Transforming Security Policy...
Transcript of Transforming Security Policy...
![Page 1: Transforming Security Policy Managements23.q4cdn.com/473472020/files/doc_presentations/Tufin-Investor... · a new approach Introducing a centralized security management layer that](https://reader034.fdocuments.in/reader034/viewer/2022052102/603bd3c2b6fe1e27a32f13ce/html5/thumbnails/1.jpg)
1
Transforming Security Policy Management
April 11, 2019
![Page 2: Transforming Security Policy Managements23.q4cdn.com/473472020/files/doc_presentations/Tufin-Investor... · a new approach Introducing a centralized security management layer that](https://reader034.fdocuments.in/reader034/viewer/2022052102/603bd3c2b6fe1e27a32f13ce/html5/thumbnails/2.jpg)
2
Disclaimer
This presentation contains forward-looking statements. All statements other than statements of historical fact contained in this
presentation are forward-looking statements. In some cases, you can identify forward-looking statements by terminology such
as “may,” “will,” “should,” “expects,” “plans,” “anticipates,” “believes,” “estimates,” “predicts,” “potential” or “continue” or
the negative of these terms or other comparable terminology. These statements are only current predictions and are subject to
known and unknown risks, uncertainties and other factors that may cause our or our industry’s actual results, levels of activity,
performance or achievements to be materially different from those anticipated by the forward-looking statements. Although we
believe that the expectations reflected in the forward-looking statements are reasonable, we cannot guarantee future results,
levels of activity, performance or achievements. For a description of the risks we face, see the “Risk Factors” section of the
prospectus we have filed with the Securities and Exchange Commission, which is available by visiting the SEC’s website at
www.sec.gov. Except as required by law, we are under no duty to update or revise any of the forward-looking statements,
whether as a result of new information, future events or otherwise, after the date of this presentation.
In addition to U.S. GAAP financials, this presentation includes certain non-GAAP financial measures. These non-GAAP financial
measures are in addition to, and not a substitute for or superior to, measures of financial performance prepared in accordance
with U.S. GAAP. These non-GAAP measures are in addition to, and not a substitute or superior to, measures of financial
performance prepared in accordance with GAAP. A reconciliation of non-GAAP measures to the most directly comparable
GAAP measures is contained in the appendix to this presentation.
This presentation contains statistical data that we obtained from industry publications and reports generated by third parties.
Although we believe that the publications and reports are reliable, we have not independently verified this statistical data.
The trademarks included herein are the property of the owners thereof and are used for reference purposes only. Such use
should not be construed as an endorsement of our products or services.
![Page 3: Transforming Security Policy Managements23.q4cdn.com/473472020/files/doc_presentations/Tufin-Investor... · a new approach Introducing a centralized security management layer that](https://reader034.fdocuments.in/reader034/viewer/2022052102/603bd3c2b6fe1e27a32f13ce/html5/thumbnails/3.jpg)
3
We are the Security Policy Company
Who can talk to whom? What can talk to what?
2,000+Global Customers2
424Employees1
$85MTotal Revenue1
30%+Revenue Growth1
90%+Maintenance
Renewal Rates1
1 12 months ended December 31, 20182 Since inception
80%+Gross Margin1
![Page 4: Transforming Security Policy Managements23.q4cdn.com/473472020/files/doc_presentations/Tufin-Investor... · a new approach Introducing a centralized security management layer that](https://reader034.fdocuments.in/reader034/viewer/2022052102/603bd3c2b6fe1e27a32f13ce/html5/thumbnails/4.jpg)
4
Investment Highlights
Pioneering a policy-centric and automation-based approach to managing Security and DevOps
Diverse, blue-chip enterprise customer base with significant opportunity for further expansion
Uniquely positioned to capitalize on a largely untapped $10bn+ security policy management market
Founder-led management team focused on innovation and with a proven track record of executing
on growth opportunity
Strong revenue growth coupled with balanced financial discipline
Best-in-class suite of solutions transform security posture, enable continuous compliance and
enhance business agility
Centralized, real-time visibility of connectivity and security vulnerability across native, virtual and
cloud environments
![Page 5: Transforming Security Policy Managements23.q4cdn.com/473472020/files/doc_presentations/Tufin-Investor... · a new approach Introducing a centralized security management layer that](https://reader034.fdocuments.in/reader034/viewer/2022052102/603bd3c2b6fe1e27a32f13ce/html5/thumbnails/5.jpg)
5
Enterprises are rapidly adopting Cloud and IoT – resulting in
complex, fragmented networks and a huge attack surface
In response, enterprises continue to implement additional firewalls
and other security measures but most lack effective,
comprehensive and automated policy management
![Page 6: Transforming Security Policy Managements23.q4cdn.com/473472020/files/doc_presentations/Tufin-Investor... · a new approach Introducing a centralized security management layer that](https://reader034.fdocuments.in/reader034/viewer/2022052102/603bd3c2b6fe1e27a32f13ce/html5/thumbnails/6.jpg)
6
Manual approaches cannot address today’s challenges
Growing complexity
of software-defined
networks
Evolving regulatory
and compliance
requirements
Increasing
frequency and
sophistication of
cyberattacks
Accelerating pace
of application
development and
deployment
![Page 7: Transforming Security Policy Managements23.q4cdn.com/473472020/files/doc_presentations/Tufin-Investor... · a new approach Introducing a centralized security management layer that](https://reader034.fdocuments.in/reader034/viewer/2022052102/603bd3c2b6fe1e27a32f13ce/html5/thumbnails/7.jpg)
7
Cybersecurity and network ops require a new approach
Introducing a centralized security management
layer that analyzes, defines and implements
enterprise-specific security policies
Policy-centric security
Automation of networkchanges
Data-driven Open and extensible framework
We have developed highly differentiated technology with four main pillars:
![Page 8: Transforming Security Policy Managements23.q4cdn.com/473472020/files/doc_presentations/Tufin-Investor... · a new approach Introducing a centralized security management layer that](https://reader034.fdocuments.in/reader034/viewer/2022052102/603bd3c2b6fe1e27a32f13ce/html5/thumbnails/8.jpg)
8
Tufin Value Proposition
Reduce complexity of managing hybrid and
fragmented networks
Implement security changes in minutes
instead of days
Ensure continuous compliance with security
standards
Enable agile software development through
tailored DevOps functionality
Maximize Agility & Security with
Security Policy Orchestration
![Page 9: Transforming Security Policy Managements23.q4cdn.com/473472020/files/doc_presentations/Tufin-Investor... · a new approach Introducing a centralized security management layer that](https://reader034.fdocuments.in/reader034/viewer/2022052102/603bd3c2b6fe1e27a32f13ce/html5/thumbnails/9.jpg)
9
Highly innovative, broad suite of solutions
SecureTrack™ SecureChange™ SecureApp™
(2004) (2009) (2012) (Apr 2018) (Nov 2018)
Firewall & Security
Policy
Management
Network Security
Change
Automation
Application
Connectivity
Management
Security
Automation for
Containers &
Microservices
Security
Automation for
Public Clouds
FOUNDATIONAL AUTOMATION CLOUD-NATIVE
![Page 10: Transforming Security Policy Managements23.q4cdn.com/473472020/files/doc_presentations/Tufin-Investor... · a new approach Introducing a centralized security management layer that](https://reader034.fdocuments.in/reader034/viewer/2022052102/603bd3c2b6fe1e27a32f13ce/html5/thumbnails/10.jpg)
10
Built for hybrid enterprise environments
Enterprise IT
SecureApp™
SecureChange™
SecureTrack™
Cloud-Native
IT ServiceManagement
Other3rd Party
Solutions
Scripting & Automation
Firewalls Public CloudPrivate CloudNetworks
Unified Security Policy
RE
ST
AP
Is
IT OperationsEnterprise Applications
DevOps
CodeRepositories
CI/CD Tools
Containers
Collectors and Provisioning Engines
Analysis Engines
![Page 11: Transforming Security Policy Managements23.q4cdn.com/473472020/files/doc_presentations/Tufin-Investor... · a new approach Introducing a centralized security management layer that](https://reader034.fdocuments.in/reader034/viewer/2022052102/603bd3c2b6fe1e27a32f13ce/html5/thumbnails/11.jpg)
11
Tufin addresses a massive, high-growth emerging market
$2.9B2 $1.2B3$6.2B1
ANNUAL OPPORTUNITY = $10.3B4
1. Bottoms-up analysis is calculated using total number of firewalls within various customer segments (High End, Large Enterprise, Mid Enterprise, and SMB), level of compliance and automation need within each
customer segment, and average compliance and automation spend per firewall.
2. Annual TAM represents an assumed 5% of orchestration spend based on annual public IaaS & PaaS markets.
3. Annual TAM represents management assumptions of security management spend based on Vmware NSX and Cisco ACI sales
4. 2019; management estimates and third party research.
Physical Network Public Cloud Security
OrchestrationPrivate Cloud
SDN Orchestration
![Page 12: Transforming Security Policy Managements23.q4cdn.com/473472020/files/doc_presentations/Tufin-Investor... · a new approach Introducing a centralized security management layer that](https://reader034.fdocuments.in/reader034/viewer/2022052102/603bd3c2b6fe1e27a32f13ce/html5/thumbnails/12.jpg)
12
Go-to-market strategy
Annual and Multiyear Renewals
Payable in Advance
Mid-Market
Top 2000-6000
Enterprise
Top 2000
Recurring Revenue
Inside
SalesCentralized Territory
Direct RegionalTarget
Accounts
Channel
CSIs
Our products and services are
sold through our field and
inside sales teams and global
network of approximately
150 active channel
partners
![Page 13: Transforming Security Policy Managements23.q4cdn.com/473472020/files/doc_presentations/Tufin-Investor... · a new approach Introducing a centralized security management layer that](https://reader034.fdocuments.in/reader034/viewer/2022052102/603bd3c2b6fe1e27a32f13ce/html5/thumbnails/13.jpg)
13
Land and expand across the network stack
Platforms
Customer Adoption
Evolution
SecureTrack™
SecureChange™
SecureApp™
Firewalls Public CloudPrivate CloudNetworks
Application Connectivity
Change Automation
Compliance
![Page 14: Transforming Security Policy Managements23.q4cdn.com/473472020/files/doc_presentations/Tufin-Investor... · a new approach Introducing a centralized security management layer that](https://reader034.fdocuments.in/reader034/viewer/2022052102/603bd3c2b6fe1e27a32f13ce/html5/thumbnails/14.jpg)
14
FINANCE COMMUNICATION MANUFACTURING ENERGY HEALTHCARE & PHARMA RETAIL
2,000+ Customers Worldwide1
1. Since inception.
![Page 15: Transforming Security Policy Managements23.q4cdn.com/473472020/files/doc_presentations/Tufin-Investor... · a new approach Introducing a centralized security management layer that](https://reader034.fdocuments.in/reader034/viewer/2022052102/603bd3c2b6fe1e27a32f13ce/html5/thumbnails/15.jpg)
15
Tufin Competitive Differentiation
Market leadership and proven track-record of success
Clear ROI over manual, error-prone spreadsheets that
cannot keep pace with today’s application delivery cycle
First-to-market with automation and superior topology
mapping vs. competition
Vendor-agnostic, scalable enterprise-grade solutions
Customer-first approach with premium support
services
10+ years of innovation
Mission critical in today’s
Cybersecurity and DevOps
environments
1000s of Network Devices
(e.g., Firewalls, Routers)
Integration, Customization,
Optimization, Training
Source: Company information.
![Page 16: Transforming Security Policy Managements23.q4cdn.com/473472020/files/doc_presentations/Tufin-Investor... · a new approach Introducing a centralized security management layer that](https://reader034.fdocuments.in/reader034/viewer/2022052102/603bd3c2b6fe1e27a32f13ce/html5/thumbnails/16.jpg)
16
Case Study
THE PROBLEM
• Takes days to plan and implement
network security policy changes
• Lack visibility into accuracy of changes in
network of more than 700 firewalls
THE RESULT
THE SOLUTION
SecureChange™
SecureTrack™
Boosted agility, security
and productivity
• Changes are automated and
implemented in 1 hour
• Improved overall security
posture through well-defined
processes
• Enabled team to free up
resources to address
strategic projectsSecureApp™
![Page 17: Transforming Security Policy Managements23.q4cdn.com/473472020/files/doc_presentations/Tufin-Investor... · a new approach Introducing a centralized security management layer that](https://reader034.fdocuments.in/reader034/viewer/2022052102/603bd3c2b6fe1e27a32f13ce/html5/thumbnails/17.jpg)
17
Land-and-expand
• Upsell within install
base
Huge untapped
market in Global
2000
• White space in
large enterprises
Long tail – smaller enterprise accounts
• Building Inside Sales
for high velocity
sales model
New markets and verticals
• Recently entered
Japan
• New federal program
• New MSSP offering
Cloud & DevOps
• Address new use
cases in cloud and
DevOps ecosystem
Substantial growth drivers
![Page 18: Transforming Security Policy Managements23.q4cdn.com/473472020/files/doc_presentations/Tufin-Investor... · a new approach Introducing a centralized security management layer that](https://reader034.fdocuments.in/reader034/viewer/2022052102/603bd3c2b6fe1e27a32f13ce/html5/thumbnails/18.jpg)
18
Experienced management team
Ruvi Kitov
CEO, Chairman &
Co-Founder
Reuven Harrison
CTO & Co-Founder
Jack Wakileh
CFO
Pat Walsh
CMO
Kevin Maloney
SVP, Sales
Shaily Hamenahem
VP, Human Resources
Yoram Gronich
VP, R&D
Ofer Or
VP, Products
Pamela Cyr
SVP, Business
Development
Raj Motwane
VP, Global Services &
Support
![Page 19: Transforming Security Policy Managements23.q4cdn.com/473472020/files/doc_presentations/Tufin-Investor... · a new approach Introducing a centralized security management layer that](https://reader034.fdocuments.in/reader034/viewer/2022052102/603bd3c2b6fe1e27a32f13ce/html5/thumbnails/19.jpg)
Financial overview
![Page 20: Transforming Security Policy Managements23.q4cdn.com/473472020/files/doc_presentations/Tufin-Investor... · a new approach Introducing a centralized security management layer that](https://reader034.fdocuments.in/reader034/viewer/2022052102/603bd3c2b6fe1e27a32f13ce/html5/thumbnails/20.jpg)
20
Financial highlights
Rapid Revenue
Growth• 30%+ historical growth1
Attractive Customer
Economics
• Strong land and expand model; ~60% of revenue from existing
customers1
• Increasing spend from large enterprises1
• 90%+ maintenance renewal rates1
Diverse Base
with Significant
Expansion Opportunity
• Includes 15% of the Global 20002
• $201k avg. spend from Global 2000 customers, excl. maintenance
renewals1
• Geographically diverse revenue base
Strong Capital
Management
• Historically operating at or near breakeven
• Only ~$28mm in capital raised since inception
• Strategic investments to drive growth and support increasing scale
1 12 months ended December 31, 20182 Accounts since inception with over $50k LTV as of December 31, 2018, based on 2018 Global 2000
![Page 21: Transforming Security Policy Managements23.q4cdn.com/473472020/files/doc_presentations/Tufin-Investor... · a new approach Introducing a centralized security management layer that](https://reader034.fdocuments.in/reader034/viewer/2022052102/603bd3c2b6fe1e27a32f13ce/html5/thumbnails/21.jpg)
21
Our financial model
Composition of Total Revenue ($mm)
3143
28
376
5
65
85
2017 2018
Product
Maintenance and support
Professional services
57%
38%
5%
Americas EMEA APAC
Total Revenue by Geography1
6%
44%
50%
% of total
1 12 months ended December 31, 2018
32%
• ‘Stickiness’ of product lends to high renewal rate and revenue transparency
• Diversified revenue streams across industries and geographies
• Large, growing maintenance base
![Page 22: Transforming Security Policy Managements23.q4cdn.com/473472020/files/doc_presentations/Tufin-Investor... · a new approach Introducing a centralized security management layer that](https://reader034.fdocuments.in/reader034/viewer/2022052102/603bd3c2b6fe1e27a32f13ce/html5/thumbnails/22.jpg)
22
12 13
15
24
18 19 19
29
Rapid revenue growth ($mm)
44%45%%
28%
Gross margin: 84% 80% 83% 86% 85% 83% 88%
Q1’17 Q1’18 Q2’17 Q2’18 Q3’17 Q3’18 Q4’17
20%
Q4’18
![Page 23: Transforming Security Policy Managements23.q4cdn.com/473472020/files/doc_presentations/Tufin-Investor... · a new approach Introducing a centralized security management layer that](https://reader034.fdocuments.in/reader034/viewer/2022052102/603bd3c2b6fe1e27a32f13ce/html5/thumbnails/23.jpg)
23
Growth potential as enterprises adopt our approach
• Greenfield:
Only 15% of the Global 2000 are
currently customers1
• Expansion:
Significant parts of current customers'
networks are not yet covered by Tufin
• Up-sell:
Approximately 50% of current
customers have yet to adopt
Automation
149
153
1698
GLOBAL 2000 ACCOUNT PENETRATION(# OF ACCOUNTS)1
Tufin Compliance-only customers
Tufin Automation customers
Global 2000 prospects
1 Accounts since inception with over $50k LTV as of December 31, 2018, based on 2018 Global 2000
![Page 24: Transforming Security Policy Managements23.q4cdn.com/473472020/files/doc_presentations/Tufin-Investor... · a new approach Introducing a centralized security management layer that](https://reader034.fdocuments.in/reader034/viewer/2022052102/603bd3c2b6fe1e27a32f13ce/html5/thumbnails/24.jpg)
24
Strong Gross Profit Margins
Gross profit margin (%)
89%
93%95%
97%
92%
96%95% 95%
79%
74%
78%76%
73%
75%73% 74%
84%83%
85%
88%
82%
85%83%
86%
Q1'17 Q2'17 Q3'17 Q4'17 Q1'18 Q2'18 Q3'18 Q4'18
Product
Maint. & PS
Total
![Page 25: Transforming Security Policy Managements23.q4cdn.com/473472020/files/doc_presentations/Tufin-Investor... · a new approach Introducing a centralized security management layer that](https://reader034.fdocuments.in/reader034/viewer/2022052102/603bd3c2b6fe1e27a32f13ce/html5/thumbnails/25.jpg)
25
NEW
CUSTOMERS
EXISTING
CUSTOMERS
* Not Including renewals
Growth driven by proven land and expand model
~60% of revenue from existing customers1
1 12 months ended December 31, 2018
2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018
Customer spend generated from annual
end-customer cohorts ($000s) *
![Page 26: Transforming Security Policy Managements23.q4cdn.com/473472020/files/doc_presentations/Tufin-Investor... · a new approach Introducing a centralized security management layer that](https://reader034.fdocuments.in/reader034/viewer/2022052102/603bd3c2b6fe1e27a32f13ce/html5/thumbnails/26.jpg)
26
Strategic investments for growth1
R&D as % of Revenue
(%)
S&M as % of Revenue
(%)
G&A as % of Revenue
(%)
26%24%
2017 2018
53% 53%
2017 2018
7% 7%
2017 2018
• Positioned to maintain
technology leadership
• Accelerated investment
levels in sales force to
address market opportunity
and expand into new
territories
• Positioned to support
increasing scale
Non-GAAP operating
income (loss) (%)
(0%)1%
2017 2018
• Improving margin profile
1. Non-GAAP, for the 12 months ended December.
Note: Please see Appendix for calculations of non-GAAP financial measures and GAAP reconciliations.
![Page 27: Transforming Security Policy Managements23.q4cdn.com/473472020/files/doc_presentations/Tufin-Investor... · a new approach Introducing a centralized security management layer that](https://reader034.fdocuments.in/reader034/viewer/2022052102/603bd3c2b6fe1e27a32f13ce/html5/thumbnails/27.jpg)
Appendix
![Page 28: Transforming Security Policy Managements23.q4cdn.com/473472020/files/doc_presentations/Tufin-Investor... · a new approach Introducing a centralized security management layer that](https://reader034.fdocuments.in/reader034/viewer/2022052102/603bd3c2b6fe1e27a32f13ce/html5/thumbnails/28.jpg)
28
GAAP to non-GAAP reconciliation
(1) Non-GAAP operating loss is a non-GAAP financial measure. We define non-GAAP operating loss as operating profit excluding share-based compensation expense. Because of varying available valuation methodologies, subjective
assumptions and the variety of equity instruments that can impact a company’s non-cash expense, we believe that providing non-GAAP financial measures that exclude non-cash share-based compensation expense allows for more meaningful
comparisons between our operating results from period to period. This non-GAAP financial measure is an important tool for financial and operational decision-making and for evaluating our operating results over different periods.
2017 2018
GAAPShare-based
compensation
Non-
GAAPGAAP
Share-based
compensation
Non-
GAAP
Gross Margin 85.3% 0.5% 85.8% 84.2% 0.7% 84.9%
Research and development expenses (in thousands) $ 17,672 $ (660) $ 17,012 $ 21,363 $ (731) $ 20,632
Sales and marketing expenses (in thousands) $ 35,042 $ (765) $ 34,277 $ 46,092 $ (1,458) $ 44,634
General and administrative expenses (in thousands) $ 4,608 $ (353) $ 4,255 $ 6,022 $ (358) $ 5,664
Operating Margin (3.5)% 3.3% (0.2)% (2.3)% 3.7% 1.5%
Reconciliation of Operating Loss to Non-GAAP Operating Loss:
Operating loss $ (2,262) $ (1,932)
Add: share based compensation $ 2,110 $ 3,181
Non-GAAP operating loss(1) $ (152) $ 1,249
Year ended December 31,
2017(in thousands)
2018(in thousands)