It doesn’t happen very often so it’s highly scrutinized. No, it’s not me being nice to someone. It’s a security company IPO. Last week the folks at FireEye filed their Form S-1, which is the first step toward becoming a public company. The echo chamber blew up, mostly because of FireEye’s P&L.

Basically, FireEye spent more on sales and marketing in the first half of 2013 than they took in revenue. Their top line revenue was $61.6MM; they spent $66.1MM on sales and marketing. Their total loss was $63.4MM. Yes, you read that correctly. On the surface that’s pretty ugly. Sure, revenue growth has been significant ($11.3MM, $33.6MM, and $83.3MM; in 2010, 2011, and 2012, respectively). But to lose that much money seems a bit troubling, no?

Well, those folks squawking about the losses don’t really understand financial filings too well. In 2012, as I mentioned, they had $83.3MM in revenues. They showed a loss of $35.7MM. But they had positive net cash of $21.5MM in 2012. WTF? Those numbers don’t add up, do they?

Keep in mind that bookings does not equal revenue. So FireEye figured out a way to get companies to pay them $75MM more than they could recognize in revenue due to accounting nuances. That’s listed on the balance sheet as Deferred Revenue. They had $43.7MM in current-year deferred revenue (which will be recognized over the coming 12 months), and $32.6MM in revenue deferred for longer than 12 months. And in the first half of 2013 they added another $12MM to their current deferred revenue and over $14MM to non-current deferred. To be clear, they booked a lot more than $83MM in 2012 and a lot more than $61.6MM in the first 6 months. Those revenue numbers are only the stuff they could recognize.

The difference between bookings and recognized revenue is services they sold and got paid for now, which they will recognize over the life of the subscription. These multi-year agreements are great for cash flow, but not so great for the income statement. The good news is that companies don’t pay their employees with income statements. The sell-side analysts can do the math to figure out roughly what bookings were, but my point is not to get confused by nuances of the income statement, versus what they actually sell.

To be clear, there are a number of issues with that kind of growth in sales and marketing spend. FireEye sees this as a land grab, and the best way to get land is to hire like drunken sailors, put scads of folks in the field, and try to sell product now. It is very expensive to build a global direct sales force, and it is usually done over a long period of time. Clearly FireEye sees their opportunity right now, so they are taking the express train to a huge go-to-market engine.

FireEye is making a bet, which you can see in their spending on equipment including demo units (which presumably become production appliances when customers buy). They are betting that once they get a demo box installed on a customer site they will close the deal. They spent $18MM on “property and equipment and demonstration units” last year. That’s a lot of hardware, folks. So they are putting reps everywhere and giving them demo units to get into customer sites before the competition.

At some point they will need to dial back the spending and show profits. Ultimately that’s what public company investors demand. But they get a pass on that for the time being because of the huge revenue growth, as well as the need to invest internationally to gain market share now. Which they had better do, because the competition is coming. Pretty much every network security vendor has a network-based malware detection device. They are all gunning for FireEye, which is why FireEye is grabbing as much real estate as they can, right now.

Clearly the market for malware detection is red hot and very high profile for enterprises of all sizes. But we don’t expect a stand-alone technology to ultimately prevail for this capability. We expect malware detection to be part of a much bigger security strategy that spans not just the perimeter network, but also endpoints. So FireEye needs a much broader story in the works, or they’ll hit the wall hard. Perhaps they will use public market currency to acquire their way to a broader product line. They have also announced an ecosystem, while remaining focused on the malware detection space. Will that be enough? Time will tell.

Listen, I’m not a stock analyst. Personally I cannot invest in the companies I cover, so I don’t have any skin in the game. But I can read a balance sheet, and FireEye is in land grab mode, spending like crazy to build global momentum. Maybe it will pay off and maybe it won’t. Maybe this S-1 is the catalyst they need for a bigger company to acquire them. Maybe they will IPO, broaden their story, and become a sustainable public company. Maybe they don’t.

But it will be fun to watch in any case.

Photo credit: “DKHouse 082” originally uploaded by May Monthong