transforming security policy management · firewall & security policy management network...
TRANSCRIPT
1
Transforming Security Policy Management
September 2019
2
DisclaimerThis presentation contains forward-looking statements. All statements other than statements of historical fact contained
in this presentation are forward-looking statements. In some cases, you can identify forward-looking statements by
terminology such as “may,” “will,” “should,” “expects,” “plans,” “anticipates,” “believes,” “estimates,” “predicts,”
“potential” or “continue” or the negative of these terms or other comparable terminology. These statements are only
current predictions and are subject to known and unknown risks, uncertainties and other factors that may cause our or
our industry’s actual results, levels of activity, performance or achievements to be materially different from those
anticipated by the forward-looking statements. Although we believe that the expectations reflected in the forward-looking
statements are reasonable, we cannot guarantee future results, levels of activity, performance or achievements. For a
description of the risks we face, see the “Risk Factors” section of the prospectus we have filed with the Securities and
Exchange Commission, which is available by visiting the SEC’s website at www.sec.gov. Except as required by law, we
are under no duty to update or revise any of the forward-looking statements, whether as a result of new information, future events or otherwise, after the date of this presentation.
In addition to U.S. GAAP financials, this presentation includes certain non-GAAP financial measures. These non-GAAP
financial measures are in addition to, and not a substitute for or superior to, measures of financial performance prepared
in accordance with U.S. GAAP. These non-GAAP measures are in addition to, and not a substitute or superior to,
measures of financial performance prepared in accordance with GAAP. A reconciliation of non-GAAP measures to the most directly comparable GAAP measures is contained in the appendix to this presentation.
This presentation contains statistical data that we obtained from industry publications and reports generated by third
parties. Although we believe that the publications and reports are reliable, we have not independently verified this statistical data.
The trademarks included herein are the property of the owners thereof and are used for reference purposes only. Such use should not be construed as an endorsement of our products or services.
3
We are the Security Policy Company
Who can talk to whom? What can talk to what?
2,000+Global Customers2
424Employees3
$96MTotal Revenue1
30%+Revenue Growth1
90%+Maintenance
Renewal Rates3
1 12 months ended June 30, 20192 Since inception 3 As of 12 months ended December 31, 2018
80%+Gross Margin1
4
Investment Highlights
Pioneering a policy-centric and automation-based approach to managing Security and DevOps
Diverse, blue-chip enterprise customer base with significant opportunity for further expansion
Uniquely positioned to capitalize on a largely untapped $10bn+ security policy management market
Founder-led management team focused on innovation and with a proven track record of executing
on growth opportunity
Strong revenue growth coupled with balanced financial discipline
Best-in-class suite of solutions transform security posture, enable continuous compliance and
enhance business agility
Centralized, real-time visibility of connectivity and security vulnerability across native, virtual and
cloud environments
5
Highlights since IPO
Financial performance Continued product leadership Attracting talented management
✓ Released TOS R19-1 & R19-2
✓ Expanded TAP program to
include Demisto, EfficientIP,
Fortress, Infoblox and Splunk
Phantom
✓ Exceeded the high end of guidance
for Q2 ’19 revenue
$22$25
Q1'19 Q2'19
YoY growth (%) 25% 36%
Larry Alston
GM of Cloud
Michal Lewy-Harush
CIO
6
Enterprises are rapidly adopting Cloud and IoT – resulting in
complex, fragmented networks and a huge attack surface
In response, enterprises continue to implement additional firewalls
and other security measures but most lack effective,
comprehensive and automated policy management
7
Manual approaches cannot address today’s challenges
Growing complexity
of software-defined
networks
Evolving regulatory
and compliance
requirements
Increasing
frequency and
sophistication of
cyberattacks
Accelerating pace
of application
development and
deployment
8
Cybersecurity and network ops require a new approach
Introducing a centralized security management
layer that analyzes, defines and implements
enterprise-specific security policies
Policy-centric security
Automation of networkchanges
Data-driven Open and extensible framework
We have developed highly differentiated technology with four main pillars:
9
Tufin Value Proposition
Reduce complexity of managing hybrid and
fragmented networks
Implement security changes in minutes
instead of days
Ensure continuous compliance with security
standards
Enable agile software development through
tailored DevOps functionality
Maximize Agility & Security with
Security Policy Orchestration
10
Highly innovative, broad suite of solutions
SecureTrack™ SecureChange™ SecureApp™
Firewall & Security
Policy
Management
Network Security
Change
Automation
Application
Connectivity
Management
Security
Automation for
Containers &
Microservices
Security
Automation for
Public Clouds
FOUNDATIONAL AUTOMATION CLOUD-NATIVE
11
Built for hybrid enterprise environments
Enterprise IT
SecureApp™
SecureChange™
SecureTrack™
Cloud-Native
IT ServiceManagement
Other3rd Party
Solutions
Scripting & Automation
Firewalls Public CloudPrivate CloudNetworks
Unified Security Policy
RE
ST
AP
Is
IT OperationsEnterprise Applications
DevOps
CodeRepositories
CI/CD Tools
Containers
Collectors and Provisioning Engines
Analysis Engines
12
Tufin addresses a massive, high-growth emerging market
$2.9B2 $1.2B3$6.2B1
ANNUAL OPPORTUNITY = $10.3B4
1. Bottoms-up analysis is calculated using total number of firewalls within various customer segments (High End, Large Enterprise, Mid Enterprise, and SMB), level of compliance and automation need within each
customer segment, and average compliance and automation spend per firewall.
2. Annual TAM represents an assumed 5% of orchestration spend based on annual public IaaS & PaaS markets.
3. Annual TAM represents management assumptions of security management spend based on Vmware NSX and Cisco ACI sales
4. 2019; management estimates and third party research.
Physical Network Public Cloud Security
OrchestrationPrivate Cloud
SDN Orchestration
13
Go-to-market strategy
Annual and Multiyear Renewals
Payable in Advance
Mid-Market
Top 2000-6000
Enterprise
Top 2000
Recurring Revenue
InsideSales
Centralized Territory
Direct RegionalTarget
Accounts
Channel
CSIs
Our products and services are
sold through our field and
inside sales teams and global
network of approximately
150 active channel
partners
14
Land and expand across the network stack
Platforms
Customer Adoption
Evolution
SecureTrack™
SecureChange™
SecureApp™
Firewalls Public CloudPrivate CloudNetworks
Application Connectivity
Change Automation
Compliance
15
FINANCE COMMUNICATION MANUFACTURING ENERGY HEALTHCARE & PHARMA RETAIL
2,000+ Customers Worldwide1
1. Since inception.
16
Tufin Competitive Differentiation
Market leadership and proven track-record of success
Clear ROI over manual, error-prone spreadsheets that
cannot keep pace with today’s application delivery cycle
First-to-market with automation and superior topology
mapping vs. competition
Vendor-agnostic, scalable enterprise-grade solutions
Customer-first approach with premium support
services
10+ years of innovation
Mission critical in today’s
Cybersecurity and DevOps
environments
1000s of Network Devices
(e.g., Firewalls, Routers)
Integration, Customization,
Optimization, Training
Source: Company information.
17
Case Study
THE PROBLEM
• Takes days to plan and implement
network security policy changes
• Lack visibility into accuracy of changes in
network of more than 700 firewalls
THE RESULT
THE SOLUTION
SecureChange™
SecureTrack™
Boosted agility, security
and productivity
• Changes are automated and
implemented in 1 hour
• Improved overall security
posture through well-defined
processes
• Enabled team to free up
resources to address
strategic projectsSecureApp™
18
Land-and-expand
• Upsell within install
base
Huge untapped
market in Global
2000
• White space in
large enterprises
Long tail – smaller enterprise accounts
• Building Inside Sales
for high velocity
sales model
New markets and verticals
• Recently entered
Japan
• New federal program
• New MSSP offering
Cloud & DevOps
• Address new use
cases in cloud and
DevOps ecosystem
Substantial growth drivers
19
Experienced management team
Ruvi Kitov
CEO, Chairman &
Co-Founder
Reuven Harrison
CTO & Co-Founder
Jack Wakileh
CFO
Pat Walsh
CMO
Kevin Maloney
SVP, Sales
Michal Lewy-Harush
CIO
Raj Motwane
VP, Global Services
& Support
Ofer Or
VP, Products
Pamela Cyr
SVP, Business
Development
Shaily Hamenahem
VP, Human Resources
Yoram Gronich
VP, R&D
Larry Alston
GM of Cloud
Financial overview
21
Financial highlights
Rapid Revenue
Growth
• 30%+ historical growth1
• 36% Q2’19 YoY growth
Attractive Customer
Economics
• Strong land and expand model; ~60% of revenue from existing customers1
• Increasing spend from large enterprises1
• 90%+ maintenance renewal rates1
Diverse Base
with Significant
Expansion Opportunity
• Includes 15% of the Global 20002
• $201k avg. spend from Global 2000 customers, excl. maintenance renewals1
• Geographically diverse revenue base
Strong Capital
Management
• Historically operating at or near breakeven
• Only ~$28mm in capital raised since inception prior to IPO
• $124mm IPO in April 2019
• Strategic investments to drive growth and support increasing scale
1 12 months ended December 31, 20182 Accounts since inception with over $50k LTV as of December 31, 2018, based on 2018 Global 2000
22
Our financial model
Composition of Total Revenue ($mm)
3143
28
376
5
65
85
2017 2018
Product
Maintenance and support
Professional services
57%
38%
5%
Americas EMEA APAC
Total Revenue by Geography1
6%
44%
50%
% of total
1 12 months ended December 31, 2018
32%
• ‘Stickiness’ of product lends to high renewal rate and revenue transparency
• Diversified revenue streams across industries and geographies
• Large, growing maintenance base
23
Rapid revenue growth ($mm)
13
15
24
181919 19
29
22
25
44% 36%28% 25%20%
Q2’17 Q2’18 Q3’17 Q3’18 Q1’18 Q1’19Q4’17 Q4’18 Q2’18 Q2’19
24
Growth potential as enterprises adopt our approach
• Greenfield:
Only 15% of the Global 2000 are
currently customers1
• Expansion:
Significant parts of current customers'
networks are not yet covered by Tufin
• Up-sell:
Approximately 50% of current
customers have yet to adopt
Automation
149
153
1698
GLOBAL 2000 ACCOUNT PENETRATION(# OF ACCOUNTS)1
Tufin Compliance-only customers
Tufin Automation customers
Global 2000 prospects
1 Accounts since inception with over $50k LTV as of December 31, 2018, based on 2018 Global 2000
25
Strong Gross Profit Margins
93%95%
97%
92%
96%95% 95% 95%
91%
74%
78%
76%
73%
75%
73% 74%
70%
73%
83%
85%
88%
82%
85%
83%
86%
82%
80%
Q2'17 Q3'17 Q4'17 Q1'18 Q2'18 Q3'18 Q4'18 Q1'19 Q2'19
Product Maint. & PS TotalGross profit margin (%)
26
NEW
CUSTOMERS
EXISTING
CUSTOMERS
* Not Including renewals
Growth driven by proven land and expand model
~60% of revenue from existing customers1
1 12 months ended December 31, 2018
2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018
Customer spend generated from annual
end-customer cohorts ($000s) *
27
Strategic investments for growth1
R&D as % of Revenue
(%)
S&M as % of Revenue
(%)
G&A as % of Revenue
(%)
26%24%
2017 2018
53% 53%
2017 2018
7% 7%
2017 2018
• Positioned to maintain
technology leadership
• Accelerated investment
levels in sales force to
address market opportunity
and expand into new
territories
• Positioned to support
increasing scale
Non-GAAP operating
income (loss) (%)
(0%)1%
2017 2018
• Improving margin profile
1. Non-GAAP, for the 12 months ended December.
Note: Please see Appendix for calculations of non-GAAP financial measures and GAAP reconciliations.
Appendix
29
GAAP to non-GAAP reconciliation
(1) Non-GAAP operating loss is a non-GAAP financial measure. We define non-GAAP operating loss as operating profit excluding share-based compensation expense. Because of varying available valuation methodologies, subjective
assumptions and the variety of equity instruments that can impact a company’s non-cash expense, we believe that providing non-GAAP financial measures that exclude non-cash share-based compensation expense allows for more meaningful
comparisons between our operating results from period to period. This non-GAAP financial measure is an important tool for financial and operational decision-making and for evaluating our operating results over different periods.
2017 2018
GAAPShare-based
compensation
Non-
GAAPGAAP
Share-based
compensation
Non-
GAAP
Gross Margin 85.3% 0.5% 85.8% 84.2% 0.7% 84.9%
Research and development expenses (in thousands) $ 17,672 $ (660) $ 17,012 $ 21,363 $ (731) $ 20,632
Sales and marketing expenses (in thousands) $ 35,042 $ (765) $ 34,277 $ 46,092 $ (1,458) $ 44,634
General and administrative expenses (in thousands) $ 4,608 $ (353) $ 4,255 $ 6,022 $ (358) $ 5,664
Operating Margin (3.5)% 3.3% (0.2)% (2.3)% 3.7% 1.5%
Reconciliation of Operating Loss to Non-GAAP Operating Loss:
Operating loss $ (2,262) $ (1,932)
Add: share based compensation $ 2,110 $ 3,181
Non-GAAP operating loss(1) $ (152) $ 1,249
Year ended December 31,
2017(in thousands)
2018(in thousands)