sv1

Proposed Maximum

Amount of

Title of Each Class of

Aggregate

Registration

Securities to be Registered

Offering Price(1)(2)

Common Stock, $0.00001 par value

$74,750,000

As filed with the Securities and Exchange Commission on September 11, 2007

Registration No. 333-

UNITED STATES SECURITIES AND EXCHANGE COMMISSION

Washington, D.C. 20549

Form S-1

Registration Statement Under The Securities Act of 1933

ArcSight, Inc.

(Exact name of Registrant as specified in its charter)


Delaware (State or other jurisdiction of incorporation or organization)		7372 (Primary Standard Industrial Classification Code Number)		52-2241535 (I.R.S. Employer Identification Number)

ArcSight, Inc.

5 Results Way

Cupertino, California 95014

(408) 864-2600

(Address, including zip code, and telephone number, including area code, of Registrant’s principal executive offices)

Robert W. Shaw

Chief Executive Officer and

Chairman of the Board

ArcSight, Inc.

5 Results Way

Cupertino, California 95014

(408) 864-2600

(Name, address, including zip code, and telephone number, including area code, of agent for service)

Please send copies of all communications to:


David A. Bell, Esq. Daniel J. Winnike, Esq. Yoonie Y. Chang, Esq. Michael J. Hopp, Esq. Fenwick & West LLP 801 California Street Mountain View, California 94041 (650) 988-8500		Trâm T. Phi, Esq. Vice President and General Counsel ArcSight, Inc. 5 Results Way Cupertino, California 95014 (408) 864-2600		Bruce K. Dallas, Esq. Davis Polk & Wardwell 1600 El Camino Real Menlo Park, California 94025 (650) 752-2000

Approximate date of commencement of proposed sale to the public: As soon as practicable after this registration statement becomes effective.

If any of the securities being registered on this Form are to be offered on a delayed or continuous basis pursuant to Rule 415 under the Securities Act, check the following box: o

If this Form is filed to register additional securities for an offering pursuant to Rule 462(b) under the Securities Act, please check the following box and list the Securities Act registration statement number of the earlier effective registration statement for the same offering. o

If this Form is a post-effective amendment filed pursuant to Rule 462(c) under the Securities Act, check the following box and list the Securities Act registration statement number of the earlier effective registration statement for the same offering. o

If this Form is a post-effective amendment filed pursuant to Rule 462(d) under the Securities Act, check the following box and list the Securities Act registration statement number of the earlier effective registration statement for the same offering. o

CALCULATION OF REGISTRATION FEE


(1)		Estimated solely for the purpose of calculating the amount of the registration fee in accordance with Rule 457(o) of the Securities Act of 1933, as amended.

(2)		Includes shares the underwriters have the option to purchase to cover over-allotments, if any.

The Registrant hereby amends this Registration Statement on such date or dates as may be necessary to delay its effective date until the Registrant shall file a further amendment which specifically states that this Registration Statement shall thereafter become effective in accordance with Section 8(a) of the Securities Act of 1933 or until the Registration Statement shall become effective on such date as the Commission, acting pursuant to said Section 8(a), may determine.

The information in this prospectus is not complete and may be changed. We may not sell these securities until the registration statement filed with the Securities and Exchange Commission is effective. This prospectus is not an offer to sell these securities and we are not soliciting offers to buy these securities in any state where the offer or sale is not permitted.

PROSPECTUS (Subject to Completion)

Issued September 11, 2007

Shares

COMMON STOCK

ArcSight, Inc. is offering shares of its common stock and the selling stockholders are offering shares of common stock. We will not receive any of the proceeds from the sale of shares of common stock by the selling stockholders. This is our initial public offering and no public market exists for our shares. We anticipate that the initial public offering price will be between $ and $ per share.

We will apply to have our common stock listed on The NASDAQ Global Market under the symbol “ARST.”

Investing in the common stock involves risks. See “Risk Factors” beginning on page 7.

PRICE $ A SHARE

Underwriting

Proceeds to

Price to

Discounts and

Proceeds to

Selling

Public

Commission

ArcSight

Stockholders

Per Share

Total

We have granted the underwriters the right to purchase an additional shares of common stock to cover over-allotments.

The Securities and Exchange Commission and state securities regulators have not approved or disapproved these securities, or determined if this prospectus is truthful or complete. Any representation to the contrary is a criminal offense.

Morgan Stanley & Co. Incorporated expects to deliver the shares of common stock to purchasers on , 2007.


*MORGAN STANLEY*	*LEHMAN BROTHERS*


*WACHOVIA SECURITIES*	*RBC CAPITAL MARKETS*

, 2007

Computer viruses seek out your cell phone As cell phones get The Trojan responsible for stealing more than 1.6 million personal records from Online Applicant uses that infor—mation to build targeted spam that offers recipients lucrative, but illegal, money laundering jobs, effectively ArcSight Pharmaceutical firm confirms third breach involving employee data since June As many as 34,000 workers may be vulnerable to ID theft Pharmaceutical company appears to be having an especially hard time of late keeping its employee data secure. many as 34,000 of its employees may be at risk of read an download

2.6 million cdedit cards exposed at electronics retailer smarter, they also Computer viruses seek out your cell phone As cell phones get become a target for malicious code. Here’s how to protect yourself When it comes to cell phones, the smarter they are, the harder they for for viruses. Almost one in phones so

Stolen Online Applicant Data Put to Bad Use The Trojan horse used to steal personal data from Online Applicant sends targeted spam seeking recruits for money-laundering jobs mated searches that have collected information on hundreds of thousands who have posted their resumes on the job search site. Criminals then used the stolen names, e-mail addresses, address, phone numbers identification into

victin

contain accomplices, said Symantec Corp. Wednesday. Online Applicant, mean-while while, said Wednesday it had shut down the server used to store the stolen resume information. week,

Are you protecting your business? Employee Walks Away With $400 Million In Trade Secrets Company scientist downloaded 22,000 sensitive documents and accessed 16,000 others as he got ready to take a job with a competitor

Office in Delaware last week revealed a massive insider data scientist stole $400 million worth of trade secrets from the aces up to 10 years in prison, a fine of $250,000, and restitu- 2.6 Million Credit Cards Exposed at Electronics Retailer Estonia Computers Blitzed, Possibly by the Russians Current and former account holders of Electronic Retailer credit card are being notified that their personal information was exposed As end users at different companies conduct more business with one another via the Web, corporate information security strategies are being

That realization is being by the accelerating nies to collaborate online ers, business partners; The “de-perimeterizati networks that has re collaboration is forcir completely rethink entrenched security The computer attacks, apparently originating in Russia, first hit the Web site of Estonia’s prime minister on April 27, the day the country was mired in protest and violence. The president’s site went down, too, and soon so did those of several departments in a wired country that touts its paperless government and likes to call itself E-stonia. Then the attacks, coming in waves, began to strike newspapers and televi—sion stations, then schools and finally banks, raising fears that The attacks have peaked and tapered off since then, but they have not ended, prompting officials there to declare Estonia the first country to fall victim to a virtual war. “If you have a missile attack against, let’s say, an airport, it is an act of war,” a spokesman for the Estonian Defense Ministry, Madis Mikko, said Friday in a telephone interview. “If the same result is caused by computers, then how else do you describe that kind of attack?”

TABLE OF CONTENTS


	Page

Prospectus Summary		1
Risk Factors		7
Special Note Regarding Forward-Looking Statements and Industry Data		26
Use of Proceeds		27
Dividend Policy		27
Capitalization		28
Dilution		30
Selected Consolidated Financial Data		32
Management’s Discussion and Analysis of Financial Condition and Results of Operations		34
Business		51
Management		68
Certain Relationships and Related Party Transactions		95
Principal and Selling Stockholders		96
Description of Capital Stock		99
Shares Eligible for Future Sale		103
Underwriters		105
Legal Matters		109
Experts		109
Where You Can Find Additional Information		109
Index to Consolidated Financial Statements		F-1
EXHIBIT 3.1
EXHIBIT 3.3
EXHIBIT 4.2
EXHIBIT 10.2
EXHIBIT 10.3
EXHIBIT 10.4
EXHIBIT 10.5
EXHIBIT 10.17
EXHIBIT 23.1
EXHIBIT 99.1
EXHIBIT 99.2

You should rely only on the information contained in this prospectus or in any free-writing prospectus we may specifically authorize to be delivered or made available to you. We have not, the selling stockholders have not and the underwriters have not authorized anyone to provide you with additional or different information. We and the selling stockholders are offering to sell, and seeking offers to buy, shares of our common stock only in jurisdictions where offers and sales are permitted. The information in this prospectus or a free-writing prospectus is accurate only as of its date, regardless of its time of delivery or any sale of shares of our common stock. Our business, financial condition, results of operations and prospects may have changed since that date.

Until , 2007 (25 days after the commencement of this offering), all dealers that buy, sell or trade shares of our common stock, whether or not participating in this offering, may be required to deliver a prospectus. This delivery requirement is in addition to the obligation of dealers to deliver a prospectus when acting as underwriters and with respect to their unsold allotments or subscriptions.

For investors outside the United States: We have not, the selling stockholders have not and the underwriters have not done anything that would permit this offering or possession or distribution of this prospectus in any jurisdiction where action for that purpose is required, other than in the United States. Persons outside the United States who come into possession of this prospectus must inform themselves about, and observe any restrictions relating to, the offering of the shares of common stock and the distribution of this prospectus outside of the United States.

PROSPECTUS SUMMARY

This summary highlights information contained elsewhere in this prospectus and does not contain all of the information you should consider in making your investment decision. You should read this summary together with the more detailed information, including our financial statements and the related notes, provided elsewhere in this prospectus. You should carefully consider, among other things, the matters discussed in “Risk Factors.”

ARCSIGHT, INC.

We are a leading provider of security and compliance management solutions that intelligently mitigate business risk for enterprises and government agencies. Much like a “mission control center,” our ArcSight ESM platform delivers a centralized, real-time view of disparate digital alarms, alerts and status messages, which we refer to as events, across geographically dispersed and heterogeneous business and technology infrastructures. Our software correlates massive numbers of events from thousands of security point solutions, network and computing devices and applications, enabling intelligent identification, prioritization and response to external threats, insider threats and compliance and corporate policy violations. We also provide complementary software that delivers pre-packaged analytics and reports tailored to specific security and compliance initiatives, as well as appliances that streamline threat response, event log archiving and network configuration.

We have designed our platform to support the increasingly complex business and technology infrastructure of our customers. As of April 30, 2007, we have sold our products to more than 350 customers across multiple industries and government agencies in the United States and internationally, including companies in the Fortune Top 5 of the aerospace and defense, energy and utilities, financial services, food production and services, healthcare, high technology, insurance, media and entertainment, retail and telecommunications industries, and more than 20 major U.S. government agencies.

As enterprises and government agencies increasingly utilize an interconnected information technology and business infrastructure to enhance efficiency, exchange information and conduct business with partners, customers and suppliers, these organizations expose their infrastructure and data to heightened security risks and are subject to increasing compliance requirements. The large number of heterogeneous devices and applications in a geographically distributed corporate infrastructure generates massive amounts of event data that is challenging to monitor or analyze at an enterprise-wide scale for security vulnerabilities and compliance violations. Vendor-specific management consoles and traditional systems management tools are limited in scope or are not equipped to handle a large volume of data. In addition, organizations have difficulty identifying events that are threatening in nature because they are unable to distinguish threats from the “white noise” of normal event activity, to recognize risks by correlating events reported by disparate systems, to understand the context in which the events arise or to appropriately prioritize responses according to risk level or corporate policy.

The need for a highly scalable, holistic and intelligent solution that can help organizations address these challenges in real-time is growing. The market for security and compliance management solutions today includes security information and event management, forensics and incident investigation, policy and compliance management and network change and configuration management. According to a report by International Data Corporation, or IDC, the security information and event management, forensics and incident investigation, and policy and compliance management markets are projected to grow, in aggregate, from $993.6 million in 2007 to $2.2 billion in 2011, representing a compound annual growth rate of 22.1%. In separate reports, IDC projects that the network change and configuration management market will grow from $157.1 million in 2007 to $372.6 million in 2011, representing a compound annual growth rate of 24.1%, and the compliance infrastructure software market, in which we also compete, will grow from $6.2 billion in 2007 to $10.6 billion in 2010, representing a compound annual growth rate of 19.5%.

Our Solutions

Our ESM platform identifies and prioritizes high-risk activity and presents a consolidated view of threats to the business and technology infrastructure in rich, graphical displays. Our platform collects streaming data from event sources, translates the streaming data into a common format, and then processes this data with our correlation

engine in which complex algorithms determine if events taking place conform to normal patterns of behavior, established security policies and compliance regulations. Once threats are identified, our ArcSight TRM (Threat Response Manager) and ArcSight NCM (Network Configuration Manager) appliance products help our customers easily re-configure network devices to remediate threats and prevent recurrence. In addition, through our new Logger appliance, we enable efficient and scalable storage, preservation and management of terabytes of enterprise log data for compliance requirements or forensic analysis. Our customers enhance the value of individual security products in their business and technology infrastructure by integrating them with our platform. Key benefits of our solutions include:


	•	Enterprise-Class Technology and Architecture. We design our solutions to serve the needs of even the largest organizations, which typically have highly complex, geographically dispersed and heterogeneous business and technology infrastructures.


	•	Interoperability. We provide off-the-shelf software connectors for over 240 products, including security devices, end-user devices, networking equipment, computing infrastructure, other IP-enabled devices, and enterprise applications and databases, from approximately 100 vendors, allowing our customers to rapidly deploy our platform in their existing business and technology infrastructures.

	•	Flexibility. In addition to providing off-the-shelf connectors, our ESM platform is designed to enable customers to rapidly build interfaces to new products, proprietary applications and legacy systems.

	•	Scalability. Our ESM platform enables customers to collect and correlate millions of events per day from a large number of heterogeneous devices and applications in real-time, and may be expanded by the customer over time to incorporate additional departments, branch offices or geographies, as well as additional categories of devices and applications, while maintaining the overall performance of the platform.

	•	Archiving. Our solution helps customers store event data to satisfy regulatory recordkeeping requirements by providing cost-effective and centralized event log archiving.


	•	Intelligent Correlation. Our correlation engine distills a large number of events occurring daily into intelligence that allows customers to identify, prioritize and respond to specific threats or compliance violations.

	•	Streamlined Response and Seamless Workflow. Our products simplify the management of the broad range of notifications and actions that must take place to remediate a threat and prevent recurrence across the technology infrastructure, thus narrowing the period of vulnerability.

	•	Reporting and Visualization. We present threat information through a rich and intuitive graphical user interface, through which customers can view risk across their organization in a variety of ways, address internal and external compliance requirements and communicate the value and effectiveness of the organization’s security operations.

Our Strategy

Our objective is to be the leading provider of security and compliance management solutions that intelligently mitigate business risk for enterprises and government agencies. The key elements of our strategy to achieve this objective include:


	•	Grow Our Customer Base. We plan to increase our presence globally by expanding our direct sales force and building additional relationships with channel partners. We also plan to further penetrate the mid-market through an expanded network of channel partners and continued development of appliance-based products.

	•	Deepen Our Penetration of Existing Customers. We intend to facilitate expanded deployments of our products with, and to introduce new solutions to, our existing customers. We expect our appliance-based products to generate opportunities for additional sales to our installed base as customers build on their existing implementations.


	•	Extend Our Partner Network. We will continue to work with technology partners, including CA, Cisco Systems, IBM, Juniper Networks, McAfee, Oracle, SAP and Symantec, and other vendors, such as Check Point Software Technologies, Trend Micro and Websense, to provide for compatibility between our platform and their latest products.

	•	Extend Our Expertise in Security Best Practices. We will continue to develop pre-packaged software solutions that are tailored to address specific security and regulatory concerns, as we have done with our existing IT governance, Sarbanes-Oxley compliance, Payment Card Industry (PCI) compliance and Insider Threat packages.

	•	Extend Our Value Proposition to More Event Sources and Business Use Cases Beyond Traditional IT Security. We intend to create new sales opportunities by developing solutions that address high-value additional use cases for our platform. In addition to using our software to mitigate risk from external or insider threats and to satisfy compliance requirements, we believe that enterprises are increasingly finding value in leveraging our highly scalable, real-time event correlation platform for applications beyond security.

Risks Affecting Us

Our business is subject to numerous risks, which are highlighted in “Risk Factors” immediately following this prospectus summary. These risks represent challenges to the successful implementation of our strategy and to the growth and future profitability of our business. Some of these risks are:


	•	we have a limited operating history and have incurred significant losses since inception, including losses from operations of $16.8 million in fiscal 2006 and $0.3 million in fiscal 2007, and as of April 30, 2007, we had an accumulated deficit of $44.6 million;

	•	our quarterly operating results are likely to vary significantly and be unpredictable, in part because of the length and unpredictability of our sales cycle, as well as the purchasing and budgeting practices of our customers;

	•	if we are unsuccessful in managing and further developing our distribution channels, our revenues could decline and our growth prospects could suffer;

	•	our sales are concentrated in our ESM platform, we have limited experience with the sale, manufacture, delivery, service and support for our appliance products, and we may be unable to successfully develop new products, make enhancements to our existing products or expand our offerings into new markets; and

	•	the market in which we operate is highly competitive, and many of our established competitors have significantly greater resources than we do and have other potential advantages; our customers may also choose to develop their own customized solutions rather than purchase products such as ours.

For further discussion of these and other risks you should consider before making an investment in our common stock, see “Risk Factors” immediately following the prospectus summary.

Corporate Information

We were incorporated in Delaware on May 3, 2000 as Wahoo Technologies, Inc. On March 30, 2001, we changed our name to ArcSight, Inc. Our principal executive offices are located at 5 Results Way, Cupertino, California 95014, and our telephone number is (408) 864-2600. Our website address is www.arcsight.com. The information on, or that can be accessed through, our website is not part of this prospectus.

Except where the context requires otherwise, in this prospectus “Company,” “ArcSight,” “Registrant,” “we,” “us” and “our” refer to ArcSight, Inc., and where appropriate, its subsidiaries.

“ArcSight” and the ArcSight logo are registered trademarks of ArcSight in the United States and in some other countries. Where not registered, these marks and “ArcSight Console,” “ArcSight Manager,” “ArcSight Web,” “FlexConnector,” “Logger,” “NCM” “SmartConnector” and “TRM” are trademarks of ArcSight. Other service marks, trademarks and tradenames referred to in this prospectus are the property of their respective owners.

THE OFFERING


Shares of common stock offered by us		shares

Shares of common stock offered by the selling stockholders		shares

Shares of common stock to be outstanding after this offering		shares

Use of proceeds		We plan to use the net proceeds of this offering for general corporate purposes, including working capital and potential acquisitions. We will not receive any of the proceeds from the sale of shares of common stock by the selling stockholders. See “Use of Proceeds.”

NASDAQ Global Market Symbol		“ARST”

The number of shares of common stock that will be outstanding after this offering is based on 98,430,496 shares of our common stock outstanding as of April 30, 2007, and excludes:


	•	23,091,296 shares of common stock issuable upon the exercise of options outstanding as of April 30, 2007, at a weighted-average exercise price of approximately $0.99 per share;

	•	2,431,938 shares of common stock issuable upon the exercise of options granted after April 30, 2007, at a weighted-average exercise price of $2.50 per share;

	•	76,820 shares of common stock issuable upon exercise of warrants outstanding as of April 30, 2007, including a warrant to purchase 25,185 shares of common stock and warrants to purchase an aggregate of 51,635 shares of convertible preferred stock that will convert into warrants to purchase the same number of shares of common stock upon completion of this offering, at a weighted-average exercise price of approximately $0.0003 per share;

	•	shares of common stock reserved for future issuance under our 2007 Equity Incentive Plan, which will become effective on the first day that our common stock is publicly traded and contains provisions that will automatically increase its share reserve each year, as more fully described in “Management—Employee Benefit Plans”; and

	•	shares of common stock reserved for future issuance under our 2007 Employee Stock Purchase Plan, which will be become effective on the first day that our common stock is publicly traded and contains provisions that will automatically increase its share reserve each year, as more fully described in “Management—Employee Benefit Plans.”

Unless otherwise indicated, all information in this prospectus assumes:


	•	the conversion of all outstanding shares of our convertible preferred stock into 55,950,192 shares of common stock effective upon the closing of this offering;

	•	the conversion of all outstanding warrants to purchase shares of our convertible preferred stock into warrants to purchase an aggregate of 51,635 shares of common stock effective upon closing of this offering; and

	•	no exercise by the underwriters of their right to purchase up to an additional shares of common stock to cover over-allotments.

SUMMARY OF CONSOLIDATED FINANCIAL DATA

The following table summarizes our consolidated financial data. We have derived the following summary of our consolidated statements of operations data for the fiscal years ended April 30, 2005, 2006 and 2007 and the consolidated balance sheet data as of April 30, 2007 from our audited consolidated financial statements appearing elsewhere in this prospectus. Our historic results are not necessarily indicative of the results that may be expected in the future. The summary of our financial data set forth below should be read together with our consolidated financial statements and the section entitled “Management’s Discussion and Analysis of Financial Condition and Results of Operations,” appearing elsewhere in this prospectus. The pro forma balance sheet data give effect to the conversion of all outstanding shares of convertible preferred stock into common stock effective upon the closing of this offering, and the pro forma as adjusted balance sheet data also reflect the sale of shares of our common stock in this offering at an assumed initial public offering price of $ per share, the midpoint of the range reflected on the cover page on this prospectus, after deducting the estimated underwriting discounts and commissions and estimated offering expenses payable by us and the application of the net proceeds as described in “Use of Proceeds.”


	Fiscal Year Ended April 30,
	2005			2006			2007
	(in thousands, except per share data)

Consolidated Statement of Operations Data:
Revenues	$	32,822		$	39,435		$	69,833
Cost of revenues(1)		4,494			6,796			9,588

Gross profit		28,328			32,639			60,245

Operating expenses(1)
Research and development		7,583			12,154			14,535
Sales and marketing		14,647			24,309			36,587
General and administrative		8,725			12,978			9,453

Total operating expenses		30,955			49,441			60,575

Loss from operations		(2,627	)		(16,802	)		(330	)
Other income (expense), net		(49	)		219			462

Income (loss) before provision for income taxes		(2,676	)		(16,583	)		132
Provision for income taxes		137			163			389

Net loss	$	(2,813	)	$	(16,746	)	$	(257	)

Net loss per common share, basic and diluted	$	(0.11	)	$	(0.56	)	$	(0.01	)

Shares used in computing basic and diluted net loss per common share		24,647			29,874			40,169

Pro forma net loss per common share, basic and diluted (unaudited)							$	(0.00	)

Shares used in computing pro forma basic and diluted net loss per common share (unaudited)								96,106


(1)		Includes stock-based compensation expense as follows:


	Fiscal Year Ended April 30,
	2005		2006		2007
	(in thousands)

Cost of maintenance and services revenues	$	7	$	10	$	17
Research and development		1,642		1,950		501
Sales and marketing		746		210		661
General and administrative		4,838		5,948		350

Total stock-based compensation expense	$	7,233	$	8,118	$	1,529

Revenues in fiscal 2006 excluded revenues related to multiple element sales transactions consummated in that year that were deferred because we did not have vendor-specific objective evidence of fair value, or VSOE, for some product elements that were not delivered in 2006. In fiscal 2007, we either delivered such product elements, or we

and our customers amended the contractual terms of these sales transactions to remove the undelivered product elements. Fiscal 2007 revenues included a substantial portion of the revenues so deferred from fiscal 2006, as well as a small amount of revenues similarly deferred from prior years. See “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Sources of Revenues, Cost of Revenues and Operating Expenses” for additional details, including the net amounts involved. We do not expect revenues in future periods to be favorably impacted to the same extent by similar transactions consummated in fiscal 2007 and prior periods.


	As of April 30, 2007
							Pro Forma
	Actual			Pro Forma			As Adjusted(1)
	(in thousands, except per share data)
				(unaudited)			(unaudited)

Consolidated Balance Sheet Data:
Cash and cash equivalents	$	16,917		$	16,917		$
Working capital deficit		(3,192	)		(3,192	)
Total assets		48,990			48,990
Current and long-term debt		—			—			—
Convertible preferred stock		26,758			—			—
Total stockholders’ equity	$	5,130		$	5,130		$


(1)		A $1.00 increase (decrease) in the assumed public offering price of $ per share would increase (decrease) each of cash and cash equivalents, working capital, total assets and total stockholders’ equity by $ million, assuming that the number of shares offered by us, as set forth on the cover page of this prospectus, remains the same, and after deducting estimated underwriting discounts and commissions and estimated offering expenses payable by us. The pro forma information discussed above is illustrative only and following closing of this offering will be adjusted based on the actual public offering price and other terms of this offering determined at pricing.

RISK FACTORS

Investing in our common stock involves a high degree of risk. You should consider carefully the risks and uncertainties described below, together with all of the other information in this prospectus, including the consolidated financial statements and the related notes appearing at the end of this prospectus, before deciding to invest in shares of our common stock. If any of the following risks actually occurs, our business, financial condition, results of operations and future prospects could be materially and adversely affected. In that event, the market price of our common stock could decline and you could lose part or even all of your investment.

Risk Related to Our Business and Industry

We have limited operating history in an emerging market and a history of losses, and we are unable to predict the extent of any future losses or when, if ever, we will achieve consistent profitability in the future.

We launched our ESM products in January 2002, our TRM and NCM products in June 2006 and our Logger product in December 2006. Because we have a limited operating history, and the market for our products is rapidly evolving, it is difficult for us to predict our operating results and ultimate size of the market for our products. We have a history of losses from operations, incurring losses from operations of $16.8 million and $0.3 million for the fiscal years ended April 30, 2006 and 2007, respectively. As of April 30, 2007, our accumulated deficit was $44.6 million. We expect our operating expenses to increase over the next several years as we hire additional sales and marketing personnel, expand our channel sales program and develop our technology and new products. In addition, as a public company, we will incur significant legal, accounting and other expenses that we did not incur as a private company. If our revenues do not increase to offset these expected increases in operating expenses, we will continue to incur significant losses and will not become profitable. Our revenue growth in recent periods should not be considered indicative of our future performance. In future periods, our revenues could decline and, accordingly, we may not be able to achieve profitability and our losses may increase. Even if we do achieve profitability, we may not be able to sustain or increase profitability on a consistent basis, which may result in a decline in our common stock price.

Our future operating results may fluctuate significantly and may not be a good indication of our future performance.

Our revenues and operating results could vary significantly from period to period as a result of a variety of factors, many of which are outside of our control. As a result, comparing our revenues and operating results on a period-to-period basis may not be meaningful, and you should not rely on our past results as an indication of our future performance. For example, revenues in fiscal 2006 excluded revenues related to multiple element sales transactions consummated in that year that were deferred because we did not have vendor-specific objective evidence of fair value, or VSOE, for some product elements that were not delivered in 2006. In fiscal 2007, we either delivered such product elements, or we and our customers amended the contractual terms of these sales transactions to remove the undelivered product elements. Fiscal 2007 revenues included a substantial portion of the revenues so deferred from fiscal 2006, as well as a small amount of revenues similarly deferred from prior years. See “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Sources of Revenues, Cost of Revenues and Operating Expenses.” We do not expect revenues in future periods to be favorably impacted to the same extent by similar transactions consummated in fiscal 2007 and prior periods. We may not be able to accurately predict our future revenues or results of operations. We base our current and future expense levels on our operating plans and sales forecasts, and our operating costs are relatively fixed in the short term. As a result, we may not be able to reduce our costs sufficiently to compensate for an unexpected shortfall in revenues, and even a small shortfall in revenues could disproportionately and adversely affect financial results for that quarter. In addition, sales to some customers or resellers are recognized when cash is received, which may be delayed because of changes or issues with those customers or resellers. If our revenues or operating results fall below the expectations of investors or any securities analysts that may choose to cover our stock, the price of our common stock could decline substantially.

In addition to other risk factors listed in this section, factors that may affect our operating results include:


	•	the number, size and pricing of sales transactions during the period;


	•	the timing of our sales during the quarter, particularly since a substantial majority of our sales occurs in the last few weeks of the quarter and loss or delay of a few large contracts may have a significant adverse impact on our operating results;

	•	changes in the mix of revenues attributable to higher-margin revenues from ESM products as opposed to lower-margin revenues from sales of our appliance products;

	•	our ability to accurately predict sales of our appliance products to ensure sufficient inventory to achieve timely delivery and to avoid excess inventory;

	•	the timing of development and release of new products by us and our competitors;

	•	any downturn in our customers’ and potential customers’ businesses;

	•	any significant change in the competitive dynamics of our markets, including new entrants to our markets;

	•	changes in the mix of revenues attributable to direct sales compared to sales by channel partners, the latter of which are more likely to involve revenue recognition upon receipt of payment due to collectibility concerns at the time of contract execution and product delivery, and are more likely to have lower margins;

	•	changes in the renewal rate of maintenance agreements;

	•	strategic decisions by us or our competitors, such as acquisitions, divestitures, spin-offs, joint ventures, strategic investments or changes in business strategy;

	•	our ability to estimate warranty claims accurately;

	•	the timing or failure of delivery of our appliance products from our equipment vendor, including as a result of a failure to manufacture our appliance products or fulfill orders in required volumes, in a timely manner, at a sufficient level of quality, or at all;

	•	the timing of satisfying revenue recognition criteria, including establishing VSOE for new products and maintaining VSOE for maintenance and services;

	•	volatility in our stock price, which may lead to higher stock compensation expenses for future grants under applicable accounting standards;

	•	the budgeting, procurement and work cycles of our customers, including customers in the public sector, which may cause seasonal variation as our business and the market for security and compliance management software solutions matures; and

	•	general economic conditions, both domestically and in our foreign markets.

Our sales cycle is long and unpredictable, and our sales efforts require considerable time and expense. As a result, our revenues are difficult to predict and may vary substantially from quarter to quarter, which may cause our operating results to fluctuate.

Our operating results may fluctuate, in part, because of the intensive nature of our sales efforts, the length and variability of the sales cycle of our ESM product and the short-term difficulty in adjusting our operating expenses. Because decisions to purchase products such as our ESM product involve significant capital commitments by customers, potential customers generally have our software evaluated at multiple levels within an organization, each often having specific and conflicting requirements. Enterprise customers make product purchasing decisions based in part on factors not directly related to the features of the products, including but not limited to the customers’ projections of business growth, capital budgets and anticipated cost savings from implementation of the software. As a result of these factors, licensing our software products often requires an extensive sales effort throughout a customer’s organization. In addition, we have limited experience with sales of our TRM, Logger and NCM products. In particular, sales of our TRM and NCM products and to some extent our Logger product involve approvals from different functional areas of an organization than our ESM products. As a result, the sales cycle for these products may be lengthy or may vary significantly. Our sales efforts involve educating our customers, who are often relatively unfamiliar with our products and the value of our products, including their technical capabilities and

potential cost savings to the enterprise. We spend substantial time, effort and money in our sales efforts without any assurance that our efforts will produce any sales.

The length of our sales cycle, from initial evaluation to delivery of software, tends to be long and varies substantially from customer to customer. Our sales cycle is typically three to six months but can extend up to over a year for certain sales. We typically recognize a substantial majority of our product revenues in the last few weeks of a quarter. It is difficult to predict exactly when, or even if, we will actually make a sale with a potential customer. As a result, large individual sales have, in some cases, occurred in quarters subsequent to those we anticipated, or have not occurred at all. The loss or delay of one or more large product transactions in a quarter could impact our operating results for that quarter and any future quarters into which revenues from that transaction is delayed. As a result of these factors, it is difficult for us to accurately forecast product revenues in any quarter. Because a substantial portion of our expenses are relatively fixed in the short term, our operating results will suffer if revenues fall below our expectations in a particular quarter which could cause the price of our common stock to decline significantly.

If we fail to further develop and manage our distribution channels, our revenues could decline and our growth prospects could suffer.

We derive a portion of our revenues from sales of our products and related services through channel partners, such as resellers and systems integrators. In particular, systems integrators are an important source of sales leads for us in the U.S. public sector, as government agencies often rely on them to meet information technology, or IT, needs, and we use resellers to augment our internal resources in international markets and, to a lesser extent, domestically. We may be required by our U.S. government customers to utilize particular resellers who may not meet our criteria for creditworthiness, and revenues from those resellers may not be recognizable until receipt of payment. We also anticipate that we will derive a substantial portion of our TRM, Logger and NCM sales through channel partners, including parties with whom we have not yet developed relationships. We expect that channel sales will represent a substantial portion of our U.S. government and international revenues for the foreseeable future and, we believe, a growing portion of our U.S. commercial revenues. We may be unable to recruit additional channel partners and successfully expand our channel sales program. If we do not successfully execute our strategy to increase channel sales, particularly to further penetrate the mid-market and sell our appliance products, our growth prospects may be materially and adversely affected.

Our agreements with our channel partners are generally non-exclusive and many of our channel partners have more established relationships with our competitors. If our channel partners do not effectively market and sell our products, if they choose to place greater emphasis on products of their own or those offered by our competitors, or if they fail to meet the needs of our customers, our ability to grow our business and sell our products may be adversely affected, particularly in the public sector, the mid-market and internationally. Similarly, the loss of a substantial number of our channel partners, who may cease marketing our products and services with limited or no notice and with little or no penalty and our possible inability to replace them, the failure to recruit additional channel partners, or any reduction or delay in their sales of our products and services or conflicts between channel sales and our direct sales and marketing activities could materially and adversely affect our results of operations.

We have limited experience with sale, manufacture, delivery, service and support of our TRM, Logger and NCM products, and we may be unable to successfully forecast demand or fulfill orders for these appliance products.

We introduced our appliance-based products in fiscal 2007. Prior to that time, we offered only software products and related services, and as a result have limited experience with sales of appliance-based products. Fulfillment of sales of our appliance products involves hardware manufacturing, inventory, import certification and return merchandise authorization processes with which we have limited experience. For example, if we fail to accurately predict demand and maintain insufficient hardware inventory or excess inventory, we may be unable to timely deliver ordered products or may have substantial inventory expense. If we underestimate warranty claims for our appliance products, our operating expenses may be higher than we anticipate which in turn may adversely affect our results of operations. In addition, if we change our hardware configuration or manufacturer, some countries may require us to reinitiate their import certification process. Because our appliance products are new, we have limited experience with warranty claims, resulting in limited ability to forecast warranty expense. If we are unable to

successfully perform these functions or develop a relationship with a fulfillment partner that does so for us, our sales, operating results and financial condition may be harmed.

Because we derive a substantial majority of our revenues from ArcSight ESM and related products and services, any failure of this product to continue to satisfy customer demands or to achieve more widespread market acceptance will harm our business, operating results, financial condition and growth prospects.

A substantial majority of our revenues is derived from ArcSight ESM and related products and services, and we expect this to continue for the foreseeable future. As a result, although we introduced our complementary appliance products in fiscal 2007 to more fully serve the enterprise security and compliance management market, our revenues and operating results will continue to depend substantially on the demand for our ArcSight ESM product. Demand for ArcSight ESM is affected by a number of factors beyond our control, including the timing of development and release of new products by us and our competitors, technological change, and lower-than-expected growth or a contraction in the worldwide market for enterprise security and compliance management solutions or other risks described in this prospectus. If we are unable to continue to meet customer demands or achieve more widespread market acceptance of ArcSight ESM, our business, operating results, financial condition and growth prospects will be adversely affected.

If we are unable to successfully market our recently introduced products, successfully develop new products, make enhancements to our existing products or expand our offerings into new markets, our business may not grow as expected and our operating results may suffer.

We introduced our TRM, Logger and NCM products in fiscal 2007 and are currently developing new versions of these products, our ESM platform and new complementary products. Our growth strategy and future financial performance will depend, in part, on our ability to market and sell these products and to diversify our offerings by successfully developing, timely introducing and gaining customer acceptance of new products.

The software in our products is especially complex because it must recognize, effectively interact with and manage new devices and applications, and effectively identify and respond to new and increasingly sophisticated security threats and other risks, while not impeding the high network performance demanded by our customers. The typical development cycle for a patch to our ESM software is one to three months, a service pack is four to six months and a new version or major sub-version is 12 to 18 months. Although customers and industry analysts expect speedy introduction of software to respond to new threats and risks and add new functionality, we may be unable to meet these expectations. Since developing new products or new versions of, or add-ons to, existing products is complex, the timetable for their commercial release is difficult to predict and may vary from our historical experience, which could result in delays in their introduction from anticipated or announced release dates. While we offer an enhanced maintenance offering to provide customers with access to newly developed content that addresses new threats and risks, we may not offer updates as rapidly as the threat affects our customers. If we do not quickly respond to the rapidly changing and rigorous needs of our customers by developing and introducing on a timely basis new and effective products, upgrades and services that can respond adequately to new security threats, our competitive position, business and growth prospects will be harmed.

Diversifying our product offerings and expanding into new markets will require significant investment and planning, will bring us more directly into competition with software providers which may be better established or have greater resources than we do, may complicate our relationships with channel and strategic partners and entails significant risk of failure. Sales of our Logger product and other products that we may develop and market may reduce revenues of our flagship ESM product and our overall margin by offering a subset of features or capabilities at a reduced price with a lower gross margin. Moreover, increased emphasis on the sale of our appliance products, add-on products or new product lines could distract us from sales of our core ArcSight ESM offering, negatively affecting our overall sales. If we fail or delay in diversifying our existing offerings or expanding into new markets, or we are unsuccessful competing in these new markets, our business, operating results and prospects may suffer.

If we are not able to maintain and enhance our brand, our business and operating results may be harmed.

We believe that maintaining and enhancing our brand identity is critical to our relationships with, and to our ability to attract, new customers and partners. The successful promotion of our brand will depend largely upon our marketing and public relations efforts, our ability to continue to offer high-quality products and services, and our

ability to successfully differentiate our products and services from those of our competitors, especially to the extent that our competitors integrate or bundle competitive offerings with a broader array of products and services that they may offer. Our brand promotion activities may not be successful or yield increased revenues. In addition, extension of our brand to products and uses different from our traditional products and services may dilute our brand, particularly if we fail to maintain the quality of our products and services in these new areas. Moreover, it may be difficult to maintain and enhance our brand in connection with sales through channel or strategic partners. The promotion of our brand will require us to make substantial expenditures, and we anticipate that the expenditures will increase as our market becomes more competitive and as we expand into new markets. To the extent that these activities yield increased revenues, such revenues may not offset the expenses we incur. If we do not successfully maintain and enhance our brand, our business may not grow, we may have reduced pricing power relative to competitors with stronger brands, and we could lose customers and channel partners, all of which would harm our business, operating results and financial condition.

In addition, independent industry analysts often provide reviews of our products and services, as well as those of our competitors, and perception of our products in the marketplace may be significantly influenced by these reviews. We have no control over what these industry analysts report, and because industry analysts may influence current and potential customers, our brand could be harmed if they do not provide a positive review of our products and services or view us as a market leader.

We face intense competition in our market, especially from larger, better-known companies, and we may lack sufficient financial or other resources to maintain or improve our competitive position.

The market for enterprise security and compliance management, log archiving and response products is intensely competitive, and we expect competition to increase in the future. A significant number of companies have developed, or are developing, products that currently, or in the future are likely to, compete with some or all of our products. We may not compete successfully against our current or potential competitors, especially those with significantly greater financial resources or brand name recognition. Companies competing with us may introduce products that are more competitively priced, have greater performance or functionality or incorporate technological advances that we have not yet developed or implemented.

Our competitors include large software companies, software or hardware network infrastructure companies, smaller software companies offering more narrowly focused enterprise security and compliance management, log archiving and response products and small and large companies offering point solutions that compete with components of our platform or individual products offered by us. Existing competitors for a security and compliance management software platform solution such as our ESM platform primarily are specialized, privately-held companies, such as Intellitactics and NetForensics, as well as larger companies such as CA and Symantec, and EMC, IBM and Novell, through their acquisitions of Network Intelligence, Micromuse and Consul, and e-Security, respectively. Competitors for sales of our TRM and NCM products include: privately-held companies that provide network configuration management products, such as Alterpoint and Voyence; larger providers of IT automation software products, such as Opsware, which Hewlett-Packard has agreed to acquire; and diversified IT security vendors. Current competitors for sales of our Logger product include specialized, privately-held companies, such as LogLogic and Sensage. In addition to these current competitors, we expect to face competition for our appliance products from both existing large, diversified software and hardware companies, from specialized, smaller companies and from new companies that may seek to enter this market.

A greater source of competition is represented by the custom efforts undertaken by potential customers to analyze and manage the information produced from their existing devices and applications to identify and remediate threats. Many companies, in particular large corporate enterprises, have developed internally software that is an alternative to our enterprise security and compliance management, log archiving and response products. Wide adoption of our Common Event Format, which we are promoting as a standard for event logs generated by security and other products, may facilitate this internal development. It may also allow our competitors to offer products with a degree of compatibility similar to ours or may facilitate new entrants into our business. New competitors may emerge and rapidly acquire significant market share due to factors such as greater brand name recognition, a larger installed customer base and significantly greater financial, technical, marketing and other

resources and experience. If these new competitors are successful, we would lose market share and our revenues would likely decline.

Mergers or consolidations among these competitors, or acquisitions of our competitors by large companies, present heightened competitive challenges to our business. For example, in recent years IBM has acquired Internet Security Systems, Inc., Micromuse and Consul, Novell acquired e-Security, EMC acquired Network Intelligence and Hewlett-Packard recently agreed to acquire Opsware. We believe that the trend toward consolidation in our industry will continue. These acquisitions will make these combined entities potentially more formidable competitors to us if their products and offerings are effectively integrated. Continued industry consolidation may impact customers’ perceptions of the viability of smaller or even medium-sized software firms and consequently customers’ willingness to purchase from such firms.

Many of our existing and potential competitors enjoy substantial competitive advantages, such as:


	•	greater name recognition and longer operating histories;

	•	larger sales and marketing budgets and resources;

	•	the capacity to leverage their sales efforts and marketing expenditures across a broader portfolio of products;

	•	broader distribution and established relationships with distribution partners;

	•	access to larger customer bases;

	•	greater customer support;

	•	greater resources to make acquisitions;

	•	lower labor and development costs; and

	•	substantially greater financial, technical and other resources.

As a result, they may be able to adapt more quickly and effectively to new or emerging technologies and changing opportunities, standards or customer requirements. In addition, these companies have reduced and could continue to reduce, the price of their enterprise security and compliance management, log archiving and response products and managed security services, which intensifies pricing pressures within our market.

Increased competition could result in fewer customer orders, price reductions, reduced operating margins and loss of market share. Our larger competitors also may be able to provide customers with different or greater capabilities or benefits than we can provide in areas such as technical qualifications, geographic presence, the ability to provide a broader range of services and products, and price. In addition, large competitors may have more extensive relationships within large enterprises, the federal government or foreign governments, which may provide them with an advantage in competing for business with those potential customers. Our ability to compete will depend upon our ability to provide better performance than our competitors at a competitive price. We may be required to make substantial additional investments in research, development, marketing and sales in order to respond to competition, and we cannot assure you that we will be able to compete successfully in the future.

We may not be able to compete effectively with companies that integrate or bundle products similar to ours with their other product offerings.

Many large, integrated software companies offer suites of products that include software applications for security and compliance management. In addition, hardware vendors, including diversified, global concerns, offer products that address the security and compliance needs of the enterprises and government agencies that comprise our target market. Further, several companies currently sell software products that our customers and potential customers have broadly adopted, which may provide them a substantial advantage when they sell products that perform functions substantially similar to some of our products. Competitors that offer a large array of security or software products may be able to offer products or functionality similar to ours at a more attractive price than we can by integrating or bundling them with their other product offerings. The trend toward consolidation in our industry increases the likelihood of competition based on integration or bundling. Customers may also increasingly seek to consolidate their enterprise level software purchases with a small number of larger companies that can purport to

satisfy a broad range of their requirements. If we are unable to sufficiently differentiate our products from the integrated or bundled products of our competitors, such as by offering enhanced functionality, performance or value, we may see a decrease in demand for those products, which would adversely affect our business, operating results and financial condition. Similarly, if customers seek to concentrate their software purchases in the product portfolios of a few large providers, we may be at a competitive disadvantage notwithstanding the superior performance that we believe our products can deliver.

We face risks related to customer outsourcing to managed security service providers.

Some of our customers have outsourced the management of their IT departments or the network security operations function to large system integrators or managed security service providers, or MSSPs. If this trend continues, our established customer relationships could be disrupted and our products could be displaced by alternative system and network protection solutions offered by system integrators or MSSPs. Significant product displacements could impact our revenues and have a negative effect on our business. While to date we have developed a number of successful relationships with MSSPs, they may develop or acquire their own technologies rather than purchasing our products for use in provision of managed security services.

Our business depends, in part, on sales to the public sector and significant changes in the contracting or fiscal policies of the public sector could have a material adverse effect on our business.

We derive a portion of our revenues from contracts with federal, state, local and foreign governments and government agencies, and we believe that the success and growth of our business will continue to depend on our successful procurement of government contracts. For example, we have historically derived, and expect to continue to derive, a significant portion of our revenues from sales to agencies of the U.S. federal government, either directly by us or through systems integrators and other resellers. In fiscal 2006 and 2007, we derived 38% and 32% of our revenues, respectively, from contracts with agencies of the U.S. federal government. Accordingly:


	•	changes in fiscal or contracting policies or decreases in available government funding;

	•	changes in government programs or applicable requirements;

	•	the adoption of new laws or regulations or changes to existing laws or regulations;

	•	changes in political or social attitudes with respect to security issues;

	•	potential delays or changes in the government appropriations process; and

	•	delays in the payment of our invoices by government payment offices,

could cause governments and governmental agencies to delay or refrain from purchasing the products and services that we offer in the future or otherwise have an adverse effect on our business, financial condition and results of operations.

Failure to comply with laws or regulations applicable to our business could cause us to lose U.S. government customers or our ability to contract with the U.S. government.

We must comply with laws and regulations relating to the formation, administration and performance of U.S. government contracts, which affect how we and our channel partners do business in connection with U.S. federal agencies. Such laws and regulations may impose added costs on our business and failure to comply with these or other applicable regulations and requirements, including non-compliance in the past, could lead to claims for damages from our channel partners, penalties, termination of contracts and suspension or debarment from government contracting for a period of time. Any such damages, penalties, disruption or limitation in our ability to do business with the U.S. federal government could have a material adverse effect on our business, operating results and financial condition.

Our government contracts may limit our ability to move development activities overseas, which may impair our ability to optimize our software development costs and compete for non-government contracts.

Increasingly, software development is being shifted to lower-cost countries, such as India. However, some contracts with U.S. government agencies require that at least 50% of the components of each of our products be of

U.S. origin. Consequently, our ability to optimize our software development by conducting it overseas may be hampered. Some of our competitors do not rely on contracts with the U.S. government to the same degree as we do and may develop software off-shore. If we are unable to develop software cost-effectively in comparison with our competitors, our ability to compete for our non-government customers may be reduced and our customer sales may decline, resulting in decreased revenues.

Real or perceived errors, failures or bugs in our products could adversely affect our operating results and growth prospects.

Because we offer very complex products, undetected errors, failures or bugs may occur, especially when products are first introduced or when new versions are released. Our products are often installed and used in large-scale computing environments with different operating systems, system management software and equipment and networking configurations, which may cause errors or failures in our products or may expose undetected errors, failures, or bugs in our products. Despite testing by us, errors, failures, or bugs may not be found in new products or releases until after commencement of commercial shipments. In the past, we have discovered software errors, failures, and bugs in certain of our product offerings after their introduction.

In addition, our products could be perceived to be ineffective for a variety of reasons outside of our control. Hackers could circumvent our customers’ security measures and customers may misuse our products resulting in a security breach or perceived product failure. We provide a top-level enterprise security and compliance management solution that integrates a wide variety of other elements in a customer’s IT and security infrastructure, and may receive blame for a security breach that was the result of the failure of one of the other elements.

Real or perceived errors, failures, or bugs in our products could result in negative publicity, loss of or delay in market acceptance of our products, loss of competitive position, or claims by customers for losses sustained by them. In such an event, we may be required, or may choose, for customer relations or other reasons, to expend additional resources in order to help correct the problem. Although we maintain product liability insurance, it may not be adequate. Further, although our license agreements with our end-user customers typically contain provisions to limit our exposure to liabilities arising from such claims, such provisions may not be enforceable in some circumstances or may not fully protect us against such claims and related liabilities and costs. Defending a lawsuit, regardless of its merit, could be costly and could limit the amount of time that management has available for day-to-day execution and strategic planning or other matters.

Many of our end-user customers use our products in applications that are critical to their businesses and may have a greater sensitivity to defects in our products than to defects in other, less critical, software products. In addition, if an actual or perceived breach of information integrity or availability occurs in one of our end-user customer’s systems, regardless of whether the breach is attributable to our products, the market perception of the effectiveness of our products could be harmed. Alleviating any of these problems could require significant expenditures of our capital and other resources and could cause interruptions, delays or cessation of our product licensing, which could cause us to lose existing or potential customers and could adversely affect our operating results and growth prospects.

In addition, because we are a leading provider of enterprise security products and services, “hackers” and others may try to access our data or compromise our systems. If we are the subject of a successful attack, then our reputation in the industry and with current and potential customers may be compromised and our sales and operating results could be adversely affected.

Incorrect or improper use of our complex products, our failure to properly train customers on how to utilize our products or our failure to properly provide consulting and implementation services could result in customer dissatisfaction and negatively affect our results of operations and growth prospects.

Our ESM, TRM and NCM products are complex and are deployed in a wide variety of network environments. The proper use of our products, particularly our ESM platform, requires training of the end user. If our software products are not used correctly or as intended, inadequate performance may result. For example, among other things, deployment of our ESM platform requires categorization of IT assets and assignment of business or criticality values for each, selection or configuration of one of our pre-packaged rule sets, user interfaces and network utilization parameters, and deployment of connectors for the various devices and applications from which

event data is to be collected. Our customers or our professional services personnel may incorrectly implement or use our products. Our products may also be intentionally misused or abused by customers or their employees or third parties who obtain access and use of our products. For example, a person obtaining inappropriate access to our TRM product could use it to shut down network resources or open breaches in network security. Because our customers rely on our product, services and maintenance offerings to manage a wide range of sensitive security, network and compliance functions, the incorrect or improper use of our products, our failure to properly train customers on how to efficiently and effectively use our products or our failure to properly provide consulting and implementation services and maintenance to our customers may result in negative publicity or legal claims against us.

In addition, if customer personnel are not well trained in the use of our products, customers may defer the deployment of our products and may not deploy them at all. If there is substantial turnover of the personnel responsible for implementation and use of our ESM products at a customer, our product may go unused and our ability to make additional sales may be substantially limited.

If we are unable to maintain effective relationships with our technology partners, we may not be able to support the interoperability of our software with a wide variety of security and other products and our business may be harmed.

A key feature of ArcSight ESM is that it provides out-of-the-box support for many third-party devices and applications that the customer may use in its business and technology infrastructure. To provide effective interoperability, we work with individual product vendors to develop our SmartConnectors, which allow our ESM platform to interface with these products. In addition, we are promoting the adoption of our Common Event Format as a standard way to format system log events. Some of these technology partners are also current or potential competitors of ours. To date, we have not experienced significant difficulty in enlisting the assistance of our competitors as technology partners, due in part to their desire to maintain good relationships with our mutual customers; however, if we are unable to develop and maintain effective relationships with a wide variety of technology partners, if companies adopt more restrictive policies with respect to, or impose unfavorable terms and conditions on, access to their products, or if our Common Event Format is not widely adopted, we may not be able to continue to provide our customers with a high degree of interoperability with their existing IT and business infrastructure, which could reduce our sales and adversely affect our business, operating results and financial condition.

Our international sales and operations subject us to additional risks that can adversely affect our operating results.

In fiscal 2006 and 2007, we derived 21% and 23% of our revenues, respectively, from customers outside the United States, and we are continuing to expand our international operations as part of our growth strategy. We currently have sales personnel and sales and support operations in Canada, Germany, Hong Kong, Japan, Singapore, South Korea and the United Kingdom and we are establishing sales and support operations in China. Our international operations subject us to a variety of risks, including:


	•	the difficulty of managing and staffing foreign offices;

	•	differing regulatory and legal requirements and employment schemes;

	•	longer payment cycles;

	•	difficulties in collecting accounts receivable, especially in emerging markets, and the likelihood that revenues from international resellers and customers may need to be recognized when cash is received, at least until satisfactory payment history has been established;

	•	increased travel, infrastructure and legal compliance costs associated with having multiple international operations;

	•	the need to localize our products and licensing programs for international customers;

	•	significant reliance on distribution partners who may not offer our products exclusively, and who may have more direct interaction and closer relationships with overseas customers and potential customers;


	•	enactment of additional regulations or restrictions on the use, import or export of encryption technologies and our appliance-based products, which could delay or prevent the sale or use of our products in certain jurisdictions;

	•	political and economic instability in some countries, including terrorism and wars;

	•	seasonal reductions in business activity during the summer months in Europe and certain other regions;

	•	tariffs and trade barriers and other regulatory limitations on our ability to sell or develop our products in certain foreign markets;

	•	reduced protection for intellectual property rights in some countries;

	•	overlapping of different tax regimes; and

	•	fluctuations in currency exchange rates.

Any of these risks could harm our international operations and reduce our international sales, adversely affecting our business, operating results and financial condition and growth prospects.

Our business in countries with a history of corruption and transactions with foreign governments increase the risks associated with our international activities.

As we operate and sell internationally, we are subject to the U.S. Foreign Corrupt Practices Act, or the FCPA, and other laws that prohibit improper payments or offers of payments to foreign governments and their officials and political parties by U.S. and other business entities for the purpose of obtaining or retaining business. We have operations, deal with and make sales to governmental customers in countries known to experience corruption, particularly certain emerging countries in East Asia, Eastern Europe and the Middle East, and further expansion of our international selling efforts may involve additional regions, including Africa and South America. Our activities in these countries create the risk of unauthorized payments or offers of payments by one of our employees, consultants, sales agents, or channel partners that could be in violation of various laws including the FCPA, even though these parties are not always subject to our control. We have implemented safeguards to discourage these practices by our employees, consultants, sales agents and channel partners. However, our existing safeguards and any future improvements may prove to be less than effective, and our employees, consultants, sales agents or channel partners may engage in conduct for which we might be held responsible. Violations of the FCPA may result in severe criminal or civil sanctions, including suspension or debarment from U.S. government contracting, and we may be subject to other liabilities, which could negatively affect our business, operating results and financial condition.

Failure to protect our intellectual property rights could adversely affect our business.

Our success depends, in part, on our ability to protect proprietary methods and technologies that we develop under patent and other intellectual property laws of the United States, so that we can prevent others from using our inventions and propriety information. If we fail to protect our intellectual property rights adequately, our competitors might gain access to our technology, and our business might be harmed. In addition, defending our intellectual property rights might entail significant expenses. Any of our patents, copyrights, trademarks or other intellectual property rights may be challenged by others or invalidated through administrative process or litigation. We have two issued patents in the United States, and have filed 30 patent applications, including three provisional applications, in the United States, and 11 pending patent applications in foreign countries based on two U.S. patent applications. Nevertheless, our issued patents may not provide us with any competitive advantages or may be challenged by third parties, and our patent applications may never issue at all. Additionally, the process of obtaining patent protection is expensive and time-consuming, and we may not be able to prosecute all necessary or desirable patent applications at a reasonable cost or in a timely manner. Even if issued, there can be no assurance that these patents will adequately protect our intellectual property, as the legal standards relating to the validity, enforceability and scope of protection of patent and other intellectual property rights are uncertain.

Any patents that are issued may subsequently be invalidated or otherwise limited, enabling other companies to better develop products that compete with ours, which could adversely affect our competitive business position, business prospects and financial condition. In addition, issuance of a patent does not guarantee that we have a right

to practice the patented invention. Patent applications in the U.S. are typically not published until 18 months after filing, or in some cases not at all, and publications of discoveries in industry-related literature lag behind actual discoveries. We cannot be certain that we were the first to make the inventions claimed in our issued patents or pending patent applications or otherwise used in our products, that we were the first to file for protection in our patent applications, or that third parties do not have blocking patents that could be used to prevent us from marketing or practicing our patented products or technology. Effective patent, trademark, copyright and trade secret protection may not be available to us in every country in which our products and services are available. The laws of some foreign countries may not be as protective of intellectual property rights as those in the United States, and mechanisms for enforcement of intellectual property rights may be inadequate. Accordingly, despite our efforts, we may be unable to prevent third parties from infringing upon or misappropriating our intellectual property.

We might be required to spend significant resources to monitor and protect our intellectual property rights. We may initiate claims or litigation against third parties for infringement of our proprietary rights or to establish the validity of our proprietary rights. Any litigation, whether or not it is resolved in our favor, could result in significant expense to us and divert the efforts of our technical and management personnel, which may adversely affect our business, operating results and financial condition.

Confidentiality agreements with employees and others may not adequately prevent disclosure of trade secrets and other proprietary information.

In order to protect our proprietary technology, processes and methods, we rely in part on confidentiality agreements with our corporate partners, employees, consultants, advisors and others. These agreements may not effectively prevent disclosure of confidential information and may not provide an adequate remedy in the event of unauthorized disclosure of confidential information. In addition, others may independently discover trade secrets and proprietary information, and in such cases we could not assert any trade secret rights against such party. Costly and time consuming litigation could be necessary to enforce and determine the scope of our proprietary rights, and failure to obtain or maintain trade secret protection could adversely affect our competitive business position.

We may in the future be subject to intellectual property rights claims, which are extremely costly to defend, could require us to pay significant damages and could limit our ability to use certain technologies.

Companies in the software, networking and technology industries, including some of our current and potential competitors, own large numbers of patents, copyrights, trademarks and trade secrets and frequently enter into litigation based on allegations of infringement or other violations of intellectual property rights. In addition, many of these companies have the capability to dedicate substantially greater resources to enforce their intellectual property rights and to defend claims that may be brought against them. The litigation may involve patent holding companies or other adverse patent owners who have no relevant product revenues and against whom our potential patents may provide little or no deterrence. We have received, and may in the future receive, notices that claim we have misappropriated or misused other parties’ intellectual property rights, and, to the extent we gain greater visibility, we face a higher risk of being the subject of intellectual property infringement claims, which is not uncommon with respect to software technologies in general and network security technology in particular. There may be third-party intellectual property rights, including issued or pending patents that cover significant aspects of our technologies or business methods. Any intellectual property claims, with or without merit, could be very time consuming, expensive to settle or litigate and could divert our management’s attention and other resources. These claims could also subject us to significant liability for damages, potentially including treble damages if we are found to have willfully infringed patents or copyrights. Such claims could also result in our having to stop using technology found to be in violation of a third party’s rights. We might be required to seek a license for the intellectual property, which may not be available on reasonable terms or at all. Even if a license is available, we could be required to pay significant royalties, which would increase our operating expenses. As a result, we may be required to develop alternative non-infringing technology, which could require significant effort and expense. If we cannot license or develop technology for any infringing aspect of our business, we would be forced to limit or stop sales of one or more of our products or product features and may be unable to compete effectively. Any of these results would harm our business, operating results and financial condition.

We rely on software licensed from other parties, the loss of which could increase our costs and delay software shipments.

We utilize various types of software licensed from unaffiliated third parties in order to provide certain other elements of our product offering. Any errors or defects in the third-party software that we use could result in errors that could harm our business. In addition, licensed software may not continue to be available on commercially reasonable terms, or at all. While we believe that there are currently adequate replacements for such third-party software, any loss of the right to use any of this software could result in delays in producing or delivering our software until equivalent technology is identified and integrated, which could harm our business. Our business would be disrupted if any of the software we license from others or functional equivalents of this software were either no longer available to us or no longer offered to us on commercially reasonable terms. In either case, we would be required to either redesign our products to function with software available from other parties or develop these components ourselves, which would result in increased costs and could result in delays in our product shipments and the release of new product offerings. Furthermore, we might be forced to limit the features available in our current or future products. If we fail to maintain or renegotiate any of these software licenses, we could face significant delays and diversion of resources in attempting to license and integrate a functional equivalent of the software.

Some of our products contain “open source” software, and any failure to comply with the terms of one or more of these open source licenses could negatively affect our business.

Certain of our products are distributed with software licensed by its authors or other third parties under “open source” licenses. Some of these licenses contain requirements that we make available source code for modifications or derivative works we create based upon the open source software, and that we license such modifications or derivative works under the terms of a particular open source license or other license granting third parties certain rights of further use. If we combine our proprietary software with open source software in a certain manner, we could, under certain of the open source licenses, be required to release the source code of our proprietary software. In addition to risks related to license requirements, usage of open source software can lead to greater risks than use of third party commercial software, as open source licensors generally do not provide warranties or controls on origin of the software. We have established processes to help alleviate these risks, including a review process for screening requests from our development organization for the use of open source and we plan to implement the use of software tools to review our source code for potential inclusion of open source, but we cannot be sure that all open source is submitted for approval prior to use in our products or that such software tools will be effective. In addition, open source license terms may be ambiguous and many of the risks associated with usage of open source cannot be eliminated, and could, if not properly addressed, negatively affect our business. If we were found to have inappropriately used open source software, we may be required to re-engineer our products, to release proprietary source code, to discontinue the sale of our products in the event re-engineering cannot be accomplished on a timely basis or take other remedial action that may divert resources away from our development efforts, any of which could adversely affect our business, operating results and financial condition.

Indemnity provisions in various agreements potentially expose us to substantial liability for intellectual property infringement and other losses.

Our agreements with customers and channel partners include indemnification provisions, whereby we agree to indemnify them for losses suffered or incurred as a result of claims of intellectual property infringement and, in some cases, for damages caused by us to property or persons. The term of these indemnity provisions is generally perpetual after execution of the corresponding product sale agreement. Large indemnity payments could harm our business, operating results and financial condition.

Changes or reforms in the law or regulatory landscape could diminish the demand for our solutions, and could have a negative impact on our business.

One factor that drives demand for our products and services is the legal and regulatory framework in which our customers operate. Laws and regulations are subject to drastic changes and these could either help or hurt the demand for our products. Thus, certain changes in the law and regulatory landscape, such as legislative reforms that limit corporate compliance obligations, could significantly harm our business.

If we are unable to attract and retain personnel, our business would be harmed.

We depend on the continued contributions of our senior management and other key personnel, the loss of whom could harm our business. All of our executive officers and key employees are at-will employees, which means they may terminate their employment relationship with us at any time. None of our California-based employees is bound by a contractual non-competition agreement, which could make us vulnerable to recruitment efforts by our competitors. Outside of California, while some employees and contractors are bound by non-competition agreements, we may experience difficulty in enforcing these agreements. We do not maintain a key-person life insurance policy on any of our officers or other employees.

Our future success also depends on our ability to identify, attract and retain highly skilled technical, managerial, finance and other personnel, particularly in our sales and marketing, research and development and professional service departments. We face intense competition for qualified individuals from numerous security, software and other technology companies. In addition, competition for qualified personnel is particularly intense in the San Francisco Bay Area, where our headquarters are located. Often, significant amounts of time and resources are required to train technical, sales and other personnel. Qualified individuals are in high demand. We may incur significant costs to attract and retain them, and we may lose new employees to our competitors or other technology companies before we realize the benefit of our investment in recruiting and training them. We may be unable to attract and retain suitably qualified individuals who are capable of meeting our growing technical, operational and managerial requirements, on a timely basis or at all, and we may be required to pay increased compensation in order to do so. If we are unable to attract and retain the qualified personnel we need to succeed, our business would suffer. The time and expense of identifying, hiring and training our employees may limit our ability to grow by limiting the number of trained sales, customer support and research and development staff who are able effectively to contribute to our business operations.

Volatility or lack of performance in our stock price may also affect our ability to attract and retain our key employees. Many of our senior management personnel and other key employees have become, or will soon become, vested in a substantial amount of stock or stock options. Employees may be more likely to leave us if the shares they own or the shares underlying their vested options have significantly appreciated in value relative to the original purchase prices of the shares or the exercise prices of the options, or if the exercise prices of the options that they hold are significantly above the market price of our common stock. If we are unable to retain our employees, our business, operating results and financial condition would be harmed.

If we fail to manage future growth effectively, our business would be harmed.

We operate in an emerging market and have experienced, and may continue to experience, significant expansion of our operations. In particular, we grew from 204 employees at April 30, 2006 to 287 employees at April 30, 2007. This growth has placed, and will continue to place, a strain on our employees, management systems and other resources. We anticipate that further expansion will be required. Continued growth could strain our ability to:


	•	develop and improve our operational, financial and management capabilities, including our reporting systems, procedures and controls;

	•	recruit, train and retain highly skilled personnel;

	•	maintain our quality standards; and

	•	develop customer relationships and maintain end-user satisfaction.

Managing our growth will require significant expenditures and allocation of valuable management resources. If we fail to achieve the necessary level of efficiency in our organization as it grows, our business, operating results and financial condition would be harmed.

Future acquisitions could disrupt our business and harm our financial condition and results of operations.

We completed the acquisition of substantially all of the assets of Enira Technologies, LLC in June 2006, and may pursue additional acquisitions in the future, any of which could be material to our business, operating results

and financial condition. Our ability as an organization to successfully acquire and integrate technologies or businesses on a larger scale is unproven. Acquisitions involve many risks, including the following:


	•	an acquisition may negatively impact our results of operations because it may require us to incur charges and substantial debt or liabilities, may cause adverse tax consequences, substantial depreciation or deferred compensation charges, or may result in acquired in-process research and development expenses or in the future may require the amortization, write down or impairment of amounts related to deferred compensation, goodwill and other intangible assets;

	•	we may encounter difficulties or unforeseen expenditures in integrating the business, technologies, products, personnel or operations of companies that we acquire, particularly if key personnel of the acquired company decide not to work for us;

	•	acquisitions may not enhance our results of operations in the near-term;

	•	an acquisition may disrupt our ongoing business, divert resources, increase our expenses and distract our management;

	•	an acquisition may result in a delay or reduction of customer purchases for both us and the company acquired due to customer uncertainty about continuity and effectiveness of service from either company;

	•	we may be required to incur costs to implement or improve internal controls, procedures and policies appropriate for a public company at a business that prior to the acquisition lacked such controls, procedures and policies;

	•	the acquired businesses, products or technologies may not generate sufficient financial return to offset acquisition costs;

	•	we may have to incur indebtedness or issue equity securities to complete an acquisition, which would dilute our stockholders’ ownership and could adversely affect the market price of our common stock;

	•	we may acquire a competitor of one of our strategic partners, and any perceived or actual conflict with one of these partners could adversely affect our relationship with that partner and harm our business; and

	•	acquisitions may involve the entry into geographic or business markets in which we have little or no prior experience.

Establishing, maintaining and improving our financial controls and the requirements of being a public company may strain our resources and divert management’s attention, and if we fail to establish and maintain proper internal controls, our ability to produce accurate financial statements or comply with applicable regulations could be impaired.

As a public company, we will be subject to the reporting requirements of the Securities Exchange Act of 1934, or the Exchange Act, the Sarbanes-Oxley Act of 2002, or the Sarbanes-Oxley Act, and the rules and regulations of The NASDAQ Stock Market. The requirements of these rules and regulations will increase our legal, accounting and financial compliance costs, will make some activities more difficult, time-consuming and costly and may also place undue strain on our personnel, systems and resources.

The Sarbanes-Oxley Act requires, among other things, that we maintain effective disclosure controls and procedures and internal control over financial reporting. Given our history of material weaknesses, achieving and maintaining effective controls may be particularly challenging for us. See “—A material weakness in our internal control over financial reporting was identified during the audit of our most recent financial statements that, if not remediated, could affect our ability to prepare timely and accurate financial reports, which could cause investors to lose confidence in our reported financial information and have a negative effect on the trading price of our stock.”

While we are in the process of remediating the material weakness identified during the audit of our fiscal 2007 financial statements, we cannot estimate how long it will take to reach a determination that our internal control over financial reporting is effective. Further, we are in the early stages of developing our disclosure controls and procedures – the controls and other procedures that are designed to ensure that information required to be disclosed by us in the reports that we file with the SEC is recorded, processed, summarized and reported, within the time

periods specified in SEC’s rules and forms. Even if we develop effective controls, these new controls and our currently effective controls may become inadequate because of changes in conditions, and the degree of compliance with the policies or procedures may deteriorate. Further, additional weaknesses in our internal controls may be discovered in the future. Any failure to develop or maintain effective controls, or any difficulties encountered in their implementation or improvement, could harm our operating results or cause us to fail to meet our reporting obligations and may result in a restatement of our prior period financial statements. Any failure to implement and maintain effective internal controls also could adversely affect the results of periodic management evaluations and annual auditor attestation reports regarding the effectiveness of our internal control over financial reporting that we will be required to include in our periodic reports filed with the SEC, beginning for our fiscal year ending April 30, 2009 under Section 404 of the Sarbanes-Oxley Act. Ineffective disclosure controls and procedures and internal control over financial reporting could also cause investors to lose confidence in our reported financial and other information, which would likely have a negative effect on the trading price of our common stock.

In order to maintain and improve the effectiveness of our disclosure controls and procedures and internal control over financial reporting, we will need to expend significant resources and provide significant management oversight. We have a substantial effort ahead of us to implement appropriate processes, document our system of internal control over relevant processes, assess their design, remediate any deficiencies identified and test their operation. As a result, management’s attention may be diverted from other business concerns, which could harm our business, operating results and financial condition. These efforts will also involve substantial accounting-related costs. In addition, if we are unable to continue to meet these requirements, we may not be able to remain listed on The NASDAQ Global Market.

Implementing any appropriate changes to our internal controls may require specific compliance training of our directors, officers and employees, entail substantial costs in order to modify our existing accounting systems, and take a significant period of time to complete. Such changes may not, however, be effective in maintaining the adequacy of our internal controls, and any failure to maintain that adequacy, or consequent inability to produce accurate financial statements on a timely basis, could increase our operating costs and could materially impair our ability to operate our business. In the event that we are not able to demonstrate compliance with Section 404 of the Sarbanes-Oxley Act in a timely manner, that our internal controls are perceived as inadequate or that we are unable to produce timely or accurate financial statements, investors may lose confidence in our operating results and our stock price could decline.

We also have not yet implemented a complete disaster recovery plan or business continuity plan for our accounting and related information technology systems. Any disaster could therefore materially impair our ability to maintain timely accounting and reporting.

The Sarbanes-Oxley Act and the rules and regulations of The NASDAQ Stock Market will make it more difficult and more expensive for us to maintain directors’ and officers’ liability insurance, and we may be required to accept reduced coverage or incur substantially higher costs to maintain or increase coverage. If we are unable to maintain adequate directors’ and officers’ insurance, our ability to recruit and retain qualified directors, especially those directors who may be considered independent for purposes of The NASDAQ Stock Market rules, and officers may be curtailed.

A material weakness in our internal control over financial reporting was identified during the audit of our most recent annual financial statements that, if not remediated, could affect our ability to prepare timely and accurate financial reports, which could cause investors to lose confidence in our reported financial information and have a negative effect on the trading price of our stock.

Effective internal control over financial reporting is necessary for us to provide reliable financial reports, to effectively prevent fraud and to operate successfully as a public company. If we cannot provide reliable financial reports or prevent fraud, our operating results may be misstated and our reputation may be harmed.

During the audit of our financial statements for the fiscal years ended April 30, 2004, 2005, 2006 and 2007, “material weaknesses” in our internal control over financial reporting were identified, and, in the future, we may identify additional material weaknesses or other areas of our internal control over financial reporting that need improvement. The material weakness identified in connection with the preparation of our financial statements for

the fiscal year ended April 30, 2007 relates to internal review, primarily due to failure of the review process of accounting computations and reconciliations prepared by third-parties as part of the preparation of our fiscal 2007 financial statements. This weakness led to four adjustments to our financial statements. The largest such adjustment resulted from a failure to detect an overstatement of stock-based compensation expense of $0.3 million under SFAS 123R in calculations prepared by a third-party service provider.

We are in the process of remediating the material weakness identified during the audit of our fiscal 2007 financial statements, but have not yet been able to complete our remediation efforts. See “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Internal Control Over Financial Reporting.” It will take additional time to design, implement and test the controls and procedures required to enable our management to conclude that our disclosure controls and our internal control over financial reporting are effective. We cannot at this time estimate how long it will take to complete our remediation efforts. In addition, we cannot assure you that additional material weaknesses in our internal control over financial reporting will not be identified in the future. Any failure to remediate the material weakness that has been identified or to implement and maintain effective disclosure controls and internal control over financial reporting could cause us to fail to meet our reporting obligations or result in material misstatements in our financial statements.

We may not be able to secure additional financing on favorable terms, or at all, to meet our future capital needs.

In the future, we may require additional capital to respond to business opportunities, challenges, acquisitions or unforeseen circumstances and may determine to engage in equity or debt financings or enter into credit facilities for other reasons. We may not be able to timely secure additional debt or equity financing on favorable terms, or at all. Any debt financing obtained by us in the future could involve restrictive covenants relating to our capital raising activities and other financial and operational matters, which may make it more difficult for us to obtain additional capital and to pursue business opportunities, including potential acquisitions. If we raise additional funds through further issuances of equity, convertible debt securities or other securities convertible into equity, our existing stockholders could suffer significant dilution in their percentage ownership of our company, and any new equity securities we issue could have rights, preferences and privileges senior to those of holders of our common stock, including shares of common stock sold in this offering. If we are unable to obtain adequate financing or financing on terms satisfactory to us, when we require it, our ability to continue to grow or support our business and to respond to business challenges could be significantly limited.

We may not be able to utilize a significant portion of our net operating loss carry-forwards, which could adversely affect our operating results.

We have generated a significant amount of net operating loss carry-forwards due to prior period losses, which expire beginning in fiscal 2013 and fiscal 2021 for state and federal net operating loss carry-forwards, respectively. U.S. federal and state income tax laws limit the amount of these carry-forwards we can utilize upon a greater than 50% cumulative shift of stock ownership over a three-year period, including such shifts due to the issuance of additional shares of our common stock, or securities convertible into our common stock. We have previously experienced a greater than 50% shift in our stock ownership, which has limited our ability to use a portion of our net operating loss carry-forwards, and we may experience subsequent such shifts in our stock ownership. Accordingly, there is a risk that our ability to use our existing carry-forwards in the future could be further limited and unavailable to offset future income tax liabilities, which would adversely affect our operating results.

Governmental export or import controls could subject us to liability or limit our ability to compete in foreign markets.

Our products incorporate encryption technology and may be exported outside the U.S. only if we obtain an export license or qualify for an export license exception. While we believe we currently meet applicable regulatory requirements regarding the export of our products, continued compliance with export regulations with respect to new releases of our products may create delays in the introduction of our products in international markets, prevent our customers with international operations from deploying our products throughout their global systems or, in some cases, prevent the export of our products to certain countries altogether. In addition, various countries regulate the import of our appliance-based products and have enacted laws that could limit our ability to distribute products

or could limit our customers’ ability to implement our products in those countries. Any new export or import restrictions, new legislation or shifting approaches in the enforcement or scope of existing regulations, or in the countries, persons or technologies targeted by such regulations, could result in decreased use of our products by existing customers with international operations, declining adoption of our products by new customers with international operations and decreased revenues. If we fail to comply with export and import regulations, we may be denied export privileges, be subjected to fines or other penalties and our products may be denied entry into other countries.

Risks Related to this Offering and Ownership of Our Common Stock

There has been no prior market for our common stock, our stock price may be volatile or may decline regardless of our operating performance, and you may not be able to resell your shares at or above the initial public offering price.

There has been no public market for our common stock prior to this offering. The initial public offering price for our common stock will be determined through negotiations between the underwriters and us and may vary from the market price of our common stock following this offering. If you purchase shares of our common stock in this offering, you may not be able to resell those shares at or above the initial public offering price. An active or liquid market in our common stock may not develop upon completion of this offering or, if it does develop, it may not be sustainable. The trading prices of the securities of technology companies have been highly volatile. The market price of our common stock may fluctuate significantly in response to numerous factors, many of which are beyond our control, including:


	•	price and volume fluctuations in the overall stock market;

	•	changes in operating performance and stock market valuations of other technology companies generally, or those in our industry in particular;

	•	actual or anticipated fluctuations in our operating results;

	•	the financial projections we may provide to the public, any changes in these projections or our failure to meet these projections;

	•	changes in financial estimates by any securities analysts who follow our company, our failure to meet these estimates or failure of those analysts to initiate or maintain coverage of our stock;

	•	ratings changes by any securities analysts who follow our company;

	•	announcements by us or our competitors of significant technical innovations, acquisitions, strategic partnerships, joint ventures or capital commitments;

	•	the public’s response to our press releases or other public announcements, including our filings with the SEC;

	•	market conditions or trends in our industry or the economy as a whole;

	•	the loss of key personnel;

	•	lawsuits threatened or filed against us;

	•	future sales of our common stock by our directors, executive officers and significant stockholders; and

	•	other events or factors, including those resulting from war, incidents of terrorism or responses to these events.

In addition, the stock markets, and in particular The NASDAQ Global Market on which our common stock will be listed, have experienced extreme price and volume fluctuations that have affected and continue to affect the market prices of equity securities of many technology companies. Stock prices of many technology companies have fluctuated in a manner unrelated or disproportionate to the operating performance of those companies. In the past, stockholders have instituted securities class action litigation following periods of market volatility. If we were to

become involved in securities litigation, it could subject us to substantial costs, divert resources and the attention of management from our business and adversely affect our business, operating results and financial condition.

A significant portion of our total outstanding shares may be sold into the market in the near future. If there are substantial sales of shares of our common stock, the price of our common stock could decline.

The price of our common stock could decline if there are substantial sales of our common stock or if there is a large number of shares of our common stock available for sale. After this offering, we will have outstanding 98,430,496 shares of our common stock based on the number of shares outstanding as of April 30, 2007. This includes the shares that we and the selling stockholders are selling in this offering, which may be resold in the public market immediately. The remaining shares, or % of our outstanding shares after this offering, are currently restricted as a result of market standoff and/or lock-up agreements but will be able to be sold in the near future as set forth below.


Date Available for Sale		Number of Shares and
into Public Market		% of Total Outstanding

Immediately after the date of this prospectus		No shares, or 0%
181 days after the date of this prospectus		shares, or %, of which , or %, shares will be subject to limitations under Rules 144 and 701

After this offering, the holders of an aggregate of 49,174,139 shares of our common stock and shares subject to warrants to purchase our common stock outstanding as of April 30, 2007 will have rights, subject to some conditions, to require us to file registration statements covering their shares or to include their shares in registration statements that we may file for ourselves or our stockholders. All of these shares are subject to market standoff and/or lock-up agreements restricting their sale for 180 days after the date of this prospectus. We also intend to register shares of common stock that we have issued and may issue under our employee equity incentive plans. Once we register these shares, they will be able to be sold freely in the public market upon issuance, subject to existing market standoff and/or lock-up agreements. Morgan Stanley & Co. Incorporated may, in its sole discretion, permit our officers, directors, employees and current stockholders who are subject to the 180-day contractual lock-up to sell shares prior to the expiration of the lock-up agreements. The 180-day lock-up period is subject to extension in some circumstances.

The market price of the shares of our common stock could decline as a result of sales of a substantial number of our shares in the public market or the perception in the market that the holders of a large number of shares intend to sell their shares.

We have broad discretion in the use of the net proceeds from this offering and may not use them effectively.

We cannot specify with any certainty the particular uses of the net proceeds that we will receive from this offering. Our management will have broad discretion in the application of the net proceeds, including working capital, possible acquisitions and other general corporate purposes, and we may spend or invest these proceeds in a way with which our stockholders disagree. The failure by our management to apply these funds effectively could harm our business and financial condition. Pending their use, we may invest the net proceeds from this offering in a manner that does not produce income or that loses value. These investments may not yield a favorable return to our investors.

If securities or industry analysts do not publish research or publish inaccurate or unfavorable research about our business, our stock price and trading volume could decline.

The trading market for our common stock will depend in part on the research and reports that securities or industry analysts publish about us or our business. We currently do not have and may never obtain research coverage by securities analysts, and industry analysts that currently cover us may cease to do so. If no securities analysts commence coverage of our company, or if industry analysts cease coverage of our company, the trading price for our stock would be negatively impacted. In the event we obtain securities analyst coverage, if one or more of the analysts who cover us downgrade our stock or publish inaccurate or unfavorable research about our business, our stock price would likely decline. If one or more of these analysts cease coverage of our company or fail to publish

reports on us regularly, demand for our stock could decrease, which might cause our stock price and trading volume to decline.

Our directors, executive officers and principal stockholders will continue to have substantial control over us after this offering and could delay or prevent a change in corporate control.

After this offering, our directors, executive officers and holders of more than 5% of our common stock, together with their affiliates, will beneficially own, in the aggregate, % of our outstanding common stock. As a result, these stockholders, acting together, would have the ability to control the outcome of matters submitted to our stockholders for approval, including the election of directors and any merger, consolidation or sale of all or substantially all of our assets. In addition, these stockholders, acting together, would have the ability to control the management and affairs of our company. Accordingly, this concentration of ownership might harm the market price of our common stock by:


	•	delaying, deferring or preventing a change in control of us;

	•	impeding a merger, consolidation, takeover or other business combination involving us; or

	•	discouraging a potential acquirer from making a tender offer or otherwise attempting to obtain control of us.

Delaware law and provisions in our amended and restated certificate of incorporation and bylaws could make a merger, tender offer or proxy contest difficult, therefore depressing the trading price of our common stock.

We are a Delaware corporation and the anti-takeover provisions of the Delaware General Corporation Law may discourage, delay or prevent a change in control by prohibiting us from engaging in a business combination with an interested stockholder for a period of three years after the person becomes an interested stockholder, even if a change of control would be beneficial to our existing stockholders. In addition, our restated certificate of incorporation and restated bylaws that will become effective immediately following the completion of this offering will contain provisions that may make the acquisition of our company more difficult without the approval of our board of directors, including the following:


	•	our board of directors will be classified into three classes of directors with staggered three-year terms;

	•	only our chairman of the board, our lead independent director, if any, our chief executive officer, our president or a majority of our board of directors will be authorized to call a special meeting of stockholders;

	•	our stockholders will only be able take action only at a meeting of stockholders and not by written consent;

	•	vacancies on our board of directors will be able to be filled only by our board of directors and not by stockholders;

	•	directors may be removed from office only for cause;

	•	our restated certificate of incorporation will authorize undesignated preferred stock, the terms of which may be established, and shares of which may be issued, without stockholder approval; and

	•	advance notice procedures will apply for stockholders to nominate candidates for election as directors or to bring matters before an annual meeting of stockholders.

For information regarding these and other provisions, see “Description of Capital Stock.”

SPECIAL NOTE REGARDING FORWARD-LOOKING STATEMENTS AND INDUSTRY DATA

This prospectus includes forward-looking statements. All statements contained in this prospectus other than statements of historical fact, including statements regarding our future results of operations and financial position, our business strategy and plans and our objectives for future operations, are forward-looking statements. The words “believe,” “may,” “will,” “estimate,” “continue,” “anticipate,” “intend” and “expect” and similar expressions are intended to identify forward-looking statements. We have based these forward-looking statements largely on our current expectations and projections about future events and financial trends that we believe may affect our financial condition, results of operations, business strategy, short-term and long-term business operations and objectives, and financial needs. These forward-looking statements are subject to a number of risks, uncertainties and assumptions, including those described in “Risk Factors.” In light of these risks, uncertainties and assumptions, the future events and trends discussed in this prospectus may not occur and actual results could differ materially and adversely from those anticipated or implied in the forward-looking statements.

Although we believe that the expectations reflected in the forward-looking statements are reasonable, we cannot guarantee future results, levels of activity, performance or achievements. We are under no duty to update any of these forward-looking statements after the date of this prospectus or to conform these statements to actual results or revised expectations.

This prospectus also contains estimates and other information concerning our industry, including market size and growth rates of the markets in which we participate, that are based on industry publications, surveys and forecasts generated by International Data Corporation and TheInfoPro (TIP). The industry in which we operate is subject to a high degree of uncertainty and risk due to a variety of factors including those described in “Risk Factors.” These and other factors could cause results to differ materially from those expressed in these publications, surveys and forecasts.

USE OF PROCEEDS

We estimate that our net proceeds from the sale of the common stock that we are offering will be approximately $ million, assuming an initial public offering price of $ per share (the midpoint of the range listed on the cover page of this prospectus), after deducting estimated underwriting discounts and commissions and estimated offering expenses payable by us. A $1.00 increase (decrease) in the assumed initial public offering price of $ per share would increase (decrease) the net proceeds to us from this offering by $ million, assuming the number of shares offered by us, as set forth on the cover page of this prospectus, remains the same, after deducting estimated underwriting discounts and commissions and estimated offering expenses payable by us. We will not receive any proceeds from the sale of shares of common stock by the selling stockholders.

The principal purposes of this offering are to create a public market for our common stock, obtain additional capital, facilitate our future access to the public equity markets, increase awareness of our company among potential customers and improve our competitive position. We intend to use the net proceeds to us from this offering for working capital and other general corporate purposes. Additionally, we may choose to expand our current business through acquisitions of or investments in other complementary businesses, products or technologies, using cash or shares of our common stock. However, we have no negotiations, agreements or commitments with respect to any such acquisitions or investments at this time.

Pending use of proceeds from this offering, we intend to invest the proceeds in a variety of short-term, interest-bearing, investment grade securities. Our management will have broad discretion in the application of the net proceeds from this offering to us, and investors will be relying on the judgment of our management regarding the application of the proceeds.

DIVIDEND POLICY

We have never declared or paid cash dividends on our capital stock. We currently intend to retain any future earnings and do not expect to declare or pay any dividends in the foreseeable future. Any further determination to pay dividends on our capital stock will be at the discretion of our board of directors and will depend on our financial condition, results of operations, capital requirements and other factors that our board of directors considers relevant.

CAPITALIZATION

The following table sets forth our cash and cash equivalents and capitalization as of April 30, 2007, as follows:


	•	On an actual basis;

	•	On a pro forma basis to give effect to the automatic conversion of all outstanding shares of our convertible preferred stock into common stock upon the closing of this offering; and

	•	On a pro forma as adjusted basis to give effect to (1) the issuance and sale by us of shares of common stock in this offering, and the receipt of the net proceeds from our sale of these shares at an assumed initial public offering price of $ per share (the midpoint of the range listed on the cover page of this prospectus), after deducting estimated underwriting discounts and commissions and estimated offering expenses payable by us, (2) the automatic conversion of all outstanding shares of our convertible preferred stock into common stock upon the closing of this offering, and (3) the amendment and restatement of our certificate of incorporation immediately following the completion of this offering.

You should read this table in conjunction with the sections titled “Selected Consolidated Financial Data” and “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and our consolidated financial statements and related notes included elsewhere in this prospectus.


	As of April 30, 2007
							Pro Forma
	Actual			Pro Forma			As Adjusted(1)
	(in thousands, except share and per share data)
				(unaudited)			(unaudited)

Cash and cash equivalents	$	16,917		$	16,917		$

Stockholders’ equity:
Convertible preferred stock, par value $0.00001, 86,407,009 authorized and 52,130,024 shares issued and outstanding (actual); shares authorized, no shares issued or outstanding, pro forma and pro forma as adjusted
Series A: 14,727,649 shares designated; 14,727,649 shares issued and outstanding; $14,439 liquidation preference, actual; no shares issued or outstanding, pro forma and pro forma as adjusted	$	14,439		$	—		$	—
Series B: 33,679,360 shares designated; 29,664,461 shares issued and outstanding; $9,504 liquidation preference, actual; no shares issued or outstanding, pro forma and pro forma as adjusted		9,185			—			—
Series C: 8,000,000 shares designated; 7,737,914 shares issued and outstanding; $2,975 liquidation preference, actual; no shares issued or outstanding, pro forma and pro forma as adjusted		3,134			—			—
Common stock, par value $0.00001, 130,000,000 shares authorized, 42,480,304 shares issued and outstanding (actual); shares authorized, 98,430,496 shares issued and outstanding, pro forma; and shares issued and outstanding, pro forma as adjusted		—			1
Additional paid-in capital		23,479			50,236
Deferred stock-based compensation		(554	)		(554	)		(554	)
Accumulated other comprehensive income		13			13			13
Accumulated deficit		(44,566	)		(44,566	)		(44,566	)

Total stockholders’ equity		5,130			5,130

Total capitalization	$	5,130		$	5,130		$

(footnote appears on following page)


(1)		A $1.00 increase (decrease) in the assumed public offering price of $ per share would increase (decrease) each of cash and cash equivalents, additional paid-in capital, total stockholders’ equity and total capitalization by $ million, assuming that the number of shares offered by us, as set forth on the cover page of this prospectus, remains the same, and after deducting estimated underwriting discounts and commissions and estimated offering expenses payable by us. The pro forma information discussed above is illustrative only and following closing of this offering will be adjusted based on the actual public offering price and other terms of this offering determined at pricing.

The table above excludes the following shares:


	•	23,091,296 shares of common stock issuable upon the exercise of options outstanding as of April 30, 2007, at a weighted-average exercise price of approximately $0.99 per share;

	•	2,431,938 shares of common stock issuable upon the exercise of options granted after April 30, 2007, at a weighted-average exercise price of $2.50 per share;

	•	76,820 shares of common stock issuable upon exercise of warrants outstanding as of April 30, 2007, including a warrant to purchase 25,185 shares of common stock and warrants to purchase an aggregate of 51,635 shares of convertible preferred stock that will convert into warrants to purchase the same number of shares of common stock upon completion of this offering, at a weighted-average exercise price of approximately $0.0003 per share;

	•	shares of common stock reserved for future issuance under our 2007 Equity Incentive Plan, which will become effective on the first day that our common stock is publicly traded and contains provisions that will automatically increase its share reserve each year, as more fully described in “Management—Employee Benefit Plans”; and

	•	shares of common stock reserved for future issuance under our 2007 Employee Stock Purchase Plan, which will become effective on the first day that our common stock is publicly traded and contains provisions that will automatically increase its share reserve each year, as more fully described in “Management—Employee Benefit Plans.”

DILUTION

If you invest in our common stock, your interest will be diluted to the extent of the difference between the initial public offering price per share of our common stock and the pro forma as adjusted net tangible book value per share of our common stock immediately after this offering.

Our pro forma net tangible book value as of April 30, 2007 was $ million, or $ per share of common stock. Our pro forma net tangible book value per share represents the amount of our total tangible assets reduced by the amount of our total liabilities and divided by the total number of shares of our common stock outstanding as of April 30, 2007, after giving effect to the automatic conversion of all outstanding shares of our convertible preferred stock into common stock upon the closing of this offering.

After giving effect to our sale in this offering of shares of common stock at an assumed initial public offering price of $ per share (the midpoint of the range set forth on the cover page of this prospectus), after deducting estimated underwriting discounts and commissions and estimated offering expenses payable by us, our pro forma net tangible book value as of April 30, 2007 would have been approximately $ million, or $ per share of common stock. This represents an immediate increase in pro forma net tangible book value of $ per share to our existing stockholders and an immediate dilution of $ per share to investors purchasing shares in this offering. The following table illustrates this per share dilution:


Assumed initial offering price per share		$
Pro forma net tangible book value per share as of April 30, 2007	$
Increase in pro forma net tangible book value per share attributable to investors purchasing shares in this offering

Pro forma as adjusted net tangible book value per share after this offering

Dilution in pro forma net tangible book value per share to investors in this offering		$

If the underwriters exercise their over-allotment option in full, the pro forma net tangible book value per share after giving effect to this offering would be approximately $ per share, and the dilution in pro forma net tangible book value per share to investors in this offering would be approximately $ per share.

The following table summarizes, as of April 30, 2007, the differences between the number of shares of common stock purchased from us, after giving effect to the conversion of our convertible preferred stock into common stock, the total cash consideration paid and the average price per share paid by our existing stockholders and by our new investors purchasing shares in this offering at the assumed initial public offering price of $ per share (the midpoint of the range set forth on the cover page of this prospectus), before deducting estimated underwriting discounts and commissions and estimated offering expenses payable by us:


	Shares Purchased				Total Consideration				Average
	Number	Percent			Amount	Percent			Price Per Share

Existing stockholders				%	$			%	$
New investors

Totals	$		100	%	$		100	%

A $1.00 increase (decrease) in the assumed public offering price of $ per share would increase (decrease) total consideration paid by new investors by $ million, assuming that the number of shares offered by us, as set forth on the cover page of this prospectus, remains the same, and after deducting estimated underwriting discounts and commissions and estimated offering expenses payable by us.

If the underwriters exercise their over-allotment option in full, our existing stockholders would own % and our new investors would own % of the total number of shares of our common stock outstanding after this offering.

Sales of shares of common stock by the selling stockholders in this offering will reduce the number of shares of common stock held by existing stockholders to , or approximately % of the total shares of common

stock outstanding after this offering, and will increase the number of shares held by new investors to , or approximately % of the total shares of common stock outstanding after this offering.

The table and discussion above exclude the following shares:


	•	23,091,296 shares of common stock issuable upon the exercise of options outstanding as of April 30, 2007, at a weighted-average exercise price of approximately $0.99 per share;

	•	2,431,938 shares of common stock issuable upon the exercise of options granted after April 30, 2007, at a weighted-average exercise price of $2.50 per share;

	•	76,820 shares of common stock issuable upon exercise of warrants outstanding as of April 30, 2007, including a warrant to purchase 25,185 shares of common stock and warrants to purchase an aggregate of 51,635 shares of convertible preferred stock that will convert into warrants to purchase the same number of shares of common stock upon completion of this offering, at a weighted-average exercise price of approximately $0.0003 per share;

	•	shares of common stock reserved for future issuance under our 2007 Equity Incentive Plan, which will become effective on the first day that our common stock is publicly traded and contains provisions that will automatically increase its share reserve each year, as more fully described in “Management—Employee Benefit Plans”; and

	•	shares of common stock reserved for future issuance under our 2007 Employee Stock Purchase Plan, which will become effective on the first day that our common stock is publicly traded and contains provisions that will automatically increase its share reserve each year, as more fully described in “Management—Employee Benefit Plans.”

To the extent outstanding options or warrants are exercised, there will be further dilution to new investors.

SELECTED CONSOLIDATED FINANCIAL DATA

The following selected consolidated financial data should be read in conjunction with “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and our consolidated financial statements and related notes included elsewhere in this prospectus. Following the completion of our fiscal year ended December 31, 2002, we changed our fiscal year end to April 30. As a result of the change, the first full fiscal year in which we sold our products and services was the fiscal year ended April 30, 2004. The consolidated statement of operations data for the fiscal years ended April 30, 2005, 2006 and 2007, and the balance sheet data as of April 30, 2006 and 2007, are derived from our audited consolidated financial statements appearing elsewhere in this prospectus. The consolidated statement of operations data for the fiscal year ended December 31, 2002, the four months ended April 30, 2003 and the fiscal year ended April 30, 2004, and the balance sheet data as of April 30, 2003, 2004 and 2005, are derived from our audited consolidated financial statements not included in this prospectus. Our historical results are not necessarily indicative of the results to be expected for any future period.


	Fiscal Year Ended December 31,			Four-Months Ended April 30,			Fiscal Year Ended April 30,
Consolidated Statement of Operations Data:	2002			2003			2004			2005			2006			2007
	(in thousands, except per share data)
Revenues:
Products	$	152		$	511		$	12,442		$	22,357		$	22,859		$	43,989
Maintenance and services		43			101			2,857			10,465			16,576			25,844

Total revenues		195			612			15,299			32,822			39,435			69,833
Cost of revenues:
Products		64			41			526			1,084			1,769			2,569
Maintenance and services(1)		—			11			772			3,410			5,027			7,019

Total cost of revenues		64			52			1,298			4,494			6,796			9,588

Gross profit		131			560			14,001			28,328			32,639			60,245
Operating expenses(1):
Research and development		3,221			1,034			4,068			7,583			12,154			14,535
Sales and marketing		2,736			1,382			8,041			14,647			24,309			36,587
General and administrative		2,845			818			3,480			8,725			12,978			9,453

Total operating expenses		8,802			3,234			15,589			30,955			49,441			60,575

Loss from operations		(8,671	)		(2,674	)		(1,588	)		(2,627	)		(16,802	)		(330	)
Other income (expense), net		56			19			106			(49	)		219			462

Income (loss) before provision for income taxes		(8,615	)		(2,655	)		(1,482	)		(2,676	)		(16,583	)		132
Provision for income taxes		—			—			23			137			163			389

Net loss	$	(8,615	)	$	(2,655	)	$	(1,505	)	$	(2,813	)	$	(16,746	)	$	(257	)

Net loss per common share, basic and diluted	$	(0.51	)	$	(0.14	)	$	(0.07	)	$	(0.11	)	$	(0.56	)	$	(0.01	)

Shares used in computing basic and diluted net loss per common share		16,805			19,442			21,488			24,647			29,874			40,169


(1) Stock-based compensation is included above as follows:

Cost of maintenance and services revenues	$	—		$	—		$	1		$	7		$	10		$	17
Research and development		—			—			143			1,642			1,950			501
Sales and marketing		—			—			14			746			210			661
General and administrative		—			—			424			4,838			5,948			350

Total stock-based compensation expense	$	—		$	—		$	582		$	7,233		$	8,118		$	1,529

elements. Fiscal 2007 revenues included a substantial portion of the revenues so deferred from fiscal 2006, as well as a small amount of revenues similarly deferred from prior years. See “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Sources of Revenues, Cost of Revenues and Operating Expenses” for additional details, including the net amounts involved. We do not expect revenues in future periods to be favorably impacted to the same extent by similar transactions consummated in fiscal 2007 and prior periods.


	As of April 30,
	2003		2004		2005		2006		2007
	(in thousands)

Consolidated Balance Sheet Data:
Cash and cash equivalents	$	6,036	$	7,976	$	13,493	$	16,443	$	16,917
Working capital (deficit)		3,762		4,990		11,756		5,377		(3,192	)
Total assets		8,521		13,162		26,541		32,926		48,990
Current and long-term debt		—		—		—		—		—
Convertible preferred stock		25,602		26,362		26,928		26,758		26,758
Common stock and additional paid-in capital		2,548		2,950		11,301		19,383		23,479
Total stockholders’ equity	$	4,556	$	4,460	$	9,713	$	1,433	$	5,130

MANAGEMENT’S DISCUSSION AND ANALYSIS
OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS

You should read the following discussion and analysis in conjunction with the information set forth under “Selected Financial Data” and our financial statements and related notes included elsewhere in this prospectus. The statements in this discussion regarding our expectations of our future performance, liquidity and capital resources, and other non-historical statements in this discussion, are forward-looking statements. These forward-looking statements are subject to numerous risks and uncertainties, including, but not limited to, the risks and uncertainties described under “Risk Factors” and elsewhere in the prospectus. Our actual results may differ materially from those contained in or implied by any forward-looking statements.

Overview

We are a leading provider of security and compliance management software solutions that intelligently mitigate business risk for enterprises and government agencies. Much like a “mission control center,” our ESM platform delivers a centralized, real-time view of disparate digital alarms, alerts and status messages, which we refer to as events, across geographically dispersed and heterogeneous business and technology infrastructures. Our software correlates massive numbers of events from thousands of security point solutions, network and computing devices and applications, enabling intelligent identification, prioritization and response to external threats, insider threats and compliance and corporate policy violations. We also provide complementary software that delivers pre-packaged analytics and reports tailored to specific security and compliance initiatives, as well as appliances that streamline threat response, event log archiving and network configuration.

We were founded in May 2000 and first sold our initial ESM product in June 2002. Our revenues have grown from $32.8 million in the fiscal year ended April 30, 2005 to $69.8 million in the fiscal year ended April 30, 2007.

We achieved positive cash flows from operations in the fiscal years 2004 through 2007. We initially funded our operations primarily through equity financings of convertible preferred stock that raised a total of $26.8 million. As of April 30, 2007, we had cash and cash equivalents and accounts receivable of $32.5 million, and an aggregate of $13.9 million in accounts payable and accrued liabilities. In June 2006, we acquired substantially all of the assets of Enira Technologies, LLC, primarily consisting of the predecessors to our TRM and NCM products, for cash and stock consideration with an aggregate value of $8.7 million, including acquisition costs of $0.2 million.

Important Factors Affecting Our Operating Results and Financial Condition

We believe that the market for our products is in the early stages of development. We have identified factors that we expect to play an important role in our future growth and profitability. These factors are:

Sales of ESM Platform and Appliance Products to New Customers. The market for security and compliance management software solutions is rapidly expanding, with new purchases often driven by corporate compliance initiatives. We typically engage in a proof of concept with our customers to demonstrate the capabilities of our ESM platform in their specific environment. A new sale usually involves the sale of licenses for one or more ESM Managers, a bundle of connectors, depending on the number and type of devices the customer intends to manage with ArcSight ESM, licenses for our console and web interfaces, installation services, training and an initial maintenance arrangement. In many cases, customers will also purchase one of our complementary software modules which enable them to implement specific sets of off-the-shelf rules for our event correlation engine that address specific security and compliance issues and business risks. In addition, customers may purchase our TRM, Logger and NCM appliances to address their threat response, log archiving and network configuration needs. Our growth depends on our ability to sell our products to new customers.

Continued Sales to Our Installed Base. Many customers make an initial purchase from us and then decide whether to use our products with respect to a larger portion of their business and technology infrastructure or buy additional complementary products from us. As such, a key component of our growth will be our ability to successfully maintain and further develop the relationships with our existing customers.

Development and Introduction of New Products. We believe that it is important that we continue to develop or acquire new products and services that will help us capitalize on opportunities in the security and compliance

management market. Examples of new product introductions to date include our TRM, Logger and NCM appliances and our ArcSight Insider Threat Package and ArcSight Compliance Insight Package for PCI products in fiscal 2007, as well as enhancements to our ESM platform such as the May 2007 introduction of features such as identity correlation and role-based management.

Development of an Expanded Channel Network for Our Products. We currently sell our products primarily through our direct sales force, although we do sell to government purchasers and internationally through resellers and system integrators. We believe further development of our sales channel will assist us in penetrating the mid-market, particularly as we expand our appliance-based offerings. In addition, it is likely that new appliance-based products that we develop will be sold more effectively through resellers and, if we are successful in introducing these new products, we will become more dependent on the development of an effective channel network. Further, motivating our channel partners to promote our products will be a key factor in the success of this strategy.

Sources of Revenues, Cost of Revenues and Operating Expenses

Our sales transactions typically include the following elements: a software license fee paid for the use of our products in perpetuity or, in limited circumstances, for a specified term; an arrangement for first-year support and maintenance, which includes unspecified software updates and upgrades; and professional services for installation, implementation and training. We derive the majority of our revenues from sales of software products. We introduced complementary appliance products in fiscal 2007, and they have not contributed a significant portion of our revenues to date. We sell our products and services primarily through our direct sales force. Additionally, we utilize resellers and systems integrators, particularly in sales to government agencies and international customers.

We recognize revenues pursuant to American Institute of Certified Public Accountants Statement of Position, or SOP, No. 97-2, Software Revenue Recognition, as amended by SOP No. 98-9, Software Revenue Recognition with Respect to Certain Arrangements, or collectively, SOP 97-2, which, if revenues are to be recognized upon product delivery, requires among other things vendor-specific objective evidence of fair value, or VSOE, for each undelivered element of multiple element customer contracts.

Fiscal 2007 revenues included revenues related to sales transactions consummated in prior fiscal years for which revenue recognition was deferred as a result of undelivered product elements for which we did not have VSOE. In fiscal 2007, we either delivered such product elements, or we and our customers amended the contractual terms of these sales transactions to remove the undelivered product elements, resulting in recognition of revenues in fiscal 2007. Similarly, but to a lesser extent, revenues related to sales transactions consummated in fiscal 2007 were deferred and will be recognized in future years. The net impact of these transactions was to reduce revenues in fiscal 2006 by $6.3 million and increase fiscal 2007 revenues by $1.8 million, causing our fiscal 2006-2007 revenue growth rate to appear greater than it otherwise would. As of April 30, 2007, deferred revenues included $5.4 million related to transactions such as these.

Product Revenues

Product revenues consists of licenses for our software products and, beginning in fiscal 2007, also includes revenues for sales of our TRM, Logger and NCM appliance products. License fees are based on a number of factors, including the type and number of devices that our customer intends to monitor using our software as well as the number of users and locations. In addition to our core solution, some of our customers purchase additional licenses for optional extension modules that provide enhanced discovery and analytics capabilities. Sales of our appliance products consist of sale of the appliance hardware and an associated perpetual license to the embedded software. We first introduced our TRM and NCM appliance products in June 2006 and our Logger appliance product in December 2006, and these products have not represented a significant portion of our total revenues through April 30, 2007. Appliance fees are based on the number of appliances purchased and, in some cases, on the number of network devices with which our customer intends to use the appliances. We generally recognize product revenues at the time of product delivery, provided all other revenue recognition criteria have been met. We recognize revenues associated with products sold through distribution partners on a sell-through basis once either we or our distribution partner has a contractual agreement in place with the end user, the products have been delivered to the end user, collectibility is probable and all other revenue recognition criteria have been met.

Historically, we have engaged in long sales cycles with our customers, typically three to six months and up to over a year for certain sales, and many customers make their purchase decisions in the last few weeks of a fiscal quarter, following procurement trends in the industry. Further, average deal size can vary considerably depending on our customers’ configuration requirements, implementation plan and budget availability. As a result, it is difficult to predict timing or size of product sales on a quarterly basis. In addition, we may fail to forecast sufficient production of our appliance products due to our limited experience with them, or we may be unable to physically deliver appliances within the quarter, depending on the proximity of the order to the end of the quarter. These situations may lead to delay of revenues until we can deliver products. The loss or delay of one or more large sales transactions in a quarter could impact our operating results for that quarter and any future quarters into which revenues from that transaction is delayed.

As of April 30, 2007, deferred product revenues were $10.3 million. Included in deferred product revenues as of April 30, 2007 are $4.9 million related to multiple element arrangements where one or more product elements for which we did not have VSOE remained undelivered. The remainder of deferred product revenues primarily relates to $3.0 million of product revenues to be recognized ratably over the term of the maintenance arrangements and $1.8 million related to prepayments in advance of delivery. We expect $8.1 million of deferred product revenues to be recognized in the next 12 months.

Maintenance and Services Revenues

Maintenance includes rights to unspecified software product updates and upgrades, maintenance releases and patches released during the term of the support period and internet and telephone access to maintenance personnel and content. Maintenance revenues are generated both from maintenance that we agree to provide in connection with initial sales of software and hardware products and from maintenance renewals. We generally sell maintenance on an annual basis. We offer two levels of maintenance – standard and, for customers that require 24-hour coverage seven days a week, premium. In most cases, we provide maintenance for sales made through channel partners. In addition, we sell an enhanced maintenance offering that provides frequent security content updates for our software. Maintenance fees are deferred at the time the maintenance agreement is initiated and recognized ratably over the term of the maintenance agreement. As our customer base expands, we expect maintenance revenues to continue to grow. For the fiscal years ended April 30, 2005, 2006 and 2007, the maintenance renewal rate was 93%, 94% and 96%, respectively.

Services revenues are generated from sales of services to our customers, including installation and implementation of our software, consulting and training. Professional services are not essential to the functionality of the associated software products. We generally sell our services on a time-and-materials basis and recognize revenues as the services are performed.

As of April 30, 2007, deferred maintenance and services revenues were $19.3 million, of which $16.7 million are expected to be recognized in the next 12 months. Deferred maintenance revenues are related to advanced payments for support contracts that are recognized ratably, and deferred services revenues relate to customer payments in advance of services being performed.

Cost of Revenues

Cost of revenues for our software products consists of third-party royalties and license fees for licensed technology incorporated into our software product offerings. Cost of revenues for appliance products consists of the hardware costs of the appliances and, for certain appliance products, third-party royalties for licensed technology. Sales of our appliance products are generally at a lower margin than sales of our software products.

Cost of maintenance and services revenues consists primarily of salaries and benefits related to maintenance and professional services personnel; travel and other out-of-pocket expenses; facilities and other related overhead; and cost of services provided by subcontractors for professional services. Gross margins for maintenance are higher than for professional services.

We intend to increase sales to the mid-market, a goal that we believe will be aided by our recent introduction of our appliance products. We expect an increasing percentage of our mid-market sales to be made through our distribution channel than has been the case to date. We also expect a high percentage of our international sales to

continue to be made through our distribution channel. Sales through the channel tend to be at a lower margin than direct sales. As a result, we may report lower margins in future periods than has been the case for prior periods.

Operating Expenses

Research and Development. Research and development expenses consist primarily of salaries and benefits of personnel engaged in the development of new products; the enhancement of existing products; quality assurance activities; and facilities and other related overhead. We expense all of our research and development costs as they are incurred. We expect research and development expenses to increase in absolute dollars for the foreseeable future as we continue to invest in the development of our products.

Sales and Marketing. Sales and marketing expenses consist primarily of salaries, commissions and benefits related to sales and marketing personnel and consultants; travel and other out-of-pocket expenses; expenses for marketing programs, such as for trade shows and our annual users conference, marketing materials and corporate communications; and facilities and other related overhead. Commissions on sales of software products and initial maintenance are typically earned and expensed when revenue recognition for the respective revenue elements commences and for services when the customer is invoiced. In fiscal 2008, we will also pay commissions for channel sales to our direct sales force, as well as our channel sales force, to minimize channel conflicts as we develop our channel network. We intend to hire additional sales personnel, initiate additional marketing programs and build additional relationships with resellers, systems integrators and strategic partners on a global basis. Accordingly, we expect that our sales and marketing expenses will continue to increase for the foreseeable future in absolute dollars.

General and Administrative. General and administrative expenses consist primarily of salaries and benefits related to general and administrative personnel and consultants; accounting and legal professional fees; and facilities and other related overhead. We expect that in the future, general and administrative expenses will increase in absolute dollars as we add personnel and incur additional professional fees and insurance costs related to the growth of our business and additional legal, accounting and other expenses in connection with our reporting and compliance obligations as a public company.

Other Income (Expense), Net. Other income (expense), net consists of interest earned on our cash investments and foreign currency-related gains and losses. Our interest income will vary each reporting period depending on our average cash balances during the period and the current level of interest rates. Similarly, our foreign currency-related gains and losses will also vary depending upon movements in underlying exchange rates.

Income Tax Provision. Income tax provision consists of tax expense related to current period earnings, while income tax benefit consists of a recoupment of historical tax expenses due to losses in the then current reporting period. We have previously experienced a greater than 50% shift in our stock ownership, which creates annual limitations on our ability to use a portion of our net operating loss carry-forwards. As a result, our income tax provision and our resulting effective tax rate may be greater than if our net operating loss carry-forwards were available without limitation. In addition, our net operating loss carry-forwards may expire before we fully utilize them.

Internal Control Over Financial Reporting

We have a history of “material weaknesses” in our internal control over financial reporting as defined by the standards established by the Public Company Accounting Oversight Board. A material weakness is a deficiency or combination of deficiencies in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the annual or interim financial statements will not be prevented or detected on a timely basis. During the audit of our financial statements for the fiscal years ended April 30, 2004, 2005, 2006 and 2007, material weaknesses in our internal control over financial reporting were identified.

Specifically, in fiscal 2006 we did not have adequate controls to provide reasonable assurance that revenues were being recorded in accordance with generally accepted accounting principles. The inadequate internal control over financial reporting resulted in the premature recognition of revenues from sales transactions that included undelivered product elements for which we did not have VSOE. As a result of this error, an adjustment was recorded to our financial statements to defer, until later periods, revenues previously recorded. As discussed above in “—Sources of Revenues, Cost of Revenues and Operating Expenses,” we either delivered the applicable product

elements, or we and our customers amended the contractual terms of these sales transactions to remove the undelivered product elements, resulting in recognition of the associated revenues in fiscal 2007, and to a lesser extent in future fiscal years. We determined as of April 30, 2007 that we no longer have material weaknesses in the areas identified as material weaknesses in connection with the preparation of our fiscal 2004, 2005 and 2006 financial statements.

The material weakness identified during the audit of our fiscal 2007 financial statements relates to internal review, primarily due to failure of the review process of accounting computations and reconciliations prepared by third parties as part of the preparation of our fiscal 2007 financial statements. This weakness led to four adjustments to our financial statements. The largest such adjustment resulted from a failure to detect an overstatement of stock-based compensation expense of $0.3 million under SFAS No. 123(R), Share-Based Payment, or SFAS 123R, in calculations prepared by a third-party service provider.

We are in the process of remediating the material weakness identified in connection with the preparation of our fiscal 2007 financial statements but have not yet been able to complete our remediation efforts. For example, we recently hired three senior management personnel in our finance and accounting function. It will take additional time to design, implement and test the controls and procedures required to enable our management to conclude that our disclosure controls and our internal control over financial reporting are effective. We cannot at this time estimate how long it will take to complete our remediation efforts. In addition, we cannot assure you that additional material weaknesses in our internal control over financial reporting will not be identified in the future. Any failure to remediate the material weakness that has been identified or to implement and maintain effective disclosure controls and internal control over financial reporting could cause us to fail to meet our reporting obligations or result in material misstatements in our financial statements.

Critical Accounting Policies, Significant Judgments and Estimates

Our consolidated financial statements have been prepared in accordance with accounting principles generally accepted in the United States, which requires us to make estimates and judgments that affect the reported amounts of assets and liabilities and disclosure of contingent assets and liabilities at the date of the financial statements as well as the reported amounts of revenues and expenses during the reporting period. We base our estimates and judgments on our historical experience, knowledge of current conditions and our beliefs regarding likely occurrences in the future, given available information. Estimates are used for, but are not limited to, revenue recognition, determination of fair value of stock awards, valuation of goodwill and intangible assets acquired in business combinations, impairment of goodwill and other intangible assets, amortization of intangible assets, contingencies and litigation, allowances for doubtful accounts, and accrued liabilities. Actual results may differ from those estimates, and such differences may be material to our financial statements. Further, if we applied different factors, or changed the method in which we applied the various factors that are used, in making our critical estimates and judgments, our reported operating results and financial condition could be materially affected.

Revenue Recognition

We recognize revenues in accordance with SOP 97-2. As such, we exercise judgment and use estimates in connection with the determination of the amount of product and maintenance and services revenues to be recognized in each accounting period.

We derive revenues primarily from two sources: (i) sales of our software and hardware products, and (ii) fees for maintenance and services, including professional services for product installation and training and maintenance to provide unspecified upgrades and customer technical support. Our appliance products contain software which is more than incidental to the functionality of the product. In accordance with SOP 97-2, we recognize revenues when the following conditions have been met:


	•	persuasive evidence of an arrangement exists;

	•	the fee is fixed or determinable;

	•	delivery has occurred or services have been rendered; and

	•	collection is considered probable.

Signed contracts and binding purchase orders, depending on the nature of the transaction, are used as evidence of an arrangement. We assess whether the fee is fixed or determinable based on the payment terms associated with the transaction and whether the sales price is subject to refund or forfeiture, concession or other adjustment. We do not generally grant rights of return or price protection to our distribution partners or end users, other than limited rights of return during the warranty period in some cases. We use shipping documents, contractual terms and conditions and customer acceptance, when applicable, to verify product delivery to the customer. For perpetual software license fees in arrangements that do not include customization, or services that are not considered essential to the functionality of the licenses, delivery is deemed to occur when the product is delivered to the customer. Services and consulting arrangements that are not essential to the functionality of the licensed product are recognized as revenues as these services are provided. Delivery of maintenance is considered to occur on a straight-line basis over the life of the contract. We consider probability of collection based on a number of factors, such as creditworthiness of the customer as determined by credit checks and analysis, past transaction history, the geographic location and financial viability. We do not request, nor do we require, collateral from customers. If we determine that collectibility is not reasonably assured, we defer the revenues until collectibility becomes reasonably assured, generally upon receipt of cash.

Our sales of software products to date have typically been multiple element arrangements, which have included software licenses and corresponding maintenance, and have also generally included some amount of professional services. Our sales of appliance products to date have been multiple element arrangements as well, which included hardware, software licenses and corresponding maintenance, and have also generally included some amount of professional services. We allocate the total arrangement fee among these multiple elements based upon their respective fair values as determined by VSOE or, if applicable, by the residual method under SOP 97-2. VSOE is established for maintenance and support services based on maintenance renewals to other customers or upon renewal rates quoted in contracts when the quoted renewal rates are deemed substantive. VSOE for professional services is established based on prices charged to customers when such services are sold separately. If we cannot objectively determine the fair value of any undelivered element in a multiple element arrangement, we defer revenues for each element until all elements have been delivered, or until VSOE can objectively be determined for any remaining undelivered element. If VSOE for maintenance and services does not exist, and these are the only undelivered elements, then revenues for the entire arrangement are recognized ratably over the longest performance period commencing with delivery of both elements. When VSOE of a delivered element has not been determined, but the fair value for all undelivered elements has, we use the residual method to record revenues for the delivered element. Under the residual method, the fair value of the undelivered elements is deferred and the remaining portion of the arrangement fee is allocated to the delivered element and recognized immediately as revenues.

Our agreements generally do not include acceptance provisions. However, if acceptance provisions exist, we deem delivery to have occurred upon customer acceptance.

We recognize revenues associated with products and professional services sold through our channel partners once either we or our channel partner has a contractual agreement in place with the end user, delivery has occurred to the end user and all other revenue recognition criteria have been met.

We assess whether fees are collectible and fixed or determinable at the time of the sale, and recognize revenues if all other revenue recognition criteria have been met. Our standard payment terms are net 30 days and are considered normal up to net three months, while payment terms beyond three months are considered to be extended terms. Payments that are due within three months are generally deemed to be fixed or determinable based on our successful collection history on such agreements.

Stock-Based Compensation

The following table summarizes by grant date the number of shares of our common stock subject to options granted in fiscal 2006 and 2007 and the associated per share exercise price. We have determined that the exercise price equaled the fair value of our common stock for each of these grants.


			Per Share Exercise
	Number		Price and
	of Shares		Fair Value of
Grant Date	Granted		Common Stock

May 26, 2005		4,030,000	$	1.00
June 15, 2005		122,500		1.00
July 12, 2005		269,000		1.00
August 11, 2005		227,500		1.00
August 22, 2005		430,000		1.00
September 15, 2005		1,039,000		1.00
October 28, 2005		490,000		1.00
March 8, 2006		1,849,750		1.52
June 5, 2006		1,517,750		1.52
June 19, 2006		419,094		1.52
December 14, 2006		1,437,800		1.70
January 24, 2007		4,647,753		1.70
April 19, 2007		811,000		2.33

Prior to May 1, 2006, we accounted for our stock-based awards to employees using the intrinsic value method prescribed in Accounting Principles Board Opinion No. 25, Accounting for Stock Issued to Employees, or APB 25 and related interpretations. Under the intrinsic value method, compensation expense is measured on the date of the grant as the difference between the fair value of our common stock and the exercise or purchase price multiplied by the number of stock options or restricted stock awards granted. We recorded deferred stock-based compensation of $1.1 million related to employee stock options granted in fiscal 2005, because the fair value of our common stock determined in connection with preparation of our financial statements exceeded the fair value of our common stock as had been determined by our board of directors at the time of grant. We had no deferred stock-based compensation for fiscal 2006. We amortize deferred stock-based compensation using the multiple option method as prescribed by FASB Interpretation No. 28, Accounting for Stock Appreciation Rights and Other Variable Stock Option or Award Plans, or FIN 28, over the option vesting period using an accelerated amortization schedule. We expensed employee stock-based compensation of $0.3 million, $0.6 million and $0.3 million in fiscal 2005, 2006 and 2007, respectively.

Effective May 1, 2006, we adopted SFAS 123R which requires companies to expense the fair value of employee stock options and other forms of stock-based compensation. SFAS 123R requires nonpublic companies that used the minimum value method under SFAS No. 123, Accounting for Stock-Based Compensation, or SFAS 123, for either recognition or pro forma disclosures to apply SFAS 123R using the prospective-transition method. As such, we will continue to apply APB 25 in future periods to unvested equity awards outstanding at the date of adoption of SFAS 123R that were measured using the minimum value method. In addition, we are continuing to amortize those awards granted prior to May 1, 2006 utilizing an accelerated amortization schedule. In accordance with SFAS 123R, we will recognize the compensation cost of employee stock-based awards granted subsequent to April 30, 2006 in the statement of operations using the straight line method over the vesting period of the award.

To determine the fair value of stock options granted we have elected to use the Black-Scholes option pricing model, which requires, among other inputs, an estimate of the fair value of the underlying common stock on the date of grant and assumptions as to volatility of our stock over the expected term of the related options, the expected term of the options, the risk-free interest rate and the option forfeiture rate. As there has been no public market for our common stock prior to this offering, we have determined the volatility for options granted in fiscal 2007 based on an analysis of reported data for a peer group of companies that issued options with substantially similar terms. The

expected volatility of options granted has been determined using weighted average measures of the implied volatility and the historical volatility for this peer group of companies for a period equal to the expected life of the option. The expected volatility for options granted during the fiscal year ended April 30, 2007 was 66%. The expected life of options has been determined considering the expected life of options granted by a group of peer companies and the average vesting and contractual terms of options granted to our employees. The expected life of options granted during the fiscal year ended April 30, 2007 was 5.25 years. For the fiscal year ended April 30, 2007, the weighted-average risk free interest rate used was 5.00%. The risk-free interest rate is based on a zero coupon United States treasury instrument whose term is consistent with the expected life of the stock options. We have not paid and do not anticipate paying cash dividends on our shares of common stock; therefore, the expected dividend yield is assumed to be zero. In addition, SFAS 123R requires companies to utilize an estimated forfeiture rate when calculating the expense for the period, whereas SFAS 123 permitted companies to record forfeitures based on actual forfeitures, which was our historical policy under SFAS 123. As a result, we applied an estimated annual forfeiture rate of 5% in the fiscal year ended April 30, 2007 in determining the expense recorded in our consolidated statement of operations.

For the fiscal year ended April 30, 2007, we recorded expense of $0.9 million in connection with stock-based awards accounted for under SFAS 123R. Unrecognized stock-based compensation expense of non-vested stock options of $7.4 million is expected to be recognized using the straight line method over the next four years. We expect stock-based compensation expenses to increase in absolute dollars as a result of the adoption of SFAS 123R. The actual amount of stock-based compensation expense we record in any fiscal period will depend on a number of factors, including the number of stock options issued and the volatility of our stock price over time. In future periods, stock-based compensation expense may increase as we issue additional equity-based awards to continue to attract and retain key employees. Additionally, SFAS 123R requires that we recognize compensation expense only for the portion of stock options that are expected to vest. If the actual number of forfeitures differs from that estimated by management, we will be required to record adjustments to stock-based compensation expense in future periods.

Given the absence of an active market for our common stock, our board of directors, the members of which we believe had extensive business, finance or venture capital experience, was required to estimate the fair value of our common stock for purposes of determining exercise prices for the options it granted. Prior to February 1, 2006, our board of directors determined the estimated fair value of our common stock, based in part on an analysis of relevant metrics, including the following:


	•	the prices for our convertible preferred stock sold to outside investors in arms-length transactions;

	•	the rights, preference and privileges of that convertible preferred stock relative to those of our common stock;

	•	our operating and financial performance;

	•	the hiring of key personnel;

	•	the introduction of new products;

	•	our stage of development and revenue growth;

	•	the fact that the options grants involved illiquid securities in a private company;

	•	the risks inherent in the development and expansion of our products and services; and

	•	the likelihood of achieving a liquidity event, such as an initial public offering or sale of the company, for the shares of common stock underlying the options given prevailing market conditions.

Commencing on February 1, 2006, a third party valuation specialist performed a contemporaneous valuation of our common stock for income tax considerations, which was considered as a factor by our board of directors when it determined the fair market value of our common stock when making new grants. The valuation specialist issued reports as of February 1, 2006, November 1, 2006, March 15, 2007 and June 1, 2007 valuing our common stock at $1.50 - $1.55, $1.70, $2.33 and $2.50 per share, respectively.

We also have incurred stock-based compensation expenses related to stock options that were exercised with the proceeds from loans that we made to the employee option holders. Our forgiveness of a portion of one of these

employee loans in May 2002 resulted in a requirement to use variable accounting for all other options exercised with outstanding employee loans. As the value of our stock increased in the fiscal years ended April 30, 2005 and 2006, the impact of the variable accounting treatment resulted in stock-based compensation expense. The stock-based compensation expenses resulting from the variable accounting were $7.0 million and $7.5 million in fiscal 2005 and 2006, respectively. The last of these employee loans was repaid in January 2006, which ended the related stock-based compensation expenses. Subsequent to the fiscal year ended April 30, 2007, options to purchase 2,431,938 shares with an exercise price of $2.50 have been granted to employees.

Assuming the sale of shares contemplated by this offering is consummated at $ per share, which is the midpoint of the range set forth on the cover page of this prospectus, the aggregate intrinsic value of vested and unvested options to purchase shares of our common stock outstanding as of April 30, 2007 would be $ million and $ million respectively.

Business Combinations

We account for business combinations in accordance with SFAS No. 141, Business Combinations, or SFAS 141, which requires the purchase method of accounting for business combinations. In accordance with SFAS 141, we determine the recognition of intangible assets based on the following criteria: (i) the intangible asset arises from contractual or other rights; or (ii) the intangible asset is separable or divisible from the acquired entity and capable of being sold, transferred, licensed, returned or exchanged. In accordance with SFAS 141, we allocate the purchase price of our business combinations to the tangible assets, liabilities and intangible assets acquired based on their estimated fair values. We record the excess of the purchase price over those fair values as goodwill.

We must make valuation assumptions that require significant estimates, especially with respect to intangible assets. Critical estimates in valuing certain intangible assets include, but are not limited to, future expected cash flows from customer contracts, customer lists, distribution agreements and discount rates. We estimate fair value based upon assumptions we believe to be reasonable, but which are inherently uncertain and unpredictable and, as a result, actual results may differ from our estimates.

Goodwill and Intangible Assets

In accordance with SFAS No. 142, Goodwill and Other Intangible Assets, or SFAS 142, we do not amortize goodwill or other intangible assets with indefinite lives but rather test them for impairment. SFAS 142 requires us to perform an impairment review of our goodwill balance at least annually and also whenever events or changes in circumstances indicate that the carrying amount of these assets may not be recoverable. The allocation of the acquisition cost to intangible assets and goodwill requires the extensive use of estimates and assumptions, including estimates of future cash flows expected to be generated by the acquired assets and amortization of intangible assets, other than goodwill. Further, when impairment indicators are identified with respect to previously recorded intangible assets, the values of the assets are determined using discounted future cash flow techniques. Significant management judgment is required in the forecasting of future operating results that are used in the preparation of the projected discounted cash flows and should different conditions prevail, material write-downs of net intangible assets could occur. We review periodically the estimated remaining useful lives of our acquired intangible assets. A reduction in our estimate of remaining useful lives, if any, could result in increased amortization expense in future periods. Future goodwill impairment tests could result in a charge to earnings.

Allowance for Doubtful Accounts

We maintain an allowance for doubtful accounts based on a periodic review of customer accounts, payment patterns and specific collection issues. Where account-specific collection issues are identified, we record a specific allowance based on the amount that we believe will be uncollected. For accounts where specific collection issues are not identified, we record a reserve based on the age of the receivables. As of April 30, 2007, accounts receivable from one customer represented 12% of net accounts receivable, which receivable was fully paid subsequent to the end of fiscal 2007.

Accounting for Income Taxes

As part of the process of preparing our consolidated financial statements we are required to estimate our taxes in each of the jurisdictions in which we operate. We estimate actual current tax exposure together with assessing temporary differences between our financial reporting and our tax filings resulting from differing treatment of items, such as accruals and allowances not currently deductible for tax purposes. These differences result in deferred tax assets and liabilities. In general, deferred tax assets represent future tax benefits to be received when certain expenses previously recognized in our consolidated statements of operations become deductible expenses under applicable income tax laws or loss or credit carry-forwards are utilized. Accordingly, realization of our deferred tax assets is dependent on future taxable income against which these deductions, losses and credits can be utilized. We must assess the likelihood that our deferred tax assets will be recovered from future taxable income, and to the extent we believe that recovery is not likely, we must establish a valuation allowance.

Management judgment is required in determining our provision for income taxes, our deferred tax assets and liabilities and any valuation allowance recorded against our net deferred tax assets. We recorded a full valuation allowance as of April 30, 2007, because, based on the available evidence, we believed at that time it was more likely than not that we would not be able to utilize all of our deferred tax assets in the future. We intend to maintain the full valuation allowances until sufficient evidence exists to support the reversal of all or some portion of these allowances. Should the actual amounts differ from our estimates, the amount of our valuation allowance could be materially impacted.

We have previously experienced a greater than 50% shift in our stock ownership, which creates annual limitations on our ability to use a portion of our net operating loss carry-forwards.

Results of Operations

The following table presents selected items in our consolidated statements of operations in dollars and the percentage change in those items for the periods indicated:


	Fiscal Year Ended April 30,									% Change Increase (Decrease)
	2005			2006			2007			2005 - 2006			2006 - 2007
	(in thousands, except for percentages)

Revenues:
Products	$	22,357		$	22,859		$	43,989			2.2	%		92.4	%
Maintenance and services		10,465			16,576			25,844			58.4			55.9

Total revenues		32,822			39,435			69,833			20.1			77.1

Cost of revenues:
Products		1,084			1,769			2,569			63.2			45.2
Maintenance and services(1)		3,410			5,027			7,019			47.4			39.6

Total cost of revenues		4,494			6,796			9,588			51.2			41.1

Gross profit		28,328			32,639			60,245			15.2			84.6
Operating expenses(1):
Research and development		7,583			12,154			14,535			60.3			19.6
Sales and marketing		14,647			24,309			36,587			66.0			50.5
General and administrative		8,725			12,978			9,453			48.7			(27.2	)

Total operating expenses		30,955			49,441			60,575			59.7			22.5

Loss from operations		(2,627	)		(16,802	)		(330	)		*			*
Other income (expense), net		(49	)		219			462			*			111.0

Income (loss) before provision for income taxes		(2,676	)		(16,583	)		132			*			*
Provision for income taxes		137			163			389			19.0			138.7

Net loss	$	(2,813	)	$	(16,746	)	$	(257	)		*			*

* Percentage change information is not meaningful.

(footnote appears on following page)


	Fiscal Year Ended April 30,						% Change Increase (Decrease)
	2005		2006		2007		2005 - 2006			2006 - 2007
	(in thousands, except for percentages)

(1) Stock-based compensation is included above as follows:
Cost of maintenance and services revenues	$	7	$	10	$	17		42.9	%		70.0	%
Research and development		1,642		1,950		501		18.8			(74.3	)
Sales and marketing		746		210		661		(71.8	)		214.8
General and administrative		4,838		5,948		350		22.9			(94.1	)

Total stock-based compensation expense	$	7,233	$	8,118	$	1,529		12.2	%		(81.2	)%

The table below presents selected items in our consolidated statements of operations as a percentage of total revenues for the periods indicated:


	Fiscal Year Ended April 30,
	2005			2006			2007
	%			%			%

Revenues:
Products		68.1			58.0			63.0
Maintenance and services		31.9			42.0			37.0

Total revenues		100.0			100.0			100.0
Cost of revenues:
Products		3.3			4.5			3.7
Maintenance and services		10.4			12.7			10.0

Total cost of revenues		13.7			17.2			13.7

Gross margin		86.3			82.8			86.3
Operating expenses:
Research and development		23.1			30.8			20.8
Sales and marketing		44.6			61.7			52.4
General and administrative		26.6			32.9			13.6

Total operating expenses		94.3			125.4			86.8

Loss from operations		(8.0	)		(42.6	)		(0.5	)

Comparison of Fiscal Year 2007 and Fiscal Year 2006

Revenues

Product Revenues. Product revenues in fiscal 2007 included revenues of $25.5 million from sales to 120 new customers and revenues of $18.5 million from sales to existing customers. New customer revenues in fiscal 2007 increased by $11.5 million from new customer revenues in fiscal 2006. Existing customer revenues in fiscal 2007 increased by $9.6 million compared to existing customer revenues in fiscal 2006. As a result of the timing of revenue recognition for sales transactions that included an undelivered product element for which we did not have VSOE, there was a net deferral of $6.0 million of product revenues in fiscal 2006 and a net recognition of $1.7 million of product revenues in fiscal 2007. This accounted for $0.3 million of the increase in product revenues from new customers, and $7.4 million of the increase in product revenues from existing customers, in fiscal 2007 compared with fiscal 2006. As of April 30, 2007, deferred product revenues included $4.9 million related to similar transactions. See the related discussion in “—Sources of Revenues, Cost of Revenues and Operating Expenses.”

Maintenance and Services Revenues. Maintenance and services revenues for fiscal 2006 and 2007 are detailed in the following table:


	Fiscal Year Ended April 30,				Change in		Change in
	2006		2007		Dollars		Percent
	(in thousands, except for percentages)

Maintenance revenues	$	11,473	$	18,762	$	7,289		63.5	%
Services revenues		5,103		7,082		1,979		38.8

Maintenance and services revenues	$	16,576	$	25,844	$	9,268		55.9	%

Maintenance revenues increased $7.3 million in fiscal 2007 as a result of providing support services to a larger installed base as well as the incremental maintenance revenues from increased product sales. Services revenues increased by $2.0 million in fiscal 2007 as a result of providing services to a larger installed base. As a result of the timing of revenue recognition for sales transactions that included an undelivered product element for which we did not have VSOE, there was a net deferral of $0.3 million of maintenance and services revenues in fiscal 2006 and a net recognition of $0.1 million of maintenance and services revenues in fiscal 2007. This accounted for $0.4 million of the increase in maintenance and services revenues in fiscal 2007 compared to fiscal 2006. As of April 30, 2007, deferred maintenance and services revenues included $0.5 million related to similar transactions. See the related discussion in “—Sources of Revenues, Cost of Revenues and Operating Expenses.”

Cost of Revenues and Gross Margin

Cost of Product Revenues and Gross Margin. Product gross margin as a percentage of product revenues increased to 94.2% in fiscal 2007 from 92.3% in fiscal 2006. The increase of 1.9 percentage points in product gross margin as a percentage of product revenues in fiscal 2007 compared to fiscal 2006 was primarily a result of the timing of revenue recognition for sales transactions that included an undelivered product element for which we did not have VSOE.

Cost of Maintenance and Services Revenues and Gross Margin. Cost of maintenance and services revenues for fiscal 2006 and 2007 is detailed in the following table:


	Fiscal Year Ended April 30,				Change in		Change in
	2006		2007		Dollars		Percent
	(in thousands, except for percentages)

Cost of maintenance revenues	$	2,085	$	3,498	$	1,413		67.8	%
Cost of services revenues		2,942		3,521		579		19.7

Cost of maintenance and services revenues	$	5,027	$	7,019	$	1,992		39.6	%

Maintenance gross margin remained essentially constant at 81.4% and 81.8% in fiscal 2007 and 2006, respectively. Services gross margin increased to 50.3% in fiscal 2007 from 42.3% in fiscal 2006 due to a decreased volume of lower margin services revenues in fiscal 2007, including fewer services for which we used a third-party service provider related to certain government contracts.

Operating Expenses

Research and Development Expenses. The increase in research and development expenses in fiscal 2007 of $2.4 million compared to fiscal 2006 was primarily attributable to an increase of $2.8 million in compensation expenses associated with an increase in research and development personnel from 71 to 89 at the respective period ends, and to our incurrence of stock-based compensation expense of $0.1 million as a result of our adoption of SFAS 123R in fiscal 2007, offset by the decrease in stock-based compensation of $1.9 million in fiscal 2007 as a result of the repayment of an employee loan in fiscal 2006 and the associated cessation of variable accounting. Research and development expense as a percentage of revenue was 20.8% in fiscal 2007, compared to 30.8% in fiscal 2006. The timing of revenue recognition for sales transactions that included an undelivered product element for which we did not have VSOE contributed to 4.8% of the 10.0% reduction in research and development expenses as a percentage of revenues.

Sales and Marketing Expenses. The increase in sales and marketing expenses in fiscal 2007 of $12.3 million compared to fiscal 2006 was primarily attributable to an increase of $8.9 million in compensation and related expense associated with an increase in sales and marketing personnel from 74 to 104 at the respective period ends. The increase in compensation and related expense included $0.6 million as a result of our adoption in fiscal 2007 of SFAS 123R. In addition, marketing expenses related to trade shows, public relations and advertising increased by $1.6 million and travel expenses increased $0.9 million. Sales and marketing expense as a percentage of revenues was 52.4% in fiscal 2007, compared to 61.7% in fiscal 2006. The reduction in sales and marketing expenses as a percentage of revenues was due to the timing of revenue recognition for sales transactions that included an undelivered product element for which we did not have VSOE.

General and Administrative Expenses. The decrease in general and administrative expenses of $3.5 million in fiscal 2007 compared to fiscal 2006 was primarily associated with a decrease in compensation and related expenses of $4.0 million, offset in part by an increase of $0.3 million associated with professional service provider fees. The decrease in compensation and related expenses is primarily a result of the decreased stock-based compensation expense of $5.6 million in fiscal 2007 as a result of the repayment of an employee loan in fiscal 2006, offset by an increase of $1.6 million associated with an increase in personnel from 22 to 32 at the respective period ends. Fiscal 2007 stock-based compensation expense included $0.2 million from our adoption in fiscal 2007 of SFAS 123R. General and administrative expense as a percentage of revenues declined to 13.6% in fiscal 2007, compared to 32.9% in fiscal 2006. The timing of revenue recognition for sales transactions that included an undelivered product element for which we did not have VSOE contributed to 4.8% of the 19.3% reduction in general and administrative expenses as a percentage of revenues.

Other Income (Expense), Net. The increase in other income (expense), net in fiscal 2007 is primarily a result of higher invested cash balances generated from operations, as our foreign currency related gains and losses remained comparable year over year.

Provision for Income Taxes. The provision for income taxes for fiscal 2006 and 2007 was primarily related to foreign income taxes.

Comparison of Fiscal Year 2006 and Fiscal Year 2005

Revenues

Product Revenues. Product revenues in fiscal 2006 included revenues of $13.9 million from sales to 92 new customers and revenues of $8.9 million from sales to existing customers. New customer revenues in fiscal 2006 remained constant compared to fiscal 2005. Existing customer revenues in fiscal 2006 increased by $0.6 million compared to existing customer revenues in fiscal 2005. Product revenues in fiscal 2005 and 2006 excluded $0.2 million and $6.0 million, respectively, of revenues related to sales transactions consummated in fiscal 2006 and prior years that included undelivered product elements for which we did not have VSOE, resulting in a deferral until future periods. Of the $6.0 million deferral from fiscal 2006, $1.0 million was related to transactions with new customers and $5.0 million was related to transactions with existing customers.

Maintenance and Services Revenues. Maintenance and services revenues for fiscal 2005 and 2006 are detailed in the following table:


	Fiscal Year Ended April 30,				Change in		Change in
	2005		2006		Dollars		Percent
	(in thousands, except for percentages)

Maintenance revenues	$	5,947	$	11,473	$	5,526		92.9	%
Services revenues		4,518		5,103		585		12.9

Maintenance and services revenues	$	10,465	$	16,576	$	6,111		58.4	%

Maintenance revenues increased $5.5 million in fiscal 2006 as a result of providing support services to a larger installed base as well as the incremental maintenance revenues from increased product sales. Services revenues increased by $0.6 million as a result of providing services to a larger installed base.

Cost of Revenues and Gross Margin

Cost of Product Revenues and Gross Margin. Product gross margin as a percentage of product revenues decreased to 92.3% in fiscal 2006 from 95.2% in fiscal 2005. The decrease of 2.9 percentage points in product gross margin as a percentage of revenues in fiscal 2006 is primarily a result of the impact from the deferral of $6.0 million of revenues in fiscal 2006 for undelivered product elements for which we did not have VSOE.

Cost of Maintenance and Services Revenues and Gross Margin. Cost of maintenance and services revenues for fiscal 2005 and 2006 is detailed in the following table:


	Fiscal Year Ended
	April 30,				Change in		Change in
	2005		2006		Dollars		Percent
	(in thousands, except for percentages)

Cost of maintenance revenues	$	850	$	2,085	$	1,235		145.3	%
Cost of services revenues		2,560		2,942		382		14.9

Cost of maintenance and services revenues	$	3,410	$	5,027	$	1,617		47.4	%

Maintenance gross margin decreased to 81.8% in fiscal 2006 from 85.7% in fiscal 2005 as a result of the hiring of additional maintenance personnel to support our growing customer base. Services gross margin decreased slightly to 42.3% in fiscal 2006 from 43.3% in fiscal 2005.

Operating Expenses

Research and Development Expenses. The increase in research and development expenses in fiscal 2006 compared to fiscal 2005 was primarily attributable to an increase of $4.0 million in compensation and related expenses associated with an increase in research and development personnel from 45 to 71 at the respective period ends. Research and development expense as a percentage of revenues was 30.8% in fiscal 2006, compared to 23.1% in fiscal 2005. The timing of revenue recognition for sales transactions that included an undelivered product element for which we did not have VSOE contributed to 3.9% of the 7.7% increase in research and development expenses as a percentage of revenues.

Sales and Marketing Expenses. The increase in sales and marketing expenses in fiscal 2006 compared to fiscal 2005 was primarily attributable to an increase of $6.2 million in compensation and related expenses associated with an increase in sales and marketing personnel from 50 to 74 at the respective period ends. In addition, marketing expenses related to trade shows, public relations and advertising increased by $1.0 million and travel expenses increased $1.6 million compared to fiscal 2005. Sales and marketing expense as a percentage of revenues was 61.7% in fiscal 2006, compared to 44.6% in fiscal 2005. The timing of revenue recognition for sales transactions that included an undelivered product element for which we did not have VSOE contributed to 8.0% of the 17.1% increase in sales and marketing expenses as a percentage of revenues.

General and Administrative Expenses. The increase in general and administrative expenses in fiscal 2006 compared to fiscal 2005 was primarily a result of an increase of $2.3 million in compensation and related expenses, in connection with the increase in personnel from 14 to 22 at the respective period ends. The $2.3 million includes an increase in stock-based compensation expense of $1.1 million as a result of variable accounting treatment for options exercised with an employee loan and the increase in the value of our common stock in fiscal 2006. In addition, professional service provider fees increased $1.8 million in fiscal 2006. General and administrative expense as a percentage of revenues was 32.9% in fiscal 2006, compared to 26.6% in fiscal 2005. The timing of revenue recognition for sales transactions that included an undelivered product element for which we did not have VSOE contributed to 4.1% of the 6.3% increase in general and administrative expenses as a percentage of revenues.

Other Income (Expense), Net. The increase in other income (expense), net in fiscal 2006 is primarily a result of higher invested cash balances generated from operations, as our foreign currency related gains and losses remained relatively flat year over year.

Provision for Income Taxes. The provision for income taxes for fiscal 2006 was primarily related to foreign income taxes. The provision for income taxes for fiscal 2005 was a combination of U.S. federal, state and foreign income taxes.

Liquidity and Capital Resources

At April 30, 2007, we had cash and cash equivalents totaling $16.9 million and accounts receivable of $15.6 million. From our inception in May 2000 through October 2002, we funded our operations primarily through equity financings of convertible preferred stock that raised a total of $26.8 million.

Historically our principal uses of cash have consisted of payroll and other operating expenses and purchases of property and equipment to support our growth. In fiscal 2007, we used $7.2 million in cash to purchase the assets of Enira Technologies, LLC, including acquisition costs.

The following table shows our cash flows from operating activities, investing activities and financing activities for the stated periods:


	Fiscal Year Ended April 30,
	2005			2006			2007
	(in thousands)

Net cash provided by operating activities	$	5,922		$	3,848		$	10,161
Net cash used in investing activities		(1,238	)		(1,431	)		(10,274	)
Net cash provided by financing activities		832			538			571

Operating Activities

We derive cash flows from operations primarily from cash collected from the sale of our products and related maintenance and services. Our cash flows from operating activities are also significantly influenced by our use of cash to support the growth of our business in areas such as sales and marketing, research and development and corporate administration. Net cash provided by operating activities was $5.9 million, $3.8 million and $10.2 million in fiscal 2005, 2006 and 2007, respectively. Net cash provided by operating activities in fiscal 2007 primarily consisted of cash contributed by net changes in deferred revenues, accounts receivable, accrued liabilities and other operating assets and liabilities of $6.9 million, depreciation and amortization expense of $1.9 million and stock-based compensation of $1.5 million, offset by a net loss of $0.3 million. The increase in cash generated from operations from fiscal 2006 to fiscal 2007 principally reflects an increase in cash collected from customers due to the increased product and related services sales between the periods, offset by the increase in payroll and other operating costs. Net cash provided by operating activities in fiscal 2005 and 2006 primarily consisted of cash contributed by net changes in deferred revenues, accounts receivable, accrued liabilities and other operating assets and liabilities of $0.9 million and $11.5 million, stock-based compensation of $7.2 million and $8.1 million, offset by net losses of $2.8 million and $16.7 million, respectively.

Investing Activities

Net cash used in investing activities was $1.2 million, $1.4 million and $10.3 million in fiscal 2005, 2006 and 2007, respectively. Investing activities in fiscal 2007 consisted of $7.2 million cash consideration, including acquisition costs, for the purchase of the assets of Enira Technologies, LLC, $2.2 million in purchases of property and equipment and $0.8 million in a restricted cash account used to secure a standby letter of credit. Investing activities for 2005 and 2006 consisted of purchases of property and equipment to support our growth.

Financing Activities

Net cash provided by financing activities was $0.8 million, $0.5 million and $0.6 million in fiscal 2005, 2006 and 2007, respectively. In fiscal 2007, the net cash provided by financing activities consisted of proceeds from the exercise of stock options. In fiscal 2006, the net cash provided by financing activities consisted of proceeds from the repayment of certain stockholder notes and proceeds from the exercise of stock options. In fiscal 2005, the net cash provided by financing activities consisted of proceeds from the exercise of Series C preferred stock warrants, the repayment of stockholder notes and the exercise of stock options.

Other Factors Affecting Liquidity and Capital Resources

We believe that our cash and cash equivalents and any cash flow from operations will be sufficient to meet our anticipated cash needs, including for working capital purposes, capital expenditures and various contractual obligations, for at least the next 12 months. We may, however, require additional cash resources due to changed business conditions or other future developments, including any investments or acquisitions we may decide to pursue. If these sources are insufficient to satisfy our cash requirements, we may seek to sell debt securities or additional equity securities or to obtain a credit facility. The sale of convertible debt securities or additional equity securities could result in additional dilution to our stockholders. The incurrence of indebtedness would result in debt service obligations and could result in operating and financial covenants that would restrict our operations. In addition, there can be no assurance that any additional financing will be available on acceptable terms, if at all. We anticipate that, from time to time, we may evaluate acquisitions of complementary businesses, technologies or assets. However, there are no current understandings, commitments or agreements with respect to any acquisitions.

Off-Balance Sheet Arrangements

As of April 30, 2007, we had no off-balance sheet arrangements as defined in Item 303(a)(4) of the Securities and Exchange Commission’s Regulation S-K.

Contractual Obligations and Commitments

We lease facilities for our corporate headquarters, subsidiaries and regional sales offices. We lease our principal facility in Cupertino, California under a non-cancellable operating lease agreement that expires in October 2013. We also have leases for our regional sales offices that are for 13 months or less.

The following table is a summary of our contractual obligations as of April 30, 2007:


	Payments Due by Period
			Less than 1						More than
Contractual Obligations	Total		Year		1-3 Years		3-5 Years		5 Years
	(in thousands)

Operating lease obligations	$	12,896	$	1,797	$	3,773	$	4,057	$	3,269
Contractual commitments		557		202		355		—		—
Total	$	13,453	$	1,999	$	4,128	$	4,057	$	3,269

Following the end of fiscal 2007, in May 2007, we entered into a royalty commitment agreement under which we will make payments totaling $3.9 million through April 2009.

Recent Accounting Pronouncements

In February 2006, the FASB issued SFAS No. 155, Accounting for Certain Hybrid Financial Instruments, or SFAS 155, which amends the guidance in SFAS No. 133, Accounting for Derivative Instruments and Hedging Activities, and SFAS No. 140, Accounting for Transfers and Servicing of Financial Assets and Extinguishments of Liabilities. SFAS 155 allows financial instruments that have embedded derivatives to be accounted for as a whole (eliminating the need to bifurcate the derivative from its host) if the holder elects to account for the whole instrument on a fair-value basis. SFAS 155 is effective for all financial instruments acquired or issued after the beginning of an entity’s first fiscal year that begins after September 15, 2006. We do not expect the adoption of SFAS 155 to have a material impact on our consolidated results of operations, financial position or cash flows.

In June 2006, the FASB issued Interpretation No. 48, Accounting for Uncertainty in Income Taxes, an interpretation of SFAS 109, or FIN 48, which specifies how tax benefits for uncertain tax positions are to be recognized, measured and derecognized in financial statements. FIN 48 also requires certain disclosures of uncertain tax positions and specifies how reserves should be classified on the balance sheet. FIN 48 is effective for us in the first quarter of fiscal 2008. We will adopt FIN 48 in the first quarter of fiscal 2008, and are currently evaluating the effect, if any, the adoption of FIN 48 will have on our results of operations, financial position and cash flows.

In September 2006, the Securities and Exchange Commission issued SAB No. 108, Considering the Effects of Prior Year Misstatements when Quantifying Misstatements in Current Year Financial Statements, or SAB 108.

SAB 108 provides guidance on how prior year misstatements should be taken into consideration when quantifying misstatements in current year financial statements for purposes of determining whether the current year’s financial statements are materially misstated. The adoption of SAB 108 during the fiscal year ended April 30, 2007 did not have a material impact on our consolidated results of operations, financial position or cash flows.

In September 2006, the FASB issued SFAS No. 157, Fair Value Measurement, or SFAS 157, which defines fair value, establishes a framework for measuring fair value in generally accepted accounting principles, and expands disclosures about fair value measurements. The statement does not require any new fair value measurements. SFAS 157 is effective for all financial statements issued for fiscal years beginning after November 15, 2007. We are currently assessing the impact, if any, the adoption of SFAS 157 will have on our consolidated results of operations, financial position and cash flows.

In February 2007, the FASB issued SFAS No. 159, The Fair Value Option for Financial Assets and Financial Liabilities, or SFAS 159, including an amendment of SFAS No. 115, Accounting for Certain Investments in Debt and Equity Securities, which allows an entity to choose to measure certain financial instruments and liabilities at fair value. Subsequent measurements for the financial instruments and liabilities an entity elects to measure at fair value will be recognized in earnings. SFAS 159 also establishes additional disclosure requirements. SFAS 159 is effective for fiscal years beginning after November 15, 2007, with early adoption permitted provided that the entity also adopts SFAS 157. We are currently evaluating the effect, if any, the adoption of SFAS 159 will have on our consolidated results of operations, financial position and cash flows.

Quantitative and Qualitative Disclosures about Market Risk

Market risk represents the risk of loss that may impact our financial position due to adverse changes in financial market prices and rates. Our market risk exposure is primarily a result of fluctuations in foreign exchange rates and interest rates. We do not hold or issue financial instruments for trading purposes.

Foreign Currency Exchange Risk. To date, substantially all of our international sales have been denominated in U.S. dollars. We utilize foreign currency forward and option contracts to manage our currency exposures as part of our ongoing business operations. We do not currently expect to enter into foreign currency exchange contracts for trading or speculative purposes.

Interest Rate Risk. We had cash and cash equivalents totaling $16.9 million at April 30, 2007. These amounts were primarily invested in money market funds and held for working capital purposes. We do not enter into investments for trading or speculative purposes. Due to the short-term nature of these investments, we do not believe that we have any material exposure to changes in the fair value of our investment portfolio as a result of changes in interest rates. Declines in interest rates, however, will reduce future interest income.

BUSINESS

Overview

We are a leading provider of security and compliance management solutions that intelligently mitigate business risk for enterprises and government agencies. Much like a “mission control center,” our ESM platform delivers a centralized, real-time view of disparate digital alarms, alerts and status messages, which we refer to as events, across geographically dispersed and heterogeneous business and technology infrastructures. Our software correlates massive numbers of events from thousands of security point solutions, network and computing devices and applications, enabling intelligent identification, prioritization and response to external threats, insider threats and compliance and corporate policy violations. We also provide complementary software that delivers pre-packaged analytics and reports tailored to specific security and compliance initiatives, as well as appliances that streamline threat response, event log archiving and network configuration.

We have designed our platform to support the increasingly complex business and technology infrastructure of our customers. Our platform ships with over 240 pre-built software connectors for products from approximately 100 vendors. It also integrates easily with products for which we do not provide pre-built connectors and with proprietary enterprise applications to ensure that event logs from these products are seamlessly integrated into our platform for intelligent correlation and analysis. As of April 30, 2007, we have sold our products to more than 350 customers across multiple industries and government agencies in the United States and internationally, including companies in the Fortune Top 5 of the aerospace and defense, energy and utilities, financial services, food production and services, healthcare, high technology, insurance, media and entertainment, retail and telecommunications industries, and more than 20 major U.S. government agencies.

Our Industry

Heightened Risks of a Real-Time Business Architecture

Enterprises and government agencies increasingly utilize interconnected IT infrastructure to enhance efficiency and achieve business advantage. As more devices, applications and business processes are integrated into these networks, the power, utility and extensibility of the network grows. Organizations have used these improvements to transform their IT infrastructures into platforms to conduct transactions with customers, suppliers, employees and other partners in real-time. While the adoption of and reliance on this new interconnected IT infrastructure has significantly enhanced productivity and lowered the cost of doing business, it also has exposed organizations to heightened risk. These risks include:


	•	External Threats. Historically, threats from external sources have originated from “hobbyist” hackers who introduce malicious code into the IT infrastructure or deface or disable a corporation’s Web presence. More recently, hackers have increasingly participated in highly sophisticated, well organized and financially motivated crime rings, launching attacks aimed at identity theft, credit card fraud, extortion and industrial espionage. In addition, terrorists and some nation-states engage in espionage or cyberwarfare by targeting key elements of a nation’s infrastructures, such as financial exchanges, power grids and pipeline and transportation networks. In recent years, the sophistication and speed of these attacks have increased. Today, attacks can propagate worldwide in minutes, severely impacting service levels for critical infrastructure applications and business processes, such as voice and electronic communications, enterprise resource planning and financial transactions, and can disrupt entire corporate and civil infrastructures.

	•	Insider Threats. In recent years, the open and distributed nature of corporate and government networks, as well as the rising level of IT sophistication of the average user, have increased the risk of malfeasance or negligence on the part of trusted individuals “within” the network, such as employees, partners or contractors. Malicious insider threats include, for example, misuse by an IT professional of administrative access to attack the corporate network and unauthorized copying proprietary information by an employee to an external memory device for use by a third party. Organizations also are threatened by employee negligence, such as unauthorized employee download of potentially vulnerable or harmful applications. Insider threats account for an increasingly large portion of security attacks, especially in large enterprises. In 2007, a study by the TheInfoPro, an industry publication, revealed that 59% of organizations have


		experienced security losses attributed to insiders, with nearly one in five attributing more than 75% of their security incidents to insiders.


	•	Regulatory Non-Compliance and Corporate Policy Violations. Several new laws and regulatory initiatives mandate that enterprises design, implement, document and demonstrate controls and processes to maintain the integrity and confidentiality of information transmitted and stored on their IT systems. Many of these compliance mandates require enterprises to archive and retrieve data from the significant volume of event logs being generated by IT devices, in some cases for as long as seven years. Examples of these mandates include the Sarbanes-Oxley Act, the Health Insurance Portability and Accountability Act (HIPAA), the Basel II framework for the banking industry, the Payment Card Industry (PCI) Data Security Standard, the Federal Information Security Management Act (FISMA) and the new Federal Rules of Civil Procedure. According to a January 2007 study of Fortune 1000 companies by TheInfoPro, compliance was listed as the top IT security-related “pain point.” In addition to compliance with regulations, enterprises and government agencies require their employees to comply with numerous organizational policies, such as confidentiality guidelines, acceptable use policies and intellectual property protection.

The repercussions for enterprises and government agencies from external threats, insider threats and compliance violations continue to increase in severity, causing such adverse effects as prolonged network outages, adverse publicity and damage to organizational reputation and brand, loss of confidential information such as credit card and social security numbers and various legal ramifications. Given the potential severity of such repercussions, these issues increasingly have become an area of focus among the senior-most decision makers, auditors, regulators and even at the board of directors level, and are no longer confined to network administrators and IT security professionals.

Challenges Facing Organizations to Effectively Mitigate These Risks

A large organization typically employs thousands of devices and applications in its business and technology infrastructure, including:


	•	security appliances, such as firewalls, virtual private networks, or VPNs, and intrusion detection and prevention systems, or IDPs;

	•	end-user devices, such as personal computers, or PCs, mobile phones and personal digital assistants, or PDAs;

	•	network equipment, such as routers, switches and media gateways;

	•	storage systems, such as storage area networks, or SANs, and network attached storage, or NAS;

	•	computing infrastructure, such as servers and mainframes;

	•	other IP-enabled devices that are increasingly supplanting the functionality of traditional offline corporate functions, such as IP-video cameras, badge readers, and phone systems;

	•	applications and their associated databases, including enterprise resource planning, or ERP, and customer relationship management, or CRM, systems and custom applications; and

	•	other systems related to business processes that are performed in real-time by customers, employees and partners such as point-of-sale and inventory control systems, trading exchange platforms, supply-chain management, electronic banking, human resource management and customer record-keeping platforms.

The heterogeneous applications and devices in the business and technology infrastructure generate massive amounts of disaggregated event data, challenging organizations to collect this information, identify threats among the “white noise” of normal activity and respond efficiently and effectively to identified threats.

Traditional Management Solutions Are Either Limited in Scope or Not Equipped to Handle Event Data in Volume

Each of the devices and applications in an organization’s architecture, which we refer to as event sources, generates a log, which is a digital record of all events associated with that device or application. For example, an event is recorded when an email server sends or receives a single email, a database server provides a customer record or an employee swipes his identification badge when entering the corporate headquarters. A single device or application can generate thousands of events in a single day and, in aggregate, the thousands of event sources attached to a global, distributed enterprise can generate millions of events daily.

Organizations typically use separate vendor-specific management consoles to collect, monitor and manage the information and events being generated by devices and applications from that vendor. This approach creates multiple, separate and narrow views of the event activity occurring across their business and technology infrastructures. Organizations also attempt to gain a broader, more integrated view of IT activity by using systems management framework tools. However, these tools provide only a basic understanding of the operating parameters of the devices, such as current CPU capacity or available throughput. In addition, these systems management tools are not designed to collect and analyze large volumes of streaming event data.

Organizations Are Unable to Distinguish Threats from “White Noise” and Prioritize Them in Real-Time

Most of the thousands of streaming events that occur every second in any organization, are normal and non-threatening activity. However, there are pieces of valuable information within the event stream related to unusual activity or patterns of behavior that may identify an impending security, compliance or business threat. As a result of

the large volume and siloed view of events, organizations generally have difficulty identifying events that are threatening in nature because they are unable to:


	•	distinguish threats from the “white noise” of normal events in the event stream;

	•	understand the context in which the events arise, including relationships between events; and

	•	appropriately prioritize responses in real-time.

Some basic examples of this challenge include:


	•	An employee is logged onto the corporate network remotely through a VPN connection, while a physical badge reader simultaneously detects that the employee has entered corporate headquarters. Individually, both of these activities appear normal in nature as they are occurring, although when seen in context identify a potential threat.

	•	A threat has targeted two servers, both of which are physically identical and running the same operating system, although one server is a print server and the other is running a critical transaction processing application for customers. Given the similar characteristics, a security analyst, without additional information, must arbitrarily choose to start remediation of the threat on one of the servers. Choosing to begin with the lower priority server could result in significant damage to the enterprise by allowing the critical server to be compromised.

	•	An IDP identifies a known threat and generates an alarm that requires investigation by a security analyst. Upon investigation, the analyst learns that the threat was targeting a system that was not vulnerable to that particular threat and therefore wasted effort on a false alarm.

The inability of an organization to understand the link between related events and the context in which they arise, including the business value, compliance status and vulnerability status of the targeted assets, makes it very difficult to identify and prioritize those events that represent a security, compliance or business risk.

Response Processes Are Slow and Labor-Intensive

Effectively responding to identified threats and non-compliance with regulations and organizational policy is challenging because response usually requires coordination among IT security teams, network operations teams, application engineering teams and others. This coordination often triggers a labor intensive workflow, including submitting requests into the trouble ticketing system, identifying all necessary individuals, orchestration of meetings to facilitate discussion of a remediation strategy and documenting the changes that are made. Furthermore, given the increasing complexity of the IT environment, organizations are often slow to shut down or modify the configuration of any device or application, for fear that the remedial action may trigger further vulnerabilities or cause other parts of the IT infrastructure to fail.

Organizations Require a Highly Scalable and Intelligent Technology Platform with Real-Time Event Correlation to Effectively Mitigate Business Risk

To address these challenges, enterprises and government agencies require a technology platform that can collect, correlate, respond to and archive all of the events across an organization’s business and technology infrastructure in order to provide real-time management of the organization’s vulnerability to external threats, insider threats and compliance and corporate policy violations. This technology platform must:


	•	collect event data from devices and applications manufactured by many different vendors as well as proprietary solutions;

	•	process and archive streaming data from a globally dispersed network of thousands of event sources as soon as they are captured, or in “real-time”;

	•	correlate this event data in order to identify and prioritize threats across the organization;

	•	provide a centralized easy to understand view of these threats;


	•	enable an automated response workflow that conforms to an organization’s policies;

	•	store event data for compliance purposes and forensic analysis; and

	•	facilitate network configuration changes to isolate threats and prevent recurrence.

The market for security and compliance management solutions today includes security information and event management, forensics and incident investigation, policy and compliance management and network change and configuration management. According to a report by International Data Corporation, or IDC, the security information and event management, forensics and incident investigation, and policy and compliance management markets are projected to grow, in aggregate, from $993.6 million in 2007 to $2.2 billion in 2011, representing a compound annual growth rate of 22.1%. In separate reports, IDC projects that the network change and configuration management market will grow from $157.1 million in 2007 to $372.6 million in 2011, representing a compound annual growth rate of 24.1%, and the compliance infrastructure software market, in which we also compete, will grow from $6.2 billion in 2007 to $10.6 billion in 2010, representing a compound annual growth rate of 19.5%.

Our Solutions

We are a leading provider of security and compliance management software solutions that intelligently mitigate business risk for enterprises and government agencies. Much like a “mission control center,” our solution delivers a centralized, real-time view of events across geographically dispersed and heterogeneous business and technology infrastructures. Our ESM platform collects streaming data from event sources, translates the streaming data into a common format, and then processes the data with our correlation engine in which complex algorithms determine if events taking place conform to normal patterns of behavior, established security policies and compliance regulations. Our platform identifies and prioritizes high-risk activity and presents a consolidated view of threats to the business and technology infrastructure in rich, graphical displays. Once threats are identified, our recently introduced TRM and NCM appliance products help our customers easily re-configure network devices to remediate threats and prevent recurrence. In addition, through our new Logger appliance we enable efficient and scalable storage, preservation and management of terabytes of enterprise log data for compliance requirements or forensic analysis. Our customers enhance the value of other security products in their business and technology infrastructure by integrating them with our platform.

Key benefits of our solutions include:

Enterprise-Class Technology and Architecture. We design our solutions to serve the needs of even the largest organizations, which typically have highly complex, geographically dispersed and heterogeneous business and technology infrastructures. We deliver enterprise-class solutions by providing:


	•	Interoperability. We provide off-the-shelf software connectors for over 240 products, including security devices, end-user devices, networking equipment, computing infrastructure, other IP-enabled devices, and enterprise applications and databases, from approximately 100 vendors, allowing our customers to rapidly deploy our platform in their existing business and technology infrastructures.

	•	Flexibility. In addition to providing off-the-shelf connectors, our ESM platform is designed to enable customers to rapidly build interfaces to new products, proprietary applications and legacy systems.

	•	Scalability. Our ESM platform enables customers to collect and correlate millions of events per day from a large number of heterogeneous devices and applications in real-time. Once customers have installed our ESM platform, our product architecture enables customers to incorporate additional departments, branch offices or geographies, as well as additional categories of devices and applications, while maintaining the overall performance of the platform.

	•	Archiving. Our solution provides organizations with cost-effective long-term storage of and an ability to search across event log data by centralizing event log archiving onto a dedicated hardware appliance. This also helps customers store event data to satisfy regulatory recordkeeping requirements.

Intelligent Correlation. Our correlation engine intelligently distills millions of events occurring daily into information that allows customers to identify, prioritize and respond to specific threats or compliance violations. Our correlation engine accomplishes this by:


	•	analyzing common data elements, such as time of occurrence, type of behavior, source, destination and geographic location, contained within multiple events to establish relationships or identify events that, alone or in combination, signify a threat across the infrastructure independent of the device type or device vendor that generated the event;

	•	differentiating event sources by their relative level of importance to business or compliance function, enabling the correlation engine to prioritize event sources such as Web or transaction processing applications over print servers, for example;

	•	factoring in known security vulnerabilities of targeted assets, such as systems that have not been patched for the relevant threat;

	•	establishing a record of user roles and identity, enabling our engine to differentiate for example between an intended user, such as a human resources professional, who is accessing a sensitive employee database and a user whose access is more questionable, such as a consultant; and

	•	storing and comparing event data over time to capture not only rapidly executing threats but also low-profile, slowly emerging attacks that may unfold over days, weeks or even months.

Our correlation engine includes over 100 standard rules that address common security and compliance issues and business risks and enables customers to write customized rules that apply their specific security and compliance policies. Our complementary pattern discovery technology allows users to automatically generate new rules to address patterns of activity specific to their technology infrastructure.

Streamlined Response and Seamless Workflow. Our products simplify the management of the broad range of notifications and actions that must take place to remediate a threat and prevent recurrence across the technology infrastructure, thus narrowing the period of vulnerability. Once our correlation engine has prioritized a security, compliance or business risk and pinpointed the business assets that are exposed, our response technology recommends a precise set of remediation steps, based on the customer’s specific topology and consistent with the customer’s policy directives, designed to minimize the impact on related devices or applications. Based on this knowledge, our products can either automatically implement the recommended network configuration changes or follow pre-determined workflow by generating an incident response ticket that enables our customers to manage the remediation process.

Reporting and Visualization. We present threat information through a rich and intuitive graphical user interface. Our user interface enables customers to perform a variety of tasks to gain insight into threats across their infrastructure, such as monitoring and analyzing overall threats in real-time, drilling down to investigate a single incident, responding to incidents or creating a new policy setting. Our ESM platform contains approximately 350 standard report templates that address common security, compliance and business risk reporting requirements. Our software also allows customers to design their own reports. With our user interface, customers can view risk across their organization in a variety of ways, address internal and external compliance requirements and communicate the value and effectiveness of the organization’s security operations.

Our Strategy

Our objective is to be the leading provider of security and compliance management software solutions that intelligently mitigate business risk for enterprises and government agencies. The key elements of our strategy to achieve this objective include:

Grow Our Customer Base. We have provided our products to over 350 customers and plan to increase our customer base in the future by:


	•	Expanding Our Geographic Coverage. While we generate most of our revenues from customers based in the United States, and we continue to experience significant domestic growth, a growing portion of our


		revenues are from customers based in Europe, the Middle East, the Asia-Pacific region and elsewhere. We intend to increase our presence globally by expanding our direct sales force and building additional relationships with local and regional value added resellers and distribution partners in these markets.


	•	Further Penetrating the Mid-Market. While our sales to date have primarily been to Global 2000 companies and government agencies, we are increasingly experiencing demand from mid-market customers, predominantly driven by their regulatory compliance needs. We are investing in research and development, sales, marketing, training and other resources to develop products and extend our network of channel partners to market our solutions, particularly our appliance-based products, to this target market.

Deepen Our Penetration of Existing Customers. We intend to further penetrate our customer base by encouraging and facilitating expanded deployments of our products and introducing new solutions. The more broadly enterprises deploy our platform to manage their security, compliance and business risk, the more our platform becomes an integral component of their infrastructure. We expect our TRM, Logger and NCM appliances to generate opportunities for additional sales to our installed base as customers build on their existing implementation. We are investing in in-house sales professionals and strategic account managers to focus on selling more products into our existing installed base. We are also growing our dedicated Customer Success team to help customers realize more value from and potentially expand their implementations of our products.

Extend Our Partner Network. We work with a wide range of technology partners, including CA, Cisco Systems, IBM, Juniper Networks, McAfee, Oracle, SAP and Symantec, and other vendors, such as Check Point Software Technologies, Trend Micro and Websense. We plan to continue to work with these and other technology vendors to provide for compatibility between our platform and their latest products. To facilitate the independent development of connectors by our partners and customers, we publish an open event format standard called Common Event Format, or CEF. As the adoption of CEF increases, the value of this standard increases and drives additional sales opportunities by expanding our event feeds and the range of risks that our platform can address.

Extend Our Expertise in Security Best Practices. We maintain significant in-house expertise in security best practices and intend to leverage and expand our expertise into other areas of risk. We plan to continue to help our customers realize faster time to risk reduction by providing additional pre-packaged software solutions that are tailored to address specific security and regulatory concerns, as with our existing IT governance, Sarbanes-Oxley and Payment Card Industry (PCI) compliance, and Insider Threat packages. For example, we plan to develop packages that address the Basel II Framework and the Gramm-Leach-Bliley Act.

Extend Our Value Proposition to More Event Sources and Business Use Cases Beyond Traditional IT Security. We intend to create new sales opportunities by developing solutions that address high-value additional use cases for our platform. In addition to using our software to mitigate risk from external or insider threats and to satisfy compliance requirements, we believe that enterprises are increasingly finding value in leveraging our highly scalable, real-time event correlation platform for applications beyond security to mitigate additional risks associated with their specific business practices. Two examples of potential uses of our ESM platform beyond traditional IT security include:


	•	a financial services company using our products to monitor online stock transactions to detect likely cases of fraud and abuse; and

	•	an energy company using our products to monitor and prevent attacks on their pipeline control systems by correlating information from conventional network threat detection systems and process control logs, such as event data from supervisory control and data acquisition (SCADA) systems.

We believe that other organizations face similar business risks that threaten the efficiency or effectiveness of their business or the integrity of the product or service that they provide to their customers. As more enterprises use our platform to mitigate these risks, we will become an even more strategic part of our customers’ technology infrastructure.

Products

ArcSight ESM. ArcSight ESM, our flagship product, is designed specifically to address the security, compliance and business risk concerns of large, geographically-distributed organizations with complex, heterogeneous IT environments. ArcSight ESM serves as the “mission control center” for managing risks across an organization’s entire business and technology infrastructure. The key elements within ArcSight ESM include:


	•	ArcSight Connectors. Connectors are software that collect event data streams from sources across an organization’s business and technology infrastructure. These connectors then implement extensive normalization capabilities to restructure event data into a common taxonomy so events from hundreds of different sources can be compared meaningfully and queried systematically irrespective of which device is reporting the information. The normalized event data stream is then intelligently aggregated and compressed to eliminate irrelevant and duplicate messages and reduce bandwidth and storage consumption. Our SmartConnectors receive and translate event data streams from over 240 different devices and applications from approximately 100 vendors and in more than 30 different solution categories. Further, using our FlexConnector toolkit, our customers can create custom connectors tailored to their environment, such as for new products, proprietary applications and mainframe and other legacy systems. Our connectors can be deployed on intermediate collection points, such as third-party management consoles, where available, avoiding the requirement to provision our connectors directly onto end devices.

	•	ArcSight Manager. ArcSight Manager is server-based software that manages event aggregation and storage, controls the various elements of our platform and provides the engine for high-speed real-time correlation and incident response workflow. ArcSight Manager comes with over 100 standard rules that address common security and compliance issues and business risks. It also provides an intuitive system that enables customers to write customized rules that apply an organization’s security and compliance policies into the real-time analytics of the correlation engine as well as seamless integration with rules generated by our Pattern Discovery product. ArcSight Manager enables real-time collaboration and case management among security analysts, to track risk-prioritized response and remediation. In addition, it provides case resolution metrics to demonstrate security and compliance process and control effectiveness. Our case management system also can integrate with third party trouble ticketing systems, such as BMC Software. Our architecture was designed to allow customers to scale from a single centralized deployment to a distributed, global deployment by deploying additional Managers that work in concert.


	•	ArcSight Console and ArcSight Web. ArcSight Console is the primary user interface to interact with and control the ArcSight ESM platform. Through its intuitive interface, the Console provides administrators, analysts and operators with graphical data summaries and an intuitive interface to perform tasks ranging from real-time monitoring and analysis to incident investigation and response to system administration and authoring of new content. The Console is highly configurable to reflect individual customer environments and can display threat and risk information in a wide variety of formats including geographically, by division or line of business, by type of threat, and by compliance or policy initiative. With ArcSight Console, customers can run a wide variety of reports to answer internal and external compliance audits and communicate the value and effectiveness of the organization’s security operations. We also provide an authoring system which customers can use to create new reports to meet their specific business needs. Our ESM platform contains approximately 350 standard report templates that immediately address common security, compliance and business risk reporting requirements. To facilitate remote access for IT administrators as well as provide a portal for line-of-business viewing of status summaries and scheduled reports, our ArcSight Web product provides browser-based access to all Console functions and content, except administration and authoring.

ArcSight Compliance Insight and Insider Threat Packages. We offer pre-packaged software solutions that enable our ESM platform to provide technical- and business-level checks on corporate compliance with regulatory and policy requirements for perimeter security, protection of key business processes, threat management and incident response. These packages, which are tailored to address specific regulatory or policy concerns, comprise relevant rules and reports to accelerate implementation by our customers and can be customized or extended by the customer:


Package		Application

ArcSight Compliance Insight Package for IT Governance		Monitoring, assessing and reporting of compliance with the updated ISO-17799:2005 and the NIST 800-53 standards.

ArcSight Compliance Insight Package for Sarbanes-Oxley		Monitoring, assessing and reporting applicable to IT-related internal controls for financial reporting.

ArcSight Compliance Insight Package for PCI		Monitoring, assessing and reporting IT-related risks in accordance with the twelve requirements of the PCI standard.

ArcSight Insider Threat Package		Monitoring, assessing and reporting suspicious activities common to insider threats, such as inappropriate access or transmission of sensitive data, or the internal use or presence of hacking tools.

ArcSight Discovery Modules. Our ArcSight Discovery modules, which provide additional advanced analytics and visualization on our ESM platform, include:


	•	Our ArcSight Pattern Discovery software is a powerful complement to our correlation engine. It is an advanced pattern identification engine that retrospectively examines large amounts of security events previously collected and processed by ArcSight ESM to discover patterns of activity that may be characteristic of threats, such as emerging worms, new worm variants, self-concealing malware, and low profile, slowly developing attacks. Pattern Discovery proactively alerts the security operations analyst about existing or emerging patterns that are not comprehended by any rules in our correlation engine, and provides the customer the option to classify the patterns and also to optionally or automatically generate new rules for our ESM platform that will detect and respond to similar threatening patterns in the future.

	•	Our ArcSight Interactive Discovery visualization software helps IT security professionals pan, zoom and switch perspectives across complex technical data to perform in-depth analysis of security data as well as


		featuring visuals and drill-down capabilities that enable non-technical employees to see relevant threat information in a non-technical format.

In addition to our software products, we have a suite of appliances that enable automated network response, event log archiving, and configuration capabilities.

ArcSight TRM (Threat Response Manager). ArcSight TRM enables customers to quickly and precisely reconfigure network control devices to remediate security, compliance and business risks, consistent with an organization’s policy directives. TRM profiles a network’s topology through communication with devices without the need to install a software agent on the device. Through advanced algorithms, it can identify the exact location of any node (wireless, wired or VPN) on the network, analyze, recommend and, at the customer’s option, execute specific, policy-based actions in response to a threat, attack or other out-of-policy situation. TRM can block, quarantine or filter undesirable users and systems at the individual port level. The user account control feature in ArcSight TRM defines task groups, allowing control and restricted access rights in accordance to individual job tasks and descriptions. ArcSight TRM integrates seamlessly with ArcSight ESM to accelerate incident response by facilitating the coordination between the security and networking groups, thus improving the effectiveness of the response and acute remediation function.

ArcSight Logger. ArcSight Logger enables organizations to collect and store event data in support of security and compliance requirements. Logger provides customers with an easily searchable log data repository that can be leveraged across networking, security and IT operations teams. Access controls and intelligent search technology enable customers to interact with historical raw event data for insight into specific events. ArcSight Logger provides approximately 10:1 compression capability of event data. Multiple ArcSight Loggers can be deployed to linearly scale both storage and performance. Logger can flexibly and selectively forward security events to ESM for real-time, cross-device correlation, visualization and threat detection. In turn, ESM can send correlated alerts back to Logger for archival and subsequent retrieval. As with our ESM platform, Logger is also the basis for its own add-on Compliance Insight Packages, such as our Logger Compliance Insight Package for Sarbanes-Oxley.

ArcSight NCM (Network Configuration Manager). ArcSight NCM automates the definition, implementation and audit of network topology. NCM provides a wizard-based interface to define the desired configuration, reconfigure out-of-policy devices, and maintain protected records of all prior configurations for purposes of rollback, audit and compliance reporting. NCM presents network topology in a visual format, allowing organizations to identify mis-configurations, redundant links and multiple wide area network (WAN) access routes. NCM dynamically compares existing device configuration and highlights discrepancies from desired configuration policies that generally map to regulatory requirements, operational guidelines and business rules.

Maintenance and Professional Services

We offer a range of services after a sale occurs, principally in installation and implementation, project planning, advice on business use cases and training services that complement our product offerings. Initial implementation of our ESM platform typically is accomplished within two to four weeks. On an ongoing basis, we offer consulting services and training related to application of our ESM platform and associated complementary products to address additional or customer-specific security and compliance issues and business risks. Following deployment, our technical support organization provides ongoing maintenance for our products. We provide standard and, for customers that require 24-hour coverage seven days a week, premium tiers of maintenance and support which cover telephone- and web-based technical support and updates to our software during the period of coverage. Our three major support centers are located in Hong Kong, London and Cupertino, California. In addition, we sell an enhanced maintenance service that provides regular security content updates for our software. These content updates reflect emerging threats and risks in the form of signature categorization, vulnerability mapping and knowledge base articles on an ongoing basis.

Case Studies

Examples of deployments of our flagship ESM platform include:


	•	Traditional External Threat. A Fortune 100 financial services firm noticed that its efforts to remedy worm infestations were taking weeks and consuming excessive time and resources. As worms evolved faster than defense mechanisms like anti-virus solutions, firewalls and intrusion detection systems, their ability to penetrate the company’s infrastructure and propagate rapidly was increasing. The customer turned to our ESM platform to utilize the event data coming from a diverse set of existing security devices to provide an early warning system that identified the location and propagation mechanism of worm-like behavior. The customer now employs ArcSight ESM to coordinate and enhance its virus detection solutions and over time has reduced the time between worm detection and eradication from days to hours while reducing the number of affected systems by a similar margin.

	•	Emerging External Threat. A major international telecommunications operator was concerned that mobile malware was propagating rapidly through its wireless networks, potentially impacting quality of service by reducing bandwidth and disrupting handset operation. The customer utilized our ESM platform to collect and monitor event data on its 3G systems to identify malware behavior profiles and gain a clear understanding of the impact of malware on its network. By implementing our software, the company was able to assess the risk from mobile malware and its potential impact on service level agreement non-compliance and protect against damage to its networks.

	•	Insider Threat. A large aerospace company operates under a number of government regulations concerning use of its network, actions of partners and protection of sensitive information. The organization turned to us to significantly enhance monitoring of user privilege access control and data flow. The customer used our ESM platform to implement custom rules to identify intellectual property leak risks such as alerting the customer whenever a sensitive file that was accessed and then subsequently sent to an external location. Our solution allowed the customer to assign priority levels to various files across its infrastructure, in order to facilitate a response and remediation workflow that matches the urgency of the threat. After implementing our software, the customer was able to increase its ability to monitor intellectual property leakage incidents and non-U.S. access to their network.

	•	Compliance. To comply with Section 404 of the Sarbanes-Oxley compliance framework, enterprises must monitor access and configuration changes to critical financial reporting and accounting systems, including ERP systems, databases and the associated operating systems. A customer did not have centralized log review to support these tasks, and lacked necessary detective controls. The customer deployed our ESM platform and the ArcSight Compliance Insight Package for Sarbanes-Oxley to help manage their compliance efforts by collecting event data from these systems and correlating them in real-time against predefined corporate policies. Our software provided the customer with an efficient platform for Sarbanes-Oxley compliance while improving efficiency and satisfying both internal and external auditors with a demonstrable, repeatable process.

	•	Application Beyond Traditional Security. A leading online broker was experiencing significant increases in fraud and account misuse resulting in customer dissatisfaction and intensified regulatory scrutiny. New forms of identity theft continued to outpace the customer’s ability to catch fraud at the point of user authentication which meant that it needed a mechanism to detect fraudulent behavior after user sign-on. The customer now uses our ESM platform to monitor and analyze transactions as they occur as part of its overall fraud management system. As a result, the company’s fraud oversight group is now seeing a real-time view of abnormal activity before it has a chance to cause material financial loss, reducing both the firm’s and its customer’s exposure.

Product Development and Technology

We have developed and continue to enhance technologies that underlie three core features incorporated into one or more of our products.

Multi-Vector Correlation

The strengths of our correlation engine are its contextual analysis, mathematical correlation, identity correlation and timestamp and time window analysis techniques.


	•	Contextual Analysis. A core strength of our correlation engine is its ability to separate “white noise” from actionable events. Our correlation engine evaluates, among other considerations, whether the targeted device or application actually exists in the infrastructure, known vulnerabilities of the targeted device or application, the business value of the targeted device or application, whether the potential attack is from a known malicious device and prior history of the source or target.

	•	Mathematical Correlation. Our platform implements classical mathematical correlation models in the context of security events. This allows arbitrary security attributes to be tracked to determine whether they are positively or negatively covariant or independent and allows moving average analyses to be used to flag behavior that has anomalous deviations from a cyclical norm. Moving average analysis compares events to a baseline that automatically adjusts for normal deviations in patterns of activity, eliminating the problem of comparing data for anomalies against an incorrect or fixed baseline.

	•	Identity Correlation. Our correlation engine, using our session list management capabilities, automates identity-related investigations that would normally require exhaustive manual labor to perform. Logged events generally report only low level identifying information, such as a source IP address and a target IP address. In a typical network environment, addresses are constantly reassigned as sessions are initiated and terminated, which makes it difficult, if not impossible, to know which user was using a specific IP address over time. Our correlation engine solves this problem by collecting records from the systems that are performing the dynamic assignments of these addresses, such as dynamic host configuration protocol (DHCP) server logs or VPN logs, and then using that information to analyze the logs from other reporting systems, such as firewalls. This allows our correlation engine to attribute actions originating from a specific device to its owner. For example, our session list manager can track which users accessed a given network node at a given time or over time by tracing events that originated from each relevant device to the user who was logged in at that time, and can list all users logged onto a particular system or accessing a particular asset at the time of an attack.

	•	Timestamp and Time Window Analysis. Event sources typically have wide variations in clock settings, and distributed and complex networking environments can introduce lags in the transmission of event data prior to its receipt by our correlation engine. In order to overcome the varying amounts of delay or latency in the release or receipt of data from event sources, and the clock drift or inaccuracy in the timestamps reported, our software captures multiple timestamps for every received event and normalizes them to a standard time zone, while also retaining the original timestamp. It then applies proprietary time discrepancy detection techniques, and performs both manual and automatic clock drift corrections, as necessary, to align the events for more accurate correlation. Our correlation engine is designed to accurately match time-bounded sequences of events that occur across sliding time windows, such as a specified number of failed logins within a specified period.

Scalable Architecture

We designed the architecture of our ESM platform so that it can scale and adjust to the ongoing needs of an organization.


	•	Cross-Platform. Our products operate on multiple platforms, including multiple versions of the Linux, UNIX, Windows, Solaris and AIX operating systems.

	•	Modular Connector Design. We have used a modular framework in the design of our connectors, separating the information that describes the unique features of each data source from the components that provide functionality that can be shared across multiple connectors, such as encryption or compression capabilities. This allows for efficient development of new connectors or modification of existing connectors, as any new functionality added to new or existing connectors can be concurrently propagated to all connectors.


	•	Multi-Manager Scaling. We designed our ESM architecture to allow multiple instances of ArcSight Manager to be deployed on servers centrally located or distributed across an enterprise where the geographic distribution of infrastructure assets or the number of event sources and resulting volume of event data warrants in order to achieve the desired level of performance. These can then communicate with each other in either a peer-to-peer or hierarchical configuration to perform correlation, for instance allowing geographically dispersed ArcSight Managers to act as concentrators and forward information to one or more central ArcSight Managers. Consistent with this architectural approach, our connectors can communicate with multiple ArcSight Managers simultaneously, locally cache events if an ArcSight Manager is not available, and switch primary ArcSight Managers in the event of a failure. Further, decentralizing the work of translation, categorization and normalization to our connectors allows our architecture to be more scalable, since ArcSight Manager is shielded from the incremental data preparation work as the number of event sources increases.

	•	In-Memory Correlation and Flexible Storage. We built an architecture that takes incoming event data as it arrives and performs real-time correlation directly in system memory, while simultaneously sending both the original event stream and the correlated output to persistent storage for archiving purposes. This allows us to correlate, display and store thousands of incoming events per second, while also retaining huge volumes of event data, and allowing quick availability to support forensic investigation. Our ESM platform also has been designed to allow a user to input a start time and end time to select events from an archive, such as ArcSight Logger, and then re-stream the selected events back through our correlation engine, applying any subsequently introduced correlation rules, and display the resulting analysis as if the events were occurring in real-time. Our Logger product employs a storage management system designed to improve disk utilization for long term storage and the speed of data retrieval for pattern analysis or investigative purposes by eliminating the disk fragmentation that typically accompanies the storage and archiving of large volumes of data on standard disk drives. Through the use of proprietary technology, disk space that is made available by data that has been deleted or archived is automatically reused without the need to execute disk “cleanup” or other administrative tools.

Vendor Agnostic

We have developed proprietary technologies that are designed to enable deployment of our products in business and technology infrastructures with a wide range of event sources.


	•	Translation, Categorization and Normalization. Our connectors, which are used by both our ESM and Logger products, analyze dozens of fields or attributes in the event data and translate this data into a common taxonomy. In addition, we use this data to create six additional fields with our categorized threat taxonomy information, including the type of object being acted upon, the type of behavior being performed, what is known about the outcome of the reported event, the priority level of the event, the type of event source reporting the activity and the significance of the activity. Additionally, different vendors often will use different scales or vocabulary to describe values for the same type of data. As a result, once data has been categorized, where relevant, our connectors convert the data into a common scale, for example, harmonizing the severity level from a device that rates from 1 to 10 with 1 as most severe with a device that rates from 1 to 7 with 7 as most severe to a device that uses words to describe severity, while also preserving the original score or value. This allows customers to switch, for example, from one brand of IDP to another or add new IDPs from other vendors (whether by procurement, merger or otherwise) without having to rewrite the standard ESM or customer-authored correlation rules. In addition to facilitating correlation, our translation, categorization and normalization capabilities allow ArcSight Manager to align data from many heterogeneous event sources so that they can be meaningfully compared and queried systematically without having to design the queries to address the specifics of how the event sources are reporting information. We use a similar abstraction approach with TRM and NCM to program responses and reconfiguration rules once, and have them transparently operate in any equipment environment, sorting out the relevant details and sending the right commands to the appropriate event sources.

	•	Common Event Format (CEF). We created and are promoting the adoption of a common format for event sources to output their log data. Any event source that outputs data in this format can be integrated with our

platform without modification through our pre-packaged CEF-compatible connector. As a result, adoption of our CEF enables third-party vendors to more readily sell their devices and applications into our customer base. It also provides internal developers at our customers a simpler pathway for providing event data from their custom applications to our ESM software.

Customers

As of April 30, 2007, we have sold our products to more than 350 customers in a broad range of industries. Our customers include companies in the Fortune Top 5 of the aerospace and defense, energy and utilities, financial services, food production and services, healthcare, high technology, insurance, media and entertainment, retail and telecommunications industries, and more than 20 major U.S. government agencies. No customer accounted for more than 10% of our revenues during fiscal 2006 and 2007. Our top ten customers accounted for 32% and 31% of our product revenues during fiscal 2006 and 2007, respectively.

Research and Development

Building on our history of innovation, we believe that continued and timely development of new products and enhancements to our existing products are necessary to maintain our competitive position. Accordingly, we have invested, and intend to continue to invest, significant time and resources in our research and development activities to extend our technology leadership. At present, our research and development efforts are focused on improving and broadening the capability of each of our major product lines and developing additional products. We work closely with our customers as well as technology partners to understand their emerging requirements and use cases for our products. As of April 30, 2007, our research and development team had 89 employees. Our research and development expenses were $7.6 million, $12.2 million and $14.5 million during the fiscal years ended April 30, 2005, 2006 and 2007, respectively.

Sales and Marketing

We market and sell our software through our direct sales organization and indirectly through value added resellers and systems integrators. Historically, the majority of our sales are made through our direct sales organization. We structure our sales organization by function, including direct and channel sales, strategic accounts, technical pre-sales, customer and sales operations, and by region, including Americas, U.S. Federal, EMEA and APAC. As of April 30, 2007, we had 104 employees in our sales and marketing organizations.

The selling process for ArcSight ESM follows a typical enterprise software sales cycle that involves one or more of our direct sales representatives, even when a channel partner is involved. The sales cycle for an initial sale normally takes from three to six months, but can extend up to over a year for certain sales, from the time of initial prospect qualification to consummation and typically includes product demonstrations and proof of concepts. We deploy a combination of field account management supported by technical pre-sales specialists to manage the activities from qualification through close. After initial deployment, our sales personnel focus on ongoing account management and follow-on sales. To assist our customers with reaching their business and technical goals for their implementations of our products, our Customer Success Ownership, or CSO, organization meets with customers to determine their success criteria and to help formulate both short and long term plans for their deployments of our products. We also have assigned specific sales personnel to our larger, more diverse and often global customers in order to understand their individual needs and increase customer satisfaction. Historically, we used our channel partners to support direct sales of our ESM platform products. In part to address the mid-market, we are currently investing resources to develop channel partners that will operate more independently. To this end, we recently created a dedicated channel team in each of our geographic regions responsible for recruiting, managing and supporting our channel partners.

We focus our marketing efforts on building brand awareness and on customer lead generation, including advertising, cooperative marketing, public relations activities, web-based seminars and targeted direct mail and e-mail campaigns. We also are building our brand through articles contributed in various trade magazines, public speaking opportunities and international, national and regional trade show participation. We reinforce our brand and loyalty among our customer base with our annual users conference.

Competition

Our primary product is our ArcSight ESM software platform, the key elements of which are the ESM Manager, the connectors and related toolkit for the creation of custom connectors and our Consoles that serve as the platform interface. In addition, we offer complementary software for our ESM platform that delivers pre-packaged analytics and reports tailored to specific security and compliance initiatives, and have recently introduced our complementary TRM, Logger and NCM appliances that assist our customers in threat response, log archiving and network configuration.

We believe that the market for a security and compliance management software platform that collects and correlates event data from across a heterogeneous IT infrastructure, which we are addressing with ArcSight ESM, is a developing market. Existing competitors for a platform-wide solution such as this product primarily are specialized, privately held companies, such as Intellitactics and NetForensics, as well as larger companies such as CA and Symantec, and EMC, IBM and Novell, through their acquisitions of Network Intelligence, Micromuse and Consul, and e-Security, respectively. A greater source of competition is represented by the custom efforts undertaken by potential customers to analyze and manage the information produced from their existing devices and applications to identify and remediate threats. In addition, some organizations have outsourced these functions to managed security services providers.

In addition to our existing competitors for our ESM platform, we believe that we face potential competition from a wide variety of sources that could become effective competitors. Many large, integrated software companies offer suites of products that include software applications for security and compliance and enterprise management. In addition, hardware vendors, including diversified, global concerns, offer products that address other security and compliance needs of the enterprises and government agencies that comprise our target market. If and to the extent that the market for our software platform continues to grow, we expect that large software and hardware vendors may seek to enter this market, either by way of the organic development of a competing product line or through the acquisition of a competitor.

For our ESM platform, we believe that we compete principally on the basis of functionality, analytical capability, scalability, interoperability with other components of the network and business infrastructure, and customers’ ability to successfully and rapidly deploy the product. We believe that we compete favorably with our existing competitors with respect to these factors.

The market for our TRM, Logger and NCM products is also competitive. We have limited experience with the sales of these products, and we expect that to be successful in addressing these markets we will need to work effectively with channel partners. We are unable to predict the extent to which we will be successful selling these products independently of sales of our ESM platform. Further, we may be at a disadvantage in dealing with our channel partners who also may have relationships with large competitors who offer a wide variety of products through the channel.

Competitors for sales of our TRM and NCM products include privately-held companies, such as Alterpoint and Voyence; larger providers of IT automation software products, such as Opsware, which Hewlett-Packard has agreed to acquire; and diversified IT security vendors. Current competitors for sales of our Logger product include specialized, privately-held companies, such as LogLogic and Sensage. In addition to these current competitors, we expect to face competition for our appliance products from both existing large, diversified software and hardware companies, from specialized, smaller companies and from new companies that may seek to enter this market. The primary competitive factors for our appliance products are functionality, price, scalability, interoperability with other components of the network and customers’ ability to successfully and rapidly deploy the product. We believe that we currently compete favorably with respect to these factors.

Mergers, acquisitions or consolidations by and among actual and potential competitors present heightened competitive challenges to our business. We believe that this trend toward consolidation in our industry will continue and may increase the competitive pressures we face on all our products. Further, continued industry consolidation may impact customers’ perceptions of the viability of smaller or even medium-sized software firms and consequently customers’ willingness to purchase from such firms.

Increased competition could result in fewer customer orders, price reductions, reduced gross margins and loss of market share. Many of our existing and potential competitors enjoy substantial competitive advantages, such as wider geographic presence, access to larger customer bases and the capacity to leverage their sales efforts and marketing expenditures across a broader portfolio of products, and substantially greater financial, technical and other resources. As a result, they may be able to adapt more quickly and effectively to new or emerging technologies and changing opportunities, standards or customer requirements. In addition, large competitors, such as integrated software companies and diversified, global hardware vendors, may regularly sell enterprise-wide and other large software applications, or large amounts of infrastructure hardware, to, and may have more extensive relationships within, large enterprises and government agencies worldwide, which may provide them with an important advantage in competing for business with those potential customers. These companies may also offer a large array of security or software products or may be able to offer products or functionality similar to ours at a more attractive price than we can by integrating or bundling them with their other product offerings. In addition, if our target market continues to grow small, highly specialized competitors may continue to emerge.

Intellectual Property

Our intellectual property is an essential element of our business. We use a combination of copyright, patent, trademark, trade secret and other intellectual property laws, confidentiality agreements and license agreements to protect our intellectual property. It is our policy that our employees and independent contractors involved in development are required to sign agreements acknowledging that all inventions, trade secrets, works of authorship, developments and other processes generated by them on our behalf are our property, and assigning to us any ownership that they may claim in those works. Despite our precautions, it may be possible for third parties to obtain and use without consent intellectual property that we own or license. Unauthorized use of our intellectual property by third parties, and the expenses incurred in protecting our intellectual property rights, may adversely affect our business.

We have two issued patents and 30 patent applications in the United States, including three provisional applications. We also have 11 patent applications in foreign countries, based on two of the patent applications in the United States. We do not know whether any of our remaining patent applications will result in the issuance of a patent or whether the examination process will require us to narrow our claims, except that some of our patent applications have received office actions and in some cases we have modified the claims. Any patents that may be issued to us may be contested, circumvented, found unenforceable or invalidated, and we may not be able to prevent third parties from infringing them. Therefore, the exact effect of having a patent cannot be predicted with certainty.

From time to time, we may encounter disputes over rights and obligations concerning intellectual property. Although we believe that our product offerings do not infringe the intellectual property rights of any third party, we cannot be certain that we will prevail in any intellectual property dispute. If we do not prevail in these disputes, we may lose some or all of our intellectual property protection, be enjoined from further sales of our products that are determined to infringe the rights of others, and/or be forced to pay substantial royalties to a third party, any of which would adversely affect our business, financial condition and results of operations.

Employees

As of April 30, 2007, we had a total of 287 employees, consisting of 104 employees in sales and marketing, 89 employees in research and development, 36 employees in professional services, 26 in support and 32 in general and administrative functions. A total of 38 employees are located outside the United States. None of our employees is represented by a union or covered by a collective bargaining agreement. We consider our employee relations to be good and have never experienced a work stoppage.

Legal Proceedings

From time to time, we may be subject to legal proceedings and claims in the ordinary course of business. We are not currently a party to any material legal proceedings.

MANAGEMENT

Executive Officers and Directors

The following table provides information regarding our executive officers and directors as of September 1, 2007:


Name	Age		Position(s)

Executive Officers:
Robert W. Shaw		60	Chief Executive Officer and Chairman of the Board of Directors
Hugh S. Njemanze		50	Founder, Chief Technology Officer and Executive Vice President of Research and Development
Thomas Reilly		45	President and Chief Operating Officer
Stewart Grierson		41	Chief Financial Officer
Kevin P. Mosher		50	Senior Vice President of Worldwide Field Operations
Reed T. Henry		44	Senior Vice President of Marketing and Business Development
Lawrence F. Lunetta		55	Vice President of Strategy
Trâm T. Phi		36	Vice President, General Counsel and Secretary
Other Directors:
Sandra Bergeron		49	Director
William P. Crowell(2)(3)		66	Director
E. Stanton McKee, Jr.(1)(3)		63	Director
Craig Ramsey(2)		61	Director
Scott A. Ryles(1)(3)		48	Director
Ted Schlein(2)		43	Director
Ernest von Simson(1)(3)		69	Director


(1)		Member of the Audit Committee.

(2)		Member of the Compensation Committee.

(3)		Member of the Nominating and Corporate Governance Committee.

Robert W. Shaw has served as our Chairman and Chief Executive Officer since August 2001, and also served as our President until August 2007. From 1998 until its acquisition in 2001 by Whitman-Hart, Inc., Mr. Shaw served as Chief Executive Officer of USWeb Corporation, a provider of Internet professional services. From 1992 to 1998, Mr. Shaw served as Executive Vice President of worldwide consulting services and vertical markets for Oracle Corporation, a provider of enterprise software. Mr. Shaw holds a B.B.A. in finance from the University of Texas, Austin.

Hugh S. Njemanze co-founded ArcSight in May 2000 and has served as our Executive Vice President of Research Development and Chief Technology Officer since March 2002. From 1993 to 2000, Mr. Njemanze served in various positions at Verity, Inc., a provider of knowledge retrieval software products, most recently as its Chief Technology Officer. He holds a B.S. in computer science from Purdue University.

Thomas Reilly has served as our Chief Operating Officer since November 2006 and as our President since August 2007. From April 2004 to November 2006, Mr. Reilly served as Vice President of Business Information Services of IBM. From November 2000 until its acquisition in April 2004 by IBM, Mr. Reilly served as Chief

Executive Officer of Trigo Technologies, Inc., a product information management software company. He holds a B.S. in mechanical engineering from the University of California, Berkeley.

Stewart Grierson has served as our Chief Financial Officer since October 2004 and also served as our Vice President of Finance from March 2003 to April 2007. In addition, from January 2003 to January 2006, he served as our Secretary. From 1999 to July 2002, Mr. Grierson served in several positions for ONI Systems Corp., a provider of optical communications equipment, including most recently as Vice President and Corporate Controller. From 1992 to 1999, he served in various roles in the audit practice at KPMG LLP. He holds a B.A. in economics from McGill University and is a chartered accountant.

Kevin P. Mosher has served as our Senior Vice President of Worldwide Field Operations since March 2004. From May 2002 to March 2003, Mr. Mosher served as the President and Chief Operating Officer of Rapt Inc., a provider of pricing and profitability management solutions. From 1997 to 2001, Mr. Mosher served as Senior Vice President of Sales at Portal Software, Inc., a provider of billing and customer management solutions. He also serves as a director of a private company. Mr. Mosher holds a B.A. in economics from the University of Connecticut.

Reed T. Henry has served as our Senior Vice President of Marketing and Business Development since May 2007. From 2001 to August 2005, Mr. Henry served in several positions for SeeBeyond Technology Corporation, a provider of enterprise integration software, including most recently as Senior Vice President, Marketing, Alliances and Business Development and previously as Senior Vice President, Professional Services, Customer Support and Alliances. Following the acquisition of SeeBeyond by Sun Microsystems, Inc. in August 2005, Mr. Henry served in the same role for Sun Microsystems until October 2005. Prior to SeeBeyond, Mr. Henry served as Vice President of Strategy and New Business at eBay, Inc., an internet auction company, and as Vice President of Marketing and Product Management for Vertical Networks, Inc., a provider of integrated voice/data communications platforms and associated computer telephony applications, which he co-founded in 1996. Mr. Henry holds a B.S. in electrical engineering from the University of Washington, an M.S. in electrical engineering from the California Institute of Technology and an M.B.A. from Stanford University Graduate School of Business.

Lawrence F. Lunetta has served as our Vice President of Strategy since February 2006. From September 2004 to February 2006, Mr. Lunetta served as our Chief Customer Officer. From September 2001 to September 2004, he served as our Vice President of Marketing. From April 2001 to September 2001, Mr. Lunetta served as Chief Operating Officer of EPAC Technologies, Inc., a software company. He holds a B.S. in electrical engineering from Rutgers University and an M.S. in engineering and an M.B.A. from Arizona State University.

Trâm T. Phi has served as our Vice President, General Counsel and Secretary since January 2006. From September 2002 to May 2005, Ms. Phi served in various positions at InVision Technologies, Inc., a manufacturer of explosives detection systems, most recently as Senior Vice President and General Counsel, including following the acquisition of InVision by General Electric Company in December 2004. From 1995 to September 2002, she was an associate at Fenwick & West LLP, a high technology law firm. Ms. Phi holds a B.A. in political science from San Jose State University and a J.D. from the University of California, Berkeley, School of Law (Boalt Hall).

Sandra Bergeron has served as a director since May 2006. Since June 2005, Ms. Bergeron has served as a Venture Advisor to Trident Capital, a venture capital firm. From 2001 to December 2004, Ms. Bergeron served in various positions at McAfee, Inc., a software security company, most recently as Executive Vice President of Mergers/Acquisitions and Corporate Strategy. Ms. Bergeron currently serves as a director of several private companies. She holds a B.B.A. in information systems from Georgia State University and an M.B.A. from Xavier University, Cincinnati.

William P. Crowell has served as a director since March 2003. Since February 2003, Mr. Crowell has worked as an independent consultant in the areas of information technology, security and intelligence systems and serves as Chairman of the Senior Advisory Group to the Director of National Intelligence. He served as President and Chief Executive Officer of Cylink Corporation, a provider of network security solutions, from 1998 until its acquisition by SafeNet, Inc. in February 2003. Prior to Cylink, Mr. Crowell worked at the National Security Agency, where he held a series of senior executive positions, including Deputy Director of Operations and Deputy Director of the NSA. He also serves as a director of several private companies. Mr. Crowell holds a B.A. in political science from Louisiana State University.

E. Stanton McKee, Jr. has served as a director since February 2005. From 1989 until his retirement in November 2002, Mr. McKee served in various positions at Electronic Arts Inc., a developer and publisher of interactive entertainment, most recently as Executive Vice President and Chief Financial and Administrative Officer. He also serves as a director of LeapFrog Enterprises, Inc., a provider of technology-based educational products, and of a private company. Mr. McKee holds a B.A. in political science from Stanford University and an M.B.A. from Stanford University Graduate School of Business.

Craig Ramsey has served as a director since October 2002. From July 2003 to September 2004, Mr. Ramsey served as Chief Executive Officer of Solidus Networks Inc. (doing business as Pay By Touch), a provider of authentication and payment processing services. From 1996 to 2000, Mr. Ramsey served as Senior Vice President, Worldwide Sales, of Siebel Systems, Inc., a provider of eBusiness applications. From 1994 to 1996, Mr. Ramsey served as Senior Vice President, Worldwide Sales, Marketing and Support for nCube Corporation, a maker of massively parallel computers. From 1968 to 1994, Mr. Ramsey held various positions with Oracle Corporation, Amdahl Corporation and IBM. He also serves as a director of salesforce.com, inc., a provider of customer relationship management services, and of several private companies. Mr. Ramsey holds a B.A. in economics from Denison University.

Scott A. Ryles has served as a director since November 2003. Mr. Ryles has served as Vice Chairman of Cowen and Company, LLC, an investment banking firm, since February 2007. From December 2004 to September 2006, he served as Chief Executive Officer of Procinea Management LLC, a private equity firm. From 1999 to 2001, Mr. Ryles served as Chief Executive Officer of Epoch Partners, Inc., an investment bank, until its acquisition by The Goldman Sachs Group, Inc. Prior to then, Mr. Ryles served as a Managing Director of Merrill Lynch & Co., Inc. Mr. Ryles holds a B.A. in economics from Northwestern University.

Ted Schlein has served as a director since March 2002. Mr. Schlein has served as a partner at Kleiner Perkins Caufield & Byers, a venture capital firm, since 1996. From 1986 to 1996, Mr. Schlein served in various executive positions at Symantec Corporation, a provider of Internet security technology and business management technology solutions, most recently as Vice President of Enterprise Products. He currently serves as a director of several private companies. Mr. Schlein holds a B.A. in economics from the University of Pennsylvania.

Ernest von Simson has served as a director since October 2002. Mr. von Simson has served as the President of Ostriker von Simson, Inc., an information technology consulting firm, since 1999. He also served as a senior partner of Cassius Advisors, an emerging technology consulting firm, from 1999 to January 2006. Prior to then, Mr. von Simson served as a Senior Partner at The Research Board, a company that assists large companies with their information technology strategies. He currently serves as a director of two private companies. Mr. von Simson holds a B.A. in international relations from Brown University and an M.B.A. from New York University.

Our executive officers are elected by, and serve at the discretion of, our board of directors. There are no family relationships among any of our directors or executive officers.

Board of Directors

Under our restated bylaws that will become effective immediately following the completion of this offering, our board of directors may set the authorized number of directors. Each director currently serves until our next annual meeting or until his or her successor is duly elected and qualified. Upon the completion of this offering, our common stock will be listed on The NASDAQ Global Market. The rules of The NASDAQ Stock Market require that a majority of the members of our board of directors be independent within specified periods following the completion of this offering. We believe that seven of our directors are independent as determined under the rules of The NASDAQ Stock Market: Ms. Bergeron and Messrs. Crowell, McKee, Ramsey, Ryles, Schlein and von Simson.

Pursuant to a voting agreement entered into on October 24, 2002, Messrs. Schlein and Shaw were appointed to our board of directors by certain of our investors. As of the date of this prospectus, Messrs. Schlein and Shaw continue to serve on our board of directors and will continue to serve as directors until their resignation or until their successors are duly elected by the holders of our common stock, despite the fact that the voting agreement will terminate upon the completion of this offering.

Immediately following the completion of this offering, we will file our restated certificate of incorporation. We anticipate that the restated certificate of incorporation will divide our board of directors into three classes, with staggered three-year terms:


	•	Class I directors, whose initial term will expire at the annual meeting of stockholders to be held in 2008;

	•	Class II directors, whose initial term will expire at the annual meeting of stockholders to be held in 2009; and

	•	Class III directors, whose initial term will expire at the annual meeting of stockholders to be held in 2010.

At each annual meeting of stockholders after the initial classification, the successors to directors whose terms have expired will be elected to serve from the time of election and qualification until the third annual meeting following election. Upon the completion of this offering, the Class I directors will consist of , and ; the Class II directors will consist of , , and ; and the Class III directors will consist of and . As a result, only one class of directors will be elected at each annual meeting of our stockholders, with the other classes continuing for the remainder of their respective three-year terms.

In addition, we intend to restate our bylaws upon the completion of this offering to provide that only our board of directors may fill vacancies on our board of directors until the next annual meeting of stockholders. Any additional directorships resulting from an increase in the number of directors will be distributed among the three classes so that, as nearly as possible, each class will consist of one-third of the total number of directors.

This classification of our board of directors and the provisions described above may have the effect of delaying or preventing changes in our control or management. See “Description of Capital Stock—Anti-Takeover Provisions—Restated Certificate of Incorporation and Restated Bylaw Provisions.”

Board Committees

Our board of directors has an audit committee, a compensation committee and a nominating and corporate governance committee, each of which has the composition and responsibilities described below as of the completion of this offering. Members serve on these committees until their resignations or until otherwise determined by our board of directors.

Audit Committee

Our audit committee is comprised of Mr. McKee, who is the chair of the audit committee, and Messrs. Ryles and von Simson. The composition of our audit committee meets the requirements for independence under the current NASDAQ Stock Market and SEC rules and regulations. Each member of our audit committee is financially literate. In addition, our audit committee includes a financial expert within the meaning of Item 407(d)(5)(ii) of Regulation S-K promulgated under the Securities Act of 1933, or the Securities Act. All audit services to be provided to us and all permissible non-audit services to be provided to us by our independent registered public accounting firm will be approved in advance by our audit committee. We anticipate that our audit committee will recommend, and our board of directors will adopt, an amended and restated charter for our audit committee, which will be posted on our website. We anticipate that our audit committee, among other things, will:


	•	select a firm to serve as the independent registered public accounting firm to audit our financial statements;

	•	help to ensure the independence of the independent registered public accounting firm;

	•	discuss the scope and results of the audit with the independent registered public accounting firm, and review, with management and that firm, our interim and year-end operating results;

	•	develop procedures for employees to submit anonymously concerns about questionable accounting or audit matters;

	•	consider the adequacy of our internal accounting controls and audit procedures; and

	•	approve or, as permitted, pre-approve all audit and non-audit services to be performed by the independent registered public accounting firm.

Compensation Committee

Our compensation committee is comprised of Mr. Ramsey, who is the chair of the compensation committee, and Messrs. Crowell and Schlein. The composition of our compensation committee meets the requirements for independence under the current NASDAQ Stock Market and SEC rules and regulations. The purpose of our compensation committee is to discharge the responsibilities of our board of directors relating to compensation of our executive officers. We anticipate that our compensation committee will recommend, and our board of directors will adopt, an amended and restated charter for our compensation committee. We anticipate that our compensation committee, among other things, will:


	•	review and determine the compensation of our executive officers and directors;

	•	administer our stock and equity incentive plans;

	•	review and make recommendations to our board of directors with respect to incentive compensation and equity plans; and

	•	establish and review general policies relating to compensation and benefits of our employees.

Nominating and Corporate Governance Committee

Our nominating and corporate governance committee is comprised of Mr. von Simson, who is the chair of the nominating and corporate governance committee, and Messrs. Crowell, McKee and Ryles. The composition of our nominating and corporate governance committee will meet the requirements for independence under the current NASDAQ Stock Market and SEC rules and regulations. Our nominating and corporate governance committee has recommended, and we anticipate that our board of directors will adopt, an amended and restated charter for our nominating and corporate governance committee. We anticipate that our nominating and corporate governance committee, among other things, will:


	•	identify, evaluate and recommend nominees to our board of directors and committees of our board of directors;

	•	conduct searches for appropriate directors;

	•	evaluate the performance of our board of directors;

	•	consider and make recommendations to our board of directors regarding the composition of our board of directors and its committees;

	•	review related party transactions and proposed waivers of the code of conduct;

	•	review developments in corporate governance practices; and

	•	evaluate the adequacy of our corporate governance practices and reporting.

Compensation Committee Interlocks and Insider Participation

During fiscal 2007, our compensation committee consisted of Messrs. Ramsey, Schlein and Crowell. None of them has at any time in the last fiscal year been one of our officers or employees, and none has had any relationships with our company of the type that is required to be disclosed under Item 404 of Regulation S-K. None of our executive officers has served as a member of the board of directors, or as a member of the compensation or similar committee, of any entity that has one or more executive officers who served on our board of directors or compensation committee during fiscal 2007.

Director Compensation

The following table provides information for our fiscal year ended April 30, 2007 regarding all plan and non-plan compensation awarded to, earned by or paid to each person who served as a non-employee director for some portion or all of fiscal 2007. Other than as set forth in the table and the narrative that follows it, to date we have not paid any fees to or reimbursed any expenses of our directors, made any equity or non-equity awards to directors, or

paid any other compensation to directors. All compensation that we paid to Mr. Shaw, our only employee director, is set forth in the tables summarizing executive officer compensation below. No compensation was paid to Mr. Shaw in his capacity as a director.


	Option
Name	Awards(1)

Sandra Bergeron(2)	$	78,669
E. Stanton McKee, Jr.(3)		22,600
Scott A. Ryles(4)		746


(1)		In accordance with SEC rules, the amounts in this column represent the amounts that we would have recognized as compensation expense for financial statement reporting purposes for any part of fiscal 2007 in accordance with SFAS 123R in connection with all of the options previously issued to the named director had we applied the modified prospective transition method without reflecting the estimate for forfeitures related to service-based vesting used for financial statement reporting purposes, rather than the prospective transition method actually utilized by us for financial statement reporting purposes. The aggregate grant date fair values, computed in accordance with SFAS 123R, of the option granted to Ms. Bergeron in fiscal 2007 was $363,717. No stock options were granted to the other non-employee directors in fiscal 2007. See note 9 of the notes to our consolidated financial statements for a discussion of all assumptions made in determining the grant date fair values. As of April 30, 2007, each non-employee director holds outstanding options to purchase the following aggregate number of shares: Ms. Bergeron: 391,094; Mr. Crowell: 391,094; Mr. McKee: 391,094; Mr. Ramsey: 391,094; Mr. Ryles: 391,094; and Mr. von Simson: 391,094. Each of these options: (i) is immediately exercisable; (ii) vests as to 1/48^th of the shares of common stock underlying it monthly beginning one month after the vesting start date, except that Ms. Bergeron’s option vests as to 1/4^th of the shares one year after the vesting start date and as to an additional 1/48^th of the shares each month thereafter; and (iii) contains change of control provisions such that all unvested shares vest immediately upon the closing of a change of control transaction.

(2)		In June 2006, we granted Ms. Bergeron an option to purchase 391,094 shares of our common stock at an exercise price of $1.52 per share.

(3)		In February 2005, we granted Mr. McKee an option to purchase 391,094 shares of our common stock at an exercise price of $0.20 per share.

(4)		In January 2004, we granted Mr. Ryles an option to purchase 391,094 shares of our common stock at an exercise price of $0.06 per share.

Following the completion of this offering, we intend to compensate our non-employee directors with a combination of cash and equity as described below.

Cash Compensation

The chairs of the audit committee, the compensation committee and the nominating and corporate governance committee will receive additional annual retainers of $15,000, $10,000 and $5,000, respectively. Each member of the audit committee, the compensation committee and the nominating and corporate governance committee will receive annual retainers of $8,000, $5,000 and $2,500, respectively. We do not pay fees to directors for attendance at meetings of our board of directors and its committees.

Equity Compensation

Each non-employee director who becomes a member of our board of directors after this offering will be granted an initial option to purchase 45,000 shares of our common stock upon election to our board of directors. On the date of each annual stockholder meeting subsequent to this offering, each non-employee director who continues to serve on our board of directors immediately following such meeting will automatically be granted an option to purchase 41,500 shares of our common stock (subject to pro-ration on a monthly basis in the event the non-employee director has not served an entire year on the board of directors since the last stock option grant to such non-employee director). Each option will have an exercise price equal to the fair market value of our common stock

on the date of grant, will have a 10-year term and will terminate 90 days following the date the director ceases to serve on the board of directors for any reason other than death or disability, and 12 months following that date if the termination is due to death or disability. Each initial grant vests and becomes exercisable as to 1/36^th of the shares each month after the grant date over three years. Each annual grant vests and becomes exercisable as to 1/12^th of the shares each month after the grant date over one year.

Executive Compensation

Compensation Discussion and Analysis

The following discussion and analysis of compensation arrangements of our executive officers should be read together with the compensation tables and related disclosures set forth below. This discussion contains forward-looking statements that are based on our current plans, considerations, expectations and determinations regarding future compensation programs. The actual amount and form of compensation and the compensation programs that we adopt may differ materially from currently planned programs as summarized in this discussion.

This section discusses the principles underlying our executive compensation policies and decisions and the most important factors relevant to an analysis of these policies and decisions. It provides qualitative information regarding the manner and context in which compensation is awarded to and earned by our executive officers and places in perspective the data presented in the tables and narrative that follow.

Compensation Philosophy and Objectives

Our compensation program for executive officers is designed to attract, as needed, individuals with the skills necessary for us to achieve our business plan, to motivate those individuals, to reward those individuals fairly over time, and to retain those individuals who continue to perform at or above the levels that we expect. It is also designed to link rewards to measurable corporate and individual performance. We believe that the most effective executive compensation program is one that is designed to reward the achievement of specific annual, long-term and strategic goals, and which aligns executives’ interests with those of the stockholders by rewarding performance of established goals, with the ultimate objective of improving stockholder value. We evaluate compensation to ensure that we maintain our ability to attract and retain talented employees in key positions and that compensation provided to key employees remains competitive relative to the compensation paid to similarly situated executives of our peer companies. To that end, we believe executive compensation packages provided by us to our executive officers should include both cash and stock-based compensation that reward performance as measured against established goals.

We work within the framework of our pay-for-performance philosophy to determine each component of an executive’s compensation package based on numerous factors, including:


	•	the individual’s particular background and circumstances, including training and prior relevant work experience;

	•	the individual’s role with us and the compensation paid to similar persons in the companies represented in the compensation data that we review;

	•	the demand for individuals with the individual’s specific expertise and experience at the time of hire;

	•	performance goals and other expectations for the position; and

	•	comparison to other executives within our company having similar levels of expertise and experience.

Role of Executive Officers in Compensation Decisions

Mr. Shaw’s compensation is determined by our board of directors after input from and consultation with our compensation committee, which reviews Mr. Shaw’s performance. The compensation for all other executive officers is determined by our compensation committee after input from and consultation with Mr. Shaw. Mr. Shaw typically provides annual recommendations to the compensation committee and discusses with the compensation committee the compensation and performance of all executive officers, excluding himself, during the first fiscal

quarter. Consistent with our compensation philosophy, each employee’s evaluation begins with a written self-assessment, which is submitted to the employee’s supervisor. The supervisor then prepares a written evaluation based on the employee’s self-assessment, the supervisor’s own evaluation of the employee’s performance and input from others within the company. Mr. Shaw bases his recommendations in part upon annual performance reviews of our executive officers, including a review of self-evaluations prepared by such executive officers and supervisor reviews when the executive officers report to someone other than Mr. Shaw. Our compensation committee may exercise its discretion in modifying any recommended compensation adjustments or awards to executives. In addition, compensation committee meetings typically have included, for all or a portion of each meeting, not only the committee members but also Mr. Grierson, Ms. Phi and Gail Boddy, the head of our human resources department.

Components of Executive Compensation

Our executive officers’ compensation currently has three primary components – base compensation or salary, initial stock option awards granted pursuant to our 2002 Stock Plan, which is described below under “—Employee Benefit Plans,” and cash bonuses and stock option awards under a performance-based bonus plan. We fix executive officer base compensation at a level we believe enables us to hire and retain individuals in a competitive environment and to reward satisfactory individual performance and a satisfactory level of contribution to our overall business goals. We also take into account the base compensation that is payable by companies that we believe to be our competitors and by other private and public companies with which we believe we generally compete for executives. To this end, we review a number of executive compensation surveys of high technology companies located in the San Francisco Bay Area annually when we review executive compensation. We utilize salary as the base amount necessary to match our competitors for executive talent. We designed our executive bonus plan to focus our management on achieving key corporate financial objectives, to motivate desired individual behaviors and to reward substantial achievement of these company financial objectives and individual goals. We utilize cash bonuses under our bonus plan to reward performance achievements with a time horizon of one year or less, and similarly, we utilize equity grants under our bonus plan to provide additional long-term rewards for short term performance achievements to encourage similar performance over a longer term. We utilize initial and refresh stock options to reward long-term performance, with strong corporate performance and extended officer tenure producing potentially significant value for the officer.

We view these components of compensation as related but distinct. Although our compensation committee does review total compensation, we do not believe that significant compensation derived from one component of compensation should negate or reduce compensation from other components. We determine the appropriate level for each compensation component based in part, but not exclusively, on competitive benchmarking consistent with our recruiting and retention goals, our view of internal equity and consistency and other considerations we deem relevant, such as rewarding extraordinary performance. We believe that, as is common in the technology sector, stock option awards are the primary compensation-related motivator in attracting and retaining employees and that salary and bonus levels are secondary considerations to most employees, including our executive officers.

Our compensation committee’s current intent is to perform at least annually a strategic review of our executive officers’ compensation levels to determine whether they provide adequate incentives and motivation to our executive officers and whether they adequately compensate our executive officers relative to comparable officers in other companies with which we compete for executives. These companies may or may not be public companies or even in all cases technology companies.

In March 2007, our compensation committee retained Compensia, a compensation consulting company, to help evaluate our compensation philosophy and provide guidance in administering our compensation program in the future. Following the completion of our initial public offering, our compensation committee anticipates adopting more formal and structured compensation policies and programs. On an annual basis, our compensation committee plans to have our compensation consultant provide market data on a peer group of companies in the technology sector and we intend to benchmark this information and other information obtained by the members of our compensation committee against the compensation we offer to ensure that our compensation program is competitive. Our compensation committee plans to have our compensation consultant provide market data for consideration in establishing annual salary increases and additional stock grants.

We account for equity compensation paid to our employees under the rules of SFAS 123R, which requires us to estimate and record an expense over the service period of the award. Accounting rules also require us to record cash compensation as an expense at the time the obligation is accrued. Unless and until we achieve sustained profitability, the availability to us of a tax deduction for compensation expense will not be material to our financial position. We structure cash bonus compensation so that it is taxable to our executives at the time it is paid to them. We currently intend that all cash compensation paid will be tax deductible for us. However, with respect to equity compensation awards, while any gain recognized by employees from nonqualified options should be deductible, to the extent that an option constitutes an incentive stock option, gain recognized by the optionee will not be deductible if there is no disqualifying disposition by the optionee. In addition, if we grant restricted stock or restricted stock unit awards that are not subject to performance vesting, they may not be fully deductible by us at the time the award is otherwise taxable to the employee.

Base Compensation

Our compensation committee generally consults executive compensation surveys that provide industry data to better inform its determination of the key elements of our compensation program in order to develop a compensation program that it believes will enable us to effectively compete for new employees and retain existing employees. In fiscal 2007, our compensation committee utilized data from a Radford Benchmark Survey obtained by our human resources department in order to determine competitive salary levels. This industry data consists of salaries and other compensation paid by companies in our peer group to executives in positions comparable to those held by our executive officers. This peer group consists of software companies nationally with revenues of up to $200 million. A random sample of the companies represented in the calendar year 2007 Radford Benchmark Survey of software companies with revenues up to $200 million includes Agile Software, Dicarta, E2Open, Entrust, Matrix One, Micromuse, Mitchell International, Navimedix, Open TV, PDF Solutions, Peregrine Systems and Zantaz. We believe that this peer group is representative of companies in our size range and industry that are a fair representation of the employment market in which we compete. While we compete for executive talent to some degree with companies that have revenues significantly in excess of $200 million, we believe that the companies represented in the survey similarly compete with such larger companies and hence are an appropriate comparison for our employment market. Our compensation committee realizes that using a benchmark may not always be appropriate, but believes that it is the best alternative at this point in the life cycle of our company. In addition to benchmarking studies, our compensation committee has historically taken into account input from other sources, including input from the members of the compensation committee (as well as any input that may be offered by other independent members of the board of directors) and publicly available data relating to the compensation practices and policies of other companies within and outside of our industry.

Our compensation committee typically sets executive officers’ salaries at a level that was at or near the median of salaries of executives with similar roles at comparable pre-public and small public companies. Our compensation committee believes that the median for base salaries is the minimum cash compensation level that would allow us to attract and retain talented officers. In instances where an executive officer is uniquely key to our success, such as Messrs. Shaw and Njemanze, our compensation committee may provide compensation in excess of the median. Our compensation committee’s choice of the foregoing salary target to apply to the data in the compensation surveys reflected consideration of our stockholders’ interests in paying what was necessary, but not significantly more than necessary, to achieve our corporate goals, while conserving cash as much as practicable. We believe that, given the industry in which we operate and the corporate culture that we have created, base compensation at this level is generally sufficient to retain our existing executive officers and to hire new executive officers when and as required.

We annually review our base salaries, and may adjust them from time to time based on market trends, along with the applicable executive officer’s responsibilities, performance and experience. We do not provide formulaic base salary increases to our executive officers. If necessary, we also realign base salaries with market levels for the same positions in companies of similar size to us represented in the compensation data we review, if we identify significant market changes in our data analysis. Additionally, we adjust base salaries as warranted throughout the year for promotions or other changes in the scope or breadth of an executive’s role or responsibilities.

Equity Compensation

In February 2006, in response to Section 409A of the Internal Revenue Code of 1986, as amended, and the proposed regulations issued by the U.S. Internal Revenue Services thereunder, our board of directors hired an independent valuation firm to determine the fair market value of our common stock as of February 1, 2006, and it has sought periodic valuation updates as of November 1, 2006, March 15, 2007 and June 1, 2007. All equity awards to our employees, including executive officers, and to our directors have been granted and reflected in our consolidated financial statements, based upon the applicable accounting guidance, at fair market value on the grant date in accordance with the valuation determined by our independent, outside valuation firm. We do not have any program, plan or obligation that requires us to grant equity compensation on specified dates and, because we have not been a public company, we have not made equity grants in connection with the release or withholding of material non-public information. It is possible that we will establish programs or policies of this sort in the future, but we do not expect to do so prior to this offering. Authority to make equity grants to executive officers rests with our compensation committee, although, as noted above, our compensation committee does consider the recommendations of Mr. Shaw in connection with grants to other executive officers. Prior to the original engagement of an independent valuation firm, our board of directors determined the value of our common stock based on consideration of a number of relevant factors including the status of our business in light of market conditions, our earnings history and forecasted earnings, the absence of a market for sales of our capital stock and the absence of a significant number of reasonably comparable publicly-traded corporations in the same industry as us, the preferences of our preferred stock, the risks inherent in the development and expansion of our product and services offerings, and other risks normally associated with operating a similarly situated business.

Due to the early stage of our business, we believe that equity awards will incentivize our executive officers to achieve long-term performance because they provide greater opportunities for our executive officers to benefit from any future successes in our business. Consistent with this view, our compensation committee chose to make equity grants based on input from members of the compensation committee (as well as any input that may be offered by other independent members of the board of directors) drawing on their experience as directors and executives at other companies within and outside of our industry, as well as recommendations from Mr. Shaw. Each executive officer is initially provided with an option grant when they join our company based upon their position with us and their relevant prior experience. These initial grants generally vest over four years and no shares vest before the one year anniversary of the option grant. We spread the vesting of our options over four years to compensate executives for their contribution over a period of time. In addition, one of the initial stock option grants made to Mr. Reilly in connection with his hiring vests as to approximately one quarter of the shares upon the achievement of specified milestones relating to business planning and operations, sales, services and support execution, and company positioning, market and product strategy, during his first year of employment at the company, and if such milestones are achieved the remaining shares vest monthly over the subsequent three years. In the absence of milestone achievement, such stock option will terminate. Authority to make equity-based awards to executive officers rests with our compensation committee, which considers the recommendations of Mr. Shaw.

The value of the shares subject to the fiscal 2007 option grants to named executive officers are reflected in the “Fiscal 2007 Summary Compensation Table” table below and further information about these grants is reflected in the “Fiscal 2007 Grants of Plan-Based Awards” table below.

In 2007, our board of directors adopted a new equity plan, which is described under “—Employee Benefit Plans” below. The 2007 Equity Incentive Plan will replace our existing 2002 Stock Plan immediately following this offering and, as described below, will afford our compensation committee much greater flexibility in making a wide variety of equity awards. Participation in the 2007 Employee Stock Purchase Plan that our board of directors adopted in 2007 will also be available to all executive officers following this offering on the same basis as our other employees. However, any executive officers who are 5% stockholders, or would become 5% stockholders as a result of their participation in our 2007 Employee Stock Purchase Plan, will be ineligible to participate in our 2007 Employee Stock Purchase Plan.

Other than the equity plans described in this section, we do not have any equity security ownership guidelines or requirements for our executive officers and we do not have any formal or informal policies or guidelines for allocating compensation between long-term and currently paid out compensation, between cash and non-cash

compensation or among different forms of non-cash compensation. Other than Messrs. Shaw and Njemanze, our equity compensation plans have provided the principal method for our executive officers to acquire equity or equity-linked interests in our company.

Cash Bonuses Under Our Bonus and Profit Sharing Plans

We pay bonuses annually generally during the first quarter of our fiscal year. We determined not to pay bonuses quarterly or semi-annually because our compensation committee believed an annual orientation was appropriate given the fluctuations in our operating results from quarter to quarter. We base bonuses for executive officers other than Mr. Shaw on two components – revenues and individual contributions as determined by the executive officer’s supervisor. We will pay no bonus unless the revenue component is achieved, regardless of an individual executive officer’s contributions. If the revenue component is achieved, executive officers are eligible to receive bonuses at the target level. However the actual portion of the eligible bonus that is ultimately awarded is determined by our chief executive officer, following evaluation of the executive officer’s contributions by the executive officer’s supervisor where such supervisor is not the chief executive officer. The compensation committee chose revenues because it believed that, as a “growth company,” we should reward revenue growth. While in prior years the compensation committee also included operating margin as a component of the performance targets, the compensation committee determined that it was appropriate to focus on revenues given the additional levels of investment in our sales and marketing and research and development efforts. Thus, the compensation committee considered the chosen metrics to be the best indicators of financial success and stockholder value creation. The individual performance objectives are determined by the executive officer to whom the potential bonus recipient reports. We base bonuses for Mr. Shaw on revenues. Payments of cash bonuses are contingent upon continued employment through the actual date of payment.

Our bonus and profit sharing plan for fiscal 2007 was adopted by our compensation committee in March 2007 to reward all employees of the company, including executive officers. The plan was designed to focus on revenue growth and had a targeted revenues goal of approximately $60.5 million, excluding revenues related to transactions consummated in prior fiscal years, for which revenue recognition was delayed as a result of undelivered elements for which we did not have VSOE. See “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Sources of Revenues, Cost of Revenues and Operating Expenses.” Under this plan, executive officers other than Mr. Mosher received:


	•	no payment unless we achieved 90% of the targeted minimum revenues goal;

	•	a payment of 26.25% of base salary if we achieved at least 90% but less than 100% of the targeted revenues goal;

	•	a payment of 35% of base salary if we achieved 100% but less than 101% of the targeted revenues goal;

	•	a payment of 36.75% of base salary if we achieved at least 101% but less than 105% of the targeted revenues goal;

	•	a payment of 38.75% of base salary if we achieved at least 105% but less than 110% of the targeted revenues goal;

	•	a payment of 42% of base salary if we achieved at least 110% but less than 120% of the targeted revenues goal; and

	•	a payment of 43.75% of base salary if we achieved 120% or more of the targeted revenues goal.

In addition, the bonus and profit sharing plan for fiscal 2007 provided that if we achieved at least 100% of the targeted revenues goal, our executive officers other than Mr. Mosher were eligible for an additional cash bonus pool equal to 17% of our operating margin for fiscal 2007 to be paid on a pro rata basis based on their portion of total bonuses paid to officers, with a cap at 100% of base salary for all payments under both the payments described above and payments under the additional cash bonus pool. As a result of revenue performance in fiscal 2007, our executive officers other than Mr. Mosher were eligible for bonuses under the bonus and profit sharing plan for fiscal 2007 based on achievement up to the level of at least 105% but less than 110%, and no additional amounts were paid

under the additional cash bonus pool, as the bonus and profit sharing bonuses represented the maximum amount payable.

We feel it is more appropriate to tie the additional cash incentives for Mr. Mosher to his revenue-generating efforts and management of the operating expenses and contribution margin for our sales department, rather than tying his additional cash incentives solely to the company-level financial objectives. For this reason, we pay him a quarterly sales commission pursuant to his Sales Commission Plan – FY 2007, rather than the bonus discussed above for other executive officers. Under the plan, Mr. Mosher was entitled to quarterly commission payments based on achievement of quarterly revenues targets, with the potential commission rates structured to incentivize achievement and overachievement of the targets. The quarterly commission rates payable to Mr. Mosher for each portion of achievement or overachievement of his fiscal 2007 quarterly revenues targets in each fiscal quarter were:


Revenues Target Achievement Level	First Quarter		Second Quarter		Third Quarter		Fourth Quarter

Portion of revenues that is up to 100%		0.21%		0.20%		0.17%		0.16%
Portion of revenues that is more than 100% and up to 105%		2.06%		2.00%		1.72%		1.56%
Portion of revenues that is more than 105% and up to 110%		3.12%		3.00%		2.59%		2.34%
Portion of revenues that is more than 110%		4.00%		4.00%		4.00%		4.00%

In addition, under the plan, Mr. Mosher receives an additional commission in the event that he achieves or exceeds his revenues target and either (i) actual operating expenses for the sales department are less than or equal to the sales operating expense target, or (ii) actual contribution margins for the sales department are equal to or greater than the sales contribution margin target. Actual sales contribution margins are determined by subtracting actual sales operating expenses from actual revenues for the quarter. The quarterly commission amounts payable to Mr. Mosher upon achievement of his fiscal 2007 quarterly operating expense or contribution margin targets vary by level of achievement relative to his quarterly revenues target. The potential amounts payable to Mr. Mosher in any fiscal quarter at each revenues target achievement level were:


Revenues Target Achievement Level	Quarterly Amount

Up to 100%	$	7,500
More than 100% and up to 105%	$	11,250
More than 105% and up to 110%	$	16,875
More than 110%	$	22,500

As a result of revenue performance in fiscal 2007, Mr. Mosher was eligible for commissions under his plan based on achievement up to the level of 100% of revenues target for each quarter of fiscal 2007 and for the second, third and fourth quarter for revenues in excess of 100% of target up to 105% of revenues target, and no additional amounts were paid for performance related to the sales operating expenses target and the sales contribution margins target. The sales commission “bonus” for Mr. Mosher is included in the “Fiscal 2007 Summary Compensation Table” under the “Salary” column, rather than in the “Fiscal 2007 Grants of Plan-Based Awards” table under the “Non-Equity Incentive Plan Compensation” column, where we disclose cash bonuses for our other named executive officers.

The “threshold,” “target” and “maximum” bonus amounts that could be earned by each named executive officer in fiscal 2007 are reflected in the “Fiscal 2007 Grants of Plan-Based Awards” table below.

Our annual cash bonuses, as opposed to our equity grants, are designed to more immediately reward our executive officers for their performance during the most recent fiscal year. We believe that the immediacy of these cash bonuses, in contrast to our equity grants which vest over a period of time, provides a significant incentive to our executives towards achieving their respective individual objectives, and thus our company-level objectives. Thus, we believe our cash bonuses are an important motivating factor for our executive officers, in addition to being a significant factor in attracting and retaining our executive officers.

We do not have a formal policy regarding adjustment or recovery of awards or payments if the relevant performance measures upon which they are based are restated or otherwise adjusted in a manner that would reduce the size of the award or payment.

Equity Bonuses Under Our Bonus and Profit Sharing Plans

Our compensation committee believes that granting additional stock options on an annual basis to existing executive officers provides an important incentive to retain executives and rewards them for short-term company performance while also creating long-term incentives to sustain that performance. Under our bonus and profit sharing plan for fiscal 2007, the compensation committee approved a pool of 1,205,620 shares of common stock to be granted during the first quarter of fiscal 2008 to executive officers on the achievement of the targeted revenues goal, and, for the officers other than Mr. Shaw, individual performance objectives, for the reasons described above for cash bonuses. The annual grant to Mr. Shaw is determined by our compensation committee after input from and consultation with the other members of the board of directors. The annual grants to all other executive officers are determined by our compensation committee after input from and consultation with Mr. Shaw. Our compensation committee may exercise its discretion in modifying any recommended adjustments or awards to executives. Equity grants made pursuant to the bonus plan vest over four fiscal years and no shares vest before the first day of the succeeding fiscal year (the fiscal year following the fiscal year in which the options were actually granted). In addition to the annual awards pursuant to our bonus and profit sharing plan, grants of stock options may be made to executive officers following a significant change in job responsibility or in recognition of a significant achievement. The “shares underlying,” “exercise price” and “grant date fair value” of option awards made to each named executive officer in fiscal 2007 are reflected in the “Fiscal 2007 Grants of Plan-Based Awards” table below.

The compensation committee has the discretion to award cash bonuses or equity-based grants outside of our bonus and profit sharing plan. However, the compensation committee did not exercise its discretion in this regard in fiscal 2007.

Severance and Change of Control Payments

When we retained Mr. Shaw in August 2001, we entered into an employment agreement, which was amended initially in August 2004 as the initial term expired and then amended again effective in August 2007 as the term expired for the amended employment agreement. Under our employment agreement and option grant agreements with Mr. Shaw and under the offer letters and option grant agreements with some of our executive officers, we are required to make specified severance payments and accelerate the vesting of equity awards in the event of a termination in connection with a change in control. For quantification of and additional information regarding these severance and change of control arrangements, please see the discussion under “—Employment, Severance and Change of Control Arrangements” below. Our employment agreement and option grant agreements with Mr. Shaw also provide severance and acceleration of vesting if we terminate his employment without cause or if he terminates his employment for good reason. Our board of directors determined to provide these severance and change of control arrangements in order to mitigate some of the risk that exists for executives working in a small, dynamic startup company, an environment where there is a meaningful likelihood that we may be acquired. These arrangements are intended to attract and retain qualified executives that have alternatives that may appear to them to be less risky absent these arrangements, and to mitigate a potential disincentive to consideration and execution of such an acquisition, particularly where the services of these executive officers may not be required by the acquirer.

Perquisites and Other Personal Benefits

Under the terms of our then current employment agreement with Mr. Shaw, we were obligated to pay or reimburse him for the following perquisites and other personal benefits:


	•	an apartment near our corporate headquarters, together with related utilities;

	•	commercial airfare for travel between Mr. Shaw’s residences outside of the San Francisco Bay Area and our corporate headquarters, and an automobile for use when he is in the San Francisco Bay Area, together with related expenses;


	•	life insurance premiums for an insurance policy in the amount of $2.0 million payable to the beneficiary designated by Mr. Shaw;

	•	membership dues for a country club and a yacht club; and

	•	cash in an amount equal to the federal and state income and payroll taxes on the foregoing items.

When we initially retained Mr. Shaw as our chairman, president and chief executive officer in August 2001, we agreed to provide the life insurance and club membership dues described above and to reimburse him for the federal and state income and payroll taxes for such benefits, believing that his retention was critical to our future success and that, as with the level of his base salary, those perquisites were necessary to retain him and provide adequate incentive for his efforts. We also agreed to provide him with four weeks of annual vacation. In 2004, Mr. Shaw relocated his primary residences from the San Francisco Bay Area to Montana and Cabo San Lucas, Mexico for personal reasons as the end of the term of our employment agreement with him approached. Following Mr. Shaw’s relocation, we believed that it was still in our best interests to retain his services and agreed to amend his employment agreement to extend its term, provide the apartment and transportation necessary to enable him to serve with us while having his primary residences outside of the San Francisco Bay Area and to cover the federal and state income and payroll taxes for such additional benefits.

In September 2007, we entered into our current employment agreement with Mr. Shaw, under which he will receive a minimum salary of $414,500, and we are obligated to pay or reimburse him for the following perquisites and other personal benefits:


	•	an apartment near our corporate headquarters, together with related utilities;

	•	commercial airfare for travel between Mr. Shaw’s residences outside of the San Francisco Bay Area and our corporate headquarters, and an automobile for use when he is in the San Francisco Bay Area, provided that the aggregate reimbursement for these items and the apartment and utilities discussed above will not exceed $125,000 in the aggregate in any fiscal year;

	•	life insurance premiums for an insurance policy in the amount of $2.0 million payable to the beneficiary designated by Mr. Shaw; and

	•	cash in an amount equal to the federal and state income and payroll taxes on the foregoing items.

In addition, our employment agreement with Mr. Shaw provides for the severance and change of control benefits described under “—Employment, Severance and Change of Control Arrangements” below. Our prior employment agreement with Mr. Shaw expired in August 2007. Our compensation committee and our board approved the new employment agreement with Mr. Shaw, which expires in August 2009, because they believed that it was in our best interests to retain his services, and agreed to amend his employment agreement to extend its term, subject to amending our compensation arrangement with him to provide the salary, perquisites and benefits described above.

Other Benefits

Executive officers are eligible to participate in all of our employee benefit plans, such as medical, dental, vision, group life, disability, and accidental death and dismemberment insurance and our 401(k) plan, in each case on the same basis as other employees. We do not match employee contributions under our 401(k) plan. We also provide vacation and other paid holidays to all employees, including our executive officers, which are comparable to those provided at peer companies. There were no special benefits or perquisites provided to any executive officer in fiscal 2007 other than Mr. Shaw as described above.

Executive Compensation Tables

The following table presents compensation information for our fiscal year ended April 30, 2007 paid to or accrued for our Chief Executive Officer, Chief Financial Officer and each of our three other most highly

compensated executive officers whose total compensation was more than $100,000. We refer to these executive officers as our “named executive officers” elsewhere in this prospectus.

Fiscal 2007 Summary Compensation Table


						Non-Equity
				Option		Incentive Plan		All Other
Name and Principal Position	Salary(1)			Awards(2)		Compensation(3)		Compensation			Total

Robert W. Shaw
Chief Executive Officer	$	400,000		$	197,987	$	154,000	$	220,743	(4)	$	972,730
Thomas Reilly(5)
President and Chief Operating Officer		129,615			512,812		48,125		—			690,552
Hugh S. Njemanze
Chief Technology Officer and Executive Vice President of Research and Development		270,833	(6)		50,966		105,875		—			427,674
Kevin P. Mosher
Senior Vice President of Worldwide Field Operations		398,946	(7)		28,815		—		—			427,761
Stewart Grierson
Chief Financial Officer		230,000			25,646		75,268		—			330,914


(1)		The amounts in this column include payments by us in respect of accrued vacation, holidays and sick days, as well as any salary contributed by the named executive officer to our 401(k) plan.

(2)		In accordance with SEC rules, the amounts in this column represent the amounts that we would have recognized as compensation expense for financial statement reporting purposes for any part of fiscal 2007 in accordance with SFAS 123R in connection with all of the options previously issued to the named executive officer had we applied the modified prospective transition method without reflecting the estimate for forfeitures related to service-based vesting used for financial statement reporting purposes, rather than the prospective transition method actually utilized by us for financial statement reporting purposes.

(3)		The amounts in this column reflect amounts paid pursuant to our Fiscal Year 2007 Management and Employee Bonus Plan. For a description of this plan, see “—Executive Compensation—Compensation Discussion and Analysis.”

(4)		Includes $101,203 in tax reimbursements (related to the following items), $47,579 in apartment expenses and utilities and $40,450 in commuting airfare and taxis, and also includes life insurance premiums, automobile expenses and yacht and country club memberships.

(5)		Mr. Reilly began service with us in November 2006. Mr. Reilly’s annual salary is $300,000.

(6)		In September 2007, Mr. Njemanze’s annual salary was increased to $300,000.

(7)		Includes $148,946 of sales commission bonus paid pursuant to Mr. Mosher’s Sales Commission Plan – FY 2007. Excludes $28,827 of sales commission bonus paid to Mr. Mosher during fiscal 2007, but earned in fiscal 2006, pursuant to his then applicable commission plan. For a description of this plan, see “—Executive Compensation—Compensation Discussion and Analysis.”

For a description of the material terms of offer letters for the named executive officers in the above table, please see “—Executive Compensation—Employment, Severance and Change of Control Arrangements,” below.

Fiscal 2007 Grants of Plan-Based Awards

The table below summarizes grants made to each of our named executive officers for the fiscal year ended April 30, 2007:


										Estimated
										Possible							Grant Date
										Payouts		Number of			Exercise		Fair Value of
			Estimated Possible Payouts Under							Under Equity		Securities			Price of		Stock and
	Grant		Non-Equity Incentive Plan Awards(1)							Incentive Plan		Underlying			Option		Option
Name	Date		Threshold		Target		Maximum			Awards(2)		Options(3)			Awards(4)		Awards(5)

Robert W. Shaw		6/5/2006		—		—		—			—		124,589	(6)	$	1.52	$	115,868
		6/5/2006		—		—		—			—		62,911	(6)		1.52		58,507
		—	$	105,000	$	140,000	$	400,000			—		—			—		—
Thomas Reilly		1/24/2007		—		—		—			—		3,426,992	(7)		1.70		3,564,072
		1/24/2007		—		—		—			—		1,161,938	(7)		1.70		1,208,416
		1/24/2007		—		—		—			—		58,823	(7)		1.70		61,176
		—		32,813		43,750		125,000			—		—			—		—
Hugh S. Njemanze		6/5/2006		—		—		—			—		57,005	(6)		1.52		53,015
		6/5/2006		—		—		—			—		37,995	(6)		1.52		35,335
		—		71,094		94,792		275,000			—		—			—		—
Kevin P. Mosher		6/5/2006		—		—		—			—		84,046	(6)		1.52		78,163
		6/5/2006		—		—		—			—		10,954	(6)		1.52		10,187
		—		—		150,000		—	(8)		—		—			—		—
Stewart Grierson		6/5/2006		—		—		—			—		94,024	(6)		1.52		87,442
		6/5/2006		—		—		—			—		976	(6)		1.52		908
		—		60,375		80,500		230,000			—		—			—		—


(1)		The amounts in this column reflect amounts payable or options grantable pursuant to our Fiscal Year 2007 Management and Employee Bonus Plan, except for amounts payable to Mr. Mosher pursuant to his Sales Commission Plan – FY 2007, which are recorded as “Salary” in the “Fiscal 2007 Summary Compensation Table.” For a description of these plans, see “—Executive Compensation—Compensation Discussion and Analysis.”

(2)		As described in “—Executive Compensation—Compensation Discussion and Analysis,” all of our executive officers are eligible to receive options to purchase shares of our common stock pursuant to our Fiscal Year 2007 Management and Employee Bonus Plan. These options are allocated out of a pool of 1,205,620 shares of our common stock. There are no threshold, target or maximum amounts for these option grants, as the allocation of shares to the eligible executives is determined by our compensation committee, with input from Mr. Shaw, except that Mr. Shaw has no input into his option grant. In August 2007, we granted the following options to purchase shares of our common stock at an exercise price of $2.50 per share pursuant to the allocation determined by our compensation committee and Mr. Shaw: Mr. Shaw, 180,000 shares; Mr. Njemanze, 125,000 shares; Mr. Mosher, 100,000 shares; and Mr. Grierson, 125,000 shares. For additional information on these grants, see the footnotes to the “Outstanding Option Awards at Fiscal 2007 Year-End” table.

(3)		Each stock option was granted pursuant to our 2002 Stock Plan.

(4)		Represents the fair market value of a share of our common stock on the option’s grant date, as determined by our board of directors.

(5)		The amounts in this column represent the grant date fair value, computed in accordance with SFAS 123R, of each option granted to the named executive officer in fiscal 2007, less in the case of modified or replacement options the fair value of the option modified or replaced. Our compensation cost for these option grants is similarly based on the grant date fair value but is recognized over the period, typically four years, in which the named executive officer must provide services in order to earn the award. Please see note 9 of the notes to our consolidated financial statements for a discussion of all assumptions made in determining the grant date fair values of the options we granted in fiscal 2007.

(footnotes continue on following page)


(6)		Option vests as to 1/4^th of the shares of common stock underlying it on May 1, 2007 and vests as to 1/48^th of the underlying shares monthly thereafter until fully vested on May 1, 2010.

(7)		Each of the option to purchase 3,426,992 shares and the option to purchase 58,823 shares vests as to 1/4^th of the shares of common stock underlying it on November 27, 2007 and vests as to 1/48^th of the underlying shares monthly thereafter until fully vested on November 27, 2010. The option to purchase 1,161,938 shares vests as to approximately one quarter of the shares upon the achievement of specified milestones relating to business planning and operations, sales, services and support execution, and company positioning, market and product strategy, during his first year of employment, and if such milestones are achieved the option vests as to 1/48^th of the underlying shares monthly over the subsequent three years. In the absence of milestone achievement, such stock option will terminate.

(8)		Mr. Mosher is eligible to receive a commission rate of 4.00% of quarterly revenues, as well as $22,500 in each quarter that we achieve 110% or more of our revenues target for that quarter and achieve sales contribution or sales operating expenses targets, pursuant to his Sales Commission Plan – FY 2007. There is not a maximum amount that Mr. Mosher may receive under this plan. For a description of this plan, see “—Executive Compensation—Compensation Discussion and Analysis.”

Each of the grants made on June 5, 2006 is exerciseable as it vests. Each of the grants made to Mr. Reilly is immediately exercisable in full; however, unvested shares issued upon exercise are subject to a right of repurchase by us upon termination of employment, which right lapses in accordance with the vesting schedule described above. Each of these stock options expires 10 years from the date of grant. These stock options are also subject to accelerated vesting upon involuntary termination or constructive termination following a change of control of us, as discussed below in “—Executive Compensation —Employment, Severance and Change of Control Arrangements.”

Outstanding Option Awards at Fiscal 2007 Year-End

The following table summarizes outstanding equity awards held by each of our named executive officers at April 30, 2007:


	Number of Securities
	Underlying Unexercised						Option		Options
	Options(1)						Exercise		Expiration
Name	Exercisable			Unexercisable			Price(2)		Date

Robert W. Shaw(3)		800,000	(4)		—		$	0.06		1/22/2014
		2,000,000	(5)		—			0.20		2/3/2015
		200,000	(6)		—			1.00		5/26/2015
		—	(7)		187,500	(7)		1.52		6/5/2016
Thomas Reilly		4,647,753	(8)		—			1.70		1/24/2017
Hugh S. Njemanze(9)		500,000	(10)		—			0.20		2/3/2015
		100,000	(6)		—			1.00		5/26/2015
		—	(7)		95,000	(7)		1.52		6/5/2016
Kevin P. Mosher(11)		350,000	(7)		—			1.00		5/26/2015
		—	(7)		95,000	(7)		1.52		6/5/2016
Stewart Grierson(9)		100,000	(4)		—			0.04		1/28/2013
		100,000	(12)		—			0.04		7/16/2013
		75,000	(4)		—			0.06		1/22/2014
		525,000	(13)		—			0.12		10/6/2014
		350,000	(6)		—			1.00		5/26/2015
		—	(7)		95,000	(7)		1.52		6/5/2016


(1)		Each stock option was granted pursuant to our 2002 Stock Plan. The vesting and exercisability of each stock option is described in the footnotes below for each option. Each of these stock options expires 10 years from the date of grant. These stock options are also subject to accelerated vesting upon involuntary termination or

(footnotes continue on following page)


		constructive termination following a change of control, as discussed below in “—Executive Compensation—Employment, Severance and Change of Control Arrangements.”

(2)		Represents the fair market value of a share of our common stock on the option’s grant date, as determined by our board of directors.

(3)		In August 2007, we granted Mr. Shaw an option to purchase 180,000 shares of our common stock at an exercise price of $2.50 per share pursuant to our Fiscal Year 2007 Management and Employee Bonus Plan. This option vests as to 1/4^th of the shares of common stock underlying it on May 1, 2008 and as to 1/48^th of the underlying shares monthly thereafter until fully vested on May 1, 2011. For a description of this plan, see “Executive Compensation—Compensation Discussion and Analysis.”

(4)		This stock option is fully vested.

(5)		Includes two options, each to purchase 1,000,000 shares, granted to Mr. Shaw concurrently, one of which vested as to 1/4^th of the shares of common stock underlying it on February 3, 2006 and vests as to 1/48^th of the underlying shares monthly thereafter until fully vested on February 3, 2009, and the other of which vested as to 1/2 of the shares of common stock underlying it on February 3, 2007 and vests as to 1/48^th of the underlying shares monthly thereafter until fully vested on February 3, 2009.

(6)		Option vested as to 1/4^th of the shares of common stock underlying it on May 1, 2006 and vests as to 1/48^th of the underlying shares monthly thereafter until fully vested on May 1, 2009.

(7)		Option vested as to 1/4^th of the shares of common stock underlying it on May 1, 2007 and vests as to 1/48^th of the underlying shares monthly thereafter until fully vested on May 1, 2010.

(8)		Includes options to purchase 3,426,992 shares, 58,823 shares and 1,161,938 shares granted to Mr. Reilly concurrently in connection with his hiring. Each of the option to purchase 3,426,992 shares and the option to purchase 58,823 shares vests as to 1/4^th of the shares of common stock underlying it on November 27, 2007 and as to 1/48^th of the underlying shares monthly thereafter until fully vested on November 27, 2010. The option to purchase 1,161,938 shares vests as to approximately one quarter of the shares upon the achievement of specified milestones relating to business planning and operations, sales, services and support execution, and company positioning, market and product strategy, during his first year of employment, and if such milestones are achieved the option vests 1/48^th of the underlying shares monthly over the subsequent three years. In the absence of milestone achievement, such stock option will terminate.

(9)		In August 2007, we granted Messrs. Njemanze and Grierson each an option to purchase 125,000 shares of our common stock at an exercise price of $2.50 per share pursuant to our Fiscal Year 2007 Management and Employee Bonus Plan. Each option vests as to 1/4^th of the shares of common stock underlying it on May 1, 2008 and as to 1/48^th of the underlying shares monthly thereafter until fully vested on May 1, 2011. For a description of this plan, see “—Executive Compensation—Compensation Discussion and Analysis.”

(10)		Option vested as to 1/4^th of the shares of common stock underlying it on February 3, 2006 and vests as to 1/48^th of the underlying shares monthly thereafter until fully vested on February 3, 2009.

(11)		In August 2007, we granted Mr. Mosher an option to purchase 100,000 shares of our common stock at an exercise price of $2.50 per share pursuant to our Fiscal Year 2007 Management and Employee Bonus Plan. This option vests as to 1/4^th of the shares of common stock underlying it on May 1, 2008 and as to 1/48^th of the underlying shares monthly thereafter until fully vested on May 1, 2011. For a description of this plan, see “—Executive Compensation—Compensation Discussion and Analysis.”

(12)		Option vested as to 1/4^th of the shares of common stock underlying it on July 16, 2004 and vests as to 1/48^th of the underlying shares monthly thereafer until fully vested on July 16, 2007.

(13)		Option vested as to 1/4^th of the shares of common stock underlying it on October 1, 2005 and vests as to 1/48^th of the underlying shares monthly thereafter until fully vested on October 1, 2008.

Employment, Severance and Change of Control Arrangements

Under our employment agreement and option grant agreements with Mr. Shaw, if we terminate his employment for any reason other than cause, death or disability or if he terminates his employment for good reason, he is entitled to a lump-sum severance payment equal to his then-current annual base salary and accelerated vesting of 33% of his remaining unvested stock options. If we terminate his employment without cause or if he terminates his employment for good reason within 12 months of a change in control, he is entitled to a lump-sum severance payment equal to his then-current annual base salary and accelerated vesting of all remaining unvested stock options. For a description of the base salary and perquisites and other personal benefits provided for under our employment agreement Mr. Shaw, please see the discussion under “—Executive Compensation—Compensation Discussion and Analysis” and the “Fiscal 2007 Summary Compensation Table” above.

Under our offer letter with Mr. Reilly, if he is subject to an involuntary termination within 12 months of a change in control and such change in control occurs within the first year of his employment with the company, then for 12 months following such termination he is entitled to continued payment of his then-current base salary and accelerated vesting of 50% of his remaining unvested stock options. If he is subject to an involuntary termination within 12 months of a change in control and such change in control occurs after the first year of his employment with us, then for 12 months following such termination he is entitled to continued payment of his then-current annual base salary and accelerated vesting of all remaining unvested stock options.

Under our offer letter with Mr. Mosher, if he is subject to an involuntary termination within 12 months of a change in control, then for 12 months following such termination he is entitled to continued payment of his then-current base salary and COBRA health insurance premiums, and 24 months of additional vesting of his stock options.

Under our offer letter with Mr. Njemanze, if we terminate his employment for any reason, then for six months following such termination he is entitled to continued payment of his then-current base salary.

Under our offer letter with Mr. Grierson, if he is subject to an involuntary termination within six months of a change in control, then for three months following such termination he is entitled to continued payment of his then-current base salary and COBRA health insurance premiums, and will also receive accelerated vesting of 50% of his remaining unvested stock options as of his termination date.

Absent a change of control event, no executive officer other than Mr. Shaw or Mr. Njemanze is entitled upon termination to either equity vesting acceleration or cash severance payments.

For Messrs. Shaw and Reilly, cause is defined as the occurrence of any of the following:


	•	willful failure by the executive officer to substantially perform his duties under his employment agreement, after receipt of a written warning from our board of directors;

	•	a willful act by the executive officer which is injurious to us;

	•	a willful breach by the executive officer of a material provision of his employment agreement or offer letter; or

	•	a material violation by the executive officer of a federal or state law or regulation applicable to our business.

For Mr. Shaw, good reason is defined as the occurrence of any of the following (unless the event described in the third, fourth and fifth bullet points occurs prior to a change in control and also generally applies to all other members of our senior management):


	•	the assignment to Mr. Shaw of any duties or the reduction of his duties, either of which results in a significant diminution in his position or responsibilities with us in effect immediately prior to such assignment, or the removal of Mr. Shaw from such position and responsibilities;

	•	the assignment to Mr. Shaw of (i) any position other than as our chief executive officer or (ii) any position that does not report directly to our board of directors;


	•	a material reduction, without good business reasons, of the facilities and perquisites available to Mr. Shaw immediately prior to such reduction;

	•	a material reduction in Mr. Shaw’s base salary; or

	•	a material reduction by us in the kind or level of employee benefits to which Mr. Shaw is entitled immediately prior to such reduction with the result that Mr. Shaw’s overall benefits package is significantly reduced.

For Messrs. Reilly, Grierson and Mosher, involuntary termination is defined as the occurrence of any of the following:


	•	we terminate the executive officer without cause; or

	•	the executive officer resigns within 30 days after the scope of his or her job responsibilities or authority was materially reduced without his or her written consent.

In addition, the resignation by Messrs. Reilly or Grierson within 30 days after receipt of notice that his principal workplace will be relocated 100 miles or more from its location at the time of notice shall constitute involuntary termination.

For Messrs. Grierson and Mosher, cause is defined as the occurrence of any of the following:


	•	the commission of an act of embezzlement, fraud, dishonesty or breach of fiduciary duty to us;

	•	deliberate and repeated violation of our rules or the valid instructions of our board of directors or an authorized officer;

	•	any unauthorized disclosure by the executive officer of any of our secrets or confidential information;

	•	the inducement of any of our clients or customers to break any contract with us; or

	•	the engagement in any conduct that could reasonably be expected to result in loss, damage or injury to us.

A change of control will occur, generally, in the event of a merger, sale of our assets or a stock acquisition in which the stockholders of our company will hold less than 50% of the stock of the acquiring company following the transaction.

The following table summarizes the benefits payable to each named executive officer pursuant to the arrangements described above:


	Termination						Involuntary Termination Within One Year of a Change of Control
				Acceleration of						Acceleration of
				Equity						Equity
Name	Salary			Vesting(1)			Salary			Vesting(1)

Robert W. Shaw	$	400,000	(2)	$		(3)	$	400,000	(2)	$		(4)
Thomas Reilly		—			—		$	300,000	(5)			(6)
Hugh S. Njemanze	$	135,417	(7)		—		$	135,417	(7)		—
Kevin P. Mosher		—			—		$	253,629	(8)			(9)
Stewart Grierson(10)		—			—		$	61,129	(11)			(12)


(1)		Calculated based on the termination or change of control taking place as of April 30, 2007, the last day of our most recent fiscal year, and based on assumed initial public offering price of $ per share, based on the midpoint of the range set forth on the cover page of this prospectus.

(2)		Reflects a lump-sum payment equal to his then-current annual base salary. Mr. Shaw’s termination must be by us without cause or by Mr. Shaw for good reason in order for him to receive the continued base salary disclosed in the table. See the narrative description of the terms of Mr. Shaw’s employment arrangements, above, for more information.


(3)		Reflects accelerated vesting of 33% of Mr. Shaw’s remaining unvested stock options. Mr. Shaw’s termination must be by us without cause or by Mr. Shaw for good reason in order for him to receive the accelerated vesting disclosed in the table. See the narrative description of the terms of Mr. Shaw’s employment arrangements, above, for more information.

(4)		Reflects accelerated vesting of 100% of Mr. Shaw’s remaining unvested stock options.

(5)		Reflects continued base salary for 12 months following termination.

(6)		Mr. Reilly is entitled to accelerated vesting of 50% of his remaining unvested stock options upon an involuntary termination of Mr. Reilly within his first year of employment with us. Mr. Reilly is entitled to accelerated vesting of 100% of his remaining unvested stock options upon an involuntary termination of Mr. Reilly after his first year of employment with us; the value of such acceleration of equity vesting would be $ , based on the assumptions discussed in footnote (1) above but assuming that the involuntary termination took place after his first year of employment with us.

(7)		Reflects continued base salary for six months following termination. Mr. Njemanze is entitled to such continued base salary regardless of the circumstances of his termination.

(8)		Reflects continued base salary and COBRA health insurance premiums for 12 months following termination.

(9)		Reflects 24 months of additional vesting of Mr. Mosher’s remaining unvested stock options.

(10)		Mr. Grierson’s termination must take place within six months of a change of control in order for him to receive the continued base salary, COBRA health insurance premiums and accelerated vesting disclosed in the table.

(11)		Reflects continued base salary and COBRA health insurance premiums for three months following termination.

(12)		Reflects accelerated vesting of 50% of Mr. Grierson’s remaining unvested stock options.

Employee Benefit Plans

2000 Stock Incentive Plan

Our board of directors adopted our 2000 Stock Incentive Plan in May 2000 and our stockholders approved it on May 25, 2000. Our 2000 Stock Incentive Plan provides for the grant of incentive stock options, within the meaning of Section 422 of the Internal Revenue Code of 1986, as amended, or the Code, to our employees and any parent and subsidiary corporations’ employees, and for the grant of nonstatutory stock options to our employees, directors and consultants and any parent and subsidiary corporations’ employees and consultants. The 2000 Stock Incentive Plan also allows for awards of restricted stock. We ceased issuing awards under the 2000 Stock Incentive Plan upon the implementation of the 2002 Stock Plan, which is described below. Likewise, we will not grant any additional awards under our 2000 Stock Incentive Plan following this offering. Instead we will grant options under our 2007 Equity Incentive Plan.

Share Reserve. Awards are no longer granted under the 2000 Stock Incentive Plan. As of April 30, 2007, options to purchase 190,500 shares of common stock were outstanding under options granted pursuant to this plan. Shares of common stock reserved for issuance pursuant to this plan have been rolled into our 2002 Stock Plan.

Administration. Our compensation committee currently administers our 2000 Stock Incentive Plan. Under our 2000 Stock Incentive Plan, our compensation committee has the power to determine the terms of the awards, including who will receive awards, the exercise price, the number of shares subject to each award, the vesting schedule and exercisability of awards and the form of consideration payable upon exercise.

Stock Options. The exercise price of incentive stock options and nonstatutory stock options must be at least equal to the fair market value of our common stock on the date of grant, and their terms may not exceed ten years. With respect to incentive stock options granted to any participant who owns 10% or more of the voting power of all classes of our outstanding stock as of the grant date, the term must not exceed five years and the exercise price must equal at least 110% of the fair market value on the grant date. With respect to nonstatutory stock options granted to any participant who owns 10% or more of the voting power of all classes of our outstanding stock as of the grant

date, the exercise price of nonstatutory stock options must also be equal to at least 110% of the fair market value on the grant date.

Upon termination of a participant’s service with us, he or she may exercise his or her option for the period of time stated in the option agreement, to the extent his or her option is vested on the date of termination. If termination is due to death or disability, the option will remain exercisable for twelve months. If termination is for cause, the option will immediately terminate in its entirety. In all other cases and if not otherwise stated in the award agreement, the option will remain exercisable for 30 days. An option may never be exercised later than the expiration of its term.

Restricted Stock. The right to purchase restricted stock may be granted alone, in addition to or in tandem with other awards granted under our 2000 Stock Incentive Plan. The grant of restricted stock is the right to purchase shares of our common stock that vest in accordance with terms and conditions established by the compensation committee. The compensation committee will determine the number of restricted shares that may be granted. The compensation committee may impose whatever conditions to vesting it determines to be appropriate. Upon termination of the purchaser’s service with us for reasons other than death or disability, the restricted shares are forfeited. Upon the death of a purchaser or upon purchaser’s termination of service as a result of disability, all restricted shares shall be forfeited, unless the compensation committee in its sole discretion shall determine otherwise.

Effect of a Change in Control. Our 2000 Stock Incentive Plan provides that in the event of certain change in control transactions, including our merger with or into another corporation or the sale of substantially all of our assets, the stock option agreement may provide that the options or restricted shares shall become fully or partially vested and exercisable, for the assumption of options or for the substitution of new options and restricted shares by the successor entity.

Transferability. The 2000 Stock Incentive Plan does not allow for the sale or transfer of incentive stock option awards and they may be exercised only during the lifetime of the participant and only by such participant. However, a nonstatutory stock option award may be transferred upon the approval of the compensation committee by will or the laws of descent and distribution or by gift to a member of a participant’s immediate family.

Additional Provisions. Our compensation committee has the authority to amend or terminate the 2000 Stock Incentive Plan subject to the approval of our stockholders; provided that, such action shall not affect any award previously granted under the 2000 Stock Incentive Plan.

2002 Stock Plan

Our board of directors adopted our 2002 Stock Plan in March 2002 and our stockholders approved it on March 29, 2002, and it was amended and restated on January 24, 2007. Our 2002 Stock Plan provides for the grant of incentive stock options, within the meaning of Section 422 of the Code to our employees and any parent and subsidiary corporations’ employees, and for the grant of nonstatutory stock options to our employees, directors and consultants and any parent and subsidiary corporations’ employees and consultants. The 2002 Stock Plan also allows for awards of stock purchase rights. We will not grant any additional awards under our 2002 Stock Plan following this offering. Instead we will grant options under our 2007 Equity Incentive Plan.

Share Reserve. We have reserved a total of 40,390,937 shares of our common stock for issuance pursuant to the 2002 Stock Plan, however, in the event that