October 9, 2018
VIA EDGAR
Securities and Exchange Commission
Office of Information Technologies and Services
Division of Corporation Finance
100 F Street, N.E.
Washington, D.C. 20549
Attention:
Kathleen Collins
Eiko Yaoita Pyles
Form 10-K/A for the Fiscal Year Ended December 31, 2017
Filed March 1, 2018
Form 10-Q for the Quarterly Period Ended March 31, 2018
Filed May 4, 2018
File No. 001-36067
To whom it may concern:
FireEye, Inc. (the “Company,” “FireEye,” “we” or “us”) is submitting this letter and the following information in response to your letter, dated September 11, 2018, from the staff (the “Staff”) of the Securities and Exchange Commission (the “Commission”) with respect to the above-referenced filings (the “Comment Letter”).
In this letter, we have recited the comments from the Staff in italicized, bold type and have followed each comment with the Company’s response.
Form 10-Q for the Quarterly Period Ended March 31, 2018
Note 1. Description of Business and Summary of Significant Accounting Policies Revenue from Contracts with Customers, page 7
1.
You state that you combine intelligence dependent appliances and software licenses with the related intelligence subscription and support as a single performance obligation. Please explain further the nature of your support services and how you determined that such services are not separately identifiable from the appliance and related software. Refer to ASC 606-10-25-19 and 25-21.
The Company acknowledges the Staff’s comment and respectfully advises the Staff that the Company sells comprehensive intelligence-based cybersecurity solutions that allow organizations to prepare for, prevent, respond to, and remediate cyber attacks. These integrated cybersecurity solutions principally include the provision of (1) security appliances with embedded software that is integral to the functionality of the security appliances (the “Tangible Products”), (2) intelligence subscriptions that provide frequent content updates to the Tangible Products (the “Intelligence Updates”), and (3) support and maintenance subscriptions for the Tangible Products that ensures their continued functionality and operability (the “Support Services”). As our integrated cybersecurity solutions combine multiple promised goods and services into a single output, the Company has considered the nature of our promise to our customer and applied the guidance within ASC 606-10-25-19 and 25-21 to determine whether or not any of these individual promised goods and services are distinct within the context of the contract, as further discussed below.
Securities and Exchange Commission
October 9, 2018
Page 2
The Company’s customers are primarily large enterprises and governmental entities for which continuous, advanced, and effective cybersecurity monitoring and prevention is of utmost importance. Due to their public prominence, our customers are exposed to a large volume of increasingly sophisticated and continuously evolving cyber threats. And, for the same reason, the impact to our customers of a successful cyber attack is particularly acute. In response, our customers rely on us to provide them with a cybersecurity solution that provides them with constant and dependable protection.
The Company’s Tangible Product is both a “signature-based” cybersecurity system and a “behavioral-based” cybersecurity system that can examine email, email attachments, and web content in near real-time in order to spot software behavior indicative of advanced threats, viruses or other malware on top of the traditional signature-based detection. In order to provide the intended level of utility, our cybersecurity solution relies on our Intelligence Updates to frequently “teach” our Tangible Products how to better detect and prevent cyber attacks (which continuously evolve). These Intelligence Updates are derived from a continuous flow of new attack data collected from our global network of sensors and virtual machines, as well as intelligence gathered by our security researchers, security operations analysts and incident responders.
The Intelligence Updates are provided on a when-and-if-available basis to our customers while they maintain an active intelligence subscription, and they occur very frequently (often hourly). Although a Tangible Product is functional without the Intelligence Updates, its utility diminishes considerably without these frequent Intelligence Updates, due to the rapidly evolving nature of cyber attacks. As a result, the Intelligence Updates form a crucial and integral part of the integrated cybersecurity solution that we provide to our customers, as they permit our Tangible Product to protect our customers from a significant number of new and different cyber attacks that it does not protect against upon its initial purchase.
Support Services include unspecified upgrades and enhancements to the software within our Tangible Products, phone support, and hardware maintenance. Similar to Intelligence Updates, upgrades and enhancements to our software included in Support Services are delivered on a when-and-if-available basis to our customers while they maintain an active support and maintenance subscription. Support Services include bug fixes, maintenance patches and new software releases which may contain minor enhancements to features (although they do not include new versions of our software, which must be purchased separately). The Company respectfully advises the Staff that phone support and hardware maintenance are immaterial promises in the context of our contracts with customers, and thus in accordance with ASC 606-10-25-16A we have not assessed whether these promises are distinct performance obligations.
The Company views its Intelligence Updates and Support Services as a combined service offering. This is due to the fact that the ongoing Support Services are required for the software within our Tangible Product to “understand” the Intelligence Updates that are delivered to it. Said differently, the Intelligence Updates will not function with a Tangible Product if the software within that Tangible Product has not also been adequately updated and maintained via the Support Services. Our view that Intelligence Updates and Support Services are a combined service offering is also due to the fact that upgrades and enhancements to our software included in Support Services are delivered via the same mechanism as Intelligence Updates and are comingled as a single overall update (such that our customers cannot tell the difference between Intelligence Updates and upgrades and enhancements to our software included in Support Services), and the Company does not separately track delivery of Support Services and Intelligence Updates. Because of this symbiotic relationship, a customer cannot purchase an intelligence subscription to receive Intelligence Updates without also purchasing a coterminous support and maintenance subscription to receive Support Services.
Securities and Exchange Commission
October 9, 2018
Page 3
As noted above, the Company has applied guidance within paragraphs ASC 606-10-25-19 and ASC 606-10-25-21 to determine whether or not any of the individual promised goods and services that comprise our cybersecurity solution (i.e., the Tangible Product, the Intelligence Updates and the Support Services) are distinct within the context of our contracts with customers.
In evaluating the two criteria given in ASC 606-10-25-19 for a promised good or service to be considered a distinct performance obligation, we believe that each of the three components of the integrated cybersecurity solution that we provide to our customers (i.e., the Tangible Product, the Intelligence Updates, and the Support Services) meet the criterion in ASC 606-10-25-19(a) as being capable of being distinct because our customers can benefit from each of them either on their own (as in the case of the Tangible Products) or with resources that they have already obtained from us (as is the case with the Intelligence Updates and the Support Services).
However, we do not believe that any of the three components of our integrated cybersecurity solution meets the criterion in ASC 606-10-25-19(b) as being distinct within the context of the contract because the nature of our promise to our customers is to transfer a combined output (i.e., an integrated cybersecurity solution) to which each of these three individual components is an input. In reaching this conclusion, we have considered paragraph 606-10-25-21(a), as well as related implementation examples within paragraphs ASC 606-10-55-140D through 55-140F (Example 10, Case C) and ASC 606-10-55-364 through 55-366 (Example 55).
In consideration of the guidance referenced above and in recognition of the nature of our promise to our customers, we do not believe that any of the three components of our cybersecurity solution meets the criteria in ASC 606-10-25-19(b) as being distinct within the context of the contract. Therefore, we believe that the cybersecurity solution which we provide to our customers (inclusive of each of the three previously referenced individual components) represents a single distinct bundle of goods and services that should be accounted for as a single performance obligation in accordance with ASC 606-10-25-22. This conclusion is supported by the following factors:
•
As noted previously, our customers are primarily large enterprises and governmental entities for which continuous, advanced, and effective cybersecurity monitoring and prevention is of utmost importance. Due to the volume and variety of cyber attacks faced by such entities, the efficacy and utility the cybersecurity solution that we sell to our customers will significantly and rapidly decrease without the Tangible Products being frequently refreshed with Intelligence Updates. This decrease would be to a point that, we believe, our customers would perceive that our solution no longer provides an acceptable level of protection. As evidence of this assertion, we note the following:
◦
We analyzed malware attack data for a three-month period. During this period, a significant percentage of the cyber attacks logged by our Tangible Products were identified using new rules delivered through our Intelligence Updates during such period. Further, over time, the ratio of cyber attacks that would be identified using new rules delivered through our Intelligence Updates would increase.
Securities and Exchange Commission
October 9, 2018
Page 4
◦
We provide Intelligence Updates at a very high frequency (often hourly), which indicates the necessity of and utility provided by the Intelligence Updates.
Therefore, we believe that the Intelligence Updates form an integral part of the overall cybersecurity solution that we promise to our customers, because they significantly modify the functionality of the Tangible Products by permitting them to protect our customers from a significant number of additional cyber attacks that the Tangible Products in a static form would otherwise not be able to identify and prevent. And, due to the fact that the Intelligence Updates are not compatible with our Tangible Products unless the Tangible Products are also updated and maintained via our Support Services (as previously described), the Support Services also form an integral part of the overall cybersecurity solution that we promise to our customers.
•
We market, sell, and monitor our service offering as a single integrated cybersecurity solution, inclusive of Tangible Products, Intelligence Updates, and Support Services. Therefore, the nature of our promise to our customer, viewed from our perspective as well as our customers, is that of a single integrated solution. As evidence of this assertion, we note the following:
◦
We require the purchase of both an intelligence subscription and a support and maintenance subscription with each purchase of a Tangible Product. Both the intelligence subscription and support and maintenance subscription are linked to a license associated with a specific Tangible Product (i.e., there is a 1:1 relationship across all three components of our integrated cybersecurity solution). If a customer requires additional Tangible Products in order to expand their cyber protection capabilities or capacity, the customer is required to also purchase an equal amount of additional intelligence subscriptions and support and maintenance subscriptions. In other words, our customers purchase from us a single overall cybersecurity solution.
◦
Our sales and marketing strategies are designed to highlight and sell the interrelation and interdependency of the Tangible Products, Intelligence Updates, and Support Services as a single combined solution.
◦
Our Tangible Products cannot be repurposed by the customer for other uses (e.g., it cannot be used as a firewall, server, etc.), and it cannot be updated through software updates offered by our competitors. Similarly, our Intelligence Updates and Support Services cannot be used with products offered by our competitors.
◦
As previously described, we do not separately track the Intelligence Updates and Support Services that we deliver, but we instead view their provision as being part of a single update process.
Securities and Exchange Commission
October 9, 2018
Page 5
Considering all the quantitative and qualitative factors above, and in recognition of the judgment required when identifying distinct performance obligations within contracts with customers (as was noted by the FASB in paragraphs BC27 and BC28 of the Basis for Conclusions of Accounting Standards Update 2016-10, Revenue from Contracts with Customers - Identifying Performance Obligations and Licensing), the Company has concluded that the cybersecurity solution that we promise to our customers is a single distinct performance obligation, and thus that the Support Services provided as a component of this single solution are not distinct within the context of the contract under ASC 606-10-25-19 and ASC 606-10-25-21.
2.
Please clarify over what period revenue is recognized for the single performance obligation referred to in the previous comment. In this regard, your disclosure appears to indicate that for certain contracts you recognize revenue for the intelligence dependent appliances and software licenses over a different period than the subscription and support services revenue. If true, tell us how you determined that recognizing revenue for a single performance obligation over different periods is appropriate. Refer to ASC 606-10-25-23.
The Company acknowledges the Staff’s comment and respectfully advises the Staff that, as detailed within our response to the Staff’s Question #1, each cybersecurity solution that we sell to our customers is treated as a single distinct performance obligation. We respectfully clarify that we do not recognize revenue for the Tangible Products over a different period than the intelligence subscription and Support Services revenue. Rather, we recognize revenue related to our single distinct performance obligation over the period of time in which we satisfy this performance obligation, which is represented by the contracted subscription period over which we provide our customers with Intelligence Updates and Support Services.
More specifically, in return for the fee paid by a customer upon their initial purchase of our cybersecurity solution (i.e., an upfront fee), the customer receives a Tangible Product, an initial intelligence subscription providing Intelligence Updates for a pre-determined period of time (generally one to three years), and a support and maintenance subscription providing Support Services for a pre-determined period of time (which is coterminous with the intelligence subscription period). Upon expiration of the initial subscription period, the customer must pay an additional fee (i.e., a renewal fee) in order to continue to receive our cybersecurity solution.
The renewal fee charged by the Company is less than the upfront fee charged by the Company. As our customers are not able to obtain our cybersecurity solution at the renewal fee rate without first purchasing our cybersecurity solution at the upfront fee rate, our contracts inherently contain options for additional services (i.e., options for the continued provision of our cybersecurity solution subsequent to the expiration of the initial subscription period). Thus, we have considered the guidance within ASC 606-10-55-41 through 55-44 related to customer options for additional goods or services contained within a contract and determined that, because our contracts contain options to renew our cybersecurity solution at a discounted renewal fee rate that our customers would not be offered without entering into an initial contract at the greater upfront fee rate, our contracts provide our customers with a material right that we treat as a separate performance obligation.
Securities and Exchange Commission
October 9, 2018
Page 6
To account for the material right represented by the renewal option offered to our customers, we defer a portion of the upfront fee received from our customers in accordance with ASC 606-10-55-44. This deferral of a portion of the upfront fees is recognized over the expected renewal period which is determined to be the period from the end of the initial contractual term to the end of the estimated useful life of the appliance and software license. This renewal period beyond the initial subscription period is the period over which our customers exercise their material right of renewal of the cybersecurity solution. As a result, we do not recognize revenue for a single performance obligation over different periods. Rather, we recognize a consistent amount of revenue as and when we provide a single performance obligation (i.e., our cybersecurity solution) both in an initial contract period and subsequent renewals.
In response to the Staff’s comment, the Company will clarify, in future filings, the period over which we recognize revenue for contracts that include an additional performance obligation related to a material right of renewal option as described above.
3.
You state that when your contracts contain material right of renewal options, you recognize revenue from your intelligence dependent appliance and software license over the estimated useful life of the related appliance and license, which appears to be longer than the contractual term. Please tell us your basis for recognizing such revenue in periods past the contractual term. In addition, tell us when you recognize revenue from the material right. Refer to ASC 606-10-55-42.
The Company acknowledges the Staff’s comment. In response, the Company respectfully advises the Staff to please reference our response to Question #2. Therein, we describe the period of time over which we recognize revenue related to our delivery of the cybersecurity solution, and we also describe our practice of recognizing revenue for the material right of renewal option contained within our contracts with customers. This identified material right is subsequently recognized over the expected renewal period which is determined to be the period from the end of the initial contractual term to the end of the useful life of the appliance and software license.
Consistent with the Company’s response to the Staff’s Question #2, in future filings, the Company will clarify the period over which we recognize revenue for contracts that include an additional performance obligation related to a material right of renewal option as described above.
4.
You state on page 30 that sales and marketing expense includes partner referral fees. Please tell us how you determined such classification. Refer to ASC 606-10-32-25 and 26.
The Company acknowledges the Staff’s comment and respectfully advises the Staff that the Company considered the guidance in ASC 606-10-32-25 and ASC 606-10-32-26 and concluded that partner referral fees are properly classified as sales and marketing expenses.
Partner referral fees are often paid by the Company to third parties appointed as authorized sales representatives for the purpose of referring potential end-user customers to the Company to purchase FireEye products. If a sales arrangement results, the Company’s customer is the end user rather than the partner.
The Company, therefore, respectfully submits that its determination to classify partner referral fees as sales and marketing related expenses on the statement of operations is appropriate. For the fiscal year ended December 31, 2017 and six months ended June 30, 2018, these expenses were approximately $700,000 and $245,000, respectively.
* * * * *
Securities and Exchange Commission
October 9, 2018
Page 7
Should the Staff have additional questions or comments regarding the foregoing, please do not hesitate to contact the undersigned at (408) 321-4854.
Very truly yours,
FIREEYE, INC.
/s/ Frank E. Verdecanna
Frank E. Verdecanna
Executive Vice President, Chief Financial Officer and
Chief Accounting Officer
cc: Alexa King, Executive Vice President and General Counsel