S-1/A 1 a2235562zs-1a.htm S-1/A

Use these links to rapidly review the document
TABLE OF CONTENTS
INDEX TO CONSOLIDATED FINANCIAL STATEMENTS

Table of Contents

As filed with the Securities and Exchange Commission on May 2, 2018.

Registration No. 333-224196

 

UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549

AMENDMENT NO. 2
TO

FORM S-1
REGISTRATION STATEMENT
UNDER
THE SECURITIES ACT OF 1933



Carbon Black, Inc.
(Exact name of registrant as specified in its charter)

Delaware
(State or other jurisdiction of
incorporation or organization)
  7372
(Primary Standard Industrial
Classification Code Number)
  55-0810166
(I.R.S. Employer
Identification Number)

1100 Winter Street
Waltham, Massachusetts 02451
(617) 393-7400
(Address, including zip code, and telephone number, including area code, of registrant's principal executive offices)

Patrick Morley
President and Chief Executive Officer
Carbon Black, Inc.
1100 Winter Street
Waltham, Massachusetts 02451
(617) 393-7400
(Name, address, including zip code, and telephone number, including area code, of agent for service)



Copies to:

Kenneth J. Gordon, Esq.
Jared J. Fine, Esq.
Goodwin Procter LLP
100 Northern Avenue
Boston, Massachusetts 02210
(617) 570-1000

 

Eric J. Pyenson, Esq.
Senior Vice President and General Counsel
Carbon Black, Inc.
1100 Winter Street
Waltham, Massachusetts 02451
(617) 393-7400

 

Rachel Sheridan, Esq.
John Chory, Esq.
Latham & Watkins LLP
1000 Winter Street, Suite 3700
Waltham, Massachusetts 02451
(781) 434-6700



Approximate date of commencement of proposed sale to public:
As soon as practicable after this Registration Statement is declared effective.

          If any of the securities being registered on this Form are to be offered on a delayed or continuous basis pursuant to Rule 415 under the Securities Act of 1933, check the following box.    o

          If this Form is filed to register additional securities for an offering pursuant to Rule 462(b) under the Securities Act, check the following box and list the Securities Act registration statement number of the earlier effective registration statement for the same offering.    o

          If this Form is a post-effective amendment filed pursuant to Rule 462(c) under the Securities Act, check the following box and list the Securities Act registration statement number of the earlier effective registration statement for the same offering.    o

          If this Form is a post-effective amendment filed pursuant to Rule 462(d) under the Securities Act, check the following box and list the Securities Act registration statement number of the earlier effective registration statement for the same offering.    o

          Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, a smaller reporting company or an emerging growth company. See the definitions of "large accelerated filer," "accelerated filer," "smaller reporting company" and "emerging growth company" in Rule 12b-2 of the Exchange Act.

Large accelerated filer o   Accelerated filer o   Non-accelerated filer ý
(Do not check if a
smaller reporting company)
  Smaller reporting company o

Emerging growth company ý

          If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ý



CALCULATION OF REGISTRATION FEE

               
 
Title of Each Class of Securities
to be Registered

  Amount to be
Registered(1)

  Proposed
Maximum
Offering Price
Per Share

  Proposed
Maximum
Aggregate
Offering Price(2)

  Amount of
Registration
Fee(3)

 

Common stock, $0.001 par value per share

  9,200,000   $19.00   $174,800,000   $21,763

 

(1)
Includes shares that the underwriters have the option to purchase to cover over-allotments, if any.

(2)
Estimated solely for the purpose of calculating the registration fee pursuant to Rule 457(a) under the Securities Act of 1933, as amended.

(3)
The Registrant previously paid $19,472.00 of the total registration fee in connection with previous filings of this Registration Statement.



          The Registrant hereby amends this Registration Statement on such date or dates as may be necessary to delay its effective date until the Registrant shall file a further amendment which specifically states that this Registration Statement shall thereafter become effective in accordance with Section 8(a) of the Securities Act of 1933 or until the Registration Statement shall become effective on such date as the Securities and Exchange Commission, acting pursuant to said Section 8(a), may determine.

   


Table of Contents

The information in this prospectus is not complete and may be changed. We may not sell these securities until the registration statement filed with the Securities and Exchange Commission is effective. This prospectus is not an offer to sell these securities and we are not soliciting offers to buy these securities in any state where the offer or sale is not permitted.

PROSPECTUS (Subject to Completion)

Issued May 2, 2018

8,000,000 Shares

LOGO

COMMON STOCK

                                      

Carbon Black, Inc. is offering 8,000,000 shares of its common stock. This is our initial public offering and no public market currently exists for our shares. We anticipate that the initial public offering price will be between $17.00 and $19.00 per share.

                                      

Our common stock has been approved for listing on The Nasdaq Global Select Market under the symbol "CBLK."

                                      

We are an "emerging growth company" as defined under the federal securities laws and, as such, have elected to comply with certain reduced public company reporting requirements for this prospectus and future filings. Investing in our common stock involves risks. See "Risk Factors" beginning on page 18.

                                      

PRICE $     A SHARE

                                      

 
  Price to
Public

  Underwriting
Discounts and
Commissions

  Proceeds to
Company(1)

Per share

  $            $            $         

Total

  $            $            $         

                   

(1)    We have agreed to reimburse the underwriters for certain FINRA-related expenses. See "Underwriters."

We have granted the underwriters the right to purchase up to an additional 1,200,000 shares of common stock to cover over-allotments at the initial public offering price less underwriting discounts and commissions.

The Securities and Exchange Commission and state securities regulators have not approved or disapproved these securities, or determined if this prospectus is truthful or complete. Any representation to the contrary is a criminal offense.

The underwriters expect to deliver the shares of common stock to purchasers on                           , 2018.

                                      

MORGAN STANLEY   J.P. MORGAN    

KEYBANC CAPITAL MARKETS

 

WILLIAM BLAIR

 

RAYMOND JAMES

 

COWEN

   

                           , 2018.


Table of Contents

GRAPHIC


Table of Contents

GRAPHIC


Table of Contents

GRAPHIC


Table of Contents


TABLE OF CONTENTS

 
  Page  

Prospectus Summary

    1  

Risk Factors

    18  

Special Note Regarding Forward-Looking Statements

    53  

Market and Industry Data

    55  

Use of Proceeds

    56  

Dividend Policy

    57  

Capitalization

    58  

Dilution

    61  

Selected Consolidated Financial Data

    64  

Management's Discussion and Analysis of Financial Condition and Results of Operations

    66  

Business

    103  

Management

    128  

Executive Compensation

    137  

Certain Relationships and Related Party Transactions

    150  

Principal Stockholders

    155  

Description of Capital Stock

    159  

Shares Eligible for Future Sale

    164  

Material U.S. Federal Income Tax Considerations for Non-U.S. Holders of Common Stock

    166  

Underwriters

    170  

Legal Matters

    175  

Experts

    175  

Additional Information

    175  

Index to Consolidated Financial Statements

    F-1  

        Neither we nor the underwriters have authorized anyone to provide any information or to make any representations other than those contained in this prospectus or in any free writing prospectuses we have prepared. Neither we nor the underwriters take responsibility for, and can provide no assurance as to the reliability of, any other information that others may give you. This prospectus is an offer to sell only the shares offered hereby, but only under circumstances and in jurisdictions where it is lawful to do so. The information contained in this prospectus is current only as of the date of this prospectus, regardless of the time of delivery of this prospectus or of any sale of our common stock.

        For investors outside of the United States: Neither we nor any of the underwriters have done anything that would permit this offering or possession or distribution of this prospectus in any jurisdiction where action for that purpose is required other than in the United States. Persons who come into possession of this prospectus and any applicable free writing prospectus in jurisdictions outside the United States are required to inform themselves about and to observe any restrictions as to this offering and the distribution of this prospectus and any such free writing prospectus applicable to that jurisdiction.

i


Table of Contents

 


PROSPECTUS SUMMARY

        This summary highlights selected information that is presented in greater detail elsewhere in this prospectus. This summary does not contain all of the information you should consider before investing in our common stock. You should read this entire prospectus carefully, including the sections titled "Risk Factors" and "Management's Discussion and Analysis of Financial Condition and Results of Operations" and our consolidated financial statements and related notes included elsewhere in this prospectus, before making an investment decision. Unless the context indicates otherwise, the terms "Carbon Black," "company," "we," "us," "our" and "our company" in this prospectus refer to Carbon Black, Inc. and its consolidated subsidiaries.

CARBON BLACK, INC.

        Carbon Black is a leading provider of next-generation endpoint security solutions. Our predictive security cloud platform continuously captures, records and analyzes rich, unfiltered endpoint data. We believe the depth, breadth and real-time nature of our endpoint data, combined with the strength of our analytics platform, provides customers with the most robust and data-intensive solution to address the complete endpoint security lifecycle. Our solutions enable customers to predict, prevent, detect, respond to and remediate cyber attacks before they cause a damaging incident or data breach.

        Organizations globally are re-platforming their IT by investing in cloud computing and workforce mobility, which has resulted in enterprise environments that are more open, interconnected, and vulnerable to cyber attacks. In the past, knowledge workers only had access to applications and data inside the corporate network perimeter, which were firewalled off from potential cyber threats. Today, an increasingly mobile workforce and the explosion of enterprise data and applications in the cloud have expanded the attack surface beyond the traditional network perimeter. In response, cyber attackers have adapted their attack methods and tools to directly target the endpoint. In short, the endpoint is the new perimeter.

GRAPHIC

        Endpoints are the primary focus of attacks because they store valuable data that attackers seek to steal; perform critical operations that attackers seek to disrupt; and are the interface where attackers can target humans through email, social engineering and other tactics. Endpoints are the physical and virtual locations where sensitive data resides and include desktops, laptops, servers, virtual machines, cloud workloads (services running on cloud servers), fixed-function devices such as ATMs, point of sale systems, and control and data systems for power plants and other industrial assets.

1


Table of Contents

        Based on our experience and investment in next-generation solutions designed to address the full endpoint security lifecycle—predict, prevent, detect, respond to and remediate—we have developed a highly differentiated technology approach with four main pillars:

    1.
    Unfiltered data collection: Our technology uniquely collects complete, "unfiltered" endpoint data by continuously recording endpoint activity and centrally storing the collected data for advanced analytics. Other vendors take a "filtered" approach by capturing a subset of data at select points in time. Unfiltered data is more comprehensive, provides greater visibility and we believe offers more effective security capabilities.

GRAPHIC

    2.
    Proprietary data shaping technology: Our unfiltered data approach, which we believe is fundamental to deliver the most effective endpoint security, required us to overcome several difficult technical challenges, which we refer to as the "edge to cloud data pipeline problem." These challenges centered on how to reliably collect and cost effectively analyze and store massive amounts of data from edge devices (i.e., endpoints) in the cloud. To address those challenges, we have developed proprietary data shaping technology that smooths bursts of endpoint data activity; optimizes bandwidth demands to move massive amounts of endpoint data; compresses data at a high ratio to reduce the cost of storing massive amounts of data; and leverages a graph-like custom model for endpoint data that allows analysis of the data in multiple ways for multiple use cases. We believe our proprietary data shaping technology creates a strong and lasting competitive advantage not just in endpoint security, but also as we seek to disrupt and consolidate adjacent security markets that leverage endpoint data.

    3.
    Streaming analytics: We analyze endpoint data at massive scale leveraging event stream processing technology, which evaluates and classifies a continuously updated stream of events based on their risk level. We also employ machine learning and other advanced analytic techniques.

2


Table of Contents

GRAPHIC

    4.
    Extensible and open architecture: Our open architecture was designed to integrate with leading security technologies and IT products used by our customers. Moreover, endpoint data is the fuel that powers multiple security products across an organization's security stack. Our open architecture, when combined with the value of our data, positions our platform to serve as the hub of security activity in a customer's IT organization and enables deep customer relationships.

        We have a strong heritage of innovative technology leadership in multiple endpoint security categories: application control, endpoint detection and response, or EDR, and next-generation antivirus, or NGAV. Our flagship solutions are technology leaders in each of these categories, and we are integrating each with our predictive cloud platform. Unlike legacy security products that install an agent and collect data specific to its domain or use case, our platform provides a single agent that continuously collects unfiltered endpoint data to address the entire endpoint security lifecycle, which today is addressed by multiple point products. We believe that we are well positioned to continue serving the $6.5 billion endpoint security market.

        We focus on solutions that enable organizations to address the entire security lifecycle of an endpoint and integrate endpoint security within their cyber security architecture. We are transforming cyber security with our predictive security cloud, which positions us to address adjacent security use cases requiring endpoint data, such as IT asset management, public cloud security software and security and vulnerability management, which, according to IDC, represented markets of $1.9 billion, $5.3 billion and $5.4 billion, respectively, in 2016. This presents us with the opportunity to extend into adjacent security markets, and potentially expand our market opportunity, from $6.5 billion to $19.1 billion. While we have not yet penetrated these adjacent security markets, and there are multiple challenges associated with doing so, we believe that we can leverage the unfiltered endpoint data, proprietary data shaping technology, streaming analytics capabilities and extensible open architecture of our predictive security cloud to address adjacent security use cases and the market opportunities that they present through the development of additional product functionality.

        Our customers include many of the world's largest, security-focused enterprises and government agencies that are among the most heavily targeted by cyber adversaries, as well as mid-sized organizations. We serve over 3,700 customers globally across multiple industries, including 33 of the Fortune 100. Our solutions address the needs of a diverse range of customers. Over 70 security technology companies, including industry leaders such as VMware, Inc., or VMware, Splunk Inc., and the International Business Machines Corporation, or IBM, have integrated their products with Carbon Black to access our unfiltered endpoint data.

        We primarily sell our products through a channel go-to-market model, which significantly extends our global market reach and ability to rapidly scale our sales efforts. Our inside sales and field sales representatives work alongside an extensive network of value-added resellers, or VARs, distributors, managed security service providers, or MSSPs, and incident response, or IR, firms. Our MSSP and IR firm channel partners both use and recommend our products to their clients. We have established significant

3


Table of Contents

relationships with leading channel partners, including the CDW Corporation, one of the world's largest software VARs; Arrow Electronics, Inc., a major global distributor; SecureWorks, Inc., a leading MSSP; and Kroll Inc., or Kroll, a leading IR firm. In addition, we have technology and go-to-market partnerships with both IBM and VMware, enabling us to leverage their sales organizations to reach their large customer bases. In the three months ended December 31, 2017, 94% of our new and add-on business was closed in collaboration with a channel partner.

        We have experienced strong revenue growth, with revenue increasing from $70.6 million in 2015 to $116.2 million in 2016 and $162.0 million in 2017, representing a 51% compound annual growth rate over the same period. We have a subscription-based revenue model that provides visibility into future revenue. Recurring revenue represented 77%, 83% and 88% of our total revenue in 2015, 2016 and 2017, respectively. Annual recurring revenue, or ARR, was $76.8 million, $124.2 million and $174.2 million as of December 31, 2015, 2016 and 2017, respectively. We define ARR as the annualized value of all active subscription contracts as of the end of the period. ARR excludes revenue from perpetual licenses and services. The portion of ARR related to our cloud-based subscription contracts was $2.5 million, $15.1 million and $46.0 million as of December 31, 2015, 2016 and 2017, respectively. The percentage of our total recurring revenue generated by sales of our cloud-based solutions was negligible in 2015, 7% in 2016 and 18% in 2017. We incurred net losses of $38.7 million in 2015, $44.6 million in 2016 and $55.8 million in 2017 as we continued to invest for growth to address the large market opportunity for our platform.


Industry Background

        Cyber security is critical to organizations as they face an increasingly hostile threat environment with a growing number of cyber adversaries launching stealthy, sophisticated and targeted attacks. The following major trends are driving strong and growing demand for our products:

Endpoints are the new front line in the cyber war, and organizations are shifting their defenses as a result

        The attack surface is expanding.    Workforce mobility is increasing the number of connected devices that operate outside the traditional network perimeter, which is expanding the potential "attack surface." Moreover, enterprises are increasing their use of public clouds for a broad range of services, such as virtual machines, cloud workloads and cloud-based applications. As a result, enterprises' critical data and operations have increasingly shifted outside of their traditional network defenses, and the importance of protecting their endpoint devices has become paramount.

        Endpoints are the primary target of cyber attacks.    Endpoints are the primary targets of attacks because these devices store valuable data and intellectual property and are the interface where attackers can target humans through email, social engineering techniques, keylogging and other tactics.

        Endpoint data is critical to an effective cyber security program.    Effective security critically depends on having complete visibility into what is happening on each endpoint. Multiple categories of security products, from vulnerability assessment to patch management, require endpoint data for their core functionality.

        Organizations are shifting their defenses to focus on next-generation endpoint security solutions.    Because network-centric security is no longer adequate, organizations must focus on securing the endpoint. The majority of endpoint security technology in use today relies on multiple agents and uses the same ineffective, traditional signature-based antivirus software originally designed more than 20 years ago. As a result, organizations are increasingly shifting their security budgets toward next-generation endpoint security solutions.

4


Table of Contents

        With the continued success of cyber attacks, organizations are shifting from a passive prevention-only response to a holistic approach.    Historically, organizations have relied on passive prevention-only technologies that sought to block attackers from penetrating the network perimeter and protect corporate endpoints and data. This limited, passive prevention-only approach has proven inadequate and the number of successful cyber attacks has continued to grow. Organizations are shifting to a holistic and active security approach that requires next-generation technologies to predict, prevent, detect, respond to and remediate today's advanced cyber attacks.

The cyber threat is large, sophisticated and growing and requires new and more advanced approaches to combat it

        Cyber security is a board-level issue and a focal point for governments worldwide.    The ongoing occurrence and devastating consequences of high profile cyber attacks have elevated cyber security to a top priority for executives. Additionally, due to the financial, operational and reputational risks of breaches and non-compliance with regulatory requirements, C-level security officers are now commonplace and cyber security strategy is a critical focus area for boards of directors.

        The rise of ransomware has made every organization a potential target.    In the past, cyber attackers tended to target entities that held commercially valuable data that could be stolen and used for financial gain. However, with the emergence and proliferation of ransomware in recent years, cyber attackers now target organizations regardless of type or size to extort money by holding computers and data hostage.

        Today's attacks are stealthy, sophisticated and targeted.    Today's organizations face a complex threat landscape with a broad range of well-funded cyber attackers who use techniques designed to circumvent traditional security approaches. Less skilled attackers can purchase these attacks through cybercrime marketplaces on the "Dark Web," leading to a widespread proliferation of successful, advanced attacks. Once an organization has been breached, attackers can move unseen for months or even years, exfiltrating a larger amount of data and intellectual property. The longer these invisible breaches remain undetected, the greater the costs and reputational damage they can cause.

        The shortage of security talent creates a need for next-generation solutions.    The continuous growth in the number and sophistication of cyber attacks and the expansion of the attack surface are driving the need for more security professionals with deeper expertise. As the number of threats multiplies, legacy solutions either miss threats or produce more alerts than security teams are able to process and investigate. The number of security professionals has not kept pace with total demand. Organizations are increasingly turning to next-generation solutions, advanced analytics and automation tools to empower their security professionals to increase their efficiency and focus on the highest value cyber security tasks, thereby reducing the need for additional security headcount.


Our Market Opportunity

        We believe that our cloud platform addresses a significant capability gap in the enterprise endpoint security market and that our solutions will address an increasing subset of additional use cases in public cloud security software, security and vulnerability management and IT asset management. According to International Data Corporation, or IDC, the market for enterprise endpoint security software, our primary market, was $6.5 billion in 2016 and is expected to reach $8.3 billion by 2021. According to IDC, the market for security and vulnerability management was $5.4 billion in 2016 and is expected to reach $9.0 billion in 2021. According to IDC, the market for public cloud security software was $5.3 billion in 2016 and is expected to reach almost $10.0 billion in 2021. According to IDC, the market for IT asset management was $1.9 billion in 2016 and is expected to reach $2.8 billion in 2021.

5


Table of Contents


Our Solutions

        Powered by the Cb Predictive Security Cloud, our solutions provide best-in-class security by collecting and analyzing unfiltered data from the endpoint, addressing the entire security lifecycle and enabling our customers to continuously improve their security posture.

        Our customers use our products to:

    Augment or replace legacy antivirus software;

    Prevent malware and fileless attacks that do not use malware;

    Protect against ransomware;

    Hunt down threats;

    Respond to and remediate security incidents;

    Lock down critical systems and applications;

    Protect fixed-function devices;

    Secure workloads and applications in virtualized and cloud environments;

    Comply with regulatory mandates; and

    Enhance other security products through our unfiltered endpoint data.

Benefits of Our Platform and Solutions

Decreased risk of breach by protecting against known and unknown endpoint attacks

        We believe our solutions extend beyond legacy antivirus solutions to detect and stop the widest possible array of cyber attacks, including file-based attacks such as malware and ransomware, as well as next-generation attacks, such as memory-based, PowerShell and script-based attacks. Our solutions apply a full spectrum of technologies to analyze attack patterns in the cloud using richer and more complete endpoint data than any other vendor. According to a MRG Effitas Ltd. efficacy assessment commissioned by us, Cb Defense has a 100% prevention rate against known and unknown ransomware samples. We believe the increased security efficacy from the use of our solutions results in a decreased risk of breach for our customers.

Ability to identify root cause of attacks and quickly respond to security incidents

        Our next-generation detection and response capabilities enable organizations and incident responders to rapidly identify the root cause of an attack and the scope of compromise on the network. By capturing unfiltered data, the Cb Predictive Security Cloud provides full visibility into potential threats, both proactively as well as retroactively after a threat is blocked or identified, providing complete details of what happened and what was impacted.

Automated remediation and threat containment

        Using the unfiltered data that is continuously collected from each endpoint where our solutions are deployed, our users can launch automated remediation and threat containment actions. These automated capabilities enable organizations to respond to attacks as they happen and minimize the impact and cost of an attack.

6


Table of Contents

Continuous enhancement by leveraging intelligence from across the security community

        Our solutions allow organizations to continuously improve their security posture, benefiting from ongoing refinement of endpoint hardening and the latest threat intelligence. Through the Cb Predictive Security Cloud, our customers anonymously share data with each other. We believe the ability to share intelligence across our users increases the security expertise of each customer in our community and reduces their need to hire additional security experts.

Seamless integration with other best-of-breed security solutions

        Our next-generation endpoint security solutions are designed to integrate seamlessly with other security technologies deployed in an organization's IT environment. Our open architecture enables customers to build their own integrations with other systems across their IT environment. Our emphasis on open architecture and integration with partners at all layers of the security stack enhances an enterprise's security posture, reduces incident response times and increases overall operational efficiency. Ultimately, this ability enables customers to evolve with the dynamic threat landscape and achieve greater utility across their cyber security architecture.

Security efficacy without blocking legitimate activity

        Customers require security products that are highly effective in detecting and preventing attacks, while also minimizing the number of "false positive" alerts that interrupt legitimate end-user activity. In order to achieve these dual requirements, we apply an approach that combines endpoint-based prevention models that are optimized for low false positives, with cloud-based detection algorithms that are optimized for low false negatives.

Increased security operations efficiency and less reliance on scarce security talent

        Carbon Black solutions enable our customers to significantly improve the efficiency of their security operations and reduce their reliance on additional security professionals through our automated security solutions, streamlined workflow management and access to the collective expertise available in the Cb Predictive Security Cloud.

Greater ability to meet compliance requirements

        Our solutions enable organizations to comply with numerous regulatory requirements for data collection, analysis, reporting, archival and retrieval, while also optimizing the overall enterprise cyber security posture.

Ability to deploy endpoint security at any scale and grow and evolve their defenses

        Carbon Black products are used by customers of all sizes, from small and medium sized businesses to large global enterprises. We have designed the Cb Predictive Security Cloud to enable customers to easily grow and evolve their defenses. Customers can start by deploying whichever solutions best match their immediate needs and then extend and enhance their deployment over time.


Our Competitive Strengths

        We believe a number of competitive advantages enable us to maintain and extend our leadership position, including:

    Differentiated technology and intellectual property.  Our predictive security approach continuously captures unfiltered endpoint activity for real-time and retrospective analysis using our analytics technology that incorporates event stream processing, dynamic and static behavioral analysis, machine learning and reputation analysis and scoring. We believe our unfiltered approach is highly

7


Table of Contents

      scalable and uniquely positions us to address the needs of adjacent security markets by delivering additional products that leverage this data.

    Extensible next-generation security cloud platform.  The extensible architecture of our platform positions us to enhance and expand our offerings to address evolving customer needs as the landscape of cyber threats changes over time.

    Pioneers in application control.  We pioneered the zero trust model at the endpoint with Cb Protection, our application control solution, which allows software to execute only if it is known and explicitly trusted. Building on this foundation, we have enhanced our application control offering by expanding our range of threat prevention options to create the most effective and complete endpoint prevention solution available in the market.

    Powerful ecosystem based on unfiltered endpoint data and open platform.  In the security ecosystem, endpoints yield the most valuable security data. We believe the endpoint data that we capture is considered the "gold standard" for the industry and is preferred by leading security vendors. This strategically positions our platform as the system of record for the security industry and we are therefore an enabler for any other offering in the security market.

    High-leverage channel model.  We believe our partnerships with leading MSSPs and security-focused VARs are a unique competitive differentiator, as enterprises increasingly engage external experts as trusted advisors to help select security solutions, integrate architectures and manage their ongoing defense posture.

    Partnerships with leading incident response firms.  We have established contractual relationships with more than 100 IR firms, including many industry leaders such as Kroll and Ernst & Young. We believe our IR partnerships are a significant competitive strength that extends our ability to build sales pipeline and acquire new customers.

    Strategic partnerships with IBM and VMware.  We have established significant and promising partnerships with both IBM and VMware, two of the largest and most influential technology companies in the world. We believe these relationships are a competitive strength that will enable us to reach the large global customer bases of these technology leaders.

    Deep security DNA.  Our management and technical leadership teams are comprised of cyber security leaders who have deep expertise from leading corporations and government organizations, such as the National Security Agency, the Department of Defense and the Central Intelligence Agency.


Our Growth Strategy

        The key elements of our growth strategy include:

    Drive new customer growth.

    Expand the use of our solutions by our existing customer base.

    Strengthen relationships with channel distributors and strategic partners.

    Grow our international business.

    Continue to innovate and add new offerings to our platform.

    Increase sales to the U.S. federal government.

    Selectively pursue acquisitions of complementary businesses, technologies and assets.

8


Table of Contents

Selected Risks Associated with our Business

        Our business is subject to a number of risks and uncertainties, including those highlighted in the section titled "Risk Factors" immediately following this prospectus summary. Some of these risks include:

    We are a rapidly growing company, which makes it difficult to evaluate our future prospects.

    We have not been profitable historically and may not achieve or maintain profitability in the future.

    Our quarterly financial results may fluctuate for a variety of reasons.

    We face intense competition in our market.

    The next-generation endpoint security market is new and evolving, and may not grow as expected.

    If our products fail or are perceived to fail to detect cyber attacks, our business could suffer.

    We rely on channel partners to generate a significant portion of our revenue.

    If we are unable to retain our customers and to sell additional products to our customers, our future revenue and operating results will be harmed.

    As a cyber security provider, we have been, and expect to continue to be, a target of cyber attacks.

    Our directors, executive officers and principal stockholders will, in the aggregate, own approximately 41.8% of the outstanding shares of our common stock after this offering, which could limit your ability to influence the outcome of key transactions, including a change of control.

Recent Operating Results (Preliminary and Unaudited)

        Set forth below are selected preliminary consolidated financial results for the three months ended March 31, 2017 and 2018. Our consolidated financial results for the three months ended March 31, 2018 are not yet available. The following information reflects our preliminary estimates with respect to such results based on currently available information and is subject to change. We have provided ranges, rather than specific amounts, for the preliminary results described below primarily because our financial closing procedures for the three months ended March 31, 2018 are not yet completed and, as a result, our final results upon completion of our closing procedures may differ materially from the preliminary estimates.

        Our selected preliminary consolidated financial results presented below for the three months ended March 31, 2017 and 2018 reflect our adoption of Accounting Standard Codification Topic 606, Revenue from Contracts with Customers, or ASC 606, as of January 1, 2018, applied on a full retrospective basis. The anticipated impact of the adoption of ASC 606 on our accounting policies with respect to revenue recognition and capitalization and amortization of costs associated with obtaining a customer contract,

9


Table of Contents

such as sales commissions, is described in Note 2 to our consolidated financial statements appearing at the end of this prospectus.

 
   
  Three Months Ended
March 31, 2018
 
 
  Three Months
Ended
March 31, 2017
 
 
  Low End
of Range
  High End
of Range
 
 
  As Adjusted(1)  
 
  (unaudited, in thousands)
 

Revenue:

                   

Subscription, license and support

  $ 33,005   $ 44,500   $ 44,800  

Services

    2,940     3,000     3,200  

Total revenue

  $ 35,945   $ 47,500   $ 48,000  

Loss from operations

 
$

(12,491

)

$

(18,869

)

$

(18,369

)

Stock-based compensation

    2,207     2,578     2,578  

Amortization of acquired intangible assets

    391     391     391  

Legal settlement

        3,900     3,900  

Non-GAAP operating loss(2)

  $ (9,893 ) $ (12,000 ) $ (11,500 )

Net loss

 
$

(12,439

)

$

(21,600

)

$

(21,100

)

(1)
The impact of our adoption of ASC 606 on the preliminary consolidated financial data for the three months ended March 31, 2017 was as follows:

 
  As Previously
Reported
  Adjustments
for ASC 606
Adoption
  As
Adjusted
 
 
  (unaudited, in thousands)
 

Revenue:

                   

Subscription, license and support

  $ 33,739   $ (734 ) $ 33,005  

Services

    3,023     (83 )   2,940  

Total revenue

  $ 36,762   $ (817 ) $ 35,945  

Loss from operations

 
$

(12,612

)

$

121
 
$

(12,491

)

Stock-based compensation

    2,207         2,207  

Amortization of acquired intangible assets

    391         391  

Non-GAAP operating loss

  $ (10,014 ) $ 121   $ (9,893 )

Net loss

 
$

(12,560

)

$

121
 
$

(12,439

)

    The adoption of ASC 606 on a full retrospective basis had the effect of decreasing revenue, decreasing sales commission expense, and decreasing loss from operations, non-GAAP operating loss and net loss from the amounts we previously reported for the three months ended March 31, 2017. Our adoption of ASC 606 had no effect on cash and cash equivalents used in operating, investing or financing activities previously reported in our consolidated statement of cash flows for the three months ended March 31, 2017. The impact of our adoption of ASC 606 on previously reported revenue for other periods prior to adoption of the standard on January 1, 2018 will vary based on the timing of recognition of customer arrangements, and the impact of adoption for the three months ended March 31, 2017 is not necessarily indicative of the impact of adoption that should be expected in any other period.

10


Table of Contents

(2)
Non-GAAP operating loss is a financial measure not calculated in accordance with U.S. generally accepted accounting principles, or GAAP. For a definition of non-GAAP operating loss, as well as the reasons for which we believe that non-GAAP operating loss is a useful metric for investors and other users of our financial information in evaluating our operating performance, see "Management's Discussion and Analysis of Financial Condition and Results of Operations—Key Metrics—Non-GAAP operating loss." We recommend that you review the reconciliation of non-GAAP operating loss to loss from operations, the most directly comparable GAAP financial measure, provided in the table above, and that you not rely on non-GAAP operating loss or any single financial measure to evaluate our business.

        In our selected preliminary consolidated financial data above, the increase in revenue from the three months ended March 31, 2017 to the three months ended March 31, 2018 is due primarily to an increase in the number of total customers as well as increased revenue from existing customers as they expanded their use of our solutions. The increases in loss from operations, non-GAAP operating loss and net loss from the three months ended March 31, 2017 to the three months ended March 31, 2018 are due primarily to the addition of personnel in connection with the expansion of our business and other related expenses to support our growth, partially offset by higher revenue. In addition, during the three months ended March 31, 2018, we accrued an expense of $3.9 million in connection with settlement of a lawsuit, as described in Note 21 to our consolidated financial statements appearing at the end of this prospectus. The increase in net loss from the three months ended March 31, 2017 to the three months ended March 31, 2018 is also due to an increase of $2.8 million in the expense associated with the change in the fair value of our warrant liabilities as a result of the quarter-over-quarter increases in the fair values of our common stock and preferred stock.

        The selected preliminary consolidated financial data presented above for the three months ended March 31, 2017 and 2018 is preliminary, is not a comprehensive statement of our financial results and is subject to completion of our financial closing procedures. While we have not identified any unusual or unique events or trends that occurred during the period that might materially affect these preliminary estimates, our actual results for the three months ended March 31, 2017 and 2018 will not be available until after this offering is completed. Accordingly, these results may change, and those changes may be material. Further, our preliminary estimated results are not necessarily indicative of the results to be expected for the remainder of 2018 or any future period as a result of various factors, including, but not limited to, those discussed in the sections titled "Risk Factors" and "Special Note Regarding Forward-Looking Statements." Accordingly, you should not place undue reliance upon these preliminary estimates.

        This selected preliminary consolidated financial data has been prepared by, and is the responsibility of, our management. PricewaterhouseCoopers LLP has not audited, reviewed, compiled or applied agreed-upon procedures with respect to this preliminary consolidated financial data. Accordingly, PricewaterhouseCoopers LLP does not express an opinion or any other form of assurance with respect thereto.

Corporate Information

        We were incorporated in the State of Delaware in December 2002 as Bit 9, Inc. In April 2005, we changed our name to Bit9, Inc. In February 2014, Bit9, Inc. acquired Carbon Black, Inc., which we refer to as the acquired company, and in January 2016, we changed our name to Carbon Black, Inc. Our principal executive offices are located at 1100 Winter Street Waltham, Massachusetts 02451, and our telephone number is (617) 393-7400. Our website address is www.carbonblack.com. The information contained on, or that can be accessed through, our website is not a part of this prospectus. Investors should not rely on any such information in deciding whether to purchase our common stock.

        This prospectus contains references to our trademarks, including "Carbon Black," "Bit9" and our logo, and to trademarks belonging to other entities. Solely for convenience, trademarks and trade names

11


Table of Contents

referred to in this prospectus, including logos, artwork and other visual displays, may appear without the ® or ™ symbols, but such references are not intended to indicate, in any way, that we will not assert, to the fullest extent under applicable law, our rights or the rights of the applicable licensor to these trademarks and trade names. We do not intend our use or display of other companies' trade names or trademarks to imply a relationship with, or endorsement or sponsorship of us by, any other companies.

Implications of Being an Emerging Growth Company

        As a company with less than $1.07 billion in revenue during our most recently completed fiscal year, we qualify as an "emerging growth company" as defined in Section 2(a) of the Securities Act of 1933, as amended, or the Securities Act, as modified by the Jumpstart Our Business Startups Act of 2012, or the JOBS Act. As an emerging growth company, we may take advantage of specified reduced disclosure and other requirements that are otherwise applicable, in general, to public companies that are not emerging growth companies. These provisions include:

    reduced disclosure of audited and selected financial information;

    an exemption from compliance with the auditor attestation requirements of Section 404 of the Sarbanes-Oxley Act of 2002, as amended, or the Sarbanes-Oxley Act, in the assessment of our internal control over financial reporting;

    reduced disclosure about our executive compensation arrangements;

    exemptions from the requirements to obtain a non-binding advisory vote on executive compensation or a stockholder approval of any golden parachute arrangements; and

    an exemption from compliance with the requirement of the Public Company Accounting Oversight Board regarding the communication of critical audit matters in the auditor's report on the financial statements.

        We may take advantage of these exemptions for up to five years or such earlier time that we are no longer an emerging growth company. We would cease to be an emerging growth company upon the earliest to occur of: the last day of the fiscal year in which we have more than $1.07 billion in annual revenue; the date we qualify as a "large accelerated filer," with at least $700 million in market value of our common stock held by non-affiliates; the issuance, in any three-year period, by us of more than $1.0 billion in non-convertible debt securities; and the last day of the fiscal year ending after the fifth anniversary of this offering.

        We are choosing to "opt out" of the provision of the JOBS Act that permits emerging growth companies to take advantage of an extended transition period to comply with new or revised accounting standards applicable to public companies and, as a result, we will comply with new or revised accounting standards as required when they are adopted. This decision to opt out of the extended transition period is irrevocable.

        We have elected to adopt certain of the reduced disclosure requirements available to emerging growth companies. As a result of these elections, the information that we provide in this prospectus may be different than the information you may receive from other public companies in which you hold equity interests. In addition, it is possible that some investors will find our common stock less attractive as a result of these elections, which may result in a less active trading market for our common stock and higher volatility in our stock price.

12


Table of Contents



THE OFFERING

Common stock offered by us

  8,000,000 shares

Common stock to be outstanding after this offering

 

65,825,141 shares

Over-allotment option to purchase additional shares from us

 

We have granted the underwriters an over-allotment option, exercisable for 30 days after the date of this prospectus, to purchase up to an additional 1,200,000 shares from us.

Use of proceeds

 

We estimate that the net proceeds from the sale of shares of our common stock in this offering will be approximately $129.0 million (or approximately $149.1 million if the underwriters' over-allotment option to purchase additional shares in this offering is exercised in full), based upon an assumed initial public offering price of $18.00 per share, which is the midpoint of the price range set forth on the cover page of this prospectus, and after deducting estimated underwriting discounts and commissions and estimated offering expenses payable by us. We currently intend to use a majority of the net proceeds of this offering to invest further in our sales and marketing activities to grow our customer base, to fund our research and development efforts to enhance our technology platform and product functionality, to pay general and administrative expenses and to fund our other growth strategies described elsewhere in this prospectus. We may also use a portion of the net proceeds for the acquisition of complementary businesses, technologies or other assets, although we currently have no agreements, commitments or understandings with respect to any such transaction. See "Use of Proceeds" for additional information.

Risk factors

 

See "Risk Factors" for a discussion of factors you should carefully consider before deciding to invest in our common stock.

Nasdaq Global Select Market symbol

 

"CBLK"

        The number of shares of common stock to be outstanding after this offering is based on 57,825,141 shares of common stock outstanding as of March 31, 2018 and excludes:

    1,805,009 shares of common stock issuable upon the exercise of stock options outstanding under our Amended and Restated 2010 Series A Option Plan as of March 31, 2018, at a weighted-average exercise price of $2.85 per share;

    89,716 shares of common stock issuable upon the exercise of stock options outstanding under our Amended and Restated Equity Incentive Plan as of March 31, 2018, at a weighted-average exercise price of $1.18 per share;

    14,869,768 shares of common stock issuable upon the exercise of stock options outstanding under our 2012 Stock Option and Grant Plan as of March 31, 2018, at a weighted-average exercise price of $5.29 per share;

13


Table of Contents

    837,835 shares of common stock issuable upon the exercise of stock options outstanding under our Carbon Black, Inc. Amended and Restated 2012 Equity Incentive Plan as of March 31, 2018, at a weighted-average exercise price of $0.86 per share;

    409,305 shares of common stock issuable upon the exercise of stock options outstanding under our Confer Technologies, Inc. 2013 Stock Plan as of March 31, 2018, at a weighted-average exercise price of $2.66 per share;

    273,750 shares of common stock issuable upon the exercise of warrants outstanding as of March 31, 2018, at a weighted-average exercise price of $4.83 per share;

    885,823 shares of common stock issuable upon the exercise of stock options approved subsequent to March 31, 2018 by our board of directors for grant effective upon the pricing of this offering at an exercise price equal to the price to the public listed on the cover page of this prospectus;

    394,500 shares of common stock issuable from time to time after this offering upon the settlement of restricted stock units, or RSUs, outstanding as of March 31, 2018; and

    6,270,650 shares of common stock reserved for future issuance under our 2018 Stock Option and Incentive Plan and 1,735,729 shares of common stock reserved for issuance under our 2018 Employee Stock Purchase Plan, each of which will become effective in connection with this offering and contains provisions that will automatically increase its shares reserved each year, as more fully described in "Executive Compensation—Employee Benefit Plans."

        Except as otherwise indicated, the information in this prospectus assumes or gives effect to:

    the filing of our amended and restated certificate of incorporation and the adoption of our amended and restated bylaws, each of which will be in effect upon the closing of this offering;

    the conversion of all outstanding shares of our preferred stock (other than our Series A preferred stock, as described below) into an aggregate of 44,370,560 shares of common stock upon the closing of this offering;

    the conversion of all outstanding shares of our Series A preferred stock into 1,560,931 shares of common stock upon the closing of this offering;

    options to purchase shares of our Series A preferred stock outstanding as of March 31, 2018 becoming options to purchase 1,805,009 shares of our common stock, at a weighted-average exercise price of $2.85 per share, upon the closing of this offering;

    options to purchase shares of our Series E-1 preferred stock outstanding as of March 31, 2018 becoming options to purchase an aggregate of 837,835 shares of our common stock, at a weighted-average exercise price of $0.86 per share, upon the closing of this offering;

    warrants to purchase shares of our Series D preferred stock outstanding as of March 31, 2018 becoming warrants to purchase an aggregate of 167,500 shares of our common stock, at a weighted-average exercise price of $5.98 per share, upon the closing of this offering;

    no settlement of RSUs or exercise of options or warrants subsequent to March 31, 2018, other than the assumed full exercise on the date of the closing of this offering of the warrant to purchase 480,848 shares of common stock held by SC US GF Holdings, Ltd., an entity affiliated with Sequoia Capital, at an exercise price of $0.002 per share;

    a 1-for-2 reverse stock split of our common stock effected on April 20, 2018; and

    no exercise by the underwriters of their over-allotment option to purchase up to an additional 1,200,000 shares of our common stock in this offering.

14


Table of Contents



SUMMARY CONSOLIDATED FINANCIAL DATA

        The following tables present summary consolidated financial data for the periods indicated. You should read this information in conjunction with the sections titled "Selected Consolidated Financial Data" and "Management's Discussion and Analysis of Financial Condition and Results of Operations" and our consolidated financial statements and related notes and other information included elsewhere in this prospectus. We have derived the summary consolidated statement of operations data for the years ended December 31, 2015, 2016 and 2017 and the summary consolidated balance sheet data as of December 31, 2017 from our audited consolidated financial statements appearing at the end of this prospectus. Our historical results are not necessarily indicative of the results to be expected in any future period.

 
  Year Ended December 31,  
 
  2015   2016   2017  
 
  (in thousands, except per share data)
 

Consolidated Statement of Operations Data:

                   

Revenue:

                   

Subscription, license and support

  $ 63,747   $ 104,786   $ 149,262  

Services

    6,847     11,453     12,752  

Total revenue

    70,594     116,239     162,014  

Cost of revenue:

                   

Subscription, license and support(1)

    4,492     11,296     24,217  

Services(1)

    8,821     9,743     11,421  

Total cost of revenue

    13,313     21,039     35,638  

Gross profit

    57,281     95,200     126,376  

Operating expenses:

                   

Sales and marketing(1)

    55,432     80,997     107,190  

Research and development(1)

    24,042     36,493     52,047  

General and administrative(1)

    14,389     23,289     22,337  

Total operating expenses

    93,863     140,779     181,574  

Loss from operations

    (36,582 )   (45,579 )   (55,198 )

Interest expense, net

    (817 )   (518 )   32  

Other income (expense), net

    (1,253 )   (648 )   (583 )

Loss before income taxes

    (38,652 )   (46,745 )   (55,749 )

Benefit from (provision for) income taxes

        2,191     (78 )

Net loss

    (38,652 )   (44,554 )   (55,827 )

Accretion of preferred stock to redemption value

    (24,979 )   (3,569 )   (28,056 )

Net loss attributable to common stockholders

  $ (63,631 ) $ (48,123 ) $ (83,883 )

Net loss per share attributable to common stockholders—basic and diluted(2)

  $ (12.12 ) $ (5.85 ) $ (8.08 )

Weighted-average common shares outstanding—basic and diluted(2)

    5,249     8,230     10,383  

Pro forma net loss per share attributable to common stockholders—basic and diluted (unaudited)(2)

              $ (0.97 )

Pro forma weighted-average common shares outstanding—basic and diluted (unaudited)(2)

                56,535  

15


Table of Contents


(1)
The following table summarizes the classification of stock-based compensation expense in our consolidated statements of operations:

 
  Year Ended December 31,  
 
  2015   2016   2017  
 
  (in thousands)
 

Cost of subscription, license and support revenue

  $ 103   $ 184   $ 403  

Cost of services revenue

    179     219     227  

Sales and marketing expense

    1,595     2,501     3,310  

Research and development expense

    1,585     2,035     2,506  

General and administrative expense

    1,446     2,417     2,510  

Total stock-based compensation expense

  $ 4,908   $ 7,356   $ 8,956  
(2)
See Note 18 to our consolidated financial statements appearing at the end of this prospectus for further details on the calculations of basic and diluted net loss per share attributable to common stockholders and basic and diluted pro forma net loss per share attributable to common stockholders.

 
  As of December 31, 2017  
 
  Actual   Pro Forma(2)   Pro Forma As Adjusted(3)  
 
  (in thousands)
 

Consolidated Balance Sheet Data:

                   

Cash and cash equivalents

  $ 36,073   $ 36,073   $ 167,003  

Working capital(1)

    (36,391 )   (36,391 )   94,796  

Total assets

    260,612     260,612     389,375  

Deferred revenue

    164,180     164,180     164,180  

Warrant liability

    2,766          

Redeemable convertible and convertible preferred stock

    334,714          

Total stockholders' equity (deficit)

    (266,508 )   70,972     199,992  

(1)
We define working capital as current assets less current liabilities.

(2)
The pro forma consolidated balance sheet data give effect to:

the conversion of all outstanding shares of our preferred stock into 45,849,708 shares of common stock upon the closing of this offering;

the assumed exercise of the outstanding warrant held by SC US GF Holdings, Ltd., an entity affiliated with Sequoia Capital, to purchase 468,587 shares of our common stock, at an exercise price of $0.002 per share, that will become exercisable upon the closing of this offering; and

outstanding warrants to purchase shares of our preferred stock becoming warrants to purchase 167,500 shares of common stock upon the closing of this offering.

(3)
The pro forma as adjusted consolidated balance sheet data give further effect to our sale of 8,000,000 shares of our common stock in this offering at an assumed initial public offering price of $18.00 per share, which is the midpoint of the price range set forth on the cover page of this prospectus, after deducting estimated underwriting discounts and commissions and estimated offering expenses payable by us.


The pro forma as adjusted information presented in the summary consolidated balance sheet data is illustrative only and will change based on the actual initial public offering price and other terms of this offering determined at pricing. A $1.00 increase (decrease) in the assumed initial public offering price

16


Table of Contents

    of $18.00 per share, which is the midpoint of the price range set forth on the cover page of this prospectus, would increase (decrease) the pro forma as adjusted amount of each of cash and cash equivalents, working capital, total assets and total stockholders' equity by $7.4 million, assuming that the number of shares offered by us, as set forth on the cover page of this prospectus, remains the same and after deducting estimated underwriting discounts and commissions and estimated offering expenses payable by us. An increase (decrease) of 1,000,000 shares in the number of shares of common stock offered by us, as set forth on the cover page of this prospectus, would increase (decrease) the pro forma as adjusted amount of each of cash and cash equivalents, working capital, total assets and total stockholders' equity by $16.7 million, assuming the assumed initial public offering price remains the same and after deducting estimated underwriting discounts and commissions and estimated offering expenses payable by us.

17


Table of Contents


RISK FACTORS

        Investing in our common stock involves a high degree of risk. You should carefully consider the risks and uncertainties described below, together with all of the other information in this prospectus, including the section titled "Management's Discussion and Analysis of Financial Condition and Results of Operations" and our consolidated financial statements and related notes included elsewhere in this prospectus, before deciding whether to purchase shares of our common stock. The risks and uncertainties described below are not the only ones we face. Additional risks and uncertainties that we are unaware of may also become important factors that adversely affect our business. If any of the following risks actually occur, our business, financial condition, results of operations and future prospects could be adversely affected. In that event, the market price of our stock could decline, and you could lose part or all of your investment.

Risks Related to Our Business and Industry

We are a rapidly growing company, which makes it difficult to evaluate our future prospects.

        We are a rapidly growing company. Our ability to forecast our future operating results is subject to a number of uncertainties, including our ability to plan for and model future growth. We have encountered and will continue to encounter risks and uncertainties frequently experienced by growing companies in rapidly evolving industries. If our assumptions regarding these uncertainties, which we use to plan our business, are incorrect or change in reaction to changes in our markets, or if we do not address these risks successfully, our operating and financial results could differ materially from our expectations, our business could suffer and the trading price of our stock may decline.

We have not been profitable historically and may not achieve or maintain profitability in the future.

        We have incurred net losses in each year since inception, including net losses of $38.7 million in 2015, $44.6 million in 2016 and $55.8 million in 2017. As of December 31, 2017, we had an accumulated deficit of $279.9 million. While we have experienced significant revenue growth in recent periods, we are not certain whether or when we will obtain a high enough volume of sales of our products to sustain or increase our growth or achieve or maintain profitability in the future. We also expect our costs to increase in future periods, which could negatively affect our future operating results if our revenue does not increase. In particular, we expect to continue to expend substantial financial and other resources on:

    research and development related to our products, including investments in our research and development team;

    sales and marketing, including a significant expansion of our sales organization, both domestically and internationally;

    continued international expansion of our business;

    expansion of our professional services organization; and

    general administration expenses, including legal and accounting expenses related to being a public company.

        These investments may not result in increased revenue or growth in our business. We expect to continue to devote research and development resources to our on-premise solutions; if our customers and potential customers shift their information technology, or IT, infrastructures to the cloud faster than we anticipate, we may not realize our expected return from the costs we incur. If we are unable to increase our revenue at a rate sufficient to offset the expected increase in our costs, our business, financial position and results of operations will be harmed, and we may not be able to achieve or maintain profitability over the long term. Additionally, we may encounter unforeseen operating expenses, difficulties, complications, delays and other unknown factors that may result in losses in future periods. If our revenue growth does not meet our expectations in future periods, our financial performance may be harmed, and we may not achieve or maintain profitability in the future.

18


Table of Contents

If we are unable to sustain our revenue growth rate, we may not achieve or maintain profitability in the future.

        Our revenue grew from $70.6 million in 2015 to $116.2 million in 2016 and $162.0 million in 2017, representing a 51% compound annual growth rate over the same period. Although we have experienced rapid growth historically and currently have high customer retention rates, we may not continue to grow as rapidly in the future and our customer retention rates may decline. Any success that we may experience in the future will depend in large part on our ability to, among other things:

    maintain and expand our customer base;

    increase revenues from existing customers through increased or broader use of our products within their organizations;

    maintain and expand strategic partnerships with our channel partners;

    improve the performance and capabilities of our products through research and development;

    continue to develop our cloud-based solutions;

    maintain the rate at which customers purchase our support services;

    continue to successfully expand our business domestically and internationally;

    successfully identify and consummate acquisitions of complementary businesses, technology and assets; and

    successfully compete with other companies.

        If we are unable to maintain consistent revenue or revenue growth, our stock price could be volatile, and it may be difficult to achieve and maintain profitability. You should not rely on our revenue for any prior quarterly or annual periods as any indication of our future revenue or revenue growth.

Our quarterly financial results, including our billings and deferred revenue, may fluctuate for a variety of reasons, including our failure to close significant sales before the end of a particular quarter.

        A meaningful portion of our revenue is generated by significant sales to new customers and sales of additional products to existing customers. Purchases of our solutions often occur during the last month of each quarter, particularly in the last quarter of the year. In addition, our sales cycle can last several months from proof of concept to contract negotiation, to delivery of our solution to our customers, and this sales cycle can be even longer, less predictable and more resource-intensive for larger sales. Customers may also require additional internal approvals or seek to test our products for a longer trial period before deciding to purchase our solutions. As a result, the timing of individual sales can be difficult to predict. In some cases, sales have occurred in a quarter subsequent to those we anticipated, or have not occurred at all, which can significantly impact our quarterly financial results and make it more difficult to meet market expectations. See "Management's Discussion and Analysis of Financial Condition and Results of Operations—Critical Accounting Policies—Revenue Recognition."

        In addition to the sales cycle-related fluctuations noted above, our financial results, including our billings and deferred revenue, will continue to vary as a result of a number of factors, many of which are outside of our control and may be difficult to predict, including:

    our ability to attract and retain new customers;

    our ability to sell additional products to existing customers;

    our ability to expand into adjacent and complementary markets;

    changes in customer or channel partner requirements or market needs;

    changes in the growth rate of the next-generation endpoint security market;

19


Table of Contents

    the timing and success of new product introductions by us or our competitors, or any other change in the competitive landscape of the next-generation endpoint security market, including consolidation among our customers or competitors;

    a disruption in, or termination of, any of our relationships with channel partners;

    our ability to successfully expand our business globally;

    reductions in customer retention rates;

    changes in our pricing policies or those of our competitors;

    general economic conditions in our markets;

    future accounting pronouncements or changes in our accounting policies or practices;

    the amount and timing of our operating costs, including cost of goods sold;

    a change in our mix of products and services, including shifts to cloud-based products offered through a software-as-a-service model; and

    increases or decreases in our revenue and expenses caused by fluctuations in foreign currency exchange rates.

        Any of the above factors, individually or in the aggregate, may result in significant fluctuations in our financial and other operating results from period to period. These fluctuations could result in our failure to meet our operating plan or the expectations of investors or analysts for any period. If we fail to meet such expectations for these or other reasons, the trading price of our common stock could fall substantially, and we could face costly lawsuits, including securities class action suits.

We recognize substantially all of our revenue ratably over the term of our agreements with customers and, as a result, downturns or upturns in sales may not be immediately reflected in our operating results.

        We recognize substantially all of our revenue ratably over the terms of our agreements with customers, which generally occurs over a one- or three-year period. As a result, a substantial portion of the revenue that we report in each period will be derived from the recognition of deferred revenue relating to agreements entered into during previous periods. Consequently, a decline in new sales or renewals in any one period may not be immediately reflected in our revenue results for that period. This decline, however, will negatively affect our revenue in future periods. Accordingly, the effect of significant downturns in sales and market acceptance of our products, and potential changes in our rate of renewals may not be fully reflected in our results of operations until future periods. Our model also makes it difficult for us to rapidly increase our revenue through additional sales in any period, as revenue from new customers generally will be recognized over the term of the applicable agreement.

        We also intend to increase our investment in research and development, sales and marketing and general and administrative functions and other areas to grow our business. These costs are generally expensed as incurred (with the exception of sales commissions), as compared to our revenue, substantially all of which is recognized ratably in future periods. We are likely to recognize the costs associated with these increased investments earlier than some of the anticipated benefits and the return on these investments may be lower, or may develop more slowly, than we expect, which could adversely affect our operating results.

We face intense competition in our market, especially from larger, well-established companies, and we may lack sufficient financial or other resources to maintain or improve our competitive position.

        Our market is large, highly competitive, fragmented and subject to rapidly evolving technology, shifting customer needs and frequent introductions of new solutions. We expect competition to increase in the future from both established competitors and new market entrants. Our current competitors include

20


Table of Contents

legacy antivirus solution providers, such as McAfee and Symantec Corporation, established network security providers, such as Palo Alto Networks, Inc., FireEye, Inc. and Cisco Systems, Inc., and privately held companies, such as Crowdstrike and Cylance. New startup companies, as well as established public and private companies, have entered or are currently attempting to enter the next-generation endpoint security market, some of which are or may become significant competitors in the future. Many of our existing competitors have, and some of our potential competitors could have, substantial competitive advantages such as:

    greater name recognition and longer operating histories;

    larger sales and marketing budgets and resources;

    broader distribution and established relationships with distribution partners and customers;

    greater customer support resources;

    greater resources to make acquisitions;

    lower labor and development costs;

    larger and more mature intellectual property portfolios; and

    substantially greater financial, technical and other resources.

        In addition, some of our larger competitors have substantially broader and more diverse product offerings and leverage their relationships based on their installed products or incorporate functionality into existing products to gain business in a manner that discourages users from purchasing our products, including by selling their products at zero or negative margins, product bundling or closed technology platforms. Potential customers may also prefer to purchase from their existing suppliers rather than a new supplier regardless of product performance or features. These larger competitors often have broader product lines and market focus and may therefore not be as susceptible to downturns in a particular market. Some of our smaller competitors that specialize in providing point solutions focused on narrow security problems are able to deliver these specialized security solutions to the market on a faster cadence than a typical enterprise class solution. Conditions in our market could change rapidly and significantly as a result of technological advancements, partnering by our competitors or continuing market consolidation. New start-up companies that innovate and large competitors that are making significant investments in research and development may invent similar or superior products and technologies that compete with our products and technology. Our current and potential competitors may also establish cooperative relationships among themselves or with third parties that may further enhance their resources.

        Some of our competitors have made acquisitions of businesses that may allow them to offer more directly competitive and comprehensive solutions than they had previously offered. As a result of such acquisitions, our current or potential competitors might be able to adapt more quickly to new technologies and customer needs, devote greater resources to the promotion or sale of their products and services, initiate or withstand substantial price competition, take advantage of acquisition or other opportunities more readily, or develop and expand their product and service offerings more quickly than we do. For various reasons, organizations may be more willing to incrementally add our competitors' products to their existing security infrastructure instead of incorporating our products. These competitive pressures in our market or our failure to compete effectively may result in price reductions, fewer orders, reduced revenue and gross margins, and loss of market share. Any failure to meet and address these factors could seriously harm our business and operating results.

The next-generation endpoint security market is new and evolving, and may not grow as expected.

        We believe our future success will depend in large part on the growth, if any, in the market for next-generation endpoint security products. This market is new and evolving, and as such, it is difficult to predict important market trends, including its potential growth, if any. To date, enterprise and corporate

21


Table of Contents

cyber security budgets have allocated a majority of dollars to prevention-centric threat protection solutions, such as network, endpoint and web security products designed to stop threats from penetrating corporate networks. Organizations that use these security products may be satisfied with such existing security products and, as a result, these organizations may not adopt our solutions in addition to, or in lieu of, security products they currently use.

        Further, sophisticated cyber attackers are skilled at adapting to new technologies and developing new methods of gaining access to organizations' sensitive business data, and changes in the nature of advanced cyber threats could result in a shift in IT budgets away from products such as ours. In addition, while recent high visibility attacks on prominent enterprises and governments have increased market awareness of the problem of cyber attacks, if cyber attacks were to decline, or enterprises or governments perceived that the general level of cyber attacks has declined, our ability to attract new customers and expand our sales to existing customers could be materially and adversely affected. If products such as ours are not viewed by organizations as necessary, or if customers do not recognize the benefit of our products as a critical element of an effective cyber security strategy, our revenue may not grow as quickly as expected, or may decline, and the trading price of our stock could suffer.

        In addition, it is difficult to predict customer adoption and retention rates, customer demand for our products, the size and growth rate of the market for next-generation endpoint security, the entry of competitive products or the success of existing competitive products. Any expansion in our market depends on a number of factors, including the cost, performance and perceived value associated with our products and those of our competitors. If these products do not achieve widespread adoption or there is a reduction in demand for products in our market caused by a lack of customer acceptance, technological challenges, competing technologies, products, decreases in corporate spending, weakening economic conditions or otherwise, it could result in reduced customer orders, early terminations, reduced customer retention rates or decreased revenue, any of which would adversely affect our business operations and financial results. You should consider our business and prospects in light of the risks and difficulties we encounter in this new and evolving market.

Forecasts of our market and market growth may prove to be inaccurate, and even if the markets in which we compete achieve the forecasted growth, there can be no assurance that our business will grow at similar rates, or at all.

        Growth forecasts included in this prospectus relating to our market opportunities, including our primary endpoint security market and adjacent security markets, and the expected growth thereof are subject to significant uncertainty and are based on assumptions and estimates which may prove to be inaccurate. Even if these markets meet our size estimate and experience the forecasted growth, we may not grow our business at a similar rate, or at all. Our growth is subject to many factors, including our success in implementing our business strategy and ability to penetrate adjacent security markets, which is subject to many risks and uncertainties. Accordingly, the forecasts of market growth included in this prospectus should not be taken as indicative of our future growth.

If our products fail or are perceived to fail to detect cyber attacks, or if our products contain undetected errors or defects, our brand and reputation could be harmed, which could have an adverse effect on our business and results of operations.

        If our products fail or are perceived to fail to detect cyber attacks, including advanced attacks that have never been seen before, in our customers' endpoints and cyber security infrastructure, or if our products fail to identify and respond to new and increasingly complex methods of cyber attacks, our business and reputation may suffer. There is no guarantee that our products will detect all cyber attacks, especially in light of the rapidly changing security landscape to which we must respond. For example, in August 2017, a blog post alleged a product defect in our Cb Response product. We issued a press release stating that the allegation was incorrect, but in the course of evaluating the alleged defect, we uncovered and fixed another defect in our product. We cannot guarantee that our products will not contain

22


Table of Contents

undetected errors or defects in the future. Additionally, our products may falsely detect cyber attacks or threats that do not actually exist. For example, our products rely on third-party reports of identified security threats and information provided by an active community of security professionals. If the information from these third parties is inaccurate, the potential for false indications of security cyber attacks increases. These false positives, while typical in the industry, may impair the perceived reliability of our products, and may therefore adversely impact market acceptance of our products, and could result in negative publicity, loss of customers and sales and increased costs to remedy any problem.

        Our products, which are complex, may also contain undetected errors or defects when first introduced or as new versions are released. We have experienced these errors or defects in the past in connection with new products and product upgrades. We expect that these errors or defects will be found from time to time in the future in new or enhanced products after commercial release. Defects may cause our products to be vulnerable to attacks, cause them to fail to detect cyber attacks, or temporarily interrupt customers' networking traffic. Any errors, defects, disruptions in service or other performance problems with our products may damage our customers' business and could hurt our reputation. If our products fail to detect cyber attacks for any reason, we may incur significant costs, the attention of our key personnel could be diverted, our customers may delay or withhold payment to us or elect not to renew or other significant customer relations problems may arise.

        We may also be subject to liability claims for damages related to errors or defects in our products. A material liability claim or other occurrence that harms our reputation or decreases market acceptance of our products may harm our business and operating results. Although we have limitation of liability provisions in our terms and conditions of sale, they may not fully or effectively protect us from claims as a result of federal, state, or local laws or ordinances, or unfavorable judicial decisions in the United States or other countries. The sale and support of our also entails the risk of product liability claims. We maintain insurance to protect against certain claims associated with the use of our products, but our insurance coverage may not adequately cover any claim asserted against us. In addition, even claims that ultimately are unsuccessful could result in our expenditure of funds in litigation, divert management's time and other resources, and harm our business and reputation.

We rely on channel partners, such as managed security service providers, incident response firms and security-focused value added resellers, to generate a significant portion of our revenue. If we fail to maintain successful relationships with our channel partners, or if our channel partners fail to perform, our ability to market, sell and distribute our products will be limited, and our business, financial position and results of operations will be harmed.

        In addition to our direct sales force, we rely on our channel partners to sell our products. A majority of our revenue is generated by our channel partners, including managed service security providers, incident response firms and value added resellers. In addition, in the three months ended December 31, 2017, 94% of our new and add-on business was closed in collaboration with our channel partners. We expect to continue to focus on generating sales to new and existing customers through our channel partners as a part of our growth strategy.

        We provide our sales channel partners with specific training and programs to assist them in selling our products, but there can be no assurance that these steps will be effective. In addition, our channel partners may be unsuccessful in marketing, selling and supporting our products. If we are unable to develop and maintain effective sales incentive programs for our third-party channel partners, we may not be able to incentivize these partners to sell our products to customers and, in particular, to large enterprises. Our agreements with our channel partners are generally non-exclusive and these partners may also market, sell and support products that are competitive with ours and may devote more resources to the marketing, sales and support of such competitive products. These partners may have incentives to promote our competitors' products to the detriment of our own or may cease selling our products altogether. Our channel partners may cease or deemphasize the marketing of our products with limited or no notice and with little or no penalty. Our agreements with our channel partners may generally be terminated for any

23


Table of Contents

reason by either party with advance notice prior to each annual renewal date. We cannot be certain that we will retain these channel partners or that we will be able to secure additional or replacement channel partners. The loss of one or more of our significant channel partners or a decline in the number or size of orders from them could harm our operating results. In addition, any new sales channel partner requires extensive training and may take several months or more to achieve productivity. Our channel partner sales structure could subject us to lawsuits, potential liability and reputational harm if, for example, any of our channel partners misrepresent the functionality of our products, subscriptions or services to customers or violate laws or our corporate policies.

        If we fail to effectively manage our existing sales channels, or if our channel partners are unsuccessful in fulfilling the orders for our products, or if we are unable to enter into arrangements with, and retain a sufficient number of, high quality channel partners in each of the regions in which we sell products and keep them motivated to sell our products, our ability to sell our products and operating results will be harmed. The termination of our relationship with any significant channel partner may also adversely impact our sales and operating results.

If we are unable to acquire new customers, our future revenues and operating results will be harmed.

        Our success depends on our ability to acquire new customers, including large enterprise customers. If we are unable to attract a sufficient number of new customers, we may be unable to generate revenue growth at desired rates. Many enterprise customers operate in increasingly complex IT environments and require additional features and functionality, as well as higher levels of support than smaller customers. If our solutions are perceived as insufficient to meet the needs of large enterprises, we may be limited in our ability to acquire large enterprise customers. The next-generation endpoint security market is competitive and many of our competitors have substantial financial, personnel and other resources that they utilize to develop solutions and attract customers. As a result, it may be difficult for us to add new customers to our customer base. Competition in the marketplace may also lead us to win fewer new customers or result in us providing discounts and other commercial incentives. Additional factors that impact our ability to acquire new customers include the perceived need for next-generation endpoint security, the size of our prospective customers' IT budgets, the utility and efficacy of our existing and new products, whether proven or perceived, and general economic conditions. These factors may have a meaningful negative impact on future revenues and operating results.

If we are unable to sell additional products to our customers and maintain and grow our customer retention rates, our future revenue and operating results will be harmed.

        Our future success depends, in part, on our ability to expand the deployment of our products with existing customers by selling them additional products. This may require increasingly sophisticated and costly sales efforts and may not result in additional sales. In addition, the rate at which our customers purchase additional products depends on a number of factors, including the perceived need for additional next-generation endpoint security as well as general economic conditions. If our efforts to sell additional products to our customers are not successful, our business may suffer.

        Further, to maintain or improve our operating results, it is important that our customers renew their agreements with us when the existing term expires. Our customers have no obligation to renew their agreements upon expiration of the applicable contract term, and we cannot provide assurance that customers will renew subscriptions or support agreements. We calculate retention rate by comparing the annual recurring subscription and support revenue from our end-use customers at the beginning of a measurement period to the annual recurring subscription and support revenue from those same end-use customers at the end of a measurement period. We divide the ending annual recurring revenue by the beginning annual recurring revenue to arrive at our retention rate metric. We exclude the impact of any add-on purchases from these customers during the measurement period; accordingly, our retention rate cannot exceed 100%. In addition, this metric reflects the loss of customers who elected not to renew

24


Table of Contents

contracts expiring during the measurement period. Our retention rate was 93% in 2015, 92% in 2016 and 93% in 2017. The rate of customer retention may decline or fluctuate as a result of a number of factors, including our customers' satisfaction or dissatisfaction with our products, the effectiveness of our customer support services, our pricing, the prices of competing products, subscriptions or services, mergers and acquisitions affecting our customer base, or reductions in our customers' budgets and spending levels. If our end-use customers do not renew their agreements, or renew on less favorable terms, our revenue may decline, our business may suffer, and we may not realize improved operating results from our customer base.

If we do not successfully anticipate market needs and enhance our existing products or develop new products that meet those needs on a timely basis, we may not be able to compete effectively and our ability to generate revenues will suffer.

        Our customers operate in markets characterized by rapidly changing technologies and business plans, which require them to adapt to increasingly complex IT infrastructures that incorporate a variety of hardware, software applications, operating systems and networking protocols. As our customers' technologies and business plans grow more complex, we expect them to face new and increasingly sophisticated methods of attack. We face significant challenges in ensuring that our products effectively identify and respond to these advanced and evolving attacks without disrupting the performance of our customers' IT infrastructures. As a result, we must continually modify and improve our products in response to changes in our customers' IT infrastructures.

        We cannot guarantee that we will be able to anticipate future market needs and opportunities or be able to develop product enhancements or new products to meet such needs or opportunities in a timely manner, if at all. Even if we are able to anticipate, develop and commercially introduce enhancements and new products, there can be no assurance that enhancements or new products will achieve widespread market acceptance.

        New products, as well as enhancements to our existing products, could fail to attain sufficient market acceptance for many reasons, including:

    delays in releasing new products, or product enhancements;

    failure to accurately predict market demand and to supply products that meet this demand in a timely fashion;

    inability to integrate effectively with the existing or newly introduced technologies, systems or applications of our existing and prospective customers;

    inability to protect against new types of attacks or techniques used by cyber attackers or other data thieves;

    defects in our products, errors or failures of our products;

    negative publicity or perceptions about the performance or effectiveness of our products;

    introduction or anticipated introduction of competing products by our competitors;

    installation, configuration or usage errors by our customers;

    easing or changing of regulatory requirements related to security; and

    reluctance of customers to purchase products incorporating open source software.

        If we fail to anticipate market requirements or fail to develop and introduce product enhancements or new products to meet those needs in a timely manner, it could cause us to lose existing customers and prevent us from gaining new customers, which would significantly harm our business, financial condition and results of operations.

25


Table of Contents

        While we continue to invest significant resources in research and development to ensure that our products continue to address the cyber security risks that our customers face, the introduction of products embodying new technologies could also render our existing products or services obsolete or less attractive to customers. If we spend significant time and effort on research and development and are unable to generate an adequate return on our investment, our business and results of operations may be materially and adversely affected.

If our products do not effectively integrate with our customers' IT infrastructure, or if our technology partners no longer support our products or allow us to integrate with their programs, our business could suffer.

        Our products must effectively integrate with our customers' existing or future IT infrastructure, which often has different specifications, utilizes multiple protocol standards, deploys products from multiple vendors and contains multiple generations of products that have been added over time. As a result, when problems occur in a network, it may be difficult to identify the sources of these problems. If we find errors in the existing software or defects in the hardware used in our customers' infrastructure or problematic network configurations or settings, we may have to modify our software or hardware so that our products will integrate with our customers' infrastructure. In such cases, our products may be unable to provide significant performance improvements for applications deployed in our customers' infrastructure. These issues could cause longer installation times for our products and could cause order cancellations, either of which would adversely affect our business, results of operations and financial condition. Additionally, any changes in our customers' IT infrastructure that degrade the functionality of our products or services or give preferential treatment to competitive software could adversely affect the adoption and usage of our products.

        Further, if our technology partners no longer support our products or allow us to integrate with customers' IT infrastructure, or if we do not maintain these integrations, the functionality of our products may be reduced and our products may not be as marketable to certain existing and potential customers.

        If our products are late in achieving or fail to achieve compliance with these certifications and standards, or our competitors achieve compliance with these certifications and standards, we may be disqualified from selling our products to such customers, or may otherwise be at a competitive disadvantage, either of which would harm our business, results of operations and financial condition.

If our products fail to help our customers achieve and maintain compliance with regulations and/or industry standards, our revenue and operating results could be harmed.

        We generate a portion of our revenue from our product offerings that help organizations achieve and maintain compliance with regulations and industry standards both domestically and internationally. For example, many of our customers subscribe to our product offerings to help them comply with the security standards developed and maintained by the Payment Card Industry Security Standards Council, or the PCI Council, which apply to companies that process, transmit or store cardholder data. In addition, our product and service offerings are used by customers in the healthcare industry to help them comply with numerous federal and state laws and regulations related to patient privacy. In particular, the Health Insurance Portability and Accountability Act of 1996, or HIPAA, and the 2009 Health Information Technology for Economic and Clinical Health Act include privacy and data security standards that protect individual privacy by limiting the uses and disclosures of individually identifiable health information and implementing data security standards. The foregoing and other state, federal and international legal and regulatory regimes may affect our customers' requirements for, and demand for, our products and professional services. Governments and industry organizations, such as the PCI Council, may also adopt new laws, regulations or requirements, or make changes to existing laws or regulations, that could impact the demand for, or value of, our products. If we are unable to adapt our products to changing legal and regulatory standards or other requirements in a timely manner, or if our products fail to assist with, or expedite, our customers' cyber security defense and compliance efforts, our customers may lose confidence

26


Table of Contents

in our products, and could switch to products offered by our competitors or threaten or bring legal actions against us. In addition, if laws, regulations or standards related to data security, vulnerability management and other IT security and compliance requirements are relaxed or the penalties for non-compliance are changed in a manner that makes them less onerous, our customers may view government and industry regulatory compliance as less critical to their businesses, and our customers may be less willing to purchase our products. In any of these cases, our revenue and operating results could be harmed.

        In addition, government and other customers may require our products to comply with certain privacy and security regulations, or other certifications and standards. If our products are late in achieving or fail to achieve or maintain compliance with these certifications and standards, or our competitors achieve compliance with these certifications and standards, we may be disqualified from selling our products to such customers, or may otherwise be at a competitive disadvantage, either of which would harm our business, results of operations and financial condition.

As a cyber security provider, we have been, and expect to continue to be, a target of cyber attacks that could adversely impact our reputation and operating results.

        We will not succeed unless the marketplace is confident that we provide effective next-generation endpoint security protection. Because we sell next-generation endpoint security solutions, we may be an attractive target for attacks by cyber attackers or other data thieves, since a breach of our system could provide information regarding us or our customers. Accordingly, we have been, and expect to continue to be, a target of cyber attacks designed to interrupt or impede the performance of our products or the security of our cloud platform, penetrate our network security or our internal systems, or those of our customers, or to misappropriate proprietary information. For example, in 2012, we were subject to an unauthorized breach of one of our computer systems that was not protected by our platform. As a result of this attack, which we discovered in January 2013, a malicious third party gained temporary access to one of our digital code-signing certificates. This third party then used this certificate to sign malware that would not be blocked by our Cb Protection security software. That malware was installed on the computers of several of our customers. While we have undertaken substantial remedial efforts to prevent similar incidents from occurring in the future, we cannot guarantee that we will not be the target of additional cyber attacks and that future cyber attacks will not be successful.

        As a result of this offering, we will likely experience increased visibility as a public company, which could have the effect of attracting the attention of more cyber attackers than would otherwise target us. If our systems are breached, attackers could learn critical information about how our products operate to help protect our customers' endpoints, thereby making our customers more vulnerable to cyber attacks. In addition, if actual or perceived breaches of our platform occur, they could adversely affect the market perception of our products, negatively affecting our reputation, and may expose us to the loss of our proprietary information or information belonging to our customers, investigations or litigation and possible liability, including injunctive relief and monetary damages. Such security breaches could also divert the efforts of our technical and management personnel. In addition, such security breaches could impair our ability to operate our business and provide products to our customers. If this happens, our reputation could be harmed, our revenue could decline and our business could suffer.

Our business and operations are experiencing rapid growth, and if we do not appropriately manage our future growth, or are unable to scale our systems and processes, our operating results may be negatively affected.

        We are a rapidly growing company. To manage future growth effectively, and in connection with our transition to being a public company, we will need to continue to improve and expand our internal IT systems, financial infrastructure and operating and administrative systems and controls, which we may not be able to do efficiently, in a timely manner or at all. Any future growth would add complexity to our organization and require effective coordination across our organization. Failure to manage any future

27


Table of Contents

growth effectively could result in increased costs, harm our results of operations and lead to investors losing confidence in our internal systems and processes.

If we are not successful in our continued international expansion, our operating results may be negatively affected.

        We have a limited history of marketing, selling and supporting our products internationally. For the year ended December 31, 2017, we generated approximately 13% of our revenue from customers located outside of the United States. Our growth strategy is dependent, in part, on our continued international expansion. We expect to conduct a significant amount of our business with organizations that are located outside the United States, particularly in Europe and Asia. As a result, we must hire and train experienced personnel to staff and manage our foreign operations. To the extent that we experience difficulties in recruiting, training, managing and retaining international employees, particularly managers and other members of our international sales team, we may experience difficulties in sales productivity in, or market penetration of, foreign markets. We also enter into strategic distributor and reseller relationships with companies in certain international markets where we do not have a local presence. If we are not able to maintain successful strategic distributor relationships with our international channel partners or recruit additional channel partners, our future success in these international markets could be limited. Business practices in the international markets that we serve may differ from those in the United States and may require us to include non-standard terms in customer contracts. To the extent that we enter into customer contracts in the future that include non-standard terms related to payment or performance obligations, our results of operations may be adversely impacted.

        Our business, including the sales of our products by us and our channel partners, may be subject to foreign governmental regulations, which vary substantially from country to country and change from time to time. Our failure, or the failure by our channel partners, to comply with these regulations could adversely affect our business. Further, in many foreign countries it is common for others to engage in business practices that are prohibited by our internal policies and procedures or U.S. regulations applicable to us. Although we have implemented policies and procedures designed to comply with these laws and policies, there can be no assurance that our employees, contractors, channel partners and agents have complied, or will comply, with these laws and policies. Violations of laws or key control policies by our employees, contractors, channel partners or agents could result in delays in revenue recognition, financial reporting misstatements, fines, penalties or the prohibition of the importation or exportation of our products, and could have a material adverse effect on our business and results of operations. If we are unable to successfully manage the challenges of international expansion and operations, our business and operating results could be adversely affected.

        Additionally, our international sales and operations are subject to a number of risks, including the following:

    greater difficulty in enforcing contracts and managing collections, as well as longer collection periods;

    higher costs of doing business internationally, including costs incurred in establishing and maintaining office space and equipment for our international operations;

    fluctuations in exchange rates between the U.S. dollar and foreign currencies in markets where we do business;

    management communication and integration problems resulting from cultural and geographic dispersion;

    costs associated with language localization of our products;

    risks associated with trade restrictions and foreign legal requirements, including any importation, certification and localization of our products that may be required in foreign countries;

    greater risk of unexpected changes in regulatory practices, tariffs and tax laws and treaties;

28


Table of Contents

    costs of compliance with foreign laws and regulations and the risks and costs of non-compliance with such laws and regulations, including, but not limited to data privacy, data protection and data security regulations;

    compliance with anti-bribery laws, including, without limitation, the U.S. Foreign Corrupt Practices Act of 1977, as amended, the U.S. Travel Act and the UK Bribery Act 2010, violations of which could lead to significant fines, penalties and collateral consequences for our company;

    heightened risk of unfair or corrupt business practices in certain geographies and of improper or fraudulent sales arrangements that may impact financial results and result in restatements of, or irregularities in, financial statements;

    the uncertainty of protection for intellectual property rights in some countries;

    general economic and political conditions in these foreign markets, including political and economic instability in some countries;

    foreign exchange controls or tax regulations that might prevent us from repatriating cash earned outside the United States; and

    double taxation of our international earnings and potentially adverse tax consequences due to changes in the tax laws of the United States or the foreign jurisdictions in which we operate.

        These and other factors could harm our ability to generate future international revenue and, consequently, materially impact our business, results of operations and financial condition.

We provide service level commitments for cloud-based delivery of our products and support. Any future service disruption could obligate us to provide service credits and we could face subscription or support agreement terminations, which could adversely affect our revenue.

        Our agreements with customers provide certain service level commitments, including with respect to uptime requirements for cloud-based delivery of our services and response time for support. If we are unable to meet the stated service level commitments or suffer extended periods of downtime that exceed the periods allowed under our customer agreements, we could be required to provide service credits or face subscription terminations, either of which could significantly impact our revenue.

        Our customers depend on our customer support team to resolve technical issues relating to our products. We may be unable to respond quickly enough to accommodate short-term increases in customer demand for support services. Increased customer demand for these services, without corresponding revenue, could increase costs and adversely affect our operating results. Any failure to maintain high-quality customer support, or a market perception that we do not maintain high-quality support, could adversely affect our reputation and our ability to sell our products to existing and prospective customers, or could result in terminations of existing customer agreements.

We are dependent on the continued services and performance of our senior management and other key employees, as well as on our ability to successfully hire, train, manage and retain qualified personnel, especially those in sales and marketing and research and development.

        Our future performance depends on the continued services and contributions of our senior management, particularly Patrick Morley, our President and Chief Executive Officer, and other key employees to execute on our business plan and to identify and pursue new opportunities and product innovations. We do not maintain key man insurance for any of our executive officers or key employees. From time to time, there may be changes in our senior management team resulting from the termination or departure of our executive officers and key employees. Our senior management and key employees are generally employed on an at-will basis, which means that they could terminate their employment with us at any time. The loss of the services of our senior management, particularly Mr. Morley, or other key employees for any reason could significantly delay or prevent our development or the achievement of our strategic objectives and harm our business, financial condition and results of operations.

29


Table of Contents

        Our ability to successfully pursue our growth strategy will also depend on our ability to attract, motivate and retain our personnel, especially those in sales and marketing and research and development. We face intense competition for these employees from numerous technology, software and other companies, especially in certain geographic areas in which we operate, and we cannot ensure that we will be able to attract, motivate and/or retain additional qualified employees in the future. If we are unable to attract new employees and retain our current employees, we may not be able to adequately develop and maintain new products, or market our existing products at the same levels as our competitors and we may, therefore, lose customers and market share. Our failure to attract and retain personnel, especially those in sales and marketing, research and development and engineering positions, could have an adverse effect on our ability to execute our business objectives and, as a result, our ability to compete could decrease, our operating results could suffer and our revenue could decrease. Even if we are able to identify and recruit a sufficient number of new hires, these new hires will require significant training before they achieve full productivity and they may not become productive as quickly as we would like, or at all.

If we do not effectively expand, train and retain qualified sales and marketing personnel, we may be unable to acquire new customers or sell additional products to successfully pursue our growth strategy.

        We depend significantly on our sales force to attract new customers and expand sales to existing customers. As a result, our ability to grow our revenue depends in part on our success in recruiting, training and retaining sufficient numbers of sales personnel to support our growth, particularly in the United States, Europe, the Middle East, Africa and Asia Pacific. The number of our sales and marketing personnel increased from 343 as of December 31, 2016 to 425 as of December 31, 2017. We expect to continue to expand our sales and marketing personnel significantly and face a number of challenges in achieving our hiring and integration goals. There is intense competition for individuals with sales training and experience. In addition, the training and integration of a large number of sales and marketing personnel in a short time requires the allocation of significant internal resources. We invest significant time and resources in training new sales force personnel to understand our products, platform and our growth strategy. Based on our past experience, it takes approximately six to 12 months before a new sales force member operates at target performance levels, depending on their role. However, we may be unable to achieve or maintain our target performance levels with large numbers of new sales personnel as quickly as we have done in the past. Our failure to hire a sufficient number of qualified sales force members and train them to operate at target performance levels may materially and adversely impact our projected growth rate.

If the general level of advanced cyber attacks declines, or is perceived by our current or potential customers to have declined, our business could be harmed.

        Our business is substantially dependent on enterprises and governments recognizing that advanced cyber attacks are pervasive and are not effectively prevented by legacy security products. High visibility attacks on prominent enterprises and governments have increased market awareness of the problem of advanced cyber attacks and help to provide an impetus for enterprises and governments to devote resources to protecting against advanced cyber attacks, such as testing our products, purchasing them and broadly deploying them within their organizations. If advanced cyber attacks were to decline, or enterprises or governments perceived that the general level of advanced cyber attacks has declined, our ability to attract new customers and expand sales of our products to existing customers could be materially and adversely affected. A reduction in the threat landscape could increase our sales cycles and harm our business, results of operations and financial condition.

Organizations have been and may continue to be reluctant to purchase cyber security offerings that are cloud-based due to the actual or perceived vulnerability of cloud solutions.

        Some organizations, particularly in certain geographies and industries, such as defense and financial services, have been and may continue to be reluctant to use cloud solutions for cyber security because they have concerns regarding the risks associated with the reliability or security of the technology delivery

30


Table of Contents

model associated with this solution. If we or other cloud service providers experience security incidents, breaches of customer data, disruptions in service delivery or other problems, the market for cloud solutions as a whole may be negatively impacted.

If we cannot maintain our company culture as we grow, we could lose the innovation, teamwork, passion and focus on execution that we believe contribute to our success and our business may be harmed.

        We believe that a critical component to our success has been our company culture, which we believe fosters innovation, teamwork, passion for customers and focus on execution, and facilitates critical knowledge transfer, knowledge sharing and professional growth. We have invested substantial time and resources in building our team within this company culture. Any failure to preserve our culture could negatively affect our ability to retain and recruit personnel and to effectively focus on and pursue our corporate objectives. As we grow and develop the infrastructure of a public company, we may find it difficult to maintain these important aspects of our company culture. If we fail to maintain our company culture, our business may be adversely impacted.

Fluctuating economic conditions make it difficult to predict revenue for a particular period, and a shortfall in revenue may harm our operating results.

        Our revenue depends significantly on general economic conditions and the demand for products in the next-generation endpoint security market. Economic weakness, customer financial difficulties and constrained spending on cyber security may result in decreased revenue and earnings. Such factors could make it difficult to accurately forecast our sales and operating results and could negatively affect our ability to provide accurate forecasts of our costs and expenses. In addition, concerns regarding continued budgetary challenges in the United States and Europe, geopolitical turmoil and terrorism in many parts of the world, and the effects of climate change have and may continue to put pressure on global economic conditions and overall spending on cyber security. Currently, most enterprises and governments have not allocated a fixed portion of their budgets to protect against next-generation advanced cyber attacks. If we do not succeed in convincing customers that our products should be an integral part of their overall approach to cyber security and that a fixed portion of their annual security budgets should be allocated to our products, general reductions in security spending by our customers are likely to have a disproportionate impact on our business, results of operations and financial condition. General economic weakness may also lead to longer collection cycles for payments due from our customers, an increase in customer bad debt, restructuring initiatives and associated expenses and impairment of investments. Furthermore, the continued weakness and uncertainty in worldwide credit markets, including the sovereign debt situation in certain countries in the European Union, or EU, may adversely impact the ability of our customers to adequately fund their expected capital expenditures, which could lead to delays or cancellations of planned purchases of our products.

        Uncertainty about future economic conditions also makes it difficult to forecast operating results and to make decisions about future investments. Future or continued economic weakness for us or our customers, failure of our customers and markets to recover from such weakness, customer financial difficulties and reductions in spending on cyber security could have a material adverse effect on demand for our products, and consequently on our business, financial condition and results of operations.

If we are not able to maintain and enhance our brand or reputation as an industry leader, our business and operating results may be adversely affected.

        We believe that maintaining and enhancing our reputation as a leader in next-generation endpoint security is critical to our relationship with our existing end-use customers and channel partners and our ability to attract new customers and channel partners. The successful promotion of our brand will depend on a number of factors, including our marketing efforts, our ability to continue to develop high-quality features for our products and our ability to successfully differentiate our products from those of our competitors. Our brand promotion activities may not be successful or yield increased revenue. In addition,

31


Table of Contents

independent industry analysts often provide reports of our solutions, as well as the solutions of our competitors, and perception of our solutions in the marketplace may be significantly influenced by these reports. If these reports are negative, or less positive as compared to those of our competitors' products, our reputation may be adversely affected. Additionally, the performance of our channel partners may affect our brand and reputation if customers do not have a positive experience with our products as implemented by our channel partners or with the implementation generally. The promotion of our brand requires us to make substantial expenditures, and we anticipate that the expenditures will increase as our market becomes more competitive, as we expand into new geographies and vertical markets and as more sales are generated through our channel partners. To the extent that these activities yield increased revenue, this revenue may not offset the increased expenses we incur. If we do not successfully maintain and enhance our brand and reputation, our business and operating results may be adversely affected.

Our brand, reputation and ability to attract, retain and serve our customers are dependent in part upon the reliable performance of our products and infrastructure.

        Our brand, reputation and ability to attract, retain and serve our customers are dependent in part upon the reliable performance of, and the ability of our existing customers and new customers to access and use, our solutions and infrastructure. We have experienced, and may in the future experience, disruptions, outages and other performance problems due to a variety of factors, including infrastructure changes, equipment failure, human or software errors, capacity constraints and fraud or security attacks. In some instances, we may not be able to identify the cause or causes of these performance problems within an acceptable period of time.

        We operate and maintain our infrastructure at our headquarters and by using third-party data centers located in the Boston, Massachusetts area. We also utilize Amazon Web Services, or AWS, for the delivery of our cloud-based products. In addition, our ability to access certain third-party software-as-a-service, or SaaS, solutions, such as Salesforce, is important to our operations and our ability to execute sales. Some elements of this complex system are operated by third parties that we do not control and that could require significant time to replace. We expect this dependence on third parties to continue. Interruptions in our systems or the third-party systems on which we rely, whether due to system failures, computer viruses, physical or electronic break-ins, or other factors, could affect the security or availability of our products, network infrastructure, cloud infrastructure and website.

        Prolonged delays or unforeseen difficulties in connection with adding capacity or upgrading our network architecture when required may cause our service quality to suffer. Problems with the reliability or security of our systems could harm our reputation. Damage to our reputation and the cost of remedying these problems could negatively affect our business, financial condition and operating results.

        Additionally, our existing data center facilities and third-party hosting providers have no obligations to renew their agreements with us on commercially reasonable terms or at all, and certain of the agreements governing these relationships may be terminated by either party at any time. If we are unable to maintain or renew our agreements with these providers on commercially reasonable terms or if in the future we add additional data center facilities or third-party hosting providers, we may experience costs or downtime as we transition our operations.

        Any disruptions or other performance problems with our products could harm our reputation and business and may damage our customers' businesses. Interruptions in our service delivery might reduce our revenue, cause us to issue credits to customers, subject us to potential liability and cause customers to not renew their purchases or our products.

In deploying our cloud-based SaaS products, we rely upon AWS to operate our cloud-based offerings; any disruption or interference with our use of AWS would adversely affect our business, results of operations and financial condition.

        AWS is a third-party provider of cloud infrastructure services. We outsource substantially all of the infrastructure relating to our cloud offerings to AWS. Our Predictive Security Cloud resides on hardware

32


Table of Contents

owned or leased and operated by us at the AWS data centers. Customers of our cloud-based SaaS products need to be able to access our platform at any time, without interruption or degradation of performance, and we provide them with service level commitments with respect to uptime. Our cloud-based SaaS products depend on protecting the virtual cloud infrastructure hosted in AWS by maintaining its configuration, architecture, features and interconnection specifications, as well as the information stored in these virtual data centers and which third-party internet service providers transmit. Although we have disaster recovery plans that utilize multiple AWS locations, any incident affecting their infrastructure that may be caused by fire, flood, severe storm, earthquake or other natural disasters, cyber attacks, terrorist or other attacks, and other similar events beyond our control could negatively affect our cloud-based SaaS products. For example, in September 2015 and February 2017, AWS suffered significant outages that had a widespread impact on cloud-based software and services companies. Although our customers were not affected by that outage, a similar outage could render our cloud-based offerings inaccessible to customers. A prolonged AWS service disruption affecting our cloud-based offerings for any of the foregoing reasons would negatively impact our ability to serve our customers and could damage our reputation with current and potential customers, expose us to liability, cause us to lose customers or otherwise harm our business. We may also incur significant costs for using alternative equipment or taking other actions in preparation for, or in reaction to, events that damage the AWS services we use.

        In addition, AWS may terminate the agreement with us by providing two years' prior written notice, and may terminate the agreement for cause with 30 days' prior written notice, including any material breach of the agreement by us that we do not cure within the 30-day cure period. In the event that our AWS service agreements are terminated, or there is a lapse of service, elimination of AWS services or features that we utilize, interruption of internet service provider connectivity or damage to such facilities, we could experience interruptions in access to our platform as well as significant delays and additional expense in arranging or creating new facilities and services and/or re-architecting our cloud offering for deployment on a different cloud infrastructure service provider, which may adversely affect our business, operating results and financial condition.

If we fail to manage our operations infrastructure, our customers may experience service outages and/or delays.

        Our future growth is dependent upon our ability to continue to meet the expanding needs of our customers and to attract new customers. As existing customers gain more experience with our products, they may broaden their reliance on our products, which will require that we expand our operations infrastructure as well as our dependence on third parties to support that infrastructure. We also seek to maintain excess capacity in our operations infrastructure to facilitate the rapid provision of new customer deployments. In addition, we need to properly manage our technological operations infrastructure to support changes in hardware and software parameters and the evolution of our solutions, all of which require significant lead time. If we do not accurately predict our infrastructure requirements, our existing customers may experience service outages that may subject us to financial penalties, financial liabilities and customer losses. If our operations infrastructure fails to keep pace with increased sales, customers may experience delays as we seek to obtain additional capacity, which could adversely affect our reputation and our revenue.

If our customers are unable to implement our products successfully, customer perceptions of our products may be impaired or our reputation and brand may suffer.

        Our products are deployed in a wide variety of IT environments, including large-scale, complex infrastructures. Some of our customers have experienced difficulties implementing our products in the past and may experience implementation difficulties in the future. If our customers are unable to implement our products successfully, customer perceptions of our products may be impaired or our reputation and brand may suffer.

        In addition, for our products to achieve their functional potential, our products must effectively integrate into our customers' IT infrastructures, which have different specifications, utilize varied protocol

33


Table of Contents

standards, deploy products from multiple different vendors and contain multiple layers of products that have been added over time. Our customers' IT infrastructures are also dynamic, with a myriad of devices and endpoints entering and exiting the customers' IT systems on a regular basis, and our products must be able to effectively adapt to and track these changes.

        Any failure by our customers to appropriately implement our products or any failure of our products to effectively integrate and operate within our customers' IT infrastructures could result in customer dissatisfaction, impact the perceived reliability of our products, result in negative press coverage, negatively affect our reputation and harm our financial results.

We have in the past completed acquisitions and may acquire or invest in other companies or technologies in the future, which could divert management's attention, fail to meet our expectations, result in additional dilution to our stockholders, increase expenses, disrupt our operations or otherwise harm our operating results.

        We have in the past acquired, and we may in the future acquire or invest in, businesses, products or technologies that we believe could complement or expand our platform, enhance our technical capabilities or otherwise offer growth opportunities. For example, in February 2014, we acquired Carbon Black (our name at the time was Bit9, Inc.), a threat detection and response software company; in 2015, we acquired Objective Logistics Inc., a software company, and VisiTrend, Inc., a security analytics company; and in 2016, we acquired Confer Technologies, Inc., a next-generation antivirus software company. We may not be able to fully realize the anticipated benefits of these or any future acquisitions. The pursuit of potential acquisitions may divert the attention of management and cause us to incur various expenses related to identifying, investigating and pursuing suitable acquisitions, whether or not they are consummated.

        There are inherent risks in integrating and managing acquisitions. If we acquire additional businesses, we may not be able to assimilate or integrate the acquired personnel, operations, products, services and technologies successfully or effectively manage the combined business following the acquisition and our management may be distracted from operating our business. We also may not achieve the anticipated benefits from the acquired business due to a number of factors, including, without limitation:

    unanticipated costs or liabilities associated with the acquisition;

    incurrence of acquisition-related costs, which would be recognized as a current period expense;

    inability to generate sufficient revenue to offset acquisition or investment costs;

    the inability to maintain relationships with customers and partners of the acquired business;

    the difficulty of incorporating acquired technology and rights into our platform and of maintaining quality and security standards consistent with our brand;

    delays in customer purchases due to uncertainty related to any acquisition;

    the need to integrate or implement additional controls, procedures and policies;

    challenges caused by distance, language and cultural differences;

    harm to our existing business relationships with business partners and customers as a result of the acquisition;

    the potential loss of key employees;

    use of resources that are needed in other parts of our business and diversion of management and employee resources;

    the inability to recognize acquired deferred revenue in accordance with our revenue recognition policies; and

    use of substantial portions of our available cash or the incurrence of debt to consummate the acquisition.

        Acquisitions also increase the risk of unforeseen legal liability, including for potential violations of applicable law or industry rules and regulations, arising from prior or ongoing acts or omissions by the

34


Table of Contents

acquired businesses that are not discovered by due diligence during the acquisition process. Generally, if an acquired business fails to meet our expectations, our operating results, business and financial condition may suffer. Acquisitions could also result in dilutive issuances of equity securities or the incurrence of debt, which could adversely affect our business, results of operations and financial condition.

        In addition, a significant portion of the purchase price of companies we acquire may be allocated to goodwill and other intangible assets, which must be assessed for impairment at least annually. If our acquisitions do not ultimately yield expected returns, we may be required to take charges to our operating results based on our impairment assessment process, which could harm our results of operations.

The failure of our customers to correctly use our products, or our failure to effectively assist customers in installing our products and provide effective ongoing support, may harm our business.

        Our customers depend in large part on customer support delivered by us to resolve issues relating to the use of our products. However, even with our support, our customers are ultimately responsible for effectively using our products, and ensuring that their IT staff is properly trained in the use of our products, and complementary security products. The failure of our customers to correctly use our products, or our failure to effectively assist customers in installing our products and provide effective ongoing support, may result in an increase in the vulnerability of our customers' IT infrastructures and sensitive business data. We are also in the process of expanding our certification program and professional service organization. It can take significant time and resources to recruit, hire and train qualified technical support and service employees. We may not be able to keep up with demand, particularly if the sales of our products exceed our internal forecasts. To the extent that we are unsuccessful in hiring, training and retaining adequate support resources, our ability to provide adequate and timely support to our customers may be negatively impacted, and our customers' satisfaction with our products may be adversely affected. Additionally, in unusual circumstances, if we were to need to rely on our sales engineers to provide post-sales support while we are growing our service organization, our sales productivity may be negatively impacted. Accordingly, our failure to provide satisfactory maintenance and technical support services could have a material and adverse effect on our business and results of operations.

The sales prices of our products and services may decrease, which may reduce our gross profits and adversely impact our financial results.

        The sales prices for our products and services may decline for a variety of reasons, including competitive pricing pressures, discounts, a change in our mix of products and services, anticipation of the introduction of new products or promotional programs. Competition continues to increase in the market segments in which we participate, and we expect competition to further increase in the future, thereby leading to increased pricing pressures. Larger competitors with more diverse product and service offerings may reduce the price of products that compete with ours or may bundle them with other products and services. Additionally, currency fluctuations in certain countries and regions may negatively impact prices that partners and customers are willing to pay in those countries and regions. Furthermore, we anticipate that the sales prices and gross profits for our products will decrease over product life cycles. We cannot be certain that we will be successful in developing and introducing new products with enhanced functionality on a timely basis, or that our new product offerings, if introduced, will enable us to maintain our prices and gross profits at levels that will allow us to maintain positive gross margins and achieve profitability.

We incorporate technology from third parties into our products, and our inability to obtain or maintain rights to the technology could harm our business.

        We incorporate technology from third parties into our products. We cannot be certain that our suppliers and licensors are not infringing the intellectual property rights of third parties or that the suppliers and licensors have sufficient rights to the technology in all jurisdictions in which we may sell our products. We may not be able to rely on indemnification obligations of third parties if some of our agreements with our suppliers and licensors may be terminated for convenience by them. If we are unable

35


Table of Contents

to obtain or maintain rights to any of this technology because of intellectual property infringement claims brought by third parties against our suppliers and licensors or against us, or if we are unable to continue to obtain such technology or enter into new agreements on commercially reasonable terms, our ability to develop and sell products, subscriptions and services containing such technology could be severely limited, and our business could be harmed. Additionally, if we are unable to obtain necessary technology from third parties, including certain sole suppliers, we may be forced to acquire or develop alternative technology, which may require significant time, cost and effort and may be of lower quality or performance standards. This would limit and delay our ability to offer new or competitive products, and increase our costs of production. If alternative technology cannot be obtained or developed, we may not be able to offer certain functionality as part of our products, subscriptions and services. As a result, our margins, market share and results of operations could be significantly harmed.

Our products contain third-party open source software components, and our failure to comply with the terms of the underlying open source software licenses could restrict our ability to sell our products.

        Our products contain software licensed to us by third parties under so-called "open source" licenses. Open source software is typically freely accessible, usable and modifiable. Certain open source software licenses require a user who intends to distribute the open source software as a component of the user's software to disclose publicly part or all of the source code to the user's software. In addition, certain open source software licenses require the user of such software to make any derivative works of the open source code available to others on unfavorable terms or at no cost. This can subject previously proprietary software to open source license terms. From time to time, there have been claims against companies that distribute or use open source software in their products and services, asserting that such open source software infringes the claimants' intellectual property rights. We could be subject to suits by parties claiming that what we believe to be licensed open source software infringes their intellectual property rights. Use and distribution of open source software may entail greater risks than use of third-party commercial software, as open source licensors generally do not provide warranties or other contractual protections regarding infringement claims or the quality of the code. In addition, certain open source licenses require that source code for software programs that are subject to the license be made available to the public and that any modifications or derivative works to such open source software continue to be licensed under the same terms.

        Although we monitor our use of open source software in an effort both to comply with the terms of the applicable open source licenses and to avoid subjecting our products to conditions we do not intend, the terms of many open source licenses have not been interpreted by U.S. courts, and there is a risk that these licenses could be construed in a way that could impose unanticipated conditions or restrictions on our ability to commercialize our products. The terms of certain open source licenses require us to release the source code of our applications and to make our applications available under those open source licenses if we combine or distribute our applications with open source software in a certain manner. In the event that portions of our applications are determined to be subject to an open source license, we could be required to publicly release the affected portions of our source code, re-engineer all, or a portion of, those applications or otherwise be limited in the licensing of our applications. Disclosing our proprietary source code could allow our competitors to create similar products with lower development effort and time and ultimately could result in a loss of sales for us. Disclosing the source code of our proprietary software could also make it easier for cyber attackers and other third parties to discover vulnerabilities in or to defeat the protections of our products, which could result in our products failing to provide our customers with the security they expect. Any of these events could have a material adverse effect on our business, operating results and financial condition.

        We therefore could also be subject to claims alleging that we have not complied with the restrictions or limitations of the applicable open source software license terms. In that event, we could incur significant legal expenses, be subject to significant damages, be enjoined from further sale and distribution of our products or solutions that use the open source software, be required to pay a license fee, be forced to

36


Table of Contents

reengineer our products and solutions or be required to comply with the foregoing conditions of the open source software licenses (including the release of the source code to our proprietary software), any of which could adversely affect our business. Even if these claims do not result in litigation or are resolved in our favor or without significant cash settlements, the time and resources necessary to resolve them could harm our business, results of operations, financial condition and reputation.

Our sales cycles can be long and unpredictable, and our sales efforts require considerable time and expense. As a result, our sales and revenue are difficult to predict and may vary substantially from period to period, which may cause our results of operations to fluctuate significantly.

        Our results of operations may fluctuate, in part, because of the resource intensive nature of our sales efforts, the length and variability of our sales cycle and the short-term difficulty in adjusting our operating expenses. Our results of operations depend in part on sales to large organizations. The length of our sales cycle, from proof of concept to delivery of and payment for our platform, is typically three to nine months but can be more than a year for large enterprise customers. To the extent our competitors develop solutions that our prospective customers view as equivalent to ours, our average sales cycle may increase. Because the length of time required to close a sale varies substantially from customer to customer, it is difficult to predict exactly when, or even if, we will make a sale with a potential customer. As a result, large individual sales have, in some cases, occurred in quarters subsequent to those we anticipated, or have not occurred at all. The loss or delay of one or more large transactions in a quarter could impact our results of operations for that quarter and any future quarters for which revenue from that transaction is delayed. As a result of these factors, it is difficult for us to forecast our revenue accurately in any quarter. Because a substantial portion of our expenses are relatively fixed in the short term, our results of operations will suffer if our revenue falls below our or analysts' expectations in a particular quarter, which could cause the price of our common stock to decline.

A portion of our revenue is generated by sales to government entities, which are subject to a number of challenges and risks.

        Selling to government entities can be highly competitive, expensive and time-consuming, and often requires significant upfront time and expense without any assurance that we will win a sale. Government demand and payment for our solutions may also be impacted by changes in fiscal or contracting policies, changes in government programs or applicable requirements, the adoption of new laws or regulations or changes to existing laws or regulations, public sector budgetary cycles and funding authorizations, with funding reductions or delays adversely affecting public sector demand for our solutions. Government entities also have heightened sensitivity surrounding the purchase of cyber security products due to the critical importance of their IT infrastructures, the nature of the information contained within those infrastructures and the fact that they are highly visible targets for cyber attacks. Accordingly, increasing sales of our products to government entities may be more challenging than selling to commercial organizations, especially given extensive certification, clearance and security requirements. Government agencies may have statutory, contractual or other legal rights to terminate contracts with us or channel partners. Further, in the course of providing our solutions to government entities, our employees and those of our channel partners may be exposed to sensitive government information. Any failure by us or our channel partners to safeguard and maintain the confidentiality of such information could subject us to liability and reputational harm, which could materially and adversely affect our results of operations and financial performance. Governments routinely investigate and audit government contractors' administrative processes, and any unfavorable audit may cause the government to shift away from our solutions and may result in a reduction of revenue, fines or civil or criminal liability if the audit uncovers improper or illegal activities, which could adversely impact our results or operations.

37


Table of Contents

Our efforts to expand our international sales and operations may increasingly expose us to fluctuations in currency exchange rates, which could negatively affect our financial condition and results of operations.

        Our reporting currency is the U.S. dollar, and we generate a substantial majority of our revenue and expenses in U.S. dollars. For the year ended December 31, 2017, approximately 5% of our revenue was generated in foreign currencies from customers located outside of the United States. Additionally, for the year ended December 31, 2017, we incurred approximately 9% of our expenses outside of the United States in foreign currencies, primarily the British pound, principally with respect to salaries and related personnel expenses associated with our sales operations. The exchange rate between the U.S. dollar and foreign currencies has fluctuated substantially in recent years and may continue to fluctuate substantially in the future. Accordingly, as we continue with our anticipated international expansion, changes in exchange rates may have an increasingly adverse effect on our business, operating results and financial condition. To date, we have not engaged in any hedging strategies, and any such strategies, such as forward contracts, options and foreign exchange swaps related to transaction exposures that we may implement to mitigate this risk may not eliminate our exposure to foreign exchange fluctuations.

Changes in or interpretations of financial accounting standards may cause an adverse impact to our reported results of operations.

        We prepare our consolidated financial statements in conformity with generally accepted accounting principles in the United States, or GAAP. These principles are subject to interpretation by the Securities and Exchange Commission, or SEC, and various bodies formed to interpret and create appropriate accounting standards. It is possible that future requirements, including the released guidance related to revenue recognition (ASU 2014-09, Revenue from Contracts with Customers: Topic 606) described below, could change our current application of GAAP, resulting in a material adverse impact on our reported results of operations or financial position, and may even affect our reporting of transactions completed before the change is effective. New accounting pronouncements and varying interpretations of accounting pronouncements have occurred and may occur in the future. Changes to existing rules or the questioning of current practices may harm our operating results or the way we conduct our business.

        In May 2014, the Financial Accounting Standards Board issued ASU 2014-09, Revenue from Contracts with Customers: Topic 606, or ASC 606, to supersede nearly all existing revenue recognition guidance under GAAP. Effective January 1, 2018, we will be required to adopt ASC 606. We are currently evaluating the impact that adoption of ASC 606 will have on our consolidated financial statements. We plan to adopt ASC 606 as of January 1, 2018 on a full retrospective basis, which will result in us recasting prior year consolidated financial statements to reflect the provisions of the new standard. While our assessment is preliminary, we have reached some conclusions on key accounting assessments related to the impact of the new standard, which are described in Note 21 to our consolidated financial statements appearing at the end of this prospectus.

We may require additional capital to support business growth, and this capital might not be available on acceptable terms, if at all.

        We intend to continue to make investments to support our business growth and may require additional funds to respond to business challenges, including the need to develop new features or enhance our products, improve our operating infrastructure or acquire complementary businesses and technologies. Accordingly, we may need to engage in equity or debt financings to secure additional funds. If we raise additional funds through future issuances of equity or convertible debt securities, our existing stockholders could suffer significant dilution, and any new equity securities we issue could have rights, preferences and privileges superior to those of holders of our common stock. Any debt financing that we may secure in the future could involve restrictive covenants relating to our capital raising activities and other financial and operational matters, which may make it more difficult for us to obtain additional capital and to pursue business opportunities, including potential acquisitions. We may not be able to obtain additional financing on terms favorable to us, if at all. If we are unable to obtain adequate financing or financing on terms

38


Table of Contents

satisfactory to us when we require it, our ability to continue to support our business growth and to respond to business challenges could be significantly impaired, and our business may be adversely affected.

Our existing credit agreement contains operating and financial covenants that may adversely impact our business and the failure to comply with such covenants could prevent us from borrowing funds and could cause any outstanding debt to become immediately payable.

        We are a party to a line of credit with Silicon Valley Bank. Borrowings under this line of credit are secured by substantially all of our assets, excluding certain intellectual property rights. We are also subject to various financial reporting requirements and financial covenants under the line of credit, including maintaining specified liquidity measurements. In addition, there are negative covenants restricting our activities, including limitations on dispositions, mergers or acquisitions; encumbering intellectual property; incurring indebtedness or liens; paying dividends and redeeming or repurchasing capital stock; making certain investments; and engaging in certain other business transactions. The obligations under the line of credit are subject to acceleration upon the occurrence of specified events of default, including a material adverse change in our business, operations or financial or other condition. These restrictions and covenants, as well as those contained in any future financing agreements that we may enter into, may restrict our ability to finance our operations and to engage in, expand or otherwise pursue our business activities and strategies. Our ability to comply with these covenants may be affected by events beyond our control, and breaches of these covenants could result in a default under the credit agreement and any future financial agreements that we may enter into. If not waived, defaults could cause our outstanding indebtedness under our credit agreement and any future financing agreements that we may enter into to become immediately due and payable. See the information under the heading "Management's Discussion and Analysis of Financial Condition and Results of Operations—Liquidity and Capital Resources—Sources of Funds" for a more detailed description of our credit agreement.

Our business is subject to the risks of earthquakes, fire, power outages, floods and other catastrophic events, and to interruption by manmade problems such as terrorism.

        A significant natural disaster, such as an earthquake, fire or a flood, or a significant power outage could have a material adverse impact on our business, operating results and financial condition. In addition, natural disasters could affect our channel partners' ability to perform services for us on a timely basis. In the event we or our channel partners are hindered by any of the events discussed above, our ability to provide our products to customers could be delayed.

        In addition, our facilities and those of our third-party data centers and hosting providers are vulnerable to damage or interruption from human error, intentional bad acts, pandemics, earthquakes, hurricanes, floods, fires, war, terrorist attacks, power losses, hardware failures, systems failures, telecommunications failures and similar events. The occurrence of a natural disaster, power failure or an act of terrorism, vandalism or other misconduct, a decision by a third party to close a facility on which we rely without adequate notice, or other unanticipated problems could result in lengthy interruptions in provision or delivery of our products, potentially leaving our customers vulnerable to cyber attacks. The occurrence of any of the foregoing events could damage our systems and hardware or could cause them to fail completely, and our insurance may not cover such events or may be insufficient to compensate us for the potentially significant losses, including the potential harm to the future growth of our business, that may result from interruptions in our platform as a result of system failures.

        All of the aforementioned risks may be exacerbated if the disaster recovery plans for us and our third-party data centers and hosting providers prove to be inadequate. To the extent that any of the above results in delayed or reduced customer sales, our business, financial condition and results of operations could be adversely affected.

39


Table of Contents

Risks Related to Government Regulation, Data Collection, Intellectual Property and Litigation

Failure to comply with governmental laws and regulations could harm our business.

        Our business is subject to regulation by various federal, state, local and foreign governments. In certain jurisdictions, these regulatory requirements may be more stringent than those in the United States. Noncompliance with applicable regulations or requirements could subject us to investigations, sanctions, mandatory product recalls, enforcement actions, disgorgement of profits, fines, damages, civil and criminal penalties, injunctions or other collateral consequences. If any governmental sanctions are imposed, or if we do not prevail in any possible civil or criminal litigation, our business, results of operations and financial condition could be materially adversely affected. In addition, responding to any action will likely result in a significant diversion of management's attention and resources and an increase in professional fees. Enforcement actions and sanctions could harm our business, reputation, results of operations and financial condition.

We are subject to governmental export controls and economic sanctions regulations that could impair our ability to compete in international markets and/or subject us to liability if we are not in compliance with applicable laws.

        Like other U.S.-origin cyber security products, our products are subject to U.S. export control laws and regulations, including the U.S. Export Administration Regulations and various economic and trade sanctions regulations administered by the U.S. Treasury Department's Office of Foreign Assets Control. Exports of these products must be made in compliance with these laws and regulations. If we fail to comply with these laws and regulations, we and certain of our employees could be subject to substantial civil and criminal penalties, including fines for our company and responsible employees or managers, and, in extreme cases, incarceration of responsible employees and managers and the possible loss of export privileges. Complying with export control laws and regulations, including obtaining the necessary licenses or authorizations, for a particular sale may be time-consuming, is not guaranteed and may result in the delay or loss of sales opportunities. Changes in export or sanctions laws and regulations, shifts in the enforcement or scope of existing laws and regulations, or changes in the countries, governments, persons or products targeted by such laws and regulations, could also result in decreased use of our products by, or in our decreased ability to export or sell our products to, existing or potential customers. A decreased use of our products or limitation on our ability to export or sell our products could adversely affect our business, financial condition and results of operations.

        Further, our products incorporate encryption technology. These encryption products may be exported outside of the United States only with the required export authorizations, including by a license, a license exception or other appropriate government authorizations; such items may also be subject to certain regulatory reporting requirements. Further, U.S. export control laws and economic sanctions prohibit the shipment or provision of certain products to U.S.-embargoed or sanctioned countries, governments or persons as well as the exposure of software code to nationals of embargoed countries. Although we take precautions to prevent our products from being provided or exposed to those subject to U.S. sanctions, such measures may be circumvented or inadvertently violated.

        In addition, various countries regulate the import and domestic use of certain encryption technology, including through import permitting and licensing requirements, and have enacted laws that could limit our customers' ability to implement our products in those countries.

        Multinational efforts are currently underway as part of the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies, or the Wassenaar Arrangement, to impose additional restrictions on certain cyber security products. To implement the controls under the Wassenaar Arrangement in the United States, on May 20, 2015, the U.S. Department of Commerce's Bureau of Industry and Security, or BIS, published a proposed rule for public comment that would amend the Export Administration Regulations with regard to exports, reexports and transfers (in-country) of specified intrusion software, surveillance items and related software and technology. Under the proposed rule, intrusion software and surveillance items were defined broadly and would have established an export

40


Table of Contents

license requirement for all countries other than the United States and Canada for many commercially available penetration testing and network monitoring products. The proposed rule was ultimately withdrawn due to wide public objection, and the United States has agreed to renegotiate the breath of the language under the Wassenaar Arrangement. Should the United States adopt an onerous policy, this could affect our business and could result in loss of potential market in certain countries, increased administrative costs and delays or loss of sales opportunities.

Failure to comply with applicable anti-corruption legislation could result in fines, criminal penalties and materially adversely affect our business, financial condition and results of operations.

        We are required to comply with anti-corruption and anti-bribery laws in the jurisdictions in which we operate, including the Foreign Corrupt Practices Act, or FCPA, in the United States, the UK Bribery Act, or the Bribery Act, and other similar laws in other countries in which we do business. As a result of doing business in foreign countries, including through channel partners and agents, we will be exposed to a risk of violating anti-corruption laws. Some of the international locations in which we will operate have developing legal systems and may have higher levels of corruption than more developed nations. The FCPA prohibits providing anything of value to foreign officials for the purposes of obtaining or retaining business or securing any improper business advantage. We may deal with both governments and state-owned business enterprises, the employees of which are considered foreign officials for purposes of the FCPA. The provisions of the Bribery Act extend beyond bribery of foreign public officials and are more onerous than the FCPA in a number of other respects, including jurisdiction, non-exemption of facilitation payments and penalties.

        Although we have adopted policies and procedures designed to ensure that we, our employees and third-party agents will comply with such laws, there can be no assurance that such policies or procedures will work effectively at all times or protect us against liability under these or other laws for actions taken by our employees, channel partners and other third parties with respect to our business. If we are not in compliance with anti-corruption laws and other laws governing the conduct of business with government entities and/or officials (including local laws), we may be subject to criminal and civil penalties and other remedial measures, which could harm our business, financial condition, results of operations, cash flows and prospects. In addition, investigations of any actual or alleged violations of such laws or policies related to us could harm our business, financial condition, results of operations, cash flows and prospects.

Because our products may collect and store user and related information, domestic and international privacy and cyber security concerns, and other laws and regulations, could result in additional costs and liabilities to us or inhibit sales of our products.

        We, our channel partners and our customers are subject to a number of domestic and international laws and regulations that apply to online services and the internet generally. These laws, rules and regulations address a range of issues including data privacy and cyber security, breach notification and restrictions or technological requirements regarding the collection, use, storage, protection, retention or transfer of data. The regulatory framework for online services, data privacy and cyber security issues worldwide can vary substantially from jurisdiction to jurisdiction, is rapidly evolving and is likely to remain uncertain for the foreseeable future. Many federal, state and foreign government bodies and agencies have adopted or are considering adopting laws, rules and regulations regarding the collection, use, storage and disclosure of information, web browsing and geolocation data collection, data analytics, cyber security and breach response and notification procedures. Interpretation of these laws, rules and regulations and their application to our products in the United States and foreign jurisdictions is ongoing and cannot be fully determined at this time.

        In the United States, these include rules and regulations promulgated under the authority of the Federal Trade Commission, the Electronic Communications Privacy Act, Computer Fraud and Abuse Act, HIPAA, the Gramm Leach Bliley Act and state breach notification laws, other state laws and regulations

41


Table of Contents

applicable to privacy and data security, as well as regulator enforcement positions and expectations reflected in federal and state regulatory actions, settlements, consent decrees and guidance documents.

        Internationally, virtually every jurisdiction in which we operate and have customers and/or have prospective customers to which we market has established its own data security and privacy legal frameworks with which we, our channel partners or our customers must comply. Further, many federal, state and foreign government bodies and agencies have introduced, and are currently considering, additional laws and regulations. If passed, we will likely incur additional expenses and costs associated with complying with such laws, as well as face heightened potential liability if we are unable to comply with these laws.

        Laws in the European Economic Area, or EEA, regulate transfers of EU personal data to third countries, such as the United States, that have not been found to provide adequate protection to such personal data. We have in the past relied upon adherence to the U.S. Department of Commerce's U.S.-EU Safe Harbor Framework which established a means for legitimating the transfer of personal data from the EEA to the United States. However, the Court of Justice of the European Union invalidated the U.S.-EU Safe Harbor Framework in October 2015 and, in February 2016, EU and U.S. negotiators agreed to a new framework, the EU-U.S. Privacy Shield, which came into effect in July 2016. However, there are recent regulatory concerns about this framework, as well as litigation challenging other EU mechanisms for adequate data transfer (i.e., the standard contractual clauses). We are currently in the process of certifying under the EU-U.S. Privacy Shield, and rely on a mixture of mechanisms to transfer EU personal data to the United States. We could be impacted by changes in law as a result of the current challenges to these mechanisms by regulators and in the European courts which may lead to governmental enforcement actions, litigation, fines and penalties or adverse publicity, which could have an adverse effect on our reputation and business.

        On April 27, 2016, the European Union adopted the General Data Protection Regulation 2016/679, or GDPR, that will take effect on May 25, 2018 replacing the current data protection laws of each EU member state. The GDPR applies to any company established in the EU as well as to those outside the EU if they collect and use personal data in connection with the offering of goods or services to individuals in the EU or the monitoring of their behavior (for example, through email monitoring). The GDPR enhances data protection obligations for processors and controllers of personal data, including, for example, expanded disclosures about how personal information is to be used, limitations on retention of information, mandatory data breach notification requirements and onerous new obligations on services providers. Non-compliance with the GDPR can trigger steep fines of up to €20 million or 4% of total worldwide annual turnover, whichever is higher. Given the breadth and depth of changes in data protection obligations, preparing to meet the GDPR's requirements before its application on May 25, 2018 requires time, resources and a review of the technology and systems currently in use against the GDPR's requirements. We have engaged a third party to assist us in undertaking a data protection review, and are in the process of implementing remedial changes towards GDPR compliance. Separate EU laws and regulations (and member states' implementations thereof) govern the protection of consumers and of electronic communications and these are also evolving. For instance, the current European laws that cover the use of cookies and similar technology and marketing online or by electronic means are under reform. A draft of the new ePrivacy Regulation extends the strict opt-in marketing rules with limited exceptions to business-to-business communications, alters rules on third-party cookies, web beacons and similar technology and significantly increases penalties. We cannot yet determine the impact such future laws, regulations, and standards may have on our business. Such laws and regulations are often subject to differing interpretations and may be inconsistent among jurisdictions. We may incur substantial expense in complying with the new obligations to be imposed by the GDPR and we may be required to make significant changes in our business operations and product and services development, all of which may adversely affect our revenues and our business.

42


Table of Contents

        We and our customers are at risk of enforcement actions taken by certain EU data protection authorities until such point in time that we may be able to ensure that all transfers of personal data to us from the EEA are conducted in compliance with all applicable regulatory obligations, the guidance of data protection authorities and evolving best practices. We may find it necessary to establish systems to maintain personal data originating from the EU in the EEA, which may involve substantial expense and may cause us to need to divert resources from other aspects of our business, all of which may adversely affect our business.

        Because the interpretation and application of privacy and data protection laws are still uncertain, it is possible that these laws may be interpreted and applied in a manner that is inconsistent with our existing practices or the features of our products. We may also be subject to claims of liability or responsibility for the actions of third parties with whom we interact or upon whom we rely in relation to various products, including but not limited to vendors and business partners. If so, in addition to the possibility of fines, lawsuits and other claims, we could be required to fundamentally change our business activities and practices or modify our products, which could have an adverse effect on our business. Any inability to adequately address privacy and/or data concerns, even if unfounded, or comply with applicable privacy or data protection laws, regulations and policies, could result in additional cost and liability to us, damage our reputation, inhibit sales and adversely affect our business.

        The costs of compliance with, and other burdens imposed by, the laws, rules, regulations and policies that are applicable to the businesses of our customers may limit the use and adoption of, and reduce the overall demand for, our software. Even the perception of privacy concerns, whether or not valid, may harm our reputation, inhibit adoption of our products by current and future customers, or adversely impact our ability to attract and retain workforce talent. Our failure to comply with applicable laws and regulations, or to protect such data, could result in enforcement action against us, including fines, imprisonment of company officials and public censure, claims for damages by customers and other affected individuals, damage to our reputation and loss of goodwill (both in relation to existing customers and prospective customers), any of which could have a material adverse effect on our operations, financial performance and business.

Our intellectual property rights are valuable and any inability to protect our proprietary technology and intellectual property rights could substantially harm our business and operating results.

        Our future success and competitive position depend in part on our ability to protect our intellectual property and proprietary technologies. To safeguard these rights, we rely on a combination of patent, trademark, copyright and trade secret laws and contractual protections in the United States and other jurisdictions, all of which provide only limited protection and may not now or in the future provide us with a competitive advantage. We maintain a program of identifying technology appropriate for patent protection. Our practice is to require employees and consultants to execute non-disclosure and proprietary rights agreements upon commencement of employment or consulting arrangements. These agreements acknowledge our exclusive ownership of all intellectual property developed by the individuals during their work for us and require that all proprietary information disclosed will remain confidential. Such agreements may not be enforceable in full or in part in all jurisdictions and any breach could have a negative effect on our business and our remedy for such breach may be limited.

        We have approximately 20 U.S. patents and patent applications relating to our products. We cannot be certain that any patents will issue from any patent applications, that patents that issue from such applications will give us the protection that we seek or that any such patents will not be challenged, invalidated, or circumvented. Any patents that may issue in the future from our pending or future patent applications may not provide sufficiently broad protection and may not be enforceable in actions against alleged infringers. We have registered the "Carbon Black," "Arm Your Endpoints" and "Bit9" names and logos in the United States and certain other countries. We have registrations and/or pending applications for additional marks in the United States and other countries, including the "Predictive Security Cloud";

43


Table of Contents

however, we cannot be certain that any future trademark registrations will be issued for pending or future applications or that any registered trademarks will be enforceable or provide adequate protection of our proprietary rights. We also license software from third parties for integration into our products, including open source software and other software available on commercially reasonable terms. We cannot be certain that such third parties will maintain such software or continue to make it available.

        In order to protect our unpatented proprietary technologies and processes, we rely on trade secret laws and confidentiality agreements with our employees, consultants, channel partners, vendors and others. Despite our efforts to protect our proprietary technology and trade secrets, unauthorized parties may attempt to misappropriate, reverse engineer or otherwise obtain and use them. In addition, others may independently discover our trade secrets, in which case we would not be able to assert trade secret rights, or develop similar technologies and processes. Further, the contractual provisions that we enter into may not prevent unauthorized use or disclosure of our proprietary technology or intellectual property rights and may not provide an adequate remedy in the event of unauthorized use or disclosure of our proprietary technology or intellectual property rights. Moreover, policing unauthorized use of our technologies, trade secrets and intellectual property is difficult, expensive and time-consuming, particularly in foreign countries where the laws may not be as protective of intellectual property rights as those in the United States and where mechanisms for enforcement of intellectual property rights may be weak. We may be unable to determine the extent of any unauthorized use or infringement of our products, technologies or intellectual property rights.

        From time to time, legal action by us may be necessary to enforce our patents and other intellectual property rights, to protect our trade secrets, to determine the validity and scope of the intellectual property rights of others or to defend against claims of infringement or invalidity. Such litigation could result in substantial costs and diversion of resources and could negatively affect our business, operating results and financial condition.

Assertions by third parties of infringement or other violations by us of their intellectual property rights, whether or not correct, could result in significant costs and harm our business and operating results.

        Patent and other intellectual property disputes are common in our industry. Some companies, including some of our competitors, some of whom have substantially more resources and have been developing relevant technologies for much longer than us, own large numbers of patents, copyrights and trademarks, which they may use to assert claims against us. Third parties have in the past and may in the future assert claims of infringement, misappropriation or other violations of intellectual property rights against us. They may also assert such claims against our customers or channel partners, whom we typically indemnify against claims that our products infringe, misappropriate or otherwise violate the intellectual property rights of third parties. If we do infringe a third party's rights and are unable to provide a sufficient workaround, we may need to negotiate with holders of those rights to obtain a license to those rights or otherwise settle any infringement claim as a party that makes a claim of infringement against us may obtain an injunction preventing us from shipping products containing the allegedly infringing technology. As the number of products and competitors in our market increase and overlaps occur, claims of infringement, misappropriation and other violations of intellectual property rights may increase. Any claim of infringement, misappropriation or other violation of intellectual property rights by a third party, even those without merit, could cause us to incur substantial costs defending against the claim and could distract our management from our business. For example, on April 6, 2018, we agreed to pay $3.9 million pursuant to a settlement agreement with a non-practicing entity that claimed we infringed upon certain patents held by such entity. See Note 21 to our consolidated financial statements appearing at the end of this prospectus.

        The patent portfolios of our most significant competitors are larger than ours. This disparity may increase the risk that they may sue us for patent infringement and may limit our ability to counterclaim for patent infringement or settle through patent cross-licenses. In addition, future assertions of patent rights by third parties, and any resulting litigation, may involve patent holding companies or other adverse patent

44


Table of Contents

owners who have no relevant product revenues and against whom our own patents may therefore provide little or no deterrence or protection. There can be no assurance that we will not be found to infringe or otherwise violate any third-party intellectual property rights or to have done so in the past.

        An adverse outcome of a dispute may require us to:

    pay substantial damages, including treble damages, if we are found to have willfully infringed a third party's patents or copyrights;

    cease making, licensing or using products that are alleged to infringe or misappropriate the intellectual property of others;

    expend additional development resources to attempt to redesign our products or otherwise develop non-infringing technology, which may not be successful;

    enter into potentially unfavorable royalty or license agreements to obtain the right to use necessary technologies or intellectual property rights;

    take legal action or initiate administrative proceedings to challenge the validity and scope of the third-party rights or to defend against any allegations of infringement; and

    indemnify our partners and other third parties.

        In addition, royalty or licensing agreements, if required or desirable, may be unavailable on terms acceptable to us, or at all, and may require significant royalty payments and other expenditures. Some licenses may also be non-exclusive, and therefore our competitors may have access to the same technology licensed to us. Any of the foregoing events could seriously harm our business, financial condition and results of operations.

Confidentiality arrangements with employees and others may not adequately prevent disclosure of trade secrets and other proprietary information.

        We have devoted substantial resources to the development of our technology, business operations and business plans. In order to protect our trade secrets and proprietary information, we rely in significant part on confidentiality arrangements with our employees, licensees, independent contractors, advisors, channel partners and customers. These arrangements may not be effective to prevent disclosure of confidential information, including trade secrets, and may not provide an adequate remedy in the event of unauthorized disclosure of confidential information. In addition, if others independently discover trade secrets and proprietary information, we would not be able to assert trade secret rights against such parties. Effective trade secret protection may not be available in every country in which our products are available or where we have employees or independent contractors. The loss of trade secret protection could make it easier for third parties to compete with our products by copying functionality. In addition, any changes in, or unexpected interpretations of, the trade secret and employment laws in any country in which we operate may compromise our ability to enforce our trade secret and intellectual property rights. Costly and time-consuming litigation could be necessary to enforce and determine the scope of our proprietary rights, and failure to obtain or maintain trade secret protection could adversely affect our competitive business position.

We may be subject to damages resulting from claims that our employees or contractors have wrongfully used or disclosed alleged trade secrets of their former employers or other parties.

        We could in the future be subject to claims that employees or contractors, or we, have inadvertently or otherwise used or disclosed trade secrets or other proprietary information of our competitors or other parties. Litigation may be necessary to defend against these claims. If we fail in defending against such claims, a court could order us to pay substantial damages and prohibit us from using technologies or features that are essential to our products, if such technologies or features are found to incorporate or be derived from the trade secrets or other proprietary information of these parties. In addition, we may lose

45


Table of Contents

valuable intellectual property rights or personnel. A loss of key personnel or their work product could hamper or prevent our ability to develop, market and support potential products or enhancements, which could severely harm our business. Even if we are successful in defending against these claims, such litigation could result in substantial costs and be a distraction to management.

Our operating results may be harmed if we are required to collect sales and use or other related taxes for our products in jurisdictions where we have not historically done so.

        Taxing jurisdictions, including state, local and foreign taxing authorities, have differing rules and regulations governing sales and use or other taxes, and these rules and regulations are subject to varying interpretations that may change over time. In particular, significant judgment is required in evaluating our tax positions and our worldwide provision for taxes. While we believe that we are in material compliance with our obligations under applicable taxing regimes, one or more states, localities or countries may seek to impose additional sales or other tax collection obligations on us, including for past sales by us or our channel partners. It is possible that we could face sales tax audits and that such audits could result in tax-related liabilities for which we have not accrued. A successful assertion that we should be collecting additional sales or other taxes on our products in jurisdictions where we have not historically done so and do not accrue for sales taxes could result in substantial tax liabilities for past sales, discourage customers from purchasing our products or otherwise harm our business and operating results.

        In addition, our tax obligations and effective tax rates could be adversely affected by changes in the relevant tax, accounting and other laws, regulations, principles and interpretations, including those relating to income tax nexus, by recognizing tax losses or lower than anticipated earnings in jurisdictions where we have lower statutory rates and higher than anticipated earnings in jurisdictions where we have higher statutory rates, by changes in foreign currency exchange rates, or by changes in the valuation of our deferred tax assets and liabilities. Although we believe our tax estimates are reasonable, the final determination of any tax audits or litigation could be materially different from our historical tax provisions and accruals, which could have a material adverse effect on our operating results or cash flows in the period or periods for which a determination is made.

Comprehensive tax reform legislation could adversely affect our business and financial condition.

        The U.S. government has recently enacted comprehensive tax legislation that includes significant changes to the taxation of business entities, referenced herein as the Tax Reform Act. These changes include, among others, a permanent reduction to the corporate income tax rate, limiting interest deductions, adopting elements of a territorial tax system, assessing a repatriation tax or "toll-charge" on undistributed earnings and profits of U.S.-owned foreign corporations, and introducing certain anti-base erosion provisions. The overall impact of this tax reform is uncertain, and our business and financial condition, including with respect to our non-U.S. operations, could be adversely affected. The overall impact of the Tax Reform Act on stockholders is uncertain, and this prospectus does not address, other than as expressly addressed herein, the manner in which it may affect purchasers of our common stock. We urge investors to consult with their legal and tax advisors with respect to any such legislation and the potential tax consequences of investing in our common shares.

We may not be able to utilize a significant portion of our net operating loss carryforwards and research and development tax credit carryforwards.

        As of December 31, 2017, we had federal and state net operating loss carryforwards of $231.0 million and $153.8 million, respectively, which if not utilized will begin to expire in 2023 and 2018, respectively, and federal and state research and development tax credit carryforwards of $4.2 million and $2.4 million, respectively, which if not utilized will begin to expire in 2026 and 2021, respectively. These net operating loss and tax credit carryforwards could expire unused and be unavailable to offset our future income tax liabilities. In addition, under Section 382 of the Internal Revenue Code of 1986, as amended, or the Code, and corresponding provisions of state law, if a corporation undergoes an "ownership change," which is

46


Table of Contents

generally defined as a greater than 50% change, by value, in its equity ownership over a three-year period, the corporation's ability to use its pre-change net operating loss carryforwards and other pre-change tax attributes to offset its post-change income may be limited. We have not determined if we have experienced Section 382 ownership changes in the past and if a portion of our net operating loss and tax credit carryforwards is subject to an annual limitation under Section 382. In addition, we may experience ownership changes in the future as a result of subsequent shifts in our stock ownership, including this offering, some of which may be outside of our control. If we determine that an ownership change has occurred and our ability to use our historical net operating loss and tax credit carryforwards is materially limited, it would harm our future operating results by effectively increasing our future tax obligations.

Risk Related to Our Common Stock and this Offering

Our stock price may be volatile, and you may lose some or all of your investment.

        The initial public offering price for the shares of our common stock will be determined by negotiations between us and the representatives of the underwriters and may not be indicative of the market price of our common stock following this offering. The market price of our common stock may be highly volatile and may fluctuate substantially as a result of a variety of factors, some of which are related in complex ways, including:

    actual or anticipated fluctuations in our financial condition and operating results;

    variance in our financial performance from expectations of securities analysts;

    changes in the prices of our products;

    changes in our projected operating and financial results;

    changes in laws or regulations applicable to our products;

    announcements by us or our competitors of significant business developments, acquisitions or new products;

    our involvement in any litigation;

    our sale of our common stock or other securities in the future;

    changes in senior management or key personnel;

    trading volume of our common stock;

    changes in the anticipated future size and growth rate of our market; and

    general economic, regulatory and market conditions.

        The stock markets are subject to extreme price and volume fluctuations that have affected and continue to affect the market prices of equity securities of many companies. These fluctuations have often been unrelated or disproportionate to the operating performance of those companies. Broad market and industry fluctuations, as well as general economic, political, regulatory and market conditions, may negatively impact the market price of our common stock. If the market price of our common stock after this offering does not exceed the initial public offering price, you may lose some or all of your investment. In the past, companies that have experienced volatility in the market price of their securities have been subject to securities class action litigation. We may be the target of this type of litigation in the future, which could result in substantial costs and divert our management's attention.

No public market for our common stock currently exists, and an active public trading market may not develop or be sustained following this offering.

        No public market for our common stock currently exists. An active public trading market may not develop following the completion of this offering or, if developed, may not be sustained. The lack of an active market may impair your ability to sell your shares at the time you wish to sell them or at a price that

47


Table of Contents

you consider reasonable. The lack of an active market may also reduce the fair value of your shares. An inactive market may also impair our ability to raise capital to continue to fund operations by selling shares and may impair our ability to acquire other companies or technologies by using our shares as consideration.

If securities or industry analysts do not publish research or reports about our business, or publish negative reports about our business, our stock price and trading volume could decline.

        The trading market for our common stock will depend, in part, on the research and reports that securities or industry analysts publish about us or our business. We do not have any control over these analysts. If our financial performance fails to meet analyst estimates or one or more of the analysts who cover us downgrade our shares or change their opinion of our shares, our share price would likely decline. If one or more of these analysts cease coverage of our company or fail to regularly publish reports on us, we could lose visibility in the financial markets, which could cause our share price or trading volume to decline.

The issuance of additional stock in connection with financings, acquisitions, investments, our stock incentive plans or otherwise will dilute all other stockholders.

        Our amended and restated certificate of incorporation, which will become effective upon the closing of this offering, authorizes us to issue up to 500,000,000 shares of common stock and up to 25,000,000 shares of preferred stock with such rights and preferences as may be determined by our board of directors. Subject to compliance with applicable rules and regulations, we may issue our shares of common stock or securities convertible into our common stock from time to time in connection with a financing, acquisition, investment, our stock incentive plans or otherwise. Any such issuance could result in substantial dilution to our existing stockholders and cause the trading price of our common stock to decline.

We do not intend to pay dividends for the foreseeable future and, as a result, your ability to achieve a return on your investment will depend on appreciation in the price of our common stock.

        We have never declared or paid any cash dividends on our common stock and do not intend to pay any cash dividends in the foreseeable future. We anticipate that we will retain all of our future earnings for use in the development of our business and for general corporate purposes. In addition, our ability to pay cash dividends is currently limited by the terms of our credit agreements, and any future credit agreements may contain terms prohibiting or limiting the amount of dividends that may be declared or paid on our common stock. Accordingly, investors must rely on sales of their common stock after price appreciation, which may never occur, as the only way to realize any future gains on their investments.

Concentration of ownership among our directors, executive officers and holders of 5% or more of our outstanding common stock may prevent new investors from influencing significant corporate decisions.

        Following this offering, our directors, executive officers and holders of more than 5% of our common stock, some of whom are represented on our board of directors, together with their affiliates will beneficially own 41.8% of the voting power of our outstanding capital stock. As a result, these stockholders will, immediately following this offering, be able to determine the outcome of matters submitted to our stockholders for approval. Some of these persons or entities may have interests that are different from yours, and this ownership could affect the value of your shares of common stock if, for example, these stockholders elect to delay, defer or prevent a change in corporate control, merger, consolidation, takeover or other business combination. This concentration of ownership may also adversely affect the market price of our common stock.

48


Table of Contents

Our management will have broad discretion over the use of the proceeds we receive in this offering and might not apply the proceeds in ways that increase the value of your investment.

        Our management will have broad discretion to use the net proceeds from this offering, and you will be relying on the judgment of our management regarding the application of these proceeds. Our management might not apply the net proceeds in ways that increase the value of your investment. We currently intend to use a majority of the net proceeds from this offering to invest further in our sales and marketing activities to grow our customer base, to fund our research and development efforts to enhance our technology platform and product functionality, to pay general and administrative expenses and to fund our other growth strategies described elsewhere in this prospectus. We may also use a portion of the net proceeds for the acquisition of complementary businesses, technologies or other assets, although we currently have no agreements, commitments or understandings with respect to any such transactions. Until we use the net proceeds from this offering, we plan to invest them, and these investments may not yield a favorable rate of return. See "Use of Proceeds" for a more detailed description of our intended use of the net proceeds from this offering. If we do not invest or apply the net proceeds from this offering in ways that enhance stockholder value, we may fail to achieve expected financial results, which could cause our stock price to decline.

Future sales of our common stock in the public market could cause our share price to decline.

        After this offering, there will be 65,825,141 shares of our common stock outstanding, assuming no exercise of the underwriters' over-allotment option. Sales of a substantial number of shares of our common stock in the public market after this offering, or the perception that these sales might occur, could depress the market price of our common stock and could impair our ability to raise capital through the sale of additional equity securities. All of the shares sold in this offering will be freely transferable without restrictions or further registration under the Securities Act of 1933, except for any shares acquired by our affiliates, as defined in Rule 144 under the Securities Act. The remaining 57,825,141 shares outstanding after this offering will be restricted as a result of securities laws, lock-up agreements or other contractual restrictions that restrict transfers for 180 days after the date of this prospectus.

        Additionally, following the completion of this offering, stockholders holding approximately 57.8% of our common stock outstanding will, after the expiration of the lock-up periods specified above, have the right, subject to various conditions and limitations, to include their shares of our common stock in registration statements relating to our securities. If the offer and sale of these shares are registered, they will be freely tradable without restriction under the Securities Act. Shares of common stock sold under such registration statements can be freely sold in the public market. In the event such registration rights are exercised and a large number of shares of common stock are sold in the public market, such sales could reduce the trading price of our common stock. See "Description of Capital Stock—Registration Rights" and "Shares Eligible for Future Sale—Lock-Up Agreements" for a more detailed description of these registration rights and the lock-up period.

        We intend to file a registration statement on Form S-8 under the Securities Act to register the total number of shares of our common stock that may be issued under our equity incentive plans. See the information under the heading "Shares Eligible for Future Sale—Registration Statement on Form S-8" for a more detailed description of the shares of common stock that will be available for future sale upon the registration and issuance of such shares, subject to any applicable vesting or lock-up period or other restrictions provided under the terms of the applicable plan and/or the restricted stock unit, or RSU, agreements and option agreements entered into with the RSU and option holders. In addition, in the future we may issue common stock or other securities if we need to raise additional capital. The number of new shares of our common stock issued in connection with raising additional capital could constitute a material portion of the then outstanding shares of our common stock.

49


Table of Contents

If you purchase shares of our common stock in this offering, you will experience substantial and immediate dilution.

        If you purchase shares of our common stock in this offering, you will experience substantial and immediate dilution of $16.84 per share in the pro forma as adjusted net tangible book value per share after giving effect to this offering, based on an assumed public offering price of $18.00 per share, which is the midpoint of the price range set forth on the cover page of this prospectus, because the price that you pay will be substantially greater than the pro forma as adjusted net tangible book value per share of the common stock that you acquire. This dilution is due in large part to the fact that our earlier investors paid substantially less than the initial public offering price when they purchased their shares of our capital stock. In addition, you will experience additional dilution upon exercise of any warrant, upon settlement of RSUs, and upon exercise of options to purchase common stock under our equity incentive plans, if we issue restricted stock to our employees under our equity incentive plans or if we otherwise issue additional shares of our common stock. For a further description of the dilution that you will experience immediately after this offering, see "Dilution."

We are an "emerging growth company" and we cannot be certain if the reduced disclosure requirements applicable to emerging growth companies will make our common stock less attractive to investors.

        We are an "emerging growth company," as defined in the JOBS Act, and we may take advantage of certain exemptions from various reporting requirements that are applicable to other public companies that are not "emerging growth companies" including, but not limited to, the auditor attestation requirements of Section 404 of the Sarbanes-Oxley Act, reduced disclosure obligations regarding executive compensation in our periodic reports and proxy statements, and exemptions from the requirements of holding a non-binding advisory vote on executive compensation and stockholder approval of any golden parachute payments not previously approved. We cannot predict if investors will find our common stock less attractive if we choose to rely on these exemptions. If some investors find our common stock less attractive as a result, there may be a less active trading market for our common stock and our stock price may be more volatile.

We will incur increased costs as a result of operating as a public company, and our management will be required to devote substantial time to compliance with our public company responsibilities and corporate governance practices.

        As a public company, and particularly after we are no longer an "emerging growth company," we will incur significant legal, accounting and other expenses that we did not incur as a private company. The Sarbanes-Oxley Act, the Dodd-Frank Wall Street Reform and Consumer Protection Act, the listing requirements of The Nasdaq Global Select Market and other applicable securities rules and regulations impose various requirements on public companies. Our management and other personnel will need to devote a substantial amount of time to compliance with these requirements. Moreover, these rules and regulations will increase our legal and financial compliance costs and will make some activities more time-consuming and costly. For example, we expect that these rules and regulations may make it more difficult and more expensive for us to obtain directors' and officers' liability insurance, which could make it more difficult for us to attract and retain qualified members of our board of directors. We cannot predict or estimate the amount of additional costs we will incur as a public company or the timing of such costs.

As a result of becoming a public company, we will be obligated to develop and maintain proper and effective internal controls over financial reporting and any failure to maintain the adequacy of these internal controls may adversely affect investor confidence in our company and, as a result, the value of our common stock.

        We will be required, pursuant to Section 404 of the Sarbanes-Oxley Act, or Section 404, to furnish a report by management on, among other things, the effectiveness of our internal control over financial reporting for the first fiscal year beginning after the effective date of this offering. This assessment will need to include disclosure of any material weaknesses identified by our management in our internal control over financial reporting. Our independent registered public accounting firm will not be required to attest to the effectiveness of our internal control over financial reporting until our first annual report

50


Table of Contents

required to be filed with the SEC following the date we are no longer an "emerging growth company," as defined in the JOBS Act. We will be required to disclose significant changes made in our internal control procedures on a quarterly basis.

        We have commenced the costly and challenging process of compiling the system and processing documentation necessary to perform the evaluation needed to comply with Section 404, and we may not be able to complete our evaluation, testing and any required remediation in a timely fashion. Our compliance with Section 404 will require that we incur substantial accounting expense and expend significant management efforts. We currently do not have an internal audit group, and we will need to hire additional accounting and financial staff with appropriate public company experience and technical accounting knowledge and compile the system and process documentation necessary to perform the evaluation needed to comply with Section 404.

        During the evaluation and testing process of our internal controls, if we identify one or more material weaknesses in our internal control over financial reporting, we will be unable to assert that our internal control over financial reporting is effective. We cannot be certain that there will not be material weaknesses or significant deficiencies in our internal control over financial reporting in the future. Any failure to maintain internal control over financial reporting could severely inhibit our ability to accurately report our financial condition or results of operations. If we are unable to conclude that our internal control over financial reporting is effective, or if our independent registered public accounting firm determines we have a material weakness or significant deficiency in our internal control over financial reporting, we could lose investor confidence in the accuracy and completeness of our financial reports, the market price of our common stock could decline, and we could be subject to sanctions or investigations by The Nasdaq Global Select Market, the SEC or other regulatory authorities. Failure to remedy any material weakness in our internal control over financial reporting, or to implement or maintain other effective control systems required of public companies, could also restrict our future access to the capital markets.

Anti-takeover provisions in our charter documents and Delaware law may delay or prevent an acquisition of our company, limit attempts by our stockholders to replace or remove our current management and limit the market price of our common stock.

        Our amended and restated certificate of incorporation, amended and restated bylaws and Delaware law contain provisions that may have the effect of delaying or preventing a change in control of us or changes in our management. Our amended and restated certificate of incorporation and amended and restated bylaws, which will become effective upon the closing of this offering, include provisions that:

    authorize "blank check" preferred stock, which could be issued by our board of directors without stockholder approval and may contain voting, liquidation, dividend and other rights superior to our common stock;

    provide for a classified board of directors whose members serve staggered three-year terms;

    specify that special meetings of our stockholders can be called only by a majority of the members of our board of directors then in office and only those matters set forth in the notice of the special meeting may be considered or acted upon at a special meeting of stockholders;

    prohibit stockholder action by written consent;

    establish an advance notice procedure for stockholder proposals to be brought before an annual meeting of our stockholders, including proposed nominations of persons for election to our board of directors;

    provide that our directors may be removed only for cause;

    provide that vacancies on our board of directors may be filled only by a majority of directors then in office, even though less than a quorum;

    specify that no stockholder is permitted to cumulate votes at any election of directors;

51


Table of Contents

    authorize our board of directors to modify, alter or repeal our amended and restated bylaws; and

    require supermajority votes of the holders of our common stock to amend specified provisions of our charter documents.

        These provisions, alone or together, could delay or prevent hostile takeovers and changes in control or changes in our management.

        In addition, because we are incorporated in Delaware, we are governed by the provisions of Section 203 of the Delaware General Corporation Law, which limits the ability of stockholders owning in excess of 15% of our outstanding voting stock to merge or combine with us in certain circumstances.

        Any provision of our amended and restated certificate of incorporation, amended and restated bylaws or Delaware law that has the effect of delaying or deterring a change in control could limit the opportunity for our stockholders to receive a premium for their shares of our common stock, and could also affect the price that some investors are willing to pay for our common stock.

Our amended and restated bylaws will designate the Court of Chancery of the State of Delaware or the United States District Court for the District of Massachusetts as the exclusive forum for certain litigation that may be initiated by our stockholders, which could limit our stockholders' ability to obtain a favorable judicial forum for disputes with us.

        Pursuant to our amended and restated bylaws, as will be in effect upon the completion of this offering, unless we consent in writing to the selection of an alternative forum, the Court of Chancery of the State of Delaware will be the sole and exclusive forum for (1) any derivative action or proceeding brought on our behalf, (2) any action asserting a claim of or based on a breach of a fiduciary duty owed by any of our current or former directors, officers or other employees to us or our stockholders, (3) any action asserting a claim against us or any of our current or former directors, officers, employees or stockholders arising pursuant to any provision of the Delaware General Corporation Law, our amended and restated bylaws or our amended and restated bylaws or (4) any action asserting a claim governed by the internal affairs doctrine. Our amended and restated bylaws will further provide that the United States District Court for the District of Massachusetts will be the exclusive forum for resolving any complaint asserting a cause of action arising under the Securities Act. In addition, our amended and restated bylaws will provide that any person or entity purchasing or otherwise acquiring any interest in shares of our common stock is deemed to have notice of and consented to the foregoing provisions. We have chosen the United States District Court for the District of Massachusetts as the exclusive forum for such causes of action because our principal executive offices are located in Waltham, Massachusetts. Some companies that have adopted similar federal district court forum selection provisions are currently subject to a suit in the Court of Chancery of the State of Delaware brought by stockholders who assert that the federal district court forum selection provision is not enforceable. We recognize that the federal district court forum selection clause may impose additional litigation costs on stockholders who assert the provision is not enforceable and may impose more general additional litigation costs in pursuing any such claims, particularly if the stockholders do not reside in or near the Commonwealth of Massachusetts. Additionally, the forum selection clauses in our amended and restated bylaws may limit our stockholders' ability to obtain a favorable judicial forum for disputes with us. Alternatively, if the federal district court forum selection provision is found inapplicable to, or unenforceable in respect of, one or more of the specified types of actions or proceedings, we may incur additional costs associated with resolving such matters in other jurisdictions, which could have an adverse effect on our business, financial condition or results of operations. The United States District Court for the District of Massachusetts may also reach different judgments or results than would other courts, including courts where a stockholder considering an action may be located or would otherwise choose to bring the action, and such judgments may be more or less favorable to us than our stockholders.

52


Table of Contents


SPECIAL NOTE REGARDING FORWARD-LOOKING STATEMENTS

        This prospectus contains forward-looking statements that involve substantial risks and uncertainties. All statements, other than statements of historical facts, included in this prospectus regarding our strategy, future operations, future financial position, future revenue, projected costs, prospects, plans, objectives of management and expected market growth are forward-looking statements. The words "anticipate," "believe," "could," "estimate," "expect," "intend," "may," "might," "plan," "predict," "project," "will," "would," or the negative of these words or other similar terms or expressions are intended to identify forward-looking statements, although not all forward-looking statements contain these identifying words. These forward-looking statements include, among other things, statements about:

    the growth in the market for next-generation endpoint security solutions and future cyber security spending;

    changes in the nature and quantity of advanced cyber attacks facing our customers and prospects;

    our predictions about the market transition from legacy antivirus solutions to next-generation endpoint security solutions;

    our ability to acquire new customers, retain customers and grow revenue from existing customers;

    our ability to maintain and expand relationships with our channel and strategic partners;

    our ability to train support personnel;

    our ability to grow our business, both domestically and internationally;

    our ability to continue to innovate and enhance our technology platform and product functionality;

    our ability to acquire complementary businesses, technology and assets;

    the effects of increased competition and our ability to compete effectively;

    our ability to adapt to technological change and effectively enhance, innovate and scale our solutions;

    our ability to maintain, protect and enhance our intellectual property;

    costs associated with defending intellectual property infringement and other claims;

    our ability to effectively manage or sustain our growth and to attain and sustain profitability;

    our ability to diversify our sources of revenue;

    our future financial and operating results, including our revenue, cost of revenue, gross profit or gross margin, operating expenses (including changes in sales and marketing, research and development and general and administrative expenses) and backlog;

    our future revenue, hiring plans, expenses, capital expenditures, capital requirements and stock performance;

    our future products and product features;

    our expectations concerning our customer retention rates;

    our expected use of proceeds;

    our ability to maintain, or strengthen awareness of, our brand;

    perceived or actual security, integrity, reliability, quality or compatibility problems with our solutions, including related to security breaches in our or our customers' systems, unscheduled downtime or outages;

53


Table of Contents

    our ability to attract and retain qualified employees and key personnel and expand our overall headcount;

    our ability to stay abreast of new or modified laws and regulations faced by our customers and that currently apply or become applicable to our business both in the United States and internationally, including laws and regulations related to export compliance; and

    the future trading prices of our common stock and the impact of securities analysts' reports on these prices.

        We might not actually achieve the plans, intentions or expectations disclosed in our forward-looking statements, and you should not place undue reliance on our forward-looking statements. Actual results or events could differ materially from the plans, intentions and expectations disclosed in the forward-looking statements we make. We have included important factors in the cautionary statements included in this prospectus, particularly in the section titled "Risk Factors," which could cause actual results or events to differ materially from the forward-looking statements that we make. New risks and uncertainties emerge from time to time, and it is not possible for us to predict all risks and uncertainties that could have an impact on the forward-looking statements contained in this prospectus.

        You should read this prospectus and the documents that we have filed as exhibits to the registration statement, of which this prospectus is a part, completely and with the understanding that our actual future results may be materially different from what we expect. The forward-looking statements made in this prospectus relate only to events as of the date on which the statements are made. We do not assume any obligation to update any forward-looking statements, whether as a result of new information, future events or otherwise, except as required by law.

54


Table of Contents


MARKET AND INDUSTRY DATA

        This prospectus contains estimates and other statistical data, including those relating to our industry and the market in which we operate, that we have obtained or derived from industry publications and reports, including those listed below. These industry publications and reports generally indicate that they have obtained their information from sources believed to be reliable, but do not guarantee the accuracy and completeness of their information. This information involves a number of assumptions and limitations, and you are cautioned not to give undue weight to these estimates. Based on our industry experience, we believe that the publications and reports are reliable and that the conclusions contained in the publications and reports are reasonable. The industry in which we operate is subject to a high degree of uncertainty and risk due to a variety of factors, including those described in the section titled "Risk Factors." These and other factors could cause our actual results to differ materially from those expressed in the industry publications and reports.

        Certain information in the text of this prospectus is contained in independent industry publications and reports. The source of these independent industry publications is provided below:

    AV-TEST, Security Report 2016/17.

    Enterprise Management Associates, 2017 Next-Generation Endpoint Security Vendor Landscape and Five-Year Market Forecast.

    Forrester Research, The Forrester WaveTM: Managed Security Services Providers, North America, Q3 2016, The 11 Providers That Matter Most And How They Stack Up, August 30, 2016.

    Forrester Research, The Forrester WaveTM: Endpoint Security Suites, Q4 2016, The 15 Providers That Matter Most And How They Stack Up, October 19, 2016.

    International Data Corporation, IDC MarketScape: Worldwide Endpoint Specialized Threat Analysis and Protection 2017 Vendor Assessment, April 2017.

    International Data Corporation, IDC Semiannual Public Cloud Services Tracker, November 17, 2017.

    International Data Corporation, Forecast Data of Cloud Infrastructure and Cloud Software Vendor Revenue 2012-2021.

    International Data Corporation, Worldwide Endpoint Security Market Shares, 2016: Competition Gets Fierce.

    International Data Corporation, Worldwide IT Asset Management Software Forecast, 2017-2021, May 2017.

    International Data Corporation, Worldwide Semiannual Security Spending Guide, August 2017.

    International Data Corporation, Worldwide Virtual Machine Software Market Shares, 2016: Enterprise Virtualization Remains a Datacenter Mainstay, December 2017.

    MRG Effitas Ltd., Efficacy Assessment of Cb Defense Against Ransomware, September 2017.

    Ponemon Institute and Accenture, 2017 Cost of Cyber Crime Study: Insights on the Security Investments that Make a Difference.

    Ponemon Institute and Carbonite, The Rise of Ransomware, January 2017.

    Ponemon Institute and IBM Security, 2017 Cost of Data Breach Study: Global Overview, June 2017.

55


Table of Contents


USE OF PROCEEDS

        We estimate that the net proceeds from the sale of shares of our common stock in this offering will be approximately $129.0 million, based upon an assumed initial public offering price of $18.00 per share, which is the midpoint of the price range set forth on the cover page of this prospectus, and after deducting estimated underwriting discounts and commissions and estimated offering expenses payable by us. If the underwriters' over-allotment option to purchase additional shares from us is exercised in full, we estimate that our net proceeds would be approximately $149.1 million, after deducting estimated underwriting discounts and commissions and estimated offering expenses payable by us.

        A $1.00 increase (decrease) in the assumed initial public offering price of $18.00 per share would increase (decrease) the net proceeds that we receive from this offering by approximately $7.4 million, assuming that the number of shares offered by us, as set forth on the cover page of this prospectus, remains the same and after deducting estimated underwriting discounts and commissions and estimated offering expenses payable by us. An increase (decrease) of 1,000,000 shares in the number of shares of common stock offered by us would increase (decrease) the net proceeds that we receive from this offering by approximately $16.7 million, assuming the assumed initial public offering price remains the same and after deducting estimated underwriting discounts and commissions and estimated offering expenses payable by us.

        The principal reasons for this offering are to create a public market for shares of our common stock, obtain additional capital and to facilitate our future access to public equity markets. We cannot specify with certainty all of the particular uses for the remaining net proceeds from the offering. We have not quantified or allocated any specific portion of the net proceeds or range of the net proceeds to any particular purpose. We anticipate that we will use a majority of the net proceeds we receive from this offering, including any net proceeds we receive from the exercise of the underwriters' over-allotment option to acquire additional shares of common stock, to invest further in our sales and marketing activities to grow our customer base, to fund our research and development efforts to enhance our technology platform and product functionality, and to pay anticipated general and administrative expenses. We also intend to use proceeds from this offering to fund our other growth strategies described elsewhere in this prospectus. We may use a portion of the net proceeds for the acquisition of businesses, technologies or other assets that we believe are complementary to our own, although we currently have no agreements, commitments or understandings with respect to any such transaction.

        The amount of what, and timing of when, we actually spend for these purposes may vary significantly and will depend on a number of factors, including our future revenue and cash generated by operations and the other factors described in the section titled "Risk Factors." Accordingly, our management will have broad discretion in applying the net proceeds from this offering, and investors will be relying on the judgment of our management regarding the application of the net proceeds from this offering. Pending these uses, we intend to invest the remaining net proceeds in high-quality, short-term, interest-bearing, investment-grade securities, certificates of deposit or direct or guaranteed obligations of the U.S. government.

56


Table of Contents


DIVIDEND POLICY

        We have never declared or paid dividends on our common stock. We do not expect to pay dividends on our common stock for the foreseeable future. Instead, we anticipate that all of our earnings, if any, will be used for the operation and growth of our business. Any future determination to declare cash dividends would be subject to the discretion of our board of directors and would depend upon various factors, including our results of operations, financial condition and liquidity requirements, restrictions that may be imposed by applicable law and our contracts and other factors deemed relevant by our board of directors. Additionally, our ability to pay dividends on our common stock is limited by restrictions under the terms of our credit facility with Silicon Valley Bank. See "Management's Discussion and Analysis of Financial Condition and Results of Operation—Liquidity and Capital Resources—Sources of Funds."

57


Table of Contents


CAPITALIZATION

        The following table sets forth our cash and cash equivalents as well as our capitalization as of December 31, 2017:

    on an actual basis;

    on a pro forma basis to give effect to: (1) the conversion of all outstanding shares of our preferred stock into 45,849,708 shares of common stock upon the closing of this offering; (2) the assumed exercise of the outstanding warrant held by SC US GF Holdings, Ltd., an entity affiliated with Sequoia Capital, to purchase 468,587 shares of our common stock, at an exercise price of $0.002 per share, that will become exercisable upon the closing of this offering; (3) outstanding warrants to purchase shares of our preferred stock becoming warrants to purchase 167,500 shares of common stock upon the closing of this offering; and (4) the filing and effectiveness of our amended and restated certificate of incorporation; and

    on a pro forma as adjusted basis to give further effect to our receipt of the net proceeds from our sale of 8,000,000 shares of common stock in this offering at an assumed initial public offering price of $18.00 per share, which is the midpoint of the price range set forth on the cover page of this prospectus, after deducting estimated underwriting discounts and commissions and estimated offering expenses payable by us.

        The information below is illustrative only, and our cash and cash equivalents and capitalization following the closing of this offering will be adjusted based on the actual initial public offering price and other terms of the offering determined at pricing. You should read this table together with the sections titled "Management's Discussion and Analysis of Financial Condition and Results of Operations," "Selected Consolidated Financial Data" and "Description of Capital Stock," and our consolidated financial statements and related notes included elsewhere in this prospectus.

58


Table of Contents

 
  As of December 31, 2017  
 
  Actual   Pro Forma   Pro Forma
As Adjusted
 
 
  (in thousands, except share and
per share data)

 

Cash and cash equivalents

  $ 36,073   $ 36,073   $ 167,003  

Warrant liability

  $ 2,766   $   $  

Redeemable convertible preferred stock (Series B, C, D, E, E-1 and F), $0.001 par value; 94,101,207 shares authorized, 88,741,194 shares issued and outstanding, actual; no shares authorized, issued or outstanding, pro forma and pro forma as adjusted

   
333,204
   
   
 

Series A convertible preferred stock, $0.001 par value; 8,800,000 shares authorized, 3,851,806 shares issued and outstanding, actual; no shares authorized, issued or outstanding, pro forma and pro forma as adjusted

   
1,510
   
   
 

Stockholders' equity (deficit):

   
 
   
 
   
 
 

Preferred stock, $0.001 par value per share; no shares authorized, issued or outstanding, actual; 25,000,000 shares authorized, no shares issued or outstanding, pro forma and pro forma as adjusted

             

Common stock, $0.001 par value; 156,650,000 shares authorized, 11,193,366 shares issued and 11,139,690 shares outstanding, actual; 500,000,000 shares authorized, 57,511,661 shares issued and 57,457,985 shares outstanding, pro forma; 500,000,000 shares authorized, 65,511,661 shares issued and 65,457,985 shares outstanding, pro forma as adjusted

    11     57     65  

Treasury stock, at cost, 53,676 shares, actual, pro forma and pro forma as adjusted

    (6 )   (6 )   (6 )

Additional paid-in capital

    13,429     350,863     479,875  

Accumulated deficit

    (279,942 )   (279,942 )   (279,942 )

Total stockholders' equity (deficit)

    (266,508 )   70,972     199,992  

Total capitalization

  $ 70,972   $ 70,972   $ 199,992  

        A $1.00 increase (decrease) in the assumed initial public offering price of $18.00 per share, which is the midpoint of the price range set forth on the cover page of this prospectus, would increase (decrease) the pro forma as adjusted amount of each of cash and cash equivalents, additional paid-in capital, total stockholders' equity and total capitalization by $7.4 million, assuming that the number of shares offered by us, as set forth on the cover page of this prospectus, remains the same and after deducting estimated underwriting discounts and commissions and estimated offering expenses payable by us. An increase (decrease) of 1,000,000 shares in the number of shares offered by us, as set forth on the cover page of this prospectus, would increase (decrease) the pro forma as adjusted amount of each of cash and cash equivalents, additional paid-in capital, total stockholders' equity and total capitalization by $16.7 million, assuming the assumed initial public offering price remains the same and after deducting estimated underwriting discounts and commissions and estimated offering expenses payable by us. If the underwriters' over-allotment option to purchase additional shares is exercised in full, the pro forma as adjusted amount of each of cash and cash equivalents, additional paid-in capital, total stockholders' equity and total capitalization would increase by $20.1 million, after deducting estimated underwriting discounts and commissions and estimated offering expenses payable by us.

59


Table of Contents

        The table above does not include:

    1,800,965 shares of common stock issuable upon the exercise of stock options outstanding under our Amended and Restated 2010 Series A Option Plan, or the 2010 Series A Plan, as of December 31, 2017, at a weighted-average exercise price of $2.56 per share;

    117,928 shares of common stock issuable upon the exercise of stock options outstanding under our Amended and Restated Equity Incentive Plan as of December 31, 2017, at a weighted-average exercise price of $1.18 per share;

    13,609,936 shares of common stock issuable upon the exercise of stock options outstanding under our 2012 Stock Option and Grant Plan, or the 2012 Plan, as of December 31, 2017, at a weighted-average exercise price of $4.99 per share;

    837,835 shares of common stock issuable upon the exercise of stock options outstanding under our Carbon Black, Inc. Amended and Restated 2012 Equity Incentive Plan as of December 31, 2017, at a weighted-average exercise price of $0.86 per share;

    455,357 shares of common stock issuable upon the exercise of stock options outstanding under our Confer Technologies, Inc. 2013 Stock Plan as of December 31, 2017, at a weighted-average exercise price of $2.58 per share;

    273,750 shares of common stock issuable upon the exercise of warrants outstanding as of December 31, 2017, at a weighted-average exercise price of $4.83 per share;

    75,009 shares of common stock issuable upon the exercise of stock options granted after December 31, 2017 under our 2010 Series A Plan, at an exercise price of $9.37 per share;

    1,804,105 shares of common stock issuable upon the exercise of stock options granted after December 31, 2017 under our 2012 Plan, at an exercise price of $7.46 per share;

    885,823 shares of common stock issuable upon the exercise of stock options approved subsequent to March 31, 2018 by our board of directors for grant effective upon the pricing of this offering at an exercise price equal to the price to the public listed on the cover page of this prospectus;

    394,500 shares of our common stock issuable from time to time after this offering upon the settlement of restricted stock units granted after December 31, 2017; and

    6,270,650 shares of common stock reserved for future issuance under our 2018 Stock Option and Incentive Plan and 1,735,729 shares of common stock reserved for issuance under our 2018 Employee Stock Purchase Plan, each of which will become effective in connection with this offering and contains provisions that will automatically increase its shares reserved each year, as more fully described in "Executive Compensation—Employee Benefit Plans."

60


Table of Contents


DILUTION

        If you invest in our common stock in this offering, your ownership interest will be diluted immediately to the extent of the difference between the initial public offering price per share of our common stock and the pro forma as adjusted net tangible book value per share of our common stock immediately after this offering.

        Our historical net tangible book value (deficit) as of December 31, 2017 was $(392.4) million, or $(35.23) per share of our common stock. Our historical net tangible book value (deficit) is the amount of our total tangible assets, including deferred commissions, less our total liabilities and the carrying value of our preferred stock, which is not included within stockholders' equity (deficit). Historical net tangible book value (deficit) per share represents our historical net tangible book value (deficit) divided by the 11,139,690 shares of our common stock outstanding as of December 31, 2017.

        Our pro forma net tangible book value (deficit) as of December 31, 2017 was $(54.9) million, or $(0.96) per share of our common stock. Pro forma net tangible book value (deficit) represents the amount of our total tangible assets, including deferred commissions, less our total liabilities, after giving effect to: (1) the conversion of all outstanding shares of our preferred stock into 45,849,708 shares of common stock upon the closing of this offering; (2) the assumed exercise of the outstanding warrant held by SC US GF Holdings, Ltd., an entity affiliated with Sequoia Capital, to purchase 468,587 shares of our common stock, at an exercise price of $0.002 per share, that will become exercisable upon the closing of this offering; and (3) outstanding warrants to purchase preferred stock becoming warrants to purchase 167,500 shares of common stock upon the closing of this offering. Pro forma net tangible book value (deficit) per share represents our pro forma net tangible book value (deficit) divided by the total number of shares of our common stock outstanding as of December 31, 2017, after giving effect to pro forma adjustments (1) and (2) described above.

        After giving further effect to the sale by us of 8,000,000 shares of common stock in this offering at an assumed initial public offering price of $18.00 per share, which is the midpoint of the price range set forth on the cover page of this prospectus, and after deducting estimated underwriting discounts and commissions and estimated offering expenses payable by us, our pro forma as adjusted net tangible book value as of December 31, 2017 would have been $76.2 million, or $1.16 per share. This represents an immediate increase in pro forma as adjusted net tangible book value of $2.12 per share to our existing stockholders and immediate dilution of $16.84 per share in pro forma as adjusted net tangible book value per share to new investors purchasing shares of common stock in this offering. Dilution per share to new investors is determined by subtracting pro forma as adjusted net tangible book value per share after this offering from the assumed initial public offering price per share paid by new investors. The following table illustrates this dilution on a per share basis:

Assumed initial public offering price per share

        $ 18.00  

Historical net tangible book value (deficit) per share as of December 31, 2017

  $ (35.23 )      

Increase per share attributable to the pro forma adjustments described above

    34.27        

Pro forma net tangible book value (deficit) per share as of December 31, 2017

    (0.96 )      

Increase in pro forma as adjusted net tangible book value per share attributable to new investors purchasing shares in this offering

    2.12        

Pro forma as adjusted net tangible book value per share after this offering

          1.16  

Dilution per share to new investors purchasing shares in this offering

        $ 16.84  

        The dilution information discussed above is illustrative only and will change based on the actual initial public offering price and other terms of this offering determined at pricing. A $1.00 increase (decrease) in the assumed initial public offering price of $18.00 per share, which is the midpoint of the price range set forth on the cover page of this prospectus, would increase (decrease) our pro forma as adjusted net

61


Table of Contents

tangible book value by $7.4 million, our pro forma as adjusted net tangible book value per share after this offering by $0.11 and dilution per share to new investors purchasing shares in this offering by $0.89, assuming that the number of shares offered by us, as set forth on the cover page of this prospectus, remains the same and after deducting estimated underwriting discounts and commissions and estimated offering expenses payable by us. An increase of 1,000,000 shares in the number of shares of common stock offered by us, as set forth on the cover page of this prospectus, would increase the pro forma as adjusted net tangible book value per share after this offering by $0.23 and decrease the dilution per share to new investors purchasing shares in this offering by $0.23, assuming no change in the assumed initial public offering price and after deducting estimated underwriting discounts and commissions and estimated offering expenses payable by us. A decrease of 1,000,000 shares in the number of shares of common stock offered by us, as set forth on the cover page of this prospectus, would decrease the pro forma as adjusted net tangible book value per share after this offering by $0.24 and increase the dilution per share to new investors purchasing shares in this offering by $0.24, assuming no change in the assumed initial public offering price and after deducting estimated underwriting discounts and commissions and estimated offering expenses payable by us.

        If the underwriters' over-allotment option to purchase additional shares from us is exercised in full, our pro forma as adjusted net tangible book value per share after this offering would be $1.45 per share, representing an immediate increase in pro forma as adjusted net tangible book value per share of $2.41 to existing stockholders and immediate dilution of $16.55 per share to new investors purchasing shares in this offering, assuming an initial public offering price of $18.00 per share, which is the midpoint of the price range set forth on the cover page of this prospectus, and after deducting estimated underwriting discounts and commissions and estimated offering expenses payable by us.

        The following table summarizes, on the pro forma as adjusted basis described above, the number of shares of our common stock, the total consideration and the average price per share (1) paid to us by existing stockholders and (2) to be paid by new investors purchasing shares of common stock in this offering at an assumed initial public offering price of $18.00 per share, which is the midpoint of the price range set forth on the cover page of this prospectus, before deducting estimated underwriting discounts and commissions and estimated offering expenses payable by us:

 
  Shares Purchased   Total Consideration    
 
 
  Average Price
Per Share
 
 
  Number   Percent   Amount   Percent  

Existing stockholders

    57,457,985     87.8 % $ 175,573,648     54.9 % $ 3.06  

New investors

    8,000,000     12.2     144,000,000     45.1   $ 18.00  

Total

    65,457,985     100.0 % $ 319,573,648     100.0 %      

        A $1.00 increase (decrease) in the assumed initial public offering price of $18.00 per share, which is the midpoint of the price range set forth on the cover page of this prospectus, would increase (decrease) the total consideration paid by new investors by $8.0 million and, in the case of an increase, would increase the percentage of total consideration paid by new investors by 1.3% and, in the case of a decrease, would decrease the percentage of total consideration paid by new investors by 1.4%, assuming that the number of shares offered by us, as set forth on the cover page of this prospectus, remains the same. An increase (decrease) of 1,000,000 shares in the number of shares offered by us, as set forth on the cover page of this prospectus, would increase (decrease) the total consideration paid by new investors by $18.0 million and, in the case of an increase, would increase the percentage of total consideration paid by new investors by 2.9% and, in the case of an decrease, would decrease the percentage of total consideration paid by new investors by 3.3%, assuming no change in the initial public offering price.

        The table above assumes no exercise of the underwriters' over-allotment option to purchase additional shares in this offering. If the underwriters' over-allotment option to purchase additional shares from us is exercised in full, the number of shares of our common stock held by existing stockholders would

62


Table of Contents

be reduced to 86.2% of the total number of shares of our common stock outstanding after this offering, and the number of shares of common stock held by new investors purchasing shares in this offering would be increased to 13.8% of the total number of shares of our common stock outstanding after this offering.

        The table above does not include:

    1,800,965 shares of common stock issuable upon the exercise of stock options outstanding under our Amended and Restated 2010 Series A Option Plan, or the 2010 Series A Plan, as of December 31, 2017, at a weighted-average exercise price of $2.56 per share;

    117,928 shares of common stock issuable upon the exercise of stock options outstanding under our Amended and Restated Equity Incentive Plan as of December 31, 2017, at a weighted-average exercise price of $1.18 per share;

    13,609,936 shares of common stock issuable upon the exercise of stock options outstanding under our 2012 Stock Option and Grant Plan as of December 31, 2017, at a weighted-average exercise price of $4.99 per share;

    837,835 shares of common stock issuable upon the exercise of stock options outstanding under our Carbon Black, Inc. Amended and Restated 2012 Equity Incentive Plan as of December 31, 2017, at a weighted-average exercise price of $0.86 per share;

    455,357 shares of common stock issuable upon the exercise of stock options outstanding under our Confer Technologies, Inc. 2013 Stock Plan as of December 31, 2017, at a weighted-average exercise price of $2.58 per share;

    273,750 shares of common stock issuable upon the exercise of warrants outstanding as of December 31, 2017, at a weighted-average exercise price of $4.83 per share;

    75,009 shares of common stock issuable upon the exercise of stock options granted after December 31, 2017 under our 2010 Series A Plan, at an exercise price of $9.37 per share;

    1,804,105 shares of common stock issuable upon the exercise of stock options granted after December 31, 2017 under our 2012 Plan, at an exercise price of $7.46 per share;

    885,823 shares of common stock issuable upon the exercise of stock options approved subsequent to March 31, 2018 by our board of directors for grant effective upon the pricing of this offering at an exercise price equal to the price to the public listed on the cover page of this prospectus;

    394,500 shares of our common stock issuable from time to time after this offering upon the settlement of restricted stock units granted after December 31, 2017; and

    6,270,650 shares of common stock reserved for future issuance under our 2018 Stock Option and Incentive Plan and 1,735,729 shares of common stock reserved for issuance under our 2018 Employee Stock Purchase Plan, each of which will become effective in connection with this offering and contains provisions that will automatically increase its shares reserved each year, as more fully described in "Executive Compensation—Employee Benefit Plans."

        To the extent that outstanding options or warrants are exercised you will experience further dilution, which may be significant. In addition, we may choose to raise additional capital due to market conditions or strategic considerations, even if we believe we have sufficient funds for our current or future operating plans. To the extent that additional capital is raised through the sale of equity or convertible debt securities, the issuance of these securities may result in further dilution to our stockholders.

63


Table of Contents


SELECTED CONSOLIDATED FINANCIAL DATA

        The following tables present selected consolidated financial data for the periods indicated. You should read this information in conjunction with the section titled "Management's Discussion and Analysis of Financial Condition and Results of Operations" and our consolidated financial statements and related notes and other information included elsewhere in this prospectus. The selected consolidated financial data in this section are not intended to replace the consolidated financial statements and are qualified in their entirety by our consolidated financial statements and related notes appearing at the end of this prospectus. We have derived the selected consolidated statement of operations data for the years ended December 31, 2015, 2016 and 2017 and the selected consolidated balance sheet data as of December 31, 2016 and 2017 from our audited consolidated financial statements appearing at the end of this prospectus. Our historical results are not necessarily indicative of the results to be expected in any future period.

 
  Year Ended December 31,  
 
  2015   2016   2017  
 
  (in thousands, except per share data)
 

Consolidated Statement of Operations Data:

                   

Revenue:

                   

Subscription, license and support

  $ 63,747   $ 104,786   $ 149,262  

Services

    6,847     11,453     12,752  

Total revenue

    70,594     116,239     162,014  

Cost of revenue:

                   

Subscription, license and support(1)

    4,492     11,296     24,217  

Services(1)

    8,821     9,743     11,421  

Total cost of revenue

    13,313     21,039     35,638  

Gross profit

    57,281     95,200     126,376  

Operating expenses:

                   

Sales and marketing(1)

    55,432     80,997     107,190  

Research and development(1)

    24,042     36,493     52,047  

General and administrative(1)

    14,389     23,289     22,337  

Total operating expenses

    93,863     140,779     181,574  

Loss from operations

    (36,582 )   (45,579 )   (55,198 )

Interest expense, net

    (817 )   (518 )   32  

Other income (expense), net

    (1,253 )   (648 )   (583 )

Loss before income taxes

    (38,652 )   (46,745 )   (55,749 )

Benefit from (provision for) income taxes

        2,191     (78 )

Net loss

    (38,652 )   (44,554 )   (55,827 )

Accretion of preferred stock to redemption value

    (24,979 )   (3,569 )   (28,056 )

Net loss attributable to common stockholders

  $ (63,631 ) $ (48,123 ) $ (83,883 )

Net loss per share attributable to common stockholders—basic and diluted(2)

  $ (12.12 ) $ (5.85 ) $ (8.08 )

Weighted-average common shares outstanding—basic and diluted(2)

    5,249     8,230     10,383  

Pro forma net loss per share attributable to common stockholders—basic and diluted (unaudited)(2)

              $ (0.97 )

Pro forma weighted-average common shares outstanding—basic and diluted (unaudited)(2)

                56,535  

64


Table of Contents


(1)
The following table summarizes the classification of stock-based compensation expense in our consolidated statements of operations:

 
  Year Ended December 31,  
 
  2015   2016   2017  
 
  (in thousands)
 

Cost of subscription, license and support revenue

  $ 103   $ 184   $ 403  

Cost of services revenue

    179     219     227  

Sales and marketing expense

    1,595     2,501     3,310  

Research and development expense

    1,585     2,035     2,506  

General and administrative expense

    1,446     2,417     2,510  

Total stock-based compensation expense

  $ 4,908   $ 7,356   $ 8,956  
(2)
See Note 18 to our consolidated financial statements appearing at the end of this prospectus for further details on the calculations of basic and diluted net loss per share attributable to common stockholders and basic and diluted pro forma net loss per share attributable to common stockholders.

 
  As of December 31,  
 
  2016   2017  
 
  (in thousands)
 

Consolidated Balance Sheet Data:

             

Cash and cash equivalents

  $ 51,503   $ 36,073  

Working capital (deficit)(1)

    (13,900 )   (36,391 )

Total assets

    254,099     260,612  

Deferred revenue

    113,399     164,180  

Long-term debt, net of discount, including current portion

    5,500      

Warrant liability

    2,181     2,766  

Redeemable convertible and convertible preferred stock

    304,638     334,714  

Total stockholders' deficit

    (193,662 )   (266,508 )

(1)
We define working capital (deficit) as current assets less current liabilities.

65


Table of Contents


MANAGEMENT'S DISCUSSION AND ANALYSIS OF
FINANCIAL CONDITION AND RESULTS OF OPERATIONS

        You should read the following discussion and analysis of our financial condition and results of operations in conjunction with the section titled "Selected Consolidated Financial Data" and our consolidated financial statements and related notes included elsewhere in this prospectus. In addition to historical consolidated financial information, the following discussion and analysis and information set forth elsewhere in this prospectus contain forward-looking statements that involve risks, uncertainties and assumptions. Our actual results could differ materially from those anticipated by these forward-looking statements as a result of many factors. We discuss factors that we believe could cause or contribute to these differences below and elsewhere in this prospectus, including those set forth under "Risk Factors" and "Special Note Regarding Forward-Looking Statements."

Overview

        Carbon Black is a leading provider of next-generation endpoint security solutions. We believe the depth, breadth and real-time nature of our endpoint data, combined with the strength of our analytics platform, provides customers with the most robust and data-intensive solution to address the complete endpoint security lifecycle. Our solutions enable customers to predict, prevent, detect, respond to and remediate cyber attacks before they cause a damaging incident or data breach.

        Enterprise environments have become more open, interconnected and vulnerable to cyber attacks, and an increasingly mobile workforce and the explosion of enterprise data and applications in the cloud have expanded the attack surface beyond the traditional network perimeter. As a result, the endpoint is the new perimeter and the primary focus of cyber attacks. Endpoints store valuable data, perform critical operations and are the interface where attackers can target humans through email, social engineering, and other tactics. Endpoints include desktops, laptops, servers, virtual machines, cloud workloads (services running on cloud servers), fixed-function devices such as ATMs, point of sale systems, and control and data systems for power plants and other industrial assets.

        We offer organizations solutions that enable them to address the full endpoint security lifecycle of an endpoint and integrate endpoint security within their cyber security architecture. Unlike legacy security products that install an agent and collect data specific to its domain or use case, our platform provides a single agent that continuously collects unfiltered endpoint data to address a wide array of security use cases that today are addressed by multiple point products.

        We have a strong heritage of innovative technology leadership in multiple endpoint security categories: application control, through our Cb Protection solution; endpoint detection and response, or EDR, through our Cb Response solution; and next-generation antivirus, or NGAV, through our Cb Defense solution.

        We began selling our initial product in 2005, which was the precursor to Cb Protection. Our initial product focused on delivering endpoint protection for desktops and servers through application control. In February 2014, we acquired Carbon Black, whose solution was the precursor to Cb Response. In 2015, we acquired Objective Logistics Inc., or Objective Logistics, and VisiTrend, Inc., or VisiTrend, primarily to acquire the technical expertise of their employees and certain intellectual property assets. The acquisition of Carbon Black strengthened our position as a leader in advanced threat detection and incident response management solutions, and was an important event for us as it enabled us to provide our customers with solutions designed to address the full endpoint security lifecycle. We believe that our ability to address the full lifecycle of an attack is a critical differentiator versus other endpoint security technologies that address only a portion of the attack lifecycle.

        In more recent periods, we have focused on satisfying the increasing demand for cloud-based software from our customers and prospects and intend to continue to expand our cloud-based product offerings. In

66


Table of Contents

August 2015, we released a cloud-based version of Cb Response to our customers under a software-as-a-service, or SaaS, model. In June 2016, we acquired Confer Technologies, Inc., or Confer, whose solution is currently sold to customers as Cb Defense. The acquisition of Confer was an important event for us as it added key capabilities in the areas of cloud-based, multi-tenant, big-data processing and streaming detection and prevention. With this acquisition, we also entered the next-generation antivirus market. The technology that we acquired in this acquisition is foundational to our predictive security cloud platform, which is designed to address the full endpoint security lifecycle, and to our strategy. For more information regarding the Confer, Objective Logistics and VisiTrend acquisitions, see Note 3 to our consolidated financial statements appearing at the end of this prospectus. The percentage of our total revenue generated by sales of our cloud-based solutions was negligible in 2015, 6% in 2016 and 16% in 2017. We have experienced strong growth in the number of customers who purchase our cloud-based solutions, with 49 customers in 2015, 398 customers in 2016 and 1,605 customers in 2017 purchasing our cloud-based solutions.

        A substantial majority of our customers purchase our solutions under a subscription agreement with a term of one or three years. The percentage of our customers that purchased our solutions under a subscription agreement with a term of one or three years was 87%, 92% and 96% as of December 31, 2015, 2016 and 2017, respectively. Our subscription agreements include: access to and the right to utilize the threat intelligence capabilities of the Cb Predictive Security Cloud; ongoing support, which provides our customers with telephone and web-based support, bug fixes and repairs; and software updates on a when-and-if-available basis. Less often, some customers purchase our solutions under a perpetual license with an associated maintenance and support agreement, along with access to the Cb Predictive Security Cloud. Revenue from our subscription agreements, as well as revenue from a perpetual license that is sold with access to the Cb Predictive Security Cloud, a maintenance and support agreement, professional services or training, is deferred on our balance sheet and subsequently recognized ratably over the longest service period of any deliverable in the arrangement, which is generally the support term, beginning once all services in the arrangement have commenced. Revenue from perpetual licenses represented less than 5% of our $149.3 million of subscription, license and support revenue in 2017. Due to our revenue recognition model, all of our subscription, license and support revenue is recognized on a ratable basis, providing us with strong visibility into future revenue.

        We primarily sell our products through a channel partner go-to-market model, which significantly extends our global market reach and ability to rapidly scale our sales efforts. Our inside sales and field sales representatives work alongside an extensive network of value-added resellers, or VARs, distributors, managed security service providers, or MSSPs, and incident response, or IR, firms. Our MSSP and IR firm channel partners both use and recommend our products to their clients. We have established significant relationships with leading channel partners, including Optiv Security, Inc., a leading VAR and MSSP; CDW Corporation, one of the world's largest software VARs; Arrow Electronics, Inc., a major global distributor; SecureWorks, Inc., a leading MSSP; and Kroll, a leading IR firm. In addition, we have technology and go-to-market partnerships with both IBM and VMware, enabling us to leverage their sales organizations to reach their large customer bases. In the three months ended December 31, 2017, 94% of our new and add-on business was closed in collaboration with a channel partner. We expect to continue to focus on generating sales to new and existing customers through our channel partners as a part of our growth strategy. When we transact with a channel partner, our contractual arrangement is with the channel partner and not with the end-use customer. However, whether we receive the order from a channel partner or directly from an end-use customer, our revenue recognition policy and resulting pattern of revenue recognition for the order are the same.

        Our sales team works closely with our end-use customer prospects at every stage of the sales cycle regardless of whether the prospect is sourced directly or indirectly—from initial information meetings through the implementation of our products with our end-use customers. We believe this coordinated

67


Table of Contents

approach to sales allows us to leverage the benefits of channel partners as well as maintain face-to-face connectivity and build long-term, trusted relationships with our customers.

        Our customers include many of the world's largest, security-focused enterprises and government agencies that are among the most heavily targeted by cyber adversaries, as well as mid-sized organizations. As of December 31, 2017, we serve over 3,700 customers globally across multiple industries, including 33 of the Fortune 100.

        We have experienced strong revenue growth, with revenue increasing from $70.6 million in 2015 to $116.2 million in 2016 and $162.0 million in 2017, representing a 51% compound annual growth rate over the same period. We have a subscription-based revenue model that provides visibility into future revenue. Recurring revenue represented 77%, 83% and 88% of our total revenue in 2015, 2016 and 2017, respectively. Annual recurring revenue, or ARR, was $76.8 million, $124.2 million and $174.2 million as of December 31, 2015, 2016 and 2017, respectively. We define ARR as the annualized value of all active subscription contracts as of the end of the period. ARR excludes revenue from perpetual licenses and services. The portion of ARR related to our cloud-based subscription contracts was $2.5 million, $15.1 million and $46.0 million as of December 31, 2015, 2016 and 2017, respectively. The percentage of our total recurring revenue generated by sales of our cloud-based solutions was negligible in 2015, 7% in 2016 and 18% in 2017. We incurred net losses of $38.7 million in 2015, $44.6 million in 2016 and $55.8 million in 2017 as we continued to invest for growth to address the large market opportunity for our platform.

        We believe that the growth of our business and our operating results will be dependent upon many factors, including our ability to capitalize on the market shift from legacy prevention offerings to next-generation endpoint security solutions, our success in growing our customer base and expanding deployments of our platform within existing customers, our ability to enhance our platform and product offerings, and our focus on maintaining strong retention rates. While these areas present significant opportunities for us, they also pose challenges and risks that we must successfully address in order to sustain the growth of our business and improve our operating results.

        We have experienced rapid growth and increased demand for our products over the last few years. To manage any future growth effectively, we must continue to improve and expand our information technology and financial infrastructure, our operating and administrative systems and controls, and our ability to manage headcount, capital and processes in an efficient manner. Additionally, we face intense competition in our market, and to succeed, we need to innovate and offer products that are differentiated from legacy antivirus products, established network security products and point solutions provided by smaller security providers. We must also effectively hire, retain, train and motivate qualified personnel and senior management. If we are unable to successfully address these challenges, our business, operating results and prospects could be adversely affected. Our marketing is focused on building our brand reputation, increasing market awareness of our platform, driving customer demand and a strong sales pipeline, and collaborating with our channel partners around the globe.

Cohort Contribution Margin Analysis

        To provide a further understanding of the economics of our customer relationships, we are providing a contribution margin analysis of the customers we acquired during 2015, which we refer to as the 2015 Cohort. We believe the 2015 Cohort is a fair representation of our overall customer base because it includes customers across industries and geographies and includes customers who have expanded their subscriptions as well as those who have reduced or not renewed their subscriptions. We define cohort contribution margin as the ARR of subscription commitments from the customer cohort at the end of the period less the associated cost of subscription, license and support and the estimated allocated sales and marketing expense, which we collectively refer to as associated costs. We define contribution margin percentage as cohort contribution margin divided by the ARR associated with such cohort in a given

68


Table of Contents

period. In this analysis, we exclude revenue from perpetual licenses and services for purposes of calculating ARR for the 2015 Cohort. Cohort contribution margin is not prepared in accordance with generally accepted accounting principles in the United States, or GAAP, as it utilizes ARR, which is an operational measure.

        Cohort contribution margin is an operational measure; it is not a financial measure of profitability and is not intended to be used as a proxy for the profitability of our business, nor does it imply profitability. We have not yet achieved profitability, and even if our ARR exceeds our associated costs over time, we may not be able to achieve or maintain profitability. The relationship of ARR to associated costs is not necessarily indicative of future performance, and we cannot predict whether future cohort contribution margin analyses will be similar to the analysis below. Other companies may calculate cohort contribution margin differently and, therefore, the analyses of other companies may not be directly comparable to ours.

        The associated cost of subscription, license and support primarily includes hosting costs, personnel-related costs for employees providing technical support (including compensation and benefits), allocated overhead and amortization of capitalized software development costs for internal-use software, in each case, relating to our subscription, license and support revenue. We allocate a portion of the cost of subscription, license and support to the ARR in each period using our reported subscription, license and support gross margin, excluding stock-based compensation and amortization of acquired intangible assets, each of which is a non-cash charge. Estimated allocated sales and marketing expense includes personnel-related costs for our sales and marketing teams (including salaries, benefits and amortization of deferred commissions) and costs of marketing activities and promotional events associated with our efforts to increase ARR through acquiring new customers, expanding subscriptions of existing customers or retaining existing ARR through subscription renewals. We attribute estimated allocated sales and marketing expense for new ARR to the period when a new customer begins a subscription or when an existing customer expands its subscription with us. We allocate costs associated with renewals of ARR to the renewal period. We allocate a portion of our sales and marketing expenses to the ARR in each period using our reported sales and marketing expense, excluding stock-based compensation and amortization of acquired intangible assets, each of which is a non-cash charge, and to new and existing customers based on the new ARR generated from each group. The associated costs do not include research and development and general and administrative expenses because these expenses support the growth of our business broadly and benefit all customers.

        The estimated allocated sales and marketing expense associated with acquiring the initial ARR from a customer cohort is significant in the period in which the cohort begins their subscriptions with us and, consequently, the cohort contribution margin is low, and may be negative, in that period. In subsequent periods, contribution margin increases meaningfully because the acquisition costs associated with expanding the ARR of the cohort, as well as the costs to support the cohort and renew their subscriptions, are low relative to the ARR of the cohort.

        At the end of 2015, the 2015 Cohort accounted for $28.2 million in ARR and $30.9 million in associated costs, representing a cohort contribution margin of $(2.7) million, or a contribution margin percentage of (9)%. At the end of 2016, the 2015 Cohort accounted for $32.0 million in ARR and $10.0 million in associated costs, representing a cohort contribution margin of $22.0 million, or a contribution margin percentage of 69%. At the end of 2017, the 2015 Cohort accounted for $32.7 million in ARR and $7.5 million in associated costs, representing a cohort contribution margin of $25.2 million, or a contribution margin percentage of 77%. These metrics are illustrated in the chart below.

69


Table of Contents

GRAPHIC

        We believe that our cohort contribution margin analysis demonstrates the powerful customer economics of our business. With our historically high retention rates and high gross margin, we have been able to increase our cohort contribution margin and enhance the value of our customer relationships over time.

        The 2015 Cohort may not be representative of any other group of customers or periods. We expect that the cohort contribution margin and contribution margin percentage of our customer cohorts will fluctuate from one period to another depending upon the number of customers remaining in each cohort, our ability to increase their ARR, other changes in their subscriptions, as well as changes in our associated costs. We may not experience similar financial outcomes from future customers. We do not have consistent corresponding information for prior historical periods that would allow us to present additional historical cohorts, and the ARR, associated costs, cohort contribution margins and contribution margin percentages from such cohorts could vary.

Key Factors Affecting Our Performance

        Our historical financial performance has been, and we expect our financial performance in the future to be, primarily driven by the following factors:

        Market Adoption.    We believe our future success will depend in large part on the growth in the market for next-generation endpoint security. Because network-centric security is no longer adequate, organizations must focus on securing the endpoint. However, while organizations have made significant investments in upgrading to advanced network security solutions, the majority of endpoint security technology in use today relies on multiple agents and uses the same ineffective, traditional signature-based antivirus software originally designed more than 20 years ago. As a result, organizations are increasingly shifting their security budgets toward next-generation endpoint security solutions. We believe that we are well positioned as a market leader to capitalize on this investment cycle and that our ability to address the full lifecycle of a cyber attack will help to drive our market adoption. Additionally, the number of security professionals has not kept pace with total demand. As the number of threats multiplies, legacy solutions either miss threats or produce more alerts than security teams are able to process and investigate. Organizations are increasingly turning to next-generation solutions, advanced analytics and automation tools to empower their security professionals to increase their efficiency and focus on the highest value cyber security tasks, thereby reducing the need for additional security headcount. Organizations are also addressing the talent gap by relying more on security-focused VARs and trusted partners to augment their internal teams of security experts.

70


Table of Contents

        Add New Customers.    Our ability to add new customers is a key indicator of our increasing market adoption and future revenue potential. Our customer count, which includes both direct sale customers and customers with one or more subscriptions to our platform through channel partners, grew from 1,774 in 2015, to 2,516 in 2016, and to 3,739 in 2017, representing year-over-year increases of 42% in 2016 and 49% in 2017. The number of our direct sale customers decreased from 354 in 2015, to 316 in 2016, and to 267 in 2017. The number of our customers with one or more subscriptions to our platform through channel partners increased from 1,420 in 2015, to 2,200 in 2016, and to 3,472 in 2017. We expect this trend to continue in future periods as we focus on adding new customers and renewing existing customers through our channel partners. We are focused on continuing to grow our customer base. We have continuously enhanced our endpoint security platform and product offerings, and we have expanded both our domestic and international sales force to drive new customer acquisition. However, our ability to continue to grow our customer base is dependent on a number of factors, including our ability to compete within the increasingly competitive markets in which we participate.

        Maintain Strong Retention Rates.    An important component of our revenue growth strategy is to have our existing customers renew their agreements with us. To assess our performance against this objective, we monitor the retention rate of our existing customers. We calculate retention rate by comparing the annual recurring subscription and support revenue from our customers at the beginning of a measurement period to the annual recurring subscription and support revenue from those same customers at the end of a measurement period. We divide the ending annual recurring revenue by the beginning annual recurring revenue to arrive at our retention rate metric. We exclude the impact of any add-on purchases from these customers during the measurement period; accordingly, our retention rate cannot exceed 100%. In addition, the metric reflects the loss of customers who elected not to renew contracts expiring during the measurement period. Our retention rate was 93% in 2015, 92% in 2016 and 93% in 2017.

        Increase Sales to Existing Customers.    Our current customer base provides us with a significant opportunity to drive incremental sales. Our extensible platform allows us to develop new solutions rapidly and at lower cost over time. As we develop and deploy additional security offerings on the Cb Predictive Security Cloud platform, we see significant additional opportunity to cross-sell as customers benefit by addressing multiple security requirements through a single platform. Our ability to increase sales to existing customers will depend on a number of factors, including customers' satisfaction or dissatisfaction with our solutions, our ability to develop new products, pricing, economic conditions or overall reductions in our customers' spending levels.

        Invest in Growth.    We will continue to focus on long-term revenue growth. We believe that our market opportunity is large and we will continue to invest significantly in sales and marketing to grow our customer base, both domestically and internationally. We also expect to continue to invest in research and development to enhance our technology platform and product functionality. In addition to our ongoing investment in research and development, we may also pursue acquisitions of businesses, technologies and assets that complement and expand the functionality of our products and services, expand the functionality of our solutions, add to our technology or security expertise, or bolster our leadership position by gaining access to new customers or markets.

71


Table of Contents

Key Metrics

        We regularly monitor a number of financial and operating metrics, including the following key metrics, in order to measure our current performance and estimate our future performance, as follows:

 
  Year Ended December 31,  
 
  2015   2016   2017  
 
  (dollar amounts in thousands)
 

Billings

  $ 98,840   $ 144,027   $ 212,795  

Year-over-year growth

    55 %   46 %   48 %

Short-term billings

  $ 98,452   $ 142,364   $ 194,869  

Year-over-year growth

    63 %   45 %   37 %

Total revenue

  $ 70,594   $ 116,239   $ 162,014  

Year-over-year growth

    80 %   65 %   39 %

Recurring revenue

  $ 54,336   $ 96,587   $ 143,064  

Year-over-year growth

    109 %   78 %   48 %

Recurring revenue as a percentage of total revenue

    77 %   83 %   88 %

Number of customers

    1,774     2,516     3,739  

        Billings.    We define billings, a non-GAAP financial measure, as total revenue plus the change in deferred revenue during the period, excluding acquired deferred revenue. Our deferred revenue consists of amounts that have been invoiced to customers but that have not yet been recognized as revenue. Our deferred revenue balance primarily consists of the portion of products, support and professional services revenue that will be recognized ratably over the longest service period of any deliverable in the arrangement, which is generally the support term, beginning once all services in the arrangement have commenced.

        Most of our revenue is derived from subscriptions to our products with a duration of one or three years. For our subscription arrangements, we typically bill our customers the fee on an annual basis for the upcoming year. For 2017, we changed our policy to require customers with multi-year contract commitments to agree to multi-year upfront billing for the total contract fee. This policy change contributed to the 48% growth in total billings from 2016 to 2017. Beginning in 2018, we are reverting to our former policy and will offer customers who make a multi-year contract commitment the option to be billed the total contract fee upfront or to be billed on an annual basis. We expect that many customers who make a multi-year contract commitment will select to be billed on an annual basis, which could result in a lower growth rate for our billings in 2018 compared to 2017.

        Some of our revenue is also derived from perpetual licenses of our products along with a maintenance and support agreement. For our perpetual licenses, we bill our customers the entire license fee upon delivery of the software, and for support, we typically bill our customers the support fee on an annual basis for the upcoming year.

        For services sold on a fixed-price basis, we bill customers in advance. For services sold on a time-and-materials basis, we bill customers as such services are performed.

        We use billings as one factor to evaluate our business because billings is an important indicator of current period sales activity and provides visibility into corresponding future revenue growth due to our subscription-based revenue model. Accordingly, we believe that billings provides useful information to investors and others in understanding and evaluating our operating results in the same manner as our management. While we believe that billings is useful in evaluating our business, billings is a non-GAAP financial measure that has limitations as an analytical tool, and billings should not be considered as an alternative to, or substitute for, total revenue recognized in accordance with GAAP. In addition, other companies, including companies in our industry, may calculate billings differently or not at all, which reduces the usefulness of billings as a tool for comparison. We recommend that you review the

72


Table of Contents

reconciliation of billings to total revenue, the most directly comparable GAAP financial measure, provided below, and that you not rely on billings or any single financial measure to evaluate our business.

 
  Year Ended December 31,  
 
  2015   2016   2017  
 
  (in thousands)
 

Total revenue

  $ 70,594   $ 116,239   $ 162,014  

Deferred revenue, end of period

    83,981     113,399     164,180  

Deferred revenue, beginning of period

    (55,735 )   (83,981 )   (113,399 )

Acquired deferred revenue

        (1,630 )    

Billings

  $ 98,840   $ 144,027   $ 212,795  

        Short-term billings.    We define short-term billings, a non-GAAP financial measure, as total revenue plus the change in current deferred revenue during the period, excluding acquired deferred revenue. We believe that short-term billings provides useful information to investors and others in evaluating our operating performance because it excludes the impact of upfront multi-year billings, which can vary from period to period depending on the timing of large, multi-year customer contracts and customer preferences for annual billing versus multi-year upfront billing. While we believe that short-term billings is useful in evaluating our business, short-term billings is a non-GAAP financial measure that has limitations as an analytical tool, and short-term billings should not be considered as an alternative to, or substitute for, total revenue recognized in accordance with GAAP. In addition, other companies, including companies in our industry, may calculate short-term billings differently or not at all, which reduces the usefulness of short-term billings as a tool for comparison. We recommend that you review the reconciliation of short-term billings to total revenue, the most directly comparable GAAP financial measure, provided below, and that you not rely on short-term billings or any single financial measure to evaluate our business.

 
  Year Ended December 31,  
 
  2015   2016   2017  
 
  (in thousands)
 

Total revenue

  $ 70,594   $ 116,239   $ 162,014  

Deferred revenue, current, end of period

    71,668     99,423     132,278  

Deferred revenue, current, beginning of period

    (43,810 )   (71,668 )   (99,423 )

Acquired deferred revenue

        (1,630 )    

Short-term billings

  $ 98,452   $ 142,364   $ 194,869  

        Recurring revenue.    We define recurring revenue, a non-GAAP financial measure, as subscription, license and support revenue (which includes revenue relating to support for perpetual licenses) less perpetual license revenue for the period. We use recurring revenue as one factor to evaluate our business because we believe that recurring revenue provides visibility into the revenue expected to be recognized in the current and future periods. Accordingly, we believe that recurring revenue provides useful information to investors and others in understanding and evaluating our operating results in the same manner as our management. While we believe that recurring revenue is useful in evaluating our business, recurring revenue is a non-GAAP financial measure that has limitations as an analytical tool, and recurring revenue should not be considered as an alternative to, or substitute for, subscription, license and support revenue recognized in accordance with GAAP. In addition, other companies, including companies in our industry, may calculate recurring revenue differently or not at all, which reduces the usefulness of recurring revenue as a tool for comparison. We recommend that you review the reconciliation of recurring revenue to subscription, license and support revenue, the most directly comparable GAAP financial measure,

73


Table of Contents

provided below, and that you not rely on recurring revenue or any single financial measure to evaluate our business.

 
  Year Ended December 31,  
 
  2015   2016   2017  
 
  (in thousands, except percentages)
 

Subscription, license and support revenue

  $ 63,747   $ 104,786   $ 149,262  

Perpetual license revenue(1)

    (9,411 )   (8,199 )   (6,198 )

Recurring revenue

  $ 54,336   $ 96,587   $ 143,064  

Recurring revenue as a percentage of total revenue

    77 %   83 %   88 %

(1)
Perpetual license revenue for this calculation is based on the contractual amount for perpetual licenses because we do not have vendor-specific objective evidence of the fair value of our perpetual licenses.

        The percentage of our total recurring revenue generated by sales of our cloud-based solutions was negligible in 2015, 7% in 2016 and 18% in 2017.

        Free cash flow and free cash flow margin.    We define free cash flow, a non-GAAP financial measure, as net cash used in operating activities less purchases of property and equipment and capitalized internal-use software. We define free cash flow margin as free cash flow divided by total revenue. For the 2016 free cash flow calculation, we have also excluded the impact of the management incentive liability payment as this payment was not part of our core operating results. We monitor free cash flow as one measure of our overall business performance, which enables us to analyze our future performance without the effects of non-cash items and allow us to better understand the cash needs of our business. While we believe that free cash flow is useful in evaluating our business, free cash flow is a non-GAAP financial measure that has limitations as an analytical tool, and free cash flow should not be considered as an alternative to, or substitute for, net cash used in operating activities in accordance with GAAP. The utility of free cash flow as a measure of our liquidity is further limited as it does not represent the total increase or decrease in our cash balance for any given period. In addition, other companies, including companies in our industry, may calculate free cash flow differently or not at all, which reduces the usefulness of free cash flow as a tool for comparison. A summary of our cash flows from operating, investing and financing activities is provided below. We recommend that you review the reconciliation of free cash flow to net cash used in operating activities, the most directly comparable GAAP financial measure, and the reconciliation of free cash flow margin to net cash used in operating activities (as a percentage of revenue), the most directly comparable GAAP financial measure, provided below, and that you not rely on free cash flow, free cash flow margin or any single financial measure to evaluate our business.

 
  Year Ended December 31,  
 
  2015   2016   2017  
 
  (in thousands)
 

Net cash used in operating activities

  $ (4,097 ) $ (33,088 ) $ (7,678 )

Net cash provided by (used in) investing activities

    (12,866 )   2,200     (6,067 )

Net cash provided by (used in) financing activities

    59,191     15,395     (1,685 )

Net increase (decrease) in cash and cash equivalents

  $ 42,228   $ (15,493 ) $ (15,430 )

74


Table of Contents


 
  Year Ended December 31,  
 
  2015   2016   2017  
 
  (in thousands)
 

Net cash used in operating activities

  $ (4,097 ) $ (33,088 ) $ (7,678 )

Management incentive plan liability payment

        13,985      

Purchases of property and equipment

    (8,912 )   (5,776 )   (5,145 )

Capitalization of internal-use software costs

    (646 )   (411 )   (922 )

Free cash flow

  $ (13,655 ) $ (25,290 ) $ (13,745 )


 
  Year Ended December 31,  
 
  2015   2016   2017  

Net cash used in operating activities (as a percentage of revenue)

    (6 )%   (28 )%   (5 )%

Management incentive plan liability payment (as a percentage of revenue)

        12 %    

Purchases of property and equipment (as a percentage of revenue)          

    (12 )%   (5 )%   (3 )%

Capitalization of internal-use software costs (as a percentage of revenue)

    (1 )%   (1 )%   (1 )%

Free cash flow margin

    (19 )%   (22 )%   (8 )%

        Our policy change in 2017 to require customers with multi-year contract commitments to agree to multi-year upfront billing for the total contract fee contributed to the increase in free cash flow from 2016 to 2017. As discussed above, beginning in 2018, we are reverting to our former policy of offering customers who make multi-year contract commitments the option to be billed the total contract fee upfront or to be billed on an annual basis. We expect that many customers who make a multi-year contract commitment will select to be billed on an annual basis, which could result in less benefit to free cash flow in 2018 compared to 2017.

        Non-GAAP operating loss.    We define non-GAAP operating loss as loss from operations excluding stock-based compensation and amortization of acquired intangible assets. For the three months ended March 31, 2018, we will also exclude from non-GAAP operating loss the expense related to the payments we agreed to make in 2018 pursuant to a legal settlement. See "—Contractual Obligations and Commitments." We consider non-GAAP operating loss to be a useful metric for investors and other users of our financial information in evaluating our operating performance because it excludes the impact of stock-based compensation and amortization of acquired intangible assets, each of which is a non-cash charge that can vary from period to period for reasons that are unrelated to our core operating performance, and expense recorded by us pursuant to the legal settlement because it is a non-recurring item. While we believe that non-GAAP operating loss is useful in evaluating our business, non-GAAP operating loss is a non-GAAP financial measure that has limitations as an analytical tool, and non-GAAP operating loss should not be considered as an alternative to, or substitute for, loss from operations in accordance with GAAP. In addition, other companies, including companies in our industry, may calculate non-GAAP operating loss differently or not at all, which reduces the usefulness of non-GAAP operating loss as a tool for comparison. We recommend that you review the reconciliation of non-GAAP operating

75


Table of Contents

loss to loss from operations, the most directly comparable GAAP financial measure, provided below, and that you not rely on non-GAAP operating loss or any single financial measure to evaluate our business.

 
  Year Ended December 31,  
 
  2015   2016   2017  
 
  (in thousands)
 

Loss from operations

  $ (36,582 ) $ (45,579 ) $ (55,198 )

Stock-based compensation

    4,908     7,356     8,956  

Amortization of acquired intangible assets

    595     3,780     1,563  

Non-GAAP operating loss

  $ (31,079 ) $ (34,443 ) $ (44,679 )

        Number of Customers.    We believe that the size of our customer base is an indicator of our market penetration and that net customer additions are an indicator of the growth of our business. We define our total customers at the end of a period as the number of organizations with one or more contractual agreements to use our solutions, either licensed directly by us or through a channel partner.

Components of Results of Operations

Revenue

        We generate revenue through relationships with channel partners and through our direct sales force primarily from three sources: (1) the sale of subscription (i.e., term-based) and perpetual licenses for software products along with access to and the right to utilize the threat intelligence capabilities of the Cb Predictive Security Cloud, as well as maintenance services and customer support, which we refer to collectively as support, (2) cloud-based SaaS subscriptions for access to our Cb Response and Cb Defense software products, and (3) professional services and training, which we refer to collectively as services.

    Subscription, License and Support

        Our Cb Protection and Cb Response products are offered through subscription or perpetual software licenses, with a substantial majority of our customers selecting a subscription license. Subscription licenses include access to and the right to utilize the threat intelligence capabilities of the Cb Predictive Security Cloud as well as ongoing support, which provides our customers with telephone and web-based support, bug fixes and repairs and software updates on a when-and-if-available basis. Substantially all customers who purchase licenses on a perpetual basis also purchase an agreement for access to and the right to utilize the threat intelligence capabilities of the Cb Predictive Security Cloud. Revenue for both subscription licenses and perpetual licenses is deferred on our balance sheet and subsequently recognized as revenue ratably over the longest service period of any deliverable in the arrangement, which is generally the support term, beginning once all services in the arrangement have commenced.

        During 2015, we began offering our Cb Response product through cloud-based subscriptions. During 2016, we began offering our Cb Defense product, a cloud-based next-generation antivirus solution obtained through the acquisition of Confer. Revenue for cloud-based subscriptions is deferred on our balance sheet and subsequently recognized as revenue ratably over the term of the subscription.

        Our subscription and support agreements typically have one- or three-year terms. For multi-year arrangements, we typically bill on an annual basis. Prior to 2017, we typically billed multi-year arrangements on an annual basis. For 2017, we changed our policy to require customers with multi-year contract commitments to agree to multi-year upfront billing for the total contract fee. Beginning in 2018, we are reverting to our former policy and will offer customers who make a multi-year contract commitment the option to be billed the total contract fee upfront or to be billed on an annual basis.

76


Table of Contents

    Services

        We generate services revenue from the sale of professional services related to deployment and training services. Customers primarily purchase our professional services together with our product offerings and, to a lesser extent, on a stand-alone basis. Revenue from professional services sold together with support is recognized ratably over the longest service period of any deliverable in the arrangement, beginning once all services in the arrangement have commenced. Revenue from services sold on a stand-alone basis is recognized as those services are rendered.

        As more customers select our cloud-based offerings, we expect customers to reduce their purchases of deployment services as our cloud-based offerings are typically easier to deploy. Accordingly, we expect our services revenue to increase in absolute dollars but decrease as a percentage of total revenue over time.

Cost of Revenue

        Our total cost of revenue consists of the costs of subscription, license and support revenue as well as the costs of services revenue.

    Cost of Subscription, License and Support Revenue

        Cost of subscription, license and support revenue consists of hosting costs associated with our cloud-based offerings, personnel-related costs for our support personnel, including salaries, benefits, bonuses, payroll taxes, stock-based compensation and allocated overhead costs. Also included in cost of subscription, license and support revenue are costs associated with amortization of capitalized software development costs for internal-use software and amortization of developed technology intangible assets related to our prior acquisitions.

        We expect cost of subscription, license and support revenue to increase significantly on an absolute dollar basis in the near term due to the acceleration of our cloud-based offerings. We will incur additional personnel-related costs, including salaries, benefits, bonuses, payroll taxes, stock-based compensation and allocated overhead costs, for employees who support our cloud-based subscriptions and hosting services. The hosting costs for our cloud-based offerings will also increase as the number of customers who purchase our cloud-based offerings increases.

        We expect gross margin on our subscription, license and support revenue to continue to decline as more customer purchase our cloud-based offerings, but at a reduced rate as compared to the decline from 2016 to 2017.

    Cost of Services Revenue

        Cost of services revenue consists of personnel-related costs for our professional services team, including salaries, benefits, bonuses, payroll taxes, stock-based compensation, travel expenses and allocated overhead costs. We recognize the costs of providing services when we incur them.

        We expect cost of services revenue to increase as we increase our sales.

Operating Expenses

        Operating expenses consist of sales and marketing, research and development, and general and administrative expenses.

    Sales and Marketing Expense

        Sales and marketing expense consists of personnel-related costs for our sales and marketing teams, including salaries, benefits, amortization of deferred commissions, bonuses, payroll taxes, stock-based compensation and other related costs. Additional expenses include costs of marketing activities and

77


Table of Contents

promotional events, travel, amortization of trade name and customer relationship intangible assets related to our prior acquisitions, and allocated overhead costs. We capitalize commission costs that are incremental and directly related to the acquisition of customer agreements. Commissions are earned by our sales force and paid in full upon the receipt of customer orders, or bookings, for new and add-on arrangements or renewals. Commission costs are capitalized when earned and are amortized as an expense over the same period that the revenue is recognized for the related non-cancelable customer agreement in proportion to the recognition of the revenue.

        In addition to our field sales staff, we have a dedicated channel team that works with our field and inside sales organization to manage our relationships with channel partners and that works with our channel partners in winning end-use customers. As a result, our sales team works closely with our end-use customer prospects at every stage of the sales cycle regardless of whether the prospect is sourced directly or indirectly—from initial information meetings through the implementation of our products. This sales approach allows us to leverage the benefits of the channel while also building long-term, trusted relationships with our customers. Additionally, we believe this approach delivers the security expertise and support that leads to full realization of the benefits of our technology platform. In the three months ended December 31, 2017, 94% of our new and add-on business was closed in collaboration with our channel partners.

        We expect sales and marketing expense to increase on an absolute dollar basis in the near term as we continue to increase investments to drive our market adoption and revenue growth.

    Research and Development Expense

        Research and development expense consists of personnel-related costs for our research and development team, including salaries, benefits, bonuses, payroll taxes, stock-based compensation and other related costs. Additional expenses include subcontracting for third-party engineering resources as well as allocated overhead costs.

        We expect research and development expense to increase on an absolute dollar basis in the near term as we continue to increase investments in our technology architecture and software platform.

    General and Administrative Expense

        General and administrative expense consists of personnel-related costs for our executive, administrative, legal, human resources, security, finance and accounting personnel, including salaries, benefits, bonuses, payroll taxes, stock-based compensation and other related costs. Additional expenses include bad debt expense related to customer receivables, recruiting costs, professional fees, travel, insurance and allocated overhead costs.

        We expect general and administrative expense to increase on an absolute dollar basis in the near term as we continue to increase investments to support our anticipated growth and as a result of our becoming a public company.

Interest Expense, Net

        Interest expense, net consists of interest expense related to our outstanding debt obligations and the amortization of deferred financing costs and debt discount associated with such arrangements, as well as interest income related to our invested balances of cash and cash equivalents.

Other Income (Expense), Net

        Other income (expense), net consists primarily of gains and losses related to the revaluation of certain of our outstanding warrant liabilities at each reporting date, foreign currency transactions gains and losses and loss on extinguishment of debt.

78


Table of Contents

Income Taxes

        Since our inception in 2002, we have not recorded any U.S. federal or state income tax benefits for the net losses we have incurred in each year or for our earned research and development tax credits, due to our uncertainty of realizing a benefit from those items. Accordingly, we carry a valuation allowance against the full amount of our deferred tax assets. As of December 31, 2017, we had federal net operating loss carryforwards of $231.0 million, which begin to expire in 2023, and state net operating loss carryforwards of $153.8 million, which begin to expire in 2018. As of December 31, 2017, we also had federal and state research and development tax credit carryforwards of $4.2 million and $2.4 million, respectively, which begin to expire in 2026 and 2021, respectively. As of December 31, 2017, we had foreign net operating loss carryforwards of $4.7 million. Of this amount, carryforwards of $1.1 million expire in 2036 and carryforwards of $3.6 million do not expire. We recognized a benefit from income taxes in 2016 due to the release of a portion of our deferred tax asset valuation allowance in connection with our acquisition of Confer. We recognized a provision for income taxes in 2017 due primarily to foreign income taxes.

Results of Operations

        The following table sets forth our consolidated statements of operations in dollar amounts and as a percentage of revenue for the periods indicated:

 
  Year Ended December 31,  
 
  2015   2016   2017  
 
  (in thousands)
 

Consolidated Statement of Operations Data:

                   

Revenue:

                   

Subscription, license and support

  $ 63,747   $ 104,786   $ 149,262  

Services

    6,847     11,453     12,752  

Total revenue

    70,594     116,239     162,014  

Cost of revenue:

                   

Subscription, license and support(1)

    4,492     11,296     24,217  

Services(1)

    8,821     9,743     11,421  

Total cost of revenue

    13,313     21,039     35,638  

Gross profit

    57,281     95,200     126,376  

Operating expenses:

                   

Sales and marketing(1)

    55,432     80,997     107,190  

Research and development(1)

    24,042     36,493     52,047  

General and administrative(1)

    14,389     23,289     22,337  

Total operating expenses

    93,863     140,779     181,574  

Loss from operations

    (36,582 )   (45,579 )   (55,198 )

Interest expense, net

    (817 )   (518 )   32  

Other income (expense), net

    (1,253 )   (648 )   (583 )

Loss before income taxes

    (38,652 )   (46,745 )   (55,749 )

Benefit from (provision for) income taxes

        2,191     (78 )

Net loss

  $ (38,652 ) $ (44,554 ) $ (55,827 )

                   

79


Table of Contents


(1)
The following table summarizes the classification of stock-based compensation expense in our consolidated statements of operations:

 
  Year Ended December 31,  
 
  2015   2016   2017  
 
  (in thousands)
 

Cost of subscription, license and support revenue

  $ 103   $ 184   $ 403  

Cost of services revenue

    179     219     227  

Sales and marketing expense

    1,595     2,501     3,310  

Research and development expense

    1,585     2,035     2,506  

General and administrative expense

    1,446     2,417     2,510  

Total stock-based compensation expense

  $ 4,908   $ 7,356   $ 8,956  

 

 
  Year Ended December 31,  
 
  2015   2016   2017  

Percentage of Revenue:

                   

Revenue:

                   

Subscription, license and support

    90 %   90 %   92 %

Services

    10     10     8  

Total revenue

    100     100     100  

Cost of revenue:

                   

Subscription, license and support

    6     10     15  

Services

    12     8     7  

Total cost of revenue

    19     18     22