F-1/A 1 tufnf-1a2.htm F-1/A Document

As filed with the Securities and Exchange Commission on April 1, 2019 .
Registration No. 333-230109    

UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549
_____________
AMENDMENT NO. 2
TO
FORM F-1
REGISTRATION STATEMENT
UNDER THE SECURITIES ACT OF 1933
_____________
Tufin Software Technologies Ltd.
(Exact name of Registrant as specified in its charter)
_____________
Not Applicable
(Translation of Registrant’s name into English)
_____________
State of Israel
7373
Not Applicable
(State or other jurisdiction of
incorporation or organization)
(Primary Standard Industrial
Classification Code Number)
(I.R.S. Employer
Identification No.)
Tufin Software Technologies Ltd.
5 Shoham Street
Ramat-Gan 52521, Israel
+972 (3) 612-8118
(Address, including zip code, and telephone number, including area code, of Registrant’s principal executive offices)
_____________
Tufin Software North America, Inc.
2 Oliver Street, Suite 702
Boston, Massachusetts 02109-4901
+1 (877) 270-7711
(Name, address, including zip code, and telephone number, including area code, of agent for service)
_____________
Copies to:
Colin J. Diamond, Esq.
White & Case LLP
1221 Avenue of the Americas
New York, New York 10020-1095
Tel: +1 (212) 819-8200
Fax: +1 (212) 354-8113
Amir Halevy, Adv.
Perry E. Wildes, Adv.
Gross, Kleinhendler,
Hodak, Halevy, Greenberg,
Shenhav & Co.
One Azrieli Center, Round Tower
Tel Aviv 67021, Israel
Tel: +972 (3) 607-4444
Fax: +972 (3) 607-4470
Kenneth J. Gordon, Esq.
Michael J. Minahan, Esq.
Goodwin Procter LLP
100 Northern Avenue
Boston, Massachusetts 02210
Tel: +1 (617) 570-1000
Fax: +1 (617) 801-8717
Ido Zemach, Adv.
Yoni Henner, Adv.
Goldfarb Seligman & Co.
98 Yigal Alon Street
Ampa Tower
Tel Aviv 6789141, Israel
Tel: +972 (3) 608-9999
Fax: +972 (3) 608-9855
Approximate date of commencement of proposed sale to the public: As soon as practicable after effectiveness of this registration statement.
If any of the securities being registered on this Form are to be offered on a delayed or continuous basis pursuant to Rule 415 under the Securities Act of 1933, check the following box.  o
If this Form is filed to register additional securities for an offering pursuant to Rule 462(b) under the Securities Act, check the following box and list the Securities Act registration statement number of the earlier effective registration statement for the same offering.  o
If this Form is a post-effective amendment filed pursuant to Rule 462(c) under the Securities Act, check the following box and list the Securities Act registration statement number of the earlier effective registration statement for the same offering.  o
If this Form is a post-effective amendment filed pursuant to Rule 462(d) under the Securities Act, check the following box and list the Securities Act registration statement number of the earlier effective registration statement for the same offering.  o
Indicate by check mark whether the Registrant is an emerging growth company as defined in Rule 405 of the Securities Act of 1933. Emerging growth company.  x
If an emerging growth company that prepares its financial statements in accordance with U.S. GAAP, indicate by check mark if the Registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards† provided pursuant to Section 7(a)(2)(B) of the Securities Act.  x
† The term “new or revised financial accounting standard” refers to any update issued by the Financial Accounting Standards Board to its Accounting Standards Codification after April 5, 2012.
_____________
CALCULATION OF REGISTRATION FEE
Title of each class of
securities to be registered
Amount to be
registered(1)
 
Proposed maximum
aggregate offering
price per share(2)
 
Proposed maximum
aggregate offering
price(1)(2)
 
Amount of
registration fee(3)
Ordinary shares, par value NIS 0.015 per share
8,855,000
 
$14.00
 
$123,970,000
 
$15,026
 
 
 
 
 
 
 
 
(1)
Includes shares granted pursuant to the underwriters’ option to purchase additional shares. See “Underwriting.”
(2)
Estimated solely for the purpose of calculating the registration fee pursuant to Rule 457(a) under the Securities Act of 1933, as amended.
(3)
$12,120 previously paid.
The Registrant hereby amends this registration statement on such date or dates as may be necessary to delay its effective date until the Registrant shall file a further amendment which specifically states that this registration statement shall thereafter become effective in accordance with Section 8(a) of the Securities Act of 1933, as amended, or until the registration statement shall become effective on such date as the Securities and Exchange Commission, acting pursuant to such Section 8(a), may determine.
 



tufinprospectuscover.jpg



tufininsidefrontcover02.jpg




TABLE OF CONTENTS
_____________
Neither we nor the underwriters, nor any of their respective agents, have authorized anyone to provide information different from that contained in this prospectus, any amendment or supplement to this prospectus or in any free writing prospectus prepared by us or on our behalf. Neither we nor the underwriters, nor any of their respective agents, take any responsibility for, and can provide no assurance as to the reliability of, any information other than the information in this prospectus and any free writing prospectus prepared by us or on our behalf. Neither the delivery of this prospectus nor the sale of our ordinary shares means that information contained in this prospectus is correct after the date of this prospectus. This prospectus is not an offer to sell or the solicitation of an offer to buy these ordinary shares in any circumstances under which such offer or solicitation is unlawful.
For investors outside of the United States: Neither we nor the underwriters, nor any of their respective agents, have done anything that would permit this offering or possession or distribution of this prospectus in any jurisdiction where action for that purpose is required, other than in the United States. You are required to inform yourselves about, and to observe any restrictions relating to, this offering and the distribution of this prospectus outside of the United States.
References in this prospectus to the Global 2000 are to the world’s 2,000 largest public companies as published by Forbes on June 16, 2018.




SUMMARY
This summary highlights selected information contained elsewhere in this prospectus. This summary does not contain all the information that you should consider before deciding to invest in our ordinary shares. You should read the entire prospectus carefully, including “Risk Factors” and our consolidated financial statements and notes to those consolidated financial statements, before making an investment decision. In this prospectus, the terms “Tufin,” “we,” “us,” “our” and “the company” refer to Tufin Software Technologies Ltd. and its subsidiaries.
Overview
We are pioneering a policy-centric approach to security and IT operations. We transform enterprises’ security operations by helping them visualize, define and enforce a unified security policy across complex, heterogeneous IT and cloud environments. Our products govern how individuals, systems and applications are permitted to communicate and provide policy-based security automation, enabling customers to reduce the time to implement complex network changes from days to minutes. Our solutions increase business agility, eliminate errors from manual processes and ensure continuous compliance through a single console. Since our inception, our solutions have been purchased by over 2,000 customers in over 70 countries, including approximately 15% of the Global 2000.
Cybersecurity is critical for enterprises of all sizes. As enterprises embrace digital transformation and adopt new technologies such as cloud-based services, software-defined networks, microservices and containers, the IT and cloud environments become increasingly complex and vulnerable to attack. In response to the heightened threat environment, lack of a defined network perimeter and a constantly changing attack surface, enterprises continue to implement additional firewalls, endpoint security, identity and access management and other security solutions. However, we believe most enterprises lack effective and comprehensive security policy management, which results in a trade-off between the necessary security posture and business requirements for speed, agility and innovation.
We believe a new approach to enterprise security is necessary: a data-driven framework centered on policy management and operationalized through policy-based automation, enhancing compliance and security while improving operational efficiency. To address this need, we have developed highly differentiated technology with four main pillars:
Policy-centric approach. We enable enterprises to visualize, define and enforce a unified security policy that acts as the foundation of governance and control, replacing ad-hoc configurations across fragmented networks.
Automation of network changes. We automate the network change process across complex, heterogeneous environments, increasing business agility, enabling faster application deployment and reducing human error.
Data-driven. Our approach draws data from across a customer’s IT and cloud environments, providing insights on connectivity and end-to-end visibility across the network.
Open and extensible framework. Our open solutions serve as a centralized control layer for our customers’ networks and can connect to a wide range of third-party technologies through application program interfaces, or APIs.
We offer five products that comprise the Tufin Orchestration Suite: SecureTrack, SecureChange, SecureApp and, most recently, Orca and Iris. SecureTrack, SecureChange and SecureApp enable enterprises to visualize, define and enforce their security policy across heterogeneous networks, both on premise and in the cloud. SecureTrack serves as the foundation of SecureChange and SecureApp. SecureTrack provides visibility across the network and helps organizations define a unified security policy and maintain compliance. SecureChange provides customers with the ability to automate changes across the network while maintaining compliance with policy and security standards. SecureApp provides

1



application connectivity management and streamlines communication between application developers and network engineers. Our newest products, Orca and Iris, provide cloud-based security automation solutions in response to the growth of containers and cloud-native environments.
We sell our products and services through our sales force, including our field sales team and our inside sales team, which works closely with our global network of approximately 140 active channel partners. Our channel partners include distributors and resellers, as well as service delivery partners that help customers successfully deploy, configure, customize and maintain our products and services.
We have experienced strong growth. For the years ended December 31, 2017 and 2018, our revenues were $64.5 million and $85.0 million, respectively, representing year-over-year growth of 31.7%. For the years ended December 31, 2017 and 2018, our net loss was $2.8 million and $4.3 million, respectively.
Industry Background
Enterprises that lack a comprehensive security policy are facing challenges in balancing the necessary security and risk posture with their business requirements, leaving security, network and compliance professionals overwhelmed. Several industry trends contribute to operational challenges in managing risk, as set forth below:
Increasing frequency and sophistication of cyberattacks. Enterprises worldwide are under constant security threat from both external cyberattackers and malicious insiders in search of sensitive information and vital systems. Cyberattackers are increasingly able to breach networks and locate and steal sensitive enterprise data. As a result, numerous enterprise boards are prioritizing and reshaping their cybersecurity approaches.
Growing complexity of software-defined networks. Enterprises have been undergoing a digital transformation. They are rapidly shifting on-premise workloads to cloud environments to meet the changing demands of their markets and customers. To keep pace with this transformation, enterprises design scalable and flexible workloads and connections, which increase network complexity and the velocity of changes. The rise of technologies such as microservices and containers introduces additional complexity. The growing use of these dynamic technologies has raised business expectations on agility and increased the need for a unified security approach across networks and applications.
Accelerating pace of application development and deployment. The accelerating pace of business and technological developments requires numerous and continuous application and infrastructure changes. The rise of the DevOps model, which is a set of software development practices that allows applications and features to be rapidly developed and deployed, has led to increased release velocity. Enterprises that use manual change processes struggle to keep pace and lack policy consistency, resulting in an ever-growing backlog of changes, delayed software releases and heightened security exposure.
Evolving regulatory and compliance requirements. Global enterprises need to maintain compliance with a new wave of government regulations, corporate security policies and industry standards related to privacy and cybersecurity. Manual changes to network policy are difficult to track and are more likely to be non-compliant. As a result, enterprises seek cost-efficient security solutions to meet compliance requirements.
Legacy security approaches can no longer address cybersecurity threats in the ever-changing IT and cloud environments. Traditional security policy management approaches address governance and control, but lack critical characteristics such as a unified security policy, automation, scalability, end-to-end visibility and extensibility. We believe a new approach to enterprise security is necessary: a data-driven framework centered on policy management and operationalized through automation.

2



Benefits of Our Solutions
Our solutions enable our customers to visualize, define and enforce a security policy that dictates how users, systems and different organizational functions across the enterprise should be allowed to communicate. We automate our customers’ security policy management, allowing them to accelerate application deployment time without introducing non-compliant changes that could lead to vulnerabilities, and giving better visibility and control over all of their IT and cloud environments. This approach drives business agility and cost reduction while facilitating continuous compliance across hybrid, multi-vendor, multi-platform and heterogeneous environments. Our customers use our products to:
Accelerate business agility through end-to-end automation of security changes. Our automated solutions allow our customers to implement application changes onto their networks in minutes, not days. Our solutions accelerate security management processes, increase operational efficiency and reduce the traditional lag between software development and revenue-generating deployment. Increased efficiency frees up valuable IT resources to focus on higher-value tasks, all while remaining secure and compliant.
Reduce security risk through adoption of a unified security policy and continuous compliance. We enable enterprises to create a unified security policy that acts as the foundation of their security decision making. Effective security policy governs how individuals, systems and applications communicate. A well-defined security policy forms the basis of our automation capabilities, guiding the change implementation logic and ensuring continuous compliance with corporate security policies, government regulations and industry standards.
Navigate the complexity of hybrid and fragmented networks with a centralized control layer. We offer a centralized security management layer that analyzes, defines and implements enterprise-specific security policies. Our network abstraction layer allows for the automation of security changes across the network, including firewalls, traditional networks, public and private cloud environments, microservices and containers. Our solutions act as an independent third-party management layer, extending the security policy to every corner of the network, even as it grows, changes and adapts to new business demands and cybersecurity threats.
Enhance visibility and control. Our solutions provide customers with complete visibility over their IT and cloud environments, and enable them to quickly view changes and their impact on security posture prior to deployment. Our solutions monitor, collect and record configuration changes across the enterprise. They verify the adherence of these changes to the unified security policy, helping customers visualize any resulting compliance gaps or related vulnerabilities. We use topology intelligence to map out resources and connections, even across fragmented, complex environments. Enterprises can use our products to centrally manage and enforce their security policy with significant improvements in speed and ease-of-use through a multi-environment, ‘single pane of glass’ interface to ensure compliance and control.
Our Market Opportunity
We believe the majority of enterprises lack effective and comprehensive security policy management, which is critical to controlling network change. As digital transformation creates more complexity within IT and cloud environments, we believe our policy-centric, automated solutions will garner a growing share of enterprise security spend. In its September 14, 2018 publication Forecast Analysis: Information Security, Worldwide, 2Q18 Update, Gartner estimated that worldwide spending on information security products and services will reach more than $133 billion in 2019. In addition, 451 Research LLC’s VotE Information Security: Workloads and Key Projects 2018 study, covering 550 organizations of different sizes across 10 industry verticals, found that 83% of the companies surveyed did not have security automation and orchestration technologies in place, but 54% of those companies planned to deploy such technologies within the next 24 months. We believe increased security spending and adoption of security automation and orchestration technologies represent a significant opportunity for us.

3



We also believe our policy management and automation solutions overlap with several markets defined by IDC. IDC has estimated that:
the market for IT operations management, which improves user access to applications, business services and data sources on diverse platforms, will grow from $8.9 billion in 2018 to $11.7 billion by 2022, according to its Worldwide IT Operations Management Software Forecast for 2018-2022;
the market for IT automation and configuration management, which supports DevOps automation and orchestration, digital enterprises, hybrid cloud architectures and microservices-based applications, will grow from $6.7 billion in 2018 to $8.4 billion in 2022, according to its Worldwide IT Automation and Configuration Management Software Forecast for 2018-2022;
the market for policy and compliance (a sub-segment of security and vulnerability management), which enables enterprises to create, measure and report on security policy and regulatory compliance, will grow from $2.0 billion in 2018 to $3.1 billion in 2022, according to its Worldwide Security and Vulnerability Management Forecast for 2018-2022; and
the market for vulnerability assessment (a sub-segment of security and vulnerability management), which scans networks and applications for security vulnerabilities, will grow from $2.2 billion in 2018 to $3.7 billion by 2022, according to its Worldwide Security and Vulnerability Management Forecast for 2018-2022.
We believe that our solutions will attract a meaningful portion of these markets, resulting in a multi-billion dollar addressable market. As we continue to innovate and introduce new products, the use cases for our solutions will expand, which we expect will lead to incremental growth in our addressable market opportunity.
We believe our policy management and automation functionalities define a new market, and we are not aware of any third-party research that accurately defines the scope of our directly addressable opportunity. As such, we estimated the market size using third-party data and, when third-party data was not available, internal estimates. We segment enterprises based on estimates of their network infrastructure size and their need for our solutions across their networks, and apply an average annual billings figure per segment based on an estimated prior five years of inventory, resulting in an estimated directly addressable market of $10.3 billion, which includes on-premise firewalls, private cloud and public cloud orchestration segments, for the fiscal year ending December 31, 2019.
Our Competitive Strengths
We believe we have several competitive advantages, including:
Pioneer in security policy management. We are a pioneer in the security policy management market. We believe we were the first company to introduce security policy automation solutions with SecureChange and SecureApp, and we believe our position as a market leader reinforces our brand and supports our position as one of the most prominent players in an increasingly important segment.
Advanced technology and ongoing innovation. We have over a decade of experience and believe our ability to innovate is the cornerstone of our position as a technology leader. Our comprehensive security policy management solutions rely on a set of proprietary technologies that provide a high level of security, scalability and performance. Our core technologies, which serve as the foundation of both our network and cloud-based products, include analysis engines, a provisioning engine, API integrations and infrastructure technology.
Scalable, extensible enterprise-grade solutions. Our solutions scale up to the largest enterprises with thousands of network devices (e.g., firewalls and routers) through their distributed architecture and high availability offering. Our extensible API framework allows our customized solutions to interface with most IT management frameworks and systems, and is used by customers, partners

4



and our professional services team who develop scripts and extensions on top of the Tufin Orchestration Suite.
Customer-first approach. Customer success has always been our priority. Since our inception, we have built a strong, customer-first approach and developed a powerful array of products and solutions to meet our customers’ needs and expectations. Our premium support services are available at all times to ensure that customers’ problems are addressed quickly.
Automation-driven return on investment. Enterprises quickly realize value upon deployment of our solutions. Our policy-driven automation allows customers to implement accurate and compliant network changes within minutes rather than days, allowing them to introduce new business applications faster and redeploy IT resources into higher-value projects.
Our Growth Strategy
Acquire new Global 2000 customers and mid-market customers. Since our inception, our solutions have been purchased by over 2,000 customers in over 70 countries, including approximately 15% of the Global 2000. Revenue generated from our Global 2000 customers, excluding maintenance renewals, represented an average of 65% of our total revenue over the fiscal years ended December 31, 2016 to 2018. We believe we have a significant growth opportunity with Global 2000 customers that currently lack a security policy management solution or that use a competing product that lacks automation. We also continue to pursue mid-market accounts with increasing need for security policy management solutions.
Expand within our customer base through new use cases and larger deployments. We aim to drive policy management and automation across the entire enterprise to help our customers fully benefit from our solutions. Customers often contract with us for a portion of their IT and cloud environments or begin only with SecureTrack. Over time, customers often expand their network coverage or recognize the benefits of automated policy changes at the network and application levels and adopt our SecureChange and SecureApp solutions. Most recently, customers moving applications to the cloud have demonstrated interest in Orca and Iris.
Extend security product leadership with innovative new products. We will continue to innovate in ways that enable frictionless collaboration between business and infrastructure teams. We intend to invest further in the Tufin Orchestration Suite to extend its functionality and features. We believe this will enhance our ability to generate revenue within our existing customer base and pursue new opportunities. We will also continue to introduce new products to broaden our appeal to customers and stay ahead of the market.
Grow and cultivate our security partner ecosystem. We have built an extensive global channel partner ecosystem that extends our geographic coverage, drives awareness of our brand and accelerates usage and adoption of our products. We have also formed alliances with technology partners in the network security, security operations, incident response, vulnerability management and security compliance sectors.
Democratize policy management across functions. Our customers continue to find new use cases for our policy management and automation products. For example, as enterprises continue to implement DevOps teams and practices, we believe they will need to introduce security measures earlier in the application development and deployment lifecycle.

5



Risks Associated With Our Business
Investing in our ordinary shares involves risks. You should carefully consider the risks described in “Risk Factors” beginning on page 12 before making a decision to invest in our ordinary shares. If any of these risks actually occurs, our business, financial condition and results of operations would likely be materially adversely affected. In such case, the trading price of our ordinary shares would likely decline, and you may lose all or part of your investment. The following is a summary of some of the principal risks we face:
The security policy management market is rapidly evolving and difficult to predict. If the market does not evolve as we anticipate or if our target customers do not adopt our solutions, our revenues may not grow as expected and our share price may decline.
If we are unable to acquire new customers, particularly large organizations, our future revenues and operating results will be harmed.
Our business depends substantially on our ability to retain customers and expand our offerings to them, and our failure to do so could harm future results of operations.
Our sales cycle is long and unpredictable, which may cause significant fluctuations in our quarterly results of operations.
We face competition in the security policy management market in which we operate, and we may lack sufficient financial or other resources to maintain or improve our competitive position.
Our revenue growth rate over the past year may not be indicative of our future performance.
Our business could be adversely affected if we are unable to manage changes to our business model over time.
Our business and operations have experienced rapid growth, and if we do not appropriately manage any future growth, our results of operations will be harmed.
We have a history of losses, and we may not be able to generate sufficient revenues to achieve and sustain profitability.
We have identified a material weakness in our internal control over financial reporting. If we fail to maintain effective internal control over financial reporting, we may be unable to report our financial results accurately or meet our reporting obligations.
If third-party applications and network products change such that we do not or cannot maintain the compatibility of our platforms and solutions with these applications and products, or if we fail to provide integrations that our customers desire, demand for our solutions and platforms could decline.
Corporate Information
We are incorporated under the laws of the State of Israel. Our principal executive offices are located at 5 Shoham Street, Ramat-Gan 52521, Israel, and our telephone number is +972 (3) 612-8118. Our website address is www.tufin.com. Information contained on, or that can be accessed through, our website does not constitute a part of this prospectus and is not incorporated by reference herein. We have included our website address in this prospectus solely for informational purposes. Our agent for service of process in the United States is Tufin Software North America, Inc., located at 2 Oliver Street, Suite 702, Boston, Massachusetts 02109-4901, and its telephone number is +1 (877) 270-7711.
Throughout this prospectus, we refer to various trademarks, service marks and trade names that we use in our business. The “Tufin” design logo is the property of Tufin Software Technologies Ltd. Tufin® is our registered trademark in the United States. We have several other trademarks, service marks and pending applications relating to our products. In particular, although we have omitted the “®” and “™” trademark designations in this prospectus from each reference to Unified Security Policy, Tufin Orchestration Suite,

6



SecureChange, SecureTrack and SecureApp, all rights to such trademarks are nevertheless reserved. Other trademarks and service marks appearing in this prospectus are the property of their respective holders.

7



THE OFFERING
Ordinary shares offered
7,700,000 ordinary shares
 
 
Ordinary shares to be outstanding after this offering
32,435,871 ordinary shares
 
 
Underwriters’ option
We have granted the underwriters an option to purchase up to 1,155,000 additional ordinary shares for a period of 30 days after the date of this prospectus.
 
 
Use of proceeds
We intend to use the net proceeds we receive from this offering for working capital and other general corporate purposes. We expect to continue to invest in and to grow our research and development capabilities as well as expand our sales force and marketing team. See “Use of Proceeds.”
 
 
Risk factors
See “Risk Factors” and other information included in this prospectus for a discussion of factors you should carefully consider before deciding to invest in our ordinary shares.
 
 
Proposed NYSE symbol
TUFN
The number of ordinary shares to be outstanding after this offering is based on  24,735,871  ordinary shares outstanding as of March 31, 2019. The number of ordinary shares to be outstanding after this offering excludes 9,652,267 ordinary shares reserved for issuance under our equity incentive plans, of which there were outstanding options to purchase 7,005,419 shares at a weighted average exercise price of $2.15  per share.
Unless otherwise indicated, this prospectus:
reflects the conversion of all outstanding preferred shares into 16,416,749 ordinary shares on a one-for-one basis, which will occur automatically immediately prior to the closing of this offering;
assumes an initial public offering price of $13.00 per ordinary share, the midpoint of the estimated initial public offering price range set forth on the cover page of this prospectus;
gives effect to the exercise on a cashless basis of warrants to purchase 26,667 ordinary shares with an exercise price of $ 4.30 per share issued to an Israeli non-profit organization and the resulting issuance of 17,842 ordinary shares upon the closing of this offering;
gives effect to the adoption of our amended and restated articles of association, which will become effective upon the closing of this offering and will replace our articles of association currently in effect;
assumes no exercise of the underwriters’ option to purchase up to 1,155,000 additional ordinary shares; and
reflects a 1.5:1 reverse share split effected on March 21, 2019.

8



SUMMARY CONSOLIDATED FINANCIAL DATA
The following tables set forth our summary consolidated financial data. You should read the following summary consolidated financial data in conjunction with “Selected Consolidated Financial Data,” “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and our consolidated financial statements and related notes included elsewhere in this prospectus. Historical results are not necessarily indicative of the results that may be expected in the future. Our financial statements have been prepared in accordance with U.S. Generally Accepted Accounting Principles, or U.S. GAAP.
The summary consolidated statements of operations data for each of the years in the two-year period ended December 31, 2018 and the summary balance sheet data as of December 31, 2018 are derived from our audited consolidated financial statements appearing elsewhere in this prospectus.
 
Year ended December 31,
 
2017
 
2018
 
(in thousands, except share and per share amounts)
Consolidated Statements of Operations:
 
 
 
Revenues:

 
 
Product
$
30,855

 
$
42,554

Maintenance and professional services
33,685

 
42,427

Total revenues
64,540

 
84,981

Cost of revenues:


 
 
Product
1,702

 
2,324

Maintenance and professional services
7,778

 
11,112

Total cost of revenues(1)
9,480

 
13,436

Gross profit
55,060

 
71,545

Operating expenses:


 
 
Research and development(1)
17,672

 
21,363

Sales and marketing(1)
35,042

 
46,092

General and administrative(1)
4,608

 
6,022

Total operating expenses
57,322

 
73,477

Operating loss
$
(2,262
)
 
$
(1,932
)
Financial income (loss), net
267

 
(1,047
)
Loss before taxes on income
$
(1,995
)
 
$
(2,979
)
Taxes on income
(797
)
 
(1,283
)
Net loss
$
(2,792
)
 
$
(4,262
)
Basic and diluted net loss per ordinary share(2)
$
(0.35
)

$
(0.53
)
Weighted average number of ordinary shares used in computing basic and diluted net loss per ordinary share(2)
7,872,545


8,045,647

Basic pro forma net loss per ordinary share (unaudited)(3)


$
(0.17
)
Weighted average number of shares used in computing pro forma basic and diluted net loss per ordinary share (unaudited)(3)


24,462,397

 
 
 
 

9



 
As of December 31, 2018
 
Actual
 
Pro Forma(4)
 
Pro Forma As Adjusted(4)
 
(in thousands)
Consolidated Balance Sheet Data:
 
 
 
 
 
Cash and cash equivalents
$
15,248

 
$
15,248

 
$
106,143

Working capital, excluding deferred revenue(5)
17,781

 
17,781

 
108,676

Deferred revenue, current and non-current
31,464

 
31,464

 
31,464

Total assets
47,133

 
47,133

 
137,298

Redeemable convertible preferred shares
26,699

 

 

Total shareholders’ equity (deficit)
(29,946
)
 
(3,247
)
 
87,359

 
 
 
 
 
 
 
Year ended December 31,
 
2017
 
2018
 
(in thousands)
Supplemental Financial Data:
 
 
 
Non-GAAP operating profit (loss)(6)
$
(152
)
 
$
1,249

 
 
 
 
(1)
Includes share-based compensation expense as follows:
 
Year ended December 31,
 
2017
 
2018
 
(in thousands)
Share-based Compensation Expense:

 
 
Cost of revenues
$
332

 
$
634

Research and development
660

 
731

Sales and marketing
765

 
1,458

General and administrative
353

 
358

Total share-based compensation expenses
$
2,110

 
$
3,181

 
 
 
 
(2)
Basic and diluted net loss per ordinary share is computed based on the weighted average number of ordinary shares outstanding during each period. For additional information, see Note 2 to our consolidated financial statements included elsewhere in this prospectus.
(3)
Pro forma basic and diluted net loss per ordinary share and pro forma weighted average shares outstanding assumes the conversion of all of our outstanding preferred shares into ordinary shares, which will occur immediately prior to the closing of this offering, but does not give effect to the issuance of shares in connection with this offering. For additional information on the conversion of the preferred shares, see Note 11 to our consolidated financial statements included elsewhere in this prospectus.
(4)
Pro forma gives effect to the conversion of all of our outstanding preferred shares into ordinary shares, which will occur immediately prior to the closing of this offering. Pro forma as adjusted gives effect to (x) the same item as set forth in “pro forma,” (y) the exercise on a cashless basis of warrants to purchase 26,667 ordinary shares and the resulting issuance of 17,842 ordinary shares upon the closing of this offering and (z) the issuance and sale of ordinary shares in this offering at an assumed initial public offering price of $13.00 per ordinary share after deducting underwriting discounts and estimated offering expenses payable by us.
(5)
We define working capital as total current assets minus total current liabilities.

10



(6)
Non-GAAP operating profit (loss) is a non-GAAP financial measure. We define non-GAAP operating profit (loss) as operating profit excluding share-based compensation expense. Because of varying available valuation methodologies, subjective assumptions and the variety of equity instruments that can impact a company’s non-cash expense, we believe that providing non-GAAP financial measures that exclude non-cash share-based compensation expense allows for more meaningful comparisons between our operating results from period to period. This non-GAAP financial measure is an important tool for financial and operational decision-making and for evaluating our operating results over different periods. The following table reconciles operating loss, the most directly comparable U.S. GAAP measure, to non-GAAP operating profit (loss) for the periods presented:
 
Year ended December 31,
 
2017
 
2018
 
(in thousands)
Reconciliation of Operating Loss to Non-GAAP Operating Profit (Loss):
 
 
 
Operating loss
$
(2,262
)
 
$
(1,932
)
Add: share-based compensation
$
2,110

 
$
3,181

Non-GAAP operating profit (loss)(6)
$
(152
)
 
$
1,249

 
 
 
 
For a description of how we use non-GAAP operating profit (loss) to evaluate our business, see “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Key Factors Affecting Our Performance.”
Other companies, including companies in our industry, may calculate non-GAAP operating profit (loss) differently or not at all, which reduces the usefulness of non-GAAP operating profit (loss) as a comparative measure. You should consider non-GAAP operating profit (loss) along with other financial performance measures, including operating profit, and our financial results presented in accordance with U.S. GAAP.

11



RISK FACTORS
This offering and an investment in our ordinary shares involve a high degree of risk. You should consider carefully the risks described below and all other information contained in this prospectus, including our financial statements and related notes thereto, before you decide to buy our ordinary shares. If any of the following risks actually occurs, our business, financial condition and results of operations could be materially and adversely affected. In that event, the trading price of our ordinary shares would likely decline, and you might lose all or part of your investment.
Risks Related to Our Business and Our Industry
The security policy management market is rapidly evolving and difficult to predict. If the market does not evolve as we anticipate or if our target customers do not adopt our solutions, our revenues may not grow as expected and our share price may decline.
We believe our future success depends in large part on growth in the security policy management market in which we compete. The security policy management market is relatively new and subject to rapid technological change, evolving industry standards, a shift in the enforcement or scope of regulations to which our customers are subject, as well as changing customer needs, requirements and preferences. As such, it is difficult to predict important market trends, including potential growth. For example, organizations that currently use home-grown tools may believe that they already have sufficient security policy management products. Therefore, such organizations may continue spending their network infrastructure budgets on other products and may not adopt our solutions in addition to or in lieu of other existing solutions. If the security policy management market does not evolve in the way we anticipate or if organizations do not recognize the benefits our solutions offer in addition to or in place of other existing solutions, then our revenues may not grow as expected and our share price could decline.
If we are unable to acquire new customers, particularly large organizations, our future revenues and operating results will be harmed.
Our growth strategy is dependent, in part, on our ability to acquire new customers, particularly large organizations. For example, in the year ended December 31, 2018, large organizations, which we define as those comprising the Global 2000, accounted for 68% of our revenues, excluding maintenance renewals. The size and number of customers that we add in a given period significantly and directly impacts both our short-term and long-term revenues. If we are unable to attract a sufficient number of new large organization customers or if we attract customers that place orders of an insufficient size, we may be unable to generate revenue growth at desired rates. The security policy management market is competitive and we cannot guarantee that we will out-perform our competitors. In addition, in many cases, our primary competition is in-house, manual, spreadsheet driven processes and homegrown approaches to security management. As a result, we may not be able to add new customers at the levels we expect, or may need to spend more than we budgeted on our efforts to do so. Competition in the marketplace may also result in us winning fewer new customers, lowering prices or offering sales incentives to new customers. These factors may have a material negative impact on our future revenues and operating results.
Sales to large organizations involve risks that may not be present (or that are present to a lesser extent) with sales to smaller entities. These risks include:
increased purchasing power and leverage held by large organizations in negotiating contractual arrangements with us, including, in certain cases, clauses that provide preferred pricing of configurations with similar specifications;
the timing of individual large sales, which in some cases have occurred in a quarter subsequent to those we anticipated, or have not occurred at all;

12



longer sales cycles and the associated risk that substantial time and resources may be spent on a potential customer that ultimately elects not to purchase our products or purchases fewer products than we anticipated;
more stringent or costly requirements imposed upon us in our maintenance and professional services contracts with such customers, including stricter response times and penalties for any failure to meet maintenance and professional services requirements;
more complicated and costly implementation processes and network infrastructure; and
closer relationships with, and increased dependence upon, large technology companies who may offer competing products and have stronger brand recognition.
If we are unable to increase sales of our solutions and products to large organizations while mitigating the risks associated with serving such customers, our business, results of operations, prospects and financial condition may suffer.
Our business depends substantially on our ability to retain customers and expand our offerings to them, and our failure to do so could harm future results of operations.
We generate a significant portion of our revenues from sales to existing customers and our business depends substantially on our ability to retain customers and expand our offerings to them. In 2017 and 2018, we generated over 75% and 70% of our revenues, respectively, from sales to existing customers, including renewals. Our Tufin Orchestration Suite is currently comprised of five products: SecureTrack, SecureChange, SecureApp and, most recently, Orca and Iris. The majority of our customers initially purchase SecureTrack to monitor part of their networks. Initial product deployments frequently expand across departments, divisions and geographies and result in the purchase of additional products, such as SecureChange and SecureApp. In addition, we expect an increasing portion of our revenues to be derived from additional sales to our customers of Orca and Iris, which allow for policy-driven automation and security management in cloud-native environments.
The rate at which our existing customers purchase additional products and services depends on a number of factors, including the perceived need for additional IT security, our customers’ IT budgets, the efficacy of our solutions, general economic conditions, our customers’ overall satisfaction with our products and services and the continued growth and economic health of our customer base. If our efforts to sell additional products and services to our customers are not successful, our future revenues and operating results will be harmed.
We devote significant efforts to developing and marketing product updates to existing customers and rely on these efforts for a portion of our revenues. This requires a significant investment in building and maintaining customer relationships, as well as significant research and development efforts in order to launch product updates and new products. Our future success depends, in part, on our ability to continue to expand sales of our current product offerings to existing customers, sell additional licenses for our current products to our existing customers and develop and sell new products to existing customers.
Our sales cycle is long and unpredictable, which may cause significant fluctuations in our quarterly results of operations.
The timing of our sales and related revenue recognition is difficult to predict because of the length and unpredictability of the sales cycle for our products. We and our channel partners often spend significant time and resources to better educate and familiarize potential customers with the value proposition of our products and platform. Our sales cycle usually lasts several months from proof of concept to purchase order from our customers, and it is often even longer, less predictable and more resource-intensive for larger transactions. Customers may also require additional internal approvals or seek to test our products for a longer trial basis before deciding to purchase our solutions. Furthermore, even if we close a large transaction during a given quarter, we may be unable to recognize the revenues derived from such a transaction due to our revenue recognition policy. See “Management’s Discussion and Analysis of

13



Financial Condition and Results of Operations—Application of Critical Accounting Policies and Estimates—Revenue Recognition.”
In addition, in the past, customers have deferred significant purchases to the last quarter of the year when they can determine what amount of their annual budget remains unused. As a result, the timing of individual sales can be difficult to predict. We generally expect an increase in business activity as we approach our fiscal year end in December, driven by our customers’ buying patterns. We believe that these seasonal trends will continue to affect our quarterly results. Large individual sales have, in some cases, occurred in quarters subsequent to those we anticipated or have not occurred at all. The loss or delay of one or more large transactions in a quarter could impact our anticipated results of operations for that quarter and future quarters for which revenue from that transaction is delayed. We may not be able to accurately predict or forecast the timing of sales, which could cause our results to vary significantly from our expectations and the expectations of market analysts. In addition, we might devote substantial time and effort to a particular unsuccessful sales effort, and as a result we could lose other sales opportunities or incur expenses that are not offset by an increase in revenue, which could harm our business.
We face competition in the security policy management market in which we operate, and we may lack sufficient financial or other resources to maintain or improve our competitive position.
We face competition in the security policy management market in which we operate. In many cases, our primary competition is in-house, manual, spreadsheet driven processes and homegrown approaches to security management, and we and our channel partners may not be successful in educating and familiarizing potential customers with the value associated with our products and services. Our direct competitors include vendors such as AlgoSec, Inc., FireMon, LLC and Skybox Security LLC that offer solutions that compete with all or some of our products or product features. We also indirectly compete with large IT companies that offer a broad array of traditional security management solutions, such as Symantec Corporation and Cisco Systems, Inc., for a share of enterprises’ IT security budgets. These large companies have the technical and financial resources and broad customer bases needed to bring products that are competitive with ours to market and already have existing relationships as a trusted vendor for other products. Such companies may use these advantages to offer products and services that are perceived to be as effective as ours at a lower price or for free as part of a larger product package or solely in consideration for maintenance and professional services fees. As the security policy management market grows, we expect competition to increase in the future from both existing competitors and new companies that may enter our markets. Some of our competitors may develop different products that compete with our current solutions and respond more quickly and effectively than we do to new or changing opportunities, technologies, standards or client requirements, including in cloud-native environments.
Organizations that use other products or home-grown tools may believe that these products or tools are sufficient to meet their security policy management needs or that our products only serve the needs of a portion of the enterprise security market. Accordingly, these organizations may continue allocating their information technology budgets for other products, and may not adopt our products. Further, many organizations have invested substantial personnel and financial resources to design and operate their networks and have established deep relationships with other providers of networking and security products. As a result, these organizations may prefer to purchase from their existing suppliers rather than add or switch to a new supplier, such as us, regardless of product performance, features, or greater services offerings or may be more willing to incrementally add solutions to their existing security infrastructure from existing suppliers than to replace it wholesale with our solutions.
Our current and potential competitors may also establish cooperative relationships among themselves or with third parties that may further enhance their resources. Current or potential competitors may be acquired by third parties with greater available resources. As a result of such acquisitions, our current or potential competitors might be able to adapt more quickly to new technologies and customer needs, devote greater resources to the promotion or sale of their products and services, initiate or withstand

14



substantial price competition, take advantage of other opportunities more readily or develop and expand their product and service offerings more quickly than we do.
Our revenue growth rate over the past year may not be indicative of our future performance.
Our revenue growth rate in recent periods should not be viewed as an indication of our future performance. For the years ended December 31, 2017 and 2018, our revenues were $64.5 million and $85.0 million, respectively, representing year-over-year growth of 31.7%. We may not achieve similar revenue growth rates in future periods. Factors that could impact our ability to increase our revenue include our ability to increase the size or efficiency of our sales force, which has expanded rapidly in recent years, our ability to achieve repeat purchases by existing customers, our ability to successfully compete with other companies and the extent to which we are successful in securing large scale deployments, particularly among Global 2000 enterprises. If we are unable to maintain consistent revenue or revenue growth, our share price could experience volatility, and our ability to achieve and maintain profitability could be adversely affected.
Our business could be adversely affected if we are unable to manage changes to our business model over time.
We sell our software primarily through perpetual license agreements and, to a lesser extent, term-based license agreements rather than utilizing a Software-as-a-Service, or SaaS, model. SaaS is a model of software deployment in which a software provider typically licenses an application to customers for use as a service on demand through web browser technologies. While we do not currently earn any revenue from SaaS products, in the future, we plan to deploy certain of our new products as SaaS subscriptions to enable more customers to use our solutions beyond our existing on-premise offerings. A SaaS business model can require a vendor to undertake substantial capital investments and develop related sales and support resources and personnel. In recent years, companies have begun to expect that enterprise software solutions will be provided through a SaaS model. If customers were to require that we provide our products via a SaaS deployment, we would need to deploy resources to implement this alternative business model, which would negatively affect our results. In addition, if we shift to a subscription-based model or make other significant changes to our business model, we may fail to make such a transition in a timely manner or do so at a sustainable pace, either of which could have an adverse effect on our business, results of operations, financial condition and cash flows.
Our business and operations have experienced rapid growth, and if we do not appropriately manage any future growth, our results of operations will be harmed.
We have experienced rapid growth over the last several years, which has placed and will continue to place significant demands on our management, administrative, operational and financial infrastructure. For example, as of December 31, 2017, we had 325 employees and independent contractors compared to 424 as of December 31, 2018, and we expect to continue to expand our headcount. We expect to manage a more complex array of internal systems and processes as we scale aspects of our business in proportion to our growth, including an expanded sales force, additional customer service and research and development personnel, as well as more complex administrative systems related to managing increased headcount.
Our success will depend in part upon our ability to manage our growth effectively. To do so, we must continue to increase the productivity of our existing employees, particularly our sales force, and hire, train, and manage new employees and expand our network of channel partners. To manage the domestic and international growth of our operations and personnel, we will need to continue to improve our operational, financial, and management controls, as well as our reporting processes and procedures. In addition, we will hire additional personnel to support our financial reporting function.
These additional investments will increase our operating costs, which will make it more difficult for us to offset any future revenue shortfalls by reducing expenses in the short term. We may not be able to successfully acquire or implement these or other improvements to our systems and processes in an

15



efficient or timely manner, or once implemented, we may discover deficiencies in their capabilities or effectiveness. We may experience difficulties in managing improvements to our systems and processes or in integrating with third-party technology. In addition, our systems and processes may fail to prevent or detect errors, omissions or fraud. Our failure to improve our systems and processes, or their failure to operate effectively and in the intended manner, may result in the disruption of our current operations and customer relationships, our inability to manage the growth of our business and our inability to accurately forecast and report our revenues, expenses and earnings, any of which may materially harm our business, results of operations, prospects and financial condition.
We have a history of losses, and we may not be able to generate sufficient revenues to achieve and sustain profitability.
We have incurred net losses in each period since our inception, including net losses of $2.8 million and $4.3 million for the years ended December 31, 2017 and 2018, respectively. As of December 31, 2018, our accumulated deficit was $40.3 million. We expect our operating expenses to increase significantly as we continue to expand our sales and marketing efforts, in part, by building our sales platforms, continue to invest in research and development and continue to expand our operations in existing and new geographies and vertical markets. We also expect to continue to devote significant research and development resources to our on-premise and cloud solutions. In addition, we expect to incur significant additional legal, accounting and other expenses related to being a public company upon the completion of this offering. While our revenues have grown in recent years, if our revenues decline or fail to grow at a rate faster than these increases in our operating expenses, we will not be able to achieve and maintain profitability in future periods. As a result, we may continue to generate losses. We cannot assure you that we will achieve profitability in the future or that, if we do become profitable, we will be able to sustain profitability.
We have identified a material weakness in our internal control over financial reporting. If we fail to maintain effective internal control over financial reporting, we may be unable to report our financial results accurately or meet our reporting obligations.
In connection with the issuance of our consolidated financial statements for each of the years ended December 31, 2017 and 2018, we identified a material weakness in our internal control over financial reporting as of December 31, 2017 and 2018. A “material weakness” is a deficiency, or combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of our annual or interim financial statements will not be prevented or detected on a timely basis.
Specifically, we determined that we do not have sufficient finance staff to provide for effective control over our period-end financial reporting process. As a result of having insufficient staff, we were unable to adequately segregate duties in a manner consistent with control objectives for our period-end financial reporting process.
We have initiated actions toward remediating this material weakness by identifying our staffing requirements and commencing the process of hiring additional personnel for our finance team with the appropriate level of training and expertise. However, the implementation of these initiatives may not fully address this or any other material weakness or other deficiencies that we may have in our internal control over financial reporting.
We will assess our internal control environment and the potential remediation of this material weakness. If we are unable to certify that our internal control over financial reporting is effective pursuant to Section 404 of the Sarbanes-Oxley Act of 2002, we could lose investor confidence in the accuracy and completeness of our financial reports, which could harm our business, the price of our ordinary shares and our ability to access the capital markets.

16



If third-party applications and network products change such that we do not or cannot maintain the compatibility of our platforms and solutions with these applications and products, or if we fail to provide integrations that our customers desire, demand for our solutions and platforms could decline.
The attractiveness of our platforms depends, in part, on our ability to integrate with third-party applications and network products that our customers use or desire to use. Third-party providers may change the features of their applications and platforms or alter the terms governing use of their applications and platforms in an adverse manner. Further, third-party application providers may refuse to partner with us, or limit or restrict our access to their applications and platforms. Such changes could functionally limit or terminate our ability to use these third-party applications and systems with our platform, which could negatively impact our offerings and harm our business. If we fail to integrate our platforms with new third-party applications that our customers desire, or to adapt to the requirements of such third-party applications and platforms, we may not be able to offer the functionality that our customers expect, which would negatively impact our offerings and, as a result, harm our business.
If our products do not effectively interoperate with our customers’ existing or future IT infrastructures, deployments and integrations could be delayed or canceled, which would harm our business.
Our products must effectively interoperate with our customers’ existing or future IT infrastructure, which often has different specifications, utilizes multiple protocol standards, deploys products from multiple vendors and contains multiple generations of products that have been added over time. As a result, when problems occur in a network, it may be difficult to identify the sources of these problems. If we find errors in the existing software or defects in the hardware used in our customers’ infrastructure or problematic network configurations or settings, we may have to modify and improve our software so that our products will integrate with our customers’ infrastructure. In such cases, our products may be unable to support some of the configurations or protocols used in our customers’ infrastructure. These issues could cause longer deployment and integration times for our products and could cause order cancellations, either of which would adversely affect our business, results of operations and financial condition. Additionally, any changes in our customers’ IT infrastructure that degrade the functionality of our products or services, which are better supported by competitive software, could adversely affect the adoption and usage of our products.
Estimates of market opportunity and forecasts of market growth included in this prospectus may prove to be inaccurate.
Growth forecasts included in this prospectus relating to our market opportunity and the expected growth in the security policy management market, which are subject to significant uncertainty, may prove to be inaccurate. We believe our policy management and automation functionalities define a new market, and we are not aware of any third-party research that accurately defines the scope of our directly addressable opportunity. As such, we estimated the market size using third-party data and, when third-party data was not available, internal estimates. We segment enterprises based on estimates of their network infrastructure size and their need for our solutions across their networks, and apply an average annual billings figure per segment based on an estimated prior five years of inventory, resulting in an estimated directly addressable market of $10.3 billion, which includes on-premise firewalls, private cloud and public cloud orchestration segments, for the fiscal year ending December 31, 2019.
The addressable market we estimate may not materialize for many years. Even if the markets in which we compete meet the size estimates and growth forecast in this prospectus, our business could fail to grow at similar rates. Our growth is subject to many factors, including our success in implementing our business strategy, which is subject to many risks and uncertainties. Accordingly, the forecasts of market growth included in this prospectus are not indicative of our future growth.

17



Because we derive substantially all of our revenues from sales of licenses and maintenance for SecureTrack, SecureChange and SecureApp, which belong to a single platform of products – the Tufin Orchestration Suite – the failure of these products to satisfy customers or to achieve increased market acceptance would adversely affect our business.
In 2018, we generated substantially all of our revenues from sales of licenses and maintenance for SecureTrack, SecureChange and SecureApp. We recently introduced Orca and Iris to market, and have not yet derived revenues from the sale of these products. We expect to continue to derive a majority of our revenues from license and maintenance sales relating to the Tufin Orchestration Suite in the future. As such, market acceptance of this platform of products is critical to our continued success. Demand for licenses for the Tufin Orchestration Suite is affected by a number of factors, some of which are outside of our control, including continued market acceptance of our software by our customers and potential customers, the viability of existing and new use cases, technological change and growth or contraction in our market. If we are unable to continue to meet customer demands or to achieve more widespread market acceptance of our software, our business, operations, financial results and growth prospects will be materially and adversely affected.
If we are unable to increase market awareness of our company and our solutions, or fail to successfully promote or protect our brand, our competitive market position and revenues may not continue to grow or may decline.
We believe that improved awareness of our brand and the value proposition of our solutions will be essential to our continued growth and our success. Many factors, some of which are beyond our control, are important to maintaining and enhancing our brand, including our ability to increase awareness among existing and potential channels partners through various means of marketing and promotional activities. If our marketing efforts are unsuccessful in improving market awareness of our brand and our solutions, then our business, results of operations, prospects, and financial condition will be adversely affected, and we will not be able to achieve sustained growth.
Moreover, due to the intensely competitive nature of our market, we believe that building and maintaining our brand and reputation is critical to our success and that the importance of positive brand recognition will increase as competition in our market further intensifies. While we believe that we are successfully building a well-established brand and have invested and expect to continue to invest substantial resources to promote and maintain our brand, both domestically and internationally, there can be no assurances that our brand development strategies will enhance our reputation or brand recognition or lead to increased revenue.
Furthermore, an increasing number of independent industry analysts and researchers, such as Gartner, IDC and 451 Research LLC, regularly evaluate, compare and publish reviews regarding the functionality of security products and services, including our solutions. These reviews may significantly influence the market perception of our solutions. We do not have any control over the content of these independent industry analysts and researchers’ reports, and our reputation and brand could be harmed if they publish negative reviews of our solutions or do not view us as a market leader. The strength of our brand may also be negatively impacted by our competitors’ marketing efforts, which may include incomplete, inaccurate and misleading statements about our business, products and services. If we are unable to maintain a strong brand and reputation, sales to new and existing customers could be adversely affected, and our financial performance could be harmed.
Our business and reputation could be harmed based on real or perceived shortcomings, defects or vulnerabilities in our solutions or the failure of our solutions to meet customers’ expectations.
Our customers face increasingly sophisticated and targeted cyberthreats. If we fail to update our products to detect or prevent such threats, our business and reputation will suffer. Moreover, as our solutions are adopted by an increasing number of enterprises and governmental entities, cyberattackers may focus on finding ways to defeat our solutions. The data stored in our products’ database is highly sensitive, and includes our customers’ current enterprise-wide network configuration and security policies. If our

18



products’ security configuration is breached, this data could be used by malicious actors, including external hackers and rogue employees within our customers’ organizations, to plan how they could effectively traverse our customers’ networks and gain unauthorized access to critical systems and data. A breach or theft of our customers’ sensitive business data, regardless of whether the breach or theft is attributable to the failure of our products, could adversely affect the market’s perception of the efficacy of our solutions and current or potential customers may look to our competitors for alternatives to our solutions. The failure of our products may also subject us to lawsuits and financial losses stemming from indemnification of our partners and other third parties, as well as the expenditure of significant financial resources to analyze, correct or eliminate any vulnerabilities. Although we seek to limit our financial exposure in such circumstances through caps on our indemnification obligations, customers may litigate the enforceability of such caps and it is possible that such litigation may be successful in certain circumstances. Any such event could also cause us to suffer reputational harm, lose existing customers or deter them from purchasing additional products and services and prevent new customers from purchasing our solutions.
Our business and reputation could be harmed if cybersecurity risks materialize.
Cybersecurity threats are a growing and evolving risk, and often are difficult or impossible to detect for long periods of time or to successfully defend against. Successful attacks, whether through external or internal actors, could harm the confidentiality, integrity and availability of personal data and other sensitive information, as well as the integrity and availability of our systems, products and services in a manner that could materially and adversely affect our business. Because techniques used to obtain unauthorized access or sabotage systems change frequently and generally are not identified until they are launched against a target, we may be unable to anticipate these techniques or to implement adequate preventative measures. In addition, such a security breach could impair our ability to operate our business, including our ability to provide maintenance and support services to our customers. If this happens, our revenues could decline and our business could suffer. In addition, if we suffer a highly publicized security breach, even if our platform and solutions perform effectively, such a breach could cause us to suffer reputational harm, lose existing commercial relationships and customers or deter customers from purchasing additional solutions and prevent new customers from purchasing our solutions.
We are subject to data privacy laws, the breach of which could subject us to fines and harm our reputation.
We are subject to an expanding number of domestic, international and contractual legal requirements regarding privacy, personal data rights and cybersecurity. These laws, rules and regulations continue to evolve and address a range of issues, including restrictions or technological requirements regarding the collection, use, storage, protection, retention or transfer of data. Violation of these requirements could result in substantial fines, penalties and related defense costs. For example, the GDPR provides for penalties that could reach the greater of 20 million Euros or 4% of a company’s worldwide annual turnover. In addition, because we operate in a number of jurisdictions, we may be subject to a variety of local data privacy laws, which can change frequently and potentially conflict with our existing obligations. These legal requirements may be interpreted and enforced in a manner that is inconsistent with our existing practices or the features of our products and services. We may also be subject to claims of liability or responsibility for the actions of third parties with whom we interact or upon whom we rely in relation to various products and services, including but not limited to our channel partners. In addition to the possibility of our being subject to enforcement actions, fines, lawsuits and other claims, we could be required to fundamentally change our business activities and practices or modify our products and services, which could have an adverse effect on our business. Any inability to adequately address customer privacy and data protection concerns, even if unfounded, or to comply with applicable privacy and data protection laws, regulations and policies, could result in additional cost and liability to us, damage our reputation, inhibit sales and adversely affect our business.

19



If we do not effectively expand, train and retain our sales force, we may be unable to acquire new customers or sell additional products and services to existing customers, and our business will suffer.
Our future success depends, in part, on our ability to continue to expand, train and retain our sales force. Our inability to attract or retain qualified personnel or delays in hiring required sales personnel may seriously harm our business, financial condition and results of operations. Any of our employees may terminate their employment at any time, subject to certain notice requirements. Our ability to continue to attract and retain highly skilled personnel is critical to our future success. During 2018, we increased the number of our sales and marketing personnel from 128 to 166. We expect to continue to expand our sales and marketing personnel significantly and face a number of challenges in achieving our hiring and integration goals. There is intense competition for individuals with sales training and experience. In addition, the training and integration of a large number of sales and marketing personnel in a short time requires the allocation of significant internal resources. We invest significant time and resources in training new sales force personnel to understand our solutions and growth strategy. However, there is no guarantee that our recent hires and planned new hires will become as productive as we expect or require, and we may be unable to hire or retain sufficient numbers of qualified individuals in the future in the markets in which we currently operate or where we seek to conduct business. Our failure to hire a sufficient number of qualified sales force members and train them to operate at target performance levels may materially and adversely impact our projected growth rate.
Our ability to enhance our products may be harmed if we are unable to attract and retain sufficient research and development personnel, and if we are unable to generate an adequate return on our investment in research and development.
Our ability to enhance our products may be harmed if we are unable to attract and retain sufficient engineers and research and development personnel. Our principal research and development activities are conducted from our headquarters in Israel, and we face significant competition for suitably skilled engineers and research and development personnel in this region, where the availability of such personnel is limited. We also engage a number of developers in Bucharest, Romania as independent contractors in order to benefit from the significant pool of talent that is more readily available in this market. Larger companies may expend more resources than we do on employee recruitment and may be able to offer more favorable compensation and incentive packages than us. If we cannot attract or retain a sufficient number of skilled research and development employees, our business, prospects and results of operations could be adversely affected.
In order to remain competitive, we expect to continue to dedicate significant financial and other resources to develop new solutions, applications and enhancements to our existing products and platforms. For example, in 2018, we increased our dedicated research and development personnel by 33% compared to 2017. However, investing in research and development personnel, developing new products and enhancing existing products are expensive and time consuming, and there is no assurance that such activities will result in significant new marketable products or enhancements to our products, design improvements, cost savings, revenues or other expected benefits. If we delay releasing product enhancements and new solutions, or are otherwise unable to generate an adequate return on our investment, our business and results of operations may be materially and adversely affected.
If we fail to maintain successful relationships with our channel partners, or if our channel partners fail to perform, our ability to market, sell and distribute our solutions will be limited, and our business, financial position and results of operations will be harmed.
We sell our products and services through our sales force, including our field sales team and our inside sales team, which works closely with our global network of approximately 140 active channel partners. Our channel partners include distributors and resellers, as well as service delivery partners that help customers successfully deploy, configure, customize and maintain our products and services. Our channel partners fulfill orders constituting substantially all of our revenues. Certain of our new customer leads are generated by our channel partners. For the years ended December 31, 2017 and 2018, our two

20



largest channel partners accounted for 16% and 13% of our revenues and 13% and 10% of our revenues, respectively. Our agreements with these channel partners provide that each partner agrees to sell and distribute our products within certain territories for one year. These agreements are nonexclusive and non-transferable, and automatically renew unless terminated by either party after providing prior written notice. As of December 31, 2017, five of our channel partners accounted for 10% or more of our accounts receivable, accounting for an aggregate of 62% of our accounts receivable in 2017. As of December 31, 2018, three of our channel partners accounted for 10% of more of our accounts receivable, accounting for an aggregate of 36% of our accounts receivable in 2018. Our engagements with these channel partners are generally based on separate contractual relationships with different business units across multiple jurisdictions rather than on a single agreement.
As a result of this concentration, if a channel partner ceases to perform services for us, we may face disruptions in deploying solutions to our customers. Additionally, we are exposed to the credit risk of our channel partners in the event they become insolvent while owing us payment. If our channel partners do not effectively provide support to the satisfaction of our customers, we may be required to provide support to such customers, which would require us to invest in additional personnel and may require us to devote significant time and resources. If our channel partners do not effectively market and sell our solutions, or choose to use greater efforts to market and sell the products and services of our competitors, our ability to grow our business may be adversely affected.
Our relationships with channel partners have been, and could in the future be, terminated with little or no notice if they become subject to bankruptcy or other similar proceedings. The loss of our major channel partners, the inability to replace them or the failure to recruit additional channel partners could materially and adversely affect our results of operations. If we are unable to maintain our relationship with channel partners or otherwise develop and expand our sales channels, or if our channel partners fail to perform, our business, financial position and results of operations could be adversely affected.
Our increasing focus on expanding security policy management to cloud-native environments presents execution and competitive risks.
While many organizations see the cloud as a scalable extension of their existing data center, some are adopting the DevOps approach to cloud application development. Pricing and delivery models are evolving. Different usage models and network security architectures in the cloud influence customers’ choice of cloud-based security products. We are devoting significant resources to develop and deploy our cloud-based strategies. Our ecosystem must continue to evolve with this changing environment. Unlike traditional enterprise applications, in which every connectivity change is controlled and managed by IT, in cloud-native environments the developers and DevOps engineers typically have administrative rights over the infrastructure. The connectivity decisions and changes made by developers in cloud-native applications can have an immediate impact on the organization’s security posture, with little or no oversight by the security team. Our success in developing cloud-native solutions is connected with the fragmentation of enterprise networks between on-premise networks and the cloud environment, the growing use of cloud infrastructure and cloud-native development environments and the level of adoption of cloud platforms such as such as Google Cloud, Amazon Web Services, or AWS, and Microsoft Azure.
We may not establish sufficient market share to achieve the scale necessary to achieve our business objectives. If we are not effective in executing organizational and technical changes to increase efficiency and accelerate innovation, or if we fail to generate sufficient usage of our new products and services, we may not grow revenues in line with the infrastructure and development investments described above.
If our maintenance or professional services are not satisfactory to our customers, they may not renew their maintenance or professional services contracts, which could adversely affect our future results of operations.
Our customers depend in large part on customer support delivered through our channel partners or by us to resolve issues relating to the use of our solutions. Our agreements with customers typically provide certain service level commitments, including with respect to initial response time for support. Our

21



business relies on our customers’ satisfaction with the technical maintenance and support and professional services we provide to support our products. While the majority of our software is sold under perpetual license agreements, all of our maintenance and professional services contracts are sold on a term basis. Our customers typically purchase one or three years of software maintenance in addition to their initial purchase of our products, with an option to renew their maintenance contracts. In order for us to maintain and improve our results of operations, it is important that our existing customers renew their maintenance contracts when the term expires. For example, for each of the years ended December 31, 2017 and 2018, our maintenance renewal rate was over 90%. Maintenance and support revenues have increased as a percentage of our revenues in each of these years.
The failure of our customers to correctly use our solutions, or our failure to effectively assist customers in deploying and integrating our solutions and providing effective ongoing support, may result in an increase in the vulnerability of our customers’ networks and their sensitive business data. If we fail to provide technical support services that are responsive, satisfy our customers’ expectations and resolve issues that they encounter with our products and services, then they may elect not to renew annual maintenance and support contracts and they may choose not to purchase additional products and services from us. Accordingly, our failure to provide satisfactory technical support or professional services could lead our customers not to renew their agreements with us or renew on terms less favorable to us, and therefore have a material and adverse effect on our business and results of operations.
We depend on a single third-party hardware manufacturer for the hardware that we use to fulfill certain orders for our software licenses.
We depend on a single third-party manufacturer to supply the computer hardware on which our licensed software is installed for certain customers. Specifically, when placing an order, a customer may elect to download our software onto its own computer hardware that meets our specifications or purchase computer hardware from us with our software pre-installed. Approximately one half of our sales in 2017 and one third of our sales in 2018 were transactions in which customers purchased software pre-installed on computer hardware that we supplied. Our computer hardware supplier fulfills our requirements on a purchase order basis and we hold only limited inventory. We do not have a long-term contract with the supplier that guarantees capacity or the continuation of particular pricing terms. There are alternative suppliers for the computer hardware, but that hardware would initially not be optimized for our software. Furthermore, in the event of a disruption in supply, we would need to inform customers with pending orders regarding the change in hardware and offer them the choice of supplying their own hardware or using alternate hardware that we would supply, both of which may cause delays in the timely fulfillment of their orders. This could have a material adverse effect on our business and results of operations.
If our products fail to help our customers achieve and maintain compliance with government regulations and industry standards, our business and results of operations could be materially adversely affected.
We generate a substantial portion of our revenues from our products and services because they help our customers achieve and maintain compliance with government regulations and industry standards, and we expect that will continue for the foreseeable future. Industry standards may change with little or no notice, including changes that could make them more or less onerous for businesses. Governments may also adopt new laws or regulations, or make changes to existing laws or regulations, that could impact whether our solutions enable our customers to maintain compliance with such laws or regulations. Examples of industry and government regulations include the Payment Card Industry Data Security Standard, or PCI-DSS, the Sarbanes-Oxley Act, the North American Electric Reliability Corporation Critical Infrastructure Protection standards, or NERC-CIP, the General Data Protection Regulation, or GDPR, the NIST Cybersecurity Framework and the Health Insurance Portability and Accountability Act of 1996, or HIPAA. If we are unable to adapt our solutions to changing regulatory standards in a timely manner, or if our solutions fail to expedite our customers’ compliance initiatives, our customers may lose confidence in our products and could switch to products offered by our competitors. In addition, if regulations and standards related to information security change in a manner that makes them less

22



onerous, our customers may view government and industry regulatory compliance as less critical to their businesses, and our customers may be less willing to purchase our products and services. In either case, our sales and financial results would suffer.
If we are unable to adequately protect our proprietary technology and intellectual property rights, our business could suffer substantial harm.
Our commercial success depends, in part, on our ability to protect our core technologies and other intellectual property assets. We rely on a combination of trade secrets, copyright and trademark laws, confidentiality procedures, technical know-how and continuing innovation to protect our intellectual property and maintain our competitive advantage.
Our software and other proprietary information are protected by copyright on creation. Copyright registrations, which have so far not been necessary, may be sought on an as-needed basis. We also control access to and use of our proprietary software, proprietary technology and other confidential information through the use of internal and external controls, including contractual agreements containing confidentiality obligations with our employees, independent consultants, independent contractors, professional services team, partners and customers. Our confidentiality agreements are designed to protect our proprietary information, and the clauses requiring assignment of inventions are designed to grant us ownership of technologies that are developed through our relationship with the respective counterparty. Despite our efforts to protect our trade secrets and proprietary rights through intellectual property rights, confidentiality agreements and licenses (including non-disclosure and invention assignment agreements), unauthorized parties may still copy or otherwise obtain and use our intellectual property and technology.
In addition, we seek to protect our intellectual property by filing Israeli, U.S. and other foreign patent applications related to our proprietary technology. As of December 31, 2018, we had 14 issued patents in the United States. We also had four issued patents and one pending patent application in Israel. We may file additional patent applications in the future. In order to benefit from the protection of patents and other intellectual property rights, we must monitor and detect infringement and pursue infringement claims in certain circumstances in relevant jurisdictions, all of which are costly, time-consuming and uncertain. We may choose not to seek patent protection for certain innovations or in certain jurisdictions. Furthermore, the scope of our issued patents may be insufficient, and they may not provide us with any competitive advantages. Our patents and other intellectual property rights may be challenged by others or invalidated through administrative processes or litigation. In addition, the issuance of a patent does not guarantee that we have an absolute right to practice the patented invention. As a result, we may not be able to obtain adequate protection or effectively enforce our issued patents or other intellectual property rights.
We cannot assure you that the steps taken by us will deter or prevent infringement or misappropriation of our intellectual property or technology. In addition, the laws of some foreign countries where we operate do not protect our intellectual property and technology to as great an extent as the laws of the United States, and many foreign countries do not enforce these laws as diligently as government agencies and private parties in the United States.
We may be subject to intellectual property rights claims by third parties, which may be costly to defend, could require us to pay significant damages and could limit our ability to use certain technologies.
Companies in the software and technology industries, including some of our current and potential competitors, own large numbers of copyrights, trademarks, trade secrets and patents, and frequently enter into litigation based on allegations of infringement, misappropriation or other violations of intellectual property rights. From time to time, third parties may assert their patent, copyright, trademark and other intellectual property rights against us, our channel partners or our customers.
Successful claims of infringement or misappropriation by a third-party could prevent us from using or distributing certain products or performing certain services or could require us to pay substantial damages

23



(including, for example, treble damages if we are found to have willfully infringed patents and increased statutory damages if we are found to have willfully infringed copyrights), royalties or other fees. Such claims also could require us to cease making, licensing or using solutions that are alleged to infringe or misappropriate the intellectual property of others, to expend additional development resources to attempt to redesign our products or services or otherwise to develop non-infringing technology, to enter into potentially unfavorable royalty or license agreements in order to obtain the right to use necessary technologies or intellectual property rights, and to indemnify our partners and other third parties, including our customers and channel partners whom we typically indemnify against such claims. Even if third parties may offer a license to their intellectual property, the terms of any offered license may not be acceptable, and the failure to obtain a license or the costs associated with any license could cause our business, results of operations or financial condition to be materially and adversely affected.
We indemnify our channel partners and customers against claims that our products infringe the intellectual property rights of third parties. Defending against claims of infringement or being deemed to be infringing the intellectual property rights of others could impair our ability to innovate, develop, distribute and sell our current and planned products and services. If we are unable to protect our intellectual property and technology and ensure that we are not violating the intellectual property rights of others, we may find ourselves at a competitive disadvantage to others who need not incur the additional expense, time and effort required to create the innovative products that have enabled us to be successful to date.
Our use of open source software could negatively affect our ability to sell our software and subject us to possible litigation.
We use open source software in our products and our development environments and expect to continue to use open source software in the future. Open source software is typically provided without warranties or assurances of any kind. Some open source licenses contain requirements that the users of such software make available source code for modifications or derivative works we create based upon the open source software used, and many open source licenses include provisions that have not been interpreted by the courts. We monitor and control our use of open source software in an effort to avoid unanticipated conditions or restrictions on our ability to successfully commercialize our products and solutions. We believe that our compliance with the obligations under the various applicable licenses has mitigated the risks that we would trigger any such conditions or restrictions. However, such use may have inadvertently occurred in the development and offering of our products and solutions. If we combine our proprietary software with open source software in a certain manner that is not intended under our policies or monitoring practices, we could, under certain open source licenses, be required to release the source code of our proprietary software to the public. This would allow our competitors to create similar products quickly with lower development effort and ultimately could result in a loss of sales for us.
The terms of many open source software licenses have not been interpreted by U.S. or foreign courts, and there is a risk that, once interpreted, those licenses could be construed in a manner that imposes unanticipated conditions or restrictions on our ability to successfully commercialize our products and solutions. For example, certain open source software licenses may be interpreted to require that we offer our products or solutions that use the open source software for no cost; that we make available the source code for modifications or derivative works we create based upon, incorporating or using the open source software (or that we grant third parties the right to decompile, disassemble, reverse engineer or otherwise derive such source code); that we license such modifications or derivative works under the terms of the particular open source license; or that otherwise impose limitations, restrictions or conditions on our ability to use, license, host or distribute our products and solutions in a manner that limits our ability to successfully commercialize our products.
This potential litigation could require us to purchase costly licenses or devote additional research and development resources to change our products or services, either of which would have a negative effect on our business and results of operations. In addition, if the license terms for the open source software we utilize change, we may be forced to reengineer our offerings or incur additional costs. Although we

24



monitor the use and incorporation of open source software into our products, we cannot be certain that we have, in all cases, incorporated open source software in our products in a manner that is consistent with the applicable open source license terms.
Third parties may bring legal actions against us.
Third parties may bring legal actions against us. Such actions, even if without merit, could harm our business. Litigation in general, and intellectual property and securities litigation in particular, can be expensive, lengthy and disruptive to normal business operations. Moreover, the results of complex legal proceedings are difficult to predict. An unfavorable resolution of any lawsuit could adversely affect our business, results of operations, prospects, or financial condition.
Although we have contractual protections, such as warranty disclaimers and limitation of liability provisions, in our standard terms and conditions of sale, they may not fully or effectively protect us from claims by customers, commercial relationships or other third parties. Any insurance coverage we have may not adequately cover all claims asserted against us, or cover only a portion of such claims. In addition, even claims that ultimately are unsuccessful could result in our expenditure of funds in litigation and divert management’s time and other resources.
We are subject to a number of risks associated with international sales and operations.
We operate a global business with offices located in Israel, the United States and England. In the year ended December 31, 2018, we generated 56.8%, 38.4% and 4.8% of our revenues from customers in the Americas, EMEA and the rest of the world, respectively. Business practices in the international markets that we serve may differ from those in the United States and may require us to include non-standard terms in customer contracts, such as extended payment or warranty terms. To the extent that we enter into customer contracts that include non-standard terms related to payment, warranties, or performance obligations, our results of operations may be adversely impacted.
Additionally, our international sales and operations are subject to a number of risks, including the following:
greater difficulty in enforcing contracts and managing collections, as well as longer collection periods;
higher costs of doing business internationally, including costs incurred in establishing and maintaining office space and equipment for our international operations;
management communication and integration problems resulting from cultural and geographic dispersion;
risks associated with trade restrictions and foreign legal requirements, including any importation, certification, and localization of our platforms that may be required in foreign countries;
greater risk of unexpected changes in regulatory practices, tariffs and tax laws and treaties;
compliance with anti-bribery laws, including, without limitation, compliance with the U.S. Foreign Corrupt Practices Act, the bribery sections of the Israeli Penal Law, 5737-1977 and the U.K. Bribery Act;
heightened risk of unfair or corrupt business practices in certain geographies and of improper or fraudulent sales arrangements that may impact financial results and result in restatements of, or irregularities in, financial statements;
the uncertainty of protection for intellectual property rights in some countries;
general economic and political conditions in these foreign markets; and
double taxation of our international earnings and potentially adverse tax consequences due to changes in the tax laws of the United States, Israel or the other jurisdictions in which we operate.

25



These and other factors could harm our ability to generate future international revenues and, consequently, materially impact our business, results of operations and financial condition.
We are dependent on the continued services and performance of our two founders, the loss of either of whom could adversely affect our business.
Our business depends on the continued services and performance of our two founders, Reuven Kitov, our Chief Executive Officer and Chairman of the Board of Directors, and Reuven Harrison, our Chief Technology Officer and a director, to execute on our business plan, and to identify and pursue new opportunities and product innovations. We do not carry key man life insurance on either of Mr. Kitov or Mr. Harrison and, even if we did, such coverage would likely be insufficient to compensate us for the loss of their services. The loss of services of either of Mr. Kitov or Mr. Harrison could significantly delay or prevent the achievement of our development and strategic objectives.
Our corporate culture has contributed to our success, and if we cannot maintain this culture as we grow, we could lose the innovation, creativity and teamwork fostered by our culture, which could adversely affect our business.
We believe that our corporate culture has been and will continue to be a key contributor to our success. From December 31, 2016 to December 31, 2018, we increased the size of our workforce by 55 employees in Israel and by 111 employees in other countries, and we expect to continue to hire aggressively as we expand. In addition, we plan to continue to expand our international operations, which may affect our culture as we seek to find, hire and integrate additional international employees while maintaining our corporate culture. If we do not continue to maintain our corporate culture as we grow, we may be unable to continue to foster the innovation, integrity and collaboration we believe we need to support our growth. Our substantial anticipated headcount growth, international expansion and our transition from a private company to a public company may result in a change to our corporate culture, which could adversely affect our business.
Prolonged economic uncertainties or downturns could materially adversely affect our business.
Our business depends on our current and prospective customers’ ability and willingness to invest money in security policy management, which in turn is dependent upon their overall economic health. Negative economic conditions in the global economy, including conditions resulting from financial and credit market fluctuations, could cause a decrease in corporate spending on security software. The Americas accounted for the majority of our revenues in each of the years ended December 31, 2017 and 2018, nearly all of which were generated in the United States. EMEA also accounted for a significant portion of our revenues in each of the years ended December 31, 2017 and 2018, with revenues generated in Germany representing 27% and 25%, respectively, of EMEA revenues. Economic downturns and geopolitical challenges in the Americas, EMEA or certain other parts of the world may cause our customers in those locations to reevaluate decisions to purchase our solutions or to delay their purchasing decisions, which could adversely impact our results of operations due to the importance that region to us.
In addition, a significant portion of our revenues is generated from customers in the financial services industry, including banking and insurance, and the telecommunications industry. In 2017 and 2018, we generated approximately 50% and 53%, respectively, of our revenues from customers in the financial services and telecommunications industries. Negative economic conditions may cause customers in those industries in particular to reduce their IT spending. Customers may delay or cancel IT projects, choose to focus on in-house development efforts or seek to lower their costs by renegotiating maintenance and support agreements. To the extent purchases of licenses for our software are perceived by customers and potential customers to be discretionary, our revenues may be disproportionately affected by delays or reductions in general IT spending. If the economic conditions of the general economy or industries in which we operate worsen from present levels, our results of operation could be adversely affected.

26



Our business depends, in part, on sales to the public sector, and significant changes in the contracting or fiscal policies of the public sector could have an adverse effect on our business.
We derive a portion of our revenues from sales of our solutions to federal, state, local and foreign governments, and we believe that the success and growth of our business will continue to depend in part on our successful procurement of government contracts. Factors that could impede our ability to maintain or increase the amount of revenues derived from government contracts include:
changes in fiscal or contracting policies;
decreases in available government funding;
changes in government programs or applicable requirements;
the adoption of new laws or regulations or changes to existing laws or regulations; and
potential delays or changes in the government appropriations or other funding authorization processes.
The occurrence of any of the foregoing could cause governments and governmental agencies to delay or refrain from purchasing our solutions or otherwise have an adverse effect on our business, operating results and financial condition.
Requirements associated with being a public company in the United States will require significant resources and management attention.
Requirements associated with being a public company in the United States will require significant resources and management attention. After the completion of this offering, we will become subject to certain reporting requirements of the Securities Exchange Act of 1934, or the Exchange Act, and the other rules and regulations of the Securities and Exchange Commission, or the SEC, and the New York Stock Exchange, or the NYSE. We will also be subject to various other regulatory requirements, including the Sarbanes-Oxley Act. We expect these rules and regulations to increase our legal, accounting and financial compliance costs and to make some activities more time-consuming and costly. For example, we expect that these rules and regulations may make it more difficult and more expensive for us to obtain directors’ and officers’ liability insurance, which could make it more difficult for us to attract and retain qualified members of our board of directors. We cannot predict or estimate the amount of additional costs we will incur as a public company or the timing of such costs.
We have recently implemented a new ERP system to provide for greater depth and breadth of functionality and effectively manage our business data, communications, operations and other business processes. A failure of our new system to perform as we anticipate may result in transaction errors, processing inefficiencies and sales losses, may otherwise disrupt our operations and materially and adversely affect our business, results of operations and financial condition and may harm our ability to accurately forecast sales demand, fulfill our contractual obligations and file reports with the SEC on a timely and accurate basis. In addition, due to the systemic internal control features within ERP systems, we may experience difficulties that may affect our internal control over financial reporting, which may create a significant deficiency or material weakness in our overall internal controls. The risks associated with a new ERP system are greater for us as a newly public company.
In addition, complying with these rules and regulations and the increasingly complex laws pertaining to public companies will require substantial attention from our senior management, which could divert their attention away from the day-to-day management of our business. These cost increases and the diversion of management’s attention could materially and adversely affect our business, financial condition and results of operations. We will also need to hire additional personnel to support our financial reporting function, and may face challenges in doing so.

27



We may acquire other businesses, which could require significant management attention, disrupt our business, dilute shareholder value and adversely affect our results of operations.
As part of our business strategy and in order to remain competitive, we may acquire or make investments in complementary companies, products or technologies. However, we have not made any acquisitions to date, and as a result, our ability as an organization to acquire and integrate other companies, products or technologies in a successful manner is unproven. We may not be able to find suitable acquisition candidates, and we may not be able to complete such acquisitions on favorable terms, if at all. If we do complete acquisitions, we may not ultimately strengthen our competitive position or achieve our goals, and any acquisitions we complete could be viewed negatively by our customers, analysts and investors. In addition, if we are unsuccessful at integrating such acquisitions or the technologies associated with such acquisitions, our revenues and results of operations could be adversely affected. Any integration process may require significant time and resources, and we may not be able to manage the process successfully. We may not successfully evaluate or utilize the acquired technology or personnel or accurately forecast the financial impact of an acquisition transaction, including accounting charges. We may have to pay cash, incur debt or issue equity securities to pay for any such acquisition, each of which could adversely affect our financial condition or the value of our ordinary shares. The sale of equity or issuance of debt to finance any such acquisitions could result in dilution to our shareholders. The incurrence of indebtedness would result in increased fixed obligations and could also include covenants or other restrictions that would impede our ability to manage our operations.
We are subject to governmental export and import controls that could subject us to liability in the event of non-compliance or impair our ability to compete in international markets.
We incorporate encryption capabilities into certain of our products and these products thus may be subject to U.S. export control requirements. We are also subject to Israeli regulations controlling the use, import and export of encryption technology since our product development initiatives are primarily conducted in Israel. In December 2013, regulations under the Wassenaar Arrangement for the first time included a chapter on cyber-related matters. We believe that our products do not fall under this chapter; however, in the future we may become subject to this regulation or similar regulations, which would limit our sales and marketing activities and could therefore have an adverse effect on our results of operations. We have satisfied U.S. and Israeli export control requirements to export our products to most customers and jurisdictions outside of the United States and Israel, and we have satisfied other provisions of Israeli law governing the use of encryption technology. If the applicable U.S. and Israeli requirements regarding the export of encryption software or technology change or if we change the encryption means in our products or technology, we may need to satisfy additional requirements in the United States or Israel. Furthermore, various other countries regulate the import of certain encryption products and technology, including import permitting and licensing requirements, and have enacted laws that could limit our ability to distribute our products or could limit our customers’ ability to implement our products in those countries.
We are also subject to U.S. and Israeli export control and economic sanctions laws, which prohibit the shipment of certain products to embargoed or sanctioned countries and regions, governments and persons. Our products and technologies could be exported to these sanctioned targets by our channel partners despite the contractual undertakings they have given us and any such export could have negative consequences, including government investigations, penalties and reputational harm. Any change in export or import regulations, economic sanctions or related legislation, shift in the enforcement or scope of existing regulations, or change in the countries, governments, persons or technologies targeted by such regulations, could result in decreased use of our products by, or in our decreased ability to export or sell our products to, existing or potential customers with international operations. Any decreased use of our products or limitation on our ability to export or sell our products would likely adversely affect our business, financial condition and results of operations.
In addition, in the future we may be subject to defense-related export controls. For example, currently our solutions are not subject to supervision under the Israeli Defense Export Control Law, 5767-2007, or the Import and Export Decree (Export Control over Dual Use Goods, Services and Technology), 5766-2006,

28



but if the definitions of regulated cybersecurity are changed and our products are becoming classified as defense-related, we would become subject to such regulation. In particular, under the Defense Export Control Law, an Israeli company may not conduct “defense marketing activity” without a defense marketing license from the Israeli ministry of defense and may be subject to a requirement to obtain a specific license from the Israeli ministry of defense for any export of defense-related products, services and/or know-how. The definition of defense marketing activity is broad and includes any marketing of “defense equipment, services and/or know-how” outside of Israel or to a non-Israeli, which includes dual-use equipment, services and/or know-how (equipment, services and/or know-how that can be used for civilian or defensive purposes such as our cybersecurity solutions) that is specified in the list of Goods and Dual-Use Technology annexed to the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies, if intended for defense use or defense user only, or is specified under Israeli legislation. Similar issues could arise under the U.S. defense/military export controls under the Arms Export Control Act and the International Traffic in Arms Regulations.
Risks Related to Our Ordinary Shares and the Offering
Our share price may be volatile, and you may lose all or part of your investment.
The initial public offering price for the ordinary shares sold in this offering will be determined by negotiation between us and representatives of the underwriters. This price may not reflect the market price of our ordinary shares following this offering and the price of our ordinary shares may decline. In addition, the market price of our ordinary shares could be highly volatile and may fluctuate substantially as a result of many factors, including:
actual or anticipated fluctuations in our results of operations;
variance in our financial performance from the expectations of market analysts;
announcements by us or our competitors of significant business developments, changes in service provider relationships, acquisitions or expansion plans;
changes in the prices of our products and services;
our involvement in litigation;
our sale of ordinary shares or other securities in the future;
market conditions in our industry;
changes in key personnel;
the trading volume of our ordinary shares;
changes in the estimation of the future size and growth rate of our markets; and
general economic and market conditions.
In addition, the stock markets have experienced extreme price and volume fluctuations. Broad market and industry factors may materially harm the market price of our ordinary shares, regardless of our operating performance. In the past, following periods of volatility in the market price of a company’s securities, securities class action litigation has often been instituted against that company. If we were to be involved in any similar litigation, we could incur substantial costs and our management’s attention and resources could be diverted.
Low trading volume may also increase the price volatility of our ordinary shares. A thin trading market could cause the price of our ordinary shares to fluctuate significantly more than the stock market as a whole.

29



There has been no prior public market for our ordinary shares, and an active trading market may never develop.
Prior to this offering, there has been no public market for our ordinary shares. An active trading market may never develop following completion of this offering or, if developed, may not be sustained. The lack of an active market may impair your ability to sell your ordinary shares at the time you wish to sell them or at a price that you consider reasonable. The lack of an active market may also reduce the fair market value of your ordinary shares. An inactive market may also impair our ability to raise capital by selling our ordinary shares and may impair our ability to acquire other companies by using our ordinary shares as consideration.
If we do not meet the expectations of equity research analysts, if they do not publish research or reports about our business or if they issue unfavorable commentary or downgrade our ordinary shares, the price of our ordinary shares could decline.
The trading market for our ordinary shares will rely, in part, on the research and reports that equity research analysts publish about us and our business. The analysts’ estimates are based upon their own opinions and are often different from our estimates or expectations. If our results of operations are below the estimates or expectations of public market analysts and investors, our share price could decline. Moreover, the price of our ordinary shares could decline if one or more securities analysts downgrade our ordinary shares or if those analysts issue other unfavorable commentary or cease publishing reports about us or our business.
Following the closing of this offering, a number of significant beneficial owners of our shares will have a significant influence over matters requiring shareholder approval, which could delay or prevent a change of control, and our articles of association will contain provisions that could make it difficult or expensive for a third party to pursue a takeover attempt.
Following the closing of this offering, the largest beneficial owners of our shares, entities and individuals affiliated with Marker LLC and Catalyst Private Equity Partners (Israel) II, Limited Partnership, each of which currently beneficially owns more than 10% of our outstanding shares, will beneficially own in the aggregate 41.8% of our ordinary shares or, if the underwriters exercise their option to purchase additional ordinary shares, 40.4% of our ordinary shares. As a result, these shareholders individually could exert significant influence, and if they were to act together could exert a controlling influence, over our operations and business strategy and would have sufficient voting power to control the outcome of matters requiring shareholder approval. These matters may include:
the composition of our board of directors, which has the authority to direct our business and to appoint and remove our officers;
approving or rejecting a merger, consolidation or other business combination;
raising future capital; and
amending our articles of association, which govern the rights attached to our ordinary shares.
This concentration of ownership of our ordinary shares could delay or prevent proxy contests, mergers, tender offers, open-market purchase programs or other purchases of our ordinary shares that might otherwise give you the opportunity to realize a premium over the then-prevailing market price of our ordinary shares. This concentration of ownership may also adversely affect our share price. Further, our amended and restated articles of association, which will become effective upon the closing of this offering, contain provisions that could make it difficult or expensive for a third party to pursue a tender offer, change in control or takeover attempt that is opposed by our management and board of directors even if such a transaction would be beneficial to our shareholders. We will also have a staggered board of directors that could make it more difficult for shareholders to change the composition of our board of directors in any one year. These anti-takeover provisions could substantially impede the ability of public shareholders to change our management or board of directors.

30



As a foreign private issuer, we are permitted to follow certain home country corporate governance practices instead of otherwise applicable NYSE requirements, which may, in the future, result in less protection than is accorded to investors under rules applicable to domestic U.S. issuers.
As a foreign private issuer, we are permitted to follow certain home country corporate governance practices instead of those otherwise required under NYSE rules for U.S. domestic issuers. For example, foreign private issuers are permitted to follow home country practices with regard to director nomination procedures and the approval of compensation of officers. Additionally, foreign private issuers are not required to maintain a board comprised of a majority of independent directors. Foreign private issuers are also exempt from NYSE rules that require shareholder approval prior to (i) the adoption or amendment of an equity compensation plan or (ii) the issuance of ordinary shares, or securities convertible into or exercisable for ordinary shares, in private offerings in excess of 20% of a company’s outstanding ordinary shares or voting power, as well as other private offerings to related parties. However, notwithstanding our ability to follow the corporate governance practices of our home country, Israel, we have elected to comply with NYSE corporate governance requirements that are applicable to U.S. domestic issuers. Nevertheless, we may, in the future, decide to rely on foreign private issuer exemptions and follow Israeli home country governance practices in lieu of complying with some or all NYSE corporate governance requirements, which may provide less protection to you than is accorded to investors of domestic issuers. See “Management-Corporate Governance Practices.”
As a foreign private issuer we will not be subject to the provisions of Regulation FD or U.S. proxy rules and will be exempt from filing certain Exchange Act reports.
As a foreign private issuer, we will be exempt from a number of requirements under U.S. securities laws that apply to public companies that are not foreign private issuers. In particular, we will be exempt from the rules and regulations under the Exchange Act, related to the furnishing and content of proxy statements, and our officers, directors and principal shareholders will be exempt from the reporting and short-swing profit recovery provisions contained in Section 16 of the Exchange Act. In addition, we will not be required under the Exchange Act to file annual and current reports and financial statements with the SEC as frequently or as promptly as U.S. domestic companies whose securities are registered under the Exchange Act and we will generally be exempt from filing quarterly reports with the SEC under the Exchange Act. We will also be exempt from the provisions of Regulation FD, which prohibits the selective disclosure of material nonpublic information to, among others, broker-dealers and holders of a company’s securities under circumstances in which it is reasonably foreseeable that the holder will trade in such company’s securities on the basis of the information. Even though we intend to comply voluntarily with Regulation FD, these exemptions and leniencies will reduce the frequency and scope of information and protections to which you are entitled as an investor.
We are not required to comply with the proxy rules applicable to U.S. domestic filers, including the requirement applicable to emerging growth companies to disclose the compensation of our Chief Executive Officer and other two most highly compensated executive officers on an individual, rather than an aggregate, basis. Nevertheless, regulations promulgated under the Israeli Companies Law will require us, after we become a public company, to disclose the annual compensation of our five most highly compensated officers on an individual basis, rather than on an aggregate basis. This disclosure will not be as extensive as that required of a U.S. domestic issuer. We intend to commence providing such disclosure, at the latest, in the annual proxy statement for our 2020 annual general meeting of shareholders, which will be furnished under cover of a Form 6-K and we may elect to provide such information at an earlier date.
In order to maintain our current status as a foreign private issuer, either (a) more than 50% of our outstanding voting securities must be directly or indirectly owned of record by non-residents of the United States or (b)(i) a majority of our executive officers or directors may not be U.S. citizens or residents, (ii) more than 50% of our assets cannot be located in the United States and (iii) our business must be administered principally outside the United States. Following the completion of this offering or at some other time thereafter, U.S. residents may directly or indirectly own more than 50% of our outstanding

31



voting securities. If so, we will cease to qualify as a foreign private issuer if we do not meet the requirements set forth in (b) above.
Although we have elected to comply with certain U.S. regulatory provisions, our loss of foreign private issuer status would make such provisions mandatory. The regulatory and compliance costs to us under U.S. securities laws as a U.S. domestic issuer would be significantly higher. If we are not a foreign private issuer, we will be required to file periodic reports and registration statements on U.S. domestic issuer forms with the SEC, which are more detailed and extensive than the forms available to a foreign private issuer. We would also be required to follow U.S. proxy disclosure requirements, including the requirement to disclose more detailed information about the compensation of our senior executive officers on an individual basis. We may also be required to modify certain of our policies to comply with good governance practices associated with U.S. domestic issuers. Such conversion and modifications will involve additional costs. In addition, we would lose our ability to rely upon exemptions from certain corporate governance requirements on U.S. stock exchanges that are available to foreign private issuers.
The market price of our ordinary shares could be negatively affected by future sales of our ordinary shares.
After this offering, there will be  32,435,871    shares of our ordinary shares outstanding. Sales by us or our shareholders of a substantial number of ordinary shares in the public market following this offering, or the perception that these sales might occur, could cause the market price of our ordinary shares to decline or could impair our ability to raise capital through a future sale of, or pay for acquisitions using, our equity securities. Of our issued and outstanding shares, all the ordinary shares sold in this offering will be freely transferable, except for any shares acquired by our “affiliates,” as that term is defined in Rule 144 under the U.S. Securities Act of 1933, as amended, or the Securities Act. Following completion of this offering,  76.3 % of our outstanding ordinary shares (or 73.6% if the underwriters exercise their option in full) will be considered restricted shares. Such securities can be resold into the public markets in the future in accordance with the requirements of Rule 144, including volume limitations, manner of sale requirements and notice requirements. See “Shares Eligible for Future Sale.”
We, our executive officers and directors, and the holders of substantially all of our outstanding ordinary shares, have agreed with the underwriters that, subject to limited exceptions, for a period of 180 days after the date of this prospectus, we and they will not directly or indirectly offer, pledge, sell, contract to sell, grant any option to purchase or otherwise dispose of any ordinary shares or any securities convertible into or exercisable or exchangeable for ordinary shares, or in any manner transfer all or a portion of the economic consequences associated with the ownership of ordinary shares, or cause a registration statement covering any ordinary shares to be filed except for the ordinary shares offered in this offering, without the prior written consent of the designated representatives of the underwriters, who may, in their sole discretion and at any time without notice, release all or any portion of the shares subject to these lock-up agreements.
At any time following the closing of this offering, subject, however, to the 180-day lock-up agreement entered into with the underwriters, the holders of  23,294,601  of our ordinary shares are entitled to require that we register their shares under the Securities Act for resale into the public markets. All shares sold pursuant to an offering covered by such registration statement will be freely transferable. See “Certain Relationships and Related Party Transactions—Registration Rights.”
In addition to our current shareholders’ registration rights, as of December 31, 2018 we had granted options to purchase 6,750,259 shares under our share option plans and had an additional 134,349 shares available for future grant. Following this offering, we intend to file a registration statement on Form S-8 under the Securities Act registering the shares under our share option plans. Shares included in such registration statement will be available for sale in the public market immediately after such filing, subject to vesting provisions, except for shares held by affiliates who will have certain restrictions on their ability to sell.

32



We may have exposure to greater tax liabilities than anticipated.
We have endeavored to structure our activities in a manner so as to minimize our and our subsidiaries’ aggregate tax liabilities. However, we have operations in various taxing jurisdictions, and our tax liabilities in one or more jurisdictions could be more than reported in respect of prior taxable periods and more than anticipated in respect of future taxable periods. In this regard, the amount of income taxes that we pay in future taxable periods could be higher if earnings are lower than anticipated in jurisdictions where lower statutory tax rates apply and higher than anticipated in jurisdictions where higher statutory tax rates apply.
In addition, we have entered into transfer pricing arrangements that establish transfer prices for our intercompany operations. However, our transfer pricing procedures are not binding on the applicable taxing authorities. No official authority in any country has made a binding determination as to whether or not we are operating in compliance with its transfer pricing laws. Accordingly, taxing authorities in any of the countries in which we operate could challenge our transfer prices and require us to adjust them to reallocate our income and potentially to pay additional taxes for prior tax periods. For example, the tax authorities in the United States have increased their focus on transfer pricing procedures, which could result in a greater likelihood of a challenge to our transfer pricing arrangements and the risk that we will be required to adjust them and reallocate our income. Such an adjustment could result in a higher effective tax rate than that to which we are currently subject. We expect that the issue of the validity of our transfer pricing procedures will become of greater importance as we continue our expansion in markets in which we currently have a limited presence and attempt to penetrate new markets. Any change to the allocation of our income as a result of reviews by taxing authorities could have a negative effect on our financial condition and results of operations.
Moreover, the determination of our worldwide provision for income taxes and other tax liabilities requires significant judgment and the ultimate tax determination is uncertain for many transactions and calculations. Although we believe our estimates are reasonable, our ultimate tax liability may differ from the amounts recorded in our financial statements and may materially adversely affect our financial condition and results of operations in the period or periods for which such determination is made. We have created reserves with respect to tax liabilities where we believe it to be appropriate. However, there can be no assurance that our ultimate tax liability will not exceed the reserves we have created.
The Base Erosion and Profit Shifting, or BEPS, project undertaken by the Organization for Economic Cooperation and Development, or the OECD, may also have adverse consequences on our tax liabilities. The BEPS project contemplates changes to numerous international tax principles, as well as national tax incentives, and these changes, which are being adopted in different manners by individual countries, could adversely affect our income tax liability. Even as countries translate the BEPS recommendations into specific national tax laws, it remains difficult to predict with accuracy the magnitude of any impact that such new rules may have on our financial results.
In addition, the 2017 Tax Cuts and Jobs Act, or the TCJA, made significant changes to the U.S. Internal Revenue Code, including a reduction in the U.S. federal corporate income tax rate from the previous top marginal rate of 35% to a flat rate of 21% and limitations on certain corporate deductions and credits. Also, the TCJA requires complex computations to be performed that were not previously required in U.S. tax law, significant judgments to be made in interpretation of the provisions of the TCJA and significant estimates in calculations and the preparation and analysis of information not previously relevant or regularly produced. The U.S. Treasury Department, the U.S. Internal Revenue Service, or IRS, and other standard-setting bodies could interpret or issue guidance on how provisions of the TCJA will be applied or otherwise administered that is different from our interpretation. Finally, foreign governments may enact tax laws in response to the TCJA that could result in further changes to global taxation and materially adversely affect our financial position and results of operations.

33



U.S. holders that own 10% or more of the vote or value of our ordinary shares may suffer adverse tax consequences if we and/or any of our non-U.S. subsidiaries are characterized as a “controlled foreign corporation,” or a CFC, under Section 957(a) of the U.S. Internal Revenue Code of 1986, as amended, or the Code.
A non-U.S. corporation is considered a CFC if more than 50% of (1) the total combined voting power of all classes of shares of such corporation entitled to vote or (2) the total value of the shares of such corporation, is owned, or is considered as owned by applying certain constructive ownership rules, by U.S. shareholders (within the meaning of the Code) on any day during the taxable year of such non-U.S. corporation. Certain U.S. shareholders of a CFC generally are required to include currently in gross income such shareholders’ share of the CFC’s “Subpart F income,” a portion of the CFC’s earnings to the extent the CFC holds certain U.S. property and a portion of the CFC’s “global intangible low-taxed income” (as defined under Section 951A of the Code). Such U.S. shareholders are subject to current U.S. federal income tax with respect to such items, even if the CFC has not made an actual distribution to such shareholders. “Subpart F income” includes, among other things, certain passive income (such as income from dividends, interests, royalties, rents and annuities or gain from the sale of property that produces such types of income) and certain sales and services income arising in connection with transactions between the CFC and a person related to the CFC. “Global intangible low-taxed income” may include most of the remainder of a CFC’s income over a deemed return on its tangible assets.
As a result of the ownership of our shares, certain voting arrangements with respect to our shares, and certain changes in the U.S. tax law introduced by the TCJA, we believe that we and our non-U.S. subsidiaries may be classified as CFCs in the prior taxable year as well as the current taxable year in which this offering occurs. These determinations cannot be made with certainty. In the event that we or any of our subsidiaries are a CFC, U.S. holders who hold 10% or more of the vote or value of our ordinary shares may realize adverse U.S. federal income tax consequences, such as current U.S. taxation of Subpart F income and of any such shareholder’s share of our or our subsidiaries’ accumulated non-U.S. earnings and profits (regardless of whether we make any distributions), taxation of amounts treated as global intangible low-taxed income under Section 951A of the Code with respect to such shareholder and being subject to certain reporting requirements with the IRS. Any such U.S. holder who is an individual generally would not be allowed certain tax deductions or foreign tax credits that would be allowed to a U.S. corporation. If you are a U.S. holder who holds 10% or more of the vote or value of our ordinary shares, you should consult your own tax advisors regarding the U.S. tax consequences of acquiring, owning or disposing our ordinary shares and the impact of the TCJA, especially the changes to the rules relating to CFCs.
U.S. holders of our ordinary shares may suffer adverse tax consequences if we are characterized as a passive foreign investment company, or a PFIC, under Section 1297(a) of the Code.
Generally, if, for any taxable year, at least 75% of our gross income is passive income, or at least 50% of the average quarterly value of our total gross assets (which, if we are a CFC for the year of the offering may be measured by the adjusted tax basis of our assets, and for subsequent years, assuming we are publicly traded, the total value of our assets may be measured in part by the market value of our ordinary shares, which is subject to change) is attributable to assets that produce passive income or that are held for the production of passive income, including cash, we would be characterized as a PFIC for U.S. federal income tax purposes. For purposes of these tests, passive income includes dividends, interest, gains from the sale or exchange of investment property and rents and royalties other than rents and royalties which are received from unrelated parties in connection with the active conduct of a trade or business. Additionally, a look-through rule generally applies with respect to 25% or more owned subsidiaries. If we are characterized as a PFIC, U.S. holders of our ordinary shares may suffer adverse tax consequences, including having gains realized on the sale of our ordinary shares treated as ordinary income, rather than capital gain, the loss of the preferential tax rate applicable to dividends received on our ordinary shares by individuals who are U.S. holders and having interest charges apply to distributions by us and to the proceeds of sales of our ordinary shares. In addition, special information reporting may

34



be required. See “U.S. and Israeli Tax Consequences for our Shareholders—Certain U.S. Federal Income Tax Consequences—Passive Foreign Investment Company Considerations.”
The determination of whether we are a PFIC will depend on the nature and composition of our income and the nature, composition and value of our assets from time to time. The 50% passive asset test described above is generally based on the fair market value of each asset, with the value of goodwill and going concern value determined in large part by reference to the market value of our ordinary shares, which may be volatile. If we are a CFC and not publicly traded throughout the relevant taxable year, however, the test may be applied based on the adjusted basis of our assets. Based on our belief that we may be classified as a CFC in the current taxable year in which this offering occurs and certain estimates of the adjusted tax bases of our assets, we believe that we may be classified as a PFIC with respect to the taxable year ending December 31, 2019. However, this determination is subject to uncertainty. Our status may also depend, for example, on how quickly we utilize the cash proceeds from this offering in our business. Moreover, because PFIC status is based on our income, assets and activities for the entire taxable year, it is not possible to determine whether we will be characterized as a PFIC for the 2019 taxable year or any subsequent year until after the close of the relevant year. We can therefore make no assurances regarding our PFIC status for any taxable year, and our U.S. counsel expresses no opinion with respect to our PFIC status for our current or future taxable years. We will determine whether we were a PFIC or not for each taxable year and make such determination available to U.S. holders.
The tax consequences that would apply if we were a PFIC would also be different from those described above if a U.S. holder were able to make a valid “qualified electing fund,” or QEF, election. We will use commercially reasonable efforts to make available to U.S. holders such information with respect to the Company as is necessary for U.S. holders to make QEF elections with respect to the Company if we are classified as a PFIC. See “U.S. and Israeli Tax Consequences for our Shareholders—Certain U.S. Federal Income Tax Consequences—Passive Foreign Investment Company Considerations.”
You will experience immediate and substantial dilution in the net tangible book value of the ordinary shares you purchase in this offering.
The initial public offering price of our ordinary shares substantially exceeds the pro forma net tangible book value per share of our ordinary shares immediately after this offering. Accordingly, based on an initial public offering price of $13.00 per share, which is the midpoint of the estimated offering price range set forth on the cover page of this prospectus, after deducting underwriting discounts and the estimated offering expenses payable by us, you will pay more for your shares than the amounts paid by our existing shareholders for their ordinary shares and you will suffer immediate dilution of $10.30 per share in pro forma net tangible book value of our ordinary shares. If outstanding options to purchase our ordinary shares are exercised in the future, you will experience additional dilution. See “Dilution.”
We have broad discretion over the use of proceeds we receive in this offering and may not apply the proceeds in ways that increase the value of your investment.
Our management will have broad discretion in the application of the net proceeds from this offering and, as a result, you will have to rely upon the judgment of our management with respect to the use of these proceeds. Our management may spend a portion or all of the net proceeds in ways that not all shareholders approve of or that may not yield a favorable return. The failure by our management to apply these funds effectively could harm our business.
We are an “emerging growth company,” and the reduced disclosure requirements applicable to emerging growth companies may make our ordinary shares less attractive to investors.
We are an “emerging growth company,” as defined in the Jumpstart Our Business Startups Act, or the JOBS Act, and may remain an emerging growth company for up to five years. For so long as we remain an emerging growth company, we are permitted and intend to rely on exemptions from certain disclosure requirements that are applicable to other public companies that are not emerging growth companies. These exemptions include not being required to comply with the auditor attestation requirements of

35



Section 404 of the Sarbanes-Oxley Act not being required to comply with any requirement that may be adopted by the Public Company Accounting Oversight Board regarding mandatory audit firm rotation or a supplement to the auditor’s report providing additional information about the audit and the financial statements, reduced disclosure obligations regarding executive compensation and exemptions from the requirements of holding a nonbinding advisory vote on executive compensation and shareholder approval of any golden parachute payments not previously approved. In this prospectus, we have not included all of the executive compensation-related information that would be required if we were not an emerging growth company. We cannot predict whether investors will find our ordinary shares less attractive if we rely on these exemptions. If some investors find our ordinary shares less attractive as a result, there may be a less active trading market for our ordinary shares and our share price may be more volatile.
We do not intend to pay dividends for the foreseeable future and, as a result, your ability to achieve a return on your investment will depend on appreciation in the price of our ordinary shares.
We have never declared or paid any cash dividends on our ordinary shares and do not intend to pay any cash dividends in the foreseeable future. We anticipate that we will retain all of our future earnings for use in the development of our business and for general corporate purposes. In addition, our ability to pay cash dividends is currently limited by the terms of our credit agreements, and any future credit agreements may contain terms prohibiting or limiting the amount of dividends that may be declared or paid on our ordinary shares. Accordingly, investors must rely on sales of their ordinary shares after price appreciation, which may never occur, as the only way to realize any future gains on their investments.
Risks Related to Our Incorporation and Location in Israel
Our corporate headquarters and principal research and development activities are located in Israel and, therefore, our business and operations may be adversely affected by political, economic and military conditions in Israel.
We are incorporated under Israeli law and our corporate headquarters, including our principal research and development facilities, are located in Israel. In addition, certain of our key employees and directors and officers are residents of Israel. Accordingly, political, economic and military conditions in the Middle East in general, and in Israel in particular, directly affect our business, product development and results of operations, and we may be adversely affected by a significant increase in the rate of inflation or a significant downturn in the economic or financial condition in Israel.
Since the State of Israel was established in 1948, a number of armed conflicts have occurred between Israel and its neighboring countries, and since 2000, there have been increasing occurrences of terrorist violence. In recent years, hostilities between Israel and Hezbollah in Lebanon (and Syria) and Hamas in the Gaza Strip have both involved missile strikes in various parts of Israel causing disruption of economic activities. This violence has strained Israel’s relationship with its Arab citizens, Arab countries and, to some extent, with other countries around the world. Our corporate headquarters and principal research and development activities are located in the range of missiles that could be fired from Lebanon, Syria or the Gaza Strip into Israel. In addition, Israel faces many threats from more distant neighbors, in particular, Iran (which is believed to be an ally of Hamas in Gaza and Hezbollah in Lebanon). Any armed conflicts involving Israel or in the region or any political instability in the region, including acts of terrorism as well as cyberattacks or any other hostilities involving or threatening Israel, would likely negatively affect business conditions and could make it more difficult for us to conduct our operations in Israel, which could increase our costs and adversely affect our financial results. Our commercial insurance does not cover losses that may occur as a result of an event associated with the security situation in the Middle East, such as damages to our facilities resulting in disruption of our operations. Although the Israeli government is currently committed to covering the reinstatement value of direct damages that are caused by terrorist attacks or acts of war, we cannot assure you that this government coverage will be maintained, or if maintained, will be sufficient to compensate us fully for damages incurred. Any losses or damages incurred by us could have a material adverse effect on our business. Any armed conflict involving Israel could adversely affect our operations and results of operations.

36



Several countries, principally in the Middle East, as well as certain companies, organizations and movements, restrict doing business with Israel or Israeli companies, and additional countries may impose restrictions on doing business with Israel and Israeli companies. In addition, there have been increased efforts by activists to cause companies and consumers to boycott Israeli goods based on Israeli government policies. Similarly, Israeli companies are limited in conducting business with entities from several countries. Such business restrictions and boycotts, particularly if they become more widespread, may materially and adversely impact our ability to sell our products and on the expansion of our business. We could be adversely affected by the interruption or curtailment of trade between Israel and its trading partners.
Exchange rate fluctuations between the U.S. dollar, the New Israeli Shekel, the Euro and other foreign currencies, may negatively affect our future revenues.
We generate substantially all of our revenues in U.S. dollars. The majority of our operating expenses are incurred in foreign currencies, and are subject to fluctuations due to changes in foreign currency exchange rates, particularly changes between the U.S. dollar and the New Israeli Shekel, or the NIS, the Euro and, to a lesser extent, the British Pound. As a result, our financial results may be affected by fluctuations in the exchange rates of currencies in the countries in which our products may be sold. For example, during 2017, we witnessed a strengthening of the average exchange rate of the NIS against the dollar, which increased the dollar value of Israeli expenses. If the NIS strengthens against the dollar, as it did in 2017, the dollar value of our Israeli expenses, mainly personnel and facility-related, will increase. We have entered into forward contracts with major banks to provide partial protection against foreign currency exchange risks resulting from expenses paid in NIS during the year. Although exposure to currency fluctuations to date has not had a material adverse effect on our business, there can be no assurance that our limited hedging transactions will provide sufficient protection and that such fluctuations in the future will not have a material adverse effect on our operating results and financial condition.
Our operations may be affected by negative labor conditions in Israel.
Strikes and work stoppages occur relatively frequently in Israel. If Israeli trade unions threaten additional strikes or work stoppages and such strikes or work stoppages occur, these may, if prolonged, have a material adverse effect on the Israeli economy and on our business, including our ability to deliver products to our customers in a timely manner.
Our operations could be disrupted by the obligations of our personnel to perform military service.
As of December 31, 2018, we had 217 employees based in Israel. Our operations could be disrupted by the obligations of some of our personnel to perform military service. Certain of our employees in Israel, generally males, including executive officers, may be called upon to perform obligatory military reserve service on an annual basis until they reach the age of 40 (and in some cases, up to age 49) and, in certain emergency circumstances, may be called to immediate and prolonged active duty on very short notice. Our operations could be disrupted by the absence for military service for extended periods of a significant number of our employees. Such disruption could materially and adversely affect our business and results of operations.
The termination or reduction of tax and other incentives that the Israeli government provides to domestic companies may increase the costs involved in operating a company in Israel.
The Israeli government currently provides tax and capital investment incentives to domestic companies, as well as grant and loan programs relating to research and development and marketing and export activities. In recent years, the Israeli government has reduced the benefits available under these programs and the Israeli governmental authorities have indicated that the government may in the future further reduce or eliminate the benefits of those programs. We have taken in the past and may take advantage of these benefits and programs again in the future, however, there is no assurance that such benefits and programs will continue to be available to us in the future. If such benefits and programs were

37



terminated or further reduced, it could have an adverse effect on our business, operating results and financial condition.
Enforcing a U.S. judgment against us and our current executive officers and directors, or asserting U.S. securities law claims in Israel, may be difficult.
We are incorporated under the laws of the State of Israel. Service of process upon us and upon our directors and officers and any Israeli experts named in this registration statement, most of whom reside outside of the United States, may be difficult to obtain within the United States. Furthermore, because a majority of our assets and most of our directors, officers and such Israeli experts are located outside of the United States, any judgment obtained in the United States against us or any of them may be difficult to collect within the United States.
We have irrevocably appointed Tufin Software North America, Inc. as our agent to receive service of process in any action against us in any U.S. federal or state court arising out of this offering or any purchase or sale of securities in connection with this offering.
We have been informed by our legal counsel in Israel, Gross, Kleinhendler, Hodak, Halevy, Greenberg, Shenhav & Co., that it may be difficult to assert U.S. securities law claims in original actions instituted in Israel. Israeli courts may refuse to hear a claim based on an alleged violation of U.S. securities laws on the basis that Israel is not the most appropriate forum in which to bring such a claim. In addition, even if an Israeli court agrees to hear a claim, it may determine that Israeli law and not U.S. law is applicable to the claim. There is little binding case law in Israel addressing these matters. If U.S. law is found to be applicable, the content of applicable U.S. law must be proven as a fact which can be a time-consuming and costly process. Certain matters of procedure will also be governed by Israeli law.
See “Enforceability of Civil Liabilities” for additional information on your ability to enforce civil claim against us and our executive officers and directors named in this prospectus.
Provisions of our amended and restated articles of association and Israeli law and tax considerations may delay, prevent or make difficult an acquisition of us, which could prevent a change of control and negatively affect the price of our ordinary shares.
Israeli corporate law regulates mergers, requires tender offers for acquisitions of shares above specified thresholds, requires special approvals for certain transactions involving directors, officers or significant shareholders and regulates other matters that may be relevant to these types of transactions. These provisions of Israeli law may delay, prevent or make difficult an acquisition of us, which could prevent a change of control and therefore negatively affect the price of our ordinary shares. For example, under the Israeli Companies Law, upon the request of a creditor of either party to a proposed merger, the court may delay or prevent the merger if it concludes that there exists a reasonable concern that as a result of the merger the surviving company will be unable to satisfy the obligations of any of the parties to the merger. In addition, our executive officers and certain other key employees are entitled to certain benefits in connection with a change of control of our company.
Our amended and restated articles of association provide that our directors (other than external directors) are elected on a staggered basis, such that a potential acquirer cannot readily replace our entire board of directors at a single annual general shareholder meeting.
Furthermore, Israeli tax considerations may make potential transactions unappealing to us or to our shareholders, especially for those shareholders whose country of residence does not have a tax treaty with Israel, which exempts such shareholders from Israeli tax. For example, Israeli tax law does not recognize tax-free share exchanges to the same extent as U.S. tax law. With respect to mergers, Israeli tax law allows for tax deferral in certain circumstances but makes the deferral contingent on the fulfillment of a number of conditions, including, in some cases, a holding period of two years from the date of the transaction during which sales and dispositions of shares of the participating companies are subject to certain restrictions. Moreover, with respect to certain share swap transactions, the tax deferral is limited in time, and when such time expires, the tax becomes payable even if no disposition of the shares has

38



occurred. In order to benefit from the tax deferral, a pre-ruling from the Israel Tax Authority might be required.
We may become subject to claims for remuneration or royalties for assigned service invention rights by our employees, which could result in litigation and adversely affect our business.
We have entered into assignment of invention agreements with our research and development employees pursuant to which such individuals agreed to assign to us all rights to any inventions created during or as a result of their employment or engagement with us or in our field of business. A significant portion of our intellectual property has been developed by our employees in the course and as a result of their employment for us. Under the Israeli Patent Law, 5727-1967, or the Patent Law, inventions conceived by an employee during the scope of his or her employment with a company and as a result thereof are regarded as “service inventions,” which belong to the employer, absent a specific agreement between the employee and employer giving the employee service invention rights. The Patent Law also provides that if there is no agreement between an employer and an employee with respect to the employee’s right to receive compensation for such “service inventions,” the Israeli Compensation and Royalties Committee, or the Committee, a body constituted under the Patent Law, shall determine whether the employee is entitled to remuneration for his or her service inventions and the scope and conditions for such remuneration. A recent decision by the Committee clarifies that the right to receive consideration for “service inventions” can be waived by the employee and that in certain circumstances, such waiver does not necessarily have to be explicit. In order to determine the scope and validity of such wavier, the Committee will examine, on a case-by-case basis, the general contractual framework between the parties, using interpretation rules of the general Israeli contract laws. Further, the Committee has not yet determined one specific formula for calculating this remuneration (but rather uses the criteria specified in the Patent Law). Although our employees have agreed to assign to us service invention rights and have specifically waived their right to receive any special remuneration for such assignment beyond their regular salary and benefits, we may face claims that the assignment is not enforceable or demanding remuneration in consideration for assigned inventions. As a consequence of such claims, we could be required to pay additional remuneration or royalties to our current and/or former employees, or be forced to litigate such claims, which could negatively affect our business.
The government tax benefits that we currently are entitled to receive require us to meet several conditions and may be terminated or reduced in the future.
Some of our operations in Israel may entitle us to certain tax benefits under the Law for the Encouragement of Capital Investments, 5719-1959, or the Investment Law, once we are profitable. If we do not meet the requirements for maintaining these benefits, they may be reduced or canceled and the relevant operations would be subject to Israeli corporate tax at the standard rate, which is set at 23% in 2018 and thereafter. In addition to being subject to the standard corporate tax rate, we could be required to refund any tax benefits that we have already received, plus interest and penalties thereon. Even if we continue to meet the relevant requirements, the tax benefits that our current “Benefited Enterprise” is entitled to may not be continued in the future at their current levels or at all. If these tax benefits were reduced or eliminated, the amount of taxes that we pay would likely increase, as all of our operations would consequently be subject to corporate tax at the standard rate, which could adversely affect our results of operations. Additionally, if we increase our activities outside of Israel, for example, by way of acquisitions, our increased activities may not be eligible for inclusion in Israeli tax benefits programs. See “Taxation and Israeli Government Programs Applicable to our Company” for additional information concerning these tax benefits.
Your rights and responsibilities as a shareholder will be governed by Israeli law, which differs in some material respects from the rights and responsibilities of shareholders of U.S. companies.
The rights and responsibilities of the holders of our ordinary shares are governed by our amended and restated articles of association and by Israeli law. These rights and responsibilities differ in some material respects from the rights and responsibilities of shareholders in U.S. corporations. For example, a shareholder of an Israeli company has a duty to act in good faith and in a customary manner in exercising

39



its rights and performing its obligations towards such company and its shareholders, and to refrain from abusing its power in such company, including, among other things, voting at a general meeting of shareholders on matters such as amendments to a company’s articles of association, increases in a company’s authorized share capital, mergers and acquisitions and related party transactions requiring shareholder approval. In addition, a shareholder who is aware that it possesses the power to determine the outcome of a shareholder vote or to appoint or prevent the appointment of a director or executive officer in the company has a duty of fairness toward the company. There is limited case law available to assist us in understanding the nature of these duties or the implications of these provisions. These provisions may be interpreted to impose additional obligations and liabilities on holders of our ordinary shares that are not typically imposed on shareholders of U.S. corporations.

40



SPECIAL NOTE REGARDING FORWARD-LOOKING STATEMENTS
We make forward-looking statements in this prospectus that are subject to risks and uncertainties. These forward-looking statements include information about possible or assumed future results of our business, financial condition, results of operations, liquidity, plans and objectives. In some cases, you can identify forward-looking statements by terminology such as “believe,” “may,” “estimate,” “continue,” “anticipate,” “intend,” “should,” “plan,” “expect,” “predict,” “potential,” or the negative of these terms or other similar expressions. The statements we make regarding the following matters are forward-looking by their nature:
our expectation that policy-centric, automated solutions will garner a growing share of enterprise security spend;
our expectations for growth in certain key verticals and geographic regions and our intention to expand international operations;
our plans to invest in and grow our sales force and marketing team and develop our sales platform;
our plans to deploy additional cloud-based subscription products over time, to enable more customers to consume our products beyond our existing on-premise solutions;
our expectations regarding customer relationships developed by our hybrid sales model;
our expectations regarding maintaining a high level of customer retention to achieve favorable return on investments;
our expectations regarding growth in the market for enterprise security and network management products;
our plans to continue investing in and growing our research and development capabilities;
our expectations regarding sales of our new products, Orca and Iris;
our intention to invest further in the Tufin Orchestration Suite to extend its functionality and features;
our expectations regarding seasonality;
our expectations regarding sales driven by channel partners and our technology alliance partners through joint selling efforts and go-to-market strategies; and
our expectations regarding our tax classifications.
The preceding list is not intended to be an exhaustive list of all of our forward-looking statements. The forward-looking statements are based on our beliefs, assumptions and expectations of future performance, taking into account the information currently available to us. These statements are only predictions based upon our current expectations and projections about future events. There are important factors that could cause our actual results, levels of activity, performance or achievements to differ materially from the results, levels of activity, performance or achievements expressed or implied by the forward-looking statements. In particular, you should consider the risks provided under “Risk Factors” in this prospectus.
You should not rely upon forward-looking statements as predictions of future events. Although we believe that the expectations reflected in the forward-looking statements are reasonable, we cannot guarantee that future results, levels of activity, performance and events and circumstances reflected in the forward-looking statements will be achieved or will occur. Except as required by law, we undertake no obligation to update publicly any forward-looking statements for any reason after the date of this prospectus, to conform these statements to actual results or to changes in our expectations.

41



MARKET AND INDUSTRY DATA
Unless otherwise indicated, information contained in this prospectus concerning our industry and the markets in which we operate, including our general expectations, market position, market opportunity and market size, is based on information from various sources, including Gartner, Inc., or Gartner, International Data Corporation, or IDC, and 451 Research LLC on assumptions that we have made that are based on those data and other similar sources and on our knowledge of the markets for our products and services. This information involves a number of assumptions and limitations, and you are cautioned not to give undue weight to such estimates. While we believe the market position, market opportunity and market size information included in this prospectus is generally reliable, such information is inherently imprecise. In addition, projections, assumptions and estimates of our future performance and the future performance of the industry in which we operate is necessarily subject to a high degree of uncertainty and risk due to a variety of factors, including those described in “Risk Factors” and elsewhere in this prospectus. These and other factors could cause results to differ materially from those expressed in the estimates made by the independent parties and by us.

42



USE OF PROCEEDS
We estimate that our net proceeds from this offering, after deducting the underwriting discount and estimated offering expenses payable by us, will be approximately $90.6 million, or approximately $104.6 million if the underwriters exercise in full their option to purchase additional ordinary shares, based upon an assumed initial public offering price of $13.00 per ordinary share, which is the midpoint of the estimated offering price range set forth on the cover page of this prospectus.
A $1.00 increase (decrease) in the assumed initial public offering price of $13.00 per ordinary share would increase (decrease) the net proceeds to us from this offering by approximately $7.2 million, assuming the number of shares offered as set forth on the cover page of this prospectus remains the same and after deducting underwriting discounts and estimated offering expenses payable by us. Similarly, each increase (decrease) of 1,000,000 shares in the number of ordinary shares offered would increase (decrease) the net proceeds to us from this offering by approximately $12.1 million, assuming that the assumed initial public offering price remains the same, and after deducting underwriting discounts and estimated offering expenses payable by us.
We anticipate that we will use the net proceeds we receive from this offering, including any net proceeds we receive from the exercise of the underwriters’ option to acquire additional ordinary shares in the offering, for working capital and other general corporate purposes. We expect to continue to invest in and to grow our research and development capabilities as well as expand our sales force and marketing team.

43



DIVIDEND POLICY
We may declare a dividend to be paid to the holders of our ordinary shares in proportion to their respective shareholdings. However, we have never declared or paid any cash dividends on our ordinary shares and we do not anticipate paying any cash dividends in the foreseeable future. In addition, our ability to pay cash dividends is currently limited by the terms of our credit agreements, and any future credit agreements may contain terms prohibiting or limiting the amount of dividends that may be declared or paid on our ordinary shares. We currently intend to retain future earnings to finance operations and expand our business.
The distribution of dividends may also be limited by the Israeli Companies Law, 5759-1999, or the Israeli Companies Law, which permits the distribution of dividends only out of “profits,” as such term is defined in the Israeli Companies Law. Our board of directors is authorized to declare dividends, provided that there is no reasonable concern that payment of the dividend will prevent us from satisfying our existing and foreseeable obligations as they become due. For purposes of the Israeli Companies Law, profits means the greater of retained earnings or earnings derived over the two most recent fiscal years after deduction of previous distributions that were not already deducted from the surpluses, as evidenced by financial statements prepared for periods no more than six months prior to the date of distribution. In addition, dividends may be paid with the permission of an Israeli court, provided that there is no reasonable concern that payment of the dividend will prevent a company from satisfying its existing and foreseeable obligations as they become due. Under the Israeli Companies Law, dividend distributions are determined by the board of directors and do not require the approval of the shareholders of a company unless the company’s articles of association provide otherwise. Our amended and restated articles of association do not require shareholder approval of a dividend distribution and provide that dividend distributions may be determined by our board of directors, subject to the provisions of the Israeli Companies Law.

44



CAPITALIZATION
The following table sets forth our cash and cash equivalents and total capitalization as of December 31, 2018, as follows:
on an actual basis;
on a pro forma basis to give effect to the conversion of all of our outstanding preferred shares into ordinary shares, which will occur immediately prior to the closing of this offering; and
on a pro forma as adjusted basis to give effect to (x) the same item as set forth in “pro forma,” (y) the exercise on a cashless basis of warrants to purchase 26,667 ordinary shares and the resulting issuance of 17,842 ordinary shares upon the closing of this offering and (z) the issuance and sale of ordinary shares in this offering at an assumed initial public offering price of $13.00 per ordinary share after deducting underwriting discounts and estimated offering expenses payable by us.
You should read this information in conjunction with our consolidated financial statements and the related notes appearing at the end of this prospectus and the “Management’s Discussion and Analysis of Financial Condition and Results of Operations” section and other financial information contained in this prospectus.
 
As of December 31, 2018
 
Actual
 
Pro Forma
 
Pro Forma
As Adjusted
 
(in thousands, except share and per share amounts)
Cash and cash equivalents
$
15,248

 
$
15,248

 
$
106,143

Long-term loan

 

 

Redeemable Convertible Preferred Shares:
 
 
 
 
 
Preferred shares of NIS 0.015 par value: 19,534,021 preferred shares authorized at December 31, 2018; 16,416,749 preferred shares issued and outstanding at December 31, 2018; no preferred shares issued and outstanding pro forma and pro forma as adjusted (unaudited)
26,699

 

 

Shareholders’ (deficit) equity:
 
 
 
 
 
Ordinary shares of NIS 0.015 par value; 52,666,712 shares authorized at December 31, 2017 and 2018; 7,966,612 and 8,265,988 shares issued and outstanding at December 31, 2017 and 2018; 24,682,737 shares issued and outstanding pro forma (unaudited); 32,400,579 shares issued and outstanding pro forma as adjusted (unaudited)
30

 
96

 
127

Additional paid-in capital
10,337

 
36,970

 
127,545

Accumulated deficit
(40,313
)
 
(40,313
)
 
(40,313
)
Total shareholders’ equity (deficit)
(29,946
)
 
(3,247
)
 
87,359

Total capitalization
$
(3,247
)
 
$
(3,247
)
 
$
87,359

 
 
 
 
 
 
A $1.00 increase (decrease) in the assumed initial public offering price of $13.00 per ordinary share, would increase (decrease) the as adjusted amount of each of cash and cash equivalents, additional paid-in capital, total equity and total capitalization by approximately $7.2 million, assuming that the number of ordinary shares offered, as set forth on the cover page of this prospectus, remains the same and after deducting underwriting discounts and estimated offering expenses payable by us.

45



DILUTION
If you purchase any of the shares offered by this prospectus, you will experience dilution to the extent of the difference between the offering price per share that you pay in this offering and the pro forma as adjusted net tangible book value per ordinary share immediately after this offering. Our net tangible book deficit as of December 31, 2018 was $0.13 per ordinary share. Consolidated net tangible book deficit per ordinary share was calculated by subtracting our total tangible assets from our total liabilities and dividing the difference by the number of ordinary shares outstanding.
After giving effect to the sale of ordinary shares that we are offering at an assumed initial public offering price of $13.00 per ordinary share, which is the midpoint of the estimated offering price range set forth on the cover page of this prospectus, after deducting the underwriting discount and estimated offering expenses payable by us, our consolidated net tangible book value on an adjusted basis as of December 31, 2018 would have been $2.70 per ordinary share. This amount represents an immediate increase in net tangible book value of $2.83 per ordinary share to our existing shareholders and an immediate decrease in net tangible book value of $10.30 per ordinary share to new investors purchasing ordinary shares in this offering. We determine dilution by subtracting the as adjusted net tangible book value per ordinary share after this offering from the amount of cash that a new investor paid for an ordinary share.
The following table illustrates this dilution:
Assumed initial public offering price per ordinary share
 
 
$
13.00

Net tangible book deficit per ordinary share as of December 31, 2018
$
(0.13
)
 
 
Increase per ordinary share attributable to this offering
2.83

 
 
Pro forma as adjusted net tangible book value per ordinary share after this offering
 
 
2.70

Dilution per ordinary share to new investors in this offering
 
 
$
10.30

 
 
 
 
A $1.00 increase (decrease) in the assumed initial public offering price of $13.00 per ordinary share would increase (decrease) our pro forma as adjusted net tangible book value by $7.2 million, or $0.22 per share, and would increase (decrease) the pro forma dilution per share to investors in this offering by $0.78 per share, assuming that the number of shares offered, as set forth on the cover page of this prospectus, remains the same, and after deducting underwriting discounts and estimated offering expenses payable by us. Each increase (decrease) of 1,000,000 shares in the number of shares offered would increase (decrease) our pro forma as adjusted net tangible book value by approximately $12.1 million, or $0.28 per share, and the pro forma dilution to investors in this offering would increase (decrease), as applicable, by $0.28 per share, assuming that the assumed initial public offering price remains the same, and after deducting underwriting discounts and estimated offering expenses payable by us.
If the underwriters exercise their option to purchase additional ordinary shares in full in this offering, the as adjusted net tangible book value after the offering would be $3.02 per ordinary share, the increase in net tangible book value per ordinary share to existing shareholders would be $3.15 and the decrease in net tangible book value per ordinary share to new investors would be $9.98 per ordinary share, in each case assuming an initial public offering price of $13.00 per ordinary share.

46



The following table summarizes, as of December 31, 2018, the differences between the number of purchased ordinary shares, the total consideration paid in cash and the average price per ordinary share that existing shareholders paid, on the one hand, and new investors are paying in this offering, on the other hand. The calculation below is based on an assumed initial public offering price of $13.00 per ordinary share before deducting underwriting discounts and estimated offering expenses payable by us.
 
Shares Purchased
 
Total Consideration
 
Average Price Per Share
 
Number
 
Percent
 
Amount
 
Percent
 
 
(in thousands, except share and per share amounts)
Existing shareholders
24,700,579

 
76.2
%
 
$
28,531

 
22.2
%
 
$
1.16

New investors
7,700,000

 
23.8

 
100,000

 
77.8

 
13.00

Total
32,400,579

 
100.0
%
 
$
128,531

 
100.0
%
 
 
 
 
 
 
 
 
 
 
 
 
The foregoing tables and calculations exclude 6,884,608 ordinary shares reserved for issuance under our equity incentive plans, of which there were outstanding options to purchase 6,750,259 shares at a weighted average exercise price of $1.77 per share.
To the extent any of these outstanding options is exercised, there will be further dilution to new investors. To the extent all of such outstanding options had been exercised as of December 31, 2018, the as adjusted net tangible book value per share after this offering would be $2.54, and total dilution per share to new investors would be $10.46.
If the underwriters exercise their option to purchase additional shares in full:
the percentage of ordinary shares held by existing shareholders will decrease to approximately 73.6% of the total number of our ordinary shares outstanding after this offering; and
the number of shares held by new investors will increase to 8,855,000, or approximately 26.4% of the total number of our ordinary shares outstanding after this offering.

47



SELECTED CONSOLIDATED FINANCIAL DATA
The following tables set forth our selected consolidated financial data. You should read the following selected consolidated financial data in conjunction with “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and our consolidated financial statements and related notes included elsewhere in this prospectus. Historical results are not necessarily indicative of the results that may be expected in the future. Our financial statements have been prepared in accordance with U.S. GAAP.
The selected consolidated statements of operations data for each of the years in the two-year period ended December 31, 2018 and the consolidated balance sheet data as of December 31, 2018 are derived from our audited consolidated financial statements appearing elsewhere in this prospectus.
 
Year ended December 31,
 
2017
 
2018
 
(in thousands, except share and per share amounts)
Consolidated Statements of Operations:
 
 
 
Revenues:
 
 
 
Product
$
30,855

 
$
42,554

Maintenance and professional services
33,685

 
42,427

Total revenues
64,540

 
84,981

Cost of revenues:


 
 
Product
1,702

 
2,324

Maintenance and professional services
7,778

 
11,112

Total cost of revenues(1)
9,480

 
13,436

Gross profit
55,060

 
71,545

Operating expenses:


 
 
Research and development(1)
17,672

 
21,363

Sales and marketing(1)
35,042

 
46,092

General and administrative(1)
4,608

 
6,022

Total operating expenses
57,322

 
73,477

Operating loss
$
(2,262
)
 
$
(1,932
)
Financial income (loss), net
267

 
(1,047
)
Loss before taxes on income
$
(1,995
)
 
$
(2,979
)
Taxes on income
(797
)
 
(1,283
)
Net loss
$
(2,792
)
 
$
(4,262
)
Basic and diluted net loss per ordinary share(2)
$
(0.35
)
 
$
(0.53
)
Weighted average number of ordinary shares used in computing basic and diluted net loss per ordinary share(2)
7,872,545

 
8,045,647

Basic pro forma net loss per ordinary share (unaudited)(3)

 
(0.17
)
Weighted average number of shares used in computing pro forma basic and diluted net loss per ordinary share (unaudited)(3)

 
24,462,397

 
 
 
 

48



 
Year ended December 31,
 
2017
 
2018
 
(in thousands)
Consolidated Balance Sheet Data:
 
 
 
Cash and cash equivalents
$
14,700

 
$
15,248

Working capital, excluding deferred revenue(4)
15,247

 
17,781

Deferred revenue, current and non-current
23,957

 
31,464

Total assets
35,126

 
47,133

Redeemable convertible preferred shares
26,699

 
26,699

Total shareholders’ equity (deficit)
(29,028
)
 
(29,946
)
 
 
 
 
 
Year ended December 31,
 
2017
 
2018
 
(in thousands)
Supplemental Financial Data:
 
 
 
Non-GAAP operating profit (loss)(5)
$
(152
)
 
$
1,249

 
 
 
 
(1)
Includes share-based compensation expense as follows:
 
Year ended December 31,
 
2017
 
2018
 
(in thousands)
Share-based Compensation Expense:

 
 
Cost of revenues
$
332

 
$
634

Research and development
660

 
731

Sales and marketing
765

 
1,458

General and administrative
353

 
358

Total share-based compensation expenses
$
2,110

 
$
3,181

 
 
 
 
(2)
Basic and diluted net loss per ordinary share is computed based on the weighted average number of ordinary shares outstanding during each period. For additional information, see Note 2 to our consolidated financial statements included elsewhere in this prospectus.
(3)
Pro forma basic and diluted net loss per ordinary share and pro forma weighted average shares outstanding assumes the conversion of all of our outstanding preferred shares into ordinary shares, which will occur immediately prior to the closing of this offering, but does not give effect to the issuance of shares in connection with this offering. For additional information on the conversion of the preferred shares, see Note 11 to our consolidated financial statements included elsewhere in this prospectus.
(4)
We define working capital as total current assets minus total current liabilities.

49



(5)
Non-GAAP operating profit (loss) is a non-GAAP financial measure. We define non-GAAP operating profit (loss) as operating profit excluding share-based compensation expense. Because of varying available valuation methodologies, subjective assumptions and the variety of equity instruments that can impact a company’s non-cash expense, we believe that providing non-GAAP financial measures that exclude non-cash share-based compensation expense allows for more meaningful comparisons between our operating results from period to period. This non-GAAP financial measure is an important tool for financial and operational decision-making and for evaluating our operating results over different periods. The following table reconciles operating loss, the most directly comparable U.S. GAAP measure, to non-GAAP operating profit (loss) for the periods presented:
 
Year ended December 31,
 
2017
 
2018
 
(in thousands)
Reconciliation of Operating Loss to Non-GAAP Operating Profit (Loss):
 
 
 
Operating loss
$
(2,262
)
 
$
(1,932
)
Add: share-based compensation
2,110

 
3.181

Non-GAAP operating profit (loss)
$
(152
)
 
$
1,249

 
 
 
 
For a description of how we use non-GAAP operating profit (loss) to evaluate our business, see “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Key Factors Affecting Our Performance.”
Other companies, including companies in our industry, may calculate non-GAAP operating profit (loss) differently or not at all, which reduces the usefulness of non-GAAP operating profit (loss) as a comparative measure. You should consider non-GAAP operating profit (loss) along with other financial performance measures, including operating profit, and our financial results presented in accordance with U.S. GAAP.

50



MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS
The following discussion should be read in conjunction with our consolidated financial statements and the related notes included elsewhere in this prospectus. This discussion contains forward-looking statements that are subject to known and unknown risks and uncertainties. Actual results and the timing of events may differ significantly from those expressed or implied in such forward-looking statements due to a number of factors, including those set forth in the section entitled “Risk Factors” and elsewhere in this prospectus. You should read the following discussion in conjunction with “Special Note Regarding Forward-Looking Statements” and “Risk Factors.”
Overview
We are pioneering a policy-centric approach to security and IT operations. We transform enterprises’ security operations by helping them visualize, define and enforce a unified security policy across complex, heterogeneous IT and cloud environments. Our products govern how individuals, systems and applications are permitted to communicate and provide policy-based security automation, enabling customers to reduce the time to implement complex network changes from days to minutes. Our solutions increase business agility, eliminate errors from manual processes and ensure continuous compliance through a single console. Since our inception, our solutions have been purchased by over 2,000 customers in over 70 countries, including approximately 15% of the Global 2000.
We generate revenues from sales of our products and associated maintenance and professional services. We primarily sell our software through perpetual license agreements and, to a lesser extent, term-based license agreements. Our products offer the same functionality whether our customers receive them through a perpetual or term-based license. Our agreements with customers for software licenses include maintenance contracts and may also include professional services contracts. Maintenance revenues consist of fees for providing software updates and technical support for our products for a specified term, which is typically one or three years. We offer a portfolio of professional services and extended support contract options to assist our customers with integration, customization, optimization, training and ongoing advanced technical support.
Our goal is to provide significant benefits to customers seeking to enforce enterprise-wide security policies and automate network change process, which we believe will enable us to maximize the lifetime value of our customers. We believe our existing customers serve as a strong source of incremental revenues given our multiple product offerings and the growing complexity of IT and cloud environments and networks. Our products provide customers the flexibility to initially deploy one or more of our products in all or parts of their IT and cloud environments, and further expand deployment as they purchase additional products or cover additional parts of their IT and cloud environments. We believe our “land and expand” sales strategy capitalizes on this potential. We make significant investments in acquiring new customers and expect to achieve a favorable return on investments by maintaining a high level of customer retention, which we define as our maintenance renewal rate. We calculate our maintenance renewal rate by taking the total prior period maintenance revenues from customers that have renewed in the trailing 12-month period and dividing that figure by our total prior period maintenance revenues for all customers with contracts that were up for renewal in the trailing 12-month period. For each of the years ended December 31, 2017 and 2018, our maintenance renewal rate was over 90%. Our new business from existing customers, including new licenses for our products and attached maintenance and professional services contracts, constitutes a significant part of our revenues, accounting for 65% and 60% of our total revenues from new business in the years ended December 31, 2017 and 2018, respectively.
We believe our diverse global footprint provides a significant growth opportunity. We aim to continue to expand our business globally, particularly in the Americas and EMEA. In 2018, the Americas accounted for 57% of our revenues and EMEA accounted for 38% of our revenues. We expect sales in the Americas

51



to continue to account for a majority of our revenues in the near- and medium- terms. Our customers include leading enterprises across a broad range of geographies in a diverse set of industries, including financial services, telecommunications, automotive, manufacturing, energy, healthcare and pharmaceuticals, technology, government, retail and business services. We believe our expansion within the Global 2000 is a key indicator of our market penetration and the value that our products provide to large customers.
We sell our products and services through our sales force, including our field sales team and our inside sales team, which works closely with our global network of approximately 140 active channel partners. Our highly trained sales force is responsible for overall market development. Our sales force consists of our field sales team, which accounts for most of our sales, and our inside sales team. Our field sales team targets large organizations, which we define as those comprising the Global 2000, while our inside sales team targets mid-market companies that do not belong to the Global 2000. Within our field sales team, our regional field sales representatives develop new business relationships with our key customers, and our channel account managers support and expand existing relationships with our channel partners. Our sales engineers provide technical expertise and support, and architect our solutions to address the business needs of our customers. Our sales cycle usually lasts several months from proof of concept to purchase order, and is often longer for larger transactions. As of December 31, 2018, we had sales personnel in 24 countries. We have expanded our sales force in each of the last two fiscal years, and we plan to continue to do so.
Our channel partners include distributors and resellers, as well as service delivery partners that help customers successfully deploy, configure, customize and maintain our products and services. We sell substantially all of our products and services through our global network of channel partners, who then sell to end-user customers. When analyzing our business, we refer to end-user customers as our customers throughout this prospectus even if our direct commercial relationship is with a channel partner. We consider our channel partners active if they have sold our products or services in the trailing 12-month period.
We integrate with our platform partners, such as Check Point, Cisco, Fortinet, Palo Alto Networks, F5 Networks, Forcepoint, Juniper Networks, VMware, AWS and Microsoft Azure, to provide vendor agnostic solutions, which is key to our value proposition. In addition, we believe our technology alliance partner program, which is an ecosystem of technology partners who build certified integrations to our platform, helps to expand our common use cases.
We have been growing our business consistently over the last several years. Our revenue growth is attributable to sales to new enterprise customers and incremental sales to existing customers. For the years ended December 31, 2017 and 2018, our revenues were $64.5 million and $85.0 million, respectively, representing year-over-year growth of 31.7%.
Key Factors Affecting Our Performance
We believe the growth of our business and our future success depends on a number of factors, including the following:
Number of Customers. We believe the size of our customer base is an indicator of our market penetration and our net customer additions are an indicator of the growth of our business and future revenue opportunity. We believe we have a significant opportunity to expand our footprint through new installations and displacement of our competitors’ solutions. To do so, we plan to continue to grow our sales team, leverage our channel partner relationships and enhance our marketing efforts. We believe organizations choose us for our customer-first approach, continuing innovation and seamless integration with third-party technologies.
We define a customer as a distinct entity, division or business unit of a company that has purchased our products or services and is eligible to receive maintenance and support. Since our inception, over 2,000 customers in over 70 countries have purchased our solutions, including approximately 15% of

52



the Global 2000. As of December 31, 2017 and 2018, we had 1,489 and 1,566 customers, respectively.
Sales to Existing Customers. We believe our existing customers provide a significant source of revenue growth. We derive an increasing portion of our revenues from existing customers. For example, during the year ended December 31, 2018, we generated approximately 60% of our revenues, excluding maintenance renewals, from sales to existing customers. We exclude maintenance renewals from this and other calculations (in each case, as indicated) in order to illustrate the impact of new sales to existing customers, isolated from the incremental maintenance revenues we receive when our existing customers renew their maintenance contracts.
The chart below shows the initial and incremental sales of perpetual and term licenses, excluding maintenance renewals, by cohort. Each colored segment represents a new customer cohort in their initial year of purchase. The pattern of a large spend in the initial year followed by consistent and incremental buying in subsequent years reflects our ability to expand the deployment of our solutions as our existing customers purchase additional products or cover additional parts of their networks.
keyfactorsaffectinge1.jpg
Maintenance Renewal Rates. We believe our maintenance renewal rates are an important metric to measure our ability to provide significant value to our existing customers. We generate incremental maintenance revenues when our customers renew their maintenance contracts. We measure the maintenance renewal rate of our customers over a trailing 12-month period, based on a dollar renewal rate of contracts expiring during that time period. For each of the years ended December 31, 2017 and 2018, our maintenance renewal rate was over 90%. Our key strategies to maintain our renewal rate include continuing to provide more valuable features and network device coverage in our product updates, focusing on the quality and reliability of our customer service and support and ensuring our customers receive value from our products.
Sales to Large Organizations. In the year ended December 31, 2018, large organizations, which we define as those comprising the Global 2000, accounted for 68% of our revenues, compared to 67% of our revenues in 2017, in each case excluding maintenance renewals. Sales to large organizations involve a distinct set of opportunities and challenges. Large organizations sales are characterized by longer sales cycles and additional time and resources spent on a potential customer.
For the years ended December 31, 2017 and 2018, the average spend for all customers, excluding maintenance renewals, was $94,000 and $119,000, respectively. During those years, the average spend for Global 2000 customers, excluding maintenance renewals, was $151,000 and $201,000,

53



respectively; and the average spend for non-Global 2000 customers, excluding maintenance renewals, was $48,000 and $66,000, respectively. We define average spend as total sales, excluding maintenance renewals, for the relevant customer group (i.e., all customers, Global 2000 customers or non-Global 2000 customers) divided by the number of customers belonging to such customer group.
Seasonality. We generally expect an increase in business activity in the fourth quarter, driven by our customers’ buying patterns. We believe that these seasonal trends will continue to affect our quarterly results. The loss or delay of one or more large transactions in a quarter could impact our anticipated results of operations for that quarter and future quarters for which revenue from that transaction is delayed.
Components of Statements of Operations
Revenues
We derive our revenues from the following:
Product Revenues. We generate product revenues from sales of our software licenses and third-party hardware to new customers and sales of additional licenses and third-party hardware to existing customers. We generate the vast majority of our revenues through sales of software with less than 5% of our revenues generated through sales of third-party hardware in 2017. We primarily sell our software through perpetual license agreements and, to a lesser extent, term-based license agreements. Beginning on January 1, 2017, we adopted ASC 606. As a result, we recognize revenues from software sold through term-based license agreements upfront, upon delivery. As a percentage of total revenues, we expect our product revenues to vary from quarter to quarter based on seasonal and cyclical factors. We are focused on acquiring new customers as well as increasing product revenues from our existing customers.
Maintenance and Professional Services Revenues. We generate maintenance and professional services revenues by selling maintenance contracts and, to a lesser extent, by providing professional services to our customers. Maintenance includes software updates and technical support. Our contracts with customers for software licenses include maintenance for a specified term. We recognize revenues associated with maintenance on a straight-line basis over the specified maintenance period. Professional services consist of deployment services for our products, and customization of our solutions and their integration in the customer’s environment. We typically bill for professional services and training services on a fixed fee basis and recognize revenues as we perform the services. As a percentage of total revenues, we expect our maintenance and professional services revenues to vary from quarter to quarter based on fluctuations in license sales, maintenance renewal rates, professional services attach rates and cyclical factors. The increase in maintenance is attributable to the growth in our software license sales to new and existing customers.
See Note 2 to our consolidated financial statements “Significant Accounting Policies—Revenue recognition” for more information.

54



Geographic Breakdown of Revenues
The following table sets forth the geographic breakdown of our revenues by region for the periods indicated:
 
Year ended December 31,
 
2017
 
2018
 
Amount
 
%
 
Amount
 
%
 
(in thousands)
Americas
$
35,020

 
54.3
%
 
$
48,267

 
56.8
%
EMEA
26,099

 
40.4

 
32,595

 
38.4

Rest of World
3,421

 
5.3

 
4,119

 
4.8

Total
$
64,540

 
100.0
%
 
$
84,981

 
100.0
%
 
 
 
 
 
 
 
 
The Americas accounted for the majority of our revenues in each of the years ended December 31, 2017 and 2018, nearly all of which were generated in the United States. EMEA also accounted for a significant portion of our revenues in each of the years ended December 31, 2017 and 2018, with revenues generated in Germany representing 27% and 25%, respectively, of EMEA revenues.
Cost of Revenues and Gross Profit
Our total cost of revenues is comprised of the following:
Cost of Product Revenues. Cost of product revenues consist primarily of personnel costs (including share-based compensation) associated with the processing and delivery of our software licenses to customers and, to a lesser extent, the purchase and delivery of third-party hardware as well as other overhead costs. There is no direct cost of revenues associated with our software products because we deliver our software products electronically. Electronic delivery occurs when we provide the customer with access to the software and license key via a secure portal. We expect our cost of product revenues to increase in absolute dollar amounts as we increase the number of personnel involved in the delivery of our products and as we increase sales of third-party hardware.
Cost of Maintenance and Professional Services Revenues. Cost of maintenance and professional services revenues consist primarily of personnel costs for those responsible for providing maintenance and support and professional services to our global customer base. Such personnel costs consist of salaries, benefits, bonuses and share-based compensation. We expect our cost of maintenance and professional services revenues to continue to increase in absolute dollars as we hire additional professional services and technical support personnel to support our business.
Gross profit is total revenues less total cost of revenues. Gross margin is gross profit expressed as a percentage of total revenues. Our gross margin fluctuates from quarter-to-quarter based on the mix of product revenues and maintenance and professional services revenues. We expect our gross margins to continue to fluctuate.
Operating Expenses
Our operating expenses consist of research and development expenses, sales and marketing expenses and general and administrative expenses. For each category, personnel costs are the most significant component of our operating expenses. Personnel costs consist of salaries and employee benefits (including vacation expenses, bonuses and share-based compensation). Sales commissions account for a significant portion of our sales and marketing compensation costs. We expect personnel and all allocated overhead costs to continue to increase in absolute dollars as we hire new employees and add facilities to accommodate our growing personnel and business.

55



Research and Development. Research and development expenses consist primarily of personnel costs attributable to our research and development personnel, subcontractors and consultants, as well as allocated overhead costs. We expense research and development expenses as incurred. We expect that our research and development expenses will continue to increase in absolute dollars as we increase our research and development headcount to further strengthen our technology platform and invest in the development of existing and new products.
Sales and Marketing. Sales and marketing expenses are the largest component of our operating expenses and consist primarily of personnel costs, including variable compensation, as well as travel expenses, marketing and business development costs (including marketing campaigns, tradeshows and recruitment) and allocated overhead costs. We expect sales and marketing expenses will continue to increase in absolute dollars and account for the majority of our operating costs as we expand our international sales and marketing efforts.
General and Administrative. General and administrative expenses consist primarily of personnel costs for our executive, finance, IT, human resources, legal and administrative personnel. General and administrative expenses also include external legal, accounting and other professional service fees. We expect that general and administrative expenses will increase in absolute dollars and as a percentage of revenues in the near term as we grow and expand our operations and prepare to operate as a public company, including higher legal, corporate insurance, investor relations and accounting expenses, and the additional costs of achieving and maintaining compliance with the Sarbanes-Oxley Act and related regulations.
Financial Income (Loss), Net
Financial income (loss), net, consists primarily of bank charges, interest paid on our long-term loan, interest earned on our cash, cash equivalents and restricted bank deposits, and foreign currency exchange fluctuations. Foreign currency exchange fluctuations reflect gains or losses related to transactions denominated in currencies other than the U.S. dollar, particularly the NIS. As a result of our global presence, we expect to continue to incur expenses in currencies other than the U.S. dollar. As such, we expect our exposure to fluctuations in foreign currencies to continue.
Taxes on Income
The standard corporate tax rate in Israel for 2018 and thereafter is 23%, and was 24% for 2017. We have net operating loss carry forwards. As of December 31, 2018, our net operating loss carry forwards for Israeli tax purposes amounted to approximately $20.5 million. Under Israeli law, net operating losses can be carried forward indefinitely and offset against certain future taxable income. We expect that if or when we become profitable, we will generate the substantial majority of our taxable income in Israel.
In addition, we are entitled to tax benefits under the Investment Law in Israel in respect of our status as a Benefited Enterprise. Under the Investment Law, our effective tax rate to be paid with respect to our Israeli taxable income as a Benefited Enterprise may be lower than the standard corporate tax rate. The tax benefit period for the Benefited Enterprise program under the Investment Law is expected to end in 2022. The availability of these tax benefits is subject to certain requirements, including making specified investments in property and equipment, and financing a percentage of investments with share capital. If we do not meet these requirements in the future, the tax benefits may be canceled and we could be required to refund any tax benefits that we have already received. See “Taxation and Israeli Government Programs Applicable to our Company—Tax Benefits for a Benefited Enterprise.”
Our U.S. and European subsidiaries currently generate taxable income in the United States and Europe. To the extent that we generate taxable income in Israel, our effective tax rate will be a weighted average rate based on the applicable U.S., European and Israeli rates.

56



Results of Operations
The following tables summarize our results of operations in dollars and as a percentage of our total revenues for the periods indicated. The period-to-period comparison of results is not necessarily indicative of results for future periods.
 
Year ended December 31,
 
2017
 
2018
 
Amount
 
%
 
Amount
 
%
 
(Dollars in thousands)
Revenues:

 
 
 
 
 
 
Product
$
30,855

 
47.8
 %
 
$
42,554

 
50.1
 %
Maintenance and professional services
33,685

 
52.2

 
42,427

 
49.9

Total revenues
64,540

 
100.0

 
84,981

 
100.0

Cost of revenues:


 
 
 
 
 
 
Product
1,702

 
2.6

 
2,324

 
2.7

Maintenance and professional services
7,778

 
12.1

 
11,112

 
13.1

Total cost of revenues(1)
9,480

 
14.7

 
13,436

 
15.8

Gross profit
55,060

 
85.3

 
71,545

 
84.2

Operating expenses:


 
 
 
 
 
 
Research and development(1)
17,672

 
27.4

 
21,363

 
25.1

Sales and marketing(1)
35,042

 
54.3

 
46,092

 
54.2

General and administrative(1)
4,608

 
7.1

 
6,022

 
7.1

Total operating expenses
57,322

 
88.8

 
73,477

 
86.5

Operating loss
$
(2,262
)
 
(3.5
)
 
$
(1,932
)
 
(2.3
)
Financial income (loss), net
267

 
0.4

 
(1,047
)
 
(1.2
)
Loss before taxes on income
$
(1,995
)
 
(3.1
)
 
$
(2,979
)
 
(3.5
)
Taxes on income
(797
)
 
(1.2
)
 
(1,283
)
 
(1.5
)
Net loss
$
(2,792
)
 
(4.3
)%
 
$
(4,262
)
 
(5.0
)%
 
 
 
 
 
 
 
 
(1)
Includes share-based compensation expense as follows:
 
Year ended December 31,
 
2017
 
2018
 
(in thousands)
Share-based Compensation Expense:

 
 
Cost of revenues
$
332

 
$
634

Research and development
660

 
731

Sales and marketing
765

 
1,458

General and administrative
353

 
358

Total share-based compensation expenses
$
2,110

 
$
3,181

 
 
 
 

57



Comparison of the Years Ended December 31, 2017 and 2018
Revenues
 
Year ended December 31,
 
 
 
 
 
2017
 
2018
 
Change
 
Amount
 
Amount
 
Amount
 
%
 
(Dollars in thousands)
 
 
Revenues:
 
 
 
 
 
 
 
Product
$
30,855

 
$
42,554

 
$
11,699

 
37.9
%
Maintenance and support
27,966

 
37,155

 
9,189

 
32.9

Professional services
5,719

 
5,272

 
(447
)
 
(7.8
)
Total revenues
$
64,540

 
$
84,981

 
$
20,441

 
31.7
%
 
 
 
 
 
 
 
 
Revenues increased by $20.4 million, or 31.7%, from $64.5 million in 2017 to $85.0 million in 2018. This growth was achieved primarily due to increased sales of our products and services from new customers, which accounted for $9.5 million of this increase, and existing customers, which accounted for $10.9 million of this increase, across all regions and was most pronounced in the Americas.
Product revenues increased by $11.7 million, or 37.9%, from $30.9 million in 2017 to $42.6 million in 2018. This increase was driven by increased sales volumes primarily to new customers, which accounted for $7.8 million of this increase, buying our network policy security management and automation solutions, as well as upsell and expansion sales to existing customers, which accounted for $3.9 million of this increase. The substantial majority of our product revenues was attributable to sales of perpetual licenses.
Maintenance and support revenues grew by $9.2 million, or 32.9%, from $28.0 million in 2017 to $37.2 million in 2018 due to an increase in the sale of maintenance and support services to new customers, which accounted for $2.1 million of this increase, and existing customers, which accounted for $7.1 million of this increase.
Professional services revenues decreased by $0.4 million, or 7.8%, from $5.7 million in 2017 to $5.3 million in 2018. This decrease was attributable to performance progress of services.
Cost of Revenues
 
Year ended December 31,
 
 
 
 
 
2017
 
2018
 
Change
 
Amount
 
Amount
 
Amount
 
%
 
(Dollars in thousands)
 
 
Cost of revenues:
 
 
 
 
 
 
 
Product
$
1,702

 
2,324

 
$
622

 
36.5
%
Maintenance and professional services
7,778

 
11,112

 
3,334

 
42.8

Total cost of revenues
$
9,480

 
13,436

 
$
3,956

 
41.7
%
 
 
 
 
 
 
 
 
Cost of revenues increased by $4.0 million, or 41.7%, from $9.5 million in 2017 to $13.4 million in 2018. This increase was primarily driven by the increase in compensation costs and related overhead associated with the increase in services, support and fulfillment employees. As of December 31, 2017 and 2018, the number of our services, support and fulfillment employees was 59 and 75, respectively.

58



Cost of product revenues increased by $0.6 million, or 36.5%, from $1.7 million in 2017 to $2.3 million in 2018. The increased cost of product revenues was primarily attributable to the increased purchases of hardware.
Cost of maintenance and professional services revenues increased by $3.3 million, or 42.8%, from $7.8 million in 2017 to $11.1 million in 2018. The increase in cost of maintenance and professional services revenues was driven primarily by an increase in personnel costs and related overhead expenses as we grew our technical support and professional services headcount to support our increased sales.
Gross Profit
 
Year ended December 31,
 
 
 
2017
 
2018
 
Gross Profit Change
 
Gross Profit
 
Gross Margin
 
Gross Profit
 
Gross Margin
 
Amount
 
%
Gross profit
$
55,060

 
85.3
%
 
$
71,545

 
84.2
%
 
$
16,485

 
29.9%
 
 
 
 
 
 
 
 
 
 
 
 
Gross profit increased by $16.5 million, or 29.9%, from $55.1 million in 2017 to $71.5 million in 2018. Gross margins decreased from 85.3% to 84.2% during the same period. This decrease was driven by our costs of revenues increasing by a larger percentage than our revenues.
Operating Expenses
 
Year ended December 31,
 
 
 
2017
 
2018
 
Change
 
Amount
 
Amount
 
Amount
 
%
 
(Dollars in thousands)
 
 
Operating expenses:
 
 
 
 
 
 
 
Research and development
$
17,672

 
$
21,363

 
$
3,691

 
20.9
%
Sales and marketing
35,042

 
46,092

 
11,050

 
31.5

General and administrative
4,608

 
6,022

 
1,414

 
30.7

Total operating expenses
$
57,322

 
$
73,477

 
$
16,155

 
28.2
%
 
 
 
 
 
 
 
 
Operating expenses increased by $16.1 million, or 28.2%, from $57.3 million in 2017 to $73.5 million in 2018. This increase was driven primarily by increases in sales and marketing expenses.
Research and Development. Research and development expenses increased by $3.7 million, or 20.8%, from $17.7 million in 2017 to $21.4 million in 2018. This increase was primarily attributable to an increase of $2.7 million in compensation expenses as we grew our research and development team from 114 at the end of 2017 to 152 at the end of 2018 in order to enhance and further develop our existing and new products. The increase was also partially attributable to an increase of $0.7 million in allocated overhead costs.
Sales and Marketing. Sales and marketing expenses increased by $11.1 million, or 31.5%, from $35.0 million in 2017 to $46.1 million in 2018. This increase was attributable to a $7.3 million increase in compensation expenses as we grew our sales and marketing organization from 128 at the end of 2017 to 166 at the end of 2018, a $1.5 million increased investment in marketing programs compared to 2017. The remainder of the increase is attributable to allocated overhead costs.
General and Administrative. General and administrative expenses increased by $1.4 million, or 30.6%, from $4.6 million in 2017 to $6.0 million in 2018. This increase was primarily attributable to an increase of

59



$0.6 million in compensation costs due to increase in headcount coupled with a $0.6 million increase in accounting and legal expenses including those that are associated with this offering.
Financial Income (Loss), Net
 
Year ended December 31,
 
 
 
2017
 
2018
 
Change
 
Amount
 
Amount
 
Amount
 
%
 
(Dollars in thousands)
 
 
Financial income (loss), net
$
267

 
$
(1,047
)
 
$
(1,314
)
 
(492.1)%
 
 
 
 
 
 
 
 
Financial income (loss), net decreased from financial income of $0.3 million in 2017 to a financial loss, net of $1.0 million in 2018. The decrease was primarily due to a loss of $0.7 million due to exchange rate fluctuations in the foreign currencies against the U.S. dollar and a $0.3 million hedging instrument loss.
Taxes on Income
 
Year ended December 31,
 
 
 
2017
 
2018
 
Change
 
Amount
 
Amount
 
Amount
 
%
 
(Dollars in thousands)
 
 
Taxes on income
$
(797
)
 
$
(1,283
)
 
$
(486
)
 
(61.0)%
 
 
 
 
 
 
 
 
Taxes on income increased from a tax expense of $0.8 million in 2017 to a tax expense of $1.3 million in 2018. We have established a full valuation allowance against potential future benefits for deferred tax assets including loss carryforwards generated in Israel. In the United States, we have recorded a deferred tax asset of $0.5 million and $0.7 million as of December 31, 2017 and 2018, respectively.

60



Quarterly Results of Operations and Seasonality
The following tables present our unaudited condensed consolidated quarterly results of operations in dollars and as a percentage of revenues for the periods indicated. In the opinion of management, the financial information reflects all adjustments, consisting only of normal recurring adjustments, which we consider necessary for a fair presentation of this data. This information should be read in conjunction with our audited consolidated financial statements and related notes included elsewhere in this prospectus. The historical quarterly results presented are not necessarily indicative of the results that may be expected for any future quarters or periods.
 
Three months ended
 
Mar 31, 2017
 
June 30, 2017
 
Sept 30, 2017
 
Dec 31, 2017
 
Mar 31, 2018
 
June 30, 2018
 
Sept 30, 2018
 
Dec 31, 2018
 
(in thousands)
Revenues:
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Product
$
5,250

 
$
5,799

 
$
5,970

 
$
13,836

 
$
8,422

 
$
8,308

 
$
8,723

 
$
17,101

Maintenance and professional services
7,069

 
7,021

 
9,150

 
10,445

 
9,478

 
10,214

 
10,615

 
12,120

Total revenues
12,319

 
12,820

 
15,120

 
24,281

 
17,900

 
18,522

 
19,338

 
29,221

Cost of revenues:
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Product
554

 
389

 
326

 
433

 
657

 
344

 
462

 
861

Maintenance and professional services
1,452

 
1,854

 
1,991

 
2,481

 
2,575

 
2,526

 
2,829

 
3,182

Total cost of revenues(1)
2,006

 
2,243

 
2,317

 
2,914

 
3,232

 
2,870

 
3,291

 
4,043

Gross profit
10,313

 
10,577

 
12,803

 
21,367

 
14,668

 
15,652

 
16,047

 
25,178

Operating expenses:
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Research and development(1)
3,991

 
4,636

 
4,157

 
4,888

 
4,670

 
5,004

 
5,284

 
6,405

Sales and marketing(1)
7,091

 
8,297

 
8,376

 
11,278

 
9,147

 
11,896

 
12,035

 
13,014

General and administrative(1)
852

 
1,314

 
1,071

 
1,371

 
1,097

 
1,201

 
1,432

 
2,292

Total operating expenses
11,934

 
14,247

 
13,604

 
17,537

 
14,914

 
18,101

 
18,751

 
21,711

Operating profit (loss)
(1,621
)
 
(3,670
)
 
(801
)
 
3,830

 
(246
)
 
(2,449
)
 
(2,704
)
 
3,467

Financial income, net
188

 
(147
)
 
119

 
107

 
(112
)
 
(244
)
 
(231
)
 
(460
)
Profit (loss) before taxes on income
(1,433
)
 
(3,817
)
 
(682
)
 
3,937

 
(358
)
 
(2,693
)
 
(2,935
)
 
3,007

Taxes on income
(148
)
 
(181
)
 
(118
)
 
(350
)
 
(368
)
 
(366
)
 
(343
)
 
(206
)
Net income (loss)
$
(1,581
)
 
$
(3,998
)
 
$
(800
)
 
$
3,587

 
$
(726
)
 
$
(3,059
)
 
$
(3,278
)
 
$
2,801

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
(1)
Includes share-based compensation expense as follows:

61



 
Three months ended
 
Mar 31, 2017
 
June 30, 2017
 
Sept 30, 2017
 
Dec 31, 2017
 
Mar 31, 2018
 
June 30, 2018
 
Sept 30, 2018
 
Dec 31, 2018
 
(in thousands)
Cost of revenues
18

 
45

 
121

 
148

 
111

 
194

 
144

 
185

Research and development
50

 
361

 
108

 
141

 
91

 
225

 
193

 
222

Sales and marketing
104

 
235

 
184

 
242

 
167

 
350

 
456

 
485

General administrative
16

 
251

 
40

 
46

 
53

 
50

 
113

 
142

Total share-based compensation expenses
188

 
892

 
453

 
577

 
422

 
819

 
906

 
1,034

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Three months ended
 
Mar 31, 2017
 
June 30, 2017
 
Sept 30, 2017
 
Dec 31, 2017
 
Mar 31, 2018
 
June 30, 2018
 
Sept 30, 2018
 
Dec 31, 2018
 
(as a percentage of total revenue)
Revenues:
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Product
42.6
 %
 
45.2
 %
 
39.5
 %
 
57.0
 %
 
47.1
 %
 
44.9
 %
 
45.1
 %
 
58.5
 %
Maintenance and professional services
57.4

 
54.8

 
60.5

 
43.0

 
52.9

 
55.1

 
54.9

 
41.5

Total revenues
100.0

 
100.0

 
100.0

 
100.0

 
100.0

 
100.0

 
100.0

 
100.0

Cost of revenues:
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Product
4.5

 
3.0

 
2.2

 
1.8

 
3.7

 
1.9

 
2.4

 
2.9

Maintenance and professional services
11.8

 
14.5

 
13.2

 
10.2

 
14.4

 
13.6

 
14.6

 
10.9

Total cost of revenues
16.3

 
17.5

 
15.4

 
12.0

 
18.1

 
15.5

 
17.0

 
13.8

Gross profit