SECURITIES AND EXCHANGE COMMISSION
WASHINGTON, D.C. 20549
FORM 10-K
FOR ANNUAL AND TRANSITION REPORTS
PURSUANT TO SECTION 13 OR 15(d) OF THE
SECURITIES EXCHANGE ACT OF 1934
| x | ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 |
For the fiscal year ended December 31, 2004
OR
| ¨ | TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 |
For the transition period from __________ to __________
Commission file number 000-26819
WATCHGUARD TECHNOLOGIES, INC.
(Exact name of registrant as specified in its charter)
| Delaware | 91-1712427 | |
| (State or other jurisdiction of incorporation or organization) |
(I.R.S. Employer Identification No.) |
505 Fifth Avenue South, Suite 500, Seattle, WA 98104
(Address of principal executive offices) (zip code)
(206) 521-8340
(Registrant’s telephone number, including area code)
Securities registered pursuant to Section 12(b) of the Act:
None
Securities registered pursuant to Section 12(g) of the Act:
Common Stock, $.001 par value
Indicate by check mark whether the registrant: (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports) and (2) has been subject to such filing requirements for the past 90 days. Yes x No ¨
Indicate by check mark if disclosure of delinquent filers pursuant to Item 405 of Regulation S-K is not contained herein, and will not be contained, to the best of registrant’s knowledge, in definitive proxy or information statements incorporated by reference in Part III of this Form 10-K or any amendment to this Form 10-K. ¨
Indicate by check mark whether the registrant is an accelerated filer (as defined in Exchange Act Rule 12b-2). Yes x No ¨
The aggregate market value of the voting and nonvoting common equity held by nonaffiliates of the registrant, based on the last sales price of the registrant’s common stock on June 30, 2004, as reported on the Nasdaq National Market, was approximately $232,419,948.
As of March 1, 2005, there were 33,788,281 shares of the registrant’s common stock outstanding.
DOCUMENTS INCORPORATED BY REFERENCE
The information required by Part III of this report, to the extent not set forth herein, is incorporated into this report by reference to the registrant’s definitive proxy statement for the annual meeting of stockholders to be held on June 3, 2005. The definitive proxy statement will be filed with the Securities and Exchange Commission within 120 days after December 31, 2004, the end of the fiscal year to which this report relates.
ANNUAL REPORT ON FORM 10-K
FOR THE FISCAL YEAR ENDED DECEMBER 31, 2004
TABLE OF CONTENTS
Forward-Looking Statements
Our disclosure and analysis in this annual report contain forward-looking statements, which provide our current expectations or forecasts of future events. Forward-looking statements in this annual report include, without limitation:
| • | information concerning possible or assumed future operating results, trends in financial results and business plans, including those relating to earnings growth and revenue growth; |
| • | statements about our costs and operating expenses relative to our revenues and about the expected composition of our revenues; |
| • | statements about our future capital requirements and the sufficiency of our cash, cash equivalents, investments and available bank borrowings to meet these requirements; |
| • | information about the anticipated timing of new product releases; |
| • | other statements about our plans, objectives, expectations and intentions; and |
| • | other statements that are not historical facts. |
Words such as “expects,” “believes,” “anticipates,” “intends” and “will” and similar words may identify forward-looking statements, but the absence of these words does not necessarily mean that a statement is not forward-looking. Forward-looking statements are subject to known and unknown risks and uncertainties and are based on potentially inaccurate assumptions that could cause actual results to differ materially from those expected or implied by the forward-looking statements. Our actual results could differ materially from those anticipated in the forward-looking statements for many reasons, including the factors described in the section entitled “Important Factors That May Affect Our Business, Our Operating Results and Our Stock Price” in this annual report. Other factors besides those described in this annual report could also affect actual results. You should carefully consider the factors described in the section entitled “Important Factors That May Affect Our Business, Our Operating Results and Our Stock Price” in evaluating our forward-looking statements.
You should not unduly rely on these forward-looking statements, which speak only as of the date of this annual report. We undertake no obligation to publicly revise any forward-looking statement to reflect circumstances or events after the date of this annual report, or to reflect the occurrence of unanticipated events. You should, however, review the factors and risks we describe in the reports we file from time to time with the Securities and Exchange Commission, or SEC.
| ITEM 1. | BUSINESS |
Overview
We are a leading provider of network security solutions designed to protect small- to medium-sized enterprises, or SMEs, that use the Internet for e-commerce and secure communications. We provide SMEs worldwide with integrated and expandable network security solutions employing multi-layered defenses that are designed to protect not only against existing threats, but also against future threats, in an intelligent way. Our security solutions are backed by an intuitive user interface and the expert guidance and support of our LiveSecurity Service. With the risk that threats and attacks will compromise multiple access points in a corporate network, an effective security solution requires more layers of defense than just firewalls for access control and virtual private networks, or VPNs, for secure communications. A security solution that integrates multiple layers of defense, however, must do so efficiently to preserve performance and remain flexible enough to adapt to future threats and attacks in the evolving security landscape.
Thousands of enterprises worldwide use our award-winning products and services to meet these requirements. The core of our products and services is our family of integrated, expandable Firebox X security
1
solutions. We offer firewall protection and intrusion prevention technology for access control, virtual private networking for secure communications, content and spam filtering, gateway and desktop anti-virus protection and vulnerability assessment services. Our Firebox X security solutions allow users to upgrade to any higher model in the particular line simply by applying a software license key. We also offer our customers a unified management interface designed to allow even the non-security professional to effectively install, configure and monitor our security products. We also offer the networking features required for more complex network installations. In addition, our innovative subscription-based LiveSecurity Service provides our customers with access to expert guidance and support so they can protect their data and communications in a continuously changing environment.
Our market spans the SME market, from smaller-sized companies, for which ease-of-use is a primary requirement, to medium-sized companies, including those with high-speed connections supporting VPNs between the corporate headquarters and geographically dispersed branch offices, for which performance, scalability and networking features are key requirements. Our security solutions also give enterprises a security management choice. An enterprise can manage its own Internet security with our product offerings or outsource its security management to an Internet service provider, or ISP, or other managed service provider implementing our managed security solutions. For the service provider, our technology improves the economics of managed security services through a scalable delivery platform that enables the service provider to remotely configure and manage thousands of customer sites quickly and easily.
We sell our network security solutions indirectly to end-users through a network that includes approximately 100 distributors and more than 5,000 resellers, and we have customers located in over 150 countries. We also sell directly and indirectly to a number of service providers that implement our managed security solution and resell to end-users. As of December 31, 2004, we had shipped over 300,000 of our security appliances.
We initially incorporated in Washington in 1996 and reincorporated in Delaware in 1997. References to “we,” “our,” “us” and “WatchGuard” in this annual report refer to WatchGuard Technologies, Inc., our subsidiaries and our predecessor. Our executive offices are located at 505 Fifth Avenue South, Suite 500, Seattle, Washington 98104, and our telephone number is (206) 521-8340. We make available on our Web site, free of charge, copies of our annual report on Form 10-K, quarterly reports on Form 10-Q, current reports on Form 8-K, and amendments to those reports filed with or furnished to the SEC as soon as reasonably practicable after filing or furnishing the information to the SEC. A link to this information can be found in the investor relations portion of our Web site, which is located at www.watchguard.com. In addition, the SEC maintains a Web site that contains reports, proxy and information statements and other information regarding issuers that file with the SEC, at http://www.sec.gov.
Industry Background
The need for Internet security
The increased importance of e-commerce and the proliferation and growth of corporate intranets have dramatically increased the openness of computer networks, with the Internet becoming a widely accepted platform for many business-to-business and business-to-consumer transactions. The accessibility and relative anonymity of users in open computing environments, however, make systems and the integrity of information stored on them increasingly vulnerable to security threats. Open systems present inviting opportunities for computer hackers, terrorists, curious or disgruntled employees or contractors, or competitors, to compromise, alter or destroy sensitive information within the system or to disrupt operations and Internet access. Open computing environments are also complex and typically involve a variety of hardware, operating systems and applications supplied by a variety of vendors, making networks difficult to manage, monitor and protect from unauthorized access. In addition, because even smaller organizations are rapidly adopting public-facing Web and application servers and electronic communications, they now face the types of threats and vulnerabilities that had been previously reserved for much larger organizations that could deploy sufficient personnel to meet that challenge.
2
New attacks and security vulnerabilities are created or discovered on almost a daily basis. Security vulnerabilities are faults in software and hardware that may permit unauthorized network access or allow an attacker to cause network damage. According to the Computer Emergency Response Team, or CERT, a federally funded research and development center, not only is the number of cyber incidents and attacks increasing at an alarming rate, but the number of vulnerabilities is increasing as well. The number of vulnerabilities has increased almost four-fold in four years, from 1,090 reported vulnerabilities in 2000 to 3,780 reported vulnerabilities in 2004. During this time, CERT published nearly seven times the number of vulnerability notes, from 47 in 2000 to 341 in 2004.
The 2004 E-Crime Watch Survey, conducted among security and law enforcement executives by CSO Magazine in cooperation with the U.S. Secret Service and CERT, estimates that e-crime losses were approximately $666 million in 2004. Many organizations experienced an increase in e-crimes and network, system or data intrusions. In fact, 43% of survey respondents reported an increase in e-crimes and intrusions versus the prior year. Organizations therefore must have comprehensive multi-layered defenses to protect their networks and valuable data or risk significant business losses. In addition to an increase in the number of attacks, the speed of propagation of these attacks has increased as well. For example, MyDoom, an automated Internet attack that was a blend of a computer worm and a computer virus, quickly spread around the world. At its peak, it was estimated that 1 in 12 emails carried the worm. Organizations therefore often do not have the luxury of waiting for an alert about a current threat, but must anticipate and prepare in advance for defense against network security attacks.
The Internet security challenge
Internet security is not a response to a single attack or point of vulnerability, but rather a comprehensive solution comprised of a series of defenses against a wide variety of attacks and points of vulnerabilities. Because enterprises need to control the flow of information between their internal networks and the Internet, they need firewalls, which are the foundation of a comprehensive security solution. A firewall, a security component that varies in complexity, is designed to block access from the Internet to an enterprise’s internal networks, as well as control the flow of and access to information shared between the networks and the Internet. A comprehensive security solution, however, needs to do more than control access. It also needs to integrate several other sophisticated security layers, such as VPNs, to enable encrypted communications between points on the Internet, gateway and desktop anti-virus solutions, to scan and detect viruses and worms, and to provide for other security methodologies, such as intrusion prevention, authentication, spam filtering, content filtering and vulnerability assessment. To be truly effective, a comprehensive security solution must defend against new and emerging attacks the instant they are launched, a capability that is also referred to as “zero-day” protection. With the speed of propagation of many recent threats, sole reliance on signature-based intrusion protection can leave networks exposed until a new threat is evaluated and a signature is created and distributed to defend against the threat. While signature-based intrusion protection is an important layer of defense, preemptive intrusion protection through behavior-based detection and protocol anomaly detection provides strong baseline security against many threats regardless of the availability of a signature for that threat.
Even a comprehensive security solution must, however, be easy to install, configure and manage to be truly effective. With businesses increasingly establishing secure Internet access for branch offices, trading partners and traveling employees, an enterprise must often deploy multiple security layers to fully protect the corporate network. This often requires a variety of different security technologies, often from a wide variety of vendors, all with disparate management systems. The complexity of effectively managing all of these security layers is often beyond the scope and skill of some businesses, and without a robust, intuitive and easy-to-use system to manage these security layers, the complexity and difficulty of successfully implementing a corporate information security solution rises dramatically.
Moreover, the dangers against which an effective Internet security solution must protect are dynamic rather than static, with new attack vectors emerging and the constant introduction of new exploits, intrusion schemes,
3
worms and viruses within existing attack vectors. For example, the use of new technologies such as email over cell phones and instant messaging, and the creativity of computer hackers, many of whom are now financially motivated, create new vectors of attack. In addition, unless an enterprise can timely and easily implement security updates across the enterprise’s security layers protecting its network, the enterprise may need dedicated, and expensive, security experts to proactively identify, obtain and manually implement these updates quickly and correctly.
The Internet security opportunity
According to the “Worldwide Threat Management Security Appliances 2004-2008 Forecast and 2003 Vendor Shares: The Rise of the Unified Threat Management Security Appliance” report from International Data Corporation in September 2004, the threat management security appliance market is expected to grow at a combined annual growth rate of 17% between 2003 and 2008, translating into a total market in 2008 of $3.45 billion.
Enterprises require a robust, comprehensive Internet security solution that secures all vulnerable points in the corporate network, that can be installed, configured and managed easily, and that can be kept up to date quickly and effectively, all for an economical price. In addition, many enterprises would rather outsource the management of their Internet security to ISPs and other managed service providers. Service providers face challenges, however, in delivering affordable security services that can be rapidly and economically deployed to thousands of customer sites and easily managed from a central location.
The WatchGuard Approach to Network Security
WatchGuard’s approach to network security has the following key elements:
| Integrated Security Appliance |
By integrating multiple security capabilities and services—which normally reside on numerous devices—integrated security appliances provide multi-layered protection in a single appliance. This allows users that often have limited security budgets and lack the resources to adequately research and acquire multiple security layers to get enterprise-level security at a lower total cost of ownership. In addition, managing a single device requires less time than managing disparate systems and leaves more time to proactively secure networks against ever-present threats. |
| Upgradeable and Expandable Platform |
Upgradeability and expandability enables the customer to adapt its security to meet changing business needs by expanding additional security services or increasing performance. It also provides investment protection for the customer that typically lacks the budget to replace hardware devices every time increased performance or new features or functionality are required. |
| Intelligent Layered Security |
An Intelligent Layered Security architecture is designed to incorporate, integrate and improve security with a layered architecture that provides more efficient performance while remaining flexible enough to insert new layers of security as emerging threats arise. The conceptual layers of defense include external defenses such as vulnerability assessment to protect against attacks before they are launched, WatchGuard’s Deep Application Inspection for behavior-based and protocol anomaly-based “zero-day,” preemptive protection not available in many standard packet-filter technologies, virtual |
4
| private networking for secure communications, standard stateful packet filtering, signature-based intrusion prevention to detect application-layer threats before they are allowed into the network (what some companies refer to as “deep inspection”), gateway anti-virus that examines email attachments and detects viruses before they are allowed into the network, content filtering, which includes Web access control to protect users from harmful content, and spam filtering to efficiently reduce wasted corporate resources. An Intelligent Layered Security Architecture also includes behavioral mechanisms which protect against attacks by detecting precursors such as port scans and spoofing attacks, as well as actual attacks such as buffer overflows and protocol anomaly attacks, and dynamically changing firewall policy to prevent subsequent traffic from the sources of those scans and attacks. |
| Intuitive Management and Ease of Use |
Many of our target customers do not have full-time or fully dedicated network security administrators. Because our products are intuitive and easy to manage, we offer SMEs a number of key benefits: (1) more accessible security with a reduced level of initial training and more advanced features are made available in an intuitive manner, allowing the user to learn as the user goes; (2) the visibility to allow a user to see what is happening in its network instantly with real-time monitoring and unified management for multiple devices and security services; (3) the efficiency to update defenses across a network from one management console even as additional security appliances and integrated security services are added to the network; (4) the ability of the user to monitor the solution with the level of detail the user prefers with a range of sophisticated management tools; (5) “smart” defaults that are designed to reduce configuration time and allow a security product to protect a network from the moment it is installed; and (6) automated wizards that allow for simple and easy set-up of additional capabilities, such as VPNs. An example of such a wizard is our “drag-and-drop” VPN set-up that allows users to create VPN tunnels in seconds instead of hours and without complex knowledge and expertise. Finally, graphically highlighted need-to-know data facilitate network management and allow users efficient and quick analysis of logs. |
| Expert Guidance and Support |
Our subscription-based LiveSecurity Service helps the network administrator become a security expert. Our customers receive timely updates on emerging security threats and guidance on implementation of sound security policies. This information allows the user to provide better security for its network and concentrate its resources on its core business. The LiveSecurity Service offers subscribers the following important services: |
| • | Early warning vulnerability alerts delivered via email directly to the subscriber’s Inbox, allowing customers to stay ahead of attackers; |
| • | Convenient, downloadable software updates providing not only hotfixes, but also featuring enhancements that allow subscriber defenses to keep pace with computer hacker innovations; |
5
| • | Expert instruction and training to help subscribers remain informed, grow in their security knowledge, and better respond to security issues; and |
| • | Superior customer care that responds quickly to subscriber problems and offers technical support and convenient online resources. |
We expect that these key elements will be increasingly reflected in our products throughout 2005.
Products and Services
Our comprehensive security solutions include an integrated security appliance (also known as a unified threat management appliance), a suite of security and management software, the capability to add additional subscription-based services when needed and a dynamic Internet-based service to keep security defenses current. These solutions provide firewall protection and intrusion prevention technology for access control, virtual private networking for secure communications, content and spam filtering, gateway and desktop anti-virus protection and vulnerability assessment services. Enterprises may use our products to internally manage their Internet security or elect to outsource security management to a service provider that implements our managed security solution.
Security Appliances
By using our Firebox products, an enterprise can quickly and affordably deploy comprehensive layered security protection and VPN capability across its network, but still retain unified control and administration. In addition, our LiveSecurity Service enables enterprises to augment their information technology staff with our security experts, which we believe substantially reduces personnel costs. Our Firebox products include an initial 90-day subscription to our LiveSecurity Service. In addition, customers can upgrade their existing Firebox X appliances to any higher model in the line or add additional subscription-based service to provide additional layers of security simply by applying a license key.
6
We currently offer the following Firebox SOHO, Firebox X Edge, Firebox X Core and Firebox Vclass models, and we expect to introduce the Firebox X Peak line in the first half of 2005.
Firebox SOHO
| Firebox Model | Firebox SOHO 6 |
Firebox SOHO 6tc |
Firebox SOHO 6 Wireless |
Firebox SOHO 6tc Wireless |
Firebox S6 and S6-VPN |
Firebox S6 Wireless and S6-VPN Wireless | ||||||
| Recommended For |
Small Business | Small Remote Office | Small Business with Wireless Network | Small Remote Office with Wireless Network | Small Japanese Business or Small Remote Office | Small Japanese Business or Remote Office with Wireless Network | ||||||
| User License |
10 (upgrade to 25 or 501) | 10 (upgrade to 25 or 501) | 10 (upgrade to 25 or 501) | 10 (upgrade to 25 or 501) | 10 (upgrade to 25 or 501) | 10 (upgrade to 25 or 501) | ||||||
| Firewall Throughput |
75 Mbps | 75 Mbps | 75 Mbps | 75 Mbps | 75 Mbps | 75 Mbps | ||||||
| VPN Throughput (3DES Encryption + SHA1) |
20 Mbps | 20 Mbps | 20 Mbps | 20 Mbps | 20 Mbps | 20 Mbps | ||||||
| Hardware Encryption Acceleration |
Yes | Yes | Yes | Yes | Yes | Yes | ||||||
| Branch Office/Mobile User VPN Tunnels |
02/11 | 102/11 | 02/11 | 102/11 | 102/11 | 102/11 | ||||||
| Full Japanese Support, User Interface and User Guides |
Option | Option | Option | Option | Yes | Yes | ||||||
| Interfaces |
Six RJ-45 10/100TX Ethernet | Six RJ-45 10/100TX Ethernet | Five RJ-45 10/100TX Ethernet 802.11b WAP |
Five RJ-45 10/100TX Ethernet 802.11b WAP |
Six RJ-45 10/100TX Ethernet | Five RJ-45 10/100TX Ethernet 802.11b WAP |
| 1 | Firebox SOHO 6tc—50 User and 50 User Upgrade License is available in North America and select countries. |
| 2 | Included in Firebox SOHO 6tc and S6-VPN; optional on Firebox SOHO 6 and S6. |
7
Firebox X Edge
| Firebox X Edge Model |
Firebox X5 | Firebox X15 |
Firebox X50 | Firebox X5 Wireless |
Firebox X15 Wireless |
Firebox X50 Wireless | ||||||
| Recommended For | Telecommuters who require central office VPN connectivity with separate work/home networks | For remote offices/small businesses that require branch office VPN endpoint connectivity to a central office running a Firebox X | Remote offices/small businesses that need fully integrated protection, intuitive local and remote management, and WAN failover for ISP redundancy | Telecommuters with wireless network | Small remote offices with wireless network | Small remote offices with wireless network | ||||||
| User License |
12 (upgrade to 17) | 30 | Unlimited | 12 (upgrade to 17) | 30 | Unlimited | ||||||
| Firewall Throughput |
80 Mbps | 95 Mbps | 110 Mbps | 80 Mbps | 95 Mbps | 110 Mbps | ||||||
| VPN Throughput (3DES Encryption + SHA1) |
35 Mbps | 35 Mbps | 35 Mbps | 35 Mbps | 35 Mbps | 35 Mbps | ||||||
| Hardware Encryption Acceleration |
Yes | Yes | Yes | Yes | Yes | Yes | ||||||
| Branch Office/Mobile User VPN Tunnels |
2 | 15 | 25 | 2 | 15 | 25 | ||||||
| Full Japanese Support, User Interface and User Guides |
Option | Option | Option | Option | Option | Option | ||||||
| Interfaces | 10 RJ-45 10/100TX Ethernet | 10 RJ-45 10/100TX Ethernet | 10 RJ-45 10/100TX Ethernet | 10 RJ-45 10/100TX Ethernet | 10 RJ-45 10/100TX Ethernet | 10 RJ-45 10/100TX Ethernet |
8
Firebox X Core
| Firebox X Core Model | Firebox X500 | Firebox X700 | Firebox X1000 | Firebox X2500 | ||||
| Recommended For |
Stand-Alone Firewall for Small Office | Smaller Business or Remote Office | Mid-Size Business or Branch Office | Mid-sized Enterprises, High Volume Web Traffic | ||||
| Authenticated Users |
250 | 250 | 1000 | 5000 | ||||
| User License |
Unlimited | Unlimited | Unlimited | Unlimited | ||||
| Firewall Throughput |
100 Mbps | 150 Mbps | 225 Mbps | 275 Mbps | ||||
| VPN Throughput (3DES Encryption + SHA1) |
20 Mbps | 40 Mbps | 75 Mbps | 100 Mbps | ||||
| Hardware Encryption Acceleration |
Yes | Yes | Yes | Yes | ||||
| Branch Office/Mobile User VPN Tunnels |
01/50 | 100/100 | 500/1000 | 1000/1000 | ||||
| Model Upgradeability |
Yes | Yes | Yes | N/A | ||||
| Interfaces |
Six2 RJ-45 10/100TX Ethernet, DB-9 Serial Port | Six2 RJ-45 10/100TX Ethernet, DB-9 Serial Port | Six2 RJ-45 10/100TX Ethernet, DB-9 Serial Port | Six2 RJ-45 10/100TX Ethernet, DB-9 Serial Port |
| 1 | Upgradeable to 50 Branch Office/VPN Tunnels. |
| 2 | Three ports active initially with an available option to activate three additional ports. |
Firebox X Peak*
| * | WatchGuard expects to introduce the Firebox X Peak line of appliances in the first half of 2005. |
| Firebox X Peak Model | Firebox X5000 | Firebox X6000 | Firebox X8000 | |||
| Recommended For |
Enterprises that need higher performance, advanced networking features and higher port density to segment their networks | More demanding enterprise networks that need Gigabit-level performance | Most complex networks with Gigabit-level performance. | |||
| Authenticated Users |
6,000 | 8,000 | 10,000 | |||
| User License |
Unlimited | Unlimited | Unlimited | |||
| Firewall Throughput |
400 Mbps | 700 Mbps | 1 Gbps + | |||
| VPN Throughput (3DES Encryption + SHA1) |
200 Mbps | 300 Mbps | 400 Mbps | |||
| Hardware Encryption Acceleration |
Yes | Yes | Yes | |||
| Branch Office/Mobile User VPN Tunnels |
4,000/4,000 | 5,000/5,000 | 10,000/10,000 | |||
| Model Upgradeability |
Yes | Yes | No | |||
| Interfaces |
One RJ-45 10/100/1000TX Nine RJ-45 10/100TX Ethernet DB-9 Serial Port |
Nine RJ-45 10/100TX Ethernet, One 10/100/1000TX DB-9 Serial Port |
Seven RJ-45 10/100TX Ethernet, |