evolving threat intelligence to provide high fidelity detection, negligible false-positive rates, and minimal impact on network performance. Our foundational technologies are: (i) line rate anomaly detection, (ii) proprietary virtual execution, and (iii) multi-flow cross correlation. We have built our technology over 10 years of research and development, and we believe it represents a significant competitive advantage for us. Because we first identify suspicious flows using intelligence-driven rules and analysis, including machine-learning, behavioral analysis and then, through a separate process, use our MVX engine to determine whether such suspicious flows are malicious, our technology can be deployed on a single integrated appliance, as a cloud-based service, or in a hybrid appliance/cloud architecture.environment.

~~Advanced Endpoint Validation and Containment.~~ Our endpoint security solution includes proprietary technologies that enable (i) automatic creation of indicators of compromise coupled with rapid enterprise-wide search, (ii) exploit detection and prevention, (iii) malware detection and prevention, (iv) forensic data capture and (v) rapid containment and investigation for connected and unconnected endpoints. Additionally, we have developed our endpoint technologies to correlate and consume threat intelligence from our network-based security solutions.

Evolved ~~Network~~ Security Architecture and Security Orchestration. Our products, SaaS solutions, and services are designed to operate as part of a comprehensive security architecture to defend ~~networks~~organizations against today's cyber threats and minimize the business impact of ~~cyber attacks.~~cyber-attacks through efficient security operations and validation of security effectiveness. The ability to monitor ~~all~~and inspect network and email traffic, as well as stored files and ~~file stores~~forensic data, cloud activity, and equipment configurations is critical to detecting cyber threats ~~that enter through multiple vectors~~ and ~~move laterally across~~reducing the ~~network.~~risk of a costly cyber breach. We combine this visibility with our dynamic, contextual and strategic threat intelligence, ~~in our Helix platform~~case management tools and AI-based XDR engine to enable rapid, prioritized ~~response~~responses to critical ~~alerts~~alerts. Our SOAR tools and technologies integrate with Helix and our XDR solutions to extend security processes and response activities across the IT ~~infrastructure using our security orchestration technologies and tools.~~infrastructure.

Customers

Our customer base has grown to approximately ~~6,600~~5,300 end-customers as of December 31, ~~2017, including more than 45% of~~2021; approximately 48% are included in the Forbes Global 2000. We provide security control products, ~~subscriptions~~SaaS solutions and services to customers of varying sizes, including enterprises, governmental agencies and educational and nonprofit organizations. Our customers include leading enterprises in a diverse set of industries, including telecommunications providers, financial services entities, software, technology and Internet ~~search engines, social networking sites,~~companies, stock exchanges, electrical grid operators, networking vendors, oil and gas companies, healthcare and pharmaceutical companies and leading U.S. and international governmental agencies.

Our business is not dependent on any particular end-customer as no end-customer represented more than 10% of our total revenue for any of the years ended December 31, ~~2017, 2016~~2021, 2020 or ~~2015.~~2019. For the years ended December 31, ~~2017, 2016~~2021 and ~~2015,~~

2020, one reseller represented ~~13%, 12% and 13%, respectively,~~10% of ~~our~~the Company's total ~~revenue. For~~revenue, but did not represent 10% or greater of the ~~years~~Company's total revenue for the year ended December 31, ~~2017, 2016 and 2015, one distributor represented 19%, 19% and 17% respectively, of our total revenue.~~2019.

Backlog

Orders for our subscriptions ~~and services for multiple years~~ are typically billed in their entirety shortly after receipt of the order, ~~and~~even when the delivery term for the subscription or service extends over multiple periods. These amounts are included in deferred ~~revenue. The~~revenue, although the timing of revenue recognition for subscriptions and services may vary depending on the contractual service period or when ~~the~~ services are rendered. ~~Products are shipped~~

In certain instances, a customer may request periodic billing on a multi-period subscription or service contract or we may not have a contractual right to bill at period end. In these instances, the amount billed is included in deferred revenue and the amount to be billed ~~shortly after receipt of an order. The majority~~in the future periods is included in backlog. Subscription and services backlog has historically represented approximately 5% of our ~~product revenue comes from orders that are received and shipped in the same quarter. We~~deferred revenue. As a result, we do not believe that our ~~product~~ backlog at any particular time is meaningful because it isdoes not ~~necessarily indicative~~represent a material component of future revenue in any given ~~period,~~period.

We expect that the amount of backlog relative to the total value of our contracts will change from year to year due to several factors, including the amount invoiced early in the contract term, the timing and duration of customer agreements, varying invoicing cycles of agreements and changes in customer financial circumstances. Accordingly, we believe that fluctuations in backlog are not a reliable indicator of future revenues and we do not utilize backlog internally as ~~the fulfillment of such orders may be delayed.~~a key management metric.

Sales and Marketing

Sales. Our sales organization consists of in-house sales teams who work in collaboration with external channel partners to identify new sales prospects, sell additional ~~products,~~ subscriptions and services, and provide post-sale support. Our field sales team is organized by territory and is responsible for enterprise and government accounts within their region. Our inside sales organization is responsible for sales to medium-sized and smaller organizations, and for renewal of existing subscriptions.

We also have a dedicated team focused on channel sales who manage the relationships with our value-added reseller and distributor partners and work with these channel partners to win and support customers. We believe this hybrid ~~direct-touch~~direct/channel sales approach allows us to leverage the benefits of broader market coverage provided by a reseller channel while maintaining a ~~face-to-face~~direct connection with many of our customers, including key enterprise and government accounts.

We have also cultivated alliances with non-traditional partners to generate customer referrals and extend our technologies, services and sales coverage to new market segments. These ~~relationships~~strategic partnerships include relationships with technology companies, insurance providers, large systems integrators, and managed service providers, and we have engaged in joint solution development with leading providers of software engineering services, payment systems, and ~~payment systems.~~

Our sales organization is supported by sales engineers with deep technical domain expertise who are responsible for pre-sales technical support, solutions engineering for our customers, proof of concept work and technical training for our channel partners. Our sales engineers also act as the liaison between customers and our marketing and product development organizations.public cloud platforms.

As part of our sales strategy, we often provide prospective customers with our ~~detection and prevention products~~solutions for a short-term evaluation ~~period. In such cases, our products are deployed within the prospective customer’s network,~~period, typically ~~for a period~~ ranging from one week to several months. During this period, the prospective customer conducts evaluations with the assistance of our ~~system~~sales engineers and members of our security research team. We believe that by providing proof of ~~concept~~value evaluations to potential customers, we are able to ~~contrast~~demonstrate the effectiveness of our ~~platform versus our competitors in~~solutions by identifying suspicious and potentially malicious content in their actual IT environments.

As part of our strategy to increase adoption of our Mandiant Advantage platform and modules, we offer free access to publicly available threat intelligence enhanced with Mandiant threat scoring and other contextual information. The availability of additional information and features included with a paid subscription is shown to users within the platform to encourage paid upgrades.

Additionally, our Mandiant consultants use our ~~technologies~~validation and ~~products~~ASM solutions in their incident response and security consulting engagements, providing de facto proof of ~~concept~~value evaluations in the customer’s ~~environment.~~ environment and often resulting in follow-on sales of our solutions.

Our sales cycle varies by industry and can be long and unpredictable, but is typical of large, complex enterprise sales cycles that can last several months or more. However, some transactions can close in a few weeks when an active breach is discovered.

Our sales organization is supported by sales engineers with deep technical domain expertise who are responsible for pre-sales technical support, solutions engineering for our customers, proof of value work and technical training for our channel partners. Our sales engineers also act as the liaison between customers and our marketing and product development organizations. Our Customer Success organization is focused on improving our customers’ post-sales experience to increase customer satisfaction, retention and cross-selling.

Marketing. Our marketing is focused on fostering our thought leadership in cybersecurity, building our brand reputation and market awareness for our solutions, driving customer demand and a strong sales pipeline, and working with our channel and technology alliance partners around the globe. Our marketing team consists primarily of corporate marketing, product marketing, channel marketing, account/lead development, marketing operations, and corporate communications.

Marketing activities include demand generation, advertising, product pricing and launch activities, managing our corporate ~~Website~~website and partner portal, trade shows and conferences, press and analyst relations, and customer awareness. We are also actively engaged in driving global thought leadership programs through blogs, media appearances, and social media and developing rich digital content such as ~~the global cyber map~~our annual M-Trends report, our Vision digital magazine, and our webinars, podcasts and threat reports.

Technology Alliance Partners

~~FireEye~~Mandiant has built a robust ecosystem of ~~Technology Alliance Partners who, through integration and joint go-to-market efforts, extend~~technology alliance partners that extends the breadth and depth of ~~cybersecurity and protection customers gain from FireEye.~~our solutions. Spanning multiple technology categories, including network monitoring vendors, security information and event management vendors, network equipment vendors, forensic software vendors, ~~and~~ web application firewall vendors, ~~these~~cloud platform providers, and more. These partnerships provide for threat intelligence sharing, cross-vendor technology integrations, joint go-to-market efforts and ~~joint~~ solution ~~development. By helping to ease the complications that organizations face when implementing multi-layered security solutions, our~~development collaborations.

Our technology alliances ~~facilitate integrated solution design,~~ accelerate the time to realize value from Mandiant solutions and ~~enhance our role as a strategic~~help ease the complexity organizations face implementing and managing multi-layered, multi-vendor security ~~partner.~~solutions.

Government Affairs

We maintain relationships with ~~several~~ governments around the ~~globe.~~globe, both as a cybersecurity solutions provider and a trusted advisor. Our visibility into the threat landscape, knowledge of threat actors' activities, and thought leadership in defending against cyber threats has helped to shape ~~the~~ legislative, regulatory, and policy ~~environment~~frameworks to ~~better~~ enhance ~~these~~ governments’ individual and collective cyber posture. As part of this effort, we contribute to the evolving standard-making processes, help define best practices in various

jurisdictions, and help organizations of all sizes and at all levels of government better understand the cyber threat landscape. We also help governments identify future needs and ~~requirements.~~requirements and consider actionable policy recommendations to address critical cybersecurity challenges, from establishing international norms in cyberspace to defending critical infrastructure. Through these and related activities, we engage on the front lines of emerging ~~cybersecurity related~~cybersecurity-related public policy and use our knowledge and insight to improve the cybersecurity of our government and industry customers.

~~Manufacturing~~

The manufacturing of our security products is outsourced to principally one third-party contract manufacturer. This approach allows us to reduce our costs as it reduces our manufacturing overhead and inventory and also allows us to adjust quickly to changing customer demand. Our manufacturing partner assembles our products using design specifications, quality assurance programs, and standards that we establish, and it procures components and assembles our products based on our demand forecasts. These forecasts represent our estimates of future demand for our products based upon historical trends and analysis from our sales and product management functions as adjusted for overall market conditions.

Our primary contract manufacturer is Flex Ltd., or Flex. The manufacturing agreement we entered into with Flex does not provide for any minimum purchase commitments and had an initial term of one year, which automatically renews for one-year terms, unless either party gives written notice to the other party not less than 90 days prior to the last day of the applicable term. Additionally, this agreement may be terminated by either party (i) with advance written notice provided to the other party, subject to certain notice period limitations, or (ii) with written notice, subject to applicable cure periods, if the other party has materially breached its obligations under the agreement.

Research and Development

We invest substantial resources in research and development to develop new solutions, enhance our detection, analysis and correlation engines, expand our threat intelligence, build add-on functionality to our ~~products,~~solutions, and improve our core technologies. We believe that adapting our ~~hardware,~~ software and cloud-based technologies to changes in the threat environment is critical to maintaining and expanding our leadership in the ~~cyber~~cybersecurity industry. We have prioritized investments in higher growth opportunities, including security ~~industry.~~ validation, automated extended detection and response, and machine learning capabilities to provide threat intelligence, security effectiveness testing, unified reporting, and automated response features to customers in the Mandiant Advantage platform.

Our engineering teams have deep ~~networking~~security and ~~security~~data management expertise and work closely with our customers and our Mandiant consultants to identify current and future needs. ~~Because our~~Our Mandiant consultants use our ~~products~~solutions in their incident response and ~~compromise~~security assessment engagements and provide continual feedback to our engineering, solutions management and marketing teams on ~~product~~solutions performance, detection efficacy, evasion techniques and attack ~~trends, we are able~~trends.This continuous feedback mechanism allows us to adapt our SaaS solutions as the threat environment evolves.

In addition to our focus on platform ~~expansion~~development and enhancement, our research and development teams are focused on developing automation ~~tools~~technologies using artificial intelligence and machine learning techniques to ~~reduce~~create learning systems that adapt to changes in the ~~time to discover~~threat environment and ~~distribute new threat intelligence, as well as~~ generate efficiencies inacross our solutions and services offerings. We are also investing in security platform management and orchestration capabilities to provide unified reporting, automated response, and security orchestration features to customers in a single dashboard.

We maintain research and development activities across the globe with teams located in ~~Germany,~~ India, Ireland, ~~Japan,~~ Singapore and the United States.

~~Research and development expense totaled $243.3 million, $279.6 million and $279.5 million for the years ended December 31, 2017, 2016 and 2015, respectively.~~

Competition

We operate in the intensely competitive IT security market which is characterized by constant change and innovation. Changes in the threat landscape and broader IT infrastructures result in evolving customer requirements for ~~cyber security.~~cybersecurity. Several vendors have either introduced new products or incorporated features into existing products that compete with our solutions. Our current and potential future competitors fall into ~~six~~five general categories:

~~large networking vendors such as Cisco and Juniper that may emulate or integrate security features similar to ours into their own products;~~

•large companies such as IBM, Oracle and HPE that have acquired security ~~vendors in recent years~~solutions and have the technical and financial resources to bring competitive solutions to the market;

•independent security vendors such as Palo Alto Networks, Proofpoint and ~~Trend Micro~~CrowdStrike that offer products or features that claim to perform similar functions to our platform;

•small and large companies, including new market entrants, that offer niche ~~product~~security solutions that compete with some of the features present in our ~~platform;~~solutions;

•providers of ~~traditional signature-based~~managed security ~~solutions,~~services, such as ~~Symantec;~~CrowdStrike, Arctic Wolf; and

•Rapid7 and other providers of MDR and security consulting services, including incident response and compromise assessment services.

As our market grows and a larger share of IT budgets ~~are~~is allocated to ~~support protection from advanced threats,~~cybersecurity, it will attract more highly specialized vendors as well as larger technology vendors that may continue to acquire or bundle their products more effectively. The principal competitive factors in our market include:

~~ability to deliver the combination of technology, intelligence and expertise necessary to combat the current threat landscape;~~

~~ability to detect and prevent known and unknown threats by overcoming the limitations of signature-based approaches, while maintaining a low rate of false-positive alerts;~~

~~scalability, throughput and overall performance of our detection and prevention technologies;~~

~~visibility into all stages of an attack, especially the exploit phase;~~

•breadth and richness of the ~~shared~~ threat intelligence, including dynamic and contextual threat intelligence on cyber crime, cyber espionage, hacktivism, attacks on critical infrastructure and nation-state attacks;

•the ability to operationalize a combination of technology, intelligence and expertise necessary to enable organizations to combat the current threat landscape and rapidly adapt to changes;

•the ability to integrate with third-party IT and security providers to provide visibility, prioritization of threats, and automate security processes across on-premise, remote, cloud, hybrid and critical infrastructure environments;

•the ability to measure, manage and communicate the effectiveness of security controls against relevant attacks;

•the availability of security expertise to augment internal resources with managed services, training, and on-demand consulting;

•the ability to consolidate features onto a single platform, thereby reducing the complexity of maintaining solutions from multiple vendors;

•ability to detect and prevent known and unknown threats using machine-learning, behavioral analysis, and other techniques, combined with the latest threat intelligence;

•flexible deployment options, including ~~on-premise appliances,~~ cloud-based software ~~or a hybrid~~expert-assisted capabilities, and fully managed options;

•scalability, throughput and overall performance of ~~both, as well as "as-a-service" options;~~our detection and prevention technologies;

•brand awareness and reputation;

•strength and effectiveness of sales and marketing efforts;

~~product extensibility and ability to integrate with other technologies in the network infrastructure;~~

•ease of ~~use;~~use and customer experience; and

•price and total cost of ~~ownership; and~~

~~ability to provide an orchestrated solution of products and services for detecting, preventing and resolving advanced cybersecurity threats across multiple attack vectors.~~ownership.

We believe we compete favorably with our competitors on the basis of these factors as a result of our intelligence and expertise from the frontlines, as well as the features and performance of our ~~platform,~~solutions, the ease of integration of our ~~products with network infrastructures,~~solutions in diverse IT environments, the breadth of our services, ~~and~~the integration of our SaaS solution offerings in our platform, the measurement and reporting capabilities of our validation technologies, and the ~~relatively low total cost of ownership~~reputation of our ~~products.~~Mandiant consulting organization. However, many of our competitors have substantially greater financial, technical and other resources, greater name recognition, larger sales and marketing budgets, deeper customer relationships, broader distribution, and larger and more mature intellectual property portfolios.

Intellectual Property

Our success depends in part upon our ability to protect our core ~~technology~~technologies and intellectual property. We rely on, among other things, patents, trademarks, copyrights, database rights and trade secret laws, confidentiality safeguards and procedures, and employee non-disclosure and invention assignment agreements to protect our intellectual property rights. We file patent applications to protect our intellectual property and believe that the duration of our issued patents is sufficient when considering the expected lives of our products. We cannot assure you whether any of our patent applications will result in the issuance of a patent or whether the examination process will result in patents of valuable breadth or applicability. In addition, any patents that may ~~issue~~be issued may be contested, circumvented, found unenforceable or invalidated, and we may not be able to prevent third parties from infringing them. We also license software from third parties for integration into our products, including open source software and other software available on commercially reasonable terms.

We control access to and use of our proprietary software, technology and other proprietary information through the use of internal and external controls, including contractual protections with employees, contractors, end-customers and partners, and our software is protected by U.S. and international copyright, patent and trade secret laws. Despite our efforts to protect our software, technology and other proprietary information, unauthorized parties may still copy or otherwise obtain and use our software, technology and other proprietary information. In addition, we intend to expand our international operations, and effective patent, copyright, trademark, and trade secret protection may not be available or may be limited in foreign countries.

Our industry is characterized by the existence of a large number of patents and frequent claims and related litigation regarding patent and other intellectual property rights. If we become more successful, we believe that competitors will be more likely to try to develop products that are similar to ours and that may infringe our proprietary rights. It may also be more likely that competitors or other third parties will claim that our products infringe their proprietary rights. In particular, large and established companies in the ~~IT security~~cybersecurity industry have extensive patent portfolios and are regularly involved in both offensive and defensive litigation. From time-to-time, third parties, including certain of these large companies and non-practicing entities, may assert patent, copyright, trademark, and other intellectual property rights against us, our channel partners, our cloud platform providers, or our end-customers, whom our standard license and other agreements obligate us to indemnify against such claims. Successful claims of infringement by a third party, if any, could prevent us from distributing certain products or performing certain services, require us to expend time and money to develop non-infringing solutions, or force us to pay substantial damages (including, in the United States, treble damages if we are found to have willfully

infringed patents), royalties or other fees. We cannot assure you that we do not currently infringe, or that we will not in the future infringe, upon any third-party patents or other proprietary rights. See “Risk Factors—Risks Related to ~~Our Business~~Intellectual Property and ~~Our Industry—~~Technology Licensing— Claims by others that we infringe their proprietary technology or other rights could harm our business” for additional information.

Business Seasonality

For discussion of seasonal trends, see our quarterly results of operations discussion within "Management's Discussion and Analysis of Financial Condition and Results of Operations" included in Part II, Item 7 of this Annual Report on Form 10-K.

Employees and Human Capital Management

We believe our ability to attract, engage and retain talent is necessary to drive achievement of our business objectives and ultimately realize our mission and vision. Doing the right thing for our customers and employees is a core value of our culture that we believe creates value for our shareholders. There are many things that define the culture of an organization – heritage,reputation, attitude, approach to execution, work ethic, and, most importantly, people.We seek out employees with qualities that facilitate high-quality results – those traits that give personal meaning to work and elevate our customers’ experiences. We believe that employees who feel appreciated create more satisfied customers, and we focus on improving and elevating our employees’ experiences at work. This means we are committed to providing a sense of belonging across our company that inspires everyone to respectfully speak-up, contribute their ideas, take action and be accountable. Our fundamental employee experience philosophies are:

•We emphasize our ONE TEAM culture of respect and inclusiveness.

•We make recognition an integral part of our culture.

•We care about our employees and their overall well-being.

•We reward extraordinary performance and results.

Employee demographics. As of December 31, ~~2017,~~2021, we had approximately ~~2,960 employees. None~~2,335 employees, reflecting a global diversity of identity, background and experience.

Diversity, inclusion and belonging. We believe that diverse teams maximize their potential and bring with them diverse views, experiences and perspectives. We seek to integrate diversity and inclusion into the employee lifecycle, and are committed to providing a work environment that is free of discrimination and harassment, where our employees can do their best work, bring their full self to work, feel supported and in turn support others. We strive to create a working environment where everyone feels included and respected and has an equal opportunity to contribute and to maximize their potential. We have established a framework to drive diverse representation and inclusive behaviors across our company that includes actions to ensure equality of opportunity, increase

diversity in our employee base, promote equality of pay across gender and ethnicity, and provide anti-bias training and education. We also seek to promote diversity and inclusion in our communities by supporting organizations that champion diversity and inclusion initiatives. In addition, we continue to invest in Mandiant-sponsored programs such as Elevate, which offers training, mentoring and other resources to women leaders in cybersecurity, and partnerships with military and veterans organizations.

Compensation and benefits. We are committed to providing employees and their families with benefits packages that support physical, mental and financial well-being. Our intent is that any benefit plans offered by Mandiant worldwide are regionally appropriate and competitive with other high-tech companies. In addition to the foundational rewards like competitive pay and benefits, we provide cash incentives, equity-based compensation and employee stock purchase programs where possible, generous paid time-off, including paid parental leave, professional development opportunities, and many other employee perks. We constantly review our pay practices and benefits to ensure we can hire the best employees possible. We also believe that equal pay is important to further advance diversity, inclusion and belonging in the workplace. In addition, we conduct an internal pay equity review each year which currently encompasses compensation analysis across gender globally as well as race and ethnicity categories in the U.S.

Our response to COVID-19. As part of our efforts to keep our employees safe and support efforts to slow the spread of COVID-19, we instituted COVID-19 safety plans, work-from-home and return-to-office policies, and we restricted travel to essential, “business-critical” needs. With the support and commitment of our employees, ~~are represented by~~we were able to seamlessly pivot to a ~~labor organization or are a party~~work-from-home model and continue protecting our customers without interruption. We believe open and on-going communications have been critical to ~~any collective bargaining arrangement. We have never had a work stoppage,~~maintaining our culture and productivity during the pandemic, and we ~~consider our relationship with~~hosted weekly update calls and created an internal website designed for this purpose. We also instituted multiple measures to maintain the health and well-being of our employees, while continuing to ~~be good.~~deliver our essential cybersecurity solutions to customers around the world.Specific measures included regular employee surveys to assess employee attitudes toward work location, “self-care days” to enable rest, volunteering, or family time, online training, wellness and support programs, and a stipend to office-based employees to assist in the functional set-up of their remote working environment. Our Pandemic Response Team continues to monitor conditions and mandates globally to ensure safe practices as the pandemic evolves.

~~Facilities~~

We currently lease approximately 190,000 square feet of space for our corporate headquarters in Milpitas, California under a lease agreement that expires during the year ended December 31, 2027. We maintain additional offices throughout the United StatesProfessional development and ~~various international locations including, Australia, Dubai, Germany, India, Ireland, Japan, Singapore and the United Kingdom.~~training. We believe that ~~these facilities~~a culture that encourages continued learning and development creates an environment where great people want to work and contribute their best efforts. We also believe that great leadership is how organizations endure and excel. To help our leaders, individual contributors and teams reach their full potential, we offer extensive training and career development resources internally through our Learning and Development organization. These include leadership, soft skills, and technical training, coaching, and development consulting via traditional and non-traditional learning events, as well as free access to online learning platforms such as LinkedIn Learning. We also offer tuition reimbursement program for employees who wish to further their formal education. To reinforce our corporate culture of respect, diversity and inclusion, each employee is required to complete anti-harassment and privacy awareness training annually. In addition, we offer employees a course on Breaking Bias: The Neuroscience of Diversity, Inclusion and Belonging, to build awareness of cognitive bias and how it impacts day-to-day interactions, people, business and life decisions. We also implemented additional training resources to support our diversity, inclusion and belonging programs in 2021.

Communication and engagement. We strongly believe that our culture depends on our employees’ engagement and understanding of their contribution to the achievement of our strategic imperatives, vision and mission. Communicating powerfully and prolifically is a core competency in our ONE TEAM framework, and our senior leaders communicate regularly through a variety of channels, including quarterly all-hands meetings that are ~~adequate~~broadcast globally, weekly CEO updates, a monthly newsletter and regular “Mandiant on a Mission” updates. We also enabled Yammer, the community and social interaction tool available in Office365, company-wide to ~~meet~~address the need for more social and community interaction in our ~~ongoing needs,~~globally diverse workforce. We have many active Yammer communities, including communities hosted by our employee resource groups Valor, Pride, and ~~that, if~~BOLD: Black Organization for Leadership and Development. In addition to prioritizing regular communications, we ~~require additional space,~~conduct regular employee surveys to seek feedback on what is going well and where we ~~will be able~~can focus our efforts to ~~obtain additional facilities on commercially reasonable terms.~~do more. Our annual company survey continues to surpass 80 percent participation rate each year, representing a wide cross segment of our employee population.

~~Legal Proceedings~~

The information set forth under "Litigation" in Note 9 contained in the "Notes to Consolidated Financial Statements" in Item 8 of Part II of this Annual Report on Form 10-K is incorporated herein by reference.

Item 1A. Risk Factors

Our operations and financial results are subject to various risks and uncertainties including those described below. The risks and uncertainties described below are not the only ones we face. Additional risks and uncertainties that we are unaware of, or that we currently believe are not material, also may become important factors that affect us. If any of the following risks or others not specified below materialize, our business, financial condition and results of operations could be materially adversely affected. In that case, the trading price of our common stock could decline.

Summary

•If we are unsuccessful at executing our business plan and necessary transition activities following the sale of the FireEye Products business, our business and results of operations may be adversely affected and our ability to invest in and grow our business could be limited.

•We may not achieve the intended benefits of the sale of the FireEye Products business.

•If the IT security market does not continue to adopt our security solutions, our sales will not grow as quickly as anticipated, or at all, and our business, results of operations and financial condition would be harmed.

•We have had operating losses each year since our inception, and may not achieve or maintain profitability in the future.

•We face intense competition and could lose market share to our competitors, which could adversely affect our business, financial condition and results of operations.

•Real or perceived defects, errors or vulnerabilities in our solutions or services, the misconfiguration of our solutions, the failure of our solutions or services to detect or respond to a security breach or incident, or the failure of customers to take action on attacks identified by our solutions could harm our reputation and adversely impact our business, financial position and results of operations.

•Our results of operations may vary significantly from period to period, which could cause the trading price of our common stock to decline or fluctuate materially.

•If we are unable to retain our customers, renew and expand our relationships with them, and add new customers, we may not be able to sustain revenue growth and we may not achieve or maintain profitability in the future.

•Our ability to manage our business and monitor results is highly dependent upon IT systems. A failure of these systems or our planned QTC and ERP implementations could have a material adverse effect on our business.

•The implementation of our planned new ERP and change in related processes could negatively impact the effectiveness of our internal control over financial reporting.

•We have experienced network or data security incidents in the past, and we may experience additional network or data security incidents in the future, which, whether actual, alleged or perceived, may harm our reputation, create liability and adversely impact our financial results.

•If securities or industry analysts do not publish research or reports about our business, or publish inaccurate or unfavorable research reports about our business, our share price and trading volume could decline.

•The price of our common stock has been and may continue to be volatile, and the value of your investment could decline.

•Sales of substantial amounts of our common stock in the public markets, or sales of our common stock by our executive officers and directors under Rule 10b5-1 plans, could adversely affect the market price of our common stock.

Risks Related to the Sale of the FireEye Products Business

If we are unsuccessful at executing our business plan and necessary transition activities following the sale of the FireEye Products business, our business and results of operations may be adversely affected and our ability to invest in and grow our business could be limited.

On October 8, 2021, we completed the sale of the FireEye Products business to Magenta Buyer LLC (“Trellix”), which is backed by a consortium led by Symphony Technology Group. This and other operational transitions have involved turnover in management and other key personnel and changes in our strategic direction. Transitions of this type can be disruptive, result in the loss of focus and diminished employee morale and make the execution of business strategies more difficult. We also paid one-time separation costs, a portion of which was paid with proceeds from the transaction. We have also entered into a transition services agreement (the "TSA") under which we currently provide assistance to Trellix including, but not limited to, business support services and IT services that have historically been provided to the FireEye Products business. We may experience delays in the anticipated timing of activities related to such transitions and higher than expected or unanticipated execution costs. If we do not succeed in executing on these transition activities while achieving our cost optimization goals, or if these efforts are more costly or time-consuming than expected, our business and results of operations may be adversely affected, which could limit our ability to invest in and grow our business.

Even if we are successful at executing the transition of the FireEye Products business, the divestiture may not enhance long-term stockholder value as anticipated.

The TSA has an initial term of 12 months and may be extended by Trellix for up to two three-month extensions.Trellix may also terminate any or all services delivered pursuant to the TSA upon written notice, with such termination becoming effective the last day of the month following delivery of such notice. The TSA provides that Trellix will pay us a variable fee each month based on the specific services we have provided to it in the previous month.Once services terminate under the TSA, we will not receive the associated fees for providing services and our level of staffing and cost structure may no longer be appropriate for our business needs at that time. If we are not successful at optimizing our costs in performing the services under the TSA, or if we fail to effectively prepare for and manage the effect of the termination of services under the TSA, our business and results of operations may be adversely affected and our ability to invest in and grow our business could be limited.

We may not achieve the intended benefits of the sale of the FireEye Products business.

We may not realize some or all of the anticipated benefits from the sale of the FireEye Products business. The constraints on our business imposed by the divestiture, including the resources required to focus on completing the divestiture and the limitations created by the sale of certain assets we have historically used in our business, a non-compete, bilateral commercial agreements and the loss of employees, could have a continuing impact on the execution of our business strategy and our overall operating results. Further, our remaining employees may become concerned about the future of our remaining operations and lose focus or seek other employment.

We may not realize some or all of the anticipated benefits from the divestiture with respect to the anticipated performance in our remaining business and the divestiture may in fact adversely affect our business. Our ability to realize the anticipated benefits of the divestiture will depend, to a large extent, on our ability to successfully operate the remaining business as a standalone business and to grow and develop the remaining business in the absence of the divested business. For example, the transfer from us to Trellix of sales personnel that had been responsible for selling both FireEye products and our solutions, as well as any reduction in cross-selling opportunities with customers of FireEye products, could make it more difficult for us to grow our business. In addition, some of the anticipated benefits may not occur for a significant time period following the completion of the divestiture. If our strategy is not successful and does not achieve our expectations over the long term, our business and results of operations may be adversely affected and the price of our common stock could decline.

Our future results of operations are dependent solely on the operations of the Mandiant Solutions business and will differ materially from our previous results.

The FireEye Products business generated approximately 53% of our aggregate revenue from continuing and discontinued operations for the first three quarters of fiscal 2021, approximately 58% of our aggregate revenue from continuing and discontinued operations for fiscal 2020, and approximately 63% of our aggregate revenue from continuing and discontinued operations for fiscal 2019. Accordingly, our future financial results will differ materially from our previous results since our future financial results will be dependent solely on our Mandiant Solutions business. Any downturn in our Mandiant Solutions business could have a material adverse effect on our future operating results and financial condition and could materially and adversely affect the trading price of our common stock.

Because we depend in part on FireEye Products and product telemetry data in the operation of our business, disruptions in the availability of such products or product telemetry data could negatively impact our ability to operate our business and provide services to our customers.

Following the divestiture of the FireEye Products business, we continue to use and depend in part on FireEye Products and product telemetry data from FireEye Products in the operation of our Mandiant Solutions business.For example, in providing incident response services, we typically use a variety of FireEye Products as part of the investigation and remediation, and we use FireEye Product data for threat research, threat hunting and generating derivative content for our offerings such as Mandiant Security Validation.We have entered into a market cooperation and reseller agreement with Trellix to, among other things, purchase FireEye Products for our continued use in our consulting business.We have also entered into a strategic collaboration agreement with Trellix that allows us to, among other things, purchase telemetry data from FireEye Products until October 2024.However, there is an inherent risk that there could be a disruption in the availability of FireEye Products from Trellix or in the sharing of product telemetry data by Trellix, due to any number of events, including but not limited to supply chain disruptions, natural disasters or other events outside of the control of Trellix.Any such disruptions in the availability of such products or product telemetry data could negatively impact our ability to operate our business and provide services to our customers in the same manner as before our divestiture of the FireEye Products business, which could harm our reputation and adversely impact our business, financial position and results of operations.

Risks Related to Our Business and Our Industry

If the IT security market does not continue to adopt our security ~~platforms,~~solutions, our sales will not grow as quickly as anticipated, or at all, and our business, results of operations and financial condition would be harmed.

Our future success depends on market adoption of our unique approach to IT ~~security.~~security, which combines our technology, threat intelligence and security expertise in solutions that measure security effectiveness, investigate and respond to breaches and enable customers to adapt to changes in the threat environment. We are seeking to disrupt the IT security market with our security ~~platforms.~~solutions. Our ~~platforms~~solutions interoperate with, but do not replace, ~~most signature-based~~other IT security ~~products.~~solutions. Enterprises and governments ~~that use signature-based security products, such as firewalls, intrusion prevention systems, or IPS, anti-virus, or AV, and Web and messaging gateways, for their IT security~~ may be hesitant to purchase our security ~~platforms~~solutions if they believe ~~that signature-based products are more cost effective, provide substantially the same functionality as our platforms or~~their existing solutions provide a level of IT security that is sufficient to meet their needs. Currently, ~~most~~many enterprises and governments have not allocated a fixed portion of their budgets to ~~protect against next-generation advanced cyber attacks.~~standalone threat intelligence or solutions that evaluate security effectiveness. As a result, to expand our customer base, we need to convince potential customers to allocate a portion of their discretionary budgets to purchase our ~~platforms.~~technology, threat intelligence and expertise. However, even if we are successful in doing so, any future deterioration in general economic conditions, including as a result of the COVID-19 pandemic, may cause our customers to cut their overall IT spending, and such cuts may fall disproportionately on ~~products and services~~solutions like ~~ours, for which no fixed budgetary allocation has been made.~~ours. If we do not succeed in convincing customers that our ~~platforms~~solutions should be an integral part of their overall approach to IT security and that a fixed portion of their annual IT budgets should be allocated to our ~~platforms,~~solutions, our sales will not grow as quickly as anticipated, or at all, which would have an adverse impact on our business, results of operations and financial condition.

Even if there is significant demand for security solutions like ours, if our competitors include functionality that is, or is perceived to be, better than or equivalent to that of our ~~platforms,~~solutions, we may have difficulty increasing the market penetration of our ~~platforms.~~solutions. Furthermore, even if the functionality offered by other IT security providers is different and more limited than the functionality of our ~~platforms,~~solutions, organizations may elect to accept such limited functionality in lieu of adding ~~products~~solutions and services from additional vendors like us, especially if competitor offerings are free or available at a lower cost.

In addition, changes in customer requirements could reduce customer demand for our security solutions. For example, if customers were to reduce their number of web egress points in order to reduce their cyber attack surface, they would not need to purchase as many of our Network Threat Prevention appliances, which currently account for the largest portion of our threat prevention product revenue. Similarly, if one or more governments share, on a free or nearly free basis, threat intelligence with other governmental

agencies or organizations, such as critical infrastructure companies, then those agencies or organizations might have less demand for additional threat intelligence and may purchase less of our standalone threat intelligence offerings.

If enterprises and governments do not continue to adopt our security ~~platforms~~solutions for any of the reasons discussed above or for other reasons not contemplated, our sales would not grow as quickly as anticipated, or at all, and our business, results of operations and financial condition would be harmed.

We have had operating losses each year since our inception, and may not achieve or maintain profitability in the future.

We have incurred operating losses each year since ~~2004,~~our inception, including net losses of ~~$303.7~~$412.1 million, ~~$480.1~~$349.3 million and ~~$539.2~~$362.9 million during the years ended December 31, ~~2017, 2016~~2021, 2020 and ~~2015, respectively.~~2019, respectively, relating to our Mandiant Solutions business. Any failure to increase our revenue and manage our cost structure as we grow our business could prevent us from achieving or, if achieved, maintaining profitability. Even if we do achieve profitability, we may not be able to sustain or increase profitability on a quarterly or annual basis. If we are unable to become and remain profitable, the value of our company could decrease and our ability to raise capital, maintain our research and development efforts, and expand our business could be negatively impacted.

We We face intense competition and could lose market share to our competitors, which could adversely affect our business, financial condition and results of operations.

The market for security ~~products~~solutions and services is intensely competitive and characterized by rapid changes in technology, customer requirements, industry standards, threat vectors and frequent new product introductions and improvements. We anticipate continued challenges from current competitors, which in many cases are more established and enjoy greater resources than us, as well as by new entrants into the industry. If we are unable to anticipate or effectively react to these competitive challenges, our competitive position could weaken, and we could experience a decline in our growth rate or revenue that could adversely affect our business and results of operations.

Our ~~competitors and potential~~current competitors include large ~~networking~~cybersecurity vendors such as Cisco Systems and Juniper Networks that may emulate or integrate security features similar to ours into their own products; large companies such as IBM, Oracle and HPE that have acquired security vendors in recent years and have the technical and financial resources to bring competitive solutions to the market; independent security vendors such asCrowdStrike, Palo Alto Networks and ~~Trend Micro~~Rapid7 that have multiple offerings similar to ours; large accounting firms that offer ~~products or features that claim~~incident response and strategic consulting services similar to ~~perform similar functions to our platform;~~ours; and other small and large companies ~~including new market entrants,~~ that offer ~~niche product~~ solutions or services that compete ~~with~~in some of ~~the features present in~~ our ~~platform; providers of traditional signature-based security solutions, such as Symantec; and other providers of incident response and compromise assessment services.~~ markets.Other IT providers offer, and may continue to introduce, security features that compete with our Mandiant Advantage platform and related solutions, either in stand-alone security products or as additional features in their network infrastructure products. Many of our existing competitors have, and some of our potential competitors could have, substantial competitive advantages such as:

•greater name recognition, longer operating histories and larger customer bases;


��	~~larger sales and marketing budgets and resources;~~

•larger sales and marketing budgets and resources;

•broader distribution and established relationships with channel and distribution partners and customers;

•greater customer support resources;

•greater resources to make acquisitions or enter into strategic partnerships;

•lower labor and research and development costs;

•larger and more mature intellectual property portfolios; and

•substantially greater financial, technical and other resources.

In addition, some of our larger competitors have substantially broader ~~product~~ offerings and may be able to leverage their relationships with distribution partners and customers based on other products or ~~incorporate functionality into existing products~~solutions to gain business in a manner that discourages users from purchasing our ~~products,~~solutions, subscriptions and services, including by selling at zero or negative margins, product bundling or offering closed technology platforms. Potential customers may also prefer to purchase from their existing suppliers rather than a new supplier regardless of ~~product~~ performance or ~~features.~~ features of the solutions. Furthermore, with the completion of our sale of the FireEye Products business, organizations that purchased both Mandiant Solutions offerings and FireEye Products offerings may decide to not continue purchasing Mandiant Solutions offerings if they desire to limit their number of existing suppliers for cybersecurity offerings.As a result, even if the features of our platform are superior, customers may not purchase our ~~products.~~solutions. In addition, new innovative start-up companies, and larger companies that are making significant investments in research and development, may invent similar or superior ~~products~~solutions and technologies that compete with our platform. Our current and potential competitors may also establish cooperative relationships among themselves or with third parties that may further enhance their resources. Further, as our customers refresh the security solutions bought in prior years, they may seek to consolidate vendors, which may result in current customers choosing to purchase solutions from our competitors instead of from us.

Some of our competitors have made or could make acquisitions of businesses that allow them to offer more competitive and comprehensive solutions. As a result of such acquisitions, our current or potential competitors may ~~be able to~~ accelerate the adoption of new technologies that better address end-customer needs, devote greater resources to bring these products and services to market, initiate or withstand substantial price competition, or develop and expand their product and service offerings more quickly than we

do. These competitive pressures in our market or our failure to compete effectively may result in price reductions, fewer orders, reduced revenue and gross margins, and loss of market share.

If we are unable to compete successfully, or if competing successfully requires us to take costly actions in response to the actions of our competitors or behavior of our existing customers, our business, financial condition and results of operations could be adversely affected.

Real or perceived defects, errors or vulnerabilities in our ~~products~~solutions or services, the misconfiguration of our ~~products,~~solutions, the failure of our ~~products~~solutions or services to ~~block malware~~detect or ~~prevent~~respond to a security breach or incident, or the failure of customers to take action on attacks identified by our ~~products~~solutions could harm our reputation and adversely impact our business, financial position and results of operations.

Because our ~~products~~solutions and services are complex, they have contained and may contain design ~~or manufacturing~~ defects or errors that are not detected until after their deployment. Our ~~products~~solutions also provide our customers with the ability to customize a multitude of settings, and it is possible that a customer could misconfigure our ~~products~~solutions or otherwise fail to configure our ~~products~~solutions in an optimal manner. Such defects and misconfigurations of our ~~products~~solutions could cause our ~~products~~solutions or services to be vulnerable to security attacks, or cause them to fail to ~~secure networks and detect and block threats, or temporarily interrupt the networking traffic of our customers.~~respond to threats. In addition, because the techniques used by computer hackers to access or sabotage networks change frequently and generally are not recognized until launched against a target, there is a risk that an advanced attack could emerge that our ~~products~~solutions and services are unable to ~~detect or prevent.~~detect. Moreover, as our ~~products~~solutions and services are adopted by an increasing number of enterprises and governments, it is possible that the individuals and organizations behind advanced malware attacks will ~~begin to~~ focus on finding ways to defeat our ~~products~~solutions and services. If this happens, our networks, ~~products,~~solutions, services and subscriptions could be targeted by attacks specifically designed to disrupt our business and undermine the perception that our ~~products~~solutions and services are capable of providing superior IT security, which, in turn, could have a serious impact on our reputation as a provider of ~~virtual machine-based~~ security solutions. For example, in the fourth quarter of 2020, we experienced an attack from a highly sophisticated threat actor which gained access to our networks and systems via trojanized updates to SolarWinds’ Orion IT monitoring and management software as further described below. Moreover, our solutions must interoperate with our customers’ existing infrastructure, which often have different specifications, utilize multiple protocol standards, deploy products from multiple vendors, and contain multiple generations of products that have been added over time. As a result, unanticipated failures could occur if a customer deploys our solutions in an untested configuration. Similarly, if we inadvertently update our solutions with an erroneous configuration or untested detection content, invalid detections or downtime could occur. Any ~~breach or perceived security breaches~~ of these situations could result in negative publicity to us, damage to our ~~network could materially~~reputation, declining sales, increased expenses and customer relations issues, and therefore adversely ~~affect~~impact our business, financial ~~condition~~position and results of operations.

If any of our customers becomes infected with malware after using our ~~products~~solutions or services, such customer could be disappointed with our ~~products~~solutions and services, regardless of whether our ~~products~~solutions or services blocked the theft of any of such customer’s data or would have blocked such theft if configured properly. Similarly, if our ~~products~~solutions detect attacks against a customer but the customer has not permitted our ~~products~~solutions to block the theft of customer data, customers and the public may erroneously believe that our ~~products~~solutions were not effective. For any security breaches ~~against~~or incidents impacting customers that use our services, such as customers that have hired us to monitor their networks and endpoints through our own or our co-branded security operation centers, breaches ~~against~~impacting those

customers may result in customers and the public believing that our ~~products~~solutions and services failed. Furthermore, if any enterprises or governments that are publicly known to use our ~~products~~solutions or services are the subject of an advanced ~~cyber attack~~cyber-attack that becomes publicized, our other current or potential customers may look to our competitors for alternatives to our ~~products~~solutions and services. Real or perceived security breaches of or other security incidents impacting our customers’ networks could cause disruption or damage to their networks or other negative consequences and could result in negative publicity to us, damage to our reputation, declining sales, increased expenses and customer relations issues.

Furthermore, our products and services may fail to detect or prevent malware, ransomware, viruses, worms or similar threats for any number of reasons, including our failure to enhance and expand our products and services to reflect industry trends, new technologies and new operating environments, the complexity of the environment of our clients and the sophistication of malware, viruses and other threats. In addition, we cannot assure you that any limitation of liability provisions in our customer agreements, contracts with third-party vendors and service providers or other contracts would be enforceable or adequate or would otherwise protect us from ~~time~~any liabilities or damages with respect to ~~time, firms test our products against other security products. Our products may fail to detect or prevent threats in~~ any particular ~~test for~~claim relating to a ~~number of reasons, including misconfiguration. To the extent potential customers, industry analysts~~security breach or testing firms believe that the occurrence of a failure to detect or prevent any particular threat is a flaw or indicates that our products or services do not provide significant value, our reputation and business could be harmed. Failure to keep pace with technological changes in the IT security industry and changes in the threat landscape could adversely affect our ability to protect against security breaches and could cause us to lose customers. In addition,other security-related matter. Furthermore, in the event that a customer suffers a ~~cyber attack,~~security breach, we could be subject to claims based on a misunderstanding of the scope of our contractual ~~warranties~~warranties. While our insurance policies include liability coverage for certain of these matters, if we experienced a widespread security breach or other incident that impacted a significant number of our customers to whom we owe indemnity obligations, we could be subject to indemnity claims or other damages that exceed our insurance coverage. We also cannot be certain that our insurance coverage will be adequate for data handling or data security liabilities actually incurred, that insurance will continue to be available to us on economically reasonable terms, or at all, or that any future claim will not be excluded or otherwise be denied coverage by any insurer. The successful assertion of one or more large claims against us that exceed available insurance coverage, or the ~~protection afforded by the Support Anti-Terrorism by Fostering Effective Technologies Act~~occurrence of ~~2002,~~changes in our insurance policies, including premium increases or the ~~SAFETY Act.~~imposition of large deductible or co-insurance requirements, could have a material adverse effect on our business, including our financial condition, operating results and reputation.

Any real or perceived defects, errors or vulnerabilities in our ~~products~~solutions and services, or any other actual or perceived failure of our ~~products~~solutions and services to detect or respond to an advanced threat, could result in:

•a loss of existing or potential customers or channel partners;

•delayed or lost revenue and harm to our financial condition and results of operations;

•a delay in attaining, or the failure to attain, market acceptance;

•the expenditure of significant financial and ~~product~~solution development resources in efforts to analyze, correct, eliminate, or work around errors or defects, or to address and eliminate ~~vulnerabilities, or to identify and ramp up production with alternative third-party manufacturers;~~vulnerabilities;

•an increase in warranty and other claims, or an increase in the cost of servicing warranty and other claims, either of which would adversely affect our gross margins;

•harm to our reputation or brand; and

•claims and litigation, regulatory inquiries, demands, investigations, enforcement actions, or ~~investigations that~~other proceedings, and other claims and liabilities, all of which may be costly and burdensome and further harm our reputation.

Our results of operations ~~are likely to~~may vary significantly from period to period, which could cause the trading price of our common stock to ~~decline.~~decline or fluctuate materially.

Our results of operations have varied significantly from period to period, and we expect that our results of operations, including, but not limited to our GAAP and non-GAAP measures, will continue to vary as a result of a number of factors, many of which are outside of our control and may be difficult to predict, including:

•our ability to attract new and retain existing customers or sell additional ~~products and subscriptions~~solutions to our existing customers;

•our ability to successfully execute our business plan and necessary transition activities following the sale of the FireEye Products business;

•changes in our mix of ~~products,~~solutions, subscriptions and services sold, including changes in ~~multi-year~~the average contract length for subscriptions and support;

•the timing and success of new ~~product,~~platform, subscription or service introductions by us or our competitors;

•real or perceived reductions in the efficacy of our ~~product efficacy~~solutions by our customers or in the marketplace;

~~the~~ •budgeting cycles, seasonal buying patterns and purchasing practices of customers;

•the timing of ~~shipments of~~new contracts for our ~~products~~solutions and length of our sales cycles;

•changes in customer, distributor or reseller requirements or market needs;

•changes in the growth rate of the IT security market, particularly the market for ~~threat protection~~ solutions ~~like ours~~ that ~~target next-generation advanced cyber attacks;~~measure security effectiveness, or managed detection and response services;

•any change in the competitive landscape of the IT security market, including consolidation among our customers or competitors and strategic partnerships entered into by and between our competitors;

~~the level of awareness of IT security threats, particularly advanced cyber attacks, and the market adoption of our platform;~~

•deferral of orders from customers in anticipation of new products or product enhancements announced by us or our competitors;

•our ability to successfully and continuously expand our business domestically and internationally;

•reductions in customer retention rates for our subscriptions and support;

•decisions by organizations to purchase IT security solutions from larger, more established security vendors or from their primary IT equipment ~~vendors;~~vendors or IT service providers;

•changes in our pricing policies or those of our competitors;

•any disruption in, or termination of, our relationships with channel partners;

~~our inability to fulfill our customers’ orders due to supply chain delays or events that impact our manufacturers or their suppliers;~~

•the timing and costs related to the development or acquisition of technologies or businesses or strategic partnerships;

•the lack of synergy or the inability to realize expected synergies, resulting from acquisitions or strategic partnerships;

•our inability to execute, complete or integrate efficiently any acquisition that we may undertake;

•increased expenses, unforeseen liabilities, or write-downs and any impact on our operating results from any acquisitions we consummate;

•insolvency or credit difficulties confronting our customers, affecting their ability to purchase or pay for our ~~products,~~solutions, subscriptions and ~~services, or confronting our key suppliers, particularly our sole source suppliers, which could disrupt our supply chain;~~services;

•the cost and potential outcomes of future ~~litigation;~~litigation, including, without limitation, the lawsuit described under the "Litigation" subheading in Note 12 Commitments and Contingencies contained in the "Notes to Condensed Consolidated Financial Statements" in Part II, Item 8 of this Annual Report on Form 10-K;

•the departure of key employees, including, without limitation, attrition due to vaccine mandates;

•seasonality or cyclical fluctuations in our business;

•political, economic and social instability;

•public health crises, such as the COVID-19 pandemic, and related measures to protect the public health;

•future accounting pronouncements or changes in our accounting policies or practices;

•the amount and timing of operating costs and capital expenditures related to the maintenance and expansion of our ~~business;~~business, operations and infrastructure;

•our inability to successfully implement a new quote-to-cash system or a new enterprise resource planning system as planned;

•the amount and timing of costs related to any cost reduction initiatives and the impact of such initiatives; and

•increases or decreases in our revenues and expenses caused by fluctuations in foreign currency exchange rates.

Any of the above factors, individually or in the aggregate, may result in significant fluctuations in our financial and other operating results from period to period. For example, as we offer more and more solutions through subscriptions and services, it becomes increasingly difficult for us to predict whether customers will purchase our solutions as a product, a subscription or a service. If customers purchase our solutions through subscriptions and services that have less profit associated with them than our products, our operating results could be harmed. Changes in the mix of offerings sold impacts the timing of recognition of revenue for our sales. Consequently, given the different revenue recognition policies associated with sales of our products, subscriptions and services, customers purchasing more of our subscription and services offerings and less of our product offerings than we anticipated could result in our actual revenue falling below our publicly announced guidance or the expectations of securities analysts and investors, resulting in a decline in our stock price.

As a result of this variability, our historical results of operations should not be relied upon as an indication of future performance. Moreover, this variability and unpredictability could result in our failure to meet our operating plan or the expectations of investors or analysts for any period. If we fail to meet such expectations for these or other reasons, the market price of our common stock could fall substantially, and we could face costly lawsuits, including securities class action suits.

If we are unable to retain our customers, renew and expand our relationships with them, and add new customers, we may not be able to sustain revenue growth and we may not achieve or maintain profitability in the future.

From the year ended December 31, 2010 to the year ended December 31, 2017, our revenue grew from $11.8 million to $751.1 million, which represents a compounded annual growth rate of approximately 81%. Although we have experienced rapid growth ~~historically and currently have strong retention rates,~~in the past with respect to our Mandiant Solutions business, we may not continue to grow in the ~~future and our retention rates may decline.~~future. Any success that we may experience in the future will depend, in large part, on our ability to, among other things:

•maintain, renew and expand our existing customer base;

•win new customers for our solutions;

•increase revenues from existing customers through increased use of our ~~products,~~solutions, subscriptions and services within their organizations;

•improve the capabilities of our ~~products~~solutions and subscriptions through research and development;

•continue to develop our cloud-based solutions;

•maintain the rate at which customers purchase our subscriptions and support;

•continue to successfully expand our business domestically and internationally; and

•successfully compete with other companies.

If we are unable to maintain consistent or increasing revenue growth or if our revenues decline, it may be difficult to achieve and maintain ~~profitability.~~profitability and our business and financial results could be adversely affected. Our revenue for any prior quarterly or annual periods should not be relied upon as any indication of our future revenue or revenue growth.

IfWe could suffer disruptions, outages, defects, and other performance and quality problems with our platform or with the public cloud and internet infrastructure on which it relies.

Our business depends on our Mandiant Advantage platform to be available without disruption. We have experienced, and may in the future experience, disruptions, outages, defects, and other performance and quality problems with our platform. We have also experienced, and may in the future experience, disruptions, outages, defects, and other performance and quality problems with the public cloud and internet infrastructure on which our platform relies. These problems can be caused by a variety of factors, including introductions of new functionality, vulnerabilities and defects in proprietary and open source software, human error or misconduct, natural disasters (such as tornadoes, earthquakes, or fires), capacity constraints, design limitations, or denial of service attacks or other security-related incidents.

Further, if our contractual and other business relationships with our public cloud providers are terminated, suspended, or suffer a material change to which we are unable to ~~sell~~adapt, such as the elimination of services or features on which we depend, we could be unable to provide our platform and could experience significant delays and incur additional ~~products, subscriptions~~expense in transitioning customers to a different public cloud provider.

Any disruptions, outages, defects, and ~~services, as well as renewals of~~other performance and quality problems with our ~~subscriptions~~platform or with the public cloud and ~~services, to~~internet infrastructure on which it relies, or any material change in our ~~customers,~~contractual and other business relationships with our ~~future revenue and operating results will be harmed.~~

~~Our future success depends,~~public cloud providers, could result in ~~part, on our ability to expand the deployment~~reduced use of our platform, ~~with existing customers by selling them additional products, subscriptions~~increased expenses, including service credit obligations, and services, such as our FireEye Helix platform. This may require increasingly sophisticated and costly sales efforts and may not result in additional sales. In addition, the rate at which our customers purchase additional products, subscriptions and services depends on a number of factors, including the perceived need for additional IT security, general economic conditions, and our customers' satisfaction with our existing solutions they have previously purchased. If our efforts to sell additional products, subscriptions and servicesharm to our ~~customers are not successful,~~brand and reputation, any of which could have a material adverse effect on our business, ~~may suffer.~~

~~Further, existing customers that purchase our platform have no contractual obligation to renew their subscriptions~~financial condition and support and maintenance services after the initial contract period, and given our limited operating history, we may not be able to accurately predict our retention rates. Our customers’ retention rates may decline or fluctuate as a resultresults of a number of factors, including the level of their satisfaction with our platform, our customer support, customer budgets and the pricing of our platform compared with the products and services offered by our competitors. If our customers renew their subscriptions, they may renew for shorter contract lengths or on other terms that are less economically beneficial to us. We cannot assure you that our customers will renew their subscriptions, and if our customers do not renew their subscriptions or renew on less favorable terms, our revenue may grow more slowly than expected, not grow at all, or even decline.

agreements or seek to renegotiate the terms of their support and maintenance agreements prior to renewing such agreements, our revenue may grow more slowly than expected, not grow at all, or even decline.operations.

Recent, past and future acquisitions and investments could disrupt our business and harm our financial condition and operating results.

Our success will depend, in part, on our ability to expand our platform and grow our business in response to changing technologies, customer demands and competitive pressures. In some circumstances, we may decide to do so through the acquisition of complementary businesses and technologies rather than through internal development, including, for example, our ~~acquisition~~acquisitions of ~~iSIGHT Security,~~Verodin, Inc. ~~(d/b/a iSIGHT Partners, Inc.~~(“Verodin”), ~~or iSIGHT, our acquisition of Invotas International Corporation, or Invotas, our acquisition of Clean Communications Limited (d/b/a The Email Laundry), or The Email Laundry,~~Respond Software and ~~our acquisition of X15 Software, Inc., or X15.~~Intrigue.

The identification of suitable acquisition candidates can be difficult, time-consuming and costly, and we may not be able to successfully complete acquisitions that we target in the future. The risks we face in connection with acquisitions, including our acquisitions of ~~iSIGHT, Invotas, The Email Laundry~~Verodin, Respond Software and ~~X15~~Intrigue include:

•diversion of management time and focus from operating our business to addressing acquisition integration challenges;

•our ability to successfully achieve billings and revenue targets of acquired businesses;

•coordination of research and development and sales and marketing functions;

•integration of ~~product~~solution and service offerings;

•retention of key employees from the acquired company;

•changes in relationships with strategic partners as a result of product acquisitions or strategic positioning resulting from the acquisition;

•cultural challenges associated with integrating employees from the acquired company into our organization;

•integration of the acquired company’s accounting, management information, human resources and other administrative systems, as well as the acquired operations, technology and rights ~~into~~to our offerings, and any unanticipated expenses related to such integration;

•the need to implement or improve controls, procedures, and policies at a business that prior to the acquisition may have lacked sufficiently effective controls, procedures and policies;

•financial reporting, revenue recognition or other financial or control deficiencies of the acquired company that we don’t adequately address and that cause our reported results to be incorrect;

•liability for activities of the acquired company before the acquisition, including intellectual property infringement claims, violations of laws, commercial disputes, tax liabilities and other known and unknown liabilities;

•completing the transaction and achieving or utilizing the anticipated benefits of the acquisition within the expected timeframe, or at all;

•unanticipated write-offs or charges; and

•litigation or other claims in connection with the acquired company, including claims from terminated employees, customers, former stockholders or other third parties which may differ from or be more significant than the risks our business faces.

Our failure to address these risks or other problems encountered in connection with our past or future acquisitions and investments could cause us to fail to realize the anticipated benefits of these acquisitions or investments, cause us to incur unanticipated liabilities, and harm our business generally. Future acquisitions could also result in dilutive issuances of equity securities. For example, in ~~January 2016,~~May 2019, we issued ~~1,793,305~~8,404,609 shares of common stock in connection with our acquisition of ~~iSIGHT;~~Verodin and in ~~February 2016,~~November 2020, we issued ~~742,026~~4,931,862 shares of common stock in connection with our acquisition of Invotas; in October 2017, we issued 259,425 shares of common stock in connection with our acquisition of The Email Laundry; and in January 2018, we issued 1,016,334 shares of common stock in connection with our acquisition of X15.Respond Software.

. There is also a risk that future acquisitions will result in the incurrence of debt, contingent liabilities, amortization expenses, incremental operating expenses or the write-off of goodwill, any of which could harm our financial condition or operating results.

Our growth depends on the development, expansion and success of our partner relationships.

As part of our vision for our business, we are building, and will need to grow and maintain, a partner ecosystem of providers of complementary cybersecurity offerings. Some of our existing and future partners may have offerings that compete with our offerings in certain markets. The relationships we have with our partners, and that our partners have with our customers, provide our customers with enhanced value from our Mandiant Advantage platform. Our future growth will be increasingly dependent on the success of these relationships, and if we are unsuccessful in growing and maintaining these relationships or the types and quality of data supported by or available for consumption on our platform, our business, financial condition and results of operations could be adversely affected.

If we are unable to maintain successful relationships with our channel partners and technology alliance partners, or if our channel partners or technology alliance partners fail to perform, our ability to market, sell and distribute our platform will be limited, and our business, financial position and results of operations will be harmed.

In addition to our direct sales force, we rely on our indirect channel partners to sell and support our platform. We derive a substantial portion of our revenue from sales of our ~~products,~~solutions, subscriptions and services through, or with the assistance of, our indirect channel, and we expect that sales through channel partners will continue to be a significant percentage of our revenue. We also partner with

our technology alliance partners to design go-to-market strategies that combine our platform with ~~products~~solutions or services provided by our technology alliance partners.

Our agreements with our channel partners and our technology alliance partners are generally non-exclusive, meaning our partners may offer customers ~~products~~solutions from several different companies, including ~~products~~solutions that compete with ours. If our channel partners do not effectively market and sell our platform, choose to use greater efforts to market and sell their own ~~products~~solutions or those of our competitors, or fail to meet the needs of our customers, our ability to grow our business and sell our platform may be adversely affected. Our channel partners and technology alliance partners may cease marketing our platform with limited or no notice and with little or no penalty, and new channel partners require extensive training and may take several months or more to achieve productivity. The loss of a substantial number of our channel partners, our possible inability to replace them, or the failure to recruit additional channel partners could materially and adversely affect our results of operations. In addition, sales by channel partners are more likely than direct sales to involve collectability concerns, particularly in developing markets. Our channel partner structure could also subject us to lawsuits or reputational harm if, for example, a channel partner misrepresents the functionality of our platform to customers or violates applicable laws or our corporate policies.

Our ability to achieve revenue growth in the future will depend in part on our success in maintaining successful relationships with our channel partners, and in training our channel partners to independently sell and deploy our platform. If we are unable to maintain our relationships with these channel partners or otherwise develop and expand our indirect sales channel, or if our channel partners fail to perform, our business, financial position and results of operations could be adversely affected.

~~Fluctuating economic conditions make it difficult to predict revenue for a particular period, and a shortfall in revenue may harm our business and operating results.~~

Our revenue depends significantly on general economic conditions and the demand for products in the IT security market. Economic weakness, customer financial difficulties, and constrained spending on IT security may result in decreased revenue and earnings. Such factors could make it difficult to accurately forecast our sales and operating results and could negatively affect our ability to provide accurate forecasts to our contract manufacturers and manage our inventory purchases, contract manufacturer relationships and other costs and expenses. In addition, concerns regarding the effects of the "Brexit" decision, uncertainties related to changes in public policies such as domestic and international regulations, taxes or international trade agreements as well as geopolitical turmoil and other disruptions to global and regional economies and markets in many parts of the world, have and may continue to put pressure on global economic conditions and overall spending on IT security. General economic weakness may also lead to longer collection cycles for payments due from our customers, an increase in customer bad debt, restructuring initiatives and associated expenses, and impairment of investments. Furthermore, the continued weakness and uncertainty in worldwide credit markets, including the sovereign debt situation in certain countries in the EU may adversely impact the ability of our customers to adequately fund their expected capital expenditures, which could lead to delays or cancellations of planned purchases of our platform.

Uncertainty about future economic conditions also makes it difficult to forecast operating results and to make decisions about future investments. Future or continued economic weakness for us or our customers, failure of our customers and markets to recover from such weakness, customer financial difficulties, and reductions in spending on IT security could have a material adverse effect on demand for our platform and consequently on our business, financial condition and results of operations.

If we fail to effectively manage our growth, our business, financial condition and results of operations would be harmed.

Although our Mandiant Solutions business has experienced significant growth in the past, we cannot provide any assurance that ~~our business~~it will continue to grow at the same rate or at all. To improve our infrastructure, we continue to enhance our enterprise resource planning system, including revenue recognition and management software, and implement and enhance additional systems and controls. There is no assurance that we will be able to successfully ~~scale improvements to our enterprise resource planning system or~~ implement or scale improvements to our ~~other~~ systems, processes and controls in a manner that keeps pace with our growth or that such systems, processes and controls will be effective in preventing or detecting errors, omissions or fraud.

As part of our efforts to improve our internal systems, processes and controls, we have licensed technology from third parties. The support services available for such third-party technology are outside of our control and may be negatively affected by consolidation in the software industry. In addition, if we do not receive adequate support for the software underlying our systems, processes and controls, our ability to provide ~~products~~solutions and services to our customers in a timely manner may be impaired, which may cause us to lose customers, limit us to smaller deployments of our platform or increase our technical support costs.

Many of our expenses are relatively fixed, at least in the short term. If our projections or assumptions on which we base our projections are incorrect, we may not be able to adjust our expenses rapidly enough to avoid an adverse impact on our profitability or cash flows.

To manage this growth effectively, we must continue to improve our operational, financial and management systems and controls by, among other things:

•effectively ~~attracting,~~hiring, training and integrating new employees, particularly members of our sales, services and management teams;

•further improving our key business applications, processes and IT infrastructure, including our data centers, a new quote-to-cash system and a new enterprise resource planning system, to support our business needs;

•continuing to refine our ability to forecast our bookings, billings, revenues, expenses and cash flows;

•enhancing our information and communication systems to ensure that our employees and offices around the world are well coordinated and can effectively communicate with each other and our growing base of channel partners and customers;

•improving our internal control over financial reporting and disclosure controls and procedures to ensure timely and accurate reporting of our operational and financial results; and

•appropriately documenting and testing our IT systems and business processes.

These and other improvements in our systems and controls will require significant capital expenditures and the allocation of valuable management and employee resources. If we fail to implement these improvements effectively, our ability to manage our expected growth, ensure uninterrupted operation of key business systems and comply with the rules and regulations applicable to public reporting companies would be impaired, and our business, financial condition and results of operations would be harmed.

If the general level of advanced ~~cyber attacks~~cyber-attacks declines, or is perceived by our current or potential customers to have declined, our business could be harmed.

Our business is substantially dependent on enterprises and governments recognizing that advanced ~~cyber attacks~~cyber-attacks are pervasive and are not effectively prevented by legacy security solutions. High visibility attacks on prominent enterprises and governments have increased market awareness of the problem of advanced ~~cyber attacks~~cyber-attacks and help to provide an impetus for enterprises and governments to devote resources to protecting against advanced ~~cyber attacks,~~cyber-attacks, such as testing our Mandiant Advantage platform, purchasing it, and broadly deploying it within their organizations. If advanced ~~cyber attacks~~cyber-attacks were to decline, or enterprises or governments perceived that the general level of advanced ~~cyber attacks~~cyber-attacks have declined, our ability to attract new customers and expand our offerings within existing customers could be materially and adversely affected. A ~~reduction~~change in the threat landscape ~~for example, as a result of the 2015 cybersecurity agreement between China and the U.S.,~~ may reduce the demand from customers or prospects for our solutions, and therefore could increase our sales cycles and harm our business, results of operations and financial condition.

~~Disruptions~~If organizations do not adopt cloud-based SaaS-delivered security solutions, our ability to grow our business and results

of operations may be adversely affected.

We believe our future success will depend in large part on the growth, if any, in the market for cloud-based SaaS-delivered security solutions. The use of SaaS solutions to manage and automate security and IT operations is at an early stage and rapidly evolving. As such, it is difficult to predict its potential growth, if any, customer adoption and retention rates, customer demand for our

solutions, or ~~other business interruptions that affect~~ the ~~availability~~success of existing competitive solutions. Any expansion in our market depends on a number of factors, including the cost, performance, and perceived value associated with our solutions and those of our ~~Dynamic Threat Intelligence,~~competitors. If our solutions do not achieve widespread adoption or ~~DTI,~~there is a reduction in demand for our ~~Helix platform,~~solutions due to a lack of customer acceptance, technological challenges, competing solutions, concerns relating to privacy, data protection, or ~~other cloud-based products and services we offer~~cybersecurity, decreases in corporate spending, weakening economic conditions or ~~may offer~~otherwise, it could ~~adversely impact our~~result in early terminations, reduced customer ~~relationships as well as our overall business.~~

~~When a customer purchases one~~retention rates, or more of our threat prevention appliances, it must also purchase a subscription to our DTI cloud for a term of either one or three years. Our DTI cloud enables global sharing of threat intelligence uploaded by any of our customers’ cloud-connected FireEye appliances. We also offer additional cloud-based platforms such as our Email Threat Prevention, Mobile Threat Prevention and Threat Analytics Platforms and provide security solutions through our own and our co-branded security operation centers.

Our customers depend on the continuous availability of our DTI and other cloud-based products and services. Our cloud-based products and services are vulnerable to damage or interruption from a variety of sources, including damage or interruption caused by fire, earthquake, power loss, telecommunications or computer systems failure, cyber attack, human error, terrorist acts and war. Our data centers and networks may experience technical failures and downtime, may fail to distribute appropriate updates, or may fail to meet the increased requirements of a growing customer base,decreased revenue, any of which could temporarily or permanently expose our customers’ networks, leaving their networks unprotected against the latest security threats or, in the case of technical failures and downtime of security operation centers, all security threats.

In addition, there may also be system or network interruptions if new or upgraded systems are defective or not installed properly. Moreover, interruptions in our subscription updates could result in a failure of our DTI cloud to effectively update customers’ hardware products and thereby leave our customers more vulnerable to attacks. Interruptions or failures in our service delivery could cause customers to terminate their subscriptions with us, couldwould adversely affect our retention rates, and could harm our ability to attract new customers. Our business would also be harmed if our customers believe that our DTI cloud or other cloud-based products and services are unreliable.

In addition, we provide our cloud-based products and services through third-party data center hosting facilities located in the United States and other countries. While we control and have access to our servers and all of the components of our network that are located in our data centers, we do not control the operation of these facilities. The owners of the data center facilities have no obligation to renew their agreements with us on commercially reasonable terms, or at all. If we are unable to renew these agreements on commercially reasonable terms, or if one of our data center operators is acquired, we may be required to transfer our servers and other infrastructure to new data center facilities, and we may incur significant costs and possible service interruption in connection with doing so.

~~Seasonality may cause fluctuations in our revenue.~~

We believe there are significant seasonal factors that may cause us to record higher revenue in some quarters compared with others. We believe this variability is largely due to (i) our customers’ budgetary and spending patterns, as many customers spend the unused portions of their discretionary budgets prior to the end of their fiscal years, and (ii) our sales compensation plans, which are typically structured around annual quotas and stair step commission rates. For example, we have historically recorded our highest level of revenue in our fourth quarter, which we believe corresponds to the fourth quarter of a majority of our customers. Similarly, we have historically recorded our second-highest level of revenue in our third quarter, which corresponds to the fourth quarter of U.S. federal agencies and other customers in the U.S. federal government. Our rapid growth rate over the last couple years may have made seasonal fluctuations more difficult to detect. If our rate of growth slows over time, seasonal or cyclical variations in our operations may become more pronounced, and our business, results of operations, and financial ~~position~~results. We do not know whether the trend in adoption of cloud-based SaaS-delivered security solutions we have experienced in the past will continue in the future. Furthermore, if we or other SaaS security providers experience security incidents, loss or disclosure of customer data, disruptions in delivery, or other problems, the market for SaaS solutions as a whole, including our security solutions, may be negatively affected. You should consider our business and prospects in light of the risks and difficulties we encounter in this new and evolving market.

If we are not able to maintain and enhance our Mandiant brand and our reputation as a provider of high-quality security solutions and services, our business and results of operations may be adversely affected.

We believe that maintaining and enhancing our Mandiant brand and our reputation as a provider of high-quality security solutions and services is critical to our relationship with our existing customers, channel partners, and technology alliance partners and our ability to attract new customers and partners. The successful promotion of our Mandiant brand will depend on a number of factors, including our marketing efforts, and ultimately our ability to continue to develop additional high-quality security solutions and our ability to continue to provide services valued by customers. Although we believe it is important for our growth, our brand promotion activities may not be successful or yield increased revenue.

In addition, in October 2021, we rebranded and changed our name from FireEye, Inc. to Mandiant, Inc.Customers, suppliers and partners may be confused by the name change leading to disruptions in our business, and investors may not understand or appreciate our rebranding efforts, which could materially and adversely impact our business, results of operations, financial condition and trading price of our common stock.

We rely on our management team and other key employees and will need additional personnel to grow our business, and the loss of one or more key employees or our inability to ~~attract,~~hire, integrate, train and retain qualified personnel, including members for our board of directors, could harm our business.

Our future success is substantially dependent on our ability to ~~attract,~~hire, integrate, train, retain and motivate the members of our management team and other key employees throughout our organization, including key employees obtained through our acquisitions. Competition for highly skilled personnel is intense, especially in the San Francisco Bay Area and the Washington D.C. Area, where we have a substantial presence and need for highly skilled personnel. We may not be successful in ~~attracting~~hiring or retaining qualified personnel to fulfill our current or future needs, and potential changes in U.S. immigration ~~policy,~~and work authorization laws and regulations, including those that restrain the flow of technical and professional talent, may make it difficult to renew or obtain visas for highly skilled personnel that we have hired or are actively recruiting. Following the divestiture of the FireEye Products business, we remain highly dependent on the services of Kevin Mandia, our Chief Executive Officer, who is critical to our thought leadership, market presence, reputation, future vision and strategic direction. We are also substantially dependent on the continued service of our existing engineering personnel because of the complexity of our ~~platform.~~solutions. Engineering personnel and other employees in the technology industry, including the cyber security industry, are increasingly able to work remotely, which in turn increases employee mobility and our risk of unwanted employee attrition. Our competitors and other companies in the technology industry may be successful in recruiting and hiring members of our management team or other key employees, including key employees obtained through our acquisitions, and it may be difficult for us to find suitable replacements on a timely basis, on competitive terms, or at all. Also, to the extent we hire employees from mature public companies with significant financial resources, we may be subject to allegations that such employees have been improperly solicited, or that they have divulged proprietary or other confidential information or that their former employers own such employees’ inventions or other work product.

The workforce reductions made in connection with our restructuring plans may adversely affect our ability to attract and retain highly skilled employees. Even if our key personnel are not directly affected by these reductions, the termination of others may have a negative impact on morale and our ability to retain current personnel, as well as our ability to attract qualified new personnel in the future. Furthermore, our vaccination and return-to-office policies related to COVID-19 may also impact the recruitment and retention of key employees.

We made a number of organizational changes over the past year and, from time to time, key personnel leave our company. For example, we recently announced that Frank Verdecanna, our Executive Vice President and Chief Financial Officer, plans to retire in 2022 and that Alexa King stepped down as our Executive Vice President, Corporate and Legal Affairs, General Counsel, and Secretary due to her desire to pursue other opportunities and interests.In addition, in connection with the sale of the FireEye Products business, we experienced employee attrition, including the departure of certain members of senior management. These and other leadership transitions and management changes can be inherently difficult to manage, may cause uncertainty or a disruption to our business, and may increase the likelihood of turnover in other key officers and employees. Our success depends in part on having a successful leadership team. If we cannot effectively manage these and other leadership transitions and management changes, it could make it more difficult to successfully operate our business and pursue our business goals.

In addition, we believe that it is important to establish and maintain a corporate culture that facilitates the maintenance and transfer of institutional knowledge within our organization and also fosters innovation, teamwork, a passion for customers and a focus on execution. Our Chief Executive Officer, our President, our Chief Financial Officer, our Executive Vice President of Worldwide Sales, our Executive Vice President of Global Services and Intelligence, our Executive Vice President of Global Engineering & Security Products and our Chief Marketing Officer and certain other key membersAny of our ~~management~~organizational changes may result in a loss of institutional knowledge and ~~finance teams have only been working together for a relatively short period of time. If~~cause disruptions to our business. Furthermore, if we are not successful in ~~integrating these~~identifying and recruiting new key employees and integrating them into our organization, and creating effective working relationships among them and our other key employees, such failure could delay or hinder our ~~product~~ development ~~efforts~~of net and enhanced offerings and the achievement of our strategic objectives, which could adversely affect our business, financial condition and results of operations.

Our employees, including our executive officers, work for us on an “at-will” basis, which means they may terminate their employment with us at any time. We do not maintain key person life insurance policies on any of our key employees. If Mr. Mandia or one or more of our other key employees resigns or otherwise ceases to provide us with their service, our business could be harmed.

Any litigation against us could be costly and time-consuming to defend.

From time to time, we are and may become subject to legal proceedings and claims, such as claims brought by our customers in connection with commercial disputes, employment claims made by our current or former employees, intellectual property claims, or securities class actions or other claims related to our sale of the FireEye Products business or any volatility in the trading price of our common stock. For example, on July 13, 2021, an alleged stockholder filed an action against the Company, seeking inspection of certain of books and records pursuant to Section 220 of the Delaware General Corporation Law. On July 26, 2021, the parties filed a stipulation that the Company is not obligated to respond to the complaint at this time. The lawsuit was voluntarily dismissed on November 3, 2021. Also on November 3, 2021, the same alleged stockholder filed another action against the Company and its board of directors, alleging a violation of Delaware General Corporation Law Sec. 271 and breaches of fiduciary duty in connection with our sale of the FireEye Products business.The defendants filed a motion to dismiss on January 14, 2022.

Litigation might result in substantial costs and may divert management’s attention and resources, which might seriously harm our business, financial condition, and results of operations. Insurance might not cover such claims, might not provide sufficient payments to cover all the costs to resolve one or more such claims, and might not continue to be available on terms acceptable to us (including premium increases or the imposition of large deductible or co-insurance requirements). A claim brought against us that is uninsured or underinsured could result in unanticipated costs, potentially harming our business, financial position, and results of operations. In addition, we cannot be sure that our existing insurance coverage and coverage for errors and omissions will continue to be available on acceptable terms or that our insurers will not deny coverage as to any future claim.

If we do not ~~effectively hire, integrate~~accurately anticipate and ~~train~~respond promptly to changes in our ~~direct sales force,~~customers’ security needs or scale our business in a cost-effective manner, our competitive position, prospects and financial condition could be harmed.

The IT security market has grown quickly and is expected to continue to evolve rapidly. We have identified a number of new solutions and enhancements to our Mandiant Advantage platform that we believe are important to our continued success in the IT security market. There can be no assurance that we will be successful in developing and marketing, on a timely basis, such new solutions or enhancements or that our new solutions or enhancements will adequately address the changing needs of the marketplace. Although the market expects rapid introduction of new solutions and enhancements to respond to customer needs, the development of these solutions and enhancements is difficult and the timetable for commercial release and availability is uncertain, as there can be significant time lags between initial beta releases and the commercial availability of new solutions and enhancements. We may experience unanticipated delays in the availability of new solutions and enhancements to our platform and fail to meet customer expectations with respect to the timing of such availability. If we do not quickly respond to the rapidly changing and rigorous needs of our customers by developing, releasing and making available on a timely basis new solutions and enhancements to our platform that can adequately respond to our customers’ needs, our competitive position and business prospects will be harmed. Furthermore, from time to time, we or our competitors may announce new solutions with capabilities or technologies that could have the potential to replace or shorten the life cycles of our existing solutions. There can be no assurance that announcements of new solutions will not cause customers to defer purchasing our existing solutions.

Additionally, the process of developing new technology is expensive, complex and uncertain. The success of new solutions and enhancements depends on several factors, including appropriate component costs, timely completion and introduction, differentiation of new solutions and enhancements from those of our competitors and market acceptance. To maintain our competitive position, we must continue to commit significant resources to developing new solutions or enhancements to our Mandiant Advantage platform before knowing whether these investments will be cost-effective or achieve the intended results. There can be no assurance that we will successfully identify new market opportunities, develop and bring new solutions or enhancements to market in a timely manner, or achieve market acceptance of our solutions or that solutions and technologies developed by others will not render our Mandiant Advantage platform obsolete or noncompetitive. If we expend significant resources on researching and developing solutions or enhancements to our platform and such solutions or enhancements are not successful, our business, financial position and results of operations may be adversely affected.

In addition, we provide our cloud-based solutions and services through third-party data center hosting facilities located in the United States and other countries. While we control and have access to our servers and all of the components of our network that are located in our data centers, we do not control the operation of these hosting facilities. We rely on the owners or operators of these

hosting facilities in maintaining the availability of their services, maintenance of their infrastructure, and in providing appropriate backup, disaster recovery and security measures. The owners of the data center hosting facilities have no obligation to renew their agreements with us on commercially reasonable terms, or at all. If we are unable to renew these agreements on commercially reasonable terms, or if one of our data center operators is acquired, we may be required to transfer our servers and other infrastructure to new data center facilities, and we may incur significant costs and possible service interruption in connection with doing so.

Furthermore, we have and will continue to make substantial investments to support growth of our Mandiant Advantage platform. If our cloud-based server costs were to increase, our business, results of operations and financial condition may be adversely affected. In addition, ongoing improvements to cloud infrastructure may be more expensive than we anticipate, and may not yield the expected savings in operating costs or the expected performance benefits. In addition, we may be required to re-invest any cost savings achieved from prior cloud infrastructure improvements in future infrastructure projects to maintain the levels of service required by our customers. We may not be able to maintain or achieve cost savings from our investments, which could harm our financial results.

Our current research and development efforts may not produce successful solutions or enhancements to our platform that result in significant revenue, cost savings or other benefits in the near future, if at all.

We must continue to dedicate significant financial and other resources to our research and development efforts if we are to maintain our competitive position. However, developing solutions and enhancements to our platform is expensive and time consuming, and there is no assurance that such activities will result in significant new marketable solutions or enhancements to our platform, design improvements, cost savings, revenue or other expected benefits. If we spend significant resources on research and development and are unable to ~~add new~~generate an adequate return on our investment, our business and results of operations may be materially and adversely affected.

Seasonality may cause fluctuations in our billings.

We believe there are significant seasonal factors that may cause us to record higher billings in some quarters compared with others. We believe this variability is largely due to (i) our customers’ budgetary and spending patterns, as many customers spend the unused portions of their discretionary budgets prior to the end of their fiscal years, and (ii) our sales compensation plans, which are typically structured around annual quotas and stair step commission rates. For example, we have historically recorded our highest level of billings in our fourth quarter, which we believe corresponds to the fourth quarter of a majority of our customers. Similarly, we have historically recorded our second-highest level of billings in our third quarter, which corresponds to the fourth quarter of U.S. federal agencies and other customers in the U.S. federal government. Our growth rate over the last couple years may have made seasonal fluctuations more difficult to detect. If our rate of growth slows over time, seasonal or ~~increase sales to~~cyclical variations in our ~~existing customers,~~operations may become more pronounced, and our business, ~~will~~results of operations and financial position may be adversely affected.

Our operating history and changes to our business model makes it difficult to evaluate our current business and prospects and may increase the risk that we will not be successful.

We were founded in 2004, and we shipped our first commercially successful solution for on-premises network security in 2008. Since then, we have continued to expand our offerings, both organically and through acquisitions, to address changes in the threat environment, evolving customer requirements, and the continued migration of workloads to cloud platforms. On October 8, 2021, we completed the sale of the FireEye Products business. Our future results of operations are now dependent solely on the operations of the Mandiant Solutions business.Acquired solutions within our continuing business include Mandiant Corporation’s advanced threat intelligence capabilities and incident response and security consulting services; iSIGHT Security's standalone threat intelligence subscriptions; Verodin’s security instrumentation offering; Respond Software’s cybersecurity investigation automation technology; and Intrigue’s attack surface management offering. The markets for many of our acquired solutions are in the early stages of development and customer adoption remains limited. Additionally, most of our acquired solutions are sold as subscriptions, often to large enterprises or governments, and contract terms may vary significantly. We have encountered and will continue to ~~be substantially dependent on~~encounter risks and uncertainties frequently encountered by emerging technology-based companies in developing markets.

If our ~~direct sales force~~assumptions regarding these risks and uncertainties are incorrect or change in response to ~~obtain new customers~~changes in the IT security market, our results of operations and ~~increase sales with existing customers. There~~financial results could differ materially from our plans and forecasts. Although we have experienced rapid growth in the past, there is ~~significant competition for sales personnel with~~no assurance that such growth will continue. Any success we may experience in the ~~skills and technical knowledge that we require. Our ability to achieve significant revenue growth~~future will depend in large part on our ~~success~~ability to, among other things:

•successfully execute our business plan and necessary transition activities following the sale of the FireEye Products business;

•maintain and expand our customer base and the ways in ~~recruiting, integrating, training~~which customers use our solutions and ~~retaining sufficient numbers~~services;

•expand revenue from existing customers through increased or broader use of ~~sales personnel~~our solutions, subscriptions and services within their organizations;

•grow our revenues from software, subscriptions and recent offerings from acquisitions such as Verodin and Respond Software;

•convince customers to ~~support~~allocate a fixed portion of their annual IT budgets to our ~~growth, particularly in international markets. New hires require significant training~~solutions and ~~may take significant time before they achieve full productivity. Our recent hires~~services;

•improve the performance and ~~planned hires~~capabilities of our platform through research and development;

•effectively expand our business domestically and internationally; and

•successfully compete with other companies that currently provide, or may ~~not become productive as quickly as we expect, and we may be unable to hire or retain sufficient numbers of qualified individuals~~ in the ~~markets where we do business~~future provide, solutions like ours that protect against advanced cyber-attacks, measure security effectiveness, or ~~plan~~investigate and respond to ~~do business. In addition, a large percentage of our sales force is new to our Company.~~ attacks.

If we are unable to achieve our key objectives, including the objectives listed above, our business and results of operations will be adversely affected and the fair market value of our common stock could decline.

We are exposed to the credit risk of some of our distributors, resellers and customers and to credit exposure in weakened markets, which could result in material losses.

Most of our sales are on an open credit basis. Although we have programs in place that are designed to monitor and mitigate these risks, we cannot assure you these programs will be effective in reducing our credit risks, especially as we expand our business internationally. In addition, the COVID-19 pandemic may negatively affect the ability of our customers, especially in certain industries such as travel, entertainment, food and hospitality, to pay us on a timely basis or at all. If we are unable to adequately control these risks, our business, results of operations and financial condition could be harmed.

Failure to comply with governmental laws and regulations could harm our business.

Our business is subject to regulation by various U.S. federal, state, local and foreign governmental agencies, including agencies responsible for monitoring and enforcing employment and labor laws, workplace safety, consumer protection laws, privacy, data-protection and cybersecurity laws, anti-bribery laws (including the U.S. Foreign Corrupt Practices Act and the U.K. Anti-Bribery Act), import/export controls, federal securities laws and tax laws and regulations. In certain jurisdictions, these regulatory requirements may be more stringent than those in the United States. Noncompliance with applicable regulations or requirements could subject us to investigations, sanctions, enforcement actions, disgorgement of profits, fines, damages, civil and criminal penalties, injunctions or other collateral consequences. If any governmental sanctions are imposed, or if we do not prevail in any possible civil or criminal litigation, our business, results of operations, and financial condition could be materially adversely affected. In addition, responding to any action will likely result in a significant diversion of management’s attention and resources and an increase in professional fees. U.S. regulations surrounding our operating activities in foreign jurisdictions are not always consistent with, and at times are in contravention to, the local regulations or laws in such jurisdictions. Enforcement actions and sanctions could harm our business, reputation, results of operations and financial condition.

If we do not achieve increased tax benefits as a result of our corporate structure, our operating results and financial condition may be negatively impacted.

We generally conduct our international operations through wholly-owned subsidiaries and report our taxable income in various jurisdictions worldwide based upon our business operations in those jurisdictions. In 2019, we reorganized our corporate structure and intercompany relationships to better align our corporate organization with the expansion of our international business activities. Although we anticipate achieving a reduction in our overall effective tax rate in the future as a result of this reorganized corporate structure, we may not realize any benefits. Our intercompany relationships are subject to complex transfer pricing regulations administered by taxing authorities in various jurisdictions. The relevant taxing authorities may disagree with our determinations as to the income and expenses attributable to specific jurisdictions. If such a disagreement were to occur, and our position were not sustained, we could be required to pay additional taxes, interest and penalties, which could result in one-time tax charges, higher effective tax rates, reduced cash flows and lower overall profitability of our operations. In addition, if the intended tax treatment of our reorganized corporate structure is not accepted by the applicable taxing authorities, changes in tax law negatively impact the structure or we do not operate our business consistent with the structure and applicable tax laws and regulations, we may fail to achieve any tax advantages as a result of the reorganized corporate structure, and our future operating results and financial condition may be negatively impacted. In addition, we continue to evaluate our corporate structure in light of current and pending tax legislation, and any changes to our corporate structure may require us to incur additional expenses and may impact our overall effective tax rate.

We could be subject to additional tax liabilities.

We are subject to U.S. federal, state and local income taxes and sales taxes in the United States and foreign income taxes, withholding taxes and transaction taxes in numerous foreign jurisdictions. Significant judgment is required in evaluating our tax positions and our worldwide provision for taxes. During the ordinary course of business, there are many activities and transactions for which the ultimate tax determination is uncertain. In addition, our tax obligations and effective tax rates could be adversely affected by changes in the relevant tax, accounting and other laws, regulations, principles and interpretations, including those relating to income tax nexus, corporate income tax rates and the proposed global minimum tax, by recognizing tax losses or lower than anticipated earnings in jurisdictions where we have lower statutory rates and higher than anticipated earnings in jurisdictions where we have higher statutory rates, by changes in foreign currency exchange rates, or by changes in the valuation of our deferred tax assets and liabilities. We may be audited in various jurisdictions, and such jurisdictions may assess additional taxes, sales taxes and value-added

taxes against us. Although we believe our tax estimates are reasonable, the final determination of any tax audits or litigation could be materially different from our historical tax provisions and accruals, which could have a material adverse effect on our operating results or cash flows in the period for which a determination is made.

Our failure to raise additional capital or generate the significant capital necessary to expand our operations and invest in new solutions could reduce our ability to compete and could harm our business.

We intend to continue to make investments to support our business growth and may require additional funds to respond to business challenges, including the need to develop new solutions and enhancements to our platform, improve our operating infrastructure or acquire complementary businesses and technologies. Accordingly, we may need to engage in equity or debt financings to secure additional funds. If we raise additional equity financing, our stockholders may experience significant dilution of their ownership interests and the per share value of our common stock could decline. Furthermore, if we engage in additional debt financing, the holders of debt would have priority over the holders of common stock, and we may be required to accept terms that restrict our ability to incur additional indebtedness. We may also be required to take other actions that would otherwise be in the interests of the debt holders and force us to maintain specified liquidity or other ratios, any of which could harm our business, results of operations, and financial condition. If we need additional capital and cannot raise it on acceptable terms, we may not be able to, among other things:

•develop or enhance our solutions and subscriptions;

•continue to expand our sales and marketing and research and development organizations;

•acquire complementary technologies, solutions or businesses;

•expand operations, in the United States or internationally;

•hire, train and retain employees; or

•respond to competitive pressures or unanticipated working capital requirements.

Our failure to do any of these things could harm our business, financial condition and results of operations.

Risks Related to Systems and the Transition to New Quote-to-Cash and Enterprise Resource Planning Systems

Our ability to manage our business and monitor results is highly dependent upon IT systems. A failure of these systems or our planned QTC and ERP implementations could have a material adverse effect on our business.

We are highly dependent upon a variety of IT systems to operate our business.In order to continue to support our growth and scale as a SaaS company, we are making significant technological upgrades to our information systems. We are in the process of implementing a new quote-to-cash (“QTC”) system and a new enterprise resource planning (“ERP”) system which we expect to complete in 2022, and are updating processes to perform various functions and improve on the efficiency of our global business. This is a complicated, lengthy and expensive process that will result in a diversion of resources from other operations. Continued execution of the project plan, or a divergence from it, may result in cost overruns, project delays or business interruptions. In addition, divergence from our project plan could negatively impact the timing and/or extent of benefits we expect to achieve from the system and process efficiencies.Failure to properly or adequately address any unaccounted for or unforeseen issues in successfully replacing our legacy systems could negatively impact the company’s ability to perform necessary business operations, manage our administrative costs, or perform under the TSA, any of which could adversely affect our reputation, competitive position, business, results of operations and financial condition.

Any disruptions, delays or deficiencies in the design and/or implementation of the new QTC and ERP systems, or in the performance or migration of our legacy systems, particularly any disruptions, delays or deficiencies that impact our operations, could adversely affect our ability to effectively run and manage our business. The implementation of our planned new QTC and ERP systems subjects us to inherent risks associated with migrating from our legacy systems, including, without limitation, our ability to process orders, provide services and customer support, send invoices and track payments, fulfill contractual obligations, fulfill federal, state and local reporting and filing requirements in a timely or accurate manner, or otherwise operate our business. In addition, if any issues with respect to the new systems result in, or contribute to, a delay in our timely reporting of our results of operations for any period or our not filing one or more periodic reports with the SEC on time, the price of our common stock could decline substantially, and we could face costly lawsuits, including securities class actions. Further, as we are dependent upon our ability to gather and promptly transmit accurate information to key decision makers, our business, results of operations and financial condition may be adversely affected if our information systems do not allow us to transmit accurate information, even for a short period of time. Failure to properly or adequately address these issues could negatively impact our ability to perform necessary business operations, which could adversely affect our reputation, competitive position, business, results of operations and financial condition.

In addition, the information systems of companies we acquire may not be sufficient to meet our standards or we may not be able to successfully convert them to provide acceptable information on a timely and cost-effective basis. Furthermore, we must attract and

retain qualified people to operate our systems, expand and improve them, integrate new programs effectively with our existing programs, and convert to new systems efficiently when required. Any disruption to our business due to such issues, or an increase in our costs to cover these issues that is greater than what we have anticipated, could have an adverse effect on our financial results and operations.

The implementation of our planned new ERP and change in related processes could negatively impact the effectiveness of our internal control over financial reporting.

Our ERP system is critical to our ability to accurately maintain books and records, record transactions, provide important information to our management and prepare our consolidated financial statements. The implementation of our planned new ERP system in 2022 will also require the transformation of business and financial processes, and any such changes involves risks, including potential transaction errors, processing inefficiencies and loss of data.If the transition to our planned new ERP system is not successful, and the new system and new processes do not operate as intended, the effectiveness of our internal control over financial reporting could be adversely affected and our ability to assess it adequately could be further impacted.If difficulties in implementing the new ERP system or related processes result in a material weakness in our internal control over financial reporting, a failure to remediate the material weakness could also negatively impact our ability to prepare our future financial statements in conformity with GAAP. If we experience ongoing disruptions with such implementation and/or are unable to remediate any such material weakness, such events could have a material adverse effect on our reputation, competitive position, business, results of operations and financial condition.

Any additional costs, cost overruns and delays with implementation of our new QTC and ERP systems may adversely affect our business and results of operations.

The implementation of our planned new QTC and ERP systems has and will continue to involve substantial expenditures, as well as design, development and implementation activities. Until the new systems are fully implemented, we expect to incur additional selling, general and administrative expenses and capital expenditures to implement and test the systems, and there can be no assurance that issues relating to the systems will not occur or be identified. Our business and results of operations may be adversely affected if we experience operating problems, additional costs, or cost overruns during the QTC and ERP implementation process, or if any of the systems or the related processes changes significantly.

Risks Related to Privacy and Data Protection

We have experienced network or data security incidents in the past, and we may experience additional network or data security incidents in the future, which, whether actual, alleged or perceived, may harm our reputation, create liability and adversely impact our financial results.

Increasingly, companies are subject to a wide variety of attacks on their networks on an ongoing basis. In addition to traditional computer “hackers,” malicious code (such as viruses and worms), phishing attempts, ransomware, employee theft or misuse, accidental disclosure, and denial of service attacks, sophisticated nation-state and nation-state supported actors engage in intrusions and attacks (including advanced persistent threat intrusions) and add to the risks to our internal networks, cloud deployed enterprise and customer facing environments and the information they store and process. We also utilize third-party service providers to host, transmit, or otherwise process electronic data in connection with our business activities. We and/or our third-party service providers have faced and may continue to face security threats and attacks from a variety of sources. Our data, corporate systems, third-party systems and security measures have been and may continue to be subject to breaches or intrusions due to the actions of outside parties, employee error, malfeasance, a combination of these, or otherwise, including social engineering and employee and contractor error or malfeasance, and, as a result, an unauthorized party may obtain access to our systems, networks, or data. There have been and may continue to be significant software supply chain attacks, and we cannot guarantee that our or our third-party service providers’ systems and networks have not been breached or that they do not contain exploitable defects or bugs that could result in a breach of or disruption to our systems and networks or the systems and networks of third parties that support us and our services. Techniques used to sabotage or obtain unauthorized access to systems and networks are constantly evolving and, in some instances, are not identified until or after they are launched against a target, and we may face difficulties or delays in identifying or otherwise responding to any attacks or actual or potential breaches of security. Furthermore, as a well-known provider of security solutions, we may be a more attractive target for such attacks. A breach in our data security or an attack against our service availability, or that of our third-party service providers, could impact our solutions and subscriptions, creating system disruptions or slowdowns and exploiting security vulnerabilities of our solutions, and the information stored on our networks or those of our third-party service providers could be accessed, publicly disclosed, altered, rendered unavailable, lost, or stolen, which could result in a loss of intellectual property or loss of data or its confidentiality, integrity, or availability and subject us to liability and cause us financial harm.

In the fourth quarter of 2020, we experienced an attack from a highly sophisticated threat actor, one whose discipline, operational security, and techniques lead us to believe it was a state-sponsored attack. Like numerous other public and private organizations affected by this attack, the threat actor gained access to our networks and systems via trojanized updates to SolarWinds’ Orion IT monitoring and management software. We conducted a comprehensive investigation in coordination with the Federal Bureau of Investigation and other key partners, including Microsoft. Our investigation identified that the attacker targeted and accessed certain

Red Team assessment tools that we use to test our customers’ security. These tools mimic the behavior of many cyber-threat actors and enable us to provide essential diagnostic security services to our customers and, if used or publicly disclosed by the threat actor, could be used to conduct additional attacks on us or other organizations. Our investigation also identified that, consistent with a nation-state cyber-espionage effort, the attacker was able to access certain of our internal systems and primarily sought information related to certain government customers. We notified affected customers and government agencies, as we deemed was required or appropriate. We have incurred costs to respond to this attack and may continue to incur costs to remediate and support our efforts to enhance our security measures.

There can be no assurance that we will be successful in preventing security breaches or other security incidents nor that we will be successful in mitigating their effects, despite the implementation of security measures for systems, networks, or data within our control. Similarly, there can be no assurance that our third-party service providers, distributors and other contractors will be successful in protecting our data on their systems or in protecting other systems upon which we may rely. Any actual, alleged or perceived breach of network security in our systems or networks, or any other actual, alleged or perceived data security incident we or our third-party service providers suffer, could result in damage to our reputation, negative publicity, loss of channel partners, customers and sales, loss of competitive advantages over our competitors, increased costs to remedy any problems and otherwise respond to any incident, regulatory investigations and enforcement actions, costly litigation, and other liability. In addition, we may incur significant costs and operational consequences of investigating, remediating, eliminating and putting in place additional tools and devices designed to prevent actual or perceived security breaches and other security incidents, as well as the costs to comply with any notification or other legal obligations resulting from any security incidents. Any of these negative outcomes could result in substantial costs and diversion of resources, distract management and technical personnel, adversely impact the market perception of our solutions and subscriptions and end-customer and investor confidence in our company and could seriously harm our business or operating results.

Although we maintain cyber liability insurance coverage that may cover certain liabilities in connection with security breaches and other security incidents, we cannot be certain our insurance coverage will be adequate for liabilities actually incurred, that insurance will continue to be available to us on commercially reasonable terms (if at all) or that any insurer will not deny coverage as to any future claim. The successful assertion of one or more large claims against us that exceed available insurance coverage, the occurrence of changes in our insurance policies, including premium increases or the imposition of large deductible or co-insurance requirements, or denials of coverage, could have a material adverse effect on our business, including our financial condition, results of operations and reputation.

If we fail to adequately protect personal information or other information we process or maintain, our business, financial condition and operating results could be adversely affected.

A wide variety of provincial, state, national, and international laws and regulations apply to the collection, use, retention, protection, disclosure, transfer and other processing of personal data and other information. Evolving and changing definitions of personal data and personal information within the European Union ("EU"), the United States, and elsewhere, especially relating to classification of Internet Protocol addresses, machine identification, location data and other information, may limit or inhibit our ability to operate or expand our business, including limiting technology alliance partners that may involve the sharing of data. Data protection and privacy-related laws and regulations are evolving and may result in ever-increasing regulatory and public scrutiny and escalating levels of enforcement and sanctions.

For example, the EU General Data Protection Regulation ("GDPR"), which became fully effective on May 25, 2018, imposes more stringent data protection requirements than previously effective EU data protection law and provides for penalties for noncompliance of up to the greater of €20 million or four percent of worldwide annual revenues. The GDPR requires, among other things, that personal data only be transferred outside of the EU to certain jurisdictions, including the United States, if steps are taken to legitimize those data transfers. We historically relied on the EU-U.S. and Swiss-U.S. Privacy Shield programs, and the use of standard contractual clauses approved by the European Commission (the “SCCs”), to legitimize these transfers. Both the EU-U.S. Privacy Shield and the SCCs have been subject to legal challenge, however, and on July 16, 2020, the Court of Justice of the European Union (“CJEU”) invalidated the EU-U.S. Privacy Shield framework that had been in place since 2016, which allowed companies like us to meet certain European legal requirements for the transfer of personal data from the European Economic Area (“EEA”) to the U.S., and imposed additional obligations on companies when relying on the SCCs. On September 8, 2020, the Swiss Federal Data Protection and Information Commissioner invalidated the Swiss-U.S. Privacy Shield on similar grounds. This CJEU decision and related developments may result in different EEA data protection regulators applying differing standards for the transfer of personal data from the EEA to the United States, and may even require ad hoc verification of measures taken with respect to data flows. The CJEU decision requires us to take additional steps to legitimize any impacted personal data transfers, including in connection with the use of the SCCs, with the full impact of such decision uncertain at this time. The European Commission published new SCCs in June 2021, which are required to be implemented over time. The CJEU decision and related developments could result in increased costs of compliance and limitations on our customers and us. More generally, as a result of the CJEU decision or related developments, we may find it necessary or desirable to modify our data handling practices and policies and to implement additional contractual and technical safeguards, and our practices relating to cross-border transfers of data or other data handling practices, or those of our customers and vendors, may be challenged. We also may be required to engage in additional contractual negotiations.As a result of these factors, our business, financial condition and operating results may be adversely impacted. Some countries also are considering

or have enacted legislation requiring local storage and processing of data that could increase the cost and complexity of delivering our services.

In addition to the GDPR, the European Commission has another draft regulation in the approval process that focuses on a person’s right to conduct a private life. The proposed legislation, known as the Regulation of Privacy and Electronic Communications (“ePrivacy Regulation”), would replace the current ePrivacy Directive. Originally planned to be adopted and implemented at the same time as the GDPR, the ePrivacy Regulation is still being negotiated. On February 10, 2021, the Council of the EU agreed on its version of the draft ePrivacy Regulation. If adopted, the earliest date for entry into force is in 2023, with broad potential impacts on the use of internet-based services and tracking technologies, such as cookies. Aspects of the ePrivacy Regulation remain for negotiation between the European Commission and the Council. We expect to incur additional costs to comply with the requirements of the ePrivacy Regulation as it is finalized for implementation.

Further, the United Kingdom ("U.K.") exited the EU, commonly referred to as “Brexit,” on January 31, 2020, subject to a transition period ending December 31, 2020. Brexit could lead to further legislative and regulatory changes. The U.K. has implemented legislation that substantially implements the GDPR, with penalties for noncompliance of up to the greater of £17.5 million or four percent of worldwide revenues. Aspects of U.K. data protection laws and regulations, however, including with respect to the role of the U.K. Information Commissioner’s Office and regulation of data transfers to and from the U.K. in the medium to longer term, remain unclear. On June 28, 2021, the European Commission announced a decision of “adequacy” concluding that the U.K. ensures an equivalent level of data protection to the GDPR, which provides some relief regarding the legality of continued personal data flows from the EEA to the U.K. Some uncertainty remains, however, as this adequacy determination must be renewed after four years and may be modified or revoked in the interim. We cannot fully predict how U.K. data protection laws or regulations may develop in the medium to longer term nor the effects of divergent laws and guidance regarding how data transfers to and from the U.K. will be regulated. We may find it necessary or appropriate to make additional changes to the way we process data and otherwise conduct our business within, and transmit data to and from, the U.K. Some countries also are considering or have enacted legislation requiring local storage and processing of data, or similar requirements, which could increase the cost and complexity of delivering our services or require us to change our policies and practices.

California enacted legislation in 2018, the California Consumer Privacy Act (“CCPA”), that became operative on January 1, 2020. The CCPA requires covered companies to, among other things, provide new disclosures to California consumers, and affords such consumers new abilities to opt-out of certain sales of personal information. Aspects of the CCPA and its interpretation remain unclear. Additionally, a new privacy law, the California Privacy Rights Act (“CPRA”), was approved by California voters in the November 3, 2020 election. The CPRA creates obligations relating to consumer data beginning on January 1, 2022, with implementing regulations expected on or before July 1, 2022, and enforcement beginning July 1, 2023. The CPRA significantly modifies the CCPA, potentially resulting in further uncertainty and requiring us to incur additional costs and expenses. More generally, some observers have noted the CCPA could mark the beginning of a trend toward more stringent privacy legislation in the U.S., as observed with the Virginia Consumer Data Protection Act, enacted March 2021 and which becomes effective January 1, 2023, and the Colorado Privacy Act, enacted in June 2021 and which takes effect on July 1, 2023. We cannot fully predict the impact of the CCPA on our business or operations, but it may require us to modify our data processing practices and policies and to incur substantial costs and expenses in an effort to comply.

Even the perception of privacy, data protection or cybersecurity concerns, whether or not valid, may harm our reputation, inhibit adoption of our solutions by current and future customers, or adversely impact our ability to hire and ~~train~~retain workforce talent. If our security measures are or are believed to be inadequate or breached as a ~~sufficient~~result of third-party action, employee negligence, error or malfeasance, social engineering techniques or otherwise, and this results in, or is believed to result in, the disruption of the confidentiality, integrity or availability of our systems or networks or any data we process or maintain, or the loss, destruction or corruption of such data, or our privacy, data protection or cybersecurity practices are or are perceived to be inadequate, we could incur significant liability, we could face a loss of revenues, and our business may suffer and our reputation and competitive position may be damaged. Additionally, our service providers may suffer, or be perceived to suffer, privacy or data security breaches or other incidents that may compromise, or be perceived to compromise, data stored or processed for us that may give rise to any of the foregoing.

We also expect that there will continue to be changes in interpretations of existing laws and regulations, or new proposed laws and regulations concerning privacy, data protection and cybersecurity. We cannot yet determine the impact these laws and regulations or changed interpretations may have on our business, but we anticipate that they could impair our or our customers’ ability to collect, use or disclose information relating to individuals, which could decrease demand for our platform or solutions, increase our costs and impair our ability to maintain and grow our customer base and increase our revenue. Moreover, because the interpretation and application of many laws and regulations relating to privacy, data protection and cybersecurity, along with certain industry standards, are uncertain, it is possible that these laws, regulations and standards, or contractual obligations to which we are or may become subject, or to which we may be alleged to be subject, may be interpreted and applied in a manner that is inconsistent with our existing or future data management practices or features of our platform and solutions. Our actual or perceived failure to adequately comply with any such applicable laws, regulations, standards, and other actual or asserted obligations or to protect personal data and other data we process or maintain, could result in regulatory investigations and enforcement actions against us, fines, penalties and other liabilities, imprisonment of company officials and public censure, claims for damages by customers and other affected individuals,

required efforts to mitigate or otherwise respond to incidents, litigation, damage to our reputation and loss of goodwill (both in relation to existing customers and prospective customers), any of which could have a material adverse effect on our operations, financial performance and business. Even the perception of privacy, data protection or cybersecurity concerns, whether or not valid, may harm our reputation and inhibit adoption of our solutions and subscriptions by current and future customers.

Risks Related to Sales of Our Solutions, Subscriptions and Services

If we are unable to sell additional solutions, subscriptions and services, as well as renewals of our subscriptions and services, to our customers, our future revenue and operating results will be harmed.

Our future success depends, in part, on our ability to expand the deployment of our Mandiant Advantage platform with existing customers by selling them additional solutions, subscriptions and services. This may require increasingly sophisticated and costly sales efforts and may not result in additional sales. In addition, the rate at which our customers purchase additional solutions, subscriptions and services depends on a number of ~~effective sales personnel, or~~factors, including the ~~sales personnel we hire~~perceived need for additional IT security, general economic conditions, and our customers' level of satisfaction with our existing solutions they have previously purchased. If our efforts to sell additional solutions, subscriptions and services to our customers are not successful, ~~in obtaining new customers or increasing sales to our existing customer base,~~ our business may suffer.

Further, existing customers that purchase our platform have no contractual obligation to renew their subscriptions after the initial contract period, and given our limited operating history, we may not be able to accurately predict our retention rates. Our customers’ retention rates may decline or fluctuate as a result of a number of factors, including the level of their satisfaction with our platform, our customer support, customer budgets and the pricing of our platform compared with the solutions and services offered by our competitors. If our customers renew their subscriptions, they may renew for shorter contract lengths or on other terms that are less economically beneficial to us. We cannot assure you that our customers will ~~be adversely affected.~~renew their subscriptions, and if our customers do not renew their subscriptions or renew them on less favorable terms, our revenue may grow more slowly than expected, not grow at all, or even decline.

Our sales cycles can be long and unpredictable, and our sales efforts require considerable time and expense. As a result, our sales, billings and revenue are difficult to predict and may vary substantially from period to period, which may cause our results of operations to fluctuate significantly.

Our results of operations may fluctuate, in part, because of the resource intensive nature of our sales efforts, the length and variability of our sales cycle and the short-term difficulty in adjusting our operating expenses. Our results of operations depend in part on sales to large organizations. The length of our sales cycle, from ~~proof~~identification of ~~concept~~the opportunity to ~~delivery of and payment for our platform,~~

isdeal closure, may vary significantly from customer to customer, with sales to large enterprises typically ~~three~~taking longer to ~~nine months but can be more than a year.~~complete. To the extent our competitors develop ~~products~~solutions that our prospective customers view as equivalent to ours, our average sales cycle may increase. Because the length of time required to close a sale varies substantially from customer to customer, it is difficult to predict exactly when, or even if, we will make a sale with a potential customer. As a result, large individual sales have, in some cases, occurred in quarters subsequent to or in advance of those we anticipated, or have not occurred at all. We are generally billing a number of large deals in any quarter, and the loss or delay of one or more of these large transactions in a quarter could impact our results of operations for that quarter and any future quarters for which revenue from that transaction is delayed. Furthermore, some sales (such as product sales) generally result in immediate recognition of revenue, while other sales, such as product subscription sales, require the recognition of revenue over periods of one year or longer typically. As a result, ~~of these factors,~~ it is difficult for us to forecast our revenue accurately in any quarter based on our internal forecasts of billings. Because a substantial portion of our expenses are relatively fixed in the short term, our results of operations will suffer if our revenue falls below our ~~or analysts’~~ expectations in a particular quarter, which could cause the price of our common stock to decline.

If we are unable to sell additional products, subscriptions and services, as well as renewals of our subscriptions and services, to our customers, our future revenue and operating results will be harmed.

Our future success depends, in part, on our ability to expand the deployment of our platform with existing customers by selling them additional products, subscriptions and services, such as our FireEye Helix platform. This may require increasingly sophisticated and costly sales efforts and may not result in additional sales. In addition, the rate at which our customers purchase additional products, subscriptions and services depends on a number of factors, including the perceived need for additional IT security, general economic conditions, and our customers' satisfaction with our existing solutions they have previously purchased. If our efforts to sell additional products, subscriptions and services to our customers are not successful, our business may suffer.

Further, existing customers that purchase our platform have no contractual obligation to renew their subscriptions and support and maintenance services after the initial contract period, and given our limited operating history, we may not be able to accurately predict our retention rates. Our customers’ retention rates may decline or fluctuate as a result of a number of factors, including the level of their satisfaction with our platform, our customer support, customer budgets and the pricing of our platform compared with the products and services offered by our competitors. If our customers renew their subscriptions, they may renew for shorter contract lengths or on other terms that are less economically beneficial to us. We cannot assure you that our customers will renew their subscriptions, and if our customers do not renew their subscriptions or renew on less favorable terms, our revenue may grow more slowly than expected, not grow at all, or even decline.

We also depend on our installed customer base for future support and maintenance revenue. We offer our support and maintenance agreements for terms that generally range between one and five years. If customers choose not to renew their support and maintenance agreements or seek to renegotiate the terms of their support and maintenance agreements prior to renewing such agreements, our revenue may grow more slowly than expected, not grow at all, or even decline.

We rely on revenue from ~~subscriptions~~sales of solutions and ~~service contracts,~~subscriptions and because we recognize revenue from ~~subscriptions and service contracts~~most of these sales over the term of the relevant ~~subscription~~useful life or ~~service~~subscription period, downturns or upturns in sales are not immediately reflected in full in our results of operations.

~~Subscription~~Revenue from sales of our solutions and ~~services revenue~~subscriptions accounts for a significant portion of our total ~~revenue, comprising 84%, 79% and 65% for the years ended December 31, 2017, 2016 and 2015, respectively. Sales of new~~revenue. New or renewal ~~subscription and service contracts~~sales of subscriptions may decline or fluctuate as a result of a number of factors, including customers’ level of satisfaction with our ~~products~~solutions and subscriptions, the actual or perceived efficacy of our security solutions, the prices of our ~~products~~solutions and subscriptions, the prices of ~~products~~solutions and subscriptions offered by our competitors or reductions in our customers’ spending levels. If our sales of new or renewal subscription and service contracts decline, our revenue and revenue growth rate may decline and adversely affect our business. In addition, we recognize ~~subscription and service~~revenue from our subscriptions revenue ratably over the term of the relevant ~~service~~contract period, which is generally between one to five years. As a result, much of the solution, subscription and ~~service~~support revenue we report each quarter is derived from ~~subscription and service contracts that we sold~~sales in prior quarters. Consequently, a decline in new or ~~renewed subscription or service contracts~~renewal sales in any one quarter will not be fully reflected in revenue in that quarter but will negatively affect our revenue in future quarters. Accordingly, the effect of significant decreases in the market acceptance of, or demand for, our ~~subscriptions~~solutions or ~~services~~subscriptions may not be immediately apparent from our results of operations until future periods. Also, it is difficult for us to rapidly increase our ~~subscription~~ revenue through additional sales in any period, as the majority of our revenue is derived from ~~new~~sales of our solutions, subscriptions and ~~renewal subscription contracts must be recognized ratably over the applicable service period.~~services sold in prior periods. Furthermore, any increases in the average term of our subscriptions ~~contracts~~ would result in a longer revenue ~~for those subscription contracts being~~recognition period, and could reduce the amount of revenue recognized ~~over longer periods of time.~~in each period.

The sales prices of our ~~products,~~solutions, subscriptions and services may decrease, which may reduce our gross profits and adversely impact our financial results.

The sales prices for our ~~products,~~solutions, subscriptions and services may decline for a variety of reasons, including competitive pricing pressures, discounts, ~~a change in our mix of products, subscriptions and services,~~ anticipation of the introduction of new ~~products, subscriptions or services, introduction of new pricing and packaging~~solutions by our competitors, or promotional ~~programs.~~programs offered by us or our competitors. Competition continues to increase in the market segments in which we participate, and we expect competition to further increase in the future, thereby leading to increased

pricing pressures. Larger competitors with more diverse ~~product~~solution and service offerings may reduce the price of ~~products~~solutions or subscriptions that compete with ours or may bundle them with other ~~products~~solutions and subscriptions. Additionally, although we price our ~~products~~solutions and subscriptions worldwide in U.S. dollars, currency fluctuations in certain countries and regions may negatively impact actual prices that partners and customers are willing to pay in those countries and regions, or the effective prices we realize in our reporting currency. ~~Furthermore, we anticipate that the sales prices and gross profits for our products will decrease over product life cycles.~~ We cannot assure you that we will be successful in developing and introducing new offerings with enhanced functionality on a timely basis, or that our new ~~product and~~ subscription offerings, if introduced, will enable us to maintain our ~~prices and~~ gross profits at levels that will allow us to ~~maintain positive gross margins and~~ achieve profitability.

If we do not ~~accurately anticipate~~effectively hire, integrate and ~~respond promptly~~train our direct sales force, we may be unable to ~~changes in~~add new customers or increase sales to our ~~customers’ technologies,~~existing customers, and our business ~~plans or security needs, our competitive position and prospects could~~will be ~~harmed.~~adversely affected.

~~The IT security market has grown quickly and is expected to~~We continue to ~~evolve rapidly. Moreover, many~~be substantially dependent on our direct sales force to obtain new customers and increase sales with existing customers. There is significant competition for sales personnel with the skills and technical knowledge that we require. Our ability to achieve revenue growth will depend, in large part, on our success in recruiting, integrating, training and retaining sufficient numbers of sales personnel to support our ~~customers operate~~growth, particularly in ~~markets characterized by rapidly changing technologies~~international markets. New hires require significant training and ~~business plans, which require them to add numerous network access points~~may take significant time before they achieve full productivity. Our recent hires and adapt to increasingly complex IT networks, incorporating a variety of hardware, software applications, operating systems and networking protocols. As their technologies and business plans grow more complex,planned hires may not become productive as quickly as we expect, ~~these customers~~and we may be unable to ~~face new and increasingly sophisticated methods~~hire or retain sufficient numbers of attack. We face significant challenges in ensuring that our platform effectively identifies and responds to these advanced and evolving attacks without disrupting our customers’ network performance. As a result of the continued rapid innovationsqualified individuals in the ~~technology industry, including the rapid growth of smart phones, tablets~~markets where we do business or plan to do business. If we are unable to hire and other devices, the trend of “bring your own device” in enterprises, and the rapidly evolving Internet of Things ("IOT"), we expect the networks of our customers to continue to change rapidly and become more complex.

~~We have identified~~train a sufficient number of ~~new products and enhancements to our platform that~~effective sales personnel, or the sales personnel we believe are important to our continued success in the IT security market, including our FireEye Helix platform and enhancements to our endpoint solution. There can be no assurance that we will be successful in developing and marketing, on a timely basis, such new products or enhancements or that our new products or enhancements will adequately address the changing needs of the marketplace. In addition, some of our new products and enhancements may require us to develop new hardware architectures that involve complex, expensive and time-consuming research and development processes. Although the market expects rapid introduction of new products and enhancements to respond to new threats, the development of these products and enhancements is difficult and the timetable for commercial release and availability is uncertain, as there can be significant time lags between initial beta releases and the commercial availability of new products and enhancements. We may experience unanticipated delays in the availability of new products and enhancements to our platform and fail to meet customer expectations with respect to the timing of such availability. If we do not quickly respond to the rapidly changing and rigorous needs of our customers by developing, releasing and making available on a timely basis new products and enhancements to our platform, such as our FireEye Helix platform and enhancements to our endpoint solution, that can adequately respond to advanced threats and our customers’ needs, our competitive position and business prospects will be harmed. Furthermore, from time to time, we or our competitors may announce new products with capabilities or technologies that could have the potential to replace or shorten the life cycles of our existing products. There can be no assurance that announcements of new products will not cause customers to defer purchasing our existing products.

Additionally, the process of developing new technology is expensive, complex and uncertain. The success of new products and enhancements depends on several factors, including appropriate component costs, timely completion and introduction, differentiation of new products and enhancements from those of our competitors, and market acceptance. To maintain our competitive position, we must continue to commit significant resources to developing new products or enhancements to our platform before knowing whether these investments will be cost-effective or achieve the intended results. There can be no assurance that we will successfully identify new product opportunities, develop and bring new products or enhancements to market in a timely manner, or achieve market acceptance of our platform, or that products and technologies developed by others will not render our platform obsolete or noncompetitive. If we expend significant resources on researching and developing products or enhancements to our platform and such products or enhancementshire are not successful in obtaining new customers or increasing sales to our existing customer base, our business ~~financial position and results of operations may~~will be adversely affected.

Our current research and development efforts may not produce successful products or enhancements to our platform that result in significant revenue, cost savings or other benefits in the near future, if at all.

We must continue to dedicate significant financial and other resources to our research and development efforts if we are to maintain our competitive position. However, developing products and enhancements to our platform is expensive and time consuming, and there is no assurance that such activities will result in significant new marketable products or enhancements to our platform, design improvements, cost savings, revenue or other expected benefits. If we spend significant resources on research and development and are unable to generate an adequate return on our investment, our business and results of operations may be materially and adversely affected.

If we are unable to increase sales of our ~~platform~~solutions to large organizations while mitigating the risks associated with serving such customers, our business, financial position and results of operations may suffer.

Our growth strategy is dependent, in part, upon increasing sales of our ~~platform~~solutions to large enterprises and governments. Sales to large customers involve risks that may not be present (or that are present to a lesser extent) with sales to smaller entities. These risks include:

•increased purchasing power and leverage held by large customers in negotiating contractual arrangements with us;

•more stringent or costly requirements imposed upon us in our support service contracts with such customers, including stricter support response times and penalties for any failure to meet support requirements;

•more complicated implementation processes;

•longer sales cycles and the associated risk that substantial time and resources may be spent on a potential customer that ultimately elects not to purchase our platform or purchases less than we hoped;

•closer relationships with, and dependence upon, large technology companies who offer competitive ~~products;~~solutions; and

•more pressure for discounts and write-offs.

In addition, because security breaches with respect to larger, high-profile enterprises are likely to be heavily publicized, there is increased reputational risk associated with serving such customers. If we are unable to increase sales of our ~~platform~~offerings to large enterprise and government customers while mitigating the risks associated with serving such customers, our business, financial position and results of operations may suffer.

~~Reliance on shipments at the end of each quarter could cause our revenue for the applicable period to fall below expected levels.~~

As a result of customer buying patterns and the efforts of our sales force and channel partners to meet or exceed their sales objectives, we have historically received a substantial portion of sales orders and generated a substantial portion of revenue during the last few weeks and days of each quarter. A significant interruption in our IT systems, which manage critical functions such as order processing, revenue recognition, financial forecasts, inventory and supply chain management, and trade compliance reviews, or our supply chain could result in delayed order fulfillment and decreased revenue for that quarter. If expected revenue at the end of any quarter is delayed for any reason, including the failure of anticipated purchase orders to materialize, our logistics or channel partners’ inability to ship products prior to quarter-end to fulfill purchase orders received near the end of the quarter, our failure to manage inventory to meet demand, our inability to release new products on schedule, any failure of our systems related to order review, processing and licensing, or any delays in shipments based on trade compliance requirements (including new compliance requirements imposed by new or renegotiated trade agreements), our revenue for that quarter could fall below our expectations and the estimates of market analysts, which could adversely impact our business and results of operations and cause a decline in the trading price of our common stock.

~~Claims by others that we infringe their proprietary technology or other rights could harm our business.~~

Technology companies frequently enter into litigation based on allegations of patent infringement or other violations of intellectual property rights. In addition, patent holding companies seek to monetize patents they have purchased or otherwise obtained. As we face increasing competition and gain an increasingly higher profile, the possibility of intellectual property rights claims against us grows. From time to time, third parties have asserted, and we expect that third parties will continue to assert, claims of infringement of intellectual property rights against us. For example, on December 29, 2017, we executed Confidential Patent License Agreements with Finjan Holdings, Inc. (“Finjan”), whereby we resolved all pending litigation matters. Under the terms of the settlement agreement, we paid Finjan a one-time net cash settlement amount of $12.5 million in December 2017, in exchange for the resolution and settlement of all claims between FireEye and Finjan and for cross-licenses between the companies of certain issued patents and patent applications. Other security companies have paid amounts to the same plaintiff to license some of the patents asserted against us. Third parties may in the future also assert claims against our customers or channel partners, whom our standard license and other agreements obligate us to indemnify against claims that our products infringe the intellectual property rights of third parties. While we intend to increase the size of our patent portfolio, many of our competitors and others may now and in the future have significantly larger and more mature patent portfolios than we have. In addition, future litigation may involve patent holding companies or other patent owners who have no relevant product offerings or revenue and against whom our own patents may therefore provide little or no deterrence or protection. Any claim of intellectual property infringement by a third party, even a claim without merit, could cause us to incur substantial costs defending against such claim, could distract our management from our business and could require us to cease use of such intellectual property. Furthermore, because of the substantial amount of discovery required in connection with intellectual property litigation, there is a risk that some of our confidential information could be compromised by the discovery process.

Although third parties may offer a license to their technology or other intellectual property, the terms of any offered license may not be acceptable, and the failure to obtain a license or the costs associated with any license could cause our business, financial condition and results of operations to be materially and adversely affected. In addition, some licenses may be non-exclusive, and

therefore our competitors may have access to the same technology licensed to us. If a third party does not offer us a license to its technology or other intellectual property on reasonable terms, or at all, we could be enjoined from continued use of such intellectual property. As a result, we may be required to develop alternative, non-infringing technology, which could require significant time (during which we could be unable to continue to offer our affected products, subscriptions or services), effort, and expense and may ultimately not be successful. Furthermore, a successful claimant could secure a judgment or we may agree to a settlement that prevents us from distributing certain products, providing certain subscriptions or performing certain services or that requires us to pay substantial damages, royalties or other fees. Any of these events could harm our business, financial condition and results of operations.

Because we depend on a limited number of manufacturers to build the appliances used in our platform, we are susceptible to manufacturing delays and pricing fluctuations that could prevent us from shipping customer orders on time, or on a cost-effective basis, which may result in the loss of sales and customers.

We depend on a limited number of third-party manufacturers, primarily Flextronics Telecom Systems, Ltd., as sole source manufacturers for our appliances used in our platform. Our reliance on third-party manufacturers reduces our control over the manufacturing process and exposes us to risks, including reduced control over quality assurance, product costs, product supply and timing. Any manufacturing disruption by these third-party manufacturers could severely impair our ability to fulfill orders on time. If we are unable to manage our relationships with these third-party manufacturers effectively, or if these manufacturers suffer delays or disruptions for any reason, experience increased manufacturing lead-times, capacity constraints or quality control problems in their manufacturing operations, or fail to meet our future requirements for timely delivery, our ability to ship products to our customers would be severely impaired, and our business and results of operations would be harmed.

In addition, our reliance on third-party manufacturers exposes us to the risk that certain minerals, known as “conflict minerals,” that are contained in our products have originated in the Democratic Republic of the Congo or an adjoining country. As a result of the passage of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, the SEC adopted disclosure requirements for public companies whose products contain conflict minerals that are necessary to the functionality or production of such products. Although the SEC has provided guidance with respect to a portion of the conflict minerals filing requirements that somewhat reduced the reporting required, we have incurred and expect to incur additional costs to comply with the disclosure requirements, including costs related to determining the source of the conflict minerals used in our products. Moreover, the implementation of these requirements could adversely affect the sourcing, availability and pricing of materials used in the manufacture of our products to the extent that there may be only a limited number of suppliers offering “conflict free” minerals that can be used in our products. There can be no assurance that we will be able to obtain such minerals in sufficient quantities or at competitive prices. We may also encounter customers who require that all of the components of our products be certified as conflict free. If we are not able to meet customer requirements, such customers may choose to not purchase our products, which could impact our sales.

Our third-party manufacturers typically fulfill our supply requirements on the basis of individual orders. We are subject to a risk of supply shortages and changes in pricing terms because we do not have long-term contracts with our third-party manufacturers that guarantee capacity, the continuation of particular pricing terms or the extension of credit limits. Our contract with our primary manufacturer permits it to terminate such contract at its convenience, subject to prior notice requirements. Any production interruptions for any reason, such as a natural disaster, epidemic, capacity shortages, or quality problems at one of our manufacturing partners would negatively affect sales of our products and adversely impact our business and results of operations.

~~We may be unable to protect our intellectual property adequately, which could harm our business, financial condition and results of operations.~~

We believe that our intellectual property is an essential asset of our business. We rely on a combination of patent, copyright, trademark and trade secret laws, as well as confidentiality procedures and contractual provisions, to establish and protect our intellectual property rights in the United States and abroad. The efforts we have taken to protect our intellectual property may not be sufficient or effective, and our trademarks, copyrights and patents may be held invalid or unenforceable. Any U.S. or other patents issued to us may not be sufficiently broad to protect our proprietary technologies, and given the costs of obtaining patent protection, we may choose not to seek patent protection for certain of our proprietary technologies. We may not be effective in policing unauthorized use of our intellectual property, and even if we do detect violations, litigation may be necessary to enforce our intellectual property rights. Any enforcement efforts we undertake, including litigation, could be time-consuming and expensive, could divert management’s attention and may result in a court determining that our intellectual property rights are unenforceable. If we are not successful in cost-effectively protecting our intellectual property rights, our business, financial condition and results of operations could be harmed.

~~We incorporate technology from third parties into our products, and our inability to obtain or maintain rights to the technology could harm our business.~~

We incorporate technology from third parties into our products. We cannot be certain that our suppliers and licensors are not infringing the intellectual property rights of third parties or that the suppliers and licensors have sufficient rights to the technology in all jurisdictions in which we may sell our products. Some of our agreements with our suppliers and licensors may be terminated for convenience by them. If we are unable to obtain or maintain rights to any of this technology because of intellectual property infringement claims brought by third parties against our suppliers and licensors or against us, or if we are unable to continue to obtain such technology

or enter into new agreements on commercially reasonable terms, our ability to develop and sell products, subscriptions and services containing such technology could be severely limited, and our business could be harmed. Additionally, if we are unable to obtain necessary technology from third parties, including certain sole suppliers, we may be forced to acquire or develop alternative technology, which may require significant time, cost and effort and may be of lower quality or performance standards. This would limit and delay our ability to offer new or competitive products and increase our costs of production. If alternative technology cannot be obtained or developed, we may not be able to offer certain functionality as part of our products, subscriptions and services. As a result, our margins, market share and results of operations could be significantly harmed.

Our products and subscriptions contain third-party open source software components, and failure to comply with the terms of the underlying open source software licenses could restrict our ability to sell our products and subscriptions.

Our products and subscriptions contain software modules licensed to us by third-party authors under “open source” licenses. The use and distribution of open source software may entail greater risks than the use of third-party commercial software, as open source licensors generally do not provide warranties or other contractual protections regarding infringement claims or the quality of the code. Some open source licenses contain requirements that we make available source code for modifications or derivative works we create based upon the type of open source software we use. If we combine our proprietary software with open source software in a certain manner, we could, under certain open source licenses, be required to release the source code of our proprietary software to the public. This would allow our competitors to create similar products with lower development effort and time and ultimately could result in a loss of sales for us.

Although we monitor our use of open source software to avoid subjecting our products and subscriptions to conditions, the terms of many open source licenses have not been interpreted by U.S. courts, and there is a risk that these licenses could be construed in ways that could impose unanticipated conditions or restrictions on our ability to commercialize products and subscriptions incorporating such software. Moreover, we cannot assure you that our processes for controlling our use of open source software in our products and subscriptions will be effective. From time to time, we may face claims from third parties asserting ownership of, or demanding release of, the open source software or derivative works that we developed using such software (which could include our proprietary source code), or otherwise seeking to enforce the terms of the applicable open source license. These claims could result in litigation. If we are held to have breached the terms of an open source software license, we could be required to seek licenses from third parties to continue offering our products on terms that are not economically feasible, to re-engineer our products, to discontinue the sale of our products if re-engineering could not be accomplished on a timely or cost-effective basis, or to make generally available, in source code form, our proprietary code, any of which could adversely affect our business, results of operations and financial condition.

U.S. federal, state and local government sales are subject to a number of challenges and risks that may adversely impact our business.

Sales to U.S. federal, state, and local governmental agencies have accounted for, and may in the future account for, a significant portion of our revenue. Sales to such government entities are subject to the following risks:

•selling to governmental agencies can be highly competitive, expensive and time consuming, often requiring significant upfront time and expense without any assurance that such efforts will generate a sale;

•government certification requirements applicable to our ~~products~~solutions may change and, in doing so, restrict our ability to sell into the U.S. federal government sector until we have attained the revised certification;

•government demand and payment for our ~~products~~solutions and services may be impacted by government shutdowns, public sector budgetary cycles, contracting requirements and funding authorizations, with funding reductions or delays adversely affecting public sector demand for our ~~products~~solutions and services;

•we sell our ~~platform~~solutions to governmental agencies through our indirect channel partners, and these agencies may have statutory, contractual or other legal rights to terminate contracts with our distributors and resellers for convenience or due to a default, and any such termination may adversely impact our future results of operations; and

•governments routinely investigate and audit government contractors’ administrative processes, and any unfavorable audit could result in the government refusing to continue buying our platform, which would adversely impact our revenue and results of operations, or institute fines or civil or criminal liability if the audit were to uncover improper or illegal ~~activities; and~~

governments may require certain products purchased by it to be manufactured in the United States and other relatively high-cost manufacturing locations, and we may not manufacture all products in locations that meet these requirements, affecting our ability to sell these products to governmental agencies.

activities.

Our ability to maintain customer satisfaction depends in part on the quality of our professional service organization and technical and other support services, including the quality of the support provided on our behalf by certain channel partners. Failure to maintain high-quality customer support could have a material adverse effect on our business, financial condition and results of operations.

Once our platform is deployed within our customers’ networks, our customers depend on our technical and other support services, as well as the support of our channel partners, to resolve any issues relating to the implementation and maintenance of our platform. If we or our channel partners do not effectively assist our customers in deploying our platform, succeed in helping our customers quickly resolve post-deployment issues, or provide effective ongoing support, our ability to sell additional ~~products,~~solutions, subscriptions or services as part of our platform to existing customers would be adversely affected and our reputation with potential customers could be damaged. Many larger organizations have more complex networks and require higher levels of support than smaller customers. If we fail to meet the requirements of our larger customers, it may be more difficult to execute on our strategy of upselling and cross selling with these customers. Additionally, if our channel partners do not effectively provide support to the satisfaction of our customers, we may be required to provide this level of support to those customers, which would require us to hire additional personnel and to invest in additional resources. It can take significant time and resources to recruit, hire, and train qualified technical support employees. We may not be able to hire such resources fast enough to keep up with demand. To the extent that we or our channel partners are unsuccessful in hiring, training, and retaining adequate support resources, our ability and the ability of our channel partners to provide adequate and timely support to our customers will be negatively impacted, and our customers’ satisfaction with our platform will be adversely affected. Additionally, to the extent that we need to rely on our sales engineers to provide post-sales support, our sales productivity will be negatively impacted, which would harm our results of operations.

~~Our limited operating history makes it difficult~~We may not have visibility into particular transactions affecting our financial position and results of operations.

We may, from time to ~~evaluate~~time, change our ~~current business~~pricing models.For example, we may offer some of our solutions and ~~prospects and may increase~~services on a consumption-based pricing model. In such event, we will generally recognize revenue on consumption. Because our customers will have flexibility in the ~~risk that~~timing of their consumption, we will not have the visibility into the timing of revenue recognition that would be ~~successful.~~

~~We were founded in 2004,~~the case under a subscription-based pricing model. There is a risk that customers will consume our solutions and services more slowly than we expect, and our ~~first commercially successful product was shipped in 2008. Since then, we have continued to expand~~actual results may differ from our platform, both organically and through acquisitions, including through the addition of Mandiant Corporation’s endpoint threat detection, response and remediation products; advanced threat intelligence capabilities; and incident response and security consulting services. The majority of our revenue growth began in 2010. Our limited operating history makes it difficult to evaluate our current business and prospects and plan for and model our future growth. We have encountered and will continue to encounter risks and uncertainties frequently encountered by rapidly growing companies in developing markets.

forecasts. If our ~~assumptions regarding these risks and uncertainties are incorrect or change in response to changes in the IT security market, our~~quarterly results of operations fall below the expectations of investors and ~~financial results could differ materially from~~securities analysts who follow our ~~plans and forecasts. Although we have experienced rapid growth in~~stock, the ~~past, there is no assurance that such growth will continue. Any success we may experience in the future will depend in large part on our ability to, among other things:~~

~~maintain and expand our customer base and the ways in which customers use our products and services;~~

~~expand revenue from existing customers through increased or broader use of our products and services within their organizations;~~

~~convince customers to allocate a fixed portion of their annual IT budgets to our products and services;~~

~~improve the performance and capabilities of our platform through research and development;~~

~~effectively expand our business domestically and internationally, which will require that we fill key management positions, particularly internationally; and~~

~~successfully compete with other companies that currently provide, or may in the future provide, solutions like ours that protect against next-generation advanced cyber attacks.~~

~~If we are unable to achieve our key objectives, including the objectives listed above, our business and results of operations will be adversely affected and the fair market value~~price of our common stock could ~~decline.~~decline substantially, and we could face costly lawsuits, including securities class actions.

~~Managing the supply of our products~~Risks Related to Intellectual Property and Technology Licensing

Claims by others that we infringe their ~~components is complex. Insufficient supply and inventory may result in lost sales opportunities~~proprietary technology or ~~delayed revenue, while excess inventory may~~other rights could harm our ~~gross margins.~~business.

~~Our third-party manufacturers procure components and build our products~~Technology companies frequently enter into litigation based on ~~our forecasts,~~allegations of patent infringement or other violations of intellectual property rights. In addition, patent holding companies seek to monetize patents they have purchased or otherwise obtained. As we face increasing competition and ~~we generally do not hold inventory for a prolonged period~~gain an increasingly higher profile, the possibility of time. These forecasts are based on estimates of future demand for our products, which are in turn based on historical trends and analyses from our sales and marketing organizations, adjusted for overall market conditions. In order to reduce manufacturing lead times and plan for adequate component supply, fromintellectual property rights claims against us grows. From time to time, third parties have asserted, and we ~~may issue forecasts~~expect that third parties will continue to assert, claims of infringement of intellectual property rights against us. For example, on December 29, 2017, we executed Confidential Patent License Agreements with Finjan Holdings, Inc. (“Finjan”), whereby we resolved all pending litigation matters. Under the terms of the settlement agreement, we paid Finjan a one-time net cash settlement amount of $12.5 million in December 2017, in exchange for ~~components~~the resolution and ~~products that are non-cancelable~~settlement of all claims between Mandiant and ~~non-returnable.~~

~~Our inventory management systems~~Finjan and ~~related supply chain visibility tools may be inadequate~~for cross-licenses between the companies of certain issued patents and patent applications. Other security companies have paid amounts to ~~enable us~~the same plaintiff to make accurate forecasts and effectively manage the supply of our products and product components. Supply management remains an area of increasing focus as we balance the need to maintain supply levels that are sufficient to ensure competitive lead times against the risk of obsolescence

because of rapidly changing technology and customer requirements. If we ultimately determine that we have excess supply, we may have to reduce our prices and write-down inventory, which in turn could result in lower gross margins. Alternatively, insufficient supply levels may lead to shortages that result in delayed revenue or loss of sales opportunities altogether as potential customers turn to competitors’ products that may be readily available. Additionally, any increases in the time required to manufacture or ship our products could result in supply shortfalls. If we are unable to effectively manage our supply and inventory, our results of operations could be adversely affected.

~~Because~~license some of the ~~key components~~patents asserted against us. Third parties may in ~~our products come from limited sources of supply, we are susceptible to supply shortages or supply changes, which could disrupt or delay our scheduled product deliveries to~~the future also assert claims against our customers or channel partners, whom our standard license and other agreements obligate us to indemnify against claims that our solutions infringe the intellectual property rights of third parties. Many of our competitors and others may ~~result~~now and in the ~~loss~~future have significantly larger and more mature patent portfolios than we have. In addition, future litigation may involve patent holding companies or other patent owners who have no relevant product offerings or revenue and against whom our own patents may therefore provide little or no deterrence or protection. Any claim of ~~sales~~intellectual property infringement by a third party, even a claim without merit, could cause us to incur substantial costs defending against such

claim, could distract our management from our business and ~~customers.~~

~~Our platform relies on key components, including~~could require us to cease use of such intellectual property. Furthermore, because of the substantial amount of discovery required in connection with intellectual property litigation, there is a ~~motherboard and chassis, which our third-party manufacturers purchase on our behalf from a sole source provider. The manufacturing operations of~~risk that some of our ~~component suppliers are geographically concentrated in Asia, which makes our supply chain vulnerable~~confidential information could be compromised by the discovery process.

Although third parties may offer a license to regional disruptions. A localized health risk affecting employees at these facilities, such as the spread of a pandemic influenza, could impair the total volume of components that we are able to obtain, which could result in substantial harm to our results of operations. Similarly, a fire, flood, earthquake, tsunamitheir technology or other ~~disaster, condition or event such as political instability, terrorist act, civil unrest or a power outage that adversely affects~~intellectual property, the terms of any ~~of these component suppliers’ facilities could significantly affect our ability to obtain~~offered license may not be acceptable, and the ~~components needed for our products, which could result in a substantial loss of sales and revenue and a substantial harm to our results of operations.~~

We do not have volume purchase contracts with any of our component suppliers, and they could cease selling to us at any time. In addition, our component suppliers change their selling prices frequently in response to market trends, including industry-wide increases in demand, and because we do not have contracts with these suppliers, we are susceptible to price fluctuations related to raw materials and components. If we are unable to pass component price increases along to our customers or maintain stable pricing, our gross margins and results of operations could be negatively impacted. If we are unablefailure to obtain a ~~sufficient quantity of these components in a timely manner for~~license or the costs associated with any ~~reason, sales of our products~~license could be delayed or halted or we could be forced to expedite shipment of such components or our products at dramatically increased costs, which would negatively impact our revenue and gross margins. Additionally, poor quality in any of the sole-sourced components in our products could result in lost sales or lost sales opportunities. If the quality of the components does not meet our or our customers’ requirements, if we are unable to obtain components from our existing suppliers on commercially reasonable terms, or if any of our sole source providers cease to remain in business or continue to manufacture such components, we could be forced to redesign our products and qualify new components from alternate suppliers. The resulting stoppage or delay in selling our products and the expense of redesigning our products could result in lost sales opportunities and damage to customer relationships, which would adversely affect our business and results of operations.

~~If we fail to adequately protect personal information,~~cause our business, financial condition and ~~operating~~ results of operations to be materially and adversely affected. We may also be subject to additional fees or be required to obtain new licenses if any of our licensors allege that we have not properly paid for such licenses or that we have improperly used the technologies under such licenses. In addition, some licenses may be non-exclusive, and therefore our competitors may have access to the same technology licensed to us. If a third party does not offer us a license to its technology or other intellectual property on reasonable terms, or at all, we could be ~~adversely affected.~~

~~A wide variety~~enjoined from continued use of ~~provincial, state, national,~~such intellectual property. As a result, we may be required to develop alternative, non-infringing technology, which could require significant time (during which we could be unable to continue to offer our affected solutions, subscriptions or services), effort, and international laws and regulations apply to the collection, use, retention, protection, disclosure, transfer and other processing of personal data. These data protection and privacy-related laws and regulations are evolvingexpense and may ~~result in ever-increasing regulatory and public scrutiny and escalating levels~~ultimately not be successful. Furthermore, a successful claimant could secure a judgment or we may agree to a settlement that prevents us from distributing certain solutions, providing certain subscriptions or performing certain services or that requires us to pay substantial damages, royalties or other fees. Any of enforcement and sanctions. For example, the European Union General Data Protection Regulation, which becomes fully effective on May 25, 2018, imposes more stringent data protection requirements, and provides for greater penalties for noncompliance of up to the greater of €20 million or four percent of worldwide annual revenues. Our failure to adequately comply with applicable laws and regulations, or to protect such data,these events could result in enforcement action against us, including fines, imprisonment of company officials and public censure, claims for damages by customers and other affected individuals, damage to our reputation and loss of goodwill (both in relation to existing customers and prospective customers), any of which could have a material adverse effect on our operations, financial performance and business. Evolving and changing definitions of personal data and personal information within the European Union, the United States, and elsewhere, especially relating to classification of IP addresses, machine identification, location data and other information, may limit or inhibit our ability to operate or expandharm our business, ~~including limiting technology alliance partners that may involve the sharing~~financial condition and results of data. Even the perception of privacy concerns, whether or not valid, may harm our reputation, inhibit adoption of our products by current and future customers, or adversely impact our ability to attract and retain workforce talent.operations.

Our technology alliance partnerships expose us to a range of business risks and uncertainties that could have a material adverse impact on our business and financial results.

We have entered, and intend to continue to enter, into technology alliance partnerships with third parties to support our future growth plans. Such relationships include technology licensing, joint technology development and integration, research cooperation, co-marketing activities and sell-through arrangements. We face a number of risks relating to our technology alliance partnerships that could prevent us from realizing the desired benefits from such partnerships on a timely basis or at all, which, in turn, could have a negative impact on our business and financial results.

Technology alliance partnerships require significant coordination between the parties involved, particularly if a partner requires that we integrate its ~~products~~solutions with our ~~products.~~solutions. This could involve a significant commitment of time and resources by our technical staff and their counterparts within our technology alliance partner. The integration of ~~products~~solutions from different companies may be more difficult than we anticipate, and the risk of integration difficulties, incompatible ~~products~~solutions and undetected programming errors or defects may be higher than the risks normally associated with the introduction of new ~~products.~~solutions. It may also be more difficult to market and sell ~~products~~solutions developed through technology alliance partnerships than it would be to market and sell ~~products~~solutions that we develop on our own. Sales and marketing personnel may require special training, as the new ~~products~~solutions may be more complex than our other ~~products.~~solutions.

We invest significant time, money and resources to establish and maintain relationships with our technology alliance partners, but we have no assurance that any particular relationship will continue for any specific period of time. In addition, our technology alliance partners may currently or in the future have offerings that compete with our offerings in certain markets, which may make it difficult to establish long-term or effective relationships with them. Generally, our agreements with ~~these~~ technology alliance partners are terminable without cause with no or minimal notice or penalties. If we lose a significant technology alliance partner, we could lose the benefit of our investment of time, money and resources in the relationship. In addition, we could be required to incur significant expenses to develop a new strategic alliance or to determine and implement an alternative plan to pursue the opportunity that we targeted with the former partner.

If our estimates or judgments relating to our critical accounting policies are based on assumptions that change or prove to be incorrect, our results of operations could fall below our publicly announced guidance or the expectations of securities analysts and investors, resulting in a decline in our stock price.

The preparation of financial statements in conformity with GAAP requires management to make estimates and assumptions that affect the amounts reported in the consolidated financial statements and accompanying notes. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, as provided in the section entitled “Management’s Discussion and Analysis of Financial Condition and Results of Operations,” the results of which form the basis for making judgments about the carrying values of assets, liabilities, equity, revenue and expenses that are not readily apparent from other sources. Additionally, as we implement the new revenue standard, management will make judgments and assumptions based on its interpretation of the new standard, which may vary from company to company based on the unique facts and circumstances surrounding their business. It is possible that interpretation, industry practice, and guidance may continue to evolve during the early stages of adoption of the new standard. Our results of operations may be adversely affected if our assumptions change or if actual circumstances differ from those in our assumptions, which could cause our results of operations to fall below our publicly announced guidance or the expectations of securities analysts and investors, resulting in a decline in our stock price. Significant assumptions and estimates used in preparing our consolidated financial statements include those related to assets, liabilities, revenue, expenses and related disclosures.

~~We are exposed to the credit risk of some of our distributors, resellers and customers and to credit exposure in weakened markets, which could result in material losses.~~

Most of our sales are on an open credit basis. Although we have programs in place that are designed to monitor and mitigate these risks, we cannot assure you these programs will be effective in reducing our credit risks, especially as we expand our business internationally. If we are unable to protect our intellectual property adequately, ~~control these risks, our business, results of operations and financial condition could be harmed.~~

Our failure to raise additional capital or generate the significant capital necessary to expand our operations and invest in new products could reduce our ability to compete and could harm our business.

We intend to continue to make investments to support our business growth and may require additional funds to respond to business challenges, including the need to develop new products and enhancements to our platform, improve our operating infrastructure or acquire complementary businesses and technologies. Accordingly, we may need to engage in equity or debt financings to secure additional funds. If we raise additional equity financing, our stockholders may experience significant dilution of their ownership interests and the per share value of our common stock could decline. Furthermore, if we engage in additional debt financing, the holders of debt would have priority over the holders of common stock, and we may be required to accept terms that restrict our ability to incur additional indebtedness. We may also be required to take other actions that would otherwise be in the interests of the debt holders and force us to maintain specified liquidity or other ratios, any of which ~~could harm our business, results of operations, and financial condition. If we need additional capital and cannot raise it on acceptable terms, we may not be able to, among other things:~~

~~develop or enhance our products and subscriptions;~~

~~continue to expand our sales and marketing and research and development organizations;~~

~~acquire complementary technologies, products or businesses;~~

~~expand operations, in the United States or internationally;~~

~~hire, train and retain employees; or~~

~~respond to competitive pressures or unanticipated working capital requirements.~~

~~Our failure to do any of these things~~ could harm our business, financial condition and results of operations.

IfWe believe that our ~~products~~intellectual property is an essential asset of our business. We rely on a combination of patent, copyright, trademark, database rights, and trade secret laws, as well as confidentiality procedures and contractual provisions, to establish and protect our intellectual property rights in the United States and abroad. The efforts we have taken to protect our intellectual property may not be sufficient or effective, and our trademarks, copyrights and patents may be held invalid or unenforceable. Any U.S. or other patents issued to us may not be sufficiently broad to protect our proprietary technologies, and given the costs of obtaining patent protection, we may choose not to seek patent protection for certain of our proprietary technologies. We may not be effective in policing unauthorized use of our intellectual property, and even if we do ~~not effectively interoperate with~~detect violations, litigation may be necessary to enforce our ~~customers’ IT infrastructure, installations~~intellectual property rights. Any enforcement efforts we undertake, including litigation, could be ~~delayed~~time-consuming and expensive, could divert management’s attention and may result in a court determining that our intellectual property rights are unenforceable. If we are not successful in cost-effectively protecting our intellectual property rights, our business, financial condition and results of operations could be harmed.

We incorporate technology from third parties into our solutions, and our inability to obtain or ~~cancelled, which would~~maintain rights to the technology could harm our business.

~~Our products must effectively interoperate~~We incorporate technology from third parties into our solutions. We cannot be certain that our suppliers and licensors are not infringing the intellectual property rights of third parties or that the suppliers and licensors have sufficient rights to the technology in

all jurisdictions in which we may sell our solutions. Some of our agreements with our ~~customers’ existing~~suppliers and licensors may be terminated for convenience by them. If we are unable to obtain or ~~future IT infrastructure,~~maintain rights to any of this technology because of intellectual property infringement claims brought by third parties against our suppliers and licensors or against us, or if we are unable to continue to obtain such technology or enter into new agreements on commercially reasonable terms, our ability to develop and sell solutions, subscriptions and services containing such technology could be severely limited, and our business could be harmed. Additionally, if we are unable to obtain necessary technology from third parties, including certain sole suppliers, we may be forced to acquire or develop alternative technology, which ~~often has different specifications, utilizes multiple protocol standards, deploys products from multiple vendors,~~may require significant time, cost and ~~contains multiple generations~~effort and may be of ~~products that have been added over time.~~lower quality or performance standards. This would limit and delay our ability to offer new or competitive solutions and increase our costs of development. If alternative technology cannot be obtained or developed, we may not be able to offer certain functionality as part of our solutions, subscriptions and services. As a result, ~~when problems occur~~our margins, market share and results of operations could be significantly harmed.

Our solutions and subscriptions contain third-party open source software components, and failure to comply with the terms of the underlying open source software licenses could restrict our ability to sell our solutions and subscriptions.

Our solutions and subscriptions contain software modules licensed to us by third-party authors under “open source” licenses. The use and distribution of open source software may entail greater risks than the use of third-party commercial software, as open source licensors generally do not provide warranties or other contractual protections regarding infringement claims or the quality of the code. Some open source licenses contain requirements that we make available source code for modifications or derivative works we create based upon the type of open source software we use. If we combine our proprietary software with open source software in a ~~network, it~~certain manner, we could, under certain open source licenses, be required to release the source code of our proprietary software to the public. This would allow our competitors to create similar solutions with lower development effort and time and ultimately could result in a loss of sales for us.

Although we monitor our use of open source software to try to avoid subjecting our solutions and subscriptions to conditions, the terms of many open source licenses have not been interpreted by U.S. courts, and there is a risk that these licenses could be construed in ways that could impose unanticipated conditions or restrictions on our ability to commercialize solutions and subscriptions incorporating such software. Moreover, we cannot assure you that our processes for controlling our use of open source software in our solutions and subscriptions will be effective. From time to time, we may ~~be difficult~~face claims from third parties asserting ownership of, or demanding release of, the open source software or derivative works that we developed using such software (which could include our proprietary source code), or otherwise seeking to ~~identify~~enforce the ~~sources~~terms of ~~these problems.~~the applicable open source license. These claims could result in litigation. If we ~~find errors~~are held to have breached the terms of an open source software license, we could be required to seek licenses from third parties to continue offering our solutions on terms that are not economically feasible, to re-engineer our solutions, to discontinue the sale of our solutions if re-engineering could not be accomplished on a timely or cost-effective basis, or to make generally available, in ~~the existing software or defects in the hardware used in~~source code form, our customers’ infrastructure or problematic network configurations or settings, we may have to modify our software or hardware so that our products will interoperate with our customers’ infrastructure. In such cases, our products may be unable to provide significant performance improvements for applications deployed in our customers’ infrastructure. These issues could cause longer installation times for our products and could cause order cancellations, eitherproprietary code, any of which ~~would~~could adversely affect our business, results of operations and financial condition. ~~In addition, government and other customers may require our products~~

Risks Related to comply with certain security or other certifications and standards. If our products are late in achieving or fail to achieve compliance with these certifications and standards, or our competitors achieve compliance with these certifications and standards, we may be disqualified from selling our products to such customers, or may otherwise be at a competitive disadvantage, either of which would harm our business, results of operations, and financial condition.Operations Outside the United States

We generate a significant amount of revenue from sales tothrough resellers, distributors and end customers outside of the United States, and we are therefore subject to a number of risks associated with international sales and operations.

We have a limited history of marketing, selling, and supporting our platform internationally. As a result, we must hire and train experienced personnel to staff and manage our foreign operations. To the extent that we experience difficulties in recruiting, training, managing, and retaining international employees, particularly managers and other members of our international sales team, we may experience difficulties in sales productivity in, or market penetration of, foreign markets. We also enter into strategic distributor and reseller relationships with companies in certain international markets where we do not have a local presence. If we are not able to maintain successful strategic distributor relationships with our international channel partners or recruit additional channel partners, our future success in these international markets could be limited. Business practices in the international markets that we serve may differ from those in the United States and may require us to include non-standard terms in customer contracts, such as extended payment or warranty terms. To the extent that we enter into customer contracts in the future that include non-standard terms related to payment, warranties, or performance obligations, our results of operations may be adversely impacted.

Additionally, our international sales and operations are subject to a number of risks, including the following:

•greater difficulty in enforcing contracts and managing collections, as well as longer collection ~~periods;~~periods

•higher costs of doing business internationally, including incremental regulatory compliance costs, taxes and employee benefit costs, as well as costs incurred in establishing and maintaining office space and equipment for our international operations;

•fluctuations in exchange rates between the U.S. dollar and foreign currencies in markets where we do business, such as the British Pound Sterling, which experienced a sharp decline in value compared to the U.S. dollar and other currencies;

•management communication and integration problems resulting from cultural and geographic dispersion;

•risks associated with trade restrictions and foreign legal requirements, including any importation, certification, and localization of our platform that may be required in foreign countries and any changes in trade relations and ~~restrictions as a result of the 2016 U.S. presidential election;~~restrictions;

•greater risk of unexpected changes in foreign and domestic regulatory practices, tariffs and tax laws and treaties, including regulatory and trade policy ~~changes adopted by the new administration;~~changes;

•compliance with anti-bribery laws, including, without limitation, compliance with the U.S. Foreign Corrupt Practices Act of 1977, as amended, the U.S. Travel Act and the UKU.K. Bribery Act 2010, violations of which could lead to significant fines, penalties and collateral consequences for our Company;

•heightened risk of unfair or corrupt business practices in certain geographies and of improper or fraudulent sales arrangements that may impact financial results and result in restatements of, or irregularities in, financial statements;

•the uncertainty of protection for intellectual property rights in some countries;

•foreign exchange controls or tax regulations that might prevent us from repatriating cash earned outside the United States;

•general economic, political and ~~political~~social conditions in these foreign markets, including the perception of doing business with U.S. based companies and changes in regulatory requirements that impact our operating strategies, access to global markets or hiring;

•political and economic instability in some countries, such as those caused by the 2016 U.S. presidential election and the ~~referendum on June 23, 2016, in which voters in~~withdrawal of the ~~U.K. approved an exit~~United Kingdom from the ~~EU,~~European Union, commonly referred to as ~~"Brexit,"~~"Brexit";

•increased exposure to public health issues such as the current COVID-19 pandemic, and ~~in March 2017, began the process~~related industry and governmental actions to ~~leave the EU by April 2019;~~address these issues; and

•double taxation of our international earnings and potentially adverse tax consequences due to changes in the tax laws of the United States or the foreign jurisdictions in which we operate.

Further, the interpretation and application of ~~foreign~~international laws and regulations in many cases is uncertain, and our legal and regulatory obligations in foreign jurisdictions are subject to frequent and unexpected changes, including the potential for various regulatory or other governmental bodies to enact new or additional laws or regulations or to issue rulings that invalidate prior laws or regulations.

For example, ~~“Brexit,”~~Brexit could also lead to further legislative and regulatory changes. A Data Protection ~~Bill~~Act that substantially implements the GDPR has been ~~introduced~~implemented in the U.K., effective in May 2018 and subject to additional statutory amendments in 2019 to further align such Data Protection Act with the GDPR. It is unclear, however, how U.K. data protection laws or regulations will develop in the medium to longer term, and how data transfers to and from the U.K. will be regulated. In particular, the U.K.’s exit from the EU to effectuate Brexit could require us to make additional changes to the United Kingdom’s House of Lords that proposes to substantially implement the European Union’s General Data Protection Regulation. Nevertheless, the Data Protection Bill must complete the legislative process, so it remains unclear what modifications will be made to the final legislation.

~~Additionally, with regard to transfers of personal data from~~way we conduct our ~~European customers~~business and employees to the U.S., we historically relied on compliance with the EU-U.S. and Swiss-U.S. Safe Harbor Frameworks as agreed to by the U.S. Department of Commerce, and the EU and Switzerland, which established means for legitimizing the transfer of personal data by U.S. companies from the European Economic Area, or EEA, and Switzerland, to the U.S. In a 2015 ruling by the Court of Justice of the European Union in Case C-362/14 (~~Schrems v. Data Protection Commissioner~~), the EU-U.S. Safe Harbor Framework was deemed an invalid method of compliance with EU restrictions regarding the transfer of personal data outside of the EEA. EU and U.S. political authorities reached political agreement in February 2016 regarding the EU-U.S. Privacy Shield, which provided a new mechanism for companies to transfer EU personal data to the United States. Although the EU-U.S. Privacy Shield was granted an adequacy decision by the EU College of Commissioners on July 12, 2016, and became available to U.S. companies on August 1, 2016, with us subsequently having self-certified under the EU-U.S. Privacy Shield and a related program, the U.S.-Swiss Privacy Shield, the U.S.-EU Privacy Shield has been challenged and may be suspended or invalidated. It is uncertain that the U.S.-EU Privacy Shield will continue to remain intact and serve as an appropriate means for us to meet European requirements for personal data transfers from the EEA or Switzerland to the United States. Developments in the legal landscape affecting the transfer of personaltransmit data from the EEA may cause us to find it necessary or desirable to modify our data handling practices, and may serve as a basis for our personal data handling practices, or those of our customers and vendors, to be challenged and may otherwise adversely impact our business, financial condition and operating results.EU into the U.K.

These and other factors could harm our ability to generate future international revenue and, consequently, materially impact our business, results of operations and financial condition.

We are exposed to fluctuations in currency exchange rates, which could negatively affect our financial condition and results of operations.

Our sales contracts are denominated in U.S. dollars, and therefore our revenue is not subject to foreign currency risk. However, strengthening of the U.S. dollar increases the real cost of our ~~products,~~solutions, subscriptions and services to our customers outside of the United States, which could lead to delays in the purchase of our ~~products~~solutions and services and the lengthening of our sales cycle. In addition, we are incurring an increasing portion of our operating expenses outside the United States. These expenses are denominated in foreign currencies and are subject to fluctuations due to changes in foreign currency exchange rates.

Additionally, Brexit resulted in an adverse impact to currency exchange rates, notably the British Pound Sterling which experienced a sharp decline in value compared to the U.S. dollar and other currencies. ~~Continued volatility in currency exchange rates is expected in the near term as the U.K. negotiates its exit from the EU.~~ A significantly weaker British Pound Sterling compared to the U.S. dollar could have a significantly negative effect on our financial condition and results of operations.

We do not currently hedge against the risks associated with currency fluctuations but may do so in the future.

~~Failure to comply with governmental laws and regulations could harm our business.~~

Our business is subject to regulation by various U.S. federal, state, local and foreign governments. In certain jurisdictions, these regulatory requirements may be more stringent than those in the United States. Noncompliance with applicable regulations or requirements could subject us to investigations, sanctions, mandatory product recalls, enforcement actions, disgorgement of profits, fines, damages, civil and criminal penalties, injunctions or other collateral consequences. If any governmental sanctions are imposed, or if we do not prevail in any possible civil or criminal litigation, our business, results of operations, and financial condition could be materially adversely affected. In addition, responding to any action will likely result in a significant diversion of management’s attention and resources and an increase in professional fees. U.S. regulations surrounding our operating activities in foreign jurisdictions

are not always consistent with, and at times are in contravention to, the local regulations or laws in such jurisdictions. Enforcement actions and sanctions could harm our business, reputation, results of operations and financial condition.

We are subject to governmental export and import controls that could subject us to liability or impair our ability to compete in international markets.

Our ~~products~~solutions are subject to U.S. export controls and trade and economic sanctions, specifically the Commerce Department Export Administration Regulations ("EAR") and ~~economic sanctions~~regulations enforced by the Office of Foreign Assets Control. We incorporate standard

encryption algorithms into many of our ~~products,~~solutions, which, along with the underlying technology, may be exported outside of the U.S. only with the required export authorizations, including by license, license exception or other appropriate government authorizations, which may require the filing of a classification request and/or annual and semi-annual reporting. Additionally, our current or future solutions may be classified under the EAR or as defense articles subject to the United States International Traffic in Arms Regulations (“ITAR”).Most of our solutions have been classified under the EAR and are generally exportable without needing a specific license, under an EAR exception for encryption ~~registration~~software. If a solution, or component of a solution, is classified under the ITAR, or is ineligible for the EAR encryption exception, then those solutions could be exported outside the United States only if we obtain the applicable export license or qualify for a different license exception. In certain contexts, the services we provide might be classified as defense services subject to the ITAR separately from the solutions we provide. Compliance with the EAR, ITAR, and ~~classification request. Furthermore,~~other applicable regulatory requirements regarding the export of our solutions, including new releases of our solutions and/or the performance of services, may create delays in the introduction of our solutions in non-U.S. markets, prevent our customers with non-U.S. operations from deploying our solutions throughout their global systems or, in some cases, prevent the export of our solutions to some countries altogether. Violations of U.S. sanctions or export control ~~laws~~regulations can result in significant fines or penalties and ~~economic sanctions prohibit~~possible incarceration for responsible employees and managers. If our channel partners fail to obtain appropriate import, export, or re-export licenses or permits, we may also be adversely affected through reputational harm, as well as other negative consequences, including government investigations and penalties.

In addition, proposed regulations have been released in the ~~shipment of certain products~~United States which may subject additional solutions, technology, and services to ~~countries, governments,~~control under the EAR. If those regulations go into effect as currently written, we may need to apply for and ~~persons targeted by U.S. sanctions. While we have taken precautions~~obtain licenses prior to ~~prevent our products~~exporting these items to certain destinations and end-users. This licensing requirement could increase the time between order and delivery for these items and also could result in us not being able to provide solutions and services ~~from being exported~~to particular customers if any license request is denied, which could adversely affect our business, financial condition and results of operations.

Also, various countries, in ~~violation of these laws, in certain instances in~~addition to the past we shipped our encryption products prior to obtaining the required export authorizations and/or submitting the required requests, including a classification request and request for an encryption registration number, resulting in an inadvertent violation of U.S. export control laws. As a result, in February 2013, we filed a Voluntary Self Disclosure with the U.S. Department of Commerce’s Bureau of Industry and Security, or BIS, concerning these potential violations. In June 2013, BIS notified us that it had completed its review of this matter and closed its review with the issuance of a warning letter. No monetary penalties were assessed. Even though we take precautions to ensure that our channel partners comply with all relevant regulations, any failure by our channel partners to comply with such regulations could have negative consequences, including reputational harm, government investigations and penalties.

~~In addition, various countries~~United States, regulate the import and export of certain cybersecurity, encryption and other solutions, technology and services, including through export and import permit and ~~license~~licensing requirements, and have enacted laws that could limit our ability to distribute our ~~products or~~solutions, could limit our customers’ ability to implement our ~~products~~solutions or could limit our ability to provide services to our customers in those countries. Changes in our ~~products~~solutions or changes in export and import regulations may create delays in the introduction of our ~~products~~solutions into international markets, prevent our customers with international operations from deploying our ~~products~~solutions globally or, in some cases, prevent the export or import of our ~~products~~solutions to certain countries, governments or persons altogether. Any change in export or import regulations, economic sanctions or related legislation, shift in the enforcement or scope of existing regulations, or change in the countries, governments, persons or technologies targeted by such regulations, could result in decreased use of our ~~products~~solutions by, or in our decreased ability to export or sell our ~~products~~solutions to, existing or potential customers with international operations. Any decreased use of our ~~products~~solutions or limitation on our ability to export to or sell our ~~products~~solutions in international markets would likely adversely affect our business, financial condition and results of operations.

~~Our business is subject to the risks of earthquakes, fire, power outages, floods and other catastrophic events, and to interruption by man-made problems such as terrorism or armed conflicts.~~

A significant natural disaster, such as an earthquake, a fire, a flood, or significant power outage could have a material adverse impact on our business, results of operations, and financial condition. Our corporate headquarters and servers hosting our cloud services are located in California, a region known for seismic activity. In addition, natural disasters could affect our supply chain, manufacturing vendors, or logistics providers’ ability to provide materials and perform services such as manufacturing products or assisting with shipments on a timely basis. In the event that our or our service providers’ information technology systems or manufacturing or logistics abilities are hindered by any of the events discussed above, shipments could be delayed, resulting in missed financial targets, such as revenue and shipment targets, for a particular quarter. In addition, acts of terrorism, armed conflicts and other geo-political unrest could cause disruptions in our business or the business of our supply chain, manufacturers, logistics providers, partners, or customers or the economy as a whole. Any disruption in the business of our supply chain, manufacturers, logistics providers, partners or end-customers that impacts sales at the end of a fiscal quarter could have a significant adverse impact on our financial results. All of the aforementioned risks may be further increased if the disaster recovery plans for us and our suppliers prove to be inadequate. To the extent that any of the above should result in delays or cancellations of customer orders, the loss of customers, or the delay in the manufacture, deployment or shipment of our products, our business, financial condition and results of operations would be adversely affected.

~~If we fail to comply with environmental requirements, our business, financial condition, results of operations and reputation could be adversely affected.~~

We are subject to various environmental laws and regulations including laws governing the hazardous material content of our products and laws relating to the collection and recycling of electrical and electronic equipment. Examples of these laws and regulations include the EU Restrictions on the Use of certain Hazardous Substances in Electronic Equipment Directive and the EU Waste Electrical and Electronic Equipment Directive as well as the implementing legislation of the EU member states. Similar laws and regulations have been passed or are pending in China, South Korea and Japan and may be enacted in other regions, including in the United States, and we are, or may in the future be, subject to these laws and regulations.

Our failure to comply with past, present, and future laws could result in reduced sales of our products, substantial product inventory write-offs, reputational damage, penalties, and other sanctions, any of which could harm our business and financial condition. We also expect that our products will be affected by new environmental laws and regulations on an ongoing basis. To date, our expenditures

for environmental compliance have not had a material impact on our results of operations or cash flows, and although we cannot predict the future impact of such laws or regulations, they will likely result in additional costs and may increase penalties associated with violations or require us to change the content of our products or how they are manufactured, which could have a material adverse effect on our business, results of operations and financial condition.

~~The United States recently passed a comprehensive tax reform bill that could adversely affect our financial performance.~~

On December 22, 2017, the U.S. government enacted comprehensive tax legislation commonly referred to as the Tax Cuts and Jobs Act of 2017, or the Tax Act. The Tax Act makes broad and complex changes to the U.S. tax code. The changes include, but are not limited to, reducing the U.S. federal corporate tax rate from 35% to 21%, imposing a mandatory one-time transition tax on certain unrepatriated earnings of foreign subsidiaries, introducing bonus depreciation that will allow for full expensing of qualified property, eliminating the corporate alternative minimum tax, or AMT, and changing how existing AMT credits can be realized. Notwithstanding the reduction in the corporate income tax rate, the overall impact of the new federal tax law is uncertain, and our financial performance could be adversely affected. In addition, it is uncertain if, and to what extent, various states will conform to the new tax law and foreign countries will react by adopting tax legislation or taking other actions that could adversely affect our business.

~~Uncertainties in the interpretation and application of the 2017 Tax Cuts and Jobs Act could materially affect our tax obligations, effective tax rate and operating results.~~

The Tax Act was enacted on December 22, 2017, and significantly affected U.S. tax law by changing how the U.S. imposes income tax on multinational corporations. The U.S. Department of Treasury has broad authority to issue regulations and interpretative guidance that may significantly impact our tax obligations, effective tax rate and our results of operations. The Tax Act will likely be subject to ongoing technical guidance and accounting interpretation, which we will continue to monitor and assess. At this time, it is not possible to measure the potential impact on our business, prospects or results of operations.

~~If we do not achieve increased tax benefits as a result of our corporate structure, our operating results and financial condition may be negatively impacted.~~

We generally conduct our international operations through wholly-owned subsidiaries and report our taxable income in various jurisdictions worldwide based upon our business operations in those jurisdictions. In 2013, we completed the reorganization of our corporate structure and intercompany relationships to more closely align our corporate organization with the expansion of our international business activities. Although we anticipate achieving a reduction in our overall effective tax rate in the future as a result of this reorganized corporate structure, we may not realize any benefits. Our intercompany relationships are subject to complex transfer pricing regulations administered by taxing authorities in various jurisdictions. The relevant taxing authorities may disagree with our determinations as to the income and expenses attributable to specific jurisdictions. If such a disagreement were to occur, and our position were not sustained, we could be required to pay additional taxes, interest and penalties, which could result in one-time tax charges, higher effective tax rates, reduced cash flows and lower overall profitability of our operations. In addition, if the intended tax treatment of our reorganized corporate structure is not accepted by the applicable taxing authorities, changes in tax law negatively impact the structure or we do not operate our business consistent with the structure and applicable tax laws and regulations, we may fail to achieve any tax advantages as a result of the reorganized corporate structure, and our future operating results and financial condition may be negatively impacted.

~~We could be subject to additional tax liabilities.~~

We are subject to U.S. federal, state, local and sales taxes in the United States and foreign income taxes, withholding taxes and transaction taxes in numerous foreign jurisdictions. Significant judgment is required in evaluating our tax positions and our worldwide provision for taxes. During the ordinary course of business, there are many activities and transactions for which the ultimate tax determination is uncertain. In addition, our tax obligations and effective tax rates could be adversely affected by changes in the relevant tax, accounting and other laws, regulations, principles and interpretations, including those relating to income tax nexus, by recognizing tax losses or lower than anticipated earnings in jurisdictions where we have lower statutory rates and higher than anticipated earnings in jurisdictions where we have higher statutory rates, by changes in foreign currency exchange rates, or by changes in the valuation of our deferred tax assets and liabilities. We may be audited in various jurisdictions, and such jurisdictions may assess additional taxes, sales taxes and value-added taxes against us. Although we believe our tax estimates are reasonable, the final determination of any tax audits or litigation could be materially different from our historical tax provisions and accruals, which could have a material adverse effect on our operating results or cash flows in the period for which a determination is made.

~~Our ability to use our net operating losses to offset future taxable income may be subject to certain limitations.~~

In general, under Section 382 of the Internal Revenue Code of 1986, as amended, or the Code, a corporation that undergoes an “ownership change” is subject to limitations on its ability to utilize its pre-change net operating losses, or NOLs, to offset future taxable income. Our existing NOLs may be subject to limitations arising from previous ownership changes. Future changes in our stock ownership, some of which are outside of our control, could result in an ownership change under Section 382 of the Code and adversely affect our ability to utilize our NOLs in the future. Furthermore, our ability to utilize NOLs of companies that we may

acquire in the future may be subject to limitations. There is also a risk that due to regulatory changes, such as suspensions on the use of NOLs, or other unforeseen reasons, our existing NOLs could expire or otherwise be unavailable to offset future income tax liabilities. For these reasons, we may not be able to utilize a material portion of the NOLs reflected on our balance sheet, even if we attain profitability.

Risks Related to Our Convertible Senior Notes

We are leveraged financially, which could adversely affect our ability to adjust our business to respond to competitive pressures and to obtain sufficient funds to satisfy our future growth, business needs and development plans.

We have substantial existing indebtedness. In June 2015, we issued ~~$920.0~~$460.0 million principal amount of 1.000% Convertible Senior Notes due 2035 (the "Series A Notes") and $460.0 million principal amount of 1.625% Convertible Senior Notes due 2035 (the "Series B Notes" and, together with the Series A Notes, the "2035 Notes"). During the three months ended June 30, 2018, we issued $600.0 million aggregate principal amount of 0.875% Convertible Senior Notes due 2024 (the "2024 Notes" and, together with the 2035 Notes, the "convertible notes") and repurchased approximately $340.2 million aggregate principal amount of the Series A Notes. During the three months ended June 30, 2020, we repurchased approximately $96.4 million aggregate principal amount of the Series A Notes. As a result, as of December 31, 2021, we had approximately $1.1 billion aggregate principal amount of convertible ~~senior~~ notes ~~(the “convertible notes”).~~outstanding.

The degree to which we are leveraged could have negative consequences, including, but not limited to, the following:

•we may be more vulnerable to economic downturns, less able to withstand competitive pressures and less flexible in responding to changing business and economic conditions;

•our ability to obtain additional financing in the future for working capital, capital expenditures, acquisitions, general corporate or other purposes may be limited;

•a substantial portion of our cash flows from operations in the future may be required for the payment of the principal amount of our existing indebtedness when it becomes due; and

•we may elect to make cash payments upon any conversion of the convertible notes, which would reduce our cash on hand.

Our ability to meet our payment obligations under our convertible notes depends on our ability to generate significant cash flow in the future. This, to some extent, is subject to general economic, financial, competitive, legislative and regulatory factors as well as other factors that are beyond our control. There can be no assurance that our business will generate cash flow from operations, or that additional capital will be available to us, in an amount sufficient to enable us to meet our debt payment obligations and to fund other liquidity needs. If we are unable to generate sufficient cash flow to service our debt obligations, we may need to refinance or restructure our debt, sell assets, reduce or delay capital investments, or seek to raise additional capital. If we were unable to implement one or more of these alternatives, we may be unable to meet our debt payment obligations, which could have a material adverse effect on our business, results of operations, or financial condition.

If holders of the 2035 Notes require us to repurchase their notes on any repurchase date, our financial condition and operating results could be adversely affected.

Holders of the Series A Notes have the right to require us to repurchase their notes on each of June 1, 2025 and June 1, 2030, and holders of the Series B Notes will have the right to require us to repurchase their notes on each of June 1, 2022, June 1, 2025 and June 1, 2030 at a repurchase price equal to 100% of the principal amount of the notes of the relevant series to be repurchased, plus accrued and unpaid interest, if any, to, but excluding, the relevant repurchase date pursuant to the applicable indenture governing such series of notes. If holders require us to repurchase their notes of an applicable series on an applicable repurchase date, our financial condition and operating results could be adversely affected.

The conditional conversion feature of ~~the~~each series of convertible notes, if triggered, may adversely affect our financial condition and operating results.

In the event the conditional conversion feature of ~~the~~a series of convertible notes is triggered, holders of such series of convertible notes will be entitled to convert their convertible notes at any time during specified periods at their option. If one or more holders of such convertible notes elect to convert their convertible notes, unless we elect to satisfy our conversion obligation by delivering solely shares of our common stock (other than paying cash in lieu of delivering any fractional share), we would be required to settle a portion or all of our conversion obligation through the payment of cash, which could adversely affect our liquidity. In addition, even if holders of such series of convertible notes do not elect to convert their convertible notes, we could be required under applicable accounting rules to reclassify all or a portion of the outstanding principal of ~~the~~such series of convertible notes as a current rather than long-term liability, which would result in a material reduction of our net working capital.

The accounting method for convertible debt securities that may be settled in cash, such as the convertible notes, is subject to changes that could have a material effect on our reported financial results.

~~In May 2008,~~The current accounting method for reflecting the ~~Financial Accounting Standards Board, which we refer to as~~convertible notes on our balance sheet, accruing interest expense for the convertible notes and reflecting the shares of our common stock underlying the convertible notes in our reported diluted earnings per share may adversely affect our reported earnings and financial condition. Under current accounting principles, the initial liability carrying amount of the convertible notes is the fair value of a similar debt instrument that does not have a conversion feature, valued using our cost of capital for straight, unconvertible debt.

However, in August 2020, FASB issued ~~FASB Staff Position~~ASU No. ~~APB 14-1,~~2020-06, Accounting for Convertible ~~Debt~~ Instruments ~~That May Be Settled~~and Contracts in ~~Cash Upon Conversion (Including Partial Cash Settlement)~~an Entity’s Own Equity (ASU 2020-06), which has subsequently been codified as Accounting Standards Codification 470-20, Debt with Conversion and Other Options, which we refer to as ASC 470-20. Under ASC 470-20, an entity must separately accounteliminating the separate accounting for the ~~liability~~debt and equity components as described above. ASU 2020-06 is effective for fiscal years beginning after December 15, 2021, with early adoption permitted for fiscal years beginning after December 15, 2020, and can be adopted on either a fully retrospective or modified retrospective basis. We are currently evaluating the timing, method of adoption and overall impact of this standard on our consolidated financial statements.

When we adopt ASU 2020-06, we expect the elimination of the separate accounting for the debt and equity components of our convertible notes described above to reduce the ~~convertible debt instruments (such as the convertible notes)~~interest expense that ~~may be settled entirely or partially in cash upon conversion in a manner that reflects the issuer’s economic interest cost. The effect of ASC 470-20 on the accounting~~we expect to recognize for the ~~convertible~~ notes is that the equity component is required to be included in the additional paid-in capital section of stockholders’ equity on our consolidated balance sheet and the value of the equity component would be treated as original issue discount for ~~purposes of~~ accounting for the debt component of the convertible notes. As a result, we will be required to record a greater amount of non-cash interest expense in current periods presented as a result of the amortization of the discounted carrying value of the convertible notes to their face amount over the term of the convertible notes. We will report lower net income in our financial results because ASC 470-20 will require interest to include both the current period’s amortization of the debt discount and the instrument’s non-convertible coupon interest for the convertible notes, which could adversely affect our reported or future financial results and the trading price of our common stock.

~~In August 2016, the FASB issued ASU 2016-15, Statement of Cash Flows (Topic 230): Classification of Certain Cash Receipts~~

and Cash Payments (a consensus of the Emerging Issues Task Force). This standard clarifies how certain cash receipts and payments should be classified in the statement of cash flows, including the cash settlement of our Convertible Senior Notes. Upon cash settlement, repayment of the principal amount will be bifurcated between cash outflows for operating activities for the portion related to accreted interest attributable to debt discounts arising from the difference between the coupon interest rate and the effective interest rate, and financing activities for the remainder. This will require us to classify the $233.9 million of accreted interest as cash used in operating activities in our consolidated financial statements upon cash settlement, which could adversely affect our future financial results.

purposes. In addition, under certain circumstances, convertible debt instruments (such as the convertible notes) that may be settled entirely or partly in cash are currently accounted for utilizing the treasury stock method, the effect of which is that any shares issuable upon conversion of the convertible notes are not included in the calculation of diluted earnings per share except to the extent that the conversion value of the convertible notes exceeds their principal amount. Under the treasury stock method, for diluted earnings per share purposes, the transaction is accounted for as if the number of shares of common stock that would be necessary to settle such excess, if we elected to settle such excess in shares, are issued. We cannot be sure that the accounting standards in the future will continue to permitASU 2020-06 eliminates the use of the treasury stock ~~method. If we are unable to use the treasury stock~~ method for convertible instruments that can be settled in ~~accounting for the shares issuable upon conversion~~whole or in part with equity, and instead requires application of the “if-converted” method. Among other potential impacts, our adoption of ASU 2020-06 is expected to reduce reported interest expense, increase reported net income, and result in a reclassification of certain conversion feature balance sheet amounts from stockholders’ equity to liabilities as it relates to the convertible notes. Furthermore, if any of the conditions to the convertibility for a series of convertible notes is satisfied, then we may be required under applicable accounting standards to reclassify the liability carrying value of such series of convertible notes as a current, rather than a long-term, liability. This reclassification could be required even if no holders of the applicable series of convertible notes convert their notes and could materially reduce our ~~diluted earnings per share would be adversely affected.~~reported working capital and have a material effect on our reported financial results.

~~Conversion of~~Transactions related to our convertible notes ~~will dilute~~may affect the ~~ownership interest of existing stockholders and may depress the~~market price of our common stock.

The conversion of ~~some or all~~any of our series of convertible notes, if such conversion occurs, will dilute the ownership interests of then-existing stockholders to the extent we deliver shares upon conversion of any of the convertible notes. Any sales in the public market of the common stock issuable upon such conversion could adversely affect prevailing market prices of our common stock. In addition, the existence of the convertible notes may encourage short selling by market participants because ~~the~~any conversion of the convertible notes could be used to satisfy short positions, or anticipated conversion of the convertible notes into shares of our common stock could depress the price of our common stock.

In addition, in connection with our issuance of the 2024 Notes, we entered into capped call transactions (the “capped call transactions”) with certain financial institutions (the “option counterparties”). The capped call transactions are expected generally to reduce the potential dilution to our common stock upon any conversion of the 2024 Notes and/or offset any cash payments we are required to make in excess of the principal amount of such 2024 Notes converted, as the case may be, with such reduction and/or offset subject to a cap. From time to time, the option counterparties or their respective affiliates may modify their hedge positions by entering into or unwinding various derivative transactions with respect to our common stock and/or purchasing or selling our common stock or other securities of ours in secondary market transactions prior to the maturity of the 2024 Notes. This activity could cause a decrease in the market price of our common stock.

We are subject to counterparty risk with respect to the capped call transactions.

The option counterparties to our capped call transactions are financial institutions, and we will be subject to the risk that one or more of the counterparties may default or otherwise fail to perform, or may exercise certain rights to terminate, their obligations under the capped call transactions. Our exposure to the credit risk of the option counterparties will not be secured by any collateral. Adverse global economic conditions may result in the actual or perceived failure or financial difficulties for financial institutions, including one or more of our option counterparties. If an option counterparty becomes subject to insolvency proceedings, we will become an unsecured creditor in those proceedings with a claim equal to our exposure at that time under our transactions with that option counterparty. Our exposure will depend on many factors but, generally, our exposure will increase if the market price or the volatility of our common stock increases. In addition, upon a default or other failure to perform, or a termination of obligations, by an option counterparty, we may suffer adverse tax consequences and more dilution than we currently anticipate with respect to our common stock. We can provide no assurances as to the financial stability or viability of the option counterparties.

Risks Related to Our Series A Convertible Preferred Stock

The holders of Series A Convertible Preferred Stock may exercise influence over us, including through their ability to designate a member of our board of directors

The holders of Series A Convertible Preferred Stock are generally entitled to vote with the holders of the shares of common stock on all matters submitted for a vote of holders of shares of common stock (voting together with the holders of shares of common stock as one class) on an as-converted basis, subject to certain Nasdaq voting limitations, if applicable. Additionally, the consent of the holders of a majority of the outstanding shares of Series A Convertible Preferred Stock is required for so long as any shares of the Series A Convertible Preferred Stock remain outstanding for (i) amendments to our organizational documents that have an adverse effect on the holders of Series A Convertible Preferred Stock and (ii) issuances by us of securities that are senior to, or equal in priority with, the Series A Convertible Preferred Stock. In addition, for so long as 25% of the Series A Convertible Preferred Stock issued in connection with the Securities Purchase Agreement with BTO Delta Holdings DE L.P., an investment vehicle of funds affiliated with The Blackstone Group Inc. (“Blackstone”), and the Securities Purchase Agreement with ClearSky Security Fund I LLC and ClearSky Power & Technology Fund II LLC (together, the “Series A Securities Financing Agreements”) remains outstanding, consent of the holders of a majority of the outstanding shares of Series A Convertible Preferred Stock will be required for (A) any change to the size of our board of directors, (B) any voluntary dissolution, liquidation, bankruptcy, winding up or deregistration or delisting, and (C) incurrence by us of net debt in excess of $350,000,000.

Additionally, pursuant to the applicable Series A Securities Financing Agreement, Blackstone has the right to nominate for election one member to our board of directors for so long as Blackstone holds 65% of the Series A Convertible Preferred Stock.The director designated by Blackstone is entitled to serve on committees of our board of directors, subject to applicable law and Nasdaq rules. Notwithstanding the fact that all directors will be subject to fiduciary duties to us and to applicable law, the interests of the director designated by Blackstone may differ from the interests of our security holders as a whole or of our other directors.

As a result, the holders of Series A Convertible Preferred Stock have the ability to influence the outcome of certain matters affecting our governance and capitalization. The sponsors of the holders of Series A Convertible Preferred Stock are in the business of making or advising on investments in companies, including businesses that may directly or indirectly compete with certain portions of our business, and they may have interests that diverge from, or even conflict with, those of our other shareholders. They may also pursue acquisition opportunities that may be complementary to our business, and, as a result, those acquisition opportunities may not be available to us. Our obligations to the holders of Series A Convertible Preferred Stock could also limit our ability to obtain additional financing or increase our borrowing costs, which could have an adverse effect on our financial condition.

Our Series A Convertible Preferred Stock has rights, preferences, and privileges that are not held by, and are preferential to, the rights of holders of our common stock, which could adversely affect our liquidity and financial condition.

The holders have the right under the Series A Certificate of Designation to receive a liquidation preference entitling them to be paid an amount per share equal to the greater of (i) $1,000 per share, plus all accrued and unpaid dividends and (ii) the amount that the holder of Series A Convertible Preferred Stock would have been entitled to receive at such time if the Series A Convertible Preferred Stock were converted into common stock. In addition, the holders are entitled to dividends on the original purchase price of $1,000 per share at a rate of 4.5% per annum, that (i) for the first three years after December 11, 2020, or the Series A closing date, will be paid in-kind, and (ii) after the third anniversary of the Series A closing date, will, at our election either be paid in cash, or, if not, will

accrue and accumulate, in each case, accruing daily and paid quarterly in arrears. The holders are also entitled to participate in dividends declared or paid on the common stock on an as-converted basis.

There may be future sales or other dilution of our equity, which may adversely affect the market price of our common stock or the Series A Convertible Preferred Stock and may negatively impact the holders’ investment.

Except in certain circumstances, we are not restricted from issuing additional shares of common stock or preferred stock, including any securities that are convertible into or exchangeable for, or that represent the right to receive, common stock or preferred stock or any substantially similar securities. The market price of our common stock or Series A Convertible Preferred Stock could decline as a result of sales of a large number of shares of common stock or Series A Convertible Preferred Stock or similar securities in the market or the perception that such sales could occur. For example, if we issue preferred stock in the future that has a preference over our common stock with respect to the payment of dividends or upon our liquidation, dissolution or winding-up, or if we issue preferred stock with voting rights that dilute the voting power of our common stock, the rights of holders of our common stock or the market price of our common stock could be adversely affected.

In addition, each share of Series A Convertible Preferred Stock will initially be convertible at the option of the holder thereof into shares of our common stock. The conversion of some or all of the Series A Convertible Preferred Stock will dilute the ownership interest of our existing common stockholders. Any sales in the public market of our common stock issuable upon such conversion could adversely affect prevailing market prices of the outstanding shares of our common stock and Series A Convertible Preferred Stock. In addition, the existence of our Series A Convertible Preferred Stock may encourage short selling or arbitrage trading activity by market participants because the conversion of our Series A Convertible Preferred Stock could depress the price of our equity securities. As noted above, a decline in the market price of the common stock may negatively impact the market price for the Series A Convertible Preferred Stock.

Risks Related to Ownership of Our Common Stock

If securities or industry analysts do not publish research or reports about our business, or publish inaccurate or unfavorable research reports about our business, our share price and trading volume could decline.

The trading market for our common stock, to some extent, depends on the research and reports that securities or industry analysts publish about us or our business. We do not have any control over these analysts. If one or more of the analysts who cover us should downgrade our shares or change their opinion of our shares, industry sector or ~~products,~~solutions, our share price would likely decline. If one or more of these analysts ceases coverage of ~~our Company~~us or fails to regularly publish reports on us, we could lose visibility in the financial markets, which could cause our share price or trading volume to decline.

We may fail to meet our publicly announced guidance or other expectations about our business and future operating results, which would cause our stock price to decline.

We have provided and may continue to provide guidance about our business and future operating results. In developing this guidance, our management must make certain assumptions and judgments about our future performance. Furthermore, analysts and investors may develop and publish their own projections of our business, which may form a consensus about our future performance. Our business results may vary significantly from such guidance or that consensus due to a number of factors, many of which are outside of our control, and which could adversely affect our operations and operating results. Such factors may include the possibility that interpretation, industry practice, and accounting guidance may continue to evolve during the early stages of adoption of ~~the new revenue standard.~~Accounting Standard Update 2014-09, Revenue from Contracts with Customers (Topic 606). Furthermore, if we make downward revisions of our previously announced guidance, or if our publicly announced guidance of future operating results fails to meet expectations of securities analysts, investors or other interested parties, the price of our common stock would decline.

The price of our common stock has been and may continue to be volatile, and the value of your investment could decline.

The trading price of our common stock has been volatile since our initial public offering, and is likely to continue to be volatile. Since the date of our initial public offering, the price of our common stock has ranged from $10.35 to $97.35 through February 21, 2018, and the last reported sale price on February 21, 2018 was $16.50. The trading price of our common stock may fluctuate widely in response to various factors, some of which are beyond our control. These factors include:

•whether our results of operations, and in particular, our revenue growth rates, meet the expectations of securities analysts or investors;

•actual or anticipated changes in the expectations of investors or securities analysts, whether as a result of our forward-looking statements, our failure to meet such expectation or otherwise;

•announcements of new ~~products,~~solutions, services or technologies, commercial relationships, acquisitions or other events by us or our competitors;

•changes in how customers perceive the effectiveness of our platform in protecting against advanced ~~cyber attacks~~cyber-attacks or other reputational harm;

•publicity concerning ~~cyber attacks~~cyber-attacks in general or high profile ~~cyber attacks~~cyber-attacks against specific organizations;

•price and volume fluctuations in the overall stock market from time to time;

•significant volatility in the market price and trading volume of technology and/or growth companies in general and of companies in the IT security industry in particular;

•fluctuations in the trading volume of our shares or the size of our public float;

•actual or anticipated changes or fluctuations in our results of operations;

•litigation involving us, our industry, or both;

•regulatory developments in the United States, foreign countries or both;

•general economic conditions and trends;

~~major~~•natural disasters or other catastrophic events;

•public health crises and related measures to protect the public health, such as the COVID-19 pandemic;

•actual or perceived security breaches or incidents that we or our service providers may suffer;

•sales of large blocks of our common ~~stock;~~stock or substantial future sales by our directors, executive officers, employees and significant stockholders; and

•departures of key personnel.

In addition, if the market for technology stocks or the stock market in general experiences a loss of investor confidence, the trading price of our common stock could decline for reasons unrelated to our business, results of operations or financial condition. The trading price of our common stock might also decline in reaction to events that affect other companies in our industry even if these events do not directly affect us. In the past, following periods of volatility in the market price of a company’s securities, securities class action litigation has often been brought against that company. The price of our common stock has been highly volatile since our IPO in September 2013, and ~~beginning in June 2014,~~ several lawsuits alleging violations of securities laws were filed against us and certain of our current and former directors and executive ~~officers.~~officers in 2014 and 2015. Any securities litigation could result in substantial costs and divert our management’s attention and resources from our business. This could have a material adverse effect on our business, results of operations and financial condition.

Sales of substantial amounts of our common stock in the public markets, or sales of our common stock by our executive officers and directors under Rule 10b5-1 plans, could adversely affect the market price of our common stock.

Sales of a substantial number of shares of our common stock in the public market, or the perception that such sales could occur, could adversely affect the market price of our common stock and may make it more difficult for you to sell your common stock at a time and price that you deem appropriate. In addition, certain of our executive officers and directors have adopted, and other executive officers and directors may in the future adopt, written plans, known as “Rule 10b5-1 Plans,” under which they have contracted, or may in the future contract, with a broker to sell shares of our common stock on a periodic basis to diversify their assets and investments. Sales made by our executive officers and directors pursuant to Rule 10b5-1, regardless of the amount of such sales, could adversely affect the market price of our common stock.

The issuance of additional stock in connection with financings, acquisitions, investments, our stock incentive plans, conversion of our convertible notes, conversion of the Series A Convertible Preferred Stock or otherwise will dilute all other stockholders.

Our amended and restated certificate of incorporation authorizes us to issue up to 1,000,000,000 shares of common stock and up to 100,000,000 shares of preferred stock with such rights and preferences as may be determined by our board of directors. Subject to compliance with applicable rules and regulations, we may issue shares of common stock or securities convertible into our common stock from time to time in connection with a financing, acquisition, investment, our stock incentive plans, the conversion of our convertible notes or otherwise. For example, in January 2016, we issued 1,793,305 shares of common stock in connection with our acquisition of iSIGHT; in February 2016, we issued 742,026 shares of common stock in connection with our acquisition of Invotas; in October 2017, we issued 259,425 shares of common stock in connection with our acquisition of The Email Laundry; ~~and~~ in January 2018, we issued 1,016,334 shares of common stock in connection with our acquisition of ~~X15.~~X15; in May 2019, we issued 8,404,609 shares of common stock in connection with our acquisition of Verodin, in November 2020, we issued 4,931,862 shares of common stock in connection with our acquisition of Respond Software. In addition, ~~in June 2015,~~ we issued $920.0 million aggregate principal amount of ~~convertible senior notes.~~2035 Notes, of which approximately $483.4 million aggregate principal remains outstanding, and we issued $600.0 million aggregate principal amount of the 2024 Notes during the three months ended June 30, 2018. In December 2020, we issued 400,000 shares of Series A Convertible Preferred Stock. Any future issuances could result in substantial dilution to our existing stockholders and cause the trading price of our common stock to decline.

We do not intend to pay dividends for the foreseeable future.

We have never declared or paid any dividends on our common stock. We intend to retain any earnings to finance the operation and expansion of our business, and we do not anticipate paying any cash dividends in the future. As a result, you may only receive a return on your investment in our common stock if the market price of our common stock increases.

Our charter documents and Delaware law, as well as certain provisions of our convertible notes, could discourage takeover attempts and lead to management entrenchment, which could also reduce the market price of our common stock.

Our amended and restated certificate of incorporation and amended and restated bylaws contain provisions that could delay or prevent a change in control of us. These provisions could also make it difficult for stockholders to elect directors who are not nominated by the current members of our board of directors or take other corporate actions, including effecting changes in our management. These provisions include:

•a classified board of directors with three-year staggered terms, which could delay the ability of stockholders to change the membership of a majority of our board of directors;

•the ability of our board of directors to issue shares of preferred stock and to determine the price and other terms of those shares, including preferences and voting rights, without stockholder approval, which could be used to significantly dilute the ownership of a hostile acquiror;

•the exclusive right of our board of directors to elect a director to fill a vacancy created by the expansion of our board of directors or the resignation, death or removal of a director, which prevents stockholders from being able to fill vacancies on our board of directors;

•a prohibition on stockholder action by written consent, which forces stockholder action to be taken at an annual or special meeting of our stockholders;

•the requirement that a special meeting of stockholders may be called only by our board of directors, the chairperson of our board of directors, our Chief Executive Officer or our President (in the absence of a Chief Executive Officer), which could delay the ability of our stockholders to force consideration of a proposal or to take action, including the removal of directors;

•the requirement for the affirmative vote of holders of at least 66 2/3% of the voting power of all of the then outstanding shares of the voting stock, voting together as a single class, to amend the provisions of our amended and restated certificate of incorporation relating to the management of our business (including our classified board structure) or certain provisions of our amended and restated bylaws, which may inhibit the ability of an acquiror to effect such amendments to facilitate an unsolicited takeover attempt;

•the ability of our board of directors to amend the bylaws, which may allow our board of directors to take additional actions to prevent an unsolicited takeover and inhibit the ability of an acquiror to amend the bylaws to facilitate an unsolicited takeover attempt; and

•advance notice procedures with which stockholders must comply to nominate candidates to our board of directors or to propose matters to be acted upon at a stockholders’ meeting, which may discourage or deter a potential acquiror from conducting a solicitation of proxies to elect the acquiror’s own slate of directors or otherwise attempting to obtain control of us.

In addition, as a Delaware corporation, we are subject to Section 203 of the Delaware General Corporation Law, which may prohibit large stockholders, in particular those owning 15% or more of our outstanding voting stock, from merging or combining with us for a specified period of time. Additionally, certain provisions of our convertible notes could make it more difficult or more expensive for a third party to acquire us. The application of Section 203 or certain provisions of our convertible notes also could have the effect of discouraging, delaying or preventing a transaction involving a change in control of us. Any of these provisions could, under certain circumstances, depress the market price of our common stock.

We cannot guarantee that our stock repurchase program will be fully implemented or that it will enhance long-term stockholder value.

In June 2021, our board of directors approved a stock repurchase program for the repurchase of up to $500 million of the currently outstanding shares of our common stock. As of December 31, 2021, approximately $200 million remained available under the stock repurchase program.The repurchase program has no termination date and may be suspended for periods, amended or discontinued at any time. We are not obligated to repurchase a specified number or dollar value of shares. Share repurchases under the program will be made from time to time in private transactions or open market purchases, as permitted by securities laws and other legal requirements. There can be no guarantee around the timing of our share repurchases, or that the volume of such repurchases will

increase. The stock repurchase program could affect the price of our common stock, increase volatility, diminish our cash reserves, and even if fully implemented may not enhance long-term stockholder value.

Risks Related to Potential Catastrophic Events

The global COVID-19 pandemic, and government imposed COVID-19 vaccination mandates or testing requirements, could harm our business and results of operations.

This COVID-19 pandemic has continued to spread across the globe and is impacting worldwide economic activity and financial markets. In light of the uncertain and rapidly evolving situation relating to the spread of COVID-19, including the occurrence of breakthrough cases and COVID-19 variants, we have taken precautionary measures intended to minimize the risk of the virus to our employees, our customers, and the communities in which we operate, which could negatively impact our business. Although we continue to monitor the situation and may adjust our current policies as more information and public health guidance become available, precautionary measures that have been adopted could negatively affect our customer success efforts, sales and marketing efforts, delay and lengthen our sales cycles, or create operational or other challenges, any of which could harm our business and results of operations. In addition, the COVID-19 pandemic may disrupt the operations of our customers and partners for an indefinite period of time, including as a result of travel restrictions and/or business shutdowns, all of which could negatively impact our business and results of operations, including cash flows. More generally, the COVID-19 pandemic could adversely affect economies and financial markets globally, potentially leading to an economic downturn, which could decrease technology spending and adversely affect demand for our offerings and harm our business and results of operations. It is not possible at this time to estimate the impact that the COVID-19 pandemic could have on our business, as the impact will depend on future developments, which are highly uncertain and cannot be predicted.

In addition, in January 2022, the U.S. Supreme Court struck down the U.S. Department of Labor’s Occupational Safety and Health Administration (“OSHA”) Emergency Temporary Standard (the “ETS”) requiring that all employers with at least 100 employees ensure that their U.S. employees are fully vaccinated for COVID-19. Following that ruling, OSHA chose to withdraw the vaccine ETS altogether. In addition, the federal district court in Georgia stayed the enforcement of the mandatory employee COVID-19 vaccination requirement found in President Biden’s Executive Order for U.S. government contractors and their subcontractors (the “Executive Order”). As a result, we revised our COVID-19 policy to only require COVID-19 vaccination for employees or visitors that will be entering any of Mandiant’s U.S. office locations. We are also complying with the other aspects of the Executive Order for federal government contractors at our covered contractor workplaces that have not been stayed by the federal courts. Our implementation and enforcement of vaccination requirements could be difficult, costly, and potentially result in employee attrition, including attrition of key employees, disruptions in workforce performance, and difficulty securing future labor needs, any of which could have a material adverse effect on our business, financial condition, and results of operations.

Our business is subject to the risks of earthquakes, fire, power outages, floods and other catastrophic events, and to interruption by man-made problems such as terrorism or armed conflicts.

Natural disasters or other catastrophic events, including earthquakes, fires, floods, significant power outages, telecommunications failures, outbreak of pandemic or contagious diseases (including, but not limited to, the current COVID-19 pandemic) and cyber-attacks, may cause damage or disruption to our operations, international commerce and the global economy, and thus could have a material adverse impact on our business, results of operations, and financial condition. Despite any precautions we may take, the occurrence of a natural disaster or other unanticipated problems at our facilities or the facilities of our public cloud providers could result in disruptions, outages, and other performance and quality problems. Customer data could be lost, significant recovery time could be required to resume operations and our financial condition and operating results could be adversely affected in the event of a natural disaster or other catastrophic event. In addition, computer malware, viruses and computer hacking, fraudulent use attempts, and phishing attacks have become more prevalent in our industry, and our internal systems may be victimized by such attacks. Although we maintain incident management and disaster response plans, in the event of a major disruption caused by a natural disaster or man-made problem, we may be unable to continue our operations and may endure system interruptions, reputational harm, delays in our development activities, lengthy interruptions in service, breaches of data security and loss of critical data, and our insurance may not cover such events or may be insufficient to compensate us for the potentially significant losses we may incur. Furthermore, acts of terrorism, armed conflicts and other geo-political unrest could cause disruptions in our business or the business of our public cloud providers, partners, or customers or the economy as a whole. Any disruption in the business of our public cloud providers, partners or end-customers that impacts sales could have a significant adverse impact on our financial results. All of the aforementioned risks may be further increased if the disaster recovery plans for us and our public cloud providers prove to be inadequate. To the extent that any of the above should result in delays or cancellations of customer orders or the loss of customers, our business, financial condition and results of operations would be adversely affected.

General Risk Factors

Fluctuating economic conditions make it difficult to predict revenue for a particular period, and a shortfall in revenue may harm our business and operating results.

Our revenue depends significantly on general economic conditions and the demand for solutions and services in the IT security market. Economic weakness, customer financial difficulties, and constrained spending on IT security may result in decreased revenue and earnings.

In addition, concerns regarding the effects of Brexit, uncertainties related to changes in public policies such as domestic and international regulations, taxes, or international trade agreements, international trade disputes, government shutdowns, geopolitical turmoil and other disruptions to global and regional economies and markets in many parts of the world, have and may continue to put pressure on global economic conditions and overall spending on IT security. General economic weakness may also lead to longer collection cycles for payments due from our customers, an increase in customer bad debt, restructuring initiatives and associated expenses, and impairment of investments. Furthermore, the continued uncertainty in worldwide credit markets, including the sovereign debt situation in certain countries in the EU may adversely impact the ability of our customers to adequately fund their expected capital expenditures, which could lead to delays or cancellations of planned purchases of our platform.

The COVID-19 pandemic has created significant uncertainty in the global economy. The COVID-19 pandemic and health measures taken by governments and private industry in response to the pandemic, including stay-at-home orders and travel restrictions, have had significant negative effects on the economy. Continued uncertainty about the pandemic, associated economic consequences, and potential relief measures may have a long-term adverse effect on the economy, our customers, partners, suppliers, and our business.

Uncertainty about future economic conditions also makes it difficult to forecast operating results and to make decisions about future investments. Future or continued economic weakness for us or our customers, failure of our customers and markets to recover from such weakness, customer financial difficulties, and reductions in spending on IT security could have a material adverse effect on demand for our solutions, subscriptions and services and consequently on our business, financial condition and results of operations.

The preparation of financial statements in conformity with GAAP requires management to make estimates and assumptions that affect the amounts reported in the consolidated financial statements and accompanying notes. We base our estimates on historical experience and on various other assumptions that we believe to be reasonable under the circumstances, as provided in the section entitled “Management’s Discussion and Analysis of Financial Condition and Results of Operations,” the results of which form the basis for making judgments about the carrying values of assets, liabilities, equity, revenue and expenses that are not readily apparent from other sources. In general, if our estimates, judgments or assumptions related to our critical accounting policies change or if actual circumstances differ from our estimates, judgments or assumptions, our results of operations may be adversely affected and could fall below our publicly announced guidance or the expectations of securities analysts and investors, which may result in a decline in our stock price. Significant assumptions and estimates used in preparing our consolidated financial statements include those related to assets, liabilities, revenue, expenses and related disclosures.

Our ability to use our net operating losses to offset future taxable income may be subject to certain limitations.

In general, under Section 382 of the Internal Revenue Code of 1986, as amended (the "Code"), a corporation that undergoes an “ownership change” is subject to limitations on its ability to utilize its pre-change net operating losses, or NOLs, to offset future taxable income. Our existing NOLs may be subject to limitations arising from previous ownership changes. Future changes in our stock ownership, some of which are outside of our control, could result in an ownership change under Section 382 of the Code and adversely affect our ability to utilize our NOLs in the future. Furthermore, our ability to utilize NOLs of companies that we may acquire in the future may be subject to limitations. There is also a risk that due to regulatory changes, such as suspensions on the use of NOLs, or other unforeseen reasons, our existing NOLs could expire or otherwise be unavailable to offset future income tax liabilities. For example, the Tax Act, as modified by the CARES Act, changed certain limitations on our ability to use our federal NOLs, and California recently enacted legislation limiting our ability to use our state NOLs for taxable years 2020, 2021, and 2022. For these reasons, we may not be able to utilize a material portion of the NOLs reflected on our balance sheet, even if we attain profitability.

The requirements of being a public company may strain our resources, divert management’s attention and affect our ability to attract and retain qualified board members.

As a public company, we are subject to the reporting requirements of the Securities Exchange Act of 1934, as amended ~~or the Exchange Act,~~(the "Exchange Act"), the listing requirements of ~~the NASDAQ Stock Market~~Nasdaq and other applicable securities rules and regulations. Compliance with these rules and regulations has increased and will continue to increase our legal, administrative and financial compliance costs, has made and will continue to make some activities more difficult, time-consuming or costly, and has increased and will continue to increase demand on our systems and resources. Among other things, the Exchange Act requires that we file annual, quarterly and current reports with respect to our business and results of operations and maintain effective disclosure controls and procedures and internal control over financial reporting. In order to maintain and, if required, improve our disclosure controls and procedures and internal control over financial reporting to meet this standard, significant resources and management oversight may be required. As a result, management’s

attention may be diverted from other business concerns, which could harm our business and results of operations. Although we have already hired additional employees to comply with these requirements, we may need to hire even more employees in the future, which will increase our costs and expenses.

We are subject to the independent auditor attestation requirements of Section 404 of the Sarbanes-Oxley Act ("Section 404"), enhanced disclosure obligations regarding executive compensation in our periodic reports and proxy statements, and the requirements of holding a nonbinding advisory vote on executive compensation and stockholder approval of any golden parachute payments not previously approved. While we were able to determine in our management's report for fiscal ~~2017~~2021 that our internal control over financial reporting is effective, as well as provide an unqualified attestation report from our independent registered public accounting firm to that effect, we have and will continue to consume management resources and incur significant expenses for Section 404 compliance on an ongoing basis. Changes to our business applications, processes and IT infrastructure to support our business needs, including the implementation of our planned new ERP system, may require the design of new controls subject to attestation. In the event that our Chief Executive Officer, Chief Financial Officer, or independent registered public accounting firm determines in the future that our internal control over financial reporting is not effective as defined under Section 404, we could be subject to one or more investigations or enforcement actions by state or federal regulatory agencies, stockholder lawsuits or other adverse actions requiring us to incur defense costs, pay fines, settlements or judgments and causing investor perceptions to be adversely affected and potentially resulting in a decline in the market price of our common stock.

In addition, changing laws, regulations and standards relating to corporate governance and public disclosure are creating uncertainty for public companies, increasing legal and financial compliance costs, and making some activities more time consuming. These laws, regulations and standards are subject to varying interpretations, in many cases due to their lack of specificity, and as a result, their application in practice may evolve over time as new guidance is provided by regulatory and governing bodies. This could result in continuing uncertainty regarding compliance matters and higher costs necessitated by ongoing revisions to disclosure and governance practices. We intend to invest resources to comply with evolving laws, regulations, and standards, and this investment will increase our general and administrative expense and a diversion of management’s time and attention from revenue-generating activities to compliance activities. If our efforts to comply with new laws, regulations, and standards are unsuccessful, regulatory authorities may initiate legal proceedings against us and our business may be harmed.

We also expect that ~~being a public company and~~ these new rules and regulations will make it more expensive for us to obtain and maintain director and officer liability insurance, and in the future, we may be required to accept reduced coverage or incur substantially higher costs to obtain coverage. These factors could also make it more difficult for us to attract and retain qualified executive officers and members of our board of directors, particularly to serve on our audit committee and compensation committee.

In addition, as a result of our disclosure obligations as a public company, we have reduced strategic flexibility and are under pressure to focus on short-term results, which may adversely impact our ability to achieve long-term profitability.

We are obligated to maintain proper and effective internal control over financial reporting. We may not complete our analysis of our internal control over financial reporting in a timely manner, or this internal control may not be determined to be effective, which may adversely affect investor confidence in our Company and, as a result, the value of our common stock.

We are required, pursuant to the Exchange Act, to furnish a report by management on, among other things, the effectiveness of our internal control over financial reporting. This assessment will need to include disclosure of any material weaknesses identified by our management in our internal control over financial reporting, as well as a statement that our auditors have issued an attestation report on our internal controls.

While we were able to determine in our management's report for fiscal ~~2017~~2021 that our internal control over financial reporting is effective, as well as provide an unqualified attestation report from our independent registered public accounting firm to that effect, we may not be able to complete our evaluation, testing, and any required remediation in a timely fashion or our independent registered public accounting firm may not be able to formally attest to the effectiveness of our internal control over financial reporting in the future. During the evaluation and testing process, if we identify one or more material weaknesses in our internal control over financial reporting that we are unable to remediate before the end of the same fiscal year in which the material weakness is identified, we will be unable to assert that our internal controls are effective. If we are unable to assert that our internal control over financial reporting is effective, or if our independent registered public accounting firm is unable to attest to the effectiveness of our internal controls or

determine we have a material weakness in our internal controls, we could lose investor confidence in the accuracy and completeness of our financial reports, which would cause the price of our common stock to decline.

~~Our charter documents and Delaware law, as well as certain provisions~~Increased scrutiny of our ~~convertible notes, could discourage takeover attempts~~environmental, social or governance responsibilities may result in additional costs and ~~lead~~risks, and may adversely impact our reputation, employee retention, and willingness of customers and suppliers to do business with us.

Investor advocacy groups, institutional investors, investment funds, proxy advisory services, stockholders, and customers are increasingly focused on environmental, social and governance (“ESG”) practices of companies. Additionally, public interest and legislative pressure related to public companies’ ESG practices continues to grow. If our ESG practices fail to meet regulatory requirements or investor or other industry stakeholders' evolving expectations and standards for responsible corporate citizenship in areas including environmental stewardship, support for local communities, Board of Director and employee diversity, human capital

management, ~~entrenchment, which could also reduce the market price of our common stock.~~

~~Our amended~~employee health and ~~restated certificate of incorporation~~safety practices, product quality, supply chain management, corporate governance and ~~amended~~transparency and restated bylaws contain provisions that could delay or prevent a change in control of our Company. These provisions could also make it difficult for stockholders to elect directors who are not nominated by the current members of our board of directors or take other corporate actions, including effecting changesemploying ESG strategies in our ~~management. These provisions include:~~

~~a classified board of directors with three-year staggered terms, which could delay the ability of stockholders to change the membership of a majority of~~operations, our ~~board of directors;~~

~~the ability of our board of directors to issue shares of preferred stock~~brand, reputation and to determine the price and other terms of those shares, including preferences and voting rights, without stockholder approval, which could be used to significantly dilute the ownership of a hostile acquiror;

the exclusive right of our board of directors to elect a director to fill a vacancy created by the expansion of our board of directors or the resignation, death or removal of a director, which prevents stockholders from being able to fill vacancies on our board of directors;

~~a prohibition on stockholder action by written consent, which forces stockholder action to be taken at an annual or special meeting of our stockholders;~~

~~the requirement that a special meeting of stockholders~~employee retention may be called only by our board of directors, the chairperson of our board of directors, our Chief Executive Officer or our President (in the absence of a Chief Executive Officer), which could delay the ability of our stockholdersnegatively impacted and customers and suppliers may be unwilling to ~~force consideration of a proposal or to take action, including the removal of directors;~~

•

~~the requirement for the affirmative vote of holders of at least 66~~²/₃% of the voting power of all of the then outstanding shares of the voting stock, voting together as a single class, to amend the provisions of our amended and restated certificate of incorporation relating to the management of ourdo business (including our classified board structure) or certain provisions of our amended and restated bylaws, which may inhibit the ability of an acquiror to effect such amendments to facilitate an unsolicited takeover attempt;

the ability of our board of directors to amend the bylaws, which may allow our board of directors to take additional actions to prevent an unsolicited takeover and inhibit the ability of an acquiror to amend the bylaws to facilitate an unsolicited takeover attempt; and

~~advance notice procedures~~ with which stockholders must comply to nominate candidates to our board of directors or to propose matters to be acted upon at a stockholders’ meeting, which may discourage or deter a potential acquiror from conducting a solicitation of proxies to elect the acquiror’s own slate of directors or otherwise attempting to obtain control of us.

In addition, as ~~a Delaware corporation,~~ we ~~are subject~~work to ~~Section 203~~align our ESG practices with industry standards, we will likely continue to expand our disclosures in these areas and doing so may result in additional costs and require additional resources to monitor, report, and comply with our various ESG practices. If we fail to adopt ESG standards or practices as quickly as stakeholders desire, report on our ESG efforts or practices accurately, or satisfy the expectations of ~~the Delaware General Corporation Law, which~~stakeholders, our reputation, business, financial performance and growth may prohibit large stockholders, in particular those owning 15% or more of our outstanding voting stock, from merging or combining with us for a specified period of time. Additionally, certain provisions of our convertible notes could make it more difficult or more expensive for a third party to acquire us. The application of Section 203 or certain provisions of our convertible notes also could have the effect of discouraging, delaying or preventing a transaction involving a change in control of us. Any of these provisions could, under certain circumstances, depress the market price of our common stock.be adversely impacted.

Item 1B. Unresolved Staff Comments

None.

Item 2. Properties

Our corporate headquarters is located in ~~Milpitas, California~~Reston, Virginia where we currently lease approximately ~~190,000~~47,000 square feet of space under lease agreements that expire during the year ended December 31, 2027. We maintain additional offices throughout the United States and various international locations, including, but not limited to, Australia, Dubai, Germany, India, Ireland, Japan, Singapore and the United Kingdom. We believe that our current facilities are adequate to meet our ongoing needs, and that, if we require additional space, we will be able to obtain additional facilities on commercially reasonable terms.

Item 3. Legal Proceedings

The information set forth under "Litigation" in Note 912 contained in the "Notes to Consolidated Financial Statements" in Part II, Item 8 ~~of Part II~~ of this Annual Report on Form 10-K is incorporated herein by reference.

Item 4. Mine Safety Disclosures

Not applicable.

PART II

Item 5. Market for Registrant's Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities

Market Information

Our common stock, $0.0001 par value per share, began trading on The NASDAQ Global Select Market on September 20, 2013, where its prices are quoted under the symbol ~~“FEYE.”~~“MNDT”.

Holders of Record

As of December 31, ~~2017,~~2021, there were 99102 holders of record of our common stock. Because many of our shares are held by brokers and other institutions on behalf of stockholders, we are unable to estimate the total number of stockholders represented by these record holders.

~~Price Range of Our Common Stock~~

~~The following table sets forth the reported high and low sales prices of our common stock for the periods indicated, as regularly quoted on The NASDAQ Global Select Market:~~

Year Ended December 31, 2017: High Low
First Quarter $ 13.74
$ 10.35
Second Quarter $ 16.25
$ 11.82
Third Quarter $ 17.51
$ 13.74
Fourth Quarter $ 18.00
$ 13.40

Year Ended December 31, 2016: High Low
First Quarter $ 22.48
$ 11.35
Second Quarter $ 18.73
$ 12.38
Third Quarter $ 18.42
$ 13.38
Fourth Quarter $ 15.03
$ 10.87

Stock Performance Graph

The following performance graph shall not be deemed “filed” for purposes of Section 18 of the Exchange Act or otherwise subject to the liabilities under that Section, and shall not be deemed to be incorporated by reference into any of our filings under the Securities Act or of 1933, as amended ("the Exchange ~~Act,~~Act"), except as shall be expressly set forth by specific reference in such filing.

The following graph compares the cumulative total return of our common stock with the total return for the Standard & Poor's 500 Index and the Standard & Poor's Information Technology Index from ~~September 20, 2013 (the date our common stock commenced trading on The NASDAQ Global Select Market)~~December 31, 2016 through December 31, ~~2017.~~2021. The graph assumes that $100 was invested on ~~September 20, 2013~~December 31, 2016 in our common stock, the Standard & Poor's 500 Index and the Standard & Poor's Information Technology Index, and assumes reinvestment of any dividends. The stock price performance on the following graph is not necessarily indicative of future stock price performance.


																														Dec 2016		Dec 2017		Dec 2018		Dec 2019		Dec 2020		Dec 2021
	9/20/13		12/13		4/14		8/14		12/14		4/15		8/15		12/15		4/16		8/16		12/16		4/17		8/17		12/17
FireEye, Inc.	$	100.00	$	121.14	$	109.06	$	86.50	$	87.72	$	114.72	$	104.94	$	57.61	$	48.19	$	39.89	$	33.06	$	34.75	$	41.03	$	39.44
Mandiant, Inc.																													Mandiant, Inc.	$	100.00	$	119.33	$	136.22	$	138.91	$	193.78	$	147.39
S&P 500	$	100.00	$	113.98	$	116.90	$	125.25	$	129.58	$	132.07	$	125.84	$	131.37	$	133.66	$	141.64	$	147.09	$	157.61	$	164.64	$	179.20	S&P 500	$	100.00	$	121.83	$	116.49	$	153.17	$	181.35	$	233.41
S&P Information Technology	$	100.00	$	116.52	$	119.52	$	133.90	$	139.96	$	144.05	$	137.19	$	148.25	$	143.92	$	162.82	$	168.79	$	194.80	$	213.61	$	234.33	S&P Information Technology	$	100.00	$	138.83	$	138.43	$	208.05	$	299.37	$	402.73

~~Persuasive Evidence~~•Identification of the contract, or contracts, with a customer - A contract with a customer exists when (i) we enter into an ~~Arrangement Exists.~~ ~~We rely upon non-cancelable sales agreements~~enforceable contract with a customer that defines each party’s rights regarding the goods or services to be transferred and ~~purchase orders~~identifies the payment terms related to these goods or services, (ii) the contract has commercial substance and the parties are committed to perform, and (iii) we determine ~~the existence~~that collection of ~~an arrangement.~~substantially all consideration to which it will be entitled in

~~Delivery has Occurred.~~ ~~We use shipping documents~~exchange for goods or ~~transmissions of service contract registration codes to verify delivery.~~

~~The Fee~~services that will be transferred is ~~Fixed or Determinable.~~ ~~We assess whether the fee is fixed or determinable~~probable based on the ~~payment terms associated with~~customer’s intent and ability to pay the ~~transaction.~~

promised consideration.

~~Collectability is Reasonably Assured.~~ ~~We assess collectability~~•Identification of the performance obligations in the contract -Performance obligations promised in a contract are identified based on ~~credit analysis~~the goods or services that will be transferred to the customer that are both capable of being distinct, whereby the customer can benefit from the goods or service either on its own or together with other resources that are readily available from third parties or from us, and ~~payment history.~~

are distinct in the context of the contract, whereby the transfer of the goods or services is separately identifiable from other promises in the contract. To the extent a contract includes multiple promised goods or services, we apply judgment to determine whether promised goods or services are capable of being distinct and distinct in the context of the contract. If these criteria are not met the promised goods or services are accounted for as a combined performance obligation.

~~Our products include~~•Determination of the transaction price - The transaction price is determined based on the consideration to which we will be entitled in exchange for transferring goods or services to the customer adjusted for estimated variable consideration, if any. We typically estimate the transaction price impact of discounts offered to the customers for early payments on receivables or rebates based on channel partner sales achievements. Constraints are applied when estimating variable considerations based on historical experience where applicable.

•Allocation of the transaction price to the performance obligations in the contract - If the contract contains a single performance obligation, the entire transaction price is allocated to the single performance obligation. Contracts that contain multiple performance obligations require an allocation of the transaction price to each performance obligation based on a relative standalone selling price ("SSP") basis. Determination of SSP requires judgment. We determine standalone selling price taking into account available information such as historical selling prices of the performance obligation, geographic location, overall strategic pricing objective, market conditions and internally approved pricing guidelines related to the performance obligations.

•Recognition of revenue when, or as, we satisfy performance obligations - We satisfy performance obligations either over time or at a point in time as discussed in further detail below. Revenue is recognized at or over the time the related performance obligation is satisfied by transferring a promised good or service to a customer.

Nature of Solutions and Services

We generate revenue from the sales of cloud based subscriptions, managed services and professional services, primarily through our indirect relationships through our partners or direct relationships through our direct sales-force. We account for our performance obligations in accordance with Accounting Standards Update (ASU) 2014-09, Revenue from Contracts with Customers, regarding Accounting Standards Codification Topic 606 (“ASC 606”) and all related interpretations.

Revenue from subscriptions to our cloud-based solutions, which allow customers to use our hosted security ~~product families that address critical attack vectors, including solutions to detect~~software over a contracted period without taking possession of the software and ~~prevent attacks targeting networks, email,~~managed services where we provide managed detection and ~~endpoint devices. When~~response services for customers, are recognized over the contractual term. A small portion of our ~~solutions are~~revenue is derived from our validation software deployed on premise that is not dependent on regular threat intelligence updates. Revenue from these solutions is therefore recognized when ownership is transferred to our customers, typically upon delivery of the license.

Professional services, which include incident response, security assessments, and other strategic security consulting services are offered on a time-and-materials basis or through fixed fee arrangements, and we recognize the associated revenue as the services are delivered.

Discontinued Operations

Revenue from discontinued operations was generated primarily from sales of network, email, endpoint security, Helix SIEM and Cloudvisory solutions deployed on a customer's premises, either as an integrated security appliance or a distributed hybrid on-premise/private cloud configurations. As a single performance obligation, revenue from sales of appliance hardware and related subscriptions was recognized ratably over the contractual term, typically one to three years. Such contracts typically contained a material right of renewal option that allows the customer to renew their DTI cloud and support subscriptions for an additional term at a discount to the original purchase price of the single performance obligation. For contracts that contained a material right of renewal option, the value of the performance obligation allocated to the renewal was recognized ratably over the period between the end of the initial contractual term and end of the estimated useful life of the related appliance and license. A small portion of our revenue in the product and related subscription and support ~~services qualify as separate units~~revenue related to discontinued operations was derived from the sale of ~~accounting. Therefore, product~~our network forensics appliances and our central management system appliances. These appliances were not dependent on regular security intelligence updates, and revenue from these appliances iswas therefore recognized when ownership was transferred to our customer, typically at ~~the time of~~ shipment.

from their end-customers. Our partners do not stock products and do not have any stock rotation rights. We recognize subscription and support and maintenance services revenue ratably over the contractual service period, which is typically one or three years. Professional services revenue, including incident response and related consulting services for our customers who have experienced a cybersecurity breach or who require assistance assessing the vulnerability of their networks, and training services revenue is recognized as the services are rendered.

At the time of shipment, product revenue generally meets the criteria for fixed or determinable fees as our partners receive an order from an end-customer prior to placing an order with us. In addition, payment from our partners is not contingent on the partners’ collection from their end-customers. Our partners do not stock products and do not have any stock rotation rights. We recognize subscription and support and maintenance services revenue ratably over the contractual service period, which is typically one or three years. Professional services revenue, including incident response and related consulting services for our customers who have experienced a cybersecurity breach or who require assistance assessing the vulnerability of their networks, and training services revenue is recognized as the services are rendered. Revenue from the sale of stand-alone software bundled with services is recognized ratably over contract term as we do not have Vendor Specific Objective Evidence, or VSOE, for the undelivered elements.

Most of our arrangements, other than renewals of subscriptions and support and maintenance services, are multiple-element arrangements with a combination of product, subscriptions, support and maintenance, and other services. For multiple-element arrangements, we allocate revenue to each unit of accounting based on an estimated selling price at the arrangement inception. The estimated selling price for each element is based upon the following hierarchy: VSOE of selling price, if available, third-party evidence, or TPE, of selling price, if VSOE of selling price is not available, or best estimate of selling price, or BESP, if neither VSOE of selling price nor TPE of selling price are available. The total arrangement consideration is allocated to each separate unit of accounting using the relative estimated selling prices of each unit based on the aforementioned selling price hierarchy. We limit the amount of revenue recognized for delivered elements to an amount that is not contingent upon future delivery of additional products or services or meeting of any specified performance conditions.

To determine the estimated selling price in multiple-element arrangements, we seek to establish VSOE of selling price using the prices charged for a deliverable when sold separately and, for subscriptions and support and maintenance, based on the renewal rates and discounts offered to partners. If VSOE of selling price cannot be established for a deliverable, we seek to establish TPE of selling price by evaluating similar and interchangeable competitor products or services in standalone arrangements with similarly situated partners. However, as our products contain a significant element of proprietary technology and offer substantially different features and functionality from our competitors, we are unable to obtain comparable pricing of our competitors’ products with similar functionality on a stand-alone basis. Therefore, we have not been able to obtain reliable evidence of TPE of selling price. If neither VSOE nor TPE of selling price can be established for a deliverable, we establish BESP primarily based on historical transaction pricing. Historical transactions are segregated based on our pricing model and our go-to-market strategy, which include factors such as type of sales channel (reseller, distributor, or end-customer), the geographies in which our products and services were sold (domestic or international), offering type (products or services), and whether or not the opportunity was identified by our sales force or by our partners. In analyzing historical transaction pricing, we evaluate whether a majority of the prices charged for a product, as represented by a percentage of list price, fall within a reasonable range. To further support the BESP of selling price as determined by the historical transaction pricing or when such information is unavailable, such as when there are limited sales of a new product, we consider the same factors we have established through our pricing model and go-to-market strategy. The determination of BESP is made through consultation with and approval by our management. We have established the estimated selling price of all of our deliverables using BESP.

Shipping charges billed to partners are included in revenue while related costs are included in cost of revenue. Sales commissions and other incremental costs to acquire contracts are also expensed as incurred. After receipt of a partner order, any amounts billed in excess of revenue recognized are recorded as deferred revenue.

Stock-Based Compensation

Compensation expense related to stock-based transactions, including employee and non-employee director stock options, is measured and recognized in the financial statements based on the fair value of the awards granted. The fair value of each option award is estimated on the grant date using the Black-Scholes option-pricing model and a single option award approach. The fair value of stock options granted to non-employees is remeasured as the stock options vest, and the resulting change in value, if any, is recognized

in the statement of operations during the period the related services are rendered. Stock-based compensation expense is recognized over the requisite service periods of the awards, which is generally four years.

Our use of the Black-Scholes option-pricing model requires the input of highly subjective assumptions, including the fair value of the underlying common stock prior to our IPO in September 2013, the expected term of the option, the expected volatility of the price of our common stock, risk-free interest rates, and the expected dividend yield of our common stock. The assumptions used in our option-pricing model represent management’s best estimates. These estimates involve inherent uncertainties and the application of management’s judgment. If factors change and different assumptions are used, our stock-based compensation expense could be materially different in the future. These assumptions and estimates are as follows:

•Fair Value of Common Stock. Because our common stock was not publicly traded until September 20, 2013, we were required to estimate the fair value of common stock for grants made prior to that date, as discussed in “Common Stock Valuations” below.

•Risk-Free Interest Rate. We base the risk-free interest rate used in the Black-Scholes option-pricing model on the implied yield available on U.S. Treasury zero-coupon issues with a remaining term equivalent to that of the options for each option group.

•Expected Term. The expected term represents the period that our stock-based awards are expected to be outstanding. We base the expected term assumption on our historical exercise behavior combined with estimates of the post-vesting holding period.

•Volatility. We determine the price volatility factor based on the historical volatilities of our publicly traded peer group as we do not have a significant trading history for our common stock. Industry peers consist of several public companies in the technology industry that are similar to us in size, stage of life cycle, and financial leverage. We used the same set of peer group companies in all the relevant valuation estimates. We did not rely on implied volatilities of traded options in our industry peers’ common stock because the volume of activity was relatively low. We intend to continue to consistently apply this process using the same or similar public companies until a sufficient amount of historical information regarding the volatility of our own common stock share price becomes available, or unless circumstances change such that the identified companies are no longer similar to us, in which case, more suitable companies whose share prices are publicly available would be utilized in the calculation.

•Dividend Yield. The expected dividend assumption is based on our current expectations about our anticipated dividend policy. Consequently, we used an expected dividend yield of zero.

In addition to the assumptions used in the Black-Scholes option-pricing model, we also estimated a forfeiture rate to calculate the stock-based compensation expense for our awards prior to January 1, 2016. Beginning January 1, 2016, we began recognizing forfeitures as they occur with the adoption of ASU 2016-09.

We estimate the fair value of the rights to acquire stock under our ESPP using the Black-Scholes option pricing formula. Our ESPP typically provides for consecutive twelve-month offering periods and we use our peer group volatility data in the valuation of ESPP shares. We recognize such compensation expense on a straight-line basis over the requisite service period.

We account for the fair value of restricted stock units (“RSUs”) using the closing market price of our common stock on the date of grant. For new-hire grants, RSUs generally vest ratably on an annual basis over four years. For annual refresh grants, RSUs generally vest ratably on an annual, or combination of annual and quarterly, basis over two to four years.

We account for the fair value of performance stock units ("PSUs") using the closing market price of our common stock on the date of grant. We begin recognizing compensation expense when we conclude that it is probable that the performance conditions will be achieved. We reassess the probability of vesting at each reporting period and adjust our compensation cost based on this probability assessment.

We will continue to use judgment in evaluating the assumptions related to our stock-based compensation on a prospective basis. As we continue to accumulate additional data related to our common stock, we may have refinements to our estimates which could materially impact our future stock-based compensation expense.

Income Taxes

We account for income taxes using the asset and liability method, which requires the recognition of deferred tax assets and liabilities for the expected future tax consequences of events that have been recognized in our financial statements or tax returns. In addition, deferred tax assets are recorded for the future benefit of utilizing net operating losses and research and development credit carryforwards. Valuation allowances are provided when necessary to reduce deferred tax assets to the amount expected to be realized.

~~On December 22, 2017, the U.S. government enacted comprehensive tax legislation commonly referred to~~ We recognize taxes on Global Intangible Low-Taxed Income (“GILTI”) as the Tax Cuts and Jobs Act of 2017 (the “Tax Act”). The Tax Act makes broad and complex changes to the U.S. tax code. The changes include, but are not limited to, reducing the U.S. federal corporate tax rate from 35% to 21%, imposing a mandatory one-time transition tax on certain unrepatriated earnings of foreign subsidiaries, introducing bonus depreciation that will allow for full expensing of qualified property, eliminating the corporate alternative minimum tax (“AMT”) and changing how existing AMT credits can be realized.

~~The SEC staff issued Staff Accounting Bulletin No. 118 ("SAB 118") to address the application of U.S. GAAP in situations~~current period expense when a registrant does not have the necessary information available, prepared, or analyzed (including computations) in reasonable detail to complete the accounting for certain income tax effects of the Tax Act.

In accordance with SAB 118, we provided our best estimate of the impact of the Tax Act in the period ending December 31, 2017 based on our understanding of the Tax Act and guidance available as of the date of this filing. We remeasured our existing net U.S. deferred tax assets using the enacted tax rate and other known significant changes to the tax code. This remeasurement resulted in a total decrease in these assets by $71.7 million which was fully offset by the decrease in the valuation allowance. In addition, we recorded a $0.3 million tax benefit related to the release of valuation allowance on AMT credit carryovers because under the Tax Act, existing AMT credits are refundable from 2018 through 2021.incurred.

We apply the authoritative accounting guidance prescribing a threshold and measurement attribute for the financial recognition and measurement of a tax position taken or expected to be taken in a tax return. We recognize liabilities for uncertain tax positions based on a two-step process. The first step is to evaluate the tax position for recognition by determining if the weight of available

evidence indicates

that it is more likely than not that the position will be sustained on audit, including resolution of related appeals or litigation processes, if any. The second step requires us to estimate and measure the tax benefit as the largest amount that is more than 50% likely to be realized upon ultimate settlement.

Significant judgment is required in evaluating our uncertain tax positions and determining our provision for income taxes. Although we believe our reserves are reasonable, no assurance can be given that the final tax outcome of these matters will not be different from that which is reflected in our historical income tax provisions and accruals. We adjust these reserves in light of changing facts and circumstances, such as the closing of a tax audit or the refinement of an estimate. To the extent that the final tax outcome of these matters is different than the amounts recorded, such differences may impact the provision for income taxes in the period in which such determination is made.

Significant judgment is also required in determining any valuation allowance recorded against deferred tax assets. In assessing the need for a valuation allowance, we consider all available evidence, including scheduled reversal of deferred tax liabilities, past operating results, the feasibility of tax planning strategies and estimates of future taxable income. Estimates of future taxable income are based on assumptions that are consistent with our plans. Assumptions represent management’s best estimates and involve inherent uncertainties and the application of management’s judgment. Should actual amounts differ from our estimates, the amount of our tax expense and liabilities could be materially impacted.

We do not provide for a U.S. income tax liability and foreign withholding taxes on undistributed foreign earnings of our foreign ~~subsidiaries.~~subsidiaries as a result of cumulative and current overall foreign loss. The earnings of non-U.S. subsidiaries are currently expected to be indefinitely reinvested in non-U.S. operations.

~~Contract Manufacturer Liabilities~~

We outsource most of our manufacturing, repair, and supply chain management operations to our independent contract manufacturers and payments to them are a significant portion of our product cost of revenue. Although we could be contractually obligated to purchase manufactured products, we generally do not own the manufactured products. Product title transfers from our independent contract manufacturers to us and immediately to our partners upon shipment. Our independent contract manufacturers assemble our products using design specifications, quality assurance programs, and standards that we establish, and they procure components and assemble our products based on our demand forecasts. These forecasts represent our estimates of future demand for our products based upon historical trends and analysis from our sales and product management functions as adjusted for overall market conditions. If the actual component usage and product demand are significantly lower than forecast, we accrue for costs for contractual manufacturing commitments in excess of our forecasted demand, including costs for excess components or for carrying costs incurred by our contract manufacturers. To date, we have not accrued any significant costs associated with this exposure.

Loss Contingencies

We are subject to the possibility of various loss contingencies arising in the ordinary course of business. We consider the likelihood of loss or impairment of an asset, or the incurrence of a liability, as well as our ability to reasonably estimate the amount of loss, in determining loss contingencies. An estimated loss contingency is accrued when it is probable that an asset has been impaired, or a liability has been incurred and the amount of loss can be reasonably estimated. If we determine that a loss is possible, and the range of the loss can be reasonably determined, then we disclose the range of the possible loss. We regularly evaluate current information available to us to determine whether an accrual is required, an accrual should be adjusted, or a range of possible loss should be disclosed.

~~Warranties~~

We generally provide a one-year warranty on hardware. We do not accrue for potential warranty claims as a component of cost of product revenue as all product warranty claims are satisfied under our supportGoodwill and ~~maintenance contracts.~~Purchased Intangible Assets

Goodwill

~~Goodwill is~~ represents the excess of the aggregate purchase price paid over the fair value of the net tangible and identifiable intangible assets acquired. Goodwill is not amortized and is tested for impairment at least annually or whenever events or changes in circumstances indicate that the carrying value may not be recoverable. We have determined that we operate as one reporting unit and have selected December 1 as the date to perform our annual impairment test. In the valuation of our goodwill, we must make assumptions regarding estimated future cash flows to be derived from our business. If these estimates or their related assumptions change in the future, we may be required to record impairment for these assets. Goodwill is not amortized and is tested for impairment at least annually or whenever events or changes in circumstances indicate that the carrying value may not be recoverable. The ~~first step of~~Company has determined that it operates as 1 reporting unit and has selected December 1 as the date to perform its annual impairment test.

We perform the impairment ~~test involves comparing~~testing by first assessing qualitative factors to determine whether existence of events or circumstances leads to a determination that it is more likely than not that the fair value of ~~the~~its reporting unit tois less than its ~~net book~~carrying amount. In assessing the qualitative factors, we consider the impact of certain key factors including macroeconomic conditions, industry and market considerations, management turnover, changes in regulation, litigation matters, changes in enterprise value, ~~including goodwill.~~and overall financial performance. If, after assessing the ~~net book value exceeds its fair value, then we would perform~~totality of events or circumstances, the ~~second step of~~Company determines it is more likely than not that the ~~goodwill impairment test to determine the amount of the impairment loss. The impairment loss would be calculated by comparing our implied fair value to our net book value. In calculating our implied~~ fair value of ~~goodwill, our fair value would be allocated~~a reporting unit is less than its carrying amount, then it performs a quantitative assessment to ~~all of~~determine whether there is any impairment. To calculate any potential impairment, the ~~other assets and liabilities based on their fair values. The excess of our fair value over~~Company compares the ~~amount assigned to our other assets and liabilities is the implied~~ fair value of ~~goodwill. An impairment loss would be recognized when the~~a reporting unit with its carrying amount, ~~of goodwill exceeds its implied fair value.~~including goodwill. There was no impairment of goodwill recorded for the years ended December 31, ~~2017~~, ~~2016~~2021, 2020 or ~~2015, and our reporting unit was not~~2019.

Purchased intangible assets with finite lives are carried at ~~risk of failing~~cost, less accumulated amortization. Amortization is computed over the ~~first step~~estimated useful lives of the respective assets. Purchased intangible assets with indefinite lives are assessed for potential impairment ~~test for any of these periods.~~

annually, or when events or circumstances indicate that their carrying amounts might be impaired.

Business Combinations

We account for all of our acquisitions using the acquisition method of accounting for business combinations. The fair value of purchase consideration is allocated to the tangible assets acquired, liabilities assumed, and intangible assets acquired, based on their estimated fair values. The excess of the fair value of purchase consideration over the values of these identifiable assets and liabilities is recorded as goodwill.

When determining the fair value of assets acquired and liabilities assumed, management makes significant estimates and assumptions, especially with respect to identifiable intangible assets. ~~Critical estimates~~Significant assumptions in valuing certain identifiable intangible assets include, but are not limited to, expected long-term market growth, customer retention, future expected operating expenses, costs

of capital, and appropriate discount rates. Management’s estimates of fair value are based upon assumptions believed to be reasonable, but which are inherently uncertain and unpredictable and, as a result, actual results may differ from estimates.

Discontinued Operations

We consider assets to be held for sale when management commits to a formal plan to actively market the assets for sale at a price reasonable in relation to fair value, it is unlikely that significant changes will be made to the plan, the assets are available for immediate sale in their present condition, an active program to locate a buyer and other actions required to complete the sale have been initiated and the sale of the assets is expected to be completed within one year. Upon designation as held for sale, we record the carrying value of the assets at the lower of the then current carrying value or estimated fair value, less costs to sell. Fair value is determined based on external data available or management’s estimates, depending upon the nature of the assets and liabilities. Goodwill is allocated to the FireEye Products business and designated as held for sale based on the relative fair values of the FireEye Products business and the remaining business. The fair value is determined based on the Company’s market capitalization and management’s estimate of the control premium a buyer would pay to obtain control of the business. Following recording as such, assets held for sale are not depreciated or amortized thereafter.

If the disposal of the component of an entity (or group of components) represents a strategic shift that has (or will have) a major effect on an entity’s operations and financial results, it meets the criteria for discontinued operations. The results of discontinued operations, as well as any gain or loss on the disposal transaction, are presented separately, net of tax, from the results of continuing operations for all periods presented. The revenue and expenses included in the results of discontinued operations are the revenue and direct operating expenses incurred by the discontinued component that may be reasonably segregated from the revenue and costs of the ongoing operations of the Company. The assets and liabilities for the FireEye Products business have been accounted for as assets and liabilities held for sale in our consolidated balance sheets. The operating results have been included in discontinued operations in our consolidated financial statements. The consolidated statement of cash flows presents combined cash flows from continuing operations with cash flows from discontinued operations within each cash flow statement category. The prior periods have been adjusted to reflect the assets and liabilities held for sale and discontinued operations.

Recent Accounting Pronouncements

See Note 1, ~~Description~~"Description of Business and Summary of Significant Accounting Policies," contained in the "Notes to Consolidated Financial Statements" in Part II, Item 8 ~~of Part II~~ of this Annual Report on Form 10-K for a full description of the recent accounting pronouncements and our expectation of their impact, if any, on our results of operations and financial conditions.

Item 7A. Quantitative and Qualitative Disclosures About Market Risk

Foreign Currency Exchange Risk

Our sales contracts are primarily denominated in U.S. dollars. A portion of our operating expenses are incurred outside the United States and are denominated in foreign currencies and are subject to fluctuations due to changes in foreign currency exchange rates, particularly changes in the Indian Rupee, British Pound Sterling, Japanese Yen and Euro. Additionally, fluctuations in foreign currency exchange rates may cause us to recognize transaction gains and losses in our statement of operations. On June 23, 2016, the United Kingdom ("U.K.") held a referendum in which British voters approved an exit from the European Union ("EU"), commonly referred to as "Brexit." This resulted in an adverse impact to currency exchange rates, notably the British Pound Sterling which experienced a sharp decline in value compared to the U.S. dollar and other currencies. Continued volatility in currency exchange rates is expected as the U.K. negotiates its exit from the EU, which could result in greater transaction gains or losses in our statement of operations.

The effect of a hypothetical 10% adverse change in foreign exchange rates on monetary assets and liabilities at December 31, ~~2017~~2021 would not be material to our financial condition or results of operations. To date, foreign currency transaction gains and losses and exchange rate fluctuations have not been material to our financial statements, and we have not engaged in any foreign currency hedging transactions.

As our international operations continue to grow, our risks associated with fluctuations in currency rates will become greater, and we will continue to reassess our approach to managing this risk. In addition, currency fluctuations or a weakening U.S. dollar can increase the costs of our international expansion, and a strengthening U.S. dollar could slow international demand as products and services priced in U.S. dollars become more expensive.

Interest Rate Risk

We had cash and cash equivalents and investments of ~~$896.8 million~~$2.2 billion and ~~$935.7 million~~$1.3 billion as of December 31, ~~2017~~2021 and ~~2016,~~2020, respectively, consisting of bank deposits, money market funds, certificates of deposit, commercial paper and bonds issued by corporate institutions, U.S. Treasury notes and U.S. government agencies. Such interest-earning instruments carry a degree of interest rate ~~risk.~~risk, but the risk is limited due to our investment policies which limit the duration of our short term investments. To date, fluctuations in interest income have not been significant.

We do not enter into investments for trading or speculative purposes and have not used any derivative financial instruments to manage our interest rate risk exposure. We have not been exposed to, nor do we anticipate being exposed to, material risks due to changes in interest rates.

Our cash flow exposure due to changes in interest rates related to our debt is limited as our ~~Convertible Senior~~Series A Notes, Series B Notes and 2024 Notes have fixed interest rates atof 1.000%, 1.625% and ~~1.625%.~~0.875%, respectively. The fair value of the Convertible ~~Senior~~ Notes may increase or decrease for various reasons, including fluctuations in the market price of our common stock, fluctuations in market interest rates and fluctuations in general economic conditions. Based upon the quoted market price as of December 31, ~~2017,~~2021, the fair value of our Convertible ~~Senior~~ Notes was approximately ~~$851.3 million.~~$1.0 billion.

A hypothetical 10% change in interest rates during any of the periods presented would not have had a material impact on our financial statements.

Item 8. Financial Statements and Supplementary Data

INDEX TO CONSOLIDATED FINANCIAL STATEMENTS

Certain supplementary financial information required by this Item 8 is included in Part II, Item 7 of this Annual Report on Form 10-K under the caption “Quarterly Results of Operations.”

REPORT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM

To the Stockholders and the Board of Directors ~~and Stockholders~~ of

Mandiant, Inc. (formerly FireEye, Inc.)

Opinion on the Financial Statements

We have audited the accompanying consolidated balance sheets of Mandiant, Inc. (formerly FireEye, Inc.) and subsidiaries (the "Company") as of December 31, ~~2017~~2021 and ~~2016,~~2020, the related consolidated statements of operations, comprehensive ~~loss,~~income (loss), convertible preferred stock and stockholders' equity, and cash flows, for each of the three years in the period ended December 31, ~~2017,~~2021, and the related notes and the schedule listed in the Index at Item 15 (collectively referred to as the "financial statements"). In our opinion, the financial statements present fairly, in all material respects, the financial position of the Company as of December 31, 2021 and 2020, and the results of its operations and its cash flows for each of the three years in the period ended December 31, 2021, in conformity with accounting principles generally accepted in the United States of America.

We have also audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States) (PCAOB), the Company's internal control over financial reporting as of December 31, 2021, based on criteria established in Internal Control — Integrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Treadway Commission and our report dated March 1, 2022, expressed an unqualified opinion on the Company's internal control over financial reporting.

Basis for Opinion

These financial statements are the responsibility of the Company's management. Our responsibility is to express an opinion on the Company's financial statements based on our audits. We are a public accounting firm registered with the ~~Public Company Accounting Oversight Board (United States)~~PCAOB and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.

We conducted our audits in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether due to error or fraud. Our audits included performing procedures to assess the risks of material misstatement of the financial statements, whether due to error or fraud, and performing procedures that respond to those risks. Such procedures included examining, on a test basis, evidence regarding the amounts and disclosures in the financial statements. Our audits also included evaluating the accounting principles used and significant estimates made by management, as well as evaluating the overall presentation of the financial statements. We believe that our audits provide a reasonable basis for our opinion.

InEmphasis of a Matter

As discussed in Note 2 to the financial statements, the sale of the FireEye Products business to a consortium led by Symphony Technology Group closed on October 8, 2021. As a result, the FireEye Products business was classified as discontinued operations and the related assets and liabilities were classified as held for sale in the financial statements.

Critical Audit Matters

The critical audit matters communicated below are matters arising from the current-period audit of the financial statements that were communicated or required to be communicated to the audit committee and that (1) relate to accounts or disclosures that are material to the financial statements and (2) involved our especially challenging, subjective, or complex judgments. The communication of critical audit matters does not alter in any way our opinion such financial statements present fairly, in all material respects, the financial position of FireEye, Inc. and subsidiaries as of December 31, 2017 and 2016, and the results of their operations and their cash flows for each of the three years in the period ended December 31, 2017, in conformity with accounting principles generally accepted in the United States of America. Also, in our opinion, such financial statement schedule, when considered in relation toon the financial statements, taken as a whole, ~~presents fairly, in all~~and we are not, by communicating the critical audit matters below, providing separate opinions on the critical audit matters or on the accounts or disclosures to which they relate.

Revenue Recognition and Contract Balances - Appliance and License Useful Life — Refer to Notes 1, 8, and 10 to the financial statements

Critical Audit Matter Description

The Company recognizes revenue for contracts that contain a renewal option, which is a material ~~respects,~~right, over the ~~information set forth therein.~~

~~We have also audited, in accordance~~contractual term with the ~~standards~~allocated value of the ~~Public Company Accounting Oversight Board (United States) (PCAOB),~~renewal option recognized over the ~~Company's internal control over financial reporting as~~period between the end of ~~December 31, 2017,~~the initial contractual term and the end of the estimated useful life of the related appliance and license. The costs of revenue and commissions for such contracts are also recognized based on ~~criteria established in~~ ~~Internal Control - Integrated Framework (2013)~~ ~~issued by~~this estimated useful life.

We identified appliance and license useful life as a critical audit matter because the ~~Committee~~determination of ~~Sponsoring Organizations~~this estimated useful life of the ~~Treadway Commission~~appliance and ~~our report dated February 23, 2018 expressed an unqualified opinion~~license requires significant judgment based on the ~~Company's~~Company’s evaluation of historical renewals, technology refresh cycle, and management’s expectation of future trends. This required a high degree of auditor judgment and an increased extent of effort to perform qualitative evaluations of these assumptions.

How the Critical Audit Matter Was Addressed in the Audit

Our audit procedures related to the estimated appliance and license useful life included the following, among others:

•We tested the effectiveness of controls over the Company’s determination of the estimated appliance and license useful life.

•We evaluated the methods and assumptions used by management to determine the estimated useful life by:

◦Testing the underlying data that served as the basis for the analysis including information regarding actual historical renewals.

◦Recalculating the quantitative historical renewal information in the Company’s analysis

◦Assessing qualitative factors including product refresh cycle, technology life and evaluating whether historical renewal of the license and hardware is indicative of the estimated useful life based on internal or external information available, including interviews with Company personnel and reviews of Company product road maps and industry publications.

◦Evaluating the reasonableness of management’s overall conclusion

Discontinued Operations – Control Premium Used for Goodwill Allocation — Refer to Notes 1 and 2 to the financial statements

Critical Audit Matter Description

On October 8, 2021, the Company sold the assets and liabilities of the FireEye Products business in exchange for total cash consideration of $1.2 billion and recorded a gain on divestiture of $1.2 billion. The assets and liabilities sold were recorded at the lower of the then current carrying value or estimated fair value, less costs to sell. Fair value is determined based on external data available or management’s estimates, depending upon the nature of the assets and liabilities. Goodwill was allocated to the FireEye Products business based on the relative fair values of the FireEye Products business and the remaining business. The fair value of the business was determined based on the Company’s market capitalization and management’s estimate of the control premium a buyer would pay to obtain control of the business.

We identified the control premium used in the allocation of goodwill as a critical audit matter because it required management judgment. This required a high degree of auditor judgment and an increased extent of effort, including the need to involve our fair value specialists, when performing audit procedures to evaluate the reasonableness of management’s estimates and assumptions related to the control premium.

How the Critical Audit Matter Was Addressed in the Audit

Our audit procedures related to the control premium used for goodwill allocation included the following, among others:

•We tested the effectiveness of controls over ~~financial reporting.~~the estimation of the control premium used for goodwill allocation.

•We assessed the reasonableness of the control premium used for goodwill allocation by inquiring with management to understand how the premium was determined, comparing the premium to comparable market transactions, and evaluating the reasonableness of internal and external factors management considered in estimating the control premium.

•We evaluated management’s methodology for estimating the control premium.

•We involved our valuation specialists to audit the assumptions used in the determination of the control premium.

/s/ DELOITTE & TOUCHE LLP

San Jose, California

~~February 23rd, 2018~~

March 1, 2022

We have served as the Company's auditor since 2010.

MANDIANT, INC. (FORMERLY FIREEYE, INC.)

Consolidated Balance Sheets

(In thousands, except per share data)


	As of December 31,
	2021		2020
ASSETS
Current assets:
Cash and cash equivalents	$	1,154,458	$	673,234
Short-term investments	1,039,339		624,824
Accounts receivable, net of allowance for doubtful accounts of $806 and $1,225 at December 31, 2021 and 2020, respectively	146,460		70,563


Prepaid expenses and other current assets	73,079		39,670
Current assets held for sale	—		153,954
Total current assets	2,413,336		1,562,245
Property and equipment, net	46,329		64,336
Operating lease right-of-use assets, net	25,768		36,728
Goodwill	1,060,023		1,050,962
Intangible assets, net	79,511		120,555

Deposits and other long-term assets	26,220		18,084
Long-term assets held for sale	—		392,974
TOTAL ASSETS	$	3,651,187	$	3,245,884

LIABILITIES, CONVERTIBLE PREFERRED STOCK AND STOCKHOLDERS’ EQUITY
CURRENT LIABILITIES:
Accounts payable	$	32,585	$	4,027
Operating lease liabilities, current	13,306		14,556
Accrued and other current liabilities	105,886		19,730
Accrued compensation	71,660		71,784
Convertible senior notes, current, net	451,030		—
Deferred revenue, current portion	307,611		226,356
Current liabilities held for sale	—		417,291
Total current liabilities	982,078		753,744
Convertible senior notes, net	556,240		960,896
Deferred revenue, non-current portion	102,717		57,897
Operating lease liabilities, non-current	52,132		41,802

Other long-term liabilities	7,376		12,339
Long-term liabilities held for sale	—		285,251
Total liabilities	1,700,543		2,111,929
Commitments and contingencies (NOTE 12)	0		0
Series A Convertible Preferred Stock, par value of $0.0001 per share; 400 shares authorized, issued and outstanding as of December 31, 2021 and 2020	419,404		401,050
Stockholders' equity:
Common stock, par value of $0.0001 per share; 1,000,000 shares authorized, 231,166 and 235,690 shares issued and outstanding as of December 31, 2021 and 2020, respectively	23		24
Additional paid-in capital	3,511,444		3,623,243
Treasury stock, at cost; 1,778 and 1,778 shares as of December 31, 2021 and 2020, respectively	(80,000)		(80,000)
Accumulated other comprehensive income (loss)	(2,172)		3,834
Accumulated deficit	(1,898,055)		(2,814,196)
Total stockholders’ equity	1,531,240		732,905
TOTAL LIABILITIES, CONVERTIBLE PREFERRED STOCK AND STOCKHOLDERS’ EQUITY	$	3,651,187	$	3,245,884

As of December 31,
2017 2016
ASSETS
Current assets:
Cash and cash equivalents $ 180,891
$ 223,667
Short-term investments 715,911
712,058
Accounts receivable, net of allowance for doubtful accounts of $2,503 and $1,590 at December 31, 2017 and 2016, respectively 140,049
121,150
Inventories 5,746
5,955
Prepaid expenses and other current assets 34,541
25,081
Total current assets 1,077,138
1,087,911
Property and equipment, net 71,357
61,852
Goodwill 984,661
978,260
Intangible assets, net 187,388
244,032
Deposits and other long-term assets 11,537
10,910
TOTAL ASSETS $ 2,332,081
$ 2,382,965

LIABILITIES AND STOCKHOLDERS’ EQUITY
CURRENT LIABILITIES:
Accounts payable $ 35,684
$ 20,269
Accrued and other current liabilities 19,569
22,997
Accrued compensation 59,588
96,004
Deferred revenue, current portion 443,064
397,118
Total current liabilities 557,905
536,388
Convertible senior notes, net 779,578
741,980
Deferred revenue, non-current portion 227,680
256,398
Other long-term liabilities 22,102
7,087
Total liabilities 1,587,265
1,541,853
Commitments and contingencies (NOTE 9)

Stockholders' equity:
Common stock, par value of $0.0001 per share; 1,000,000 shares authorized, 187,105 shares and 174,596 shares issued and outstanding as of December 31, 2017 and 2016, respectively 19
17
Additional paid-in capital 2,891,441
2,682,909
Treasury stock, at cost; 3,333 shares as of December 31, 2017 and 2016 (150,000 ) (150,000 )
Accumulated other comprehensive loss (2,881 ) (1,742 )
Accumulated deficit (1,993,763 ) (1,690,072 )
Total stockholders’ equity 744,816
841,112
TOTAL LIABILITIES AND STOCKHOLDERS’ EQUITY $ 2,332,081
$ 2,382,965

See accompanying notes to consolidated financial statements.

	~~20-1548921~~
Delaware		20-1548921
(State or other jurisdiction of incorporation or organization)		(I.R.S. Employer Identification ~~Number)~~ No.)




Title of each class	Trading Symbol		Name of each exchange on which registered
Common Stock, par value $0.0001 per share		MNDT		The NASDAQ Global Select Market



Large accelerated filer	x ☒	Accelerated filer	¨☐
Non-accelerated filer	¨~~(Do not check if a smaller reporting company)~~ ☐	Smaller reporting company	¨☐
		Emerging growth company	¨☐


Period	Total number of shares purchased(1)	Average price paid per share		Total number of shares purchased as part of publicly announced plans or programs(1)	Maximum number (or approximate dollar value) of shares that may yet be purchased under the plans or programs(1)
October 1, 2021 – October 31, 2021	—	—		—
November 1, 2021 – November 30, 2021	4,291	$	17.81	4,291
December 1, 2021 – December 31, 2021	7,235	17.05		7,235	$	200,000
Total	11,526			11,526



	Year Ended December 31,
	2017			2016			2015			2014			2013
	(In thousands, except per share data)
Consolidated Statements of Operations Data:
Revenue:
Product	$	123,696		$	151,926		$	216,632		$	178,246		$	88,253
Subscription and services	627,390			562,188			406,335			247,416			73,299
Total revenue	751,086			714,114			622,967			425,662			161,552
Cost of revenue:⁽¹⁾
Product	56,807			65,158			74,481			58,980			28,912
Subscription and services	212,080			206,710			158,723			116,113			18,853
Total cost of revenue	268,887			271,868			233,204			175,093			47,765
Total gross profit	482,199			442,246			389,763			250,569			113,787
Operating expenses:⁽¹⁾
Research and development	243,273			279,594			279,467			203,187			66,036
Sales and marketing	371,935			439,499			476,166			401,151			167,466
General and administrative	125,597			139,839			141,790			121,099			52,503
Restructuring charges	—			27,630			—			4,327			—
Total operating expenses	740,805			886,562			897,423			729,764			286,005
Operating loss	(258,606		)	(444,316		)	(507,660		)	(479,195		)	(172,218		)
Interest income	9,323			6,582			2,935			713			68
Interest expense	(49,766		)	(47,869		)	(27,116		)	(26		)	(525		)
Other income (expense), net	(10		)	(3,247		)	(3,284		)	(1,936		)	(7,257		)
Loss before income taxes	(299,059		)	(488,850		)	(535,125		)	(480,444		)	(179,932		)
Provision for (benefit from) income taxes	4,632			(8,721		)	4,090			(36,654		)	(59,297		)
Net loss attributable to common stockholders	$	(303,691	)	$	(480,129	)	$	(539,215	)	$	(443,790	)	$	(120,635	)
Net loss per share attributable to common stockholders, basic and diluted	$	(1.71	)	$	(2.94	)	$	(3.50	)	$	(3.12	)	$	(2.66	)
Weighted-average shares used to compute net loss per share attributable to common stockholders	177,757			163,211			154,120			142,176			45,271



x☒			ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934



o☐			TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934



Year Ended December 31, 2017:	High		Low
First Quarter	$	13.74	$	10.35
Second Quarter	$	16.25	$	11.82
Third Quarter	$	17.51	$	13.74
Fourth Quarter	$	18.00	$	13.40

Year Ended December 31, 2016:	High		Low
First Quarter	$	22.48	$	11.35
Second Quarter	$	18.73	$	12.38
Third Quarter	$	18.42	$	13.38
Fourth Quarter	$	15.03	$	10.87


	Year Ended or as of December 31,
	2021			2020			2019
Platform, cloud subscription and managed services revenue	$	235,077		$	198,695		$	163,583
Professional services revenue	248,378			201,014			167,787
Total revenue	$	483,455		$	399,709		$	331,370
Year-over-year percentage increase	21		%	21		%	25		%
Gross margin percentage	47		%	44		%	40		%


Deferred revenue (current and non-current)	$	410,328		$	284,253		$	273,241
Annualized recurring revenue	$	278,819		$	226,451		$	196,014
Billings (non-GAAP)	$	609,530		$	408,057		$	369,879
Net cash used in operating activities - continuing operations	$	(62,389)		$	(100,409)		$	(120,786)
Net cash provided by operating activities - discontinued operations	$	124,345		$	195,304		$	188,323
Net cash provided by operating activities	$	61,956		$	94,895		$	67,537
Free cash flow (non-GAAP) (continuing operations)	$	(87,925)		$	(118,337)		$	(150,135)



	Year Ended December 31,				Change
	2017		2016		Amount		%
	(Dollars in thousands)
Interest income	$	9,323	$	6,582	$	2,741	42	%


	Three Months Ended																									Three Months Ended
	December 31, 2017			September 30, 2017			June 30, 2017			March 31, 2017			December 31, 2016			September 30, 2016			June 30, 2016			March 31, 2016				December 31, 2021		September 30, 2021		June 30, 2021		March 31, 2021		December 31, 2020		September 30, 2020		June 30, 2020		March 31, 2020
	(In thousands)																									(Dollars in thousands)
Revenue:																									Revenue:
Product	$	38,278		$	30,472		$	31,203		$	23,743		$	33,586		$	43,857		$	40,776		$	33,707
Subscription and services	163,995			159,131			154,269			149,995			151,110			142,554			134,265			134,259
Platform, cloud subscription and managed services																									Platform, cloud subscription and managed services	$	66,893	$	60,249	$	51,936	$	55,999	$	56,729	$	48,613	$	48,051	$	45,302
Professional services																									Professional services	65,994		61,721		61,974		58,689		53,544		51,439		49,179		46,852
Total revenue	202,273			189,603			185,472			173,738			184,696			186,411			175,041			167,966			Total revenue	132,887		121,970		113,910		114,688		110,273		100,052		97,230		92,154
Cost of revenue:																									Cost of revenue:
Product	15,465			13,815			14,676			12,851			15,391			16,675			15,959			17,133
Subscription and services	53,907			54,403			52,016			51,754			48,567			52,378			51,468			54,297
Platform, cloud subscription and managed services																									Platform, cloud subscription and managed services	28,334		28,725		28,243		26,613		28,084		27,431		26,497		25,860
Professional Services																									Professional Services	38,343		36,380		35,282		32,472		32,144		29,660		27,049		28,792
Total cost of revenue	69,372			68,218			66,692			64,605			63,958			69,053			67,427			71,430			Total cost of revenue	66,677		65,105		63,525		59,085		60,228		57,091		53,546		54,652
Total gross profit	132,901			121,385			118,780			109,133			120,738			117,358			107,614			96,536			Total gross profit	66,210		56,865		50,385		55,603		50,045		42,961		43,684		37,502
Operating expenses:																									Operating expenses:
Research and development	59,858			64,316			60,747			58,352			54,574			62,665			76,372			85,983			Research and development	39,244		44,814		40,930		41,905		32,986		31,316		28,665		29,078
Sales and marketing	98,524			88,901			89,630			94,880			84,310			110,756			121,405			123,028			Sales and marketing	72,513		65,899		63,018		61,213		57,312		55,459		52,840		58,746
General and administrative	40,306			29,843			27,833			27,615			30,914			32,860			33,809			42,256			General and administrative	34,003		32,760		29,020		25,351		27,005		24,485		26,349		28,508
Restructuring charges	—			—			—			—			—			22,423			3,537			1,670			Restructuring charges	32,649		—		1,927		—		1,487		822		12,558		6,217
Total operating expenses	198,688			183,060			178,210			180,847			169,798			228,704			235,123			252,937			Total operating expenses	178,409		143,473		134,895		128,469		118,790		112,082		120,412		122,549
Operating loss	(65,787		)	(61,675		)	(59,430		)	(71,714		)	(49,060		)	(111,346		)	(127,509		)	(156,401		)	Operating loss	(112,199)		(86,608)		(84,510)		(72,866)		(68,745)		(69,121)		(76,728)		(85,047)
Interest income	2,655			2,468			2,168			2,032			1,803			1,687			1,627			1,465			Interest income	1,184		1,226		1,365		1,644		1,875		2,163		2,863		4,424
Interest expense	(12,525		)	(12,611		)	(12,385		)	(12,245		)	(12,132		)	(12,019		)	(11,909		)	(11,809		)	Interest expense	(15,044)		(14,903)		(14,762)		(14,624)		(14,511)		(14,353)		(15,356)		(15,846)
Other income (expense), net	(122		)	—			(120		)	232			(2,404		)	(467		)	(1,191		)	815			Other income (expense), net	1,742		(464)		(471)		571		455		156		(119)		(988)
Loss before income taxes	(75,779		)	(71,818		)	(69,767		)	(81,695		)	(61,793		)	(122,145		)	(138,982		)	(165,930		)
Provision for (benefit from) income taxes	1,247			1,127			965			1,293			(257		)	1,228			338			(10,030		)
Net loss attributable to common stockholders	$	(77,026	)	$	(72,945	)	$	(70,732	)	$	(82,988	)	$	(61,536	)	$	(123,373	)	$	(139,320	)	$	(155,900	)
Net loss per share attributable to common stockholders, basic and diluted	$	(0.42	)	$	(0.41	)	$	(0.40	)	$	(0.48	)	$	(0.37	)	$	(0.75	)	$	(0.86	)	$	(0.98	)
Weighted average shares used to compute net loss per share attributable to common stockholders, basic and diluted	182,281			179,732			176,645			172,236			167,228			164,728			162,045			158,781
Loss before income taxes from continuing operations																									Loss before income taxes from continuing operations	(124,317)		(100,749)		(98,378)		(85,275)		(80,926)		(81,155)		(89,340)		(97,457)
Provision (benefit) for income taxes																									Provision (benefit) for income taxes	940		498		763		1,180		(1,004)		458		656		350
Loss from continuing operations																									Loss from continuing operations	(125,257)		(101,247)		(99,141)		(86,455)		(79,922)		(81,613)		(89,996)		(97,807)
Net income from discontinued operations, net of income taxes																									Net income from discontinued operations, net of income taxes	1,224,962		33,025		34,445		35,809		41,321		42,494		36,721		21,501
Net income (loss)																									Net income (loss)	1,099,705		(68,222)		(64,696)		(50,646)		(38,601)		(39,119)		(53,275)		(76,306)
Dividend on series A convertible preferred stock																									Dividend on series A convertible preferred stock	(4,666)		(4,613)		(4,563)		(4,512)		(1,050)		—		—		—
Accretion of series A convertible preferred stock																									Accretion of series A convertible preferred stock	—		—		—		(82)		(4,653)		—		—		—
Net income (loss) attributable to common stockholders																									Net income (loss) attributable to common stockholders	$	1,095,039	$	(72,835)	$	(69,259)	$	(55,240)	$	(44,304)	$	(39,119)	$	(53,275)	$	(76,306)
Net income (loss) attributable to common stockholders, basic and diluted:																									Net income (loss) attributable to common stockholders, basic and diluted:
Continuing operations																									Continuing operations	$	(0.55)	$	(0.45)	$	(0.44)	$	(0.39)	$	(0.37)	$	(0.36)	$	(0.41)	$	(0.45)
Discontinued operations																									Discontinued operations	5.18		0.14		0.15		0.15		0.18		0.19		0.17		0.10
Net income (loss) per share attributable to common stockholders, basic and diluted																									Net income (loss) per share attributable to common stockholders, basic and diluted	$	4.63	$	(0.31)	$	(0.29)	$	(0.24)	$	(0.19)	$	(0.17)	$	(0.24)	$	(0.35)
Weighted average shares used to compute Net income (loss) per share, basic and diluted																									Weighted average shares used to compute Net income (loss) per share, basic and diluted	236,255		237,168		237,279		234,740		229,203		224,807		221,352		217,789



	Payments Due by Period
	Total		Less Than 1 Year		1 - 3 Years		3 - 5 Years		More Than 5 Years
			(In thousands)
Convertible Senior Notes	$	965,138	$	12,075	$	481,850	$	471,213	$	—
Operating leases	92,885		17,217		24,823		19,269		31,576
Purchase obligations	12,530		3,640		8,890		—		—
Contract manufacturer commitments	11,636		11,636		—		—		—
Total	$	1,082,189	$	44,568	$	515,563	$	490,482	$	31,576



	Page
Report of Independent Registered Public Accounting Firm (PCAOB ID No. 34)		6874
Consolidated Balance Sheets as of December 31, ~~2017~~202 1 and ~~2016~~20 20		6976
Consolidated Statements of Operations for the years ended December 31, ~~2017, 2016~~202 1 , 2020 and ~~2015~~2019		7077
Consolidated Statements of Comprehensive Loss for the years ended December 31, ~~2017, 2016~~202 1 , 2020 and ~~2015~~2019		7178
Consolidated Statements of Convertible Preferred Stock and Stockholders' Equity for the years ended December 31, ~~2017, 2016~~202 1 , 2020 and ~~2015~~2019		7279
Consolidated Statements of Cash Flows for the years ended December 31, ~~2017, 2016~~202 1 , 2020 and ~~2015~~2019		7381
Notes to Consolidated Financial Statements		7483


	Convertible Preferred Stock			Common Stock			Additional Paid-In Capital		Treasury Stock		Accumulated Other Comprehensive Income (Loss)		Accumulated Deficit		Total Stockholders’ Equity
	Shares	Amount		Shares	Amount
Balance at December 31, 2018	—	—		199,612	20		3,152,159		(150,000)		(2,299)		(2,349,486)		650,394
Issuance of common stock for equity awards	—	—		9,624	1		4,186		—		—		—		4,187
Issuance of common stock related to employee stock purchase plan	—	—		1,781	—		22,086		—		—		—		22,086
Issuance of common stock and assumption of options related to Verodin, Inc. acquisition	—	—		8,405	1		121,157		—		—		—		121,158
Unrealized gain on investments	—	—		—	—		—		—		3,479		—		3,479
Stock-based compensation	—	—		—	—		157,771		—		—		—		157,771
Net loss	—	—		—	—		—		—		—		(257,409)		(257,409)
Balance at December 31, 2019	—	—		219,422	22		3,457,359		(150,000)		1,180		(2,606,895)		701,666
Issuance of common stock for equity awards	—	—		11,492	2		7,333		—		—		—		7,335
Shares withheld for taxes	—	—		(600)	—		(9,364)		—		—		—		(9,364)
Issuance of common stock related to employee stock purchase plan	—	—		1,999	—		22,188		—		—		—		22,188
Shares retired	—	—		(1,555)	—		(70,000)		70,000		—		—		—
Issuance of common stock and assumption of options related to Respond, Inc. acquisition	—	—		4,932	—		60,336		—		—		—		60,336
Partially vested options related to Respond, Inc. acquisition	—	—		—	—		1,162		—		—		—		1,162
Series A convertible preferred stock, net of issuance costs of $4,653	400	395,347		—	—		—		—		—		—		—
Accretion of Series A convertible preferred stock	—	4,653		—	—		(4,653)		—		—				(4,653)
Dividends on Series A convertible preferred stock	—	1,050		—	—		(1,050)		—		—		—		(1,050)
Unrealized gain on investments	—	—		—	—		—		—		2,654		—		2,654
Stock-based compensation	—	—		—	—		159,932		—		—		—		159,932
Net loss	—	—		—	—		—		—		—		(207,301)		(207,301)
Balance at December 31, 2020	400	401,050		235,690	24		3,623,243		(80,000)		3,834		(2,814,196)		732,905
Issuance of common stock for equity awards	—	—		11,468	1		6,604		—		—		—		6,605
Shares withheld for taxes	—	—		(536)	—		(11,232)		—		—		—		(11,232)
Shares repurchased	—	—		(16,829)	(2)		(299,999)		—		—		—		(300,001)
Issuance of common stock related to employee stock purchase plan	—	—		1,631	—		19,834		—		—		—		19,834
Issuance of common stock related to Respond, Inc. acquisition	—	—		(258)	—		—		—		—		—		—
Accretion of Series A convertible preferred stock	—	—		—	—		(82)		—		—		—		(82)
Dividends on Series A convertible preferred stock	—	18,354		—	—		(18,354)		—		—		—		(18,354)
Unrealized loss on investments	—	—		—	—				—		(6,006)		—		(6,006)
Stock-based compensation	—	—		—	—		191,430		—		—		—		191,430
Net income (loss)	—	—		—	—		—		—		—		916,141		916,141
Balance at December 31, 2021	400	$	419,404	231,166	$	23	$	3,511,444	$	(80,000)	$	(2,172)	$	(1,898,055)	$	1,531,240



Property and Equipment						Useful Life
Computer equipment and software						2 to 5 years
Leasehold improvements						Shorter of estimated useful life or remaining lease term
Furniture and fixtures						5 years
Machinery and equipment						2 to 5 years



~~Delaware~~


Purchase price, net of adjustments (1)	$	1,129,261
Carrying value of net liabilities disposed of	115,220
Pre-tax gain on divestiture before transaction costs	1,244,481
Transaction costs (2)	(29,766)
Pre-tax gain on divestiture of FireEye Products business	1,214,715
Income tax expense on gain on divestiture of FireEye Products business	(11,582)
Total gain on divestiture of FireEye Products business	$	1,203,133


Cash and cash equivalents	$	2,475
Accounts receivable, net of allowance for doubtful accounts of $924	81,648
Inventories	7,593
Prepaid expenses and other current assets	64,335
Property and equipment, net	30,602
Operating lease right-of-use assets, net	2,643
Goodwill	313,873
Intangible assets, net	4,292
Deposits and other long-term assets	53,246
Accounts payable	(14,381)
Accrued and other current liabilities	(3,783)
Deferred revenue, current	(636,118)
Operating lease liabilities	(2,647)
Accrued compensation	(18,998)
Total net liabilities sold	$	(115,220)



	Year ended December 31, 2017
Statement of Operations:	As Reported			Impact of Adoption		As Adjusted
Revenue	$	751,086		$	28,022	$	779,108
Cost of revenue	268,887			2,758		271,645
Operating expenses	740,805			7,298		748,103
Operating loss	(258,606		)	17,966		(240,640		)


	December 31, 2020
MAJOR CLASSES OF ASSETS
Current:
Cash and cash equivalents	$	3,220
Accounts receivable, net of allowance for doubtful accounts of $1,334	83,012
Inventories	4,023
Prepaid expenses and other current assets	63,699





Total current assets held for sale	153,954
Non-current:
Property and equipment, net	15,434
Goodwill	313,924
Intangible assets, net	5,512
Deposits and other long-term assets	56,580
Operating lease right-of-use assets, net	1,524

Total assets classified as held for sale	$	546,928

MAJOR CLASSES OF LIABILITIES
Current:
Accounts payable	$	1,080
Accrued and other current liabilities	3,510
Deferred revenue, current	387,353
Operating lease liabilities	1,468
Accrued compensation	23,880
Total current liabilities held for sale	417,291
Non-current:
Deferred revenue, non-current	284,851
Operating lease liabilities	400
Total liabilities classified as held for sale	$	702,542

Commitments and contingencies
Contract manufacturer commitments	$	5,996



	Year ended December 31, 2016
Statement of Operations:	As Reported			Impact of Adoption			As Adjusted
Revenue	$	714,114		$	(8,495	)	$	705,619
Cost of revenue	271,868			(785		)	271,083
Operating expenses	886,562			(2,028		)	884,534
Operating loss	(444,316		)	(5,682		)	(449,998		)



	December 31, 2017
Balance Sheet:	As Reported		Impact of Adoption		As Adjusted
Accounts receivable, net	$	140,049	$	5,109	$	145,158
Prepaid expenses & other current assets	34,541		59,746		94,287
Deposits and other long-term assets	11,537		61,230		72,767
Deferred revenue, current portion	443,064		104,040		547,104
Deferred revenue, non-current portion	227,680		135,805		363,485



	As of December 31, 2017								As of December 31, 2016
Description	Level 1		Level 2		Level 3		Total		Level 1		Level 2		Level 3		Total
Assets
Cash equivalents:
Money market funds	$	208	$	—	$	—	$	208	$	449	$	—	$	—	$	449
Treasury bills	$	3,098	$	—	$	—	$	3,098	$	—	$	—	$	—	$	—
Total cash equivalents	3,306		—		—		3,306		449		—		—		449
Short-term investments:
Certificates of deposit	—		—		—		—		—		9,569		—		9,569
Commercial paper	—		4,987		—		4,987		—		29,920		—		29,920
Corporate notes and bonds	—		438,024		—		438,024		—		420,684		—		420,684
U.S. Government agencies	—		272,900		—		272,900		—		251,885		—		251,885
Total short-term investments	—		715,911		—		715,911		—		712,058		—		712,058
Total assets measured at fair value	$	3,306	$	715,911	$	—	$	719,217	$	449	$	712,058	$	—	$	712,507
Liabilities
Contingent earn-out	$	—	$	—	$	—	$	—	$	—	$	—	$	41,332	$	41,332
Total liabilities measured at fair value	$	—	$	—	$	—	$	—	$	—	$	—	$	41,332	$	41,332



	Amount
Balance at acquisition (January 14, 2016)	$	35,588
Measurement period adjustments (1)	3,500
Changes in fair value (2)	2,356
Cash payments	(112		)
Balance as of December 31, 2016	41,332
Changes in fair value (2)	(54		)
Cash payments	(41,278		)
Balance as of December 31, 2017	$	—


	As of December 31, 2021								As of December 31, 2020
Description	Level 1		Level 2		Level 3		Total		Level 1		Level 2		Level 3		Total
Assets
Cash equivalents:
Money market funds	$	309,468	$	—	$	—	$	309,468	$	32,954	$	—	$	—	$	32,954
Commercial paper	—		179,964		—		179,964		—		—		—		—
Corporate notes and bonds	—		8,194		—		8,194		—		—		—		—
U.S. Treasuries	—		149,998		—		149,998		—		—		—		—
Total cash equivalents	$	309,468	$	338,156	$	—	$	647,624	$	32,954	$	—	$	—	$	32,954
Short-term investments:
Certificates of deposit	—		6,814		—		6,814		—		2,752		—		2,752
Commercial paper	—		9,994		—		9,994		—		19,994		—		19,994
Corporate notes and bonds	—		649,408		—		649,408		—		437,652		—		437,652
U.S. Treasuries	—		157,342		—		157,342		—		74,934		—		74,934
U.S. Government agencies	—		215,781		—		215,781		—		89,492		—		89,492
Total short-term investments	$	—	$	1,039,339	$	—	$	1,039,339	$	—	$	624,824	$	—	$	624,824
Total assets measured at fair value	$	309,468	$	1,377,495	$	—	$	1,686,963	$	32,954	$	624,824	$	—	$	657,778


															As of December 31, 2021
	As of December 31, 2017														Amortized Cost		Gross Unrealized Gains		Gross Unrealized Losses		Estimated Fair Value		Cash and Cash Equivalents		Short-Term Investments
	Amortized Cost		Gross Unrealized Gains		Gross Unrealized Losses			Estimated Fair Value		Cash and Cash Equivalents		Short-Term Investments
Certificates of deposit														Certificates of deposit	$	6,814	$	21	$	(21)	$	6,814	$	—	$	6,814
Commercial paper	$	4,990	$	—	$	(3	)	$	4,987	$	—	$	4,987	Commercial paper	189,958		6		(6)		189,958		179,964		9,994
Corporate notes and bonds	439,852		2		(1,830		)	438,024		—		438,024		Corporate notes and bonds	658,317		$	626	(1,341)		657,602		8,194		649,408
Treasury bills	3,098		—		—			3,098		3,098		—

U.S. Treasuries														U.S. Treasuries	307,634		—		(294)		307,340		149,998		157,342
U.S. Government agencies	273,950		—		(1,050		)	272,900		—		272,900		U.S. Government agencies	216,437		1		(657)		215,781		—		215,781
Total	$	721,890	$	2	$	(2,883	)	$	719,009	$	3,098	$	715,911	Total	$	1,379,160	$	654	$	(2,319)	$	1,377,495	$	338,156	$	1,039,339


	As of December 31, 2021
	Less Than 12 Months				Greater Than 12 Months				Total
	Fair Value		Unrealized Loss		Fair Value		Unrealized Loss		Fair Value		Unrealized Loss
Certificates of deposit	$	4,846	$	(21)	$	—	$	—	$	4,846	$	(21)
Commercial paper	99,975		(6)		—		—		99,975		(6)
Corporate notes and bonds	454,374		(1,334)		7,576		(7)		461,950		(1,341)
U.S. Treasuries	207,341		(294)		—		—		207,341		(294)
U.S. Government agencies	200,795		(642)		9,985		(15)		210,780		(657)
Total	$	967,331	$	(2,297)	$	17,561	$	(22)	$	984,892	$	(2,319)



	Amount
Net tangible liabilities assumed	$	(18,248	)
Intangible assets	85,100
Deferred tax liability	(11,637		)
Goodwill	206,623
Total purchase price allocation	$	261,838


	Amount
Net tangible assets assumed	$	15,036
Intangible assets	45,200
Deferred tax liability	(1,152)
Goodwill	205,798
Total purchase price allocation	$	264,882


					Useful Life (in years)	Amount
	Estimated Useful Life (in years)	Amount
Developed technology				Developed technology	5	$	38,300
Customer relationships	7	$	33,700	Customer relationships	5	4,600
Content	4	30,100
Developed technology	4-6	17,100
Trade name	5	3,100		Trade name	5	1,600
Non-competition agreements	2	1,100
Contract backlog				Contract backlog	2	700
Total identifiable intangible assets		$	85,100	Total identifiable intangible assets		$	45,200


	Amount
Net tangible liabilities assumed	$	(288)
Intangible assets	5,650
Goodwill	7,846
Total purchase price allocation	$	13,208



	Amount
Net tangible liabilities assumed	$	(306	)
Intangible assets	8,400
Deferred tax liability	(688		)
Goodwill	21,349
Total purchase price allocation	$	28,755


	Amount
Net tangible liabilities assumed	$	(4,551)
Intangible assets	31,880
Deferred tax liability	(900)
Goodwill	151,168
Total purchase price allocation	$	177,597


	Preliminary Estimated Useful Life (in years)	Amount
Developed technology	3	$	3,400
Total identifiable intangible assets		$	3,400


	Amount
Balance as of December 31, 2019	$	928,075
Goodwill acquired	122,887
Balance as of December 31, 2020	$	1,050,962
Goodwill acquired	9,061
Balance as of December 31, 2021	$	1,060,023



	Amount
Balance as of December 31, 2015	$	750,288
Goodwill acquired	227,972
Balance as of December 31, 2016	978,260
Goodwill acquired	6,401
Balance as of December 31, 2017	$	984,661