Back to GetFilings.com
- - --------------------------------------------------------------------------------
- - --------------------------------------------------------------------------------
SECURITIES AND EXCHANGE COMMISSION
WASHINGTON, D.C. 20549
----------------
FORM 10-K
FOR ANNUAL AND TRANSITION REPORTS
PURSUANT TO SECTION 13 OR 15(D) OF THE
SECURITIES EXCHANGE ACT OF 1934
[X]ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT
OF 1934
For the fiscal year ended December 31, 1999
OR
[_]TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE
ACT OF 1934
For the transition period from to
Commission file number 000-26819
----------------
WATCHGUARD TECHNOLOGIES, INC.
(Exact name of registrant as specified in its charter)
Delaware 91-1712427
(State or other jurisdiction of (I.R.S. Employer
incorporation or organization) Identification No.)
316 Occidental Avenue South, Suite 200, Seattle, WA 98104
(Address of principal executive offices)(zip code)
(206) 521-8340
Registrant's telephone number, including area code
----------------
Securities registered pursuant to Section 12(b) of the Act:
None
Securities registered pursuant to Section 12(g) of the Act:
Common Stock, $.001 par value
----------------
Indicate by check mark whether the registrant: (1) has filed all reports
required to be filed by Section 13 or 15(d) of the Securities Exchange Act of
1934 during the preceding 12 months (or for such shorter period that the
registrant was required to file such reports) and (2) has been subject to such
filing requirements for the past 90 days. Yes [X] No [_]
Indicate by check mark if disclosure of delinquent filers pursuant to Item
405 of Regulation S-K is not contained herein, and will not be contained, to
the best of registrant's knowledge, in definitive proxy or information
statements incorporated by reference in Part III of this Form 10-K or any
amendment to this Form 10-K. [X]
The aggregate market value of the voting stock held by nonaffiliates of the
registrant, based upon the closing sales price of the Common Stock on December
31, 1999 as reported on the Nasdaq National Market, was approximately
$190,970,821. Shares of Common Stock held by each officer and director and by
each person who owns 5% or more of the outstanding Common Stock have been
excluded in that such persons may be deemed to be affiliates. This
determination of affiliate status is not necessarily a conclusive determination
for other purposes.
As of February 8, 2000, there were 20,190,472 shares outstanding of the
registrant's Common Stock.
DOCUMENTS INCORPORATED BY REFERENCE
1. Portions of the Proxy Statement for the registrant's 2000 Annual Meeting of
Stockholders are incorporated by reference into Part III of this annual
report on Form 10-K.
- - --------------------------------------------------------------------------------
- - --------------------------------------------------------------------------------
WATCHGUARD TECHNOLOGIES, INC.
FORM 10-K
FOR THE FISCAL YEAR ENDED DECEMBER 31, 1999
TABLE OF CONTENTS
Page
----
PART I
ITEM 1. BUSINESS...................................................... 3
ITEM 2. PROPERTIES.................................................... 30
ITEM 3. LEGAL PROCEEDINGS............................................. 30
ITEM 4. SUBMISSION OF MATTERS TO A VOTE OF SECURITY HOLDERS........... 30
PART II
ITEM 5. MARKET FOR THE REGISTRANT'S COMMON EQUITY AND RELATED
SHAREHOLDER MATTERS........................................... 31
ITEM 6. SELECTED FINANCIAL DATA....................................... 32
ITEM 7. MANAGEMENT'S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION
AND RESULTS OF OPERATIONS..................................... 33
ITEM 7A. QUANTITATIVE AND QUALITATIVE DISCLOSURES ABOUT MARKET RISK.... 44
ITEM 8. FINANCIAL STATEMENTS AND SUPPLEMENTARY DATA................... 45
ITEM 9. CHANGES IN AND DISAGREEMENTS WITH ACCOUNTANTS ON ACCOUNTING
AND FINANCIAL DISCLOSURE...................................... 66
PART III
ITEM 10. DIRECTORS AND EXECUTIVE OFFICERS OF THE REGISTRANT............ 66
ITEM 11. EXECUTIVE COMPENSATION........................................ 66
ITEM 12. SECURITY OWNERSHIP OF CERTAIN BENEFICIAL OWNERS AND
MANAGEMENT.................................................... 66
ITEM 13. CERTAIN RELATIONSHIPS AND RELATED TRANSACTIONS................ 66
PART IV
ITEM 14. EXHIBITS, FINANCIAL STATEMENT SCHEDULES, AND REPORTS ON
FORM 8-K...................................................... 67
SIGNATURES.............................................................. 69
PART I
ITEM 1. BUSINESS
Forward-Looking Statements
Some of our statements in this annual report on Form 10-K are forward-looking
statements that involve risks and uncertainties. These forward-looking
statements include statements about our plans, objectives, expectations,
intentions, future financial performance and other statements that are not
historical facts. We use words such as anticipates, believes, expects, future
and intends, and similar expressions, to identify forward-looking statements,
but the absence of these words does not mean that the statement is not forward-
looking. You should not unduly rely on these forward-looking statements, which
apply only as of the date of this annual report. Our actual results could
differ materially from those anticipated in the forward-looking statements for
many reasons, including the risks described under "Factors Affecting Our
Operating Results, Our Business and Our Stock Price" contained in Part II, Item
7 of this annual report.
Overview
WatchGuard is a leading provider of Internet security solutions that protect
enterprises or telecommuters using the Internet for electronic commerce and
communications. Our core market is small- to medium-sized enterprises, or SMEs,
and we have recently expanded our marketing focus to include larger enterprises
as well as small offices and home offices, or SOHOs, and telecommuters,
particularly those using broadband Internet connections. According to
The Yankee Group, SMEs represent 98% of U.S. businesses, and account for
approximately 50% of the gross national product. SMEs are increasingly
utilizing the Internet to maintain a competitive advantage and to compete
effectively against enterprises with greater resources. International Data
Corporation, or IDC, estimated that, in the United States alone, approximately
3.5 million SMEs would be connected to the Internet by the end of 1999,
increasing to approximately 4.7 million by the end of 2000.
Our innovative subscription-based LiveSecurity solution broadcasts threat
responses, software updates, information alerts, expert editorials, support
flashes and virus alerts over the Internet, enabling enterprises to keep their
security systems current with minimal effort. The dynamic nature of our
solution is made possible through an updatable security appliance that executes
software sent from the remote management system receiving our LiveSecurity
broadcasts. Our comprehensive, fully integrated LiveSecurity solution for SMEs
and larger enterprises features a firewall, encryption, user authentication,
virtual private networking, web surfing control and our LiveSecurity broadcast
service. In January 2000, we announced the introduction of our security
solutions for SOHOs and telecommuters, which we expect to begin shipping in the
first quarter of 2000. Our solutions for SOHOs and telecommuters will feature a
firewall, virtual private networking, Internet protocol, or IP, sharing and our
LiveSecurity broadcast service. We make installing, configuring and monitoring
our solutions easy with point-and-click security management.
With our recent acquisition of BeadleNet, LLC, which is discussed more fully
in Part II, Item 7, and the formation of our new broadband Internet security
division, we have expanded our product line to include security solutions for
SOHOs and telecommuters, particularly those individuals or SOHOs using
broadband Internet connections. We will market this expanded product line to
both SOHOs that operate as a stand-alone business and SOHOs and telecommuters
that act as a branch office or extension of a larger organization and share
corporate resources through remote access to their company's computing systems.
According to IDC, in the United States alone, approximately 10.9 million home
offices will have broadband Internet access at the end of 2000, up from an
estimated 636,000 at the end of 1998.
Our recently introduced higher-performance security appliance for larger
enterprises enables the WatchGuard LiveSecurity System to support up to 5,000
simultaneously authenticated users and over 50 simultaneously connected virtual
private networks, or VPNs, and delivers faster VPN throughput. The
3
expanded capacity represents a ten-fold increase in the number of possible
connected users and a five-fold increase in VPN throughput as compared to our
security appliance designed for SMEs. This higher-performance security
appliance, combined with our new security solution designed for SOHOs and
telecommuters and our existing SME security solution, will allow us to offer
larger enterprises integrated solutions to protect the main office, large and
small branch offices, and employees who telecommute.
Our LiveSecurity solution gives enterprises a security management choice. An
enterprise can manage its own Internet security through our LiveSecurity System
or outsource its security management to an ISP implementing our LiveSecurity
for MSS. Enterprises using the LiveSecurity System may rapidly distribute
security protection from their desktop personal computer to all security
appliances on their corporate network, while retaining centralized control and
administration. Enterprises that do not want to be directly involved with their
security management may outsource the function to an ISP. For the ISP, our
technology improves the economics of managed security services through a
scalable delivery platform that enables the ISP to remotely configure and
manage thousands of sites quickly, easily and economically.
We sell our Internet security solutions directly and indirectly to ISPs and
indirectly to end-users through more than 310 distributors and resellers
covering 54 countries. We have established relationships with a number of ISPs
to implement LiveSecurity for MSS, including AlphaNet Solutions, Inc., AT&T
Asia/Pacific Group Ltd., GTE Internetworking, Inc., Internet Initiative Japan,
Internet Security Systems, Inc., Interpath Communications, Inc., MIS Corporate
Defense Solutions, Nextcom K.K., PSINet Inc., sunrise communications AG, Verio,
Inc. and You Tools Corporation/FASTNET. As of December 31, 1999, we had shipped
over 12,000 of our security appliances.
We initially incorporated in Washington in 1996 and reincorporated in
Delaware in 1997. References to "we," "our," "us" and "WatchGuard" in this
annual report refer to WatchGuard Technologies, Inc. and its predecessor. Our
executive offices are located at 316 Occidental Avenue South, Suite 200,
Seattle, Washington 98104, and our telephone number is (206) 521-8340. Our web
site is located at http://www.watchguard.com. Any information that is included
on or linked to our web site is not a part of this annual report.
Industry Background
The growth of the Internet
The Internet has experienced rapid growth and has developed into a
significant tool for global communications, commerce and media, enabling
millions of people to share information and transact business electronically.
IDC estimates that there were over 38 million web users in the United States
and over 86 million worldwide at the end of 1997. IDC projects the number of
web users to increase to over 177 million users in the United States and 502
million worldwide by the end of 2003. IDC also estimates that the number of
customers buying goods and services on the Internet will grow from
approximately 15 million worldwide in 1997 to 182 million in 2003, with the
value of electronic commerce transactions growing from $15 billion to over $1.3
trillion in the same period.
The growth in the Internet provides enterprises, regardless of size, with new
revenue opportunities through global distribution of products and services and
with significant reductions of sales and marketing costs through automation and
instantaneous access. Because of its affordability, global reach and
versatility, the Internet is a particularly powerful and necessary tool for
enterprises. Enterprises are increasingly required to establish secure Internet
access to facilitate and support strategic business objectives. In a
marketplace that is becoming more competitive, enterprises are increasingly
utilizing new business tools and initiatives such as remote access, e-commerce,
online customer service and supply chain management to gain competitive
advantage.
The need for Internet security
The increased importance of electronic commerce and the proliferation and
growth of corporate intranets have dramatically increased the openness of
computer networks, with the Internet becoming a widely accepted
4
platform for many business-to-business and direct-to-consumer transactions. The
accessibility and the relative anonymity of users in open computing
environments, however, make systems and the integrity of information stored on
them increasingly vulnerable to security threats. Open systems present inviting
opportunities for computer hackers, curious or disgruntled employees,
contractors and competitors to compromise or destroy sensitive information
within the system or to disrupt operations and Internet access. In addition,
open computing environments are complex and typically involve a variety of
hardware, operating systems and applications supplied by a variety of vendors,
making these networks difficult to manage, monitor and protect from
unauthorized access. With the advent of "always on" broadband Internet
connections that leave a user's computer much more vulnerable to security
breaches than a traditional dial-up connection, even SOHOs and telecommuters
face security threats similar to those faced by larger enterprises connected to
the Internet.
The annual Computer Security Institute survey conducted in early 1999
highlights the potential risks faced by organizations connected to the
Internet. The CSI poll of 521 computer security specialists at U.S.
corporations, government agencies, financial institutions and universities
revealed that 62% of respondents had experienced security breaches within the
past 12 months. The damage caused by a security breach is often difficult to
quantify and may include the loss of irreplaceable proprietary information or
data, damage to business reputation or undetected theft or alteration of
information. The 163 organizations in the CSI poll that were able to quantify
losses reported an average total loss of over $650,000 per organization.
Breached computer security has become such an extensive problem that the U.S.
Federal Bureau of Investigation has recently established the National
Infrastructure Protection Center to prevent and respond to cyber attacks on the
nation's infrastructure.
The Internet security challenge
Internet security begins with a firewall, a security component of varying
complexity designed to provide a barrier and control the flow of information
between a company's internal network and the Internet. Firewalls, however, are
often difficult to install, must be configured by skilled personnel and, to
maximize effectiveness, must be continually monitored and updated. A
comprehensive security solution also typically integrates several other
sophisticated security components, such as virtual private networking, which
secures encrypted communications between two points on the Internet, and access
control mechanisms. These components use a complex mixture of technologies,
including user authentication, passwords, packet filters, proxies and
encryption.
Because enterprises increasingly depend on the Internet for external and
internal communications and for facilitating and conducting business, they need
comprehensive Internet security solutions. Traditional Internet security
solutions, however, are generally difficult to install and expensive to
maintain. Additionally, the technological complexity of traditional solutions
introduces a new set of risks--their many interacting components can easily be
misconfigured. The CSI poll revealed that more than 75% of the reported
successful break-ins took place despite the presence of a firewall. Enterprises
therefore face increasing pressure to hire trained security personnel to ensure
that traditional security solutions are installed and maintained properly. The
scarcity of skilled network and Internet security personnel, however, makes the
cost of hiring in-house personnel prohibitive for many enterprises,
particularly SMEs and SOHOs. Because of the financial and technical resources
necessary to implement, maintain and update these complex security solutions,
they tend to be better suited for larger enterprises than for SMEs, SOHOs and
individual telecommuters.
Traditional security solutions are also expensive to maintain because they
must be updated continually to maximize effectiveness. These security solutions
tend to be static, while the dangers against which they must protect are
dynamic, with new types of intrusion schemes and other security threats and
vulnerabilities emerging constantly. The Computer Emergency Response Team, a
federally funded research and development center, handled 8,268 security
incidents in 1999, an average of nearly one per hour and more than double the
3,734 security incidents handled in 1998. Even if updates are available to
allow an enterprise's security systems to respond to the changing security
landscape, the enterprise needs dedicated security experts to proactively
identify, obtain and manually implement these updates quickly and correctly.
5
The Internet security gap
The expense and complexity of traditional security solutions incorporating a
firewall puts protection out of the reach of millions of enterprises that do
not have the resources to adopt these solutions, contributing to a security
gap. Comprising 98% of U.S. businesses, SMEs exemplify this gap. Despite the
obvious and compelling reasons for Internet security, most SMEs on the Internet
do not even have a firewall.
IDC estimated that approximately 3.5 million SMEs in the United States would
be connected to the Internet by the end of 1999. IDC projected, however, that
from 1995, when IDC reports that firewalls first became widely available, until
the end of 1999, less than 450,000 firewalls would be shipped, leaving more
than 3 million SMEs without a firewall. This security gap is increasing, with
IDC projecting that in the United States more than 1.1 million new SMEs will
connect to the Internet in the year 2000, but less than 260,000 firewalls will
be shipped during the same period. We believe that the security gap for SMEs
results from the cost and complexity of traditional comprehensive solutions,
combined with the ineffectiveness of lower-end firewall solutions, which lead
many SMEs to choose not to adopt any Internet security solution. Moreover, many
enterprises that have installed security systems continue to experience
significant security breaches because their systems are either configured
improperly or are not timely or properly updated in response to the latest
security threats. SOHOs and telecommuters that adopt "always-on" broadband
Internet connections, particularly those accessing the corporate resources of a
larger enterprise, face a similar security threat but may have more limited
resources to dedicate to an Internet security solution.
Enterprises require an easy-to-use, highly effective, fully integrated
Internet security solution with low installation and maintenance costs that can
be installed quickly and kept up to date easily. In addition, many enterprises
would rather outsource the management of any Internet security system to
vendors such as ISPs. ISPs, however, face challenges in economically delivering
affordable security services that can be rapidly deployed to thousands of
customer sites and easily managed from a central location.
The WatchGuard Solution
WatchGuard's LiveSecurity products and services offer a fundamentally new
approach to Internet security. We provide enterprises with a comprehensive,
easy-to-use and cost-effective Internet security solution that we keep up to
date through our innovative Internet-based broadcast service. Our solution has
the following key benefits:
Comprehensive, fully integrated For SMEs and larger enterprises, we offer a
security tailored to the needs of comprehensive security solution integrated
the user into a single package that includes (1) a
firewall, (2) virtual private networking for
secure, encrypted communication between
remote offices, mobile employees and trading
partners, (3) authentication functions that
identify network users and define user-group
security policies, (4) web surfing control
and (5) our LiveSecurity broadcast service.
Our recently announced solution for SOHOs
and telecommuters will offer a more
affordable, comprehensive and integrated
security solution that includes (1) a
firewall, (2) virtual private networking,
(3) IP sharing and (4) our LiveSecurity
broadcast service.
Dynamic protection Our subscription-based Internet broadcast
service is designed to keep our security
solutions up to date with (1) security
threat responses that specifically address
newly discovered security vulnerabilities or
hacker techniques, (2) software updates, (3)
information alerts concerning current news
in Internet security, (4) expert editorials
containing Internet security-related feature
articles, (5) support flashes with answers
to commonly asked questions about our
products and services
6
and (6) virus alerts containing information about
the latest virus threats and access to Trend Micro's
virus protection products. Our SOHO and telecommuter
solutions will initially include only access to
security threat responses and software updates. We
expect to offer the remaining LiveSecurity broadcast
service channels as an option for SOHOs and
telecommuters in the second quarter of 2000.
Easy installation and use We offer (1) a security appliance with plug-in
installation, (2) management and security software
with an automated installation guide and (3) point-
and-click centralized management. These features
make it easy for the non-security professional to
install, configure and monitor our security system
and to receive and implement our LiveSecurity
broadcasts.
Viable ISP outsourcing Through its centralized configuration and management
capabilities, LiveSecurity for MSS enables ISPs to
provide outsourced Internet security services to
thousands of customers quickly, easily and at a
price enterprises can afford.
Affordability We minimize the overall ownership cost of our
security solution with easy deployment and
management that reduces the requirements for
information technology personnel. Our broadcast
updating enables users of LiveSecurity to address
their security needs by leveraging our team of
security experts.
Strategy
Our objective is to be the leading provider of Internet security systems and
services to enterprises worldwide. Our strategy to achieve this goal is based
on the following key elements:
Extend our SME market leadership position in comprehensive security into the
large-enterprise and SOHO/telecommuter markets.
We intend to maintain our leadership position in comprehensive security for
SMEs by expanding and enhancing our Internet security product and service
offerings. In September 1999, we introduced our security solution for larger
enterprises and, in January 2000, we announced the introduction of our new
security solutions for SOHOs and telecommuters, which we expect to begin
shipping in the first quarter of 2000. We expect to deliver new versions of our
major products, including products designed for the emerging broadband Internet
connectivity market, approximately two to three times per year. We were the
first, and remain the leader, in developing updatable security appliances that
execute software sent from a remote management system. Our architecture allows
enterprises to quickly and easily deploy new products and services from the
central management system, which utilizes a familiar Windows- or web-based
interface. Our distributed architecture also facilitates the scalability
necessary for ISPs to provide our products and services to their customers at a
price enterprises can afford. We intend to continue to enhance our technology
and architecture, hire additional network and Internet security experts and
continue to invest in product development and product and service enhancements.
Expand our strategic relationships with leading Internet service providers.
To capitalize on the desire of many enterprises to outsource their Internet
security management, we have established relationships with industry-leading
ISPs, including AlphaNet, FASTNET, GTE, Interpath, ISS, PSINet and Verio in the
United States, MIS and sunrise in Europe and AT&T Asia/Pacific Group Ltd., IIJ
and Nextcom in the Asia/Pacific region. We intend to continue to establish
similar relationships with ISPs and expect that these relationships will
facilitate the widespread adoption of our LiveSecurity solution by enabling us
to capitalize on the brand recognition and customer bases of the ISPs. In
addition, these strategic
7
relationships should enhance WatchGuard brand awareness and provide a powerful
endorsement of our security technology and services. For example, GTE and
PSINet use LiveSecurity for MSS to provide managed security services to their
customer bases, and their marketing of these services prominently features the
WatchGuard brand.
Expand and enhance our innovative LiveSecurity broadcast service.
We have created an innovative LiveSecurity solution that broadcasts threat
responses, software updates, information alerts, expert editorials and support
flashes over the Internet directly to our subscribers and ISP partners. We plan
to expand and enhance our LiveSecurity broadcast content, and therefore the
value of our subscription service, through additional investment in three
areas:
. continued expansion of our rapid response team of internal security
experts;
. expansion of our LiveSecurity advisory council of industry experts,
including the addition of two outside experts by the end of 2000; and
. continued development of one to four third-party industry relationships
that will allow us to broadcast third-party software and content to our
subscribers.
As we expand and enhance our broadcast content, we plan to ensure that it
remains easy to implement and use by enterprises and ISPs.
Continue to expand WatchGuard brand awareness.
We believe that we have an opportunity to make the WatchGuard brand
synonymous with Internet security worldwide. We intend to increase our
telemarketing and direct mail programs to companies that fit our target
subscriber profile. We also plan to develop our web site as a security portal
for enterprises with the goal of establishing www.watchguard.com as the first
location enterprises will visit with questions about Internet security. Our web
site currently features links to the web sites of PSINet and GTE. We plan to
add additional links in 2000 and to further integrate our web sites with the
web sites of our ISP partners. In addition, we intend to continue to invest in
marketing programs jointly executed with our distribution partners around the
world. These programs include WatchGuard web site content and links placed on
many of our reseller sites, regionally targeted public relations activities and
events worldwide, and use of the WatchGuard brand name when ISP partners market
their managed security services.
Continue to expand worldwide sales and distribution.
We intend to continue to expand our international distribution capabilities
to allow any enterprise with an Internet connection to purchase the WatchGuard
LiveSecurity solution, no matter where the enterprise is located. Our goal is
to make our security solutions the easiest to purchase and deploy, whether by
the enterprise or by the ISP. We plan to expand our base of resellers,
distributors and ISP partners and make our solution available for purchase
through our resellers' web sites. We will continue to invest in web-based
training programs that educate our worldwide resellers and subscribers about
our product and service features and benefits and that assist our customers in
deploying our products and services.
We have not determined a schedule for the continuing expansion of our
international distribution capabilities or for implementing other components of
our strategy. The timing for executing these strategies will depend on market
conditions, the availability of strategic opportunities and the availability of
management resources.
Products and Services
Our comprehensive LiveSecurity solutions include an integrated suite of
security and management software, an Internet security appliance and a dynamic
broadcast service to keep security defenses current.
8
Enterprises may use our LiveSecurity System to internally manage their Internet
security or elect to outsource security management to an ISP implementing our
LiveSecurity for MSS.
The LiveSecurity System for enterprise-managed security.
We designed our LiveSecurity System for use by enterprises that want to
manage their own Internet security. With the LiveSecurity System, an enterprise
can quickly and affordably deploy comprehensive security protection to all
sites on its network, while retaining centralized control and administration.
Our LiveSecurity broadcast service enables enterprises to augment their
information technology staff with our security experts, which we believe
substantially reduces personnel costs. Every new LiveSecurity System includes a
one-year subscription to our broadcast service.
SMEs and larger enterprises
For SMEs and larger enterprises, the LiveSecurity System has three key
components: our security management system software with security and
management features, our security appliance and a subscription to our Internet-
based broadcast service.
Security features. The LiveSecurity System for SMEs and larger enterprises
contains the following security features:
. Firewall. Our firewall controls incoming and outgoing traffic between
the Internet and an enterprise's systems and data. The firewall
incorporates access control and detection and blocking features.
. Authentication. Our authentication features identify network users and
define user and user-group security policies.
. Virtual private networking. Our software enables enterprises to create
virtual private networks by using encryption technology to allow data to
flow securely across the Internet between two predetermined points. Our
remote user VPN secures communications with telecommuters and traveling
employees, while our branch office VPN secures communications with
branch offices and trading partners. Our virtual private networking
solutions implement industry standard protocols.
. Web surfing control. Our web-blocking feature enables enterprises to
restrict site access privileges by user, group, time of day, site type
or particular site.
Management features. Our Windows-based software manages and monitors an
enterprise's Internet security with an intuitive, point-and-click user
interface.
. Integrated suite of system management tools. Our security management
system packages, configures and deploys security software, security
policies and the operating system to an enterprise's security
appliances. Featuring logging and notification functions and real-time
monitoring and historical reporting of network, service and bandwidth
usage, our management tools allow management of multiple security
appliances from a single location.
. Automated installation guide. Our automated installation guide enables
enterprises to install our system and define user and user-group
security policies in as quickly as 30 minutes.
Security appliance. Our security appliances for SMEs and larger enterprises,
the WatchGuard Firebox II, Firebox II Plus and Firebox II Plus with FastVPN,
are standalone Internet security appliances that run the security functions of
the LiveSecurity System. The security capabilities of these security appliances
come entirely from the operating system, security software and security
policies directed to them from the remote management software. They simply plug
in and reside between an enterprise's Internet router and its internal network
of servers and workstations. These Fireboxes have three independent, separately
monitored connections: one to the enterprise's network, one to the Internet and
one to the enterprise's public network for
9
hosting web and email servers. The LiveSecurity System encrypts communications
between the security appliance and the management software on the in-house
manager's desktop.
Broadcast service. We keep our security solution current and our customers
informed through a subscription-based broadcast service that securely transmits
new security content over the Internet directly to the in-house manager's
desktop computer. Our broadcasts include
. Threat responses. When our rapid response team discovers and neutralizes
a security vulnerability or new hacker technique, we broadcast software
that specifically addresses that security threat.
. Software updates. We broadcast software updates that enhance the
function of the LiveSecurity System as a whole.
. Information alerts. We notify our customers of breaking Internet
security news and upcoming enhancements.
. Expert editorials. Our team of industry-leading security advisors offer
their views and provide continuing education on the rapidly changing
field of Internet security.
. Support flashes. Interactive technical tutorials provide our customers
with answers to frequently asked questions about managing the
LiveSecurity System and information about new software updates.
. Virus alerts. Trend Micro provides information on the latest virus
threats and offers access to its virus protection products.
SOHOs and telecommuters
Our recently announced LiveSecurity System for SOHOs and telecommuters has
three key components: security and management software, our security appliance
and a subscription to our Internet-based broadcast service.
Security features. The LiveSecurity System for SOHOs and telecommuters
contains the following security features:
. Firewall. Our firewall controls incoming and outgoing traffic between
the Internet and a SOHO's or telecommuter's systems and data. The
firewall incorporates access control, detection and blocking features
and IP sharing.
. Virtual private networking. Our software enables SOHOs and telecommuters
to create virtual private networks by using encryption technology to
allow data to flow securely across the Internet between two
predetermined points.
Management features. Our web-based security management software manages and
monitors the SOHO's or telecommuter's Internet security with an intuitive,
point-and-click user interface.
. Integrated suite of system management tools. Our web-based security
management system packages, configures and deploys security software,
security policies and the operating system to a SOHO's or telecommuter's
security appliance.
. Automated installation guide. Our automated installation guide enables a
SOHO or telecommuter to install our system and define a security policy
in as quickly as 15 minutes.
Security appliance. Our security appliances for SOHOs and telecommuters, the
WatchGuard Firebox SOHO and Firebox Telecommuter, are standalone Internet
security appliances that run the security functions of the LiveSecurity System.
The security capabilities of these security appliances come entirely from the
operating system, security software and security policies directed to them from
the remote management software. They
10
simply plug in and reside between the SOHO's or telecommuter's Internet router
and cable or digital service line modem and its internal network of servers and
workstations. These Fireboxes have two independent, separately monitored
connections: one to the SOHO's or telecommuter's network and one to the
Internet.
Broadcast service. We will keep our SOHO and telecommuter security solutions
current and our customers informed through a subscription-based broadcast
service that initially will transmit over the Internet to the SOHO manager's or
telecommuter's desktop computer the threat response and software update
channels of our LiveSecurity broadcast service for SMEs and larger enterprises.
We expect to offer the remaining channels of our LiveSecurity broadcast service
as an option for SOHOs and telecommuters in the second quarter of this year.
LiveSecurity for MSS for Internet service providers
To serve the needs of SMEs and larger enterprises that want to outsource
their Internet security and the needs of ISPs that want to provide this
service, we have created LiveSecurity for MSS. We expect to introduce a
LiveSecurity for MSS solution for SOHOs and telecommuters in the second quarter
of 2000. LiveSecurity for MSS allows an ISP to centrally configure, monitor and
update the Internet security of thousands of managed customers. The ISP can
economically deliver a full range of security services while their subscribing
customers enjoy the benefit of our up-to-date protection at an affordable
price.
LiveSecurity for MSS has three main components: our network operations center
security suite software with security and management features, our security
appliances and our LiveSecurity broadcast service. In addition, we offer
optional monitoring software for the ISP's customers.
Security features. LiveSecurity for MSS includes the same comprehensive set
of security features offered with our LiveSecurity System for SMEs and larger
enterprises.
Management features. Centrally located at the ISP's network operations
center, our global policy manager software provides security intelligence and
configuration for all customer sites under management. Our software allows the
ISP to create and store various security policy configurations for different
customer groups or service plans. Our scalable WatchGuard event processor
software provides monitoring and reporting for customer sites.
Security appliances. One or more of our security appliances resides on the
ISP customer's premises. The appliances receive and implement the operating
system, security software and security policies that the ISP sends.
Broadcast service. Through our LiveSecurity broadcast service, the ISP's
network operations center receives threat responses, system updates,
information alerts, expert editorials and support flashes. The ISP then updates
the security policy of its customers and transmits these policy updates over
its network to those customers.
Monitoring software for the ISP's customers. The optional Firebox monitor
software allows the ISP's customer to view its network activity on-site while
otherwise leaving the management of its Internet security to the ISP.
Receiving the benefits of our security solution through an ISP gives an
enterprise a number of added advantages. ISPs
. monitor and manage customers' security 24 hours a day, 7 days a week;
. define and implement professional, customized Internet security
policies;
. automatically install software updates and threat responses;
11
. regularly review customers' security and provide detailed reporting and
analysis; and
. mitigate the up-front cost of security system purchase and setup.
Implementation
The WatchGuard LiveSecurity System. Once an enterprise registers on one of
our LiveSecurity web sites, its registration information is automatically
transferred to our LiveSecurity database. Upon verification, the enterprise can
download and install or access our security management system software and
begin receiving our LiveSecurity broadcasts. The security management system
software configures the LiveSecurity System, implements security protection and
manages the installed security features with a point-and-click user interface.
Our LiveSecurity broadcasts go directly to the desktop of the person
responsible for Internet security, who follows our easy installation
instructions to send the updated security software, security policy or
operating system to all of the enterprise's security appliances for automatic
implementation. We send our LiveSecurity broadcasts using technologies such as
digital certificates and public key encryption or emails containing links to
the secured broadcast server.
LiveSecurity for MSS. Our scalable network operations center, or NOC,
security suite software enables an ISP to economically and efficiently
configure, monitor and update the Internet security of thousands of managed
customers from its network operations center. The ISP uses our global policy
manager's security policy templates to streamline initialization and
configuration of security policies to match the ISP's specific service
offerings and customer needs. The global policy manager then sends the desired
operating system, security software or policy configuration to subscribing
customers' security appliances. The security appliances implement the new
security policies and forward activity logs to WatchGuard event processor
software, which monitors network activity and reports back to the global policy
manager. Communications between the network operations center, the event
processors and the security appliances are encrypted, and we have implemented
automatic failover features to protect valuable log information against being
lost due to hardware or network failure. ISP personnel at the network
operations center use our suite of real-time monitoring tools to track each
security appliance on the ISP's network and transmit LiveSecurity broadcast
content to all ISP subscribers. In addition, the ISP can offer its customers
Firebox monitor software, a Windows-based monitoring tool that allows
subscribers to view their network activity and defenses in real time while
leaving management of the system to the ISP.
Customer service. We make customer service a priority. Our staff of support
representatives serves our end-users and ISP partners by phone and email from
6:00 a.m. to 5:00 p.m. Pacific standard time, Monday through Friday, excluding
national holidays. As of December 31, 1999, we had 21 customer support
representatives. We also offer 24-hour-a-day, 7-day-a-week web support tools.
Our computerized customer center manages all support requests and allows
customers to check resolution status on-line. We provide on-line answers to
frequently asked questions about our products, descriptions of how to configure
WatchGuard products to work with other products and other technical
information.
The WatchGuard team of experts
Rapid response team. Our rapid response team identifies, analyzes and
generates responses to new Internet security threats. To identify new threats,
the team continually monitors a wide variety of Internet sources related to
network security, including news groups, vendor web sites and hacker bulletin
boards. When the rapid response team identifies a new security threat, we send
an advisory to our LiveSecurity subscribers while software or configuration
changes to neutralize the threat are developed and tested. We then broadcast
the software updates or configuration recommendations to our subscribers. The
team sends other information of interest as information alerts, which include
cautionary notices, general usage guidelines and other important announcements.
LiveSecurity advisory council. Our LiveSecurity advisory council provides
continuing education and editorials on the rapidly changing subject of Internet
security. The council also oversees and contributes to the
12
efforts of our rapid response team. We intend to expand the council as
opportunities arise. Currently, the council is composed of Messrs. Frederick
Avolio and Rik Farrow.
Frederick Avolio. Mr. Avolio has been involved in Internet computing and
communication since the early 1980s and has worked with Internet security
systems for over 10 years. He assisted in the creation of the first commercial
Internet firewall offering and helped create the commercial security products
division of Trusted Information Systems. His areas of expertise include
firewalls, intrusion detection, cryptography, security management and email
systems. Mr. Avolio is the co-author, with Paul Vixie, of Sendmail Theory and
Practice, published by Digital Press. He holds a B.S. in computer science from
the University of Dayton and an M.S. in computer science from Indiana
University.
Rik Farrow. Mr. Farrow provides UNIX and Internet security consulting and
training. He has been working with UNIX system security since 1984 and with
TCP/IP networks since 1988. He has taught in a number of countries and for a
variety of organizations. He also consults with firms in designing and
implementing security applications. Mr. Farrow is the author of UNIX System
Security, published by Addison-Wesley, and is the co-author, with Rebecca
Thomas, of UNIX Administrator's Guide to System V, published by Prentice Hall.
He writes a column for ;login:, the magazine of the USENIX Association, and a
network security column for Network magazine.
Licensing and pricing
For an SME, larger enterprise, SOHO or telecommuter purchasing our
LiveSecurity System, we include in the system price a perpetual license for the
security and management software. Each end-user also receives a renewable one-
year subscription to our LiveSecurity broadcast service, through which it
receives threat responses, software updates, information alerts, expert
editorials and support flashes.
For LiveSecurity for MSS, an ISP buys a license to use our NOC security suite
management and security software and makes an annual license payment for each
customer security appliance it manages. The licenses, the cost of which varies
depending on the ISP's volume commitment, allow the ISP to manage its
subscribers' security appliances from its network operations center. Each
annual license includes a subscription to our LiveSecurity broadcast service.
13
The following table lists our current end-user product prices. We offer
reseller discounts, educational discounts and occasional promotional pricing.
Product Components List Price
LiveSecurity System for SMEs $ 4,990
Security management system software
Firebox II security appliance
12-month LiveSecurity subscription
--------------------------------------------------------------
Live Security System for larger enterprises $ 9,990
Security management system software (Firebox II Plus)
Firebox II Plus security appliance
Firebox II with VPN accelerator security $ 12,990
appliance (Firebox II with FastVPN)
12-month LiveSecurity subscription
--------------------------------------------------------------
LiveSecurity System Live Security System for SOHOs $ 449
Web-based management and security software
Firebox SOHO security appliance (10 users)
Firebox Telecommuter security appliance
12-month LiveSecurity subscription
--------------------------------------------------------------
Firebox SOHO user-capability upgrades
25 users $ 198
50 users $ 449
Firebox SOHO VPN $ 449
--------------------------------------------------------------
LiveSecurity System for telecommuters $ 649
Web-based management and security software
Firebox
Telecommuter security appliance
12-month LiveSecurity subscription
--------------------------------------------------------------
LiveSecurity subscription renewal
Firebox II $ 995
Firebox II Plus $ 1,495
SOHO $ 95
Telecommuter $ 65
- - --------------------------------------------------------------------------------
LiveSecurity for MSS platform pack $ 64,475
NOC security suite
Firebox II for MSS: 5 appliances
MSS client licenses: 5 licenses
MSS technical certification class: 1 attendee
LiveSecurity broadcast service
--------------------------------------------------------------
NOC security suite software $ 50,000
--------------------------------------------------------------
Firebox II for MSS security appliance $ 1,300
--------------------------------------------------------------
Firebox II Plus for MSS security appliance $ 2,900
--------------------------------------------------------------
LiveSecurity for MSS Firebox II Plus for MSS with VPN accelerator $ 4,400
security appliance
--------------------------------------------------------------
MSS technical certification class $ 2,500
--------------------------------------------------------------
Firebox monitor software $ 195
--------------------------------------------------------------
MSS annual client license
Block of 25: $1,695 per license $ 42,375
Block of 50: $1,495 per license 74,750
Block of 100: $1,395 per license 139,500
Block of 250: $1,295 per license 323,750
Block of 500: $1,095 per license 547,500
Block of 1,000: $945 per license 945,000
14
Sales, Marketing and Distribution
We employ a global marketing strategy. Because the need for Internet security
crosses geographic and economic boundaries, our business opportunity extends
worldwide to all business segments. Since our inception, we have invested
heavily in worldwide sales and marketing. We currently sell our products and
services in 54 countries. International sales generated over 35% of our
revenues in 1998 and 50% of our revenues in 1999.
We sell our LiveSecurity System through distributors and value-added
resellers. We may also sell some Firebox SOHO and Firebox Telecommuter products
through retail channels. We sell our LiveSecurity for MSS products and services
directly to ISPs, which resell our products and services to end-users. Over 310
companies resell our products and services, including
. distributors, such as Eltrax Systems, Inc., Fujitsu Business Systems,
Ltd., Ingram Micro, Otsuka Shokai Co., Ltd., Tech Data and Wick Hill
Group, Plc;
. value-added resellers, such as CDW Computer Centers, Inc., Integrated
Network Technologies, Kent DataComm, Network Computing Architects, Inc.
and Solunet; and
. ISPs, such as AlphaNet, AT&T Asia/Pacific Group Ltd., FASTNET, GTE, IIJ,
Interpath, ISS, MIS, Nextcom, PSINet, sunrise and Verio.
Our agreements with our resellers are nonexclusive and provide for discounts
based on the reseller's minimum purchase commitment or the volume that the
reseller purchases or resells.
We divide our sales organization regionally among North America, Latin
America, Europe and Asia/Pacific, and also between the enterprise and managed
security market segments. In North America, we have sales personnel located in
California, Colorado, Connecticut, Georgia, Illinois, Massachusetts, New
Jersey, Texas and Washington. Internationally, we have sales personnel located
in Argentina, Australia, Germany, Japan, the Netherlands, Sweden and the United
Kingdom. Assisting our reseller network within a specific region is a central
responsibility of our regional sales representatives. Regional sales
representatives manage our relationships with our network of distributors,
resellers and ISPs, help our reseller network sell and support key customer
accounts, and act as liaison between our reseller network and our marketing and
product development organizations. We expect to continue to expand our field
sales organization in support of both the managed security and enterprise
market segments.
We conduct a number of marketing programs to support the sale and
distribution of our products. These programs inform existing and potential
resellers, distributors, ISPs and end-user customers about the capabilities and
benefits of our products. Marketing activities include advertising, publishing
technical and educational articles in industry journals, participating in
industry tradeshows and product technology conferences, sales training and
marketing on our web site. As of December 31, 1999, we had 50 employees in our
sales and marketing organization.
As an additional sales tool, we offer end-users, resellers and distributors
free interactive training on our LiveSecurity System solutions through our web
site. Our interactive training system guides customers through the
installation, setup and management of the LiveSecurity System and provides new
product information.
Our domestic and international sales tend to be lower in the summer months,
when businesses often defer purchasing decisions. Also, as a result of customer
buying patterns and the efforts of our sales force to meet or exceed quarterly
and year-end quotas, historically we have earned a substantial portion of a
quarter's revenues during its last month.
15
WatchGuard LiveSecurity alliance
In September 1998, we launched a LiveSecurity alliance, a technology and
marketing program designed to support the LiveSecurity concept and WatchGuard
products and services. The purpose of the alliance program is to enhance the
interoperability of our LiveSecurity products and services with alliance
partner products and services and to engage in cooperative marketing. Vendors
in the alliance include BackWeb Technologies, Clarent Corporation, CRYPTOCard,
FASTNET, Funk Software, IIJ, Interpath, ISS Group, Inc., Netrex, PSINet,
Rainbow Technologies, RSA Data Security, Inc., The Learning Company, Trend
Micro, WebTrends Corporation, Verio and Virtual Media.
Customers
As of December 31, 1999, we had shipped over 12,000 of our security
appliances to our reseller network, which resold our products and services to
end-users spanning a wide variety of countries and industries. The following is
a representative list of our ISP and end-user customers:
Internet Service Media Retail
Providers KSTW-UPN 11 Television Norm Thompson
AlphaNet Solutions, Inc. Reader's Digest Outfitters, Inc.
AT&T Asia/Pacific Group Australia Rebel Sport Limited
Ltd.
The Everett Herald Manufacturing
GTE Internetworking, University of Toronto
Inc. Press
Bolle Inc.
Technology Durkan Patterned Carpet,
Internet Initiative AlphaBlox Corporation Inc.
Japan, IIJ Inc. Ferguson
Internet Security Bentley Systems, Metals/Aerospace
Systems, Inc. Incorporated Alloys Inc.
Interpath e-DOCS.net Graham Steel Corporation
Communications, Inc. JDA Software Group, Inc. J.E. Dunn Construction
MIS Corporate Defense Pentax Technologies Company
Solutions Corporation The Mitchell Gold
Company
Nextcom KK Sheridan Software
Systems, Inc.
Government
PSINet Inc. Education City of Bellingham, WA
sunrise communications Boston Architectural City of Dandenong,
AG Center Australia
Verio, Inc. Canon City Schools City of Garden Grove, CA
You Tools Corporation/ Huntsville Intermediate Lenoir County, NC
FASTNET School District
Mornington Peninsula
Services Summit Board of Shire
Boullioun Aviation Education Council, Australia
Services Woodridge School
District #68
North Carolina State
Bull Housser & Tupper Financial Services Ports
Camp, Inc. Atlantic Mortgage & Pierce County, WA
Catholic Charities Investment Corp. Library Service
Digital Magic Hudson Valley Federal Entertainment
hawthorne direct inc. Credit Union Argosy Gaming Company
Javelin Technology
KDP Investment Advisors Black Hawk Gaming &
Medical McMahan Securities Co., Development Company
Bendigo Health Care LP Crave Entertainment,
Group Seritis Services Group, Inc.
CoreCare Systems, Inc. LLC Everton Football Club
Health Technologies Pty Sunflower Bank Utilities and
Ltd Telecommunications
NeoTherapeutics, Inc. Globecomm Systems, Inc.
PATH MACtel
Southeast Alabama
Medical Center
Unimed Pharmaceuticals,
Inc.
16
Case Studies
The following are profiles of two WatchGuard customers that have successfully
implemented our products and services:
GTE Internetworking, Inc. -- An ISP providing managed Internet security
services
GTE Internetworking, Inc., part of one of the largest publicly held
telecommunications companies in the world, has been providing managed Internet
access and related services worldwide for more than 20 years. In April 1999,
GTE introduced a new LiveSecurity for MSS-based security service, GTE Security
Advantage(TM), which enables GTE to offer a cost-effective managed Internet
security service to SMEs and branch offices of large corporations.
GTE has integrated LiveSecurity for MSS into its sophisticated $6 million,
5,000-square-foot network operations center in Burlington, Massachusetts, and
offers GTE Security Advantage to both current and new customers. In the past,
GTE focused its managed security services on Fortune 500 corporations. By
partnering with WatchGuard, however, GTE can expand its range of services by
offering SMEs the same level of security it could only offer in the past to
large enterprises, due to the cost and complexity of its previous service
offerings.
GTE is a member of our preferred service provider program, which enables GTE
and WatchGuard to combine our marketing expertise and resources in joint
marketing activities that promote GTE Security Advantage through various media.
GTE will also promote the GTE Security Advantage service through its network of
independent local exchange carriers, which deliver telephone service and
Internet connectivity to SMEs.
Bentley Systems, Incorporated -- An enterprise using the WatchGuard
LiveSecurity System
Bentley Systems, Incorporated is a worldwide leader in quality engineering
software products and user services, serving over 300,000 professionals in
building engineering, geoengineering and mechanical engineering. Its
MicroStation(TM) and ModelServer products, used by over 70% of the largest
engineering firms in the United States, are used to design buildings, airports,
hospitals, facilities, highways, bridges and industrial plants throughout the
world.
Bentley uses the WatchGuard LiveSecurity System, deploying 11 WatchGuard
Fireboxes. The company has implemented WatchGuard's branch office VPN software
to secure communications between its headquarters in Exton, Pennsylvania and
its branch offices in Huntsville, Alabama and Littleton, Massachusetts, and
uses WatchGuard's remote user VPN software to encrypt communications between
its offices and approximately 55 traveling salespeople. Now that Bentley has
established interconnectivity between offices with its network of WatchGuard
security appliances, it is in the process of moving from a private-frame wide
area network to a virtual private network of Internet sites, which will reduce
its remote access costs by over 60%.
Technology and Architecture
Our LiveSecurity solution utilizes an innovative distributed architecture
through which a basic processor in a security appliance receives and executes
software directed to it from a remote management system. Because the security
intelligence resides in the software and not in the hardware, we can keep our
customers' Internet security up to date with periodic broadcasts of new
security software and operating system configurations. Our LiveSecurity
solutions come in two forms: solutions for SMEs and larger enterprises and
solutions for SOHOs and telecommuters.
LiveSecurity for SMEs and larger enterprises
Our LiveSecurity solution for SMEs and larger enterprises encrypts and
authenticates communications between WatchGuard, the management system software
and the security appliance. This allows the
17
management system and the appliance to be separated within an enterprise's
local or wide area network or between an ISP and its subscriber. Typically, to
install software on a computer using a general-purpose operating system such as
Windows, a person must be physically present at the computer. Our distributed
architecture, however, allows our customers to remotely install our software on
the security appliances and receive updated software broadcasts over the
Internet.
Security appliance. Our security appliance uses a standard Intel Pentium
processor, which is dedicated solely to running security functions. The
security appliance has no other function and no hard drive memory storage.
Operating system software. Our security appliance's operating system is a
custom-configured Linux kernel. Using Linux under an open source license, we
have been able to review the source code and generate a flexible, robust and
secure operating system. We use specially designed application programming
interfaces to facilitate secure loading of new operating system and security
software that our management software sends to the appliance.
Security features. The LiveSecurity solution implements our security features
in a number of software modules. Each module provides the specific function
that the management system defines in security rules and transmits to the
appliance. For example, the firewall features that control network traffic are
based around an extensible set of network service protocols, such as HTTP and
SMTP. The appliance applies the security policies defined by the management
system to all incoming or outgoing traffic. Those network services that require
special security, such as mail and file transfers, are directed to specific
modules. Additional modules implement other security features, such as
authentication and web surfing control, which also are defined in the security
policies that the management system transmits to the appliance. If web surfing
control is activated, for example, the web surfing control software module will
automatically check the details of all outgoing web traffic to make sure it
complies with the defined policies.
We use an open architectural structure to allow integration with common
standards for network security. For example, our virtual private networking
component currently supports IPSec and PPTP standards, and our authentication
module supports a variety of standard authentication methods. We intend to
adopt additional standards as they mature in the market.
Management features. Because enterprise and ISP environments are very
different, we designed a separate management system for each. Our LiveSecurity
System management software allows for quick installation and management by a
typical in-house manager using a standard Windows-based system. We designed the
LiveSecurity for MSS management software, on the other hand, for a trained
operator using a dedicated management console to configure and manage the
security of a large subscriber base. Both management systems have the ability
to remotely deploy new security software to the appliances or update their
security engines from the management console. Our ISP customers can choose to
separately and remotely deploy certain security features, such as virtual
private networking and web blocking. This gives ISPs the ability to
incrementally add for-fee services to their basic service offering, without the
expense of sending personnel to their customers' sites.
To enable ISPs to configure, monitor and manage the Internet security of
thousands of customers, LiveSecurity for MSS includes scalable logging and
monitoring software called WatchGuard event processors. The event processors
run on UNIX-based workstations and can be located in the network operations
center or distributed at the ISP's point of presence. Each event processor
manages the logging and notification features of up to 500 security appliances
through commands issued from the global policy manager at the network
operations center.
LiveSecurity broadcast. Our scalable LiveSecurity broadcast system is a
collection of secured servers that registers subscribers, facilitates
downloading our software to the desktop computers of registered subscribers and
broadcasts threat responses, software updates, information alerts, expert
editorials, support
18
flashes and virus alerts to subscribers. To facilitate a high level of security
and authenticity, we protect our servers with our own security system and
strongly encrypt data communication between servers. We also encrypt and
digitally sign broadcasts to ensure that subscribers receive only authentic
LiveSecurity broadcast content. We can replicate and distribute our
LiveSecurity servers throughout the world, which should enable us to meet
growth in demand for our LiveSecurity service. We have initially deployed one
primary server and two replicated servers to reach North America, Asia and
Europe.
LiveSecurity for SOHOs and telecommuters
Our LiveSecurity solutions for SOHOs and telecommuters are based on a common
hardware and software architecture.
Security Appliance. Our SOHO and telecommuter security appliances use an
industry-standard MIPS processor, which is dedicated solely to running the
security functions. The security appliances have no other function and no hard
drive memory storage. These solutions provide network address translation and
port address translation, which allows a network to use a single IP address and
allows an Internet service provider to conserve IP addresses while still
accommodating local networks.
Operating System Software. Our SOHO and telecommuter solutions utilize
WindRiver's industry-standard VxWorks Real Time operating system. These
appliances' architecture includes data encryption hardware that allows high-
speed IPSec performance.
Security Features. Our SOHO and telecommuter solutions use the same industry-
compatible IPSec protocols found in our solutions for SMEs and larger
enterprises. The firewall is based on stateful packet inspection technology,
which allows the user to access the Internet without exposing the network to
external attacks. Our telecommuter solution includes virtual private networking
to allow the home-based employee to connect to the office via an encrypted,
secure channel. While our SOHO base product does not include virtual private
networking, it may be ordered as an option or obtained as an upgrade.
Management Features. We have designed our SOHO and telecommuter solutions for
very simple installation and configuration, using a web-based interface. We
anticipate that all telecommuter sites and many SOHO sites will require end-
user installation without the availability of information technology
professional support, and we have designed these products accordingly. In
addition, our SOHO and telecommuter solutions management interfaces allow
customers to immediately download updates into the product with minimal user
intervention. This process is protected with advanced cryptography and is tied
to the serial number of the appliance for additional security. Customers may
also order new features, such as additional user capability or virtual private
networking, from our web site.
Our SOHO and telecommuter products allow local configuration. The security
appliances may be managed with an Internet browser, such as Netscape Navigator
or Internet Explorer. The systems may also be configured to allow management by
one of our security solutions for SMEs or larger enterprises or, in the near
future, by an ISP using our LiveSecurity for MSS.
Subscription Services. In addition to accessing our LiveSecurity broadcasts,
SOHOs and telecommuters will be able to subscribe to our URL tracking service.
This service allows those persons supervising the use of Internet access, such
as parents or system administrators, to track sites visited by user, time of
visit, location, frequency of visits or other parameters.
Research and Development
To maintain our product and service leadership position, we focus our
research and development efforts on enhancing our existing products, developing
new products based on our innovative distributed appliance architecture and
developing services that capitalize on our LiveSecurity broadcast
infrastructure. We utilize a modular design, which allows us to develop new
applications that plug into our existing product line. As a
19
result, our products can be deployed in stages, whether directly by an
enterprise or by an ISP if the enterprise has outsourced its security
management. As we develop new products, our LiveSecurity end-users and ISP
partners can incorporate the new products into their systems with minimal
system interruption.
As of December 31, 1999, we employed 75 people on our research and
development staff. Research and development expenses were $2.2 million in 1997,
$4.4 million in 1998 and $7.1 million in 1999. We conduct our product
development activities related to our security solutions for SMEs and larger
enterprises at our principal facility in Seattle, Washington. We conduct our
product development activities related to our security solutions for SOHOs and
telecommuters at our broadband Internet security division in Laguna Hills,
California and at our facility in Seattle.
Competition
We compete in a market that is new, intensely competitive, highly fragmented
and rapidly changing. We face competition in sales both of products and
services designed for enterprises and of those designed for ISPs. We have
experienced and will continue to experience increased competition from current
and emerging competitors, many of which have significantly greater financial,
technical, marketing and other resources.
In the market for Internet security solutions, we compete on the basis of
technological expertise and functionality, breadth of service and product
features, ease of installation and management, updatability, scalability, brand
recognition, price and customer support. Currently, the dominant competitors in
our industry are Cisco Systems, Inc., Check Point Software Technologies Ltd.
and Nokia Corporation. We expect the introduction of our SOHO and telecommuter
products to increase competition with SonicWALL Inc., a developer of security
appliances for SOHOs and home users. Other competitors offering security
products include hardware and software vendors such as Axent Technologies,
Inc., Lucent Technologies, Inc. and Network Associates, Inc., operating system
vendors such as Microsoft Corporation, Novell, Inc. and Sun Microsystems, Inc.
and a number of smaller companies.
Our competitors may be able to respond more quickly to new or emerging
technologies and changes in customer requirements than we can. In addition, our
current and future competitors may bundle their products with other software or
hardware, including operating systems and browsers, in a manner that may
discourage users from purchasing the products and services we offer. Many of
our current and potential competitors have greater name recognition, larger
customer bases to leverage and access to proprietary technology, and could
therefore gain market share to our detriment. In addition, our current and
potential competitors may establish cooperative relationships among themselves
or with third parties that may further enhance their resources, such as the
partnership between Check Point and Nokia. We expect additional competition as
other established and emerging companies enter the Internet security market and
new products and technologies are introduced.
While most of our competitors have generally targeted large-enterprise
security needs, using complex products that run on general purpose hosts such
as UNIX or Windows NT and require full training and support programs, these
vendors could adapt their existing products to make them more attractive to
SMEs. If our competitors were to focus their greater financial, technical and
marketing resources on the SME market, our business could be adversely
affected. While none of our competitors currently offer a technology similar to
our LiveSecurity solution architecture to address changing security threats,
they could develop such technology as part of any appliance offering. Increased
competition in any of our markets could result in price reductions, fewer
customer orders, reduced gross margins and loss of market share.
Proprietary Rights
To protect our proprietary rights, we rely primarily on
. copyright, trademark, service mark and trade secret laws;
. license agreements with third parties, including a standard software
license included with our products;
20
. confidentiality agreements with our employees and third parties;
. invention assignment agreements with our employees and contractors;
. protective contractual provisions in our agreements with some of our
consultants, resellers and customers; and
. limited access to our software, documentation and other proprietary
information.
WatchGuard(R) is a registered trademark in the United States, Norway, New
Zealand and Japan. Applications to register the WatchGuard trademark are
pending in other foreign jurisdictions. Firebox(TM) and LiveSecurity(TM) are
trademarks in use in the United States, and applications are pending in the
United States for registration of these trademarks. We have no patents, but we
have eight patents pending.
We currently license and use the following technologies in our products and
services:
. BSAFE encryption toolkit from RSA Data Security, Inc. This industry-
standard product provides us with encryption functions that we use in
our remote office VPN product. We pay a fee for this perpetual license,
which we may terminate for any reason with 90 days' notice.
. Cyber Patrol database from The Learning Company. This database provides
blocking of particular web addresses as part of our web-blocking module.
. Linux kernel. We use a customized version of the Linux operating system
for our security appliance platform. This license is a no-cost, open-
source license.
. BackWeb Technologies client software and server. We use this technology
to facilitate the distribution of our LiveSecurity content.
. Internet Security Systems Inc. Internet scanner. We sell an OEM version
of this software as an optional scanning module for our LiveSecurity for
MSS ISP customers.
. WebTrends Corporation Inc. WebTrends for Firewalls and VPNs. We sell an
OEM version of this software as an optional reporting module for our
LiveSecurity for MSS ISP customers.
. US Software TCP/IP stack. We use a customized version of this basic
TCP/IP stack in source code form in our SOHO and telecommuter products.
. WindRiver VxWorks Real Time operating system. We use this operating
system in our SOHO and telecommuter products.
U.S. Government Export Regulation Compliance
Our products are subject to federal regulations governing the export of
encryption commodities and software. To comply with these regulations, we have
developed two versions of our products: one for the U.S. and Canadian markets
and one for international markets. Recent federal legislation, however, has
relaxed export controls on encryption. U.S. law now allows the export of
encryption commodities and software of any strength to nongovernmental end-
users located in any country except those designated as embargoed or otherwise
restricted by the U.S. government, subject to streamlined reporting
requirements. To satisfy these encryption export reporting requirements, we use
data gathered from end-users during product registration. Encryption
commodities and software previously approved for export by the federal Bureau
of Export Administration, or BXA, under an export license or encryption
licensing arrangement are immediately eligible for export under the revised
regulations without further technical review by the BXA. These commodities and
software include our branch office and remote user VPN software and the VPN
accelerator in our Firebox II Plus with FastVPN security appliance. Our Firebox
Telecommuter and Firebox SOHO products, which also utilize this encryption in
branch office VPN software, are currently under review by the BXA for retail
export status. If we obtain retail export status, we would be eligible to
export these products to all nonembargoed and nonrestricted foreign end-users,
including government entities. We anticipate a favorable ruling by the BXA for
export of the telecommuter and SOHO products as retail encryption commodities.
21
Manufacturing
We currently outsource all hardware manufacturing and assembly for our
Firebox II product lines to two companies in California: Smart Modular
Technologies, Inc., our motherboard manufacturer, and Streamlined Electronics
Manufacturing, our final assembly house. The motherboard manufacturer designed
and manufactures the motherboard to our specifications. The manufacturer may
terminate the agreement for breach or insolvency of WatchGuard. For our Firebox
SOHO and Firebox Telecommuter product lines, we currently outsource all
hardware manufacturing and assembly to Productivity Enhancement Products, Inc.
in California. We then distribute the finished products worldwide from our
Seattle distribution center. All three manufacturers test our hardware to
confirm that all components function properly. All three manufacturers are
certified as meeting the International Organization for Standardization's
quality assurance standards: Smart Modular Technologies against ISO 9001 and
9002, Streamlined Electronics Manufacturing against ISO 9002 and Productivity
Enhancement Products against ISO 9001 and 9002.
Employees
As of December 31, 1999, we had 165 employees. Of these, 50 were employed in
sales and marketing, 19 in finance and administration, 21 in customer support
and 75 in development and operations. We are not parties to any collective
bargaining agreements with our employees and we have not experienced any work
stoppages. We believe we have good relations with our employees.
Factors Affecting Our Operating Results, Our Business and Our Stock Price
In addition to the other information contained in this annual report, you
should carefully read and consider the following risk factors. If any of these
risks actually occur, our business, financial condition or operating results
could be adversely affected and the trading price of our common stock could
decline.
We have incurred losses since inception and may never be profitable, which
could result in a decline in the value of our common stock.
We expect our operating losses and negative cash flows to continue. Although
our revenues have increased each year since we began operations, we do not
believe that the historical percentage growth rate of our revenues will be
sustainable as our revenue base increases. Moreover, we currently expect to
increase our operating expenses significantly in connection with
. expanding into new geographic markets;
. expanding into new product markets;
. continuing to develop our technology;
. hiring additional personnel;
. relocating or expanding our corporate facilities in the next six to
eight months;
. upgrading our information and internal control systems; and
. pursuing potential strategic acquisitions.
We may never generate profits, and if we do become profitable, we may be unable
to sustain or increase profitability on a quarterly or annual basis. As a
result, the trading price of our common stock could decline. We have incurred
net losses and experienced negative cash flows in each quarter since we began
doing business. As of December 31, 1999, we had an accumulated deficit of
approximately $29.9 million.
Our operating results fluctuate and could fall below expectations of securities
analysts and investors, resulting in a decrease in our stock price.
Our quarterly and yearly operating results have varied widely in the past and
will probably continue to fluctuate. For this reason, we believe that period-
to-period comparisons of our operating results are not
22
meaningful. In addition, our limited operating history makes predicting our
future performance difficult. As a result of these factors, our operating
results for a particular quarter or year may fall below the expectations of
securities analysts and investors, which could result in a decrease in our
stock price.
We base our spending levels for product development, sales and marketing and
other operating expenses largely on our expected future revenues. Because our
expenses are largely fixed for a particular quarter or year, we may be unable
to adjust our spending in time to compensate for any unexpected quarterly or
annual shortfall in revenues. A failure to so adjust our spending in time also
could cause operating results to fall below the expectations of securities
analysts and investors, resulting in a decrease in our stock price.
Seasonality and concentration of revenues at the end of the quarter could cause
our revenues to fall below the expectations of securities analysts and
investors, resulting in a decrease in our stock price.
Our domestic and international sales tend to be lower in the summer months,
when businesses often defer purchasing decisions. Also, as a result of customer
buying patterns and the efforts of our sales force to meet or exceed quarterly
and year-end quotas, historically we have earned a substantial portion of a
quarter's revenues during its last month. If expected revenues at the end of
any quarter are delayed, our revenues for that quarter could fall below the
expectations of securities analysts and investors, resulting in a decrease in
our stock price.
Because many potential customers are unaware of the need for Internet security
or may perceive it as costly and difficult to implement, our products and
services may not achieve market acceptance.
We believe that many potential customers, particularly SMEs, SOHOs and
telecommuters, are not fully aware of the need for Internet security products
and services. Historically, only enterprises having substantial resources have
developed or purchased Internet security solutions. Also, there is a perception
that Internet security is costly and difficult to implement. We will therefore
not succeed unless we can educate our market about the need for Internet
security and convince our potential customers of our ability to provide this
security in a cost-effective and administratively feasible manner. Although we
have spent, and will continue to spend, considerable resources educating
potential customers about the need for Internet security and the benefits of
our products and services, our efforts may be unsuccessful.
If potential customers do not accept our LiveSecurity products and services,
our business will not succeed.
We currently expect all future revenues to be generated through sales of our
LiveSecurity Internet security products and related services, particularly
subscription and license fees. Our success depends on market acceptance of our
LiveSecurity products and services and our ability and the ability of our ISP
partners to obtain and retain LiveSecurity customers. Our LiveSecurity products
and services, however, are relatively new and unproven. The broadcast portion
of our LiveSecurity products has been available only since February 1999 and
our LiveSecurity for MSS product has been available only since September 1998.
To receive our broadcasts, enterprises will be required to pay an annual
subscription fee, either to us or, if they obtain LiveSecurity through an ISP,
to the ISP. We are not aware of any other Internet security product that allows
enterprises to keep their security solution current by receiving broadcasts of
software updates and related information over the Internet. Enterprises may be
unwilling to pay a subscription fee to keep their Internet security up to date.
Because our broadcast service is relatively new, we cannot predict the rate at
which our customers will renew their annual subscriptions. In addition, most
businesses implementing security services have traditionally managed their own
Internet security rather than seeking the services of third-party service
providers. As a result, our products and services and the outsourcing of
Internet security to third parties may not achieve significant market
acceptance.
If our relationships with ISPs are unsuccessful, our ability to market and sell
our products and services will be limited.
We expect a significant percentage of our revenues to be derived from our
relationships with domestic and international ISPs that implement our
LiveSecurity for MSS solution. If these ISPs are unsuccessful in
23
marketing and implementing our LiveSecurity for MSS solution, our operating
results will be materially harmed. Because our relationships with ISPs are
relatively new, we cannot predict the degree to which the ISPs will succeed in
marketing and selling services based on our products and services. Many of the
ISPs with which we have established relationships have not had an opportunity
to fully develop and implement service offerings incorporating LiveSecurity. We
cannot predict how long our current or potential ISP partners will take to
complete this development and implementation. Until and unless this development
and implementation is achieved, our revenues from ISPs will be limited. If the
ISPs fail to provide adequate installation, deployment and support of our
products and services, end-users could decide not to subscribe, or cease
subscribing, for managed services that use our solution. The ISPs will offer
our products and services in combination with other products and services, some
of which may be competitive with our products and services.
If our third-party resellers and distributors fail to perform, our ability to
sell our products and services will be limited.
We sell most of our products and services through value-added resellers and
distributors, and we expect our success to continue to depend in large part on
their performance. Our resellers and distributors have the ability to sell
products and services that are competitive with ours, to devote more resources
to those competitive products or to cease selling our products and services
altogether. While no single reseller or distributor currently accounts for more
than 10% of our total revenues, the loss of or reduction in sales to several
value-added resellers or a distributor, particularly to competitive products
offered by other companies, could adversely affect our revenues.
Product returns or retroactive price adjustments could exceed our allowances,
which could adversely affect our operating results.
We provide some of our distributors and resellers with product return rights
for stock rotation. We also provide some of our distributors and resellers with
price protection rights for inventories of our products held by those
distributors or resellers if we lower our prices for those products. We may
experience significant returns and price adjustments for which we may not have
adequate allowances. The short life cycles of our products and the difficulty
of predicting future sales increase the risk that new product introductions or
price reductions by us or our competitors could result in significant product
returns or price adjustments. In September 1998, when we introduced the Firebox
II security appliance, we experienced an increase in returns of previous
products and product versions. Provisions for returns and allowances for the
years ended December 31, 1997, 1998 and 1999 were $0, $1,655,000 and
$1,083,000, or 0%, 13% and 5% of total revenues before returns and allowances.
If we are unable to compete successfully in the highly competitive market for
Internet security products and services, our business will fail.
The market for Internet security products is intensely competitive and we
expect competition to intensify in the future. An increase in competitive
pressures in our market or our failure to compete effectively may result in
pricing reductions, reduced gross margins and loss of market share. Currently,
the dominant competitors in our industry are Cisco Systems, Inc., Check Point
Software Technologies Ltd. and Nokia Corporation. We expect the introduction of
our SOHO and telecommuter products to increase competition with SonicWALL Inc.,
a developer of security appliances for SOHOs and home users. Other current and
potential competitors include hardware, software and operating system vendors
such as Axent Technologies, Inc., Lucent Technologies, Inc., Microsoft
Corporation, Network Associates, Inc., Novell, Inc., Sun Microsystems Inc. and
a number of smaller companies. Many of our competitors have longer operating
histories, greater name recognition, larger customer bases and significantly
greater financial, technical, marketing and other resources than we do. In
addition, our current and potential competitors have established or may
establish cooperative relationships among themselves or with third parties that
may further enhance their resources, such as the partnership between Check
Point and Nokia. As a result, they may be able to adapt more quickly to new
24
technologies and customer needs, devote greater resources to the promotion or
sale of their products and services, initiate or withstand substantial price
competition, take advantage of acquisition or other opportunities more readily
or develop and expand their product and service offerings more quickly. In
addition, our competitors may bundle products competitive with ours with other
products that they may sell to our current or potential customers. These
customers may accept these bundled products rather than separately purchasing
our products.
Rapid changes in technology and industry standards could render our products
and services unmarketable or obsolete, and we may be unable to introduce new
products and services timely and successfully.
To succeed, we must continually change and improve our products in response
to rapid technological developments and changes in operating systems, Internet
access and communications, application and networking software, computer and
communications hardware, programming tools, computer language technology and
hacker techniques. We may be unable to successfully and timely develop these
new products and services or achieve and maintain market acceptance. The
development of new, technologically advanced products and services is a complex
and uncertain process requiring great innovation and the ability to anticipate
technological and market trends. Because Internet security technology is
complex, it can require long development and testing periods. Releasing new
products and services prematurely may result in quality problems, and releasing
them late may result in loss of customer confidence and market share. In the
past, we have on occasion experienced delays in the scheduled introduction of
new and enhanced products and services, and we may experience delays in the
future. When we do introduce new or enhanced products and services, we may be
unable to manage the transition from the older products and services to
minimize disruption in customer ordering patterns, avoid excessive inventories
of older products and deliver enough new products and services to meet customer
demand.
We may be required to defend lawsuits or pay damages in connection with the
alleged or actual failure of our products and services.
Because our products and services provide and monitor Internet security and
may protect valuable information, we may face claims for product liability,
tort or breach of warranty relating to our products and services. Anyone who
circumvents our security measures could misappropriate the confidential
information or other property of end-users using our products and services or
interrupt their operations. If that happens, affected end-users or ISPs may sue
us. In addition, we may face liability for breaches caused by faulty
installation of our products by resellers or end-users. Although we attempt to
reduce the risk of losses from claims through contractual warranty disclaimers
and liability limitations, these provisions may be unenforceable. Some courts,
for example, have found contractual limitations of liability in standard
software licenses to be unenforceable because the licensee does not sign them.
Defending a suit, regardless of its merit, could be costly and could divert
management attention. Although we currently maintain business liability
insurance, this coverage may be inadequate or may be unavailable in the future
on acceptable terms, if at all.
A breach of security could harm public perception of our products and services.
We will not succeed unless the marketplace is confident that we provide
effective Internet security protection. Even networks protected by our software
products may be vulnerable to electronic break-ins and computer viruses. If an
actual or perceived breach of Internet security occurs in an end-user's
systems, regardless of whether the breach is attributable to us, the market
perception of the efficacy of our products and
services could be harmed. This could cause us and our ISP partners to lose
current and potential customers or cause us to lose potential resellers,
distributors and ISP partners. Because the techniques used by computer hackers
to access or sabotage networks change frequently and generally are not
recognized until launched against a target, we may be unable to anticipate
these techniques.
If we are unable to prevent attacks on our internal network system by computer
hackers, public perception of our products and services will be harmed.
Because we provide Internet security, we have become a greater target of
attacks by computer hackers. We have experienced attacks by computer hackers in
the past and expect attacks to continue. If attacks on our internal network
system are successful, public perception of our products and services will be
harmed.
25
Failure to address strain on our resources caused by our rapid growth will
result in our inability to effectively manage our business.
Our current systems, management and resources will be inadequate if we
continue to grow. Our business has grown rapidly in size and complexity in the
last three years. This rapid expansion has placed significant strain on our
administrative, operational and financial resources and has resulted in ever-
increasing responsibilities for our management personnel. We will be unable to
effectively manage our business if we are unable to timely and successfully
alleviate the strain on our resources caused by our rapid growth.
We may be unable to adequately expand our operational systems to accommodate
growth, which could harm our ability to deliver our products and services.
Our operational systems have not been tested at the customer volumes that may
be required in the future. We may encounter performance difficulties when
operating with a substantially greater number of customers. In implementing our
LiveSecurity products, we have experienced periodic interruptions affecting all
or a portion of our systems, and we believe that interruptions will continue to
occur from time to time. These interruptions could harm our ability to deliver
our products and services. An inability to add software and hardware or to
develop and upgrade existing technology or operational systems to handle
increased traffic may cause unanticipated system disruptions, slower response
times and poor customer service, including problems filling customer orders.
We may be unable to adequately protect our operational systems from damage,
failure or interruption, which could harm our reputation and our ability to
attract and retain customers.
Our operations, customer service, reputation and ability to attract and
retain customers depend on the uninterrupted operation of our operational
systems. Although we have off-site backup facilities and take other precautions
to prevent damage, failure or interruption of our systems, our precautions may
be inadequate. Any damage, failure or interruption of our computer or
communications systems could lead to service interruptions, delays, loss of
data and inability to accept and fill customer orders and provide customers
with LiveSecurity updates.
We may be unable to deliver our products and services if we cannot continue to
license third-party technology that is important for the functionality of our
products.
Our success will depend in part on our continued ability to license
technology that is important for the functionality of our products. A
significant interruption in the supply of a third-party technology could delay
our development and sales until we can find, license and integrate equivalent
technology. This could damage our brand and result in loss of current and
potential customers. Although we believe that we could find other sources for
the technology we license, alternative technologies may be unavailable on
acceptable terms, if at all. We depend on our third-party licensers to deliver
reliable, high-quality products, develop new products on a timely and cost-
effective basis and respond to evolving technology and changes in industry
standards. We also depend on the continued compatibility of our third-party
software with future versions of our products.
We may be unable to deliver our products and services if our single-source
manufacturers fail to supply hardware with acceptable quality, quantity and
cost.
We outsource all of our hardware manufacturing and assembly for each of our
SME and larger-enterprise solutions and our SOHO and telecommuter solutions to
single-source motherboard manufacturers and assembly houses. While the single-
source vendors for our SME and larger-enterprise products have produced
hardware with acceptable quality, quantity and cost in the past, they may be
unable to meet our future demands. Our relationships with the single-source
vendor for our SOHO and telecommuter products are new and unproven. Although we
believe that we could find another manufacturer and assembly house for each of
our product lines, our operations could be disrupted if we have to switch to a
replacement vendor or if our hardware supply is interrupted for an extended
period. This could result in loss of customer orders and revenue.
26
We may have to reduce or cease operations if we are unable to obtain the
funding necessary to meet our working capital requirements.
Our future revenues may be insufficient to support the expenses of our
operations and the expansion of our business. We may therefore need additional
equity or debt capital to finance our operations. If we are unable to generate
sufficient cash flow from operations or obtain funds through additional
financing, we may have to reduce some or all of our development and sales and
marketing efforts or cease operations. We believe that existing cash and cash
equivalents balances and our existing line of credit, excluding the potential
net proceeds from our proposed public offering in the first quarter of 2000,
should be sufficient to meet our capital requirements for at least the next 12
months. Our capital requirements depend on several factors, however, including
the rate of market acceptance of our products and services, our ability to
expand our customer base and the growth of our sales and marketing
capabilities. If our capital requirements vary from our current plans, we may
require additional financing sooner than we anticipate. Financing may be
unavailable to us when needed or on acceptable terms.
We may be unable to adequately protect our proprietary rights, which may limit
our ability to compete effectively.
Despite our efforts to protect our proprietary rights, unauthorized parties
may misappropriate or infringe on our trade secrets, copyrights, trademarks,
service marks and similar proprietary rights. We face additional risk when
conducting business in countries that have poorly developed or inadequately
enforced intellectual property laws. While we are unable to determine the
extent to which piracy of our software products exists, we expect piracy to be
a continuing concern, particularly in international markets and as a result of
the growing use of the Internet. In any event, competitors may independently
develop similar or superior technologies or duplicate the technologies we have
developed, which could substantially limit the value of our intellectual
property.
Intellectual property claims and litigation could subject us to significant
liability for damages and invalidation of our proprietary rights.
In the future, we may have to resort to litigation to protect our
intellectual property rights, to protect our trade secrets or to determine the
validity and scope of the proprietary rights of others. Any litigation,
regardless of its success, would probably be costly and require significant
time and attention of our key management and technical personnel. Litigation
could also force us to
. stop or delay selling, incorporating or using products that incorporate
the challenged intellectual property;
. pay damages;
. enter into licensing or royalty agreements, which may be unavailable on
acceptable terms; or
. redesign products or services that incorporate infringing technology.
Although we have not been sued for intellectual property infringement, we may
face infringement claims from third parties in the future. The software
industry has seen frequent litigation over intellectual property rights, and we
expect that participants in the Internet security industry will be increasingly
subject to infringement claims as the number of products, services and
competitors grows and functionality of products and services overlaps.
Undetected product errors or defects could result in loss of revenues, delayed
market acceptance and claims against us.
Our products and services may contain undetected errors or defects,
especially when first released. Despite extensive testing, some errors are
discovered only after a product has been installed and used by customers. Any
errors discovered after commercial release could result in loss of revenues or
claims against us.
27
Governmental controls over the export or import of encryption technology could
cause us to lose sales.
Any additional governmental regulation of imports or exports or failure to
obtain required export approval of our encryption technologies could adversely
affect our international and domestic sales. The United States and various
foreign governments have imposed controls, export license requirements and
restrictions on the import or export of some technologies, especially
encryption technology. In addition, from time to time governmental agencies
have proposed additional regulation of encryption technology, such as requiring
the escrow and governmental recovery of private encryption keys. Additional
regulation of encryption technology could delay or prevent the acceptance and
use of encryption products and public networks for secure communications. This,
in turn, could result in decreased demand for our products and services.
In addition, some foreign competitors are subject to less stringent controls
on exporting their encryption technologies. As a result, they may be able to
compete more effectively than we can in the U.S. and international Internet
security markets.
If we do not retain our key employees, our ability to execute our business
strategy will be impaired.
Our future success will depend largely on the efforts and abilities of our
senior management and our key development, technical, operations, information
systems, customer support and sales and marketing personnel and our ability to
retain them. These employees are not obligated to continue their employment
with us and may leave us at any time.
If we do not expand our international operations and successfully overcome the
risks inherent in international business activities, the growth of our business
will be limited.
Our ability to grow will depend in part on the expansion of our international
sales and operations, which are expected to continue to account for a
significant portion of our revenues. Sales to customers outside of North
America accounted for approximately 56% of our net revenues in 1997, 35% in
1998 and 50% in 1999. The failure of our resellers and distributors to sell our
products internationally would limit our ability to increase our revenues. In
addition, our international sales are subject to the risks inherent in
international business activities, including
. cost of customizing products for foreign countries;
. export and import restrictions, such as those affecting encryption
commodities and software;
. difficulties in acquiring and authenticating customer information;
. reduced protection of intellectual property rights and increased
liability exposure; and
. regional economic and political conditions.
Our international sales currently are U.S. dollar-denominated. As a result, an
increase in the value of the U.S. dollar relative to foreign currencies could
make our products less competitive in international markets.
Undiscovered year 2000-related computer problems could disrupt our operations.
We believe that the current versions of the internally developed software
technologies incorporated in our products and services, as well as our internal
management and other administrative and external information systems, are year
2000 compliant. When the century changed, we experienced no disruption to our
business operations and no product failures as a result of year 2000 compliance
issues or otherwise. Nonetheless, some year 2000 problems may not appear until
several months after January 1, 2000. As a result, we may still face claims for
undiscovered year 2000 errors in our own products or for year 2000 issues
arising from third-party products that we integrate into our products and
services or with which our systems and products exchange data. In addition, if
our suppliers, vendors or distributors encounter year 2000 software, firmware
and hardware problems, our ability to deliver our products and services could
be disrupted.
28
The integration of BeadleNet, LLC and any future acquisitions may be difficult
and disruptive.
In October 1999, we acquired BeadleNet, LLC, a privately held developer of
Internet security solutions for small offices and home offices. We are
currently in the process of integrating the BeadleNet business with our
business. This integration is subject to risks commonly encountered in making
acquisitions, including
. loss of key personnel;
. difficulties in assimilating BeadleNet's technologies, products,
personnel and operations;
. disruption of our ongoing business; and
. the inability of our sales force, consultants and development staff to
adapt to the new product line.
We may not successfully overcome these or any other problems encountered in
connection with the integration of BeadleNet. As part of our business strategy,
we expect to consider acquiring other companies. We may be unable to
successfully integrate the technologies, products, personnel or operation of
companies that we may acquire in the future.
The concentrated ownership of our common stock could delay or prevent a change
of control, which could reduce the market price of our common stock.
As of December 31, 1999, our directors, executive officers and their
affiliates beneficially owned, in the aggregate, approximately 67.8% of our
outstanding common stock. If we complete a proposed public offering of our
common stock in the first quarter of 2000, our directors, executive officers
and their affiliates will beneficially own, in the aggregate, approximately
57.37% of our outstanding common stock, or 55.96% if the underwriters exercise
their over-allotment option in full. As a result of their concentrated
ownership, these stockholders are able to exercise control over all matters
requiring stockholder approval, including the election of directors and
approval of significant corporate transactions such as acquisitions, and to
block unsolicited tender offers. This concentration of ownership therefore
could have the effect of delaying or preventing a third party from acquiring
control over us at a premium over the then-current market price of our common
stock, which could result in a decrease in our stock price.
Our stock price is volatile.
The trading price of our common stock could be subject to fluctuations for a
number of reasons, including
. actual or anticipated variations in quarterly or annual operating
results;
. changes in analysts' earning projections or analysts' recommendations;
. our inability to successfully implement our business strategy;
. changes in business conditions affecting our customers, our competitors
and us; and
. changes in accounting standards that adversely affect our revenues and
earnings.
In recent years, moreover, the stock market in general and the market for
Internet-related technology companies in particular have experienced extreme
price and volume fluctuations, often unrelated to the operating performance of
the affected companies. Our common stock has experienced, and is likely to
continue to experience, these fluctuations in price, regardless of our
performance. Market fluctuations or volatility could cause the market price of
our common stock to decline.
Future sales of our common stock may depress our stock price.
Sales of a substantial number of shares of our common stock in the public
market could adversely affect the market price of our common stock. We have
filed a registration statement relating to a proposed offering of 3,000,000
shares of common stock, plus an additional 450,000 shares subject to the
underwriters' over-
29
allotment option. Of the shares in the offering, we propose to sell 1,500,000
shares and certain stockholders propose to sell the remaining shares. After the
offering, we will have outstanding 21,136,752 shares of common stock. All the
shares sold in the proposed public offering will be freely tradable. Of the
remaining 18,136,752 shares of common stock that will be outstanding after the
offering, 14,010,545 are restricted as a result of securities laws or lock-up
agreements signed by the holder and will be available