1

Transforming Security Policy Management

April 11, 2019

2

Disclaimer

This presentation contains forward-looking statements. All statements other than statements of historical fact contained in this

presentation are forward-looking statements. In some cases, you can identify forward-looking statements by terminology such

as “may,” “will,” “should,” “expects,” “plans,” “anticipates,” “believes,” “estimates,” “predicts,” “potential” or “continue” or

the negative of these terms or other comparable terminology. These statements are only current predictions and are subject to

known and unknown risks, uncertainties and other factors that may cause our or our industry’s actual results, levels of activity,

performance or achievements to be materially different from those anticipated by the forward-looking statements. Although we

believe that the expectations reflected in the forward-looking statements are reasonable, we cannot guarantee future results,

levels of activity, performance or achievements. For a description of the risks we face, see the “Risk Factors” section of the

prospectus we have filed with the Securities and Exchange Commission, which is available by visiting the SEC’s website at

www.sec.gov. Except as required by law, we are under no duty to update or revise any of the forward-looking statements,

whether as a result of new information, future events or otherwise, after the date of this presentation.

In addition to U.S. GAAP financials, this presentation includes certain non-GAAP financial measures. These non-GAAP financial

measures are in addition to, and not a substitute for or superior to, measures of financial performance prepared in accordance

with U.S. GAAP. These non-GAAP measures are in addition to, and not a substitute or superior to, measures of financial

performance prepared in accordance with GAAP. A reconciliation of non-GAAP measures to the most directly comparable

GAAP measures is contained in the appendix to this presentation.

This presentation contains statistical data that we obtained from industry publications and reports generated by third parties.

Although we believe that the publications and reports are reliable, we have not independently verified this statistical data.

The trademarks included herein are the property of the owners thereof and are used for reference purposes only. Such use

should not be construed as an endorsement of our products or services.

3

We are the Security Policy Company

Who can talk to whom? What can talk to what?

2,000+Global Customers2

424Employees1

$85MTotal Revenue1

30%+Revenue Growth1

90%+Maintenance

Renewal Rates1

1 12 months ended December 31, 20182 Since inception

80%+Gross Margin1

4

Investment Highlights

Pioneering a policy-centric and automation-based approach to managing Security and DevOps

Diverse, blue-chip enterprise customer base with significant opportunity for further expansion

Uniquely positioned to capitalize on a largely untapped $10bn+ security policy management market

Founder-led management team focused on innovation and with a proven track record of executing

on growth opportunity

Strong revenue growth coupled with balanced financial discipline

Best-in-class suite of solutions transform security posture, enable continuous compliance and

enhance business agility

Centralized, real-time visibility of connectivity and security vulnerability across native, virtual and

cloud environments

5

Enterprises are rapidly adopting Cloud and IoT – resulting in

complex, fragmented networks and a huge attack surface

In response, enterprises continue to implement additional firewalls

and other security measures but most lack effective,

comprehensive and automated policy management

6

Manual approaches cannot address today’s challenges

Growing complexity

of software-defined

networks

Evolving regulatory

and compliance

requirements

Increasing

frequency and

sophistication of

cyberattacks

Accelerating pace

of application

development and

deployment

7

Cybersecurity and network ops require a new approach

Introducing a centralized security management

layer that analyzes, defines and implements

enterprise-specific security policies

Policy-centric security

Automation of networkchanges

Data-driven Open and extensible framework

We have developed highly differentiated technology with four main pillars:

8

Tufin Value Proposition

Reduce complexity of managing hybrid and

fragmented networks

Implement security changes in minutes

instead of days

Ensure continuous compliance with security

standards

Enable agile software development through

tailored DevOps functionality

Maximize Agility & Security with

Security Policy Orchestration

9

Highly innovative, broad suite of solutions

SecureTrack™ SecureChange™ SecureApp™

(2004) (2009) (2012) (Apr 2018) (Nov 2018)

Firewall & Security

Policy

Management

Network Security

Change

Automation

Application

Connectivity

Management

Security

Automation for

Containers &

Microservices

Security

Automation for

Public Clouds

FOUNDATIONAL AUTOMATION CLOUD-NATIVE

10

Built for hybrid enterprise environments

Enterprise IT

SecureApp™

SecureChange™

SecureTrack™

Cloud-Native

IT ServiceManagement

Other3rd Party

Solutions

Scripting & Automation

Firewalls Public CloudPrivate CloudNetworks

Unified Security Policy

RE

ST

AP

Is

IT OperationsEnterprise Applications

DevOps

CodeRepositories

CI/CD Tools

Containers

Collectors and Provisioning Engines

Analysis Engines

11

Tufin addresses a massive, high-growth emerging market

$2.9B2 $1.2B3$6.2B1

ANNUAL OPPORTUNITY = $10.3B4

1. Bottoms-up analysis is calculated using total number of firewalls within various customer segments (High End, Large Enterprise, Mid Enterprise, and SMB), level of compliance and automation need within each

customer segment, and average compliance and automation spend per firewall.

2. Annual TAM represents an assumed 5% of orchestration spend based on annual public IaaS & PaaS markets.

3. Annual TAM represents management assumptions of security management spend based on Vmware NSX and Cisco ACI sales

4. 2019; management estimates and third party research.

Physical Network Public Cloud Security

OrchestrationPrivate Cloud

SDN Orchestration

12

Go-to-market strategy

Annual and Multiyear Renewals

Payable in Advance

Mid-Market

Top 2000-6000

Enterprise

Top 2000

Recurring Revenue

Inside

SalesCentralized Territory

Direct RegionalTarget

Accounts

Channel

CSIs

Our products and services are

sold through our field and

inside sales teams and global

network of approximately

150 active channel

partners

13

Land and expand across the network stack

Platforms

Customer Adoption

Evolution

SecureTrack™

SecureChange™

SecureApp™

Firewalls Public CloudPrivate CloudNetworks

Application Connectivity

Change Automation

Compliance

14

FINANCE COMMUNICATION MANUFACTURING ENERGY HEALTHCARE & PHARMA RETAIL

2,000+ Customers Worldwide1

1. Since inception.

15

Tufin Competitive Differentiation

Market leadership and proven track-record of success

Clear ROI over manual, error-prone spreadsheets that

cannot keep pace with today’s application delivery cycle

First-to-market with automation and superior topology

mapping vs. competition

Vendor-agnostic, scalable enterprise-grade solutions

Customer-first approach with premium support

services

10+ years of innovation

Mission critical in today’s

Cybersecurity and DevOps

environments

1000s of Network Devices

(e.g., Firewalls, Routers)

Integration, Customization,

Optimization, Training

Source: Company information.

16

Case Study

THE PROBLEM

• Takes days to plan and implement

network security policy changes

• Lack visibility into accuracy of changes in

network of more than 700 firewalls

THE RESULT

THE SOLUTION

SecureChange™

SecureTrack™

Boosted agility, security

and productivity

• Changes are automated and

implemented in 1 hour

• Improved overall security

posture through well-defined

processes

• Enabled team to free up

resources to address

strategic projectsSecureApp™

17

Land-and-expand

• Upsell within install

base

Huge untapped

market in Global

2000

• White space in

large enterprises

Long tail – smaller enterprise accounts

• Building Inside Sales

for high velocity

sales model

New markets and verticals

• Recently entered

Japan

• New federal program

• New MSSP offering

Cloud & DevOps

• Address new use

cases in cloud and

DevOps ecosystem

Substantial growth drivers

18

Experienced management team

Ruvi Kitov

CEO, Chairman &

Co-Founder

Reuven Harrison

CTO & Co-Founder

Jack Wakileh

CFO

Pat Walsh

CMO

Kevin Maloney

SVP, Sales

Shaily Hamenahem

VP, Human Resources

Yoram Gronich

VP, R&D

Ofer Or

VP, Products

Pamela Cyr

SVP, Business

Development

Raj Motwane

VP, Global Services &

Support

Financial overview

20

Financial highlights

Rapid Revenue

Growth• 30%+ historical growth1

Attractive Customer

Economics

• Strong land and expand model; ~60% of revenue from existing

customers1

• Increasing spend from large enterprises1

• 90%+ maintenance renewal rates1

Diverse Base

with Significant

Expansion Opportunity

• Includes 15% of the Global 20002

• $201k avg. spend from Global 2000 customers, excl. maintenance

renewals1

• Geographically diverse revenue base

Strong Capital

Management

• Historically operating at or near breakeven

• Only ~$28mm in capital raised since inception

• Strategic investments to drive growth and support increasing scale

1 12 months ended December 31, 20182 Accounts since inception with over $50k LTV as of December 31, 2018, based on 2018 Global 2000

21

Our financial model

Composition of Total Revenue ($mm)

3143

28

376

5

65

85

2017 2018

Product

Maintenance and support

Professional services

57%

38%

5%

Americas EMEA APAC

Total Revenue by Geography1

6%

44%

50%

% of total

1 12 months ended December 31, 2018

32%

• ‘Stickiness’ of product lends to high renewal rate and revenue transparency

• Diversified revenue streams across industries and geographies

• Large, growing maintenance base

22

12 13

15

24

18 19 19

29

Rapid revenue growth ($mm)

44%45%%

28%

Gross margin: 84% 80% 83% 86% 85% 83% 88%

Q1’17 Q1’18 Q2’17 Q2’18 Q3’17 Q3’18 Q4’17

20%

Q4’18

23

Growth potential as enterprises adopt our approach

• Greenfield:

Only 15% of the Global 2000 are

currently customers1

• Expansion:

Significant parts of current customers'

networks are not yet covered by Tufin

• Up-sell:

Approximately 50% of current

customers have yet to adopt

Automation

149

153

1698

GLOBAL 2000 ACCOUNT PENETRATION(# OF ACCOUNTS)1

Tufin Compliance-only customers

Tufin Automation customers

Global 2000 prospects

1 Accounts since inception with over $50k LTV as of December 31, 2018, based on 2018 Global 2000

24

Strong Gross Profit Margins

Gross profit margin (%)

89%

93%95%

97%

92%

96%95% 95%

79%

74%

78%76%

73%

75%73% 74%

84%83%

85%

88%

82%

85%83%

86%

Q1'17 Q2'17 Q3'17 Q4'17 Q1'18 Q2'18 Q3'18 Q4'18

Product

Maint. & PS

Total

25

NEW

CUSTOMERS

EXISTING

CUSTOMERS

* Not Including renewals

Growth driven by proven land and expand model

~60% of revenue from existing customers1

1 12 months ended December 31, 2018

2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018

Customer spend generated from annual

end-customer cohorts ($000s) *

26

Strategic investments for growth1

R&D as % of Revenue

(%)

S&M as % of Revenue

(%)

G&A as % of Revenue

(%)

26%24%

2017 2018

53% 53%

2017 2018

7% 7%

2017 2018

• Positioned to maintain

technology leadership

• Accelerated investment

levels in sales force to

address market opportunity

and expand into new

territories

• Positioned to support

increasing scale

Non-GAAP operating

income (loss) (%)

(0%)1%

2017 2018

• Improving margin profile

1. Non-GAAP, for the 12 months ended December.

Note: Please see Appendix for calculations of non-GAAP financial measures and GAAP reconciliations.

Appendix

28

GAAP to non-GAAP reconciliation

(1) Non-GAAP operating loss is a non-GAAP financial measure. We define non-GAAP operating loss as operating profit excluding share-based compensation expense. Because of varying available valuation methodologies, subjective

assumptions and the variety of equity instruments that can impact a company’s non-cash expense, we believe that providing non-GAAP financial measures that exclude non-cash share-based compensation expense allows for more meaningful

comparisons between our operating results from period to period. This non-GAAP financial measure is an important tool for financial and operational decision-making and for evaluating our operating results over different periods.

2017 2018

GAAPShare-based

compensation

Non-

GAAPGAAP

Share-based

compensation

Non-

GAAP

Gross Margin 85.3% 0.5% 85.8% 84.2% 0.7% 84.9%

Research and development expenses (in thousands) $ 17,672 $ (660) $ 17,012 $ 21,363 $ (731) $ 20,632

Sales and marketing expenses (in thousands) $ 35,042 $ (765) $ 34,277 $ 46,092 $ (1,458) $ 44,634

General and administrative expenses (in thousands) $ 4,608 $ (353) $ 4,255 $ 6,022 $ (358) $ 5,664

Operating Margin (3.5)% 3.3% (0.2)% (2.3)% 3.7% 1.5%

Reconciliation of Operating Loss to Non-GAAP Operating Loss:

Operating loss $ (2,262) $ (1,932)

Add: share based compensation $ 2,110 $ 3,181

Non-GAAP operating loss(1) $ (152) $ 1,249

Year ended December 31,

2017(in thousands)

2018(in thousands)