[PPT] - Transforming Security Policy Management April 11, 2019 1 PowerPoint Presentation

SLIDE 1

1

Transforming Security Policy Management

April 11, 2019

SLIDE 2

2

Disclaimer

This presentation contains forward-looking statements. All statements other than statements of historical fact contained in this presentation are forward-looking statements. In some cases, you can identify forward-looking statements by terminology such as “may,” “will,” “should,” “expects,” “plans,” “anticipates,” “believes,” “estimates,” “predicts,” “potential” or “continue” or the negative of these terms or other comparable terminology. These statements are only current predictions and are subject to known and unknown risks, uncertainties and other factors that may cause our or our industry’s actual results, levels of activity, performance or achievements to be materially different from those anticipated by the forward-looking statements. Although we believe that the expectations reflected in the forward-looking statements are reasonable, we cannot guarantee future results, levels of activity, performance or achievements. For a description of the risks we face, see the “Risk Factors” section of the prospectus we have filed with the Securities and Exchange Commission, which is available by visiting the SEC’s website at www.sec.gov. Except as required by law, we are under no duty to update or revise any of the forward-looking statements, whether as a result of new information, future events or otherwise, after the date of this presentation. In addition to U.S. GAAP financials, this presentation includes certain non-GAAP financial measures. These non-GAAP financial measures are in addition to, and not a substitute for or superior to, measures of financial performance prepared in accordance with U.S. GAAP. These non-GAAP measures are in addition to, and not a substitute or superior to, measures of financial performance prepared in accordance with GAAP. A reconciliation of non-GAAP measures to the most directly comparable GAAP measures is contained in the appendix to this presentation. This presentation contains statistical data that we obtained from industry publications and reports generated by third parties. Although we believe that the publications and reports are reliable, we have not independently verified this statistical data. The trademarks included herein are the property of the owners thereof and are used for reference purposes only. Such use should not be construed as an endorsement of our products or services.

SLIDE 3

3

We are the Security Policy Company

Who can talk to whom? What can talk to what?

2,000+

Global Customers2

424

Employees1

$85M

Total Revenue1

30%+

Revenue Growth1

90%+

Maintenance Renewal Rates1

1 12 months ended December 31, 2018 2 Since inception

80%+

Gross Margin1

SLIDE 4

4

Investment Highlights

Pioneering a policy-centric and automation-based approach to managing Security and DevOps Diverse, blue-chip enterprise customer base with significant opportunity for further expansion Uniquely positioned to capitalize on a largely untapped $10bn+ security policy management market Founder-led management team focused on innovation and with a proven track record of executing

n growth opportunity

Strong revenue growth coupled with balanced financial discipline Best-in-class suite of solutions transform security posture, enable continuous compliance and enhance business agility Centralized, real-time visibility of connectivity and security vulnerability across native, virtual and cloud environments

SLIDE 5

5

Enterprises are rapidly adopting Cloud and IoT – resulting in complex, fragmented networks and a huge attack surface In response, enterprises continue to implement additional firewalls and other security measures but most lack effective, comprehensive and automated policy management

SLIDE 6

6

Manual approaches cannot address today’s challenges

Growing complexity

f software-defined

networks Evolving regulatory and compliance requirements Increasing frequency and sophistication of cyberattacks Accelerating pace

f application

development and deployment

SLIDE 7

7

Cybersecurity and network ops require a new approach

Introducing a centralized security management layer that analyzes, defines and implements enterprise-specific security policies

Policy-centric security Automation of network changes Data-driven Open and extensible framework

We have developed highly differentiated technology with four main pillars:

SLIDE 8

8

Tufin Value Proposition

Reduce complexity of managing hybrid and fragmented networks Implement security changes in minutes instead of days Ensure continuous compliance with security standards Enable agile software development through tailored DevOps functionality

Maximize Agility & Security with Security Policy Orchestration

SLIDE 9

9

Highly innovative, broad suite of solutions

SecureTrack™ SecureChange™ SecureApp™

(2004) (2009) (2012) (Apr 2018) (Nov 2018) Firewall & Security Policy Management Network Security Change Automation Application Connectivity Management Security Automation for Containers & Microservices Security Automation for Public Clouds FOUNDATIONAL AUTOMATION CLOUD-NATIVE

SLIDE 10

10

Built for hybrid enterprise environments

Enterprise IT

SecureApp™ SecureChange™ SecureTrack™

Cloud-Native IT Service Management Other 3rd Party Solutions Scripting & Automation Firewalls Public Cloud Private Cloud Networks

Unified Security Policy REST APIs IT Operations

Enterprise Applications

DevOps

Code Repositories CI/CD Tools Containers

Collectors and Provisioning Engines Analysis Engines

SLIDE 11

11

Tufin addresses a massive, high-growth emerging market

$2.9B

2

$1.2B

3

$6.2B

1

ANNUAL OPPORTUNITY =$10.3B4

1. Bottoms-up analysis is calculated using total number of firewalls within various customer segments (High End, Large Enterprise, Mid Enterprise, and SMB), level of compliance and automation need within each

customer segment, and average compliance and automation spend per firewall.

2. Annual TAM represents an assumed 5% of orchestration spend based on annual public IaaS & PaaS markets.
3. Annual TAM represents management assumptions of security management spend based on Vmware NSX and Cisco ACI sales
4. 2019; management estimates and third party research.

Physical Network Public Cloud Security Orchestration Private Cloud SDN Orchestration

SLIDE 12

12

Go-to-market strategy

Annual and Multiyear Renewals Payable in Advance

Mid-Market Top 2000-6000 Enterprise Top 2000 Recurring Revenue

Inside Sales Centralized Territory Direct Regional Target Accounts

Channel CSIs Our products and services are sold through our field and inside sales teams and global network of approximately

150 active channel partners

SLIDE 13

13

Land and expand across the network stack

Platforms Customer Adoption Evolution

SecureTrack™ SecureChange™ SecureApp™

Firewalls Public Cloud Private Cloud Networks

Application Connectivity Change Automation Compliance

SLIDE 14

14

FINANCE COMMUNICATION MANUFACTURING ENERGY HEALTHCARE & PHARMA RETAIL

2,000+ Customers Worldwide1

1. Since inception.

SLIDE 15

15

Tufin Competitive Differentiation

Market leadership and proven track-record of success Clear ROI over manual, error-prone spreadsheets that cannot keep pace with today’s application delivery cycle First-to-market with automation and superior topology mapping vs. competition Vendor-agnostic, scalable enterprise-grade solutions Customer-first approach with premium support services

10+ years of innovation Mission critical in today’s Cybersecurity and DevOps environments

1000s

f Network Devices

(e.g., Firewalls, Routers)

Integration, Customization, Optimization, Training

Source: Company information.

SLIDE 16

16

Case Study

THE PROBLEM

Takes days to plan and implement

network security policy changes

Lack visibility into accuracy of changes in

network of more than 700 firewalls

THE RESULT THE SOLUTION

SecureChange™ SecureTrack™ Boosted agility, security and productivity

Changes are automated and

implemented in 1 hour

Improved overall security

posture through well-defined processes

Enabled team to free up

resources to address strategic projects SecureApp™

SLIDE 17

17

Land-and-expand

Upsell within install

base

Huge untapped market in Global 2000

White space in

large enterprises

Long tail – smaller enterprise accounts

Building Inside Sales

for high velocity sales model

New markets and verticals

Recently entered

Japan

New federal program
New MSSP offering

Cloud & DevOps

Address new use

cases in cloud and DevOps ecosystem

Substantial growth drivers

SLIDE 18

18

Experienced management team

Ruvi Kitov

CEO, Chairman & Co-Founder

Reuven Harrison

CTO & Co-Founder

Jack Wakileh

CFO

Pat Walsh

CMO

Kevin Maloney

SVP, Sales

Shaily Hamenahem

VP, Human Resources

Yoram Gronich

VP, R&D

Ofer Or

VP, Products

Pamela Cyr

SVP, Business Development

Raj Motwane

VP, Global Services & Support

SLIDE 19

Financial overview

SLIDE 20

20

Financial highlights

Rapid Revenue Growth

30%+ historical growth1

Attractive Customer Economics

Strong land and expand model; ~60% of revenue from existing

customers1

Increasing spend from large enterprises1
90%+ maintenance renewal rates1

Diverse Base with Significant Expansion Opportunity

Includes 15% of the Global 20002
$201k avg. spend from Global 2000 customers, excl. maintenance

renewals1

Geographically diverse revenue base

Strong Capital Management

Historically operating at or near breakeven
Only ~$28mm in capital raised since inception
Strategic investments to drive growth and support increasing scale

1 12 months ended December 31, 2018 2 Accounts since inception with over $50k LTV as of December 31, 2018, based on 2018 Global 2000

SLIDE 21

21

Our financial model

Composition of Total Revenue ($mm)

31 43 28 37 6 5 65 85

2017 2018

Product Maintenance and support Professional services

57% 38% 5%

Americas EMEA APAC

Total Revenue by Geography1

6% 44% 50% % of total

1 12 months ended December 31, 2018

32%

‘Stickiness’ of product lends to high renewal rate and revenue transparency
Diversified revenue streams across industries and geographies
Large, growing maintenance base

SLIDE 22

22

12 13 15 24 18 19 19 29

Rapid revenue growth ($mm)

44% 45% % 28%

Gross margin: 84% 80% 83% 86% 85% 83% 88% Q1’17 Q1’18 Q2’17 Q2’18 Q3’17 Q3’18 Q4’17

20%

Q4’18

SLIDE 23

23

Growth potential as enterprises adopt our approach

Greenfield:

Only 15% of the Global 2000 are currently customers1

Expansion:

Significant parts of current customers' networks are not yet covered by Tufin

Up-sell:

Approximately 50% of current customers have yet to adopt Automation

149 153

1698

GLOBAL 2000 ACCOUNT PENETRATION (# OF ACCOUNTS)1

Tufin Compliance-only customers Tufin Automation customers Global 2000 prospects

1 Accounts since inception with over $50k LTV as of December 31, 2018, based on 2018 Global 2000

SLIDE 24

24

Strong Gross Profit Margins

Gross profit margin (%)

89% 93% 95% 97% 92% 96% 95% 95% 79% 74% 78% 76% 73% 75% 73% 74% 84% 83% 85% 88% 82% 85% 83% 86% Q1'17 Q2'17 Q3'17 Q4'17 Q1'18 Q2'18 Q3'18 Q4'18 Product

Maint. & PS

Total

SLIDE 25

25

NEW CUSTOMERS EXISTING CUSTOMERS

* Not Including renewals

Growth driven by proven land and expand model

~60% of revenue from existing customers1

1 12 months ended December 31, 2018

2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018

Customer spend generated from annual end-customer cohorts ($000s) *

SLIDE 26

26

Strategic investments for growth1

R&D as % of Revenue (%) S&M as % of Revenue (%) G&A as % of Revenue (%)

26% 24% 2017 2018 53% 53% 2017 2018 7% 7% 2017 2018

Positioned to maintain

technology leadership

Accelerated investment

levels in sales force to address market opportunity and expand into new territories

Positioned to support

increasing scale

Non-GAAP operating income (loss) (%)

(0%) 1% 2017 2018

Improving margin profile
1. Non-GAAP, for the 12 months ended December.

Note: Please see Appendix for calculations of non-GAAP financial measures and GAAP reconciliations.

SLIDE 27

Appendix

SLIDE 28

28

GAAP to non-GAAP reconciliation

(1) Non-GAAP operating loss is a non-GAAP financial measure. We define non-GAAP operating loss as operating profit excluding share-based compensation expense. Because of varying available valuation methodologies, subjective assumptions and the variety of equity instruments that can impact a company’s non-cash expense, we believe that providing non-GAAP financial measures that exclude non-cash share-based compensation expense allows for more meaningful comparisons between our operating results from period to period. This non-GAAP financial measure is an important tool for financial and operational decision-making and for evaluating our operating results over different periods.

2017 2018 GAAP Share-based compensation Non- GAAP GAAP Share-based compensation Non- GAAP Gross Margin 85.3% 0.5% 85.8% 84.2% 0.7% 84.9% Research and development expenses (in thousands) $ 17,672 $ (660) $ 17,012 $ 21,363 $ (731) $ 20,632 Sales and marketing expenses (in thousands) $ 35,042 $ (765) $ 34,277 $ 46,092 $ (1,458) $ 44,634 General and administrative expenses (in thousands) $ 4,608 $ (353) $ 4,255 $ 6,022 $ (358) $ 5,664 Operating Margin (3.5)% 3.3% (0.2)% (2.3)% 3.7% 1.5%

Reconciliation of Operating Loss to Non-GAAP Operating Loss: Operating loss $ (2,262) $ (1,932) Add: share based compensation $ 2,110 $ 3,181 Non-GAAP operating loss(1) $ (152) $ 1,249 Year ended December 31, 2017

(in thousands)

2018

(in thousands)