424B4
Table of Contents

 

Prospectus

Filed pursuant to Rule 424(b)(4)
Registration No. 333-204516

4,900,000 Shares

 

 

LOGO

Ordinary Shares

 

 

We are offering 900,000 ordinary shares and the selling shareholders are offering an additional 4,000,000 ordinary shares. We will not receive any of the proceeds from the sale of the shares being offered by the selling shareholders.

Our ordinary shares are listed on the NASDAQ Global Select Market under the symbol “CYBR”. On June 10, 2015, the last reported sales price of our ordinary shares was $63.37 per share.

 

     Per Share      Total  

Public offering price

   $ 61.00       $ 298,900,000   

Underwriting discounts and commissions(1)

   $ 2.44       $ 11,956,000   

Proceeds to us (before expenses)

   $ 58.56       $ 52,704,000   

Proceeds to the selling shareholders (before expenses)

   $ 58.56       $ 234,240,000   

 

(1) See “Underwriting (Conflicts of Interest)” for a description of compensation payable to the underwriters.

The selling shareholders have granted the underwriters an option to purchase up to 735,000 additional ordinary shares from the selling shareholders, at the public offering price, less the underwriting discount, for 30 days after the date of this prospectus.

 

 

We are an “emerging growth company” as defined under the federal securities laws and, as such, may elect to comply with certain reduced public company reporting requirements.

 

 

Investing in our ordinary shares involves a high degree of risk. See “Risk Factors” beginning on page 12.

Neither the Securities and Exchange Commission nor any state securities commission has approved or disapproved of these securities or determined if this prospectus is truthful or complete. Any representation to the contrary is a criminal offense.

The underwriters expect to deliver the ordinary shares to purchasers on or about June 16, 2015.

 

 

 

Goldman, Sachs & Co.   Deutsche Bank Securities   Barclays   BofA Merrill Lynch   UBS Investment Bank
William Blair   Nomura   Oppenheimer & Co.

June 10, 2015


Table of Contents

TABLE OF CONTENTS

 

     Page  

Summary

     1   

Risk Factors

     12   

Special Note Regarding Forward-Looking Statements

     33   

Market and Industry Data

     34   

Use of Proceeds

     35   

Price Range of our Ordinary Shares

     36   

Dividend Policy

     37   

Capitalization

     38   

Dilution

     39   

Selected Consolidated Financial Data

     40   

Management’s Discussion and Analysis of Financial Condition and Results of Operations

     43   

Business

     66   

Management

     85   

Principal and Selling Shareholders

     111   

Certain Relationships and Related Party Transactions

     114   

Description of Share Capital

     116   

Shares Eligible for Future Sale

     121   

Taxation and Israeli Government Programs Applicable to Our Company

     123   

U.S. and Israeli Tax Consequences for Our Shareholders

     127   

Underwriting (Conflicts of Interest)

     134   

Legal Matters

     141   

Experts

     142   

Enforceability of Civil Liabilities

     143   

Where You Can Find Additional Information

     144   

Index to Consolidated Financial Statements

     F-1   

 

 

Neither we, the selling shareholders nor the underwriters have authorized anyone to provide information different from that contained in this prospectus, any amendment or supplement to this prospectus or in any free writing prospectus prepared by us or on our behalf. Neither we, the selling shareholders nor the underwriters take any responsibility for, and can provide no assurance as to the reliability of, any information other than the information in this prospectus and any free writing prospectus prepared by us or on our behalf. Neither the delivery of this prospectus nor the sale of our ordinary shares means that information contained in this prospectus is correct after the date of this prospectus. This prospectus is not an offer to sell or the solicitation of an offer to buy these ordinary shares in any circumstances under which such offer or solicitation is unlawful.

 

 

 

(i)


Table of Contents

SUMMARY

This summary highlights selected information contained elsewhere in this prospectus. This summary does not contain all the information that you should consider before deciding to invest in our ordinary shares. You should read the entire prospectus carefully, including “Risk Factors” and our consolidated financial statements and notes to those consolidated financial statements, before making an investment decision. In this prospectus, the terms “CyberArk,” “we,” “us,” “our” and “the company” refer to CyberArk Software Ltd. and its subsidiaries.

Overview

We are a global leader and pioneer of a new layer of IT security solutions that protects organizations from cyber attacks that have made their way inside the network perimeter to strike at the heart of the enterprise. Our software solution is focused on protecting privileged accounts, which have become a critical target in the lifecycle of today’s cyber attacks. Privileged accounts are pervasive and act as the “keys to the IT kingdom,” providing complete access to, and control of, all parts of IT infrastructure, industrial control systems and critical business data. In the hands of an external attacker or malicious insider, privileged accounts allow attackers to take control of and disrupt an organization’s IT and industrial control infrastructures, steal confidential information and commit financial fraud. Our comprehensive solution proactively protects privileged accounts, monitors privileged activity and detects malicious privileged behavior. Our customers use our innovative solution to introduce this new security layer to protect against, detect and respond to cyber attacks before they strike vital systems and compromise sensitive data.

Organizations worldwide are experiencing an unprecedented increase in the sophistication, scale and frequency of cyber attacks. The challenge this presents is intensified by the growing adoption of new technologies, such as cloud computing, virtualization, software-defined networking, enterprise mobility and social networking, which has resulted in increasingly complex and distributed IT environments with significantly larger attack surfaces. Organizations have historically relied upon perimeter-based threat protection solutions such as network, web and endpoint security tools as the predominant defense against cyber attacks, yet these traditional solutions have a limited ability to stop today’s advanced threats. As a result, an estimated 90% of organizations have suffered a cybersecurity breach according to a 2011 survey of approximately 580 U.S. IT practitioners by the Ponemon Institute, a research center focused on privacy, data protection and information security policy. Organizations are just beginning to adapt their security strategies to address this new threat environment and are evolving their approaches based on the assumption that their network perimeter has been or will be breached. They are therefore increasingly implementing new layers of security inside the network to disrupt attacks before they result in the theft of confidential information or other serious damage. Regulators are also continuing to mandate rigorous new compliance standards and audit requirements in response to this evolving threat landscape.

We believe that the implementation of a privileged account security solution is one of the most critical layers of an effective security strategy. Privileged accounts represent one of the most vulnerable aspects of an organization’s IT infrastructure. Privileged accounts are used by system administrators, third-party and cloud service providers, applications and business users, and they exist in nearly every connected device, server, hypervisor, operating system, database, application and industrial control system. Due to the broad access and control they provide, exploiting privileged accounts has become a critical stage of the cyber attack lifecycle. The typical cyber attack involves attackers effecting an initial breach, escalating privileges to access target systems, moving laterally through the IT infrastructure to identify valuable targets, and exfiltrating, or stealing, the desired information. According to Mandiant, credentials of authorized users were hijacked in 100% of the breaches that Mandiant investigated, and privileged accounts were targeted whenever possible.

 

 

1


Table of Contents

We have architected our solution from the ground up to address the challenges of protecting privileged accounts and an organization’s sensitive information. Our solution provides proactive protection against cyber attacks from both external and internal sources and allows for real-time detection and neutralization of such threats. It can be deployed in traditional on-premise data centers, cloud environments and industrial control systems. Our innovative software solution is the result of over 15 years of research and expertise, combined with valuable knowledge we have gained from working with our diverse population of customers.

Our Privileged Account Security Solution is built on our shared technology platform and consists of several products:

 

    Enterprise Password Vault: proactively protects and manages all privileged accounts across an entire organization

 

    SSH Key Manager: securely stores, rotates and controls access to SSH keys to prevent unauthorized access to privileged accounts

 

    Privileged Session Manager: enables live monitoring and command-line keystroke level recording of privileged sessions, isolates the target asset from malware and establishes a single point of control for all privileged activity

 

    Application Identity Manager: secures application to application interfaces by enabling proactive controls on privileged credentials embedded in applications, service accounts and scripts

 

    On-Demand Privileges Manager: limits the breadth of access of administrative accounts by restricting the use of specified commands and functions

 

    Privileged Threat Analytics: profiles and analyzes individual privileged user behavior and creates prioritized alerts when abnormal activity is detected

As of March 31, 2015, we had approximately 1,850 customers, including approximately 40% of the Fortune 100 and approximately 18% of the Global 2000. We define a customer to include a distinct entity, division or business unit of a company. Our customers include leading enterprises in a diverse set of industries, including energy and utilities, financial services, healthcare, manufacturing, retail, technology and telecommunications, as well as government agencies. We sell our solution through a high touch, channel fulfilled hybrid sales model that combines the leverage of channel sales with the account control of direct sales, and therefore provides us with significant opportunities to grow our current customer base. This approach allows us to maintain close relationships with our customers and benefit from the global reach of our channel partners. Additionally, we are enhancing our product offerings and go-to-market strategy by establishing technology alliances within the IT infrastructure and security vendor ecosystem.

Our business has rapidly grown in recent years. During 2012, 2013 and 2014, our revenues were $47.2 million, $66.2 million and $103.0 million, respectively, representing year-over-year growth of 40.1% and 55.7% in 2013 and 2014, respectively. Our net income for 2012, 2013 and 2014 was $7.9 million, $6.6 million and $10.0 million, respectively. Our revenues for the three months ended March 31, 2014 and 2015 were $17.4 million and $32.9 million, respectively, representing year-over-year growth of 89.2%. Our net income for the three months ended March 31, 2015 was $4.2 million compared with a net loss of $1.2 million for the same period in 2014.

Industry Overview

The recent increase in sophisticated, targeted security threats by both external attackers and malicious insiders, along with an increase in the attack surface due to the growing complexity and distributed nature of IT environments, have made it extremely challenging for enterprises and governments around the world to protect their sensitive information. These challenges are driving the need for a new layer of security that complements traditional threat protection technologies by securing access to privileged accounts and preventing the exploitation of organizations’ critical systems and data.

 

 

2


Table of Contents

Privileged accounts represent one of the most vulnerable aspects of an organization’s IT infrastructure. Privileged escalation is a critical stage of the cyber attack because, if privileged credentials are compromised, the attacker is able to move closer to sensitive data while remaining undetected. Today’s advanced cyber attacks are typically designed to evade traditional threat prevention technologies that are focused on protecting the perimeter from outside breach. Furthermore, compliance requirements continue to become more stringent in response to the complex and evolving threat landscape.

Challenges in Protecting Privileged Accounts

The increasing sophistication, scale and frequency of advanced cyber attacks challenge traditional cybersecurity methods and create a need for a comprehensive approach to securing privileged accounts from use by external or internal attackers to gain access to and exploit an organization’s confidential data and IT systems. Such an approach must address a range of challenges presented by privileged accounts, including:

 

    traditional security solutions’ limited ability to protect privileged credentials and critical assets from cyber attacks;

 

    insufficient visibility and lack of automation in the management of privileged accounts;

 

    inability to monitor and audit all privileged activity;

 

    inadequate or delayed response time in detecting malicious and high risk behaviors; and

 

    limited scalability of existing point solutions.

Our Solution

Our Privileged Account Security Solution provides organizations with the following benefits:

 

    Comprehensive platform for proactive protection of privileged credentials and target assets from cyber attacks. Our comprehensive solution for privileged account security enables our customers to proactively protect against and automatically detect and respond to in-progress cyber attacks before they strike vital systems and compromise sensitive data. Our unified solution to these previously disparate security needs enables our customers to preemptively remediate vulnerabilities and improve their security effectiveness from a central command and control point.

 

    Automatic identification and understanding of the scope of privileged account risk. Our solution automatically detects privileged accounts across the enterprise and helps customers visualize the resulting compliance gaps and security vulnerabilities. This automated process reduces the time-consuming and error-prone task of manually tracking and updating privileged credentials, thereby decreasing IT operational costs. This enhanced visibility significantly improves the security posture of our customers and facilitates adherence to rigorous audit and compliance standards.

 

    Continuous monitoring, recording and secure storage of privileged account activity. Our solution monitors, collects and records individual privileged session activity down to every mouse click and keystroke. It also provides highly secure storage of privileged session recordings, robust search capabilities and full forensics records to facilitate a more rapid and precise response to malicious activity.

 

    Real-time detection, alerting and response to malicious privileged activity. Our Privileged Threat Analytics product uses proprietary algorithms to profile and analyze individual privileged user behavior and creates prioritized alerts in real-time when abnormal activity is detected. This allows our customers’ incident response teams to investigate and prioritize threatening activity and respond by terminating the active session.

 

 

3


Table of Contents
    Purpose-built solution, architected for privileged account security. Our Digital Vault offers multiple layers of security including robust segregation of duties, a secure proprietary communications protocol and military-grade encryption. Our Privileged Session Manager product establishes a single point of control for all privileged activity, effectively decreasing the attack surface by providing only proxy-based access to IT assets through our platform.

 

    Scalable and flexible platform that enables modular deployment. Our solution is scalable and flexible to enable deployment in large-scale distributed environments for on-premise, cloud environments and industrial control systems. Our solution enables enterprises to leverage their existing investments with out of the box support for many devices, networks, applications and servers, including web sites and social media.

Our Market Opportunity

We believe that the security market is in the midst of a significant transition as enterprises are investing in a new generation of security solutions to help protect them against today’s sophisticated and targeted cyber threats from both external attackers and malicious insiders. Gartner estimates that by 2020, 60% of enterprise information security budgets will be allocated to rapid detection and response approaches, up from less than 10% in 2014. Recognizing that traditional perimeter-based threat protection solutions are not sufficient to protect against today’s advanced cyber threats, enterprises are investing in security solutions within the datacenter to protect the inside of their networks. According to a 2012 report by International Data Corporation (IDC), worldwide spending on datacenter security solutions was $10.7 billion in 2011 and is expected to grow to $16.5 billion by 2016, representing a compound annual growth rate of 9.3%. According to the same report, worldwide spending for IT security solutions was $28.4 billion in 2011 and is expected to grow to $40.8 billion in 2016, representing a compound annual growth rate of 7.6%.

We believe that privileged account security is a new, critical layer of security that is benefitting from this transition. Privileged accounts represent one of the most vulnerable aspects of an organization’s IT infrastructure and exist in nearly every connected device, server, hypervisor, operating system, database, application and industrial control system throughout on-premise and cloud-based datacenters. As a result, we believe that an increasing portion of the IT security budget, and specifically datacenter security spend, will be allocated for privileged account security solutions.

Our Competitive Strengths

Our mission is to protect the heart of the enterprise from advanced cyber attacks. We have established a leadership position in protecting high-value data and critical IT assets by securing privileged accounts, and have several key competitive strengths including:

 

    Trusted expert in privileged account security. We are a recognized brand name and a leader in privileged account security, protecting organizations worldwide against external threats that have already penetrated the perimeter, as well as threats that originate from within the perimeter by malicious or careless insiders.

 

    Technology leader driven by vision and focus on innovation. Our history of innovation is the cornerstone of our technology leadership. We pioneered Digital Vault technology and introduced patented technology for application identity management, secure connectivity for remote vendors, integrated privileged activity monitoring, private and public cloud privileged account management and privileged threat analytics.

 

    Global reach driven by direct and indirect sales organization. We have a broadly dispersed global hybrid sales channel as evidenced by our existing customer implementations in 65 countries, a broad network of over 200 channel and technology alliance partners worldwide, and local presence in more than 20 countries.

 

 

4


Table of Contents
    Strong management team with significant IT security expertise. We have a highly talented management team and a strong research and development organization with significant IT security expertise from past experience in leading IT security companies and Israel’s military technology units.

 

    Corporate culture committed to our customers’ success. Our commitment to our customers’ success is ingrained in our business strategy and is brought to life through constant customer interactions, employee functions and our engaging annual customer conferences attended by hundreds of customers and channel partners.

Our Growth Strategy

Our goal is to be the global leader in IT security solutions that protect organizations from cyber attacks that have made their way inside the network perimeter to strike at the heart of the enterprise. The key elements of our strategy to extend our global leadership include:

 

    continue innovating and enhancing our solution;

 

    growing our customer base;

 

    further penetrating our existing customer base;

 

    continuing to expand our global presence by leveraging systems integrators and distribution partnerships; and

 

    selectively pursuing strategic transactions.

Risks Associated With Our Business

Investing in our ordinary shares involves risks. You should carefully consider the risks described in “Risk Factors” beginning on page 12 before making a decision to invest in our ordinary shares. If any of these risks actually occur, our business, financial condition or results of operations would likely be materially adversely affected. In such case, the trading price of our ordinary shares would likely decline, and you may lose all or part of your investment. The following is a summary of some of the principal risks we face:

 

    The IT security market is rapidly evolving within the increasingly challenging cyber threat landscape. If the industry does not continue to develop as we anticipate, our sales will not grow as quickly as expected and our share price could decline.

 

    If we fail to effectively manage our growth, our business and operations will be negatively affected, and as we invest in the growth of our business, we expect our operating and net profit margins to decline in the near-term.

 

    Our quarterly results of operations may fluctuate for a variety of reasons, including our failure to close significant sales before the end of a particular quarter.

 

    Our reputation and business could be harmed based on real or perceived shortcomings, defects or vulnerabilities in our solution or the failure of our solution to meet customers’ expectations.

 

    If we are unable to acquire new customers, our future revenues and operating results will be harmed.

 

    If we are unable to sell additional products and services to our existing customers, our future revenues and operating results will be harmed.

 

    We face intense competition from IT security vendors, some of which are larger and better known than we are, and we may lack sufficient financial or other resources to maintain or improve our competitive position.

 

 

5


Table of Contents
    If our internal network system is compromised by cyber attackers or other data thieves, public perception of our products and services will be harmed.

Corporate Information

We are incorporated under the laws of the State of Israel. Our principal executive offices are located at 94 Em-Ha’moshavot Road, Park Ofer, P.O. Box 3143, Petach Tikva 4970602, Israel, and our telephone number is +972 (3) 918-0000. Our website address is www.cyberark.com. Information contained on, or that can be accessed through, our website does not constitute a part of this prospectus and is not incorporated by reference herein. We have included our website address in this prospectus solely for informational purposes. Our agent for service of process in the United States is Cyber-Ark Software, Inc., located at 60 Wells Avenue, Suite 103, Newton, MA 02459, and our telephone number is (617) 965-1544.

Throughout this prospectus, we refer to various trademarks, service marks and trade names that we use in our business. The “CyberArk” design logo is the property of CyberArk Software Ltd. CyberArk® is our registered trademark in the United States. We have several other trademarks, service marks and pending applications relating to our products. In particular, although we have omitted the “®” and “™” trademark designations in this prospectus from each reference to Cyber-Ark DNA, Inter-Business Vault, Network Vault, Password Vault, Privileged Session Manager and Vaulting Technology, all rights to such trademarks are nevertheless reserved. Other trademarks and service marks appearing in this prospectus are the property of their respective holders.

 

 

6


Table of Contents

The Offering

 

Ordinary shares offered by us

900,000 ordinary shares

 

Ordinary shares offered by the selling shareholders

4,000,000 ordinary shares

 

Ordinary shares to be outstanding after this offering

31,657,908 ordinary shares

 

Underwriters’ option

The selling shareholders have granted the underwriters an option for a period of 30 days after the date of this prospectus to purchase up to 735,000 additional ordinary shares.

 

Use of proceeds

We estimate that the net proceeds to us from this offering will be approximately $52.0 million, after deducting the underwriting discount and estimated offering expenses. We intend to use the net proceeds for general corporate purposes, including sales and marketing expenditures aimed at growing our business and research and development expenditures focused on product development. We may also use net proceeds to make acquisitions or investments in complementary companies or technologies. Consistent with our growth strategy, we are currently engaged in discussions, negotiations and diligence evaluations with respect to possible acquisitions, although we do not have any agreement or understanding with respect to any material acquisition or investment at this time.

We will not receive any of the proceeds from the sale of ordinary shares by the selling shareholders.

See “Use of Proceeds,” “Principal and Selling Shareholders” and “Underwriting (Conflicts of Interest).”

 

Risk factors

See “Risk Factors” and other information included in this prospectus for a discussion of factors you should carefully consider before deciding to invest in our ordinary shares.

 

NASDAQ Global Select Market symbol

CYBR

 

Conflicts of interest

Goldman, Sachs & Co. and/or its affiliates own in the aggregate in excess of 10% of our issued and outstanding ordinary shares. As a result, Goldman, Sachs & Co. is deemed to have a “conflict of interest” with us within the meaning of Rule 5121 of the Financial Industry Regulatory Authority (“Rule 5121”). Accordingly, this offering will be made in compliance with the applicable provisions of Rule 5121. In accordance with that rule, the appointment of a “qualified independent underwriter” is not required in connection with this offering because a bona fide public market exists for our ordinary shares. Any underwriter that has a conflict of interest pursuant to Rule 5121 will not confirm sales to accounts in which it

 

 

7


Table of Contents
 

exercises discretionary authority without the prior written consent of the customer. See “Underwriting (Conflicts of Interest).”

The number of ordinary shares to be outstanding after this offering and, unless otherwise indicated, the information in this prospectus are based on 30,757,908 ordinary shares outstanding as of March 31, 2015 and excludes 5,144,755 ordinary shares reserved for issuance under our equity incentive plans as of March 31, 2015, of which there were outstanding options to purchase 4,338,682 shares at a weighted average exercise price of $2.93 per share and 43,040 unvested restricted stock units, or RSUs. In addition, our shareholders have approved at our annual general meeting of shareholders held on June 10, 2015 amendments to our 2014 Share Incentive Plan (1) to increase the number of shares reserved for issuance under the plan by 610,027 shares, representing 2% of our outstanding ordinary shares as of December 31, 2014, and (2) to increase from 2% to 4% the percentage of our outstanding share capital as of each year end by which the pool of ordinary shares may increase on an annual basis under the “evergreen” provision of the plan.

Unless otherwise indicated, this prospectus assumes (1) no exercise of the underwriters’ option to purchase up to 735,000 additional ordinary shares from the selling shareholders and (2) no exercise of outstanding options or vesting of RSUs after March 31, 2015.

 

 

8


Table of Contents

Summary Consolidated Financial Data

The following tables set forth our summary consolidated financial data. You should read the following summary consolidated financial and other data in conjunction with “Selected Consolidated Financial Data,” “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and our consolidated financial statements and related notes included elsewhere in this prospectus. Historical results are not necessarily indicative of the results that may be expected in the future. Our financial statements have been prepared in accordance with U.S. Generally Accepted Accounting Principles, or U.S. GAAP.

The summary consolidated statements of operations data for each of the years in the three-year period ended December 31, 2014 is derived from our audited consolidated financial statements appearing elsewhere in this prospectus. The summary consolidated statement of operations data for the three months ended March 31, 2014 and 2015 and the summary balance sheet data as of March 31, 2015 are derived from our unaudited interim consolidated financial statements presented elsewhere in this prospectus. In the opinion of management, these unaudited interim consolidated financial statements include all adjustments, consisting of normal recurring adjustments, necessary for a fair statement of our financial position and operating results for these periods. Results for interim periods are not necessarily indicative of the results that may be expected for the entire year.

 

     Year ended December 31,     Three months ended March 31,  
     2012      2013     2014               2014                         2015            
     (in thousands, except share and per share amounts)  

Consolidated Statements of Operations:

           

Revenues:

           

License

   $ 27,029       $ 38,907      $ 61,320      $ 9,120      $ 19,978   

Maintenance and professional services

     20,179         27,250        41,679        8,275        12,937   
  

 

 

    

 

 

   

 

 

   

 

 

   

 

 

 

Total revenues

     47,208         66,157        102,999        17,395        32,915   
  

 

 

    

 

 

   

 

 

   

 

 

   

 

 

 

Cost of revenues:

           

License

     1,002         1,216        2,654        628        550   

Maintenance and professional services

     5,922         7,860        12,053        2,425        3,707   
  

 

 

    

 

 

   

 

 

   

 

 

   

 

 

 

Total cost of revenues(1)

     6,924         9,076        14,707        3,053        4,257   
  

 

 

    

 

 

   

 

 

   

 

 

   

 

 

 

Gross profit

     40,284         57,081        88,292        14,342        28,658   
  

 

 

    

 

 

   

 

 

   

 

 

   

 

 

 

Operating expenses:

           

Research and development(1)

     7,273         10,404        14,400        3,237        4,117   

Sales and marketing(1)

     22,081         32,840        44,943        9,433        13,460   

General and administrative(1)

     3,297         4,758        8,495        1,481        3,578   
  

 

 

    

 

 

   

 

 

   

 

 

   

 

 

 

Total operating expenses

     32,651         48,002        67,838        14,151        21,155   
  

 

 

    

 

 

   

 

 

   

 

 

   

 

 

 

Operating income

     7,633         9,079        20,454        191        7,503   

Financial income (expenses), net

     4         (1,124     (5,988     (1,356     (1,631
  

 

 

    

 

 

   

 

 

   

 

 

   

 

 

 

Income (loss) before taxes on income

     7,637         7,955        14,466        (1,165     5,872   

Tax benefit (taxes on income)

     225         (1,320     (4,512     (83     (1,706
  

 

 

    

 

 

   

 

 

   

 

 

   

 

 

 

Net income (loss)

   $ 7,862       $ 6,635      $ 9,954      $ (1,248   $ 4,166   
  

 

 

    

 

 

   

 

 

   

 

 

   

 

 

 

Basic net income (loss) per ordinary share(2)

   $ 0.51       $ 0.25      $ 0.46      $ (0.35   $ 0.14   
  

 

 

    

 

 

   

 

 

   

 

 

   

 

 

 

Diluted net income (loss) per ordinary share(2)

   $ 0.31       $ 0.14      $ 0.34      $ (0.35   $ 0.12   
  

 

 

    

 

 

   

 

 

   

 

 

   

 

 

 

Weighted average number of ordinary shares used in computing basic net income (loss) per ordinary share(2)

     6,592,997         6,900,433        13,335,059        7,073,239        30,563,888   
  

 

 

    

 

 

   

 

 

   

 

 

   

 

 

 

Weighted average number of ordinary shares used in computing diluted net income (loss) per ordinary share(2)

     25,245,790         10,765,914        29,704,730        7,073,239        34,786,581   
  

 

 

    

 

 

   

 

 

   

 

 

   

 

 

 

 

 

9


Table of Contents
     As of March 31, 2015  
     Actual      As Adjusted(4)  
     (in thousands)  

Consolidated Balance Sheet Data:

     

Cash, cash equivalents and short-term bank deposits

   $ 191,668         $243,673   

Deferred revenue, current and long-term

     41,331         41,331   

Working capital(3)

     168,856         220,984   

Total assets

     222,060         274,436   

Total shareholders’ equity

     160,440         212,816   

 

     Year ended December 31,      Three months ended March 31,  
     2012      2013      2014              2014                      2015          
     (in thousands)  

Supplemental Financial Data:

              

Non-GAAP operating income(5)

   $ 7,917       $ 9,482       $ 22,027       $ 347       $ 9,049   

Non-GAAP net income(5)

     8,322         8,484         15,836         304         5,712   

Net cash provided by operating activities

     13,657         20,159         23,840         8,898         14,869   

 

(1) Includes share-based compensation expense as follows:

 

     Year ended
December 31,
     Three months
ended March 31,
 
     2012      2013      2014        2014          2015    
     (in thousands)  

Cost of revenues

   $ 32       $ 39       $ 137       $ 20       $ 63   

Research and development

     58         73         172         30         82   

Sales and marketing

     81         126         347         42         139   

General and administrative

     113         165         917         64         181   
  

 

 

    

 

 

    

 

 

    

 

 

    

 

 

 

Total share-based compensation expense

   $ 284       $ 403       $ 1,573       $ 156       $ 465   
  

 

 

    

 

 

    

 

 

    

 

 

    

 

 

 
(2) Basic and diluted net income (loss) per ordinary share is computed based on the weighted average number of ordinary shares outstanding during each period. For additional information, see note 10 to our consolidated financial statements included elsewhere in this prospectus.
(3) We define working capital as total current assets minus total current liabilities.
(4) As adjusted gives effect to the issuance and sale of ordinary shares by us in this offering at the public offering price of $61.00 per ordinary share after deducting underwriting discounts and commissions and estimated offering expenses payable by us.
(5) Non-GAAP operating income and non-GAAP net income are non-GAAP financial measures. We define non-GAAP operating income as operating income excluding share-based compensation expense and expenses related to our March 2015 public offering of ordinary shares by certain of our shareholders. We define non-GAAP net income as net income excluding (i) share-based compensation expense, (ii) expenses related to our March 2015 public offering of ordinary shares by certain of our shareholders and (iii) financial expenses resulting from the revaluation of warrants to purchase preferred shares. Because of varying available valuation methodologies, subjective assumptions and the variety of equity instruments that can impact a company’s non-cash expense, we believe that providing non-GAAP financial measures that exclude non-cash share-based compensation expenses and expenses related to our March 2015 public offering of ordinary shares by certain of our shareholders allows for more meaningful comparisons between our operating results from period to period. In addition, we believe that excluding financial expenses with respect to revaluation of warrants to purchase preferred shares allows for more meaningful comparison between our net income from period to period. As these warrants were exercised in connection with our initial public offering, they will no longer be revalued at each balance sheet date. Each of our non-GAAP financial measures is an important tool for financial and operational decision making and for evaluating our operating results over different periods of time. The following tables reconcile operating income and net income, the most directly comparable U.S. GAAP measure, to non-GAAP operating income and non-GAAP net income for the periods presented:

 

     Year ended
December 31,
     Three Months Ended
March 31,
 
     2012      2013      2014          2014              2015      
     (in thousands)  

Reconciliation of Operating Income to Non-GAAP Operating Income:

              

Operating income

   $ 7,633       $ 9,079       $ 20,454       $ 191       $ 7,503   

Secondary offering related expenses

     —           —           —           —           1,081   

Share-based compensation

     284         403         1,573         156         465   
  

 

 

    

 

 

    

 

 

    

 

 

    

 

 

 

Non-GAAP operating income

   $ 7,917       $ 9,482       $ 22,027       $ 347       $ 9,049   
  

 

 

    

 

 

    

 

 

    

 

 

    

 

 

 

 

 

10


Table of Contents
     Year ended December 31,      Three Months Ended
March 31,
 
     2012      2013      2014        2014         2015    
     (in thousands)  

Reconciliation of Net Income (Loss) to Non-GAAP Net Income:

             

Net income (loss)

   $ 7,862       $ 6,635       $ 9,954       $ (1,248   $ 4,166   

Secondary offering related expenses

     —           —           —           —          1,081   

Share-based compensation

     284         403         1,573         156        465   

Warrant adjustment

     176         1,446         4,309         1,396        —     
  

 

 

    

 

 

    

 

 

    

 

 

   

 

 

 

Non-GAAP net income

   $ 8,322       $ 8,484       $ 15,836       $ 304      $ 5,712   
  

 

 

    

 

 

    

 

 

    

 

 

   

 

 

 

For a description of how we use non-GAAP operating income and non-GAAP net income to evaluate our business, see “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Key Financial Metrics.” We believe that these non-GAAP financial measures are useful in evaluating our business because of varying available valuation methodologies, subjective assumptions and the variety of equity instruments that can impact a company’s non-cash expenses, and we believe that providing non-GAAP operating income and non-GAAP net income that exclude share-based compensation expenses, expenses related to our March 2015 public offering of ordinary shares by certain of our shareholders and warrant awards allows for more meaningful comparisons between our operating results from period to period.

Other companies, including companies in our industry, may calculate non-GAAP operating and non-GAAP net income differently or not at all, which reduces their usefulness as a comparative measure. You should consider non-GAAP operating income and non-GAAP net income along with other financial performance measures, including operating income and net income, and our financial results presented in accordance with U.S. GAAP.

 

 

11


Table of Contents

RISK FACTORS

This offering and an investment in our ordinary shares involve a high degree of risk. You should consider carefully the risks described below and all other information contained in this prospectus before you decide to buy our ordinary shares. If any of the following risks actually occur, our business, financial condition and results of operations could be materially and adversely affected. In that event, the trading price of our ordinary shares would likely decline and you might lose all or part of your investment.

Risks Related to Our Business and Our Industry

The IT security market is rapidly evolving within the increasingly challenging cyber threat landscape. If the industry does not continue to develop as we anticipate, our sales will not grow as quickly as expected and our share price could decline.

We operate in a rapidly evolving industry focused on securing organizations’ IT systems and sensitive business data. Our solution focuses on safeguarding privileged accounts, which are those accounts within an organization that give the user high levels of access, or “privileged” access, to IT systems, infrastructure, industrial control systems, applications and data. While breaches of such privileged accounts have gained media attention in recent years, IT security spending within enterprises is often concentrated on endpoint and web security products designed to stop threats from penetrating corporate networks. Organizations that use these security products may allocate all or most of their IT security budgets to these products and may not adopt our solution in addition to such products. Further, a security solution such as ours, which is focused on disrupting cyber attacks by insiders and external perpetrators that have penetrated the organization’s perimeter, is a relatively new technology that has been developed to respond to advanced threats and more rigorous compliance standards and audit requirements. However, advanced cyber attackers are skilled at adapting to new technologies and developing new methods of gaining access to organizations’ sensitive business data. Changes in the nature of advanced cyber threats could result in a shift in IT budgets away from solutions such as ours. In addition, any changes in compliance standards or audit requirements that deemphasize the types of controls, storage, monitoring and analysis that our solution provides would adversely impact demand for our offerings. It is therefore difficult to predict how large the market will be for our solution. If solutions such as ours are not viewed by organizations as necessary, or if customers do not recognize the benefit of our solution as a critical layer of an effective security strategy, then our revenues may not grow as quickly as expected, or may decline, and our share price could suffer.

If we fail to effectively manage our growth, our business and operations will be negatively affected, and as we invest in the growth of our business, we expect our operating and net profit margins to decline in the near-term.

We have experienced significant growth in a relatively short period of time and intend to continue to aggressively grow our business. Our revenues grew from $47.2 million in 2012 to $103.0 million in 2014 and from $17.4 million in the three months ended March 31, 2014 to $32.9 million in the same period in 2015. Our headcount has increased from 317 as of December 31, 2013 to 487 as of March 31, 2015, and we plan to continue to hire additional employees during the remainder of 2015 across all areas of the organization. Our rapid growth has placed significant demands on our management, sales and operational and financial infrastructure, and our growth will continue to place significant demands on these resources. Further, in order to manage our current and future growth effectively, we must continue to improve and expand our IT and financial infrastructure, operating and administrative systems and controls and efficiently manage headcount, capital and processes. We may not be able to successfully implement these improvements in a timely or efficient manner, and our failure to do so may materially impact our projected growth rate.

As we invest in the growth of our business, our operating and net profit margins and our operating and net income have declined in recent periods compared to prior periods and we expect this trend to continue in the near-term, primarily as a result of the costs associated with expanding our direct and indirect sales forces, our

 

12


Table of Contents

increased rate of investment in research and development and our increased administrative costs in connection with becoming a public company. We expect that these invested costs will adversely impact our operating and net profit margins since it will take time and resources to train and integrate new sales force members and to comply with public company reporting and regulatory requirements. In addition, costs associated with adding new personnel to our sales force are expensed before their positive impact on our sales is recognized, and even then a significant portion of any revenues that they generate from maintenance and professional services are deferred over the delivery period of those services. A failure to meet market expectations regarding our revenues and profitability could have an adverse effect on our share price.

Our quarterly results of operations may fluctuate for a variety of reasons, including our failure to close significant sales before the end of a particular quarter.

A meaningful portion of our revenues is generated by significant sales to new customers and sales of additional products to existing customers. Purchases of our products and services often occur at the end of each quarter, particularly in the last quarter of the year. In addition, our sales cycle can last several months from proof of concept to delivery of our solution to our customers, and this sales cycle can be even longer, less predictable and more resource-intensive for larger sales. Customers may also require additional internal approvals or seek to test our products for a longer trial period before deciding to purchase our solution. As a result, the timing of individual sales can be difficult to predict. In some cases, sales have occurred in a quarter subsequent to those we anticipated, or have not occurred at all, which can significantly impact our quarterly results and make it more difficult to meet market expectations. Furthermore, even if we close a sale during a given quarter we may be unable to recognize the revenues derived from such sale during the same period due to our revenue recognition policy. See “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Application of Critical Accounting Policies and Estimates—Revenue Recognition.”

In addition to the sales cycle-related fluctuations noted above, our results of operations will continue to vary as a result of a number of factors, many of which are outside of our control and may be difficult to predict, including:

 

    our ability to attract and retain new customers;

 

    our ability to sell additional products to current customers;

 

    changes in customer or channel partner requirements or market needs;

 

    changes in the growth rate of the information security market;

 

    the timing and success of new product and service introductions by us or our competitors or any other change in the competitive landscape of the information security market, including consolidation among our customers or competitors;

 

    a disruption in, or termination of, our relationship with channel partners;

 

    our ability to successfully expand our business globally;

 

    reductions in maintenance renewal rates;

 

    changes in our pricing policies or those of our competitors;

 

    general economic conditions in our markets;

 

    future accounting pronouncements or changes in our accounting policies or practices;

 

    the amount and timing of our operating costs;

 

    a change in our mix of products and services; and

 

    increases or decreases in our expenses caused by fluctuations in foreign currency exchange rates.

 

13


Table of Contents

Any of the above factors, individually or in the aggregate, may result in significant fluctuations in our financial and other operating results from period to period. These fluctuations could result in our failure to meet our operating plan or the expectations of investors or analysts for any period. If we fail to meet such expectations for these or other reasons, the market price of our ordinary shares could fall substantially, and we could face costly lawsuits, including securities class action suits.

Our reputation and business could be harmed based on real or perceived shortcomings, defects or vulnerabilities in our solution or the failure of our solution to meet customers’ expectations.

Organizations are facing increasingly sophisticated and targeted cyber threats, including the growing threat of cyber terrorism throughout the world. If we fail to identify and respond to new and increasingly complex methods of attack and update our products to detect or prevent such threats, our business and reputation will suffer. In particular, we may suffer significant adverse publicity and reputational harm if a significant breach occurs generally or if any breach occurs at a high profile customer. Moreover, as our solution is adopted by an increasing number of enterprises and governmental entities, it is possible that attackers will begin to focus on finding ways to defeat our solution. An actual or perceived security breach or theft of our customers’ sensitive business data, regardless of whether the breach or theft is attributable to the failure of our products, could adversely affect the market’s perception of the efficacy of our solution and current or potential customers may look to our competitors for alternatives to our solution. The failure of our products may also subject us to lawsuits and financial losses stemming from indemnification of our partners and other third parties, as well as the expenditure of significant financial resources to analyze, correct or eliminate any vulnerabilities. It could also cause us to suffer reputational harm, lose existing customers or deter them from purchasing additional products and services and prevent new customers from purchasing our solution.

False detection of threats, while typical in our industry, may reduce perception of the reliability of our products and may therefore adversely impact market acceptance of our products. If our solution restricts legitimate privileged access by authorized personnel to IT systems and applications by falsely identifying those users as an attack or otherwise unauthorized, our customers’ business could be harmed. There can be no assurance that, despite testing by us, errors will not be found in existing and new versions of our products, resulting in loss of or delay in market acceptance. In such an event, we may be required, or may choose, for customer relations or other reasons, to expend additional resources in order to help correct the problem.

If we are unable to acquire new customers, our future revenues and operating results will be harmed.

Our success depends on our ability to acquire new customers. The number of customers that we add in a given period impacts both our short-term and long-term revenues. If we are unable to attract a sufficient number of new customers, we may be unable to generate revenue growth at desired rates. The IT security market is competitive and many of our competitors have substantial financial, personnel, and other resources that they utilize to develop products and attract customers. As a result, it may be difficult for us to add new customers to our customer base. Competition in the marketplace may also lead us to win fewer new customers or result in us providing discounts and other commercial incentives. Additional factors that impact our ability to acquire new customers include the perceived need for IT security, the size of our prospective customers’ IT budgets, the utility and efficacy of our existing and new offerings, whether proven or perceived, and general economic conditions. These factors may have a meaningful negative impact on future revenues and operating results.

If we are unable to sell additional products and services to our existing customers, our future revenues and operating results will be harmed.

A significant portion of our revenues are generated from sales to existing customers. Our future success depends, in part, on our ability to continue to sell new licenses and incremental licenses to our existing customers. We devote significant efforts to developing, marketing and selling additional licenses and associated maintenance and support to existing customers and rely on these efforts for a portion of our revenues. These

 

14


Table of Contents

efforts require a significant investment in building and maintaining customer relationships, as well as significant research and development efforts in order to provide product upgrades and launch new products. The rate at which our existing customers purchase additional products and services depends on a number of factors, including the perceived need for additional IT security, the efficacy of our solutions and the utility of our new offerings, whether proven or perceived, our customers’ IT budgets, general economic conditions, our customers’ overall satisfaction with the maintenance and professional services we provide and the continued growth and economic health of our customer base to require incremental users and servers to be covered. If our efforts to sell additional products and services to our customers are not successful, our future revenues and operating results will be harmed.

We face intense competition from IT security vendors, some of which are larger and better known than we are, and we may lack sufficient financial or other resources to maintain or improve our competitive position.

The IT security market in which we operate is characterized by intense competition, constant innovation and evolving security threats. We compete with companies that offer a broad array of IT security products. Our current and potential future competitors include CA, Inc., Dell Inc., International Business Machines Corporation and Oracle Corporation in the access and identity management market, and may also include providers of advanced threat protection solutions such as Hewlett-Packard Company, EMC Corporation, International Business Machines Corporation, FireEye, Inc., Splunk Inc. and Palo Alto Networks, Inc. and other smaller companies that offer point solutions with a more limited range of functionality than our own offerings. Some of our competitors are large companies that have the technical and financial resources and broad customer bases needed to bring competitive solutions to the market and already have existing relationships as a trusted vendor for other products. Such companies may use these advantages to offer products and services that are perceived to be as effective as ours at a lower price or for free as part of a larger product package or solely in consideration for maintenance and services fees. They may also develop different products to compete with our current solution and respond more quickly and effectively than we do to new or changing opportunities, technologies, standards or client requirements. Additionally, from time to time we may compete with smaller regional vendors that offer products with a more limited range of capabilities that purport to perform functions similar to our solution. Such companies may enjoy stronger sales and service capabilities in their particular regions.

Our competitors may enjoy potential competitive advantages over us, such as:

 

    greater name recognition, a longer operating history and a larger customer base, notwithstanding the increased visibility of our brand following our initial public offering;

 

    larger sales and marketing budgets and resources;

 

    broader distribution and established relationships with channel and distribution partners and customers;

 

    greater customer support resources;

 

    greater resources to make acquisitions;

 

    larger intellectual property portfolios; and

 

    greater financial, technical and other resources.

Our current and potential competitors may also establish cooperative relationships among themselves or with third parties that may further enhance their resources. Current or potential competitors may be acquired by third parties with greater available resources. As a result of such acquisitions, our current or potential competitors might be able to adapt more quickly to new technologies and customer needs, devote greater resources to the promotion or sale of their products and services, initiate or withstand substantial price competition, take advantage of other opportunities more readily or develop and expand their product and service offerings more quickly than we do. Larger competitors with more diverse product offerings may reduce the price of products that compete with ours in order to promote the sale of other products or may bundle them with other products, which would lead to increased pricing pressure on our products and could cause the average sales prices for our products to decline.

 

15


Table of Contents

In addition, other IT security technologies exist or could be developed in the future by current or future competitors, and our business could be materially and adversely affected if such technologies are widely adopted.

We may not be able to successfully anticipate or adapt to changing technology or customer requirements on a timely basis, or at all. If we fail to keep up with technological changes or to convince our customers and potential customers of the value of our solution even in light of new technologies, our business, results of operations and financial condition could be materially and adversely affected.

If our internal network system is compromised by cyber attackers or other data thieves, public perception of our products and services will be harmed.

We will not succeed unless the marketplace is confident that we provide effective IT security protection. We provide privileged account security products, and as such we may be an attractive target for attacks by cyber attackers or other data thieves since a breach of our system could provide data information regarding not only us, but potentially regarding the customers that our solution protects. As a result of our recent initial public offering, we have enjoyed increased visibility as a company, which could have the effect of attracting the attention of more hackers than would otherwise target us for data theft. Further, we may be targeted by cyber terrorists because we are an Israeli company. If we experience an actual or perceived breach of our network or privileged account security in our internal systems, it could adversely affect the market perception of our products and services. In addition, we may need to devote more resources to address security vulnerabilities in our solution, and the cost of addressing these vulnerabilities could reduce our operating margins. If we do not address security vulnerabilities or otherwise provide adequate security features in our products, certain customers, particularly government customers, may delay or stop purchasing our products. Further, a security breach could impair our ability to operate our business, including our ability to provide maintenance and support services to our customers. If this happens, our revenues could decline and our business could suffer.

If we do not effectively expand, train and retain our sales force, we may be unable to acquire new customers or sell additional products and services to existing customers, and our business will suffer.

We depend significantly on our sales force to attract new customers and expand sales to existing customers. We generate approximately 50% of our revenues from direct sales. As a result, our ability to grow our revenues depends in part on our success in recruiting, training and retaining sufficient numbers of sales personnel to support our growth, particularly in the United States. The number of our sales and marketing personnel increased from 135 as of December 31, 2013 to 231 as of March 31, 2015. We expect to continue to expand our sales and marketing personnel significantly and face a number of challenges in achieving our hiring and integration goals. There is intense competition for individuals with sales training and experience. In addition, the training and integration of a large number of sales and marketing personnel in a short time requires the allocation of significant internal resources. We invest significant time and resources in training new sales force personnel to understand our solutions and growth strategy. Based on our past experience, it takes an average of approximately six to nine months before a new sales force member operates at target performance levels. However, we may be unable to achieve or maintain our target performance levels with large numbers of new sales personnel as quickly as we have done in the past. Our failure to hire a sufficient number of qualified sales force members and train them to operate at target performance levels may materially and adversely impact our projected growth rate.

We rely on channel partners, including systems integrators, distributors and value-added resellers, to generate a significant portion of our revenue. If we fail to maintain successful relationships with our channel partners, or if our channel partners fail to perform, our ability to market, sell and distribute our solution will be limited, and our business, financial position and results of operations will be harmed.

In addition to our direct sales force, we rely on our channel partners to sell and support our solution, particularly in Europe and the Asia Pacific region. We expect that sales through our channel partners will continue to account for a significant percentage of our revenue. We generate approximately 50% of our revenues from sales to channel partners and we expect that channel partners will represent a substantial portion of our

 

16


Table of Contents

revenues for the foreseeable future. Our agreements with channel partners are non-exclusive, meaning our partners may offer customers IT security products from other companies, including products that compete with our solution. If our channel partners do not effectively market and sell our solution, or choose to use greater efforts to market and sell their own products and services or the products and services of our competitors, our ability to grow our business will be adversely affected. Our channel partners may cease or deemphasize the marketing of our solution with limited or no notice and with little or no penalty. Further, new channel partners require training and may take several months or more to achieve productivity. The loss of a substantial number of our channel partners, the inability to replace them or the failure to recruit additional channel partners could materially and adversely affect our results of operations. Our reliance on channel partners could also subject us to lawsuits or reputational harm if, for example, a channel partner misrepresents the functionality of our solution to customers or violates laws or our corporate policies. Our ability to grow revenues in the future will depend in part on our success in maintaining successful relationships with our channel partners and training our channel partners to independently sell and install our solution. If we are unable to maintain our relationship with channel partners or otherwise develop and expand our indirect sales channel, or if our channel partners fail to perform, our business, financial position and results of operations could be adversely affected.

If our products fail to help our customers achieve and maintain compliance with certain government regulations and industry standards, our business and results of operations could be materially and adversely affected.

We generate a substantial portion of our revenues from our products and services because they enable our customers to achieve and maintain compliance with certain government regulations and industry standards, and we expect that will continue for the foreseeable future. Examples of industry standards and government regulations include the Payment Card Industry Data Security Standard (PCI-DSS); the Federal Information Security Management Act (FISMA) and associated National Institute for Standards and Testing (NIST) Network Security Standards; the Sarbanes-Oxley Act of 2002; Title 21 of the U.S. Code of Federal Regulations, which governs food and drugs industries; the North American Electric Reliability Corporation Critical Infrastructure Protection Plan (NERC-CIP); the German Federal Financial Supervisory Authority (BaFin) Minimum Requirements for Risk Management; and the Monetary Authority of Singapore’s Technology Risk Management Notices. These industry standards may change with little or no notice, including changes that could make them more or less onerous for businesses. In addition, governments may also adopt new laws or regulations, or make changes to existing laws or regulations, that could impact whether our solution enables our customers to maintain compliance with such laws or regulations. If we are unable to adapt our solution to changing government regulations and industry standards in a timely manner, or if our solution fails to expedite our customers’ compliance initiatives, our customers may lose confidence in our products and could switch to products offered by our competitors. In addition, if government regulations and industry standards related to IT security are changed in a manner that makes them less onerous, our customers may view compliance as less critical to their businesses, and our customers may be less willing to purchase our products and services. In either case, our sales and financial results would suffer.

Our model for long-term growth depends upon the introduction of new products. If we are unable to develop new products or if these new products are not adopted by customers, our growth will be adversely affected.

Our business depends on the successful development and marketing of new products, including adding complementary offerings to our current products. For example, we introduced our first behavioral analytics product, Privileged Threat Analytics, in December 2013 and continued the expansion of our proactive controls monitoring and management product line with the introduction of SSH Key Manager in November 2014. Development and marketing of new products requires significant up-front research, development and other costs, and the failure of new products we develop to gain market acceptance may result in a failure to achieve future sales and adversely affect our competitive position. There can be no assurance that any of our new or future products will achieve market acceptance or generate revenues at forecasted rates or that the margins generated from their sales will allow us to recoup the costs of our development efforts.

 

17


Table of Contents

Failure by us or our channel partners to maintain sufficient levels of customer support could have a material adverse effect on our business, financial condition and results of operations.

Our customers depend in large part on customer support delivered through our channel partners or by us to resolve issues relating to the use of our solution. However, even with our support and that of our channel partners, our customers are ultimately responsible for effectively using our solution and ensuring that their IT staff is properly trained in the use of our products and complementary security products. The failure of our customers to correctly use our solution, or our failure to effectively assist customers in installing our solution and providing effective ongoing support, may result in an increase in the vulnerability of our customers’ IT systems and sensitive business data. Additionally, if our channel partners do not effectively provide support to the satisfaction of our customers, we may be required to provide support to such customers, which would require us to invest in additional personnel, which requires significant time and resources. We may not be able to keep up with demand, particularly if the sales of our solution exceed our internal forecasts. To the extent that we or our channel partners are unsuccessful in hiring, training and retaining adequate support resources, our ability and the ability of our channel partners to provide adequate and timely support to our customers will be negatively impacted, and our customers’ satisfaction with our products will be adversely affected. Accordingly, our failure to provide satisfactory maintenance and technical support services could have a material and adverse effect on our business and results of operations.

If we do not successfully anticipate market needs and enhance our existing products or develop new products that meet those needs on a timely basis, we may not be able to compete effectively and our ability to generate revenues will suffer.

Our customers operate in markets characterized by rapidly changing technologies and business plans, which require them to adapt to increasingly complex IT infrastructures that incorporate a variety of hardware, software applications, operating systems and networking protocols. As our customers’ technologies and business plans grow more complex, we expect them to face new and increasingly sophisticated methods of attack. We face significant challenges in ensuring that our solution effectively identifies and responds to these advanced and evolving attacks without disrupting the performance of our customers’ IT systems. As a result, we must continually modify and improve our products in response to changes in our customers’ IT and industrial control infrastructures.

We cannot guarantee that we will be able to anticipate future market needs and opportunities or be able to develop product enhancements or new products to meet such needs or opportunities in a timely manner, if at all. Even if we are able to anticipate, develop and commercially introduce enhancements and new products, there can be no assurance that enhancements or new products will achieve widespread market acceptance.

Our product enhancements or new products could fail to attain sufficient market acceptance for many reasons, including:

 

    delays in releasing product enhancements or new products;

 

    failure to accurately predict market demand and to supply products that meet this demand in a timely fashion;

 

    inability to interoperate effectively with the existing or newly introduced technologies, systems or applications of our existing and prospective customers;

 

    inability to protect against new types of attacks or techniques used by cyber attackers or other data thieves;

 

    defects in our products, errors or failures of our solutions to secure privileged accounts;

 

    negative publicity about the performance or effectiveness of our products;

 

    introduction or anticipated introduction of competing products by our competitors;

 

18


Table of Contents
    installation, configuration or usage errors by our customers;

 

    easing or changing of regulatory requirements related to security; and

 

    reluctance of customers to purchase products incorporating open source software.

If we fail to anticipate market requirements or fail to develop and introduce product enhancements or new products to meet those needs in a timely manner, it could cause us to lose existing customers and prevent us from gaining new customers, which would significantly harm our business, financial condition and results of operations.

If our products do not effectively interoperate with our customers’ existing or future IT infrastructures, installations could be delayed or cancelled, which would harm our business.

Our products must effectively interoperate with our customers’ existing or future IT infrastructures, which often have different specifications, utilize multiple protocol standards, deploy products from multiple vendors and contain multiple generations of products that have been added over time. If we find errors in the existing software or defects in the hardware used in our customers’ infrastructure or problematic network configurations or settings, we may have to modify our software so that our products will interoperate with our customers’ infrastructure and business processes. In addition, to stay competitive within certain markets, we may be required to make software modifications in future releases to comply with new statutory or regulatory requirements. These issues could result in longer sales cycles for our products and order cancellations, either of which would adversely affect our business, results of operations and financial condition.

Our research and development efforts may not produce successful products or enhancements to our solution that result in significant revenue or other benefits in the near future, if at all.

We expect to continue to dedicate significant financial and other resources to our research and development efforts in order to maintain our competitive position. For example, in 2014, we increased our dedicated research and development personnel by 25% compared to 2013. However, investing in research and development personnel, developing new products and enhancing existing products is expensive and time consuming, and there is no assurance that such activities will result in significant new marketable products or enhancements to our products, design improvements, cost savings, revenues or other expected benefits. If we spend significant time and effort on research and development and are unable to generate an adequate return on our investment, our business and results of operations may be materially and adversely affected.

We are subject to a number of risks associated with global sales and operations.

Business practices in the global markets that we serve may differ from those in the United States and may require us to include non-standard terms in customer contracts, such as extended payment or warranty terms. To the extent that we enter into customer contracts that include non-standard terms related to payment, warranties, or performance obligations, our results of operations may be adversely impacted.

Additionally, our global sales and operations are subject to a number of risks, including the following:

 

    greater difficulty in enforcing contracts and managing collections, as well as longer collection periods;

 

    higher costs of doing business globally, including costs incurred in maintaining office space, securing adequate staffing and localizing our contracts;

 

    fluctuations in exchange rates between the U.S. dollar and foreign currencies in markets where we do business (See “—We are exposed to fluctuations in currency exchange rates, which could negatively affect our financial condition and results of operations”);

 

    management communication and integration problems resulting from cultural and geographic dispersion;

 

19


Table of Contents
    risks associated with trade restrictions and foreign legal requirements, including any importation, certification, and localization of our platform that may be required in foreign countries;

 

    greater risk of unexpected changes in regulatory practices, tariffs, and tax laws and treaties;

 

    compliance with anti-bribery laws, including, without limitation, compliance with the U.S. Foreign Corrupt Practices Act and the UK Anti-Bribery Act;

 

    heightened risk of unfair or corrupt business practices in certain geographies and of improper or fraudulent sales arrangements that may impact financial results and result in restatements of, or irregularities in, financial statements;

 

    reduced or uncertain protection of intellectual property rights in some countries;

 

    social, economic and political instability, terrorist attacks and security concerns in general; and

 

    potentially adverse tax consequences.

These and other factors could harm our ability to generate future global revenues and, consequently, materially impact our business, results of operations and financial condition.

If we are unable to adequately protect our proprietary technology and intellectual property rights, our business could suffer substantial harm.

The success of our business depends on our ability to protect our proprietary technology, brands and other intellectual property and to enforce our rights in that intellectual property. We attempt to protect our intellectual property under patent, trademark, copyright and trade secret laws, and through a combination of confidentiality procedures, contractual provisions and other methods, all of which offer only limited protection.

As of March 31, 2015, we had two issued patents in the United States and 15 pending U.S. patent applications. We also had one provisional patent application in the United States. We also had two patents issued and 17 applications pending for examination in non-U.S. jurisdictions, all of which are counterparts of our U.S. patent applications. We may file additional patent applications in the future. The process of obtaining patent protection is expensive and time-consuming, and we may not be able to prosecute all necessary or desirable patent applications at a reasonable cost or in a timely manner all the way through to the successful issuance of a patent. We may choose not to seek patent protection for certain innovations and may choose not to pursue patent protection in certain jurisdictions. Furthermore, it is possible that our patent applications may not issue as granted patents, that the scope of our issued patents will be insufficient or not have the coverage originally sought, that our issued patents will not provide us with any competitive advantages, and that our patents and other intellectual property rights may be challenged by others or invalidated through administrative processes or litigation. In addition, issuance of a patent does not guarantee that we have an absolute right to practice the patented invention. Our policy is to require our employees (and our consultants and service providers that develop intellectual property included in our products) to execute written agreements in which they assign to us their rights in potential inventions and other intellectual property created within the scope of their employment (or, with respect to consultants and service providers, their engagement to develop such intellectual property), but we cannot assure you that we have adequately protected our rights in every such agreement or that we have executed an agreement with every such party. Finally, in order to benefit from the protection of patents and other intellectual property rights, we must monitor and detect infringement and pursue infringement claims in certain circumstances in relevant jurisdictions, all of which are costly and time-consuming. As a result, we may not be able to obtain adequate protection or to effectively enforce our issued patents or other intellectual property rights.

In addition to patents, we rely on trade secret rights, copyrights and other rights to protect our unpatented proprietary intellectual property and technology. Despite our efforts to protect our proprietary technologies and our intellectual property rights, unauthorized parties, including our employees, consultants, service providers or customers, may attempt to copy aspects of our products or obtain and use our trade secrets or other confidential

 

20


Table of Contents

information. We generally enter into confidentiality agreements with our employees, consultants, service providers, vendors, channel partners and customers, and generally limit access to and distribution of our proprietary information and proprietary technology through certain procedural safeguards. These agreements may not effectively prevent unauthorized use or disclosure of our intellectual property or technology and may not provide an adequate remedy in the event of unauthorized use or disclosure of our intellectual property or technology. We cannot assure you that the steps taken by us will prevent misappropriation of our intellectual property or technology or infringement of our intellectual property rights. In addition, the laws of some foreign countries where we sell our products do not protect intellectual property rights and technology to the same extent as the laws of the United States, and these countries may not enforce these laws as diligently as government agencies and private parties in the United States. Based on the 2013 report on intellectual property rights protection and enforcement published by the Office of the United States Trade Representative, such countries included Ukraine (designated a priority foreign country) and Chile, China, India, Indonesia, Russia and Thailand (designated as priority watch list countries). If we are unable to protect our intellectual property, we may find ourselves at a competitive disadvantage to others who need not incur the additional expense, time and effort required to create the innovative products that have enabled us to be successful to date.

Intellectual property claims may increase our costs or require us to cease selling certain products, which could adversely affect our financial condition and results of operations.

The IT security industry is characterized by the existence of a large number of relevant patents and frequent claims and related litigation regarding patent and other intellectual property rights. In particular, leading companies in the IT security industry have extensive patent portfolios. From time to time, third-parties have asserted and may assert their patent, copyright, trademark and other intellectual property rights against us, our channel partners or our customers. Furthermore, we may be subject to indemnification obligations with respect to third-party intellectual property rights pursuant to our agreements with our channel partners or customers. Such indemnification provisions are customary for our industry. Successful claims of infringement or misappropriation by a third-party against us or a third-party that we indemnify could prevent us from distributing certain products or performing certain services or could require us to pay substantial damages (including, for example, treble damages if we are found to have willfully infringed patents and increased statutory damages if we are found to have willfully infringed copyrights), royalties or other fees. Such claims also could require us to cease making, licensing or using solutions that are alleged to infringe or misappropriate the intellectual property of others, to expend additional development resources to attempt to redesign our products or services or otherwise to develop non-infringing technology, to enter into potentially unfavorable royalty or license agreements in order to obtain the right to use necessary technologies or intellectual property rights, and to indemnify our partners and other third parties, including our customers and channel partners whom we typically indemnify against such claims. Even if third parties may offer a license to their technology, the terms of any offered license may not be acceptable, and the failure to obtain a license or the costs associated with any license could cause our business, results of operations or financial condition to be materially and adversely affected. Defending against claims of infringement or being deemed to be infringing the intellectual property rights of others could impair our ability to innovate, develop, distribute and sell our current and planned products and services. If we are unable to ensure that we are not violating the intellectual property rights of others, our financial position may be adversely affected.

Prolonged economic uncertainties or downturns could materially adversely affect our business.

Our business depends on our current and prospective customers’ ability and willingness to invest money in IT security, which in turn is dependent upon their overall economic health. Negative economic conditions in the global economy, including conditions resulting from financial and credit market fluctuations, could cause a decrease in corporate spending on information security software. We generated 32.2% and 37.5% of our revenues from Europe, the Middle East and Africa in the year ended December 31, 2014 and the three months ended March 31, 2015, respectively. Continuing economic challenges throughout Europe and other parts of the world may cause our customers in those locations to reevaluate decisions to purchase our solution or to delay their purchasing decisions, which could adversely impact our results of operations due to the importance of that region to us.

 

21


Table of Contents

In addition, a significant portion of our revenues is generated from customers in the financial services industry, including banking and insurance. Negative economic conditions may cause customers generally and in that industry in particular to reduce their IT spending. Customers may delay or cancel IT projects, choose to focus on in-house development efforts or seek to lower their costs by renegotiating maintenance and support agreements. To the extent purchases of licenses for our software are perceived by customers and potential customers to be discretionary, our revenues may be disproportionately affected by delays or reductions in general IT spending. If the economic conditions of the general economy or industries in which we operate worsen from present levels, our results of operation could be adversely affected.

If we are unable to hire, retain and motivate qualified personnel, our business will suffer.

Our future success depends, in part, on our ability to continue to attract and retain highly skilled personnel. Our inability to attract or retain qualified personnel or delays in hiring required personnel, particularly in sales and engineering, may seriously harm our business, financial condition and results of operations. Any of our employees may terminate their employment at any time. Additionally, two of our U.S. executive officers have not signed non-compete agreements with us. Competition for highly skilled personnel is frequently intense, especially in Israel, where we are headquartered. Further, a number of our employees are substantially vested in significant share option plans, and their ability to exercise those options and sell their shares in a public market may result in a larger than normal turn-over rate. Additionally, we may struggle to retain employees because our profile, which has been raised by our recent initial public offering, may attract competitors who may then actively seek to hire skilled personnel away from us. In addition, to the extent we hire personnel from competitors, we may be subject to allegations that they have been improperly solicited or divulged proprietary or other confidential information.

We rely significantly on revenues from maintenance and support contracts, which we recognize ratably over the term of the associated contract and, to a lesser extent, from professional services contracts, which we recognize as services are delivered, and downturns in sales of these contracts are not immediately reflected in full in our quarterly operating results.

Maintenance and support and professional services revenues accounted for 40.5% and 39.3% of our total revenues in the year ended December 31, 2014 and the three months ended March 31, 2015, respectively. Sales of maintenance and support and professional services may decline or fluctuate as a result of a number of factors, including the number of product licenses we sell, our customers’ level of satisfaction with our products and services, the prices of our products and services, the prices of products and services offered by our competitors or reductions in our customers’ spending levels. If our sales of maintenance and support and professional services contracts decline, our revenues or revenue growth may decline and our business will suffer. We recognize revenues from maintenance and support contracts ratably on a straight-line basis over the term of the related contract which is typically one year and, to a lesser extent, three years, and from professional services as services are performed. As a result, a meaningful portion of the revenues we report each quarter results from the recognition of deferred revenues from maintenance and support and professional services contracts entered into during previous quarters. Consequently, a decline in the number or size of such contracts in any one quarter will not be fully reflected in revenues in that quarter, but will negatively affect our revenues in future quarters. Accordingly, the effect of significant downturns in maintenance and support and professional services contracts would not be reflected in full in our results of operations until future periods.

We are exposed to fluctuations in currency exchange rates, which could negatively affect our financial condition and results of operations.

Our functional and reporting currency is the U.S. dollar and we generate a majority of our revenues in U.S. dollars. In 2014, the majority of our revenues were denominated in U.S. dollars and the remainder primarily in euros and British pounds sterling. In 2014, the substantial majority of our cost of revenues and operating expenses were denominated in U.S. dollars and New Israeli Shekels (NIS), and the remainder primarily in euros and British pounds sterling. Our foreign currency-denominated expenses consist primarily of personnel, rent and

 

22


Table of Contents

other overhead costs. Since a significant portion of our expenses is incurred in NIS and is substantially greater than our revenues in NIS, any appreciation of the NIS relative to the U.S. dollar would adversely impact our net loss or net income, as relevant. In addition, since the portion of our revenues generated in euros is significantly greater than our expenses incurred in euros, any depreciation of the euro relative to the U.S. dollar would adversely impact our net loss or net income, as applicable. We currently have less exposure to fluctuations in the exchange rate of the British pound sterling because our revenues and expenses in that currency have an offsetting effect. We estimate that a 10% strengthening or weakening in the value of the NIS against the U.S. dollar would have decreased or increased, respectively, our net income by approximately $2.0 million in 2014. We estimate that a 10% strengthening or weakening in the value of the euro against the U.S. dollar would have increased or decreased, respectively, our net income by approximately $0.7 million in 2014. These estimates of the impact of fluctuations in currency exchange rates on our historic results of operations may be different from the impact of fluctuations in exchange rates on our future results of operations since the mix of currencies comprising our revenues and expenses may change. We evaluate periodically the various currencies to which we are exposed and take hedging measures to reduce the potential adverse impact from the appreciation or the depreciation of our non U.S. dollar-denominated operations, as appropriate. We expect that the majority of our revenues will continue to be generated in U.S. dollars with the balance in euros and British pounds sterling for the foreseeable future and that a significant portion of our expenses will continue to be denominated in NIS, British pounds sterling and in euros. We cannot provide any assurances that our hedging activities will be successful in protecting us from adverse impacts from currency exchange rate fluctuations. See “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Quantitative and Qualitative Disclosure About Market Risk—Foreign Currency Risk.”

A portion of our revenues is generated by sales to government entities, which are subject to a number of challenges and risks.

A portion of our revenues is generated by sales to U.S. and foreign federal, state and local governmental agency customers, and we may in the future increase sales to government entities. Sales to government entities are subject to a number of risks. Selling to government entities can be highly competitive, expensive and time consuming, often requiring significant upfront time and expense without any assurance that we will complete a sale. Government demand and payment for our products and services may be impacted by public sector budgetary cycles and funding authorizations, with funding reductions or delays adversely affecting public sector demand for our products. Finally, for purchases by the U.S. government, the government may require certain products to be manufactured in the United States and other high cost manufacturing locations, and we may not manufacture all products in locations that meet the requirements of the U.S. government.

We may acquire other businesses, which could require significant management attention, disrupt our business, dilute shareholder value, and adversely affect our results of operations.

As part of our business strategy and in order to remain competitive, we are evaluating acquiring or making investments in complementary companies, products or technologies. However, we have not made any acquisitions to date, and as a result, our ability as an organization to acquire and integrate other companies, products or technologies in a successful manner is unproven. We may not be able to find suitable acquisition candidates, and we may not be able to complete such acquisitions on favorable terms, if at all. If we do complete acquisitions, we may not ultimately strengthen our competitive position or achieve our goals, and any acquisitions we complete could be viewed negatively by our customers, analysts and investors. In addition, if we are unsuccessful at integrating such acquisitions or the technologies associated with such acquisitions, our revenues and results of operations could be adversely affected. Any integration process may require significant time and resources, and we may not be able to manage the process successfully. We may not successfully evaluate or utilize the acquired technology or personnel, or accurately forecast the financial impact of an acquisition transaction, including accounting charges. We may have to pay cash, incur debt or issue equity securities to pay for any such acquisition, each of which could adversely affect our financial condition or the value of our ordinary shares. The sale of equity or issuance of debt to finance any such acquisitions could result

 

23


Table of Contents

in dilution to our shareholders. The incurrence of indebtedness would result in increased fixed obligations and could also include covenants or other restrictions that would impede our ability to manage our operations.

We are subject to governmental export and import controls that could subject us to liability in the event of non-compliance or impair our ability to compete in international markets.

We incorporate encryption capabilities into certain products and these products are subject to U.S. export control requirements. We are also subject to Israeli export controls on encryption technology since our product development initiatives are primarily conducted in Israel. If the applicable U.S. or Israeli requirements regarding the export of encryption technology were to change or if we change the encryption means in our products, we may need to satisfy additional requirements in the United States or Israel. There can be no assurance that we will be able to satisfy any additional requirements under these circumstances in either the United States or Israel. Furthermore, various other countries regulate the import of certain encryption products and technology, including import permitting and licensing requirements, and have enacted laws that could limit our ability to distribute our products or could limit our customers’ ability to implement our products in those countries.

We are also subject to U.S. and Israeli export control and economic sanctions laws, which prohibit the shipment of certain products to embargoed or sanctioned countries, governments and persons. Our products could be exported to these sanctioned targets by our channel partners despite the contractual undertakings they have given us and any such export could have negative consequences, including government investigations, penalties and reputational harm. Any change in export or import regulations, economic sanctions or related legislation, shift in the enforcement or scope of existing regulations, or change in the countries, governments, persons or technologies targeted by such regulations, could result in decreased use of our products by, or in our decreased ability to export or sell our products to, existing or potential customers with international operations. Any decreased use of our products or limitation on our ability to export or sell our products would likely adversely affect our business, financial condition and results of operations.

In addition, in the future we may be subject to defense-related export controls. For example, currently our solution is not subject to supervision under the Israeli Defense Export Control Law, 5767-2007, but if it was used for purposes that are classified as defense-related or if it falls under “dual-use goods and technology” as referred to below, we could become subject to such regulation. In particular, under the Israeli Defense Export Control Law, 5767-2007, an Israeli company may not conduct “defense marketing activity” without a defense marketing license from the Israeli Ministry of Defense (MOD) and may be subject to a requirement to obtain a specific license from the MOD for any export of defense related products and/or knowhow. The definition of defense marketing activity is broad and includes any marketing of “defense equipment,” “defense knowhow” or “defense services” outside of Israel, which includes “dual-use goods and technology,” (material and equipment intended in principle for civilian use and that can also be used for defensive purposes, such as our cybersecurity solutions) that is specified in the list of Goods and Dual-Use Technology annexed to the Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies, if intended for defense use only, or is specified under Israeli legislation. “Dual-use goods and technology” will be subject to control by the Ministry of Economy if intended for civilian use only. In December 2013, regulations under the Wassenaar Arrangement included for the first time a chapter on cyber-related matters. We believe that our products do not fall under this chapter; however, in the future we may become subject to this regulation or similar regulations, which would limit our sales and marketing activities and could therefore have an adverse effect on our results of operations. Similar issues could arise under the U.S. defense/military export controls under the Arms Export Control Act and the International Traffic in Arms Regulations.

Our use of third-party software and other intellectual property may expose us to risks.

Some of our products and services include software or other intellectual property licensed from third parties, and we otherwise use software and other intellectual property licensed from third parties in our business. This exposes us to risks over which we may have little or no control. For example, a licensor may have difficulties

 

24


Table of Contents

keeping up with technological changes or may stop supporting the software or other intellectual property that it licenses to us. There can be no assurance that the licenses we use will be available on acceptable terms, if at all. In addition, a third party may assert that we or our customers are in breach of the terms of a license, which could, among other things, give such third party the right to terminate a license or seek damages from us, or both. Our inability to obtain or maintain certain licenses or other rights or to obtain or maintain such licenses or rights on favorable terms, or the need to engage in litigation regarding these matters, could result in delays in releases of new products, and could otherwise disrupt our business, until equivalent technology can be identified, licensed or developed.

Our use of open source software could negatively affect our ability to sell our software and subject us to possible litigation.

We use open source software and expect to continue to use open source software in the future. Some open source software licenses require users who distribute or make available as a service open source software as part of their own software product to publicly disclose all or part of the source code of the users’ software product or to make available any derivative works of the open source code on unfavorable terms or at no cost. We may face ownership claims of third parties over, or seeking to enforce the license terms applicable to, such open source software, including by demanding the release of the open source software, derivative works or our proprietary source code that was developed using such software. These claims could also result in litigation, require us to purchase a costly license or require us to devote additional research and development resources to change our software, any of which would have a negative effect on our business and results of operations. In addition, if the license terms for the open source code change, we may be forced to re-engineer our software or incur additional costs.

Risks Related to Our Ordinary Shares and the Offering

Our share price may be volatile, and you may lose all or part of your investment.

Our ordinary shares were first offered publicly in our initial public offering in September 2014, at a price of $16.00 per share, and our ordinary shares have subsequently traded as high as $71.35 per share and as low as $22.12 per share through June 10, 2015. In addition, the market price of our ordinary shares could be highly volatile and may fluctuate substantially as a result of many factors, some of which are beyond our control, including, but not limited to:

 

    actual or anticipated fluctuations in our results of operations;

 

    variance in our financial performance from the expectations of market analysts;

 

    announcements by us or our competitors of significant business developments, changes in service provider relationships, acquisitions or expansion plans;

 

    changes in the prices of our products and services;

 

    our involvement in litigation;

 

    our sale of ordinary shares or other securities in the future;

 

    market conditions in our industry;

 

    changes in key personnel;

 

    the trading volume of our ordinary shares;

 

    changes in the estimation of the future size and growth rate of our markets;

 

    any merger and acquisition activities; and

 

    general economic and market conditions.

 

25


Table of Contents

In addition, the stock markets have experienced extreme price and volume fluctuations. Broad market and industry factors may materially harm the market price of our ordinary shares, regardless of our operating performance. In the past, following periods of volatility in the market price of a company’s securities, securities class action litigation has often been instituted against that company. If we were involved in any similar litigation we could incur substantial costs and our management’s attention and resources could be diverted.

If securities or industry analysts cease to publish research or publish inaccurate or unfavorable research reports about our business, our share price and trading volume could decline.

The trading price for our ordinary shares is affected by any research or reports that securities or industry analysts publish about us or our business. If one or more of the analysts who cover us or our business publish inaccurate or unfavorable research about us or our business, and in particular, if they downgrade their evaluations of our ordinary shares, the price of our ordinary shares would likely decline. If one or more of these analysts cease coverage of our company, we could lose visibility in the market for our ordinary shares, which in turn could cause our share price to decline.

A small number of significant beneficial owners of our shares will have a controlling influence over matters requiring shareholder approval, which could delay or prevent a change of control.

The largest beneficial owners of our shares, entities and individuals affiliated with Jerusalem Venture Partners and The Goldman Sachs Group, Inc., as of April 30, 2015, beneficially owned in the aggregate 44.3% of our ordinary shares and, after this offering, will beneficially own an aggregate of 34.1% of our ordinary shares, and, if the underwriters exercise in full their option to purchase additional shares, 32.5% of our ordinary shares. As a result, these shareholders individually could exert significant influence over our operations and business strategy and would have sufficient voting power to effectively control the outcome of matters requiring shareholder approval. These matters may include:

 

    the composition of our board of directors which has the authority to direct our business and to appoint and remove our officers;

 

    approving or rejecting a merger, consolidation or other business combination;

 

    raising future capital; and

 

    amending our articles of association which govern the rights attached to our ordinary shares.

This concentration of ownership of our ordinary shares could delay or prevent proxy contests, mergers, tender offers, open-market purchase programs or other purchases of our ordinary shares that might otherwise give you the opportunity to realize a premium over the then-prevailing market price of our ordinary shares. This concentration of ownership may also adversely affect our share price.

As a foreign private issuer whose shares are listed on the NASDAQ Stock Market, or NASDAQ, we may follow certain home country corporate governance practices instead of otherwise applicable SEC and NASDAQ requirements, which may result in less protection than is accorded to investors under rules applicable to domestic U.S. issuers.

As a foreign private issuer whose shares are listed on the NASDAQ Global Select Market, we are permitted to follow certain home country corporate governance practices instead of certain rules of NASDAQ. We currently follow Israeli home country practices solely with regard to the quorum requirement for shareholder meetings. As permitted under the Israeli Companies Law, or Companies Law, our articles of association provide that the quorum for any meeting of shareholders shall be the presence of at least two shareholders present in person, by proxy or by a voting instrument, who hold at least 25% of the voting power of our shares instead of 33 1/3% of our issued share capital. We may in the future elect to follow Israeli home country practices with regard to other matters such as the formation and composition of the nominating and corporate governance committee, separate executive sessions of independent directors and the requirement to obtain shareholder approval for

 

26


Table of Contents

certain dilutive events (such as for the establishment or amendment of certain equity-based compensation plans, issuances that will result in a change of control of the company, certain transactions other than a public offering involving issuances of a 20% or more interest in the company and certain acquisitions of the stock or assets of another company). Accordingly, our shareholders may not be afforded the same protection as provided under NASDAQ corporate governance rules. Following our home country governance practices as opposed to the requirements that would otherwise apply to a United States company listed on NASDAQ may provide less protection than is accorded to investors of domestic issuers. See “Management—Corporate Governance Practices.”

As a foreign private issuer we are not subject to the provisions of Regulation FD or U.S. proxy rules and are exempt from filing certain Exchange Act reports.

As a foreign private issuer, we are exempt from a number of requirements under U.S. securities laws that apply to public companies that are not foreign private issuers. In particular, we are exempt from the rules and regulations under the United States Securities Exchange Act of 1934, as amended, or the Exchange Act, related to the furnishing and content of proxy statements, and our officers, directors and principal shareholders are exempt from the reporting and short-swing profit recovery provisions contained in Section 16 of the Exchange Act. In addition, we are not required under the Exchange Act to file annual and current reports and financial statements with the Securities and Exchange Commission, or SEC, as frequently or as promptly as U.S. domestic companies whose securities are registered under the Exchange Act and we are generally exempt from filing quarterly reports with the SEC under the Exchange Act. We are also exempt from the provisions of Regulation FD, which prohibits issuers from making selective disclosure of material nonpublic information to, among others, broker-dealers and holders of a company’s securities under circumstances in which it is reasonably foreseeable that the holder will trade in the company’s securities on the basis of the information. Even though we intend to comply voluntarily with Regulation FD, these exemptions and leniencies will reduce the frequency and scope of information and protections to which you are entitled as an investor. For so long as we qualify as a foreign private issuer, we are not required to comply with the proxy rules applicable to U.S. domestic companies, although pursuant to the Companies Law, we disclose the annual compensation of our five most highly compensated office holders (as defined under the Companies Law) on an individual basis, including in this prospectus.

We would lose our foreign private issuer status if a majority of our directors or executive officers are U.S. citizens or residents and we fail to meet additional requirements necessary to avoid loss of foreign private issuer status. Although we have elected to comply with certain U.S. regulatory provisions, our loss of foreign private issuer status would make such provisions mandatory. The regulatory and compliance costs to us under U.S. securities laws as a U.S. domestic issuer may be significantly higher. If we are not a foreign private issuer, we will be required to file periodic reports and registration statements on U.S. domestic issuer forms with the SEC, which are more detailed and extensive than the forms available to a foreign private issuer. We would also be required to follow U.S. proxy disclosure requirements, including the requirement to disclose more detailed information about the compensation of our senior executive officers on an individual basis. We may also be required to modify certain of our policies to comply with good governance practices associated with U.S. domestic issuers. Such conversion and modifications will involve additional costs. In addition, we would lose our ability to rely upon exemptions from certain corporate governance requirements on U.S. stock exchanges that are available to foreign private issuers.

The market price of our ordinary shares could be negatively affected by future sales of our ordinary shares.

If our existing shareholders, particularly our largest shareholders, our directors, their affiliates, or our executive officers, sell a substantial number of our ordinary shares in the public market, the market price of our ordinary shares could decrease significantly. The perception in the public market that these shareholders might sell our ordinary shares could also depress the market price of our ordinary shares and could impair our future ability to obtain capital, especially through an offering of equity securities.

 

27


Table of Contents

The selling shareholders in this offering and The Goldman Sachs Group, Inc. have entered into lock-up agreements with the underwriters of this offering that restrict their ability to transfer our shares until 75 days after the date of this prospectus. In addition, Bridge Street 2011, L.P., MBD 2011 Holdings, L.P. and Bridge Street 2011 Offshore, L.P., each of which is affiliated with Goldman, Sachs & Co., have entered into lock-up agreements that restrict their ability to transfer our shares until 30 days after the date of the prospectus. We understand that these three entities intend to distribute all of the shares owned by them to current and former employees of Goldman, Sachs & Co. who own interests in those entities following the termination of such lock-up agreements. As a result, (i) commencing on July 10, 2015, 30 days after the date of the final prospectus related to this offering, 940,120 shares will become available for sale (and, if distributed as described above, would be freely tradable by non-affiliate recipients who are expected to constitute substantially all of the distributees) and (ii) commencing on August 24, 2015, 75 days after the final prospectus related to this offering, approximately 12.3 million shares will become available for sale (substantially all of which are expected to be subject to volume, manner of sale and other limitations).

Following this offering, the holders of approximately 11.1 million of our ordinary shares will be entitled to require that we register their shares under the Securities Act for resale into the public markets subject to any lock-up agreement that such holders have signed in connection with this offering. All shares sold pursuant to an offering covered by such registration statement will be freely transferable. See “Certain Relationships and Related Party Transactions—Registration Rights.” Sales by us or our shareholders of a substantial number of ordinary shares in the public market, or the perception that these sales might occur, could cause the market price of our ordinary shares to decline or could impair our ability to raise capital through a future sale of, or pay for acquisitions using, our equity securities.

Further, 5,144,755 ordinary shares are reserved for issuance under our equity incentive plans as of March 31, 2015. Shares issuable under our equity incentive plans have been registered on a Form S-8 registration statement and may be freely sold in the public market upon issuance, except for shares held by affiliates who have certain restrictions on their ability to sell.

Our U.S. shareholders may suffer adverse tax consequences if we are classified as a passive foreign investment company.

Generally, if for any taxable year 75% or more of our gross income is passive income, or at least 50% of the average quarterly value of our assets (which may be determined in part by the market value of our ordinary shares, which is subject to change) are held for the production of, or produce, passive income, we would be characterized as a passive foreign investment company, or PFIC, for U.S. federal income tax purposes. Our status as a PFIC may also depend on how quickly we use the cash proceeds from this offering in our business. Based on certain estimates of our gross income and gross assets, our receipt of the net proceeds of this offering, and the nature of our business, we do not expect that we will be classified as a PFIC for the taxable year ending December 31, 2015. There can be no assurance that we will not be considered a PFIC for any taxable year. If we are characterized as a PFIC, our U.S. shareholders may suffer adverse tax consequences, including having gains realized on the sale of our ordinary shares treated as ordinary income, rather than as capital gain, the loss of the preferential rate applicable to dividends received on our ordinary shares by individuals who are U.S. Holders (as defined in “U.S. and Israeli Tax Consequences for our Shareholders—United States Federal Income Tax Consequences”), and having interest charges apply to distributions by us and the proceeds of share sales. Certain elections exist that may alleviate some of the adverse consequences of PFIC status and would result in an alternative treatment (such as mark-to-market treatment) of our ordinary shares as described in further detail under “U.S. and Israeli Tax Consequences for our Shareholders—United States Federal Income Tax Consequences—Passive Foreign Investment Company Considerations.”

We have broad discretion over the use of proceeds we received in our initial public offering and will receive in this offering and may not apply the proceeds in ways that increase the value of your investment.

Our management has broad discretion in the application of the net proceeds from our initial public offering and this offering, the majority of which has not yet been spent, and, as a result, you must rely upon the judgment

 

28


Table of Contents

of our management with respect to the use of these proceeds. Our management may spend a portion or all of the net proceeds in ways that not all shareholders approve of or that may not yield a favorable return. The failure by our management to apply these funds effectively could harm our business. See “Use of Proceeds.”

Under Section 404 of the Sarbanes-Oxley Act and, as an emerging growth company, we are currently not required to obtain an auditor attestation regarding our internal control over financial reporting and we have therefore not yet determined whether our existing internal controls over financial reporting are effective.

We will not be required to comply with the internal control, evaluation and certification requirements of Section 404 of the Sarbanes-Oxley Act until we file our Annual Report on Form 20-F for the year ending December 31, 2015. However, because we expect to lose our status as an “emerging growth company” under the JOBS Act based on our current share price and beneficial ownership, we anticipate that we will be required to obtain an auditor attestation under Section 404 of the Sarbanes-Oxley Act in such Annual Report. We have recently commenced the process of determining whether our existing internal controls over financial reporting systems are compliant with Section 404.

The process of evaluating our internal control over financial reporting will require an investment of substantial time and resources, including by our Chief Financial Officer and other members of our senior management. As a result, this process may divert internal resources and take a significant amount of time and effort to complete. In addition, we cannot predict the outcome of this determination and whether we will need to implement remedial actions in order to implement effective control over financial reporting. The determination and any remedial actions required could result in us incurring additional costs that we did not anticipate. Irrespective of compliance with Section 404, any failure of our internal controls could have a material adverse effect on our stated results of operations and harm our reputation. As a result, we may experience higher than anticipated operating expenses, as well as higher independent auditor fees during and after the implementation of these changes. If we are unable to implement any of the required changes to our internal control over financial reporting effectively or efficiently or are required to do so earlier than anticipated, it could adversely affect our operations, financial reporting and/or results of operations and could result in an adverse opinion on internal controls from our independent auditors.

Risks Relating to Our Incorporation and Location in Israel

Our headquarters, research and development activities and other significant operations are located in Israel and, therefore, our results may be adversely affected by political, economic and military instability in Israel.

Our headquarters and principal research and development facilities are located in Israel. In addition, the majority of our key employees, officers and directors are residents of Israel. Accordingly, political, economic and military conditions in Israel may directly affect our business. Since the establishment of the State of Israel in 1948, a number of armed conflicts have taken place between Israel and its neighboring countries. In recent years, these have included hostilities between Israel and Hezbollah in Lebanon and Hamas in the Gaza strip, both of which resulted in rockets being fired into Israel causing casualties and disruption of economic activities. In addition, Israel faces threats from more distant neighbors, in particular, Iran. Our commercial insurance does not cover losses that may occur as a result of an event associated with the security situation in the Middle East. Although the Israeli government is currently committed to covering the reinstatement value of direct damages that are caused by terrorist attacks or acts of war, we cannot assure you that this government coverage will be maintained, or if maintained, will be sufficient to compensate us fully for damages incurred. Any losses or damages incurred by us could have a material adverse effect on our business. Any armed conflict involving Israel could adversely affect our operations and results of operations.

Further, our operations could be disrupted by the obligations of personnel to perform military service. As of March 31, 2015, we had 202 employees based in Israel, certain of which may be called upon to perform up to 54 days in each three year period (and in the case of non-officer commanders or officers, up to 70 or 84 days, respectively, in each three year period) of military reserve duty until they reach the age of 40 (and in some cases,

 

29


Table of Contents

depending on their specific military profession up to 45 or even 49 years of age) and, in certain emergency circumstances, may be called to immediate and unlimited active duty. Our operations could be disrupted by the absence of a significant number of employees related to military service, which could materially adversely affect our business and results of operations.

Several countries, principally in the Middle East, restrict doing business with Israel and Israeli companies, and additional countries may impose restrictions on doing business with Israel and Israeli companies whether as a result of hostilities in the region or otherwise. In addition, there have been increased efforts by activists to cause companies and consumers to boycott Israeli goods based on Israeli government policies. Such actions, particularly if they become more widespread, may adversely impact our ability to sell our products.

The tax benefits that are available to us require us to continue to meet various conditions and may be terminated or reduced in the future, which could increase our costs and taxes.

We were granted Approved Enterprise status under the Israeli Law for the Encouragement of Capital Investments, 1959, referred to as the Investment Law. We had elected the alternative benefits program, pursuant to which income derived from the Approved Enterprise program is tax-exempt for two years and enjoys a reduced tax rate of 10% to 25% for up to a total of eight years, subject to an adjustment based upon the foreign investors’ ownership. We were also eligible for certain tax benefits provided to Benefited Enterprises under the Investment Law. In March 2013, we notified the Israel Tax Authority that we apply the new tax regime under the Investment Law instead of our Approved Enterprise and Benefited Enterprise. We are eligible for certain tax benefits provided to Preferred Enterprises under the Investment Law. If we do not meet the conditions stipulated in the Investment Law, any tax benefits may be canceled and we may be required to refund the amount of the benefits, in whole or in part, including interest and CPI linkage. Further, in the future these tax benefits may be reduced or discontinued. If these tax benefits are reduced, cancelled or discontinued, our Israeli taxable income would be subject to regular Israeli corporate tax rates. The standard corporate tax rate for Israeli companies in 2013 was 25.0% and was increased to 26.5% for 2014 and thereafter. Additionally, if we increase our activities outside of Israel through acquisitions, for example, our expanded activities might not be eligible for inclusion in future Israeli tax benefit programs. See “Taxation and Israeli Government Programs Applicable to our Company—Law for the Encouragement of Capital Investments, 5719-1959.”

We may be required to pay monetary remuneration to employees who invented inventions during and as a consequence of their employment, even if the proprietary rights to such inventions have been assigned to us.

We enter into assignment-of-invention agreements with our employees pursuant to which such individuals agree to assign to us all rights to any inventions created in the scope of their employment or engagement with us. A significant portion of our intellectual property has been developed by our employees during the course of their employment by us. Under the Israeli Patent Law, 5727-1967, or the Patent Law, inventions conceived by an employee during the scope of his or her employment with a company are regarded as “service inventions,” which belong to the employer, absent a specific agreement between the employee and employer giving the employee service invention rights. The Patent Law also provides that if there is no such agreement between an employer and an employee, the Israeli Compensation and Royalties Committee, or the Committee, a body constituted under the Patent Law, shall determine whether the employee is entitled to remuneration for his or her inventions. Recent decisions by the Committee (which have been upheld by the Israeli Supreme Court on appeal) have created uncertainty in this area, as it held that employees may be entitled to remuneration for their service inventions despite having specifically waived any such rights. However, a recent decision by the Committee held that such right can be waived by the employee. The Committee further held that an explicit reference to the waived right is not necessary in every circumstance in order for the employee’s waiver of such right to be valid. Such waiver can be formalized in writing or orally or be implied by the actions of the parties in accordance with the rules of interpretation of Israeli contract law. Although our employees have agreed to assign to us service invention rights, we may face claims demanding remuneration in consideration for assigned inventions. As a consequence of such claims, we could be required to pay additional remuneration or royalties to our current and/or former employees, or be forced to litigate such claims, which could negatively affect our business.

 

30


Table of Contents

Provisions of Israeli law and our articles of association may delay, prevent or otherwise impede a merger with or an acquisition of us, even when the terms of such a transaction are favorable to us and our shareholders.

Israeli corporate law regulates mergers, requires tender offers for acquisitions of shares above specified thresholds, requires special approvals for transactions involving directors, officers or significant shareholders and regulates other matters that may be relevant to such types of transactions. For example, a tender offer for all of a company’s issued and outstanding shares can only be completed if the acquirer receives positive responses from the holders of at least 95% of the issued share capital. Completion of the tender offer also requires approval of a majority of the offerees that do not have a personal interest in the tender offer, unless at least 98% of the company’s outstanding shares are tendered. Furthermore, the shareholders, including those who indicated their acceptance of the tender offer (unless the acquirer stipulated in its tender offer that a shareholder that accepts the offer may not seek appraisal rights), may, at any time within six months following the completion of the tender

offer, petition an Israeli court to alter the consideration for the acquisition. See “Description of Share Capital—Acquisitions under Israeli Law” for additional information.

Our articles of association provide that our directors (other than external directors) are elected on a staggered basis, such that a potential acquirer cannot readily replace our entire board of directors at a single annual general shareholder meeting.

Furthermore, Israeli tax considerations may make potential transactions unappealing to us or to our shareholders whose country of residence does not have a tax treaty with Israel exempting such shareholders from Israeli tax. For example, Israeli tax law does not recognize tax-free share exchanges to the same extent as U.S. tax law. With respect to mergers involving an exchange of shares, Israeli tax law allows for tax deferral in certain circumstances but makes the deferral contingent on the fulfillment of a number of conditions, including, in some cases, a holding period of two years from the date of the transaction during which sales and dispositions of shares of the participating companies are subject to certain restrictions. Moreover, with respect to certain share swap transactions, the tax deferral is limited in time, and when such time expires, the tax becomes payable even if no disposition of the shares has occurred.

It may be difficult to enforce a judgment of a U.S. court against us, our officers and directors or the Israeli auditors named in this prospectus in Israel or the United States, to assert U.S. securities laws claims in Israel or to serve process on our officers and directors and these auditors.

We are incorporated in Israel. The majority of our directors and executive officers, and the Israeli auditors listed in this prospectus reside outside of the United States, and most of our assets and most of the assets of these persons are located outside of the United States. Therefore, a judgment obtained against us, or any of these persons, including a judgment based on the civil liability provisions of the U.S. federal securities laws, may not be collectible in the United States and may not be enforced by an Israeli court. It also may be difficult for you to effect service of process on these persons in the United States or to assert U.S. securities law claims in original actions instituted in Israel. Israeli courts may refuse to hear a claim based on an alleged violation of U.S. securities laws reasoning that Israel is not the most appropriate forum in which to bring such a claim. In addition, even if an Israeli court agrees to hear a claim, it may determine that Israeli law and not U.S. law is applicable to the claim. If U.S. law is found to be applicable, the content of applicable U.S. law must be proven as a fact by expert witnesses, which can be a time consuming and costly process. Certain matters of procedure will also be governed by Israeli law. There is little binding case law in Israel that addresses the matters described above. As a result of the difficulty associated with enforcing a judgment against us in Israel, you may not be able to collect any damages awarded by either a U.S. or foreign court. See “Enforceability of Civil Liabilities” for additional information on your ability to enforce a civil claim against us and our executive officers or directors named in this prospectus.

 

31


Table of Contents

Your rights and responsibilities as a shareholder are, and will continue to be, governed by Israeli law which differs in some material respects from the rights and responsibilities of shareholders of U.S. companies.

The rights and responsibilities of the holders of our ordinary shares are governed by our articles of association and by Israeli law. These rights and responsibilities differ in some material respects from the rights and responsibilities of shareholders in U.S.-based corporations. In particular, a shareholder of an Israeli company has a duty to act in good faith and in a customary manner in exercising its rights and performing its obligations towards the company and other shareholders, and to refrain from abusing its power in the company, including, among other things, in voting at a general meeting of shareholders on matters such as amendments to a company’s articles of association, increases in a company’s authorized share capital, mergers and acquisitions and related party transactions requiring shareholder approval. In addition, a shareholder who is aware that it possesses the power to determine the outcome of a shareholder vote or to appoint or prevent the appointment of a director or executive officer in the company has a duty of fairness toward the company. There is limited case law available to assist us in understanding the nature of this duty or the implications of these provisions. These provisions may be interpreted to impose additional obligations and liabilities on holders of our ordinary shares that are not typically imposed on shareholders of U.S. corporations.

 

32


Table of Contents

SPECIAL NOTE REGARDING FORWARD-LOOKING STATEMENTS

We make forward-looking statements in this prospectus that are subject to risks and uncertainties. These forward-looking statements include information about possible or assumed future results of our business, financial condition, results of operations, liquidity, plans and objectives. In some cases, you can identify forward-looking statements by terminology such as “believe,” “may,” “estimate,” “continue,” “anticipate,” “intend,” “should,” “plan,” “expect,” “predict,” “potential,” or the negative of these terms or other similar expressions. The statements we make regarding the following matters are forward-looking by their nature:

 

    our expectations regarding revenues generated by our hybrid sales model;

 

    our expectations regarding our operating and net profit margins;

 

    our expectations regarding significant drivers of our future growth;

 

    our plans to continue to invest in research and development to develop technology for both existing and new products;

 

    our plans to invest in sales and marketing efforts and expand our channel partnerships;

 

    our plans to hire additional new employees;

 

    our plans to leverage our global footprint in existing industry verticals to further expand our market share;

 

    our plans to pursue incremental sales by further expanding our customer success team;

 

    our expectations regarding our tax classifications; and

 

    our plans to pursue strategic acquisitions.

The preceding list is not intended to be an exhaustive list of all of our forward-looking statements. The forward-looking statements are based on our beliefs, assumptions and expectations of future performance, taking into account the information currently available to us. These statements are only predictions based upon our current expectations and projections about future events. There are important factors that could cause our actual results, levels of activity, performance or achievements to differ materially from the results, levels of activity, performance or achievements expressed or implied by the forward-looking statements. In particular, you should consider the risks provided under “Risk Factors” in this prospectus.

You should not rely upon forward-looking statements as predictions of future events. Although we believe that the expectations reflected in the forward-looking statements are reasonable, we cannot guarantee that future results, levels of activity, performance and events and circumstances reflected in the forward-looking statements will be achieved or will occur. Except as required by law, we undertake no obligation to update publicly any forward-looking statements for any reason after the date of this prospectus, to conform these statements to actual results or to changes in our expectations.

 

33


Table of Contents

MARKET AND INDUSTRY DATA

Unless otherwise indicated, information contained in this prospectus concerning our industry and the markets in which we operate, including our general expectations, market position, market opportunity and market size, is based on information from various sources, including Gartner, Inc. (Gartner), IDC, Mandiant (recently acquired by FireEye, Inc.) and Verizon Communications Inc. (Verizon), on assumptions that we have made that are based on those data and other similar sources and on our knowledge of the markets for our products and services. This information involves a number of assumptions and limitations, and you are cautioned not to give undue weight to such estimates. While we believe the market position, market opportunity and market size information included in this prospectus is generally reliable, such information is inherently imprecise. In addition, projections, assumptions and estimates of our future performance and the future performance of the industry in which we operate is necessarily subject to a high degree of uncertainty and risk due to a variety of factors, including those described in “Risk Factors” and elsewhere in this prospectus. These and other factors could cause results to differ materially from those expressed in the estimates made by the independent parties and by us.

The Gartner Report described herein, (the Gartner Report) represents data, research opinion or viewpoints published, as part of a syndicated subscription service, by Gartner, and are not representations of fact. The Gartner Report speaks as of its original publication date (and not as of the date of this prospectus) and the opinions expressed in the Gartner Report are subject to change without notice. The Gartner Report referenced is Market Guide for Endpoint Detection and Response Solutions, dated May 13, 2014.

 

34


Table of Contents

USE OF PROCEEDS

We estimate that the net proceeds to us from this offering will be approximately $52.0 million, after deducting the underwriting discount and estimated offering expenses.

We do not currently have specific plans or commitments with respect to the net proceeds from this offering and, accordingly, are unable to quantify the allocation of such proceeds among the various potential uses. We will have broad discretion in the way that we use the net proceeds of this offering.

We intend to use the net proceeds from this offering for general corporate purposes, including sales and marketing expenditures aimed at growing our business and research and development expenditures focused on product development. Although we have not allocated specific portions of the net proceeds to specific uses, we expect that a significant portion of such expenditures will relate to hiring additional sales and marketing and research and development personnel.

We may also use net proceeds from this offering to make acquisitions or investments in complementary companies or technologies. Consistent with our growth strategy, we are currently engaged in discussions, negotiations and diligence evaluations with respect to possible acquisitions, although we do not have any agreement or understanding with respect to any material acquisition or investment at this time.

We will not receive any of the proceeds from the sale of our ordinary shares by the selling shareholders.

 

35


Table of Contents

PRICE RANGE OF OUR ORDINARY SHARES

Our ordinary shares have been listed on NASDAQ under the symbol “CYBR” since September 24, 2014. The following table sets forth, for the periods indicated, the high and low sales prices of our ordinary shares as reported by the NASDAQ Global Select Market.

 

     Low      High  

Year ending December 31, 2015:

     

Second Quarter (through June 10, 2015)

   $ 51.16       $ 71.35   

First Quarter

     33.00         70.48   

Year ended December 31, 2014:

     

Fourth Quarter

     26.66         47.01   

Third Quarter (beginning September 24, 2014)

     22.12         35.88   

The closing sale price of our ordinary shares, as reported by the NASDAQ Global Select Market, on June 10, 2015, was $63.37 per ordinary share.

 

36


Table of Contents

DIVIDEND POLICY

We have never declared or paid any cash dividends on our ordinary shares. We do not anticipate paying any cash dividends in the foreseeable future. We currently intend to retain future earnings, if any, to finance operations and expand our business. Our board of directors has sole discretion whether to pay dividends. If our board of directors decides to pay dividends, the form, frequency and amount will depend upon our future operations and earnings, capital requirements and surplus, general financial condition, contractual restrictions and other factors that our directors may deem relevant. The distribution of dividends may also be limited by Israeli law, which permits the distribution of dividends only out of retained earnings or otherwise upon the permission of an Israeli court.

 

37


Table of Contents

CAPITALIZATION

The following table sets forth our cash, cash equivalents and short-term bank deposits, and total capitalization as of March 31, 2015, as follows:

 

    on an actual basis; and

 

    on an as adjusted basis to give effect to the issuance and sale of ordinary shares by us in this offering at the public offering price of $61.00 per share, after deducting underwriting discounts and commissions and estimated offering expenses payable by us.

You should read this information in conjunction with our consolidated financial statements and the related notes appearing at the end of this prospectus and the “Management’s Discussion and Analysis of Financial Condition and Results of Operations” section and other financial information contained in this prospectus.

 

    As of March 31, 2015  
    Actual     As Adjusted  
   

(in thousands, except share and per

share amounts)

 

Cash, cash equivalents and short-term bank deposits

  $ 191,668      $ 243,673   
 

 

 

   

 

 

 

Ordinary shares, par value NIS 0.01 per share; 250,000,000 shares authorized and 30,757,908 shares issued and outstanding

  80      82   

Additional paid-in capital

  135,713      188,658   

Accumulated other comprehensive loss

  (295   (295

Retained earnings

  24,942      24,371   
 

 

 

   

 

 

 

Total shareholders’ equity

  160,440      212,816   

Total capitalization

$ 352,108    $ 465,489   
 

 

 

   

 

 

 

The preceding table excludes, as of March 31, 2015, 5,144,755 ordinary shares reserved for issuance under our equity incentive plans, in respect of which we had outstanding options to purchase 4,338,682 ordinary shares at a weighted average exercise price of $2.93 per share and 43,040 unvested RSUs.

 

 

38


Table of Contents

DILUTION

If you invest in our ordinary shares in this offering, your ownership interest will be immediately diluted to the extent of the difference between the public offering price per share and the pro forma as adjusted net tangible book value per ordinary share after this offering. Our net tangible book value as of March 31, 2015 was $6.56 per ordinary share.

Consolidated net tangible book value per ordinary share was calculated by:

 

    subtracting our consolidated liabilities, except the deferred revenues balance, from our consolidated tangible assets; and

 

    dividing the difference by the number of ordinary shares outstanding.

Net tangible book value per ordinary share furthermore reflects the sale of ordinary shares that we are offering at the public offering price of $61.00 per share. After giving effect to adjustments relating to this offering, and after deducting underwriting discounts and commissions and estimated offering expenses payable by us, our net tangible book value on an adjusted basis as of March 31, 2015 would have been $254.1 million, equivalent to $8.03 per ordinary share. This amount represents an immediate increase in net tangible book value of $1.47 per ordinary share to our existing shareholders and an immediate decrease in net tangible book value of $52.97 per ordinary share to new investors purchasing ordinary shares in this offering. We determine dilution by subtracting the net tangible book value per share after this offering from the amount of cash that a new investor paid for an ordinary share.

The following table illustrates this dilution:

 

Public offering price per ordinary share

$ 61.00   

Net tangible book value per ordinary share as of March 31, 2015

$ 6.56   

Increase per ordinary share attributable to this offering

  1.47   
  

 

 

    

Net tangible book value per ordinary share immediately after this offering

  8.03   
     

 

 

 

Dilution per ordinary share to new investors in this offering

$ 52.97   

 

The following table summarizes, as of March 31, 2015, the differences between the number of shares purchased from us, the total consideration paid to us in cash and the average price per share that each current director, officer and affiliated shareholder paid during the past five years or that they would pay pursuant to the exercise of any currently exercisable rights to acquire shares, on the one hand, and that new investors are paying to us in this offering, on the other hand. The calculation below is based on the public offering price of $61.00 per share before deducting underwriting discounts and commissions and estimated offering expenses payable by us.

 

     Shares Purchased     Total Consideration     Average Price  
     Number      Percent     Amount      Percent     Per Share  

Directors, officers and affiliated shareholders

     4,027,584         81.7   $ 8,989,710         14.1   $ 2.23   

New investors

     900,000         18.3        54,900,000         85.9        61.00   
  

 

 

    

 

 

   

 

 

    

 

 

   

Total

  4,927,584      100.0   63,889,710      100.0

 

39


Table of Contents

SELECTED CONSOLIDATED FINANCIAL DATA

The following tables set forth our selected consolidated financial data. You should read the following selected consolidated financial data in conjunction with “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and our consolidated financial statements and related notes included elsewhere in this prospectus. Historical results are not necessarily indicative of the results that may be expected in the future. Our financial statements have been prepared in accordance with U.S. GAAP.

The selected consolidated statements of operations data for each of the years in the three-year period ended December 31, 2014 and the consolidated balance sheet data as of December 31, 2013 and 2014 are derived from our audited consolidated financial statements appearing elsewhere in this prospectus. The consolidated statements of operations data for the year ended December 31, 2011 and the consolidated balance sheet data as of December 31, 2011 and 2012 are derived from our audited consolidated financial statements that are not included in this prospectus. The selected consolidated statement of operations data for the three months ended March 31, 2014 and 2015 and the selected consolidated balance sheet data as of March 31, 2015 are derived from our unaudited interim consolidated financial statements presented elsewhere in this prospectus. In the opinion of management, these unaudited interim consolidated financial statements include all adjustments, consisting of normal recurring adjustments, necessary for a fair statement of our financial position and operating results for these periods. Results for interim periods are not necessarily indicative of the results that may be expected for the entire year.

 

    Year ended December 31,     Three months ended
March 31,
 
    2011     2012     2013     2014     2014     2015  
    (in thousands except share and per share data)  

Consolidated Statements of Operations:

           

Revenues:

           

License

  $ 21,125      $ 27,029      $ 38,907      $ 61,320      $ 9,120      $ 19,978   

Maintenance and professional services

    15,240        20,179        27,250        41,679        8,275        12,937   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Total revenues

    36,365        47,208        66,157        102,999        17,395        32,915   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Cost of revenues:

           

License

    899        1,002        1,216        2,654        628        550   

Maintenance and professional services

    4,517        5,922        7,860        12,053        2,425        3,707   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Total cost of revenues(1)

    5,416        6,924        9,076        14,707        3,053        4,257   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Gross profit

    30,949        40,284        57,081        88,292        14,342        28,658   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Operating expenses:

           

Research and development(1)

    6,272        7,273        10,404        14,400        3,237        4,117   

Sales and marketing(1)

    15,929        22,081        32,840        44,943        9,433        13,460   

General and administrative(1)

    3,077        3,297        4,758        8,495        1,481        3,578   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Total operating expenses

    25,278        32,651        48,002        67,838        14,151        21,155   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Operating income

    5,671        7,633        9,079        20,454        191        7,503   

Financial income (expenses), net

    (190     4        (1,124     (5,988     (1,356     (1,631
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Income (loss) before taxes on income

    5,481        7,637        7,955        14,466        (1,165     5,872   

Tax benefit (taxes on income)

    392        225        (1,320     (4,512     (83     (1,706
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Net income (loss)

  $ 5,873      $ 7,862      $ 6,635      $ 9,954      $ (1,248   $ 4,166   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Basic net income (loss) per ordinary share(2)

  $ 0.43      $ 0.51      $ 0.25      $ 0.46      $ (0.35   $ 0.14   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Diluted net income (loss) per ordinary share(2)

  $ 0.26      $ 0.31      $ 0.14      $ 0.34      $ (0.35   $ 0.12   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Weighted average number of ordinary shares used in computing basic net income (loss) per ordinary share(2)

    4,969,489        6,592,997        6,900,433        13,335,059        7,073,239        30,563,888   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Weighted average number of ordinary shares used in computing diluted net income (loss) per ordinary share(2)

    22,791,354        25,245,790        10,765,914        29,704,730        7,073,239        34,786,581   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

 

40


Table of Contents
     As of December 31,      As of March 31,  
     2011      2012      2013      2014      2015  
     (in thousands)  

Consolidated Balance Sheet Data:

              

Cash, cash equivalents and short-term bank deposits

   $ 33,353       $ 45,995       $ 65,368       $ 177,181       $ 191,668   

Deferred revenue, current and long term

     9,302         15,068         24,478         32,160         41,331   

Working capital(3)

     29,026         41,448         51,547         160,617         168,856   

Total assets

     47,654         64,379         89,632         210,552         222,060   

Preferred share warrant liability

     512         688         2,134         —           —     

Total shareholders’ equity

     30,290         38,494         45,846         155,008         160,440   

 

     Year ended December 31,      Three months ended
March 31,
 
     2011      2012      2013      2014      2014      2015  
     (in thousands)  

Supplemental Financial Data:

                 

Non-GAAP operating income(4)

   $ 7,347       $ 7,917       $ 9,482       $ 22,027       $ 347       $ 9,049   

Non-GAAP net income(4)

     7,728         8,322         8,484         15,836         304         5,712   

Net cash provided by operating activities

     9,376         13,657         20,159         23,840         8,898         14,869   

 

(1) Includes share-based compensation expense as follows:

 

     Year ended December 31,      Three months
ended March 31,
 
     2011      2012      2013      2014        2014          2015    
     (in thousands)  

Cost of revenues

   $ 70       $ 32       $ 39       $ 137       $ 20       $ 63   

Research and development

     481         58         73         172         30         82   

Sales and marketing

     432         81         126         347         42         139   

General and administrative

     693         113         165         917         64         181   
  

 

 

    

 

 

    

 

 

    

 

 

    

 

 

    

 

 

 

Total share-based compensation expenses

$ 1,676    $ 284    $ 403    $ 1,573    $ 156    $ 465   
  

 

 

    

 

 

    

 

 

    

 

 

    

 

 

    

 

 

 

 

(2) Basic and diluted net income (loss) per ordinary share is computed based on the weighted average number of ordinary shares outstanding during each period. For additional information, see note 10 to our consolidated financial statements included elsewhere in this prospectus.
(3) We define working capital as total current assets minus total current liabilities.

 

41


Table of Contents
(4) Non-GAAP operating income and non-GAAP net income are non-GAAP financial measures. We define non-GAAP operating income as operating income excluding share-based compensation expense and expenses related to our March 2015 public offering of ordinary shares by certain of our shareholders. We define non-GAAP net income as net income excluding (i) share-based compensation expense, (ii) expenses related to our March 2015 public offering of ordinary shares by certain of our shareholders and (iii) financial expenses resulting from the revaluation of warrants to purchase preferred shares. The following tables reconcile operating income and net income, the most directly comparable U.S. GAAP measure, to non-GAAP operating income and non-GAAP net income for the periods presented:

 

     Year ended December 31,      Three months
ended March 31,
 
     2011      2012      2013      2014      2014      2015  
     (in thousands)  

Reconciliation of Operating Income to Non-GAAP Operating Income:

                 

Operating income

   $ 5,671       $ 7,633       $ 9,079       $ 20,454       $ 191       $ 7,503   

Secondary offering related expenses

     —           —           —           —           —           1,081   

Share-based compensation

     1,676         284         403         1,573         156         465   
  

 

 

    

 

 

    

 

 

    

 

 

    

 

 

    

 

 

 

Non-GAAP operating income

$ 7,347    $ 7,917    $ 9,482    $ 22,027    $ 347    $ 9,049   
  

 

 

    

 

 

    

 

 

    

 

 

    

 

 

    

 

 

 

 

     Year ended December 31,      Three months
ended March 31,
 
     2011      2012      2013      2014      2014     2015  
     (in thousands)  

Reconciliation of Net Income (Loss) to Non-GAAP Net Income:

                

Net income (loss)

   $ 5,873       $ 7,862       $ 6,635       $ 9,954       $ (1,248   $ 4,166   

Secondary offering related expenses

     —           —           —           —           —          1,081   

Share-based compensation

     1,676         284         403         1,573         156        465   

Warrant adjustment

     179         176         1,446         4,309         1,396        —     
  

 

 

    

 

 

    

 

 

    

 

 

    

 

 

   

 

 

 

Non-GAAP net income

$ 7,728    $ 8,322    $ 8,484    $ 15,836    $ 304    $ 5,712   
  

 

 

    

 

 

    

 

 

    

 

 

    

 

 

   

 

 

 

For a description of how we use non-GAAP operating income and non-GAAP net income to evaluate our business, see “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Key Financial Metrics.” We believe that these non-GAAP financial measures are useful in evaluating our business because of varying available valuation methodologies, subjective assumptions and the variety of equity instruments that can impact a company’s non-cash expenses and we believe that providing non-GAAP operating income and non-GAAP net income that excludes share-based compensation expenses, expenses related to our March 2015 public offering of ordinary shares by certain of our shareholders and warrant awards allows for more meaningful comparisons between our operating results from period to period.

Other companies, including companies in our industry, may calculate non-GAAP operating and non-GAAP net income differently or not at all, which reduces their usefulness as a comparative measure. You should consider non-GAAP operating income and non-GAAP net income along with other financial performance measures, including operating income and net income, and our financial results presented in accordance with U.S. GAAP.

 

42


Table of Contents

MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS

The following discussion should be read in conjunction with our consolidated financial statements and the related notes included elsewhere in this prospectus. This discussion contains forward-looking statements that are subject to known and unknown risks and uncertainties. Actual results and the timing of events may differ significantly from those expressed or implied in such forward-looking statements due to a number of factors, including those set forth in the section entitled “Risk Factors” and elsewhere in this prospectus. You should read the following discussion in conjunction with “Special Note Regarding Forward-Looking Statements” and “Risk Factors.”

Overview

We are a global leader and pioneer of a new layer of IT security solutions that protects organizations from cyber attacks that have made their way inside the network perimeter to strike at the heart of the enterprise. Our software solution is focused on protecting privileged accounts, which have become a critical target in the lifecycle of today’s cyber attacks. Privileged accounts act as the “keys to the IT kingdom,” providing complete access to, and control of, all parts of IT infrastructure, industrial control systems and critical business data. In the hands of an external attacker or malicious insider, privileged accounts allow attackers to take control of and disrupt an organization’s IT and industrial control infrastructures, steal confidential information and commit financial fraud. Our comprehensive solution proactively protects privileged accounts, monitors privileged activity and detects malicious privileged behavior. Our customers use our innovative solution to introduce this new security layer to protect against, detect and respond to cyber attacks before they strike vital systems and compromise sensitive data.

We have a history of innovation. We started operations in 1999 with the vision of protecting high-value business data and pioneered our Digital Vault technology, which is the foundation of our platform. That same year, we began offering our first product, the Sensitive Information Management Solution (previously called the Sensitive Document Vault), which provides a secure platform through which our customers’ employees can share sensitive files. We believe our early innovation in vaulting technology enabled us to evolve into a company that provides a comprehensive security solution built for privileged accounts. In 2005, we introduced our Privileged Account Security Solution, which has become our leading offering and reflects our emphasis on protecting privileged accounts across an organization. Our Privileged Account Security Solution is built on our shared technology platform and consists of several products: Enterprise Password Vault, SSH Key Manager, Privileged Session Manager, Privileged Threat Analytics, Application Identity Manager and On-Demand Privileges Manager.

We derive our revenues from licensing our cybersecurity software, selling maintenance and support contracts, and providing professional services to the extent requested by customers. Our license revenues consist primarily of revenues from sales of our Privileged Account Security Solution. Our customers typically purchase one year and, to a lesser extent, three years, of maintenance and support in conjunction with their initial purchase of our products. Thereafter, they can renew such maintenance and support for additional one or three-year periods.

We seek to foster long-term relationships with our customers. We have a significant opportunity to generate additional revenue from our existing customers by helping them identify and address gaps in their current privileged account security strategy. Our platform provides our customers flexibility to initially deploy one or more of our products for a single use case and then expand usage over time to address more use cases, to add incremental licenses for more users or systems or to license additional products from our comprehensive platform. We measure the perpetual license maintenance renewal rate for our customers over a 12-month period, based on a dollar renewal rate of contracts expiring during that time period. Our perpetual license maintenance renewal rate is measured three months after the 12-month period ends to account for late renewals. Our renewal rate for each of the years ended December 31, 2012, 2013 and 2014 was over 90%. Our key strategies to maintain our renewal rate include focusing on the quality and reliability of our product updates and our technical support services.

 

43


Table of Contents

We sell our products directly and through a global network of channel partners, including distributors and resellers, who then sell to their end customers. In 2014, we generated approximately half of our revenues through sales made by our global network of channel partners, with the balance being generated through our direct sales force. We refer to end customers as our customers throughout this prospectus. We believe that our hybrid sales model, which combines the leverage of channel sales with the account control of direct sales, will continue to play an important role in the growth of our customer base. Our hybrid sales model has aided our global growth by allowing us to partner with local distributors while being able to use our direct sales team in locations where that approach is advantageous to our business.

We market and sell our solution to organizations in a variety of industries and geographies. As of March 31, 2015, we had approximately 1,850 customers, including approximately 40% of the Fortune 100 and approximately 18% of the Global 2000. We define a customer to include a distinct entity, division or business unit of a company. The growth of our business and our future success depend on our ability to expand our customer base and increase our sales to existing customers, which depend on many factors, including our ability to expand our sales force, introduce new products and grow our relationships with channel partners. While each of these areas presents significant opportunities for us, they also pose important challenges and risks that we must successfully address in order to sustain the growth of our business and improve our results of operations. Additionally, the IT security market in which we operate is characterized by intense competition, constant innovation and evolving security needs, each of which may impact our ability to grow our business.

We have experienced strong growth over the last several years, as evidenced by a compound annual growth rate in revenues of 47.7% from 2012 to 2014. We have also increased our number of employees and subcontractors from 239 as of December 31, 2012 to 487 as of March 31, 2015. We intend to continue to aggressively grow our business to meet the needs of our customers and to pursue opportunities in new and existing verticals, geographies and products. We intend to continue to invest in the development of our sales and marketing teams, with a particular focus on expanding our channel partnerships and solidifying relationships with existing customers. We also plan to continue to invest in research and development in order to continue to develop technology for both existing and new products.

During the years ended December 31, 2012, 2013 and 2014, our revenues were $47.2 million, $66.2 million and $103.0 million, respectively, representing year-over-year growth of 40.1% and 55.7% in 2013 and 2014, respectively, and with maintenance and professional services comprising over 40% of our revenues each year. Our net income for the years ended December 31, 2012, 2013 and 2014 was $7.9 million, $6.6 million and $10.0 million, respectively. For the three months ended March 31, 2014 and 2015, our revenues were $17.4 million and $32.9 million, respectively. Our net income for the three months ended March 31, 2015 was $4.2 million compared with a net loss of $1.2 million for the same period in 2014.

Key Financial Metrics

We monitor several key financial metrics to help us evaluate growth trends, establish budgets, measure the effectiveness of our sales and marketing efforts and assess operational efficiencies. The key financial metrics that we monitor are as follows:

 

     Year ended December 31,      Three months ended
March 31,
 
     2012      2013      2014      2014      2015  
     (in thousands)  

Revenues

   $ 47,208       $ 66,157       $ 102,999       $ 17,395       $ 32,915   

Non-GAAP operating income(1)

     7,917         9,482         22,027         347         9,049   

Non-GAAP net income(1)

     8,322         8,484         15,836         304         5,712   

Net cash provided by operating activities

     13,657         20,159         23,840         8,898         14,869   

Total deferred revenues

     15,068         24,478         32,160         32,395         41,331   

 

44


Table of Contents

 

(1) For a reconciliation of non-GAAP operating income to operating income and of non-GAAP net income to net income, the nearest comparable GAAP measures, see “Summary—Summary Consolidated Financial Data.”

Revenues. We derive our revenues from licensing our cybersecurity software, selling maintenance and support contracts, and providing professional services to the extent requested by customers. We review our revenues generally to assess the overall health of our business and our license revenues in particular to assess the adoption of our software and our growth in the markets we serve.

We consider our license revenues to be particularly important in assessing our results of operations because license fees, particularly from new customers, impact both our short-term and long-term revenues. New customers impact our revenues favorably in the short-term because we recognize substantially all license fees immediately upon delivery. New customers contribute significantly to our revenues in the long-term because the size of our maintenance and support contracts is directly related to our licenses revenues, but revenues from maintenance and support contracts are recognized on a straight-line basis over the term of the related contract. This fact, coupled with the high renewal rate for our maintenance and support contracts, means that a meaningful portion of the revenues we report each period are recognized from deferred revenues generated by maintenance and support contracts entered into during previous quarters.

The amount that a customer pays for a license can vary from a few thousand dollars to many millions of dollars depending on its scope. We generally license our products on a price per user or price per server basis; however, our license agreements with a small number of our largest customers do not contain any limit on the number of users or servers in recognition of the size of the overall agreement. We also license certain of our products based on the number of concurrent sessions monitored or endpoints secured. As a result, we do not track, and are unable to track, the amount of license revenues we generate on a per user or per server basis. We do, however, maintain internal price guidelines for different size transactions and, since our cost of license revenues is negligible, we generate incremental profit from every license. Although we are focused on growing our customer base, we also do not focus on the exact number of customers that we add in a given period because our revenues are also a function of the size of initial sales to new customers and the size of upsells to existing customers. We seek to grow the number of large transactions that we enter into because they better leverage our operating expense base, and particularly our sales and marketing expenses, and also generate larger maintenance and support contracts to drive future revenues and margins.

Because the size of our maintenance and support contracts is directly related to our licenses revenues and because the rates that we charge for professional services fluctuate very little, the drivers of changes in these sources of revenues have to date been volume-based. Historically, there has been little fluctuation in price when we renew a contract for maintenance and support or for professional services. While the demand for professional services is expected to increase as our customer and license base grows, we expect that our channel partners will increase the amount of such services that they provide. Therefore, while we expect an increase in the dollar amount of our professional services revenue, we do not expect our professional services revenues to increase materially as a percentage of total revenues.

See “—Components of Statements of Operations—Revenue” for more information.

Non-GAAP Operating Income and Non-GAAP Net Income. Non-GAAP operating income and non-GAAP net income are non-GAAP financial measures. We define non-GAAP operating income as operating income excluding share-based compensation expense. We define non-GAAP net income as net income excluding (i) share-based compensation expense, (ii) expenses related to our March 2015 public offering of ordinary shares by certain of our shareholders and (iii) financial expenses resulting from the revaluation of warrants to purchase preferred shares. Because of varying available valuation methodologies, subjective assumptions and the variety of equity instruments that can impact a company’s non-cash expense, we believe that providing non-GAAP financial measures that exclude non-cash share-based compensation expense and expenses related to our March 2015 public offering of ordinary shares by certain of our shareholders allow for more meaningful comparisons between our operating results from period to period. In addition, excluding financial expenses with

 

45


Table of Contents

respect to revaluation of warrants to purchase preferred shares allows for more meaningful comparison between our net income from period to period. As these warrants were exercised in connection with our initial public offering, they will no longer be revalued at each balance sheet date. Each of our non-GAAP financial measures is an important tool for financial and operational decision making and for evaluating our own operating results over different periods of time. In particular, these financial measures reflect our operating expenses, the largest of which is currently sales and marketing. Accordingly, we assess the effectiveness of our sales and marketing efforts in part by considering whether increases in such expenditures are reflected in increased revenues and increased non-GAAP operating income and non-GAAP net income. The material factors driving changes in these financial measures are discussed under the subheading “Revenues” within “—Comparison of Period to Period Results of Operations.”

Net Cash Provided by Operating Activities. We monitor net cash provided by operating activities as a measure of our overall business performance. Our net cash provided by operating activities is driven in large part by net income and from up-front payments for maintenance and support contracts and professional services. Monitoring net cash provided by operating activities enables us to analyze our financial performance as it includes our deferred revenues and removes the non-cash effects of certain items such as depreciation and share-based compensation expense, thereby allowing us to better understand and manage the cash needs of our business. Substantially all of the increase in our net cash provided by operating activities has been from growth in our net income (as adjusted for non-cash items) and in our deferred revenues. The material factors driving changes in our net income and our deferred revenues (which are driven by growth of our license revenues) are discussed under “—Comparison of Period to Period Results of Operations.”

Total Deferred Revenues. Our total deferred revenues consist of amounts that have been paid but that have not yet been recognized as revenues because they do not meet the applicable criteria. The substantial majority of our deferred revenues consist of the unrecognized portion of upfront payments associated with maintenance and support contracts and, to a lesser extent, professional services. The remaining balance of our deferred revenues consists of payments for licenses that could not yet be recognized. We monitor our total deferred revenues because it represents a significant portion of revenues to be recognized in future periods. Substantially all of the increase in our total deferred revenues has been from growth in our maintenance and support contracts which, in turn, is driven by growth of our license revenues. The material factors driving changes in our license revenues are discussed under “—Comparison of Period to Period Results of Operations.”

Components of Statements of Operations

Revenues

Our revenues are comprised of the following:

 

    License Revenues. License revenues are generated from sales of perpetual licenses for our cybersecurity software: Privileged Account Security Solution and Sensitive Information Management Solution.

 

    Privileged Account Security Solution—The substantial majority of our license revenues have been from sales of our Privileged Account Security Solution. Customers can purchase Enterprise Password Vault, SSH Key Manager, Privileged Session Manager, Privileged Threat Analytics, Application Identity Manager and On-Demand Privileges Manager. We license our Enterprise Password Vault to our customers based on the number of privileged account users. We offer customers the choice of licensing our Privileged Session Manager based on the number of devices secured or the number of concurrent sessions it monitors. We license our SSH Key Manager (introduced in late 2014), Application Identity Manager and On-Demand Privileges Manager to our customers based on the number of servers that each such product protects. We introduced our Privileged Threat Analytics product in late December 2013. We license our Privileged Threat Analytics to customers based on the number of protected endpoints, such as servers, desktops, databases or mobile devices.

 

46


Table of Contents
    Sensitive Information Management Solution—We generate additional license revenues through sales of our Sensitive Information Management Solution, our first product to market. Customers license the Sensitive Information Management Solution based on the permitted number of users of the software.

 

    Maintenance and Professional Services Revenues. Maintenance revenues are generated from maintenance and service contracts purchased by our customers in order to gain access to the latest software enhancements and updates on an ‘if and when available’ basis and to telephone and email technical support. We also offer professional services focused on both deployment and training our customers to fully leverage the use of our products.

Geographic Breakdown of Revenues

The United States is our biggest market, with the balance of our revenues generated from the EMEA region and the rest of the world, including North and South America (excluding the United States) as well as countries in the Asia Pacific region. The following table sets forth the geographic breakdown of our revenues by region for the periods indicated:

 

     Year ended December 31,     Three months ended March 31,  
     2012     2013     2014     2014     2015  
     ($ in thousand)  

United States

   $ 26,178         55.4   $ 32,041         48.4   $ 60,761         59.0   $ 10,300         59.2   $ 16,434         49.9

EMEA

     14,148         30.0        25,796         39.0        33,198         32.2        5,039         29.0        12,345         37.5   

Rest of World

     6,882         14.6        8,320         12.6        9,040         8.8        2,056         11.8        4,136         12.6   
  

 

 

    

 

 

   

 

 

    

 

 

   

 

 

    

 

 

   

 

 

    

 

 

   

 

 

    

 

 

 

Total revenues

$ 47,208      100.0 $ 66,157      100.0 $ 102,999      100.0 $ 17,395      100.0 $ 32,915      100.0
  

 

 

    

 

 

   

 

 

    

 

 

   

 

 

    

 

 

   

 

 

    

 

 

   

 

 

    

 

 

 

Cost of Revenues

Our total cost of revenues is comprised of the following:

 

    Cost of License Revenues. Cost of license revenues consists of shipping costs associated with delivery of our software and license payments to third-party software vendors. We expect the absolute cost of license revenues to increase as our license revenues increase.

 

    Cost of Maintenance and Professional Services Revenues. Cost of maintenance and professional services revenues is primarily comprised of personnel costs for our global customer support organization. Personnel costs associated with customer support consist of salaries, benefits, bonuses and share-based compensation. We expect the absolute cost of maintenance and professional services revenues to increase as our customer base grows and as we hire additional professional services and technical support personnel.

Gross Profit and Gross Margin

Gross profit is total revenues less total cost of revenues. Gross margin is gross profit expressed as a percentage of total revenues. Our gross margin has historically fluctuated slightly from period to period as a result of changes in the mix of license revenues and maintenance and professional services revenues and we expect this pattern to continue.

Operating Expenses

Our operating expenses are classified into three categories: research and development, sales and marketing and general and administrative. For each category, the largest component is personnel costs, which consists of salaries, employee benefits (including commissions and bonuses) and share-based compensation expense. Operating expenses also include allocated overhead costs for facilities and foreign currency hedging contracts

 

47


Table of Contents

gains and losses. Allocated costs for facilities primarily consist of rent, depreciation and office maintenance and utilities. Operating expenses are generally recognized as incurred. We expect personnel and all allocated costs to continue to increase in absolute dollars as we hire new employees and add facilities to continue to grow our business. We expect operating margins and operating income to decline in the near term compared to prior periods as we further increase our headcount to support the future growth of our business and incur public company expenses.

Research and Development. Research and development expenses consist primarily of personnel costs attributable to our research and development personnel and consultants as well as allocated overhead costs. We expense research and development expenses as incurred. We expect that our research and development expenses will continue to increase in absolute dollars and, in the near term, as a percentage of revenues as we increase our research and development headcount to further strengthen our technology platform and invest in the development of both existing and new products.

Sales and Marketing. Sales and marketing expenses are the largest component of our operating expenses and consist primarily of personnel costs, including variable compensation, as well as marketing and business development costs, product certifications, travel expenses and allocated overhead costs. We expect that sales and marketing expenses will continue to increase in absolute dollars and, in the near term, as a percentage of our revenues as we plan to expand our sales and marketing efforts globally. We expect sales and marketing expenses to be our largest category of operating expenses.

General and Administrative. General and administrative expenses consist primarily of personnel costs for our executive, finance, human resources, legal and administrative personnel. General and administrative expenses also include external legal, accounting and other professional service fees. We expect that general and administrative expense will increase in absolute dollars and, in the near term, as a percentage of revenues as we grow and expand our operations and operate as a public company, including higher legal, corporate insurance, investor relations and accounting expenses, and the additional costs of achieving and maintaining compliance with the Sarbanes-Oxley Act and related regulations.

Financial Income (Expenses), Net

Financial income (expenses), net consists of interest income, foreign currency exchange gains or losses and warrant liability expenses. Interest income consists of interest earned on our cash, cash equivalents and short-term bank deposits. We expect interest income to vary depending on our average investment balances and market interest rates during each reporting period. Foreign currency exchange changes reflect gains or losses related to transactions denominated in currencies other than the U.S. dollar. Warrant liability changes relate to our preferred share warrants. Our preferred share warrants are classified as a liability on our consolidated balance sheets and, as such, are remeasured to fair value each period with a corresponding expense from the adjustment recorded as financial income (expenses), net. Immediately prior to the completion of our initial public offering, all of our preferred share warrants were exercised and, accordingly, we no longer record any financial expenses in respect of them on our statement of operations. As of the most recent reporting period, we did not have any indebtedness for borrowed amounts.

Taxes on Income

The standard corporate tax rate in Israel for 2014 and thereafter is 26.5% and was 25.0% for 2012 and 2013.

As discussed in greater detail below under “Taxation and Israeli Government Programs Applicable to our Company,” we have received various tax benefits under the Investment Law. Under the Investment Law, our effective tax rate to be paid with respect to our Israeli taxable income under these benefits programs is 16.0%.

Under the Investment Law and other Israeli legislation, we are entitled to certain additional tax benefits, including accelerated depreciation and amortization rates for tax purposes on certain assets, deduction of public offering expenses in three equal annual installments.

 

48


Table of Contents

Our non-Israeli subsidiaries are taxed according to the tax laws in their respective jurisdictions of organization. Due to our multi-jurisdictional operations, we apply significant judgment to determine our consolidated income tax position.

Comparison of Period to Period Results of Operations

The following tables set forth our results of operations in dollars and as a percentage of revenues for the periods indicated:

 

    Year ended December 31,     Three months ended March 31,  
    2012     2013     2014     2014     2015  
    Amount     % of
Revenues
    Amount     % of
Revenues
    Amount     % of
Revenues
    Amount     % of
Revenues
    Amount     % of
Revenues
 
    (in thousands, except for %)  

Revenues:

                   

License

  $ 27,029        57.3   $ 38,907        58.8   $ 61,320        59.5   $ 9,120        52.4   $ 19,978        60.7

Maintenance and professional services

    20,179        42.7        27,250        41.2        41,679        40.5        8,275        47.6        12,937        39.3   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Total revenues

    47,208        100.0        66,157        100.0        102,999        100.0        17,395        100.0        32,915        100.0   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Cost of revenues:

                   

License

    1,002        2.1        1,216        1.8        2,654        2.6        628        3.6        550        1.7   

Maintenance and professional services

    5,922        12.6        7,860        11.9        12,053        11.7        2,425        14.0        3,707        11.2   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Total cost of revenues

    6,924        14.7        9,076        13.7        14,707        14.3        3,053        17.6        4,257        12.9   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Gross profit

    40,284        85.3        57,081        86.3        88,292        85.7        14,342        82.4        28,658        87.1   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Operating expenses:

                   

Research and development

    7,273        15.4        10,404        15.7        14,400        14.0        3,237        18.6        4,117        12.5   

Sales and marketing

    22,081        46.7        32,840        49.7        44,943        43.6        9,433        54.2        13,460        40.9   

General and administrative

    3,297        7.0        4,758        7.2        8,495        8.2        1,481        8.5        3,578        10.9   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Total operating expenses

    32,651        69.1        48,002        72.6        67,838        65.8        14,151        81.3        21,155        64.3   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Operating income

    7,633        16.2        9,079        13.7        20,454        19.9        191        1.1        7,503        22.8   

Financial income (expenses), net

    4        0.0        (1,124     (1.7     (5,988     (5.8     (1,356     (7.8     (1,631     (5.0
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Income (loss) before taxes on income

    7,637        16.2        7,955        12.0        14,466        14.1        (1,165     (6.7     5,872        17.8   

Tax benefit (taxes on income)

    225        0.5        (1,320     (2.0     (4,512     (4.4     (83     (0.5     (1,706     (5.1
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Net income (loss)

  $ 7,862        16.7   $ 6,635        10.0   $ 9,954        9.7   $ (1,248     (7.2 )%    $ 4,166        12.7
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Three Months Ended March 31, 2014 Compared to Three Months Ended March 31, 2015

Revenues

 

     Three months ended March 31,               
     2014     2015     Change  
     Amount      % of
Revenues
    Amount      % of
Revenues
    Amount      %  
     ($ in thousands)  

Revenues:

               

License

   $ 9,120         52.4   $ 19,978         60.7   $ 10,858         119.1

Maintenance and professional services

     8,275         47.6        12,937         39.3        4,662         56.3   
  

 

 

    

 

 

   

 

 

    

 

 

   

 

 

    

 

 

 

Total revenues

$ 17,395      100.0 $ 32,915      100.0 $ 15,520      89.2
  

 

 

    

 

 

   

 

 

    

 

 

   

 

 

    

 

 

 

Revenues increased by $15.5 million, or 89.2%, from $17.4 million in the three months ended March 31, 2014 to $32.9 million in the same period in 2015. This growth was most pronounced in the EMEA region

 

49


Table of Contents

where revenues increased by $7.3 million compared to increases of $6.1 million in the United States and $2.1 million in the rest of the world. The significant increase in revenues from the EMEA region was primarily the result of three large transactions that together accounted for $3.7 million. We have increased our number of customers from approximately 1,500 as of March 31, 2014 to approximately 1,850 as of March 31, 2015.

License revenues increased by $10.9 million, or 119.1%, from $9.1 million in the three months ended March 31, 2014 to $20.0 million in the same period in 2015. In the three months ended March 31, 2015, approximately 28% of license revenues were generated from sales to customers from whom we had generated revenues before this period. Substantially all of the license revenue growth resulted from increased sales of our Privileged Account Security Solution, driven by demand for our Enterprise Password Vault, our Privileged Session Manager and our Application Identity Manager.

Maintenance and professional services revenues increased by $4.6 million, or 56.3%, from $8.3 million in the three months ended March 31, 2014 to $12.9 million in the same period in 2015. Maintenance revenues increased by $3.0 million from $7.0 million in the three months ended March 31, 2014 to $10.0 million in the same period in 2015, with renewals accounting for approximately $2.0 million and initial maintenance contracts for approximately $1.0 million, respectively, of this increase. Professional services revenues increased by $1.6 million from $1.3 million in the three months ended March 31, 2014 to $2.9 million in the same period in 2015 due to the provision of more services to customers.

Costs of Revenues and Gross Profit

 

     Three months ended March 31,              
     2014     2015     Change  
     Amount      % of
Revenues
    Amount      % of
Revenues
    Amount     %  
     ($ in thousands)  

Cost of revenues:

              

License

   $ 628         3.6   $ 550         1.7   $ (78     (12.4 )% 

Maintenance and professional services

     2,425         14.0        3,707         11.2        1,282        52.9   
  

 

 

    

 

 

   

 

 

    

 

 

   

 

 

   

 

 

 

Total cost of revenues

  3,053      17.6      4,257      12.9      1,204      39.4   
  

 

 

    

 

 

   

 

 

    

 

 

   

 

 

   

 

 

 

Gross profit

$ 14,342      82.4 $ 28,658      87.1 $ 14,316      99.8
  

 

 

    

 

 

   

 

 

    

 

 

   

 

 

   

 

 

 

Cost of license revenues decreased by $0.1 million, or 12.4%, from $0.6 million in the three months ended March 31, 2014 to $0.5 million in the same period in 2015. The decrease in cost of license revenues was driven primarily by a decrease in license related fees.

Cost of maintenance and professional services revenues increased by $1.3 million, or 52.9%, from $2.4 million in the three months ended March 31, 2014 to $3.7 million in the same period in 2015. The increase in cost of maintenance and professional services revenues was driven primarily by a $1.1 million increase in personnel costs and related expenses as our technical support and professional services headcount grew from 68 as of March 31, 2014 to 91 as of March 31, 2015.

Gross profit increased by $14.3 million, or 99.8%, from $14.3 million in three months ended March 31, 2014 to $28.7 million in the same period in 2015. Gross margins increased from 82.4% to 87.1% during the same period. This increase was due to an increase in sales of licenses.

 

50


Table of Contents

Operating Expenses

 

     Three months ended March 31,               
     2014     2015     Change  
     Amount      % of
Revenues
    Amount      % of
Revenues
    Amount      % of
Revenues
 
     ($ in thousands)  

Operating expenses

               

Research and development

   $ 3,237         18.6   $ 4,117         12.5   $ 880         27.2

Sales and marketing

     9,433         54.2        13,460         40.9        4,027         42.7   

General and administrative

     1,481         8.5        3,578         10.9        2,097         141.6   
  

 

 

    

 

 

   

 

 

    

 

 

   

 

 

    

 

 

 

Total operating expenses

$ 14,151      81.3 $ 21,155      64.3 $ 7,004      49.5
  

 

 

    

 

 

   

 

 

    

 

 

   

 

 

    

 

 

 

Research and Development. Research and development expenses increased by $0.9 million, or 27.2%, from $3.2 million in the three months ended March 31, 2014 to $4.1 million in the same period in 2015. This increase was primarily attributable to a $0.8 million increase in personal costs and related expenses as we increased our research and development team headcount from 105 as of March 31, 2014 to 126 as of March 31, 2015 to support continued investment in our future product and service offerings.

Sales and Marketing. Sales and marketing expenses increased by $4.1 million, or 42.7%, from $9.4 million in the three months ended March 31, 2014 to $13.5 million in the same period in 2015. This increase was attributable to a $2.9 million increase in expenses for personnel costs and related expenses due to increased headcount in all regions to expand our sales and marketing organization coupled with a $0.6 million increase in expenses related to our sales and marketing events and a $0.2 million increase in travel and related expenses. Our sales and marketing headcount grew from 163 as of March 31, 2014 to 231 as of March 31, 2015. The remainder of the increase is attributable to increased costs related to facilities and overhead allocation.

General and Administrative. General and administrative expenses increased by $2.1 million, or 141.6%, from $1.5 million in the three months ended March 31, 2014 to $3.6 million in the same period in 2015. This increase was primarily attributable to an increase of $1.4 million in legal and accounting fees mainly related to the March 2015 public offering of ordinary shares by certain of our shareholders, coupled with $0.3 million in payroll expenses, including variable compensation to executive management, and due to increased headcount.

Financial Expenses, Net. Financial expenses for the three months ended March 31, 2014 were $1.4 million. For the same period in 2015, financial expenses were $1.6 million. This change resulted primarily from exchange rate fluctuations, offset by warrant remeasurement expenses.

Taxes on Income. Taxes on income increased by $1.6 million from $0.1 million in the three months ended March 31, 2014 to $1.7 million for the three months ended March 31, 2015. This change was attributable to the increase in pre-tax income.

Year Ended December 31, 2013 Compared to Year Ended December 31, 2014

Revenues

 

     Year ended December 31,               
     2013     2014     Change  
     Amount      % of
Revenues
    Amount      % of
Revenues
    Amount      %  
     ($ in thousands)  

Revenues:

               

License

   $ 38,907         58.8   $ 61,320         59.5   $ 22,413         57.6

Maintenance and professional services

     27,250         41.2        41,679         40.5        14,429         53.0   
  

 

 

    

 

 

   

 

 

    

 

 

   

 

 

    

 

 

 

Total revenues

$ 66,157      100.0 $ 102,999      100.0 $ 36,842      55.7
  

 

 

    

 

 

   

 

 

    

 

 

   

 

 

    

 

 

 

 

51


Table of Contents

Revenues increased by $36.8 million, or 55.7%, from $66.2 million in 2013 to $103.0 million in 2014. This increase was due to increased sales volume of our solution. This increase was also driven by growth in both our license revenues and our maintenance and professional services revenue. This growth was most pronounced in the United States where revenues increased by $28.7 million compared to increases of $7.4 million in the EMEA region and $0.7 million in the rest of the world. The significant increase in revenues from the United States primarily resulted from eight large transactions of greater than $1.0 million each that together accounted for $14.9 million. Multiple large transactions or even a single large transaction in a specific period could continue to materially impact relative growth rates among our different regions for a particular period. We increased our number of customers from approximately 1,500 as of December 31, 2013 to approximately 1,800 as of December 31, 2014.

License revenues increased by $22.4 million, or 57.6%, from $38.9 million in 2013 to $61.3 million in 2014. In 2014, approximately 40% of license revenues were generated from sales to customers from whom we had generated revenues before this period. Substantially all of the license revenue growth resulted from increased sales of our Privileged Account Security Solution, driven by increased demand for our Enterprise Password Vault, Privileged Session Manager and our Application Identity Manager.

Maintenance and professional services revenues increased by $14.4 million, or 53.0%, from $27.3 million in 2013 to $41.7 million in 2014. Maintenance revenues increased by $10.8 million from $22.3 million in 2013 to $33.1 million in 2014, with renewals accounting for approximately $5.9 million and initial maintenance contracts for approximately $4.9 million, respectively, of this increase. Professional services revenues increased by $3.6 million from $5.0 million in 2013 to $8.6 million in 2014 due to the provision of more services to customers.

Cost of Revenues and Gross Profit

 

     Year ended December 31,     Change  
     2013     2014    
     Amount      % of
Revenues
    Amount      % of
Revenues
    Amount      %  
     ($ in thousands)  

Cost of revenues:

               

License

   $ 1,216         1.8   $ 2,654         2.6   $ 1,438         118.3

Maintenance and professional services

     7,860         11.9        12,053         11.7        4,193         53.3   
  

 

 

    

 

 

   

 

 

    

 

 

   

 

 

    

 

 

 

Total cost of revenues

$ 9,076      13.7 $ 14,707      14.3 $ 5,631      62.0
  

 

 

    

 

 

   

 

 

    

 

 

   

 

 

    

 

 

 

Gross profit

$ 57,081      86.3 $ 88,292      85.7 $ 31,211      54.7
  

 

 

    

 

 

   

 

 

    

 

 

   

 

 

    

 

 

 

Cost of license revenues increased by $1.4 million, or 118.3%, from $1.2 million in 2013 to $2.6 million in 2014. The increase in cost of license revenues was driven primarily by an increase in license revenues.

Cost of maintenance and professional services revenues increased by $4.2 million, or 53.3%, from $7.9 million in 2013 to $12.1 million in 2014. The increase in cost of maintenance and professional services revenues was driven primarily by a $3.5 million increase in personnel costs and related expenses as our technical support and professional services headcount grew from 60 at the end of 2013 to 76 at the end of 2014.

Gross profit increased by $31.2 million, or 54.7%, from $57.1 million in 2013 to $88.3 million in 2014. Gross margins decreased from 86.3% in 2013 to 85.7% in 2014. This decrease was driven by increase in costs associated with sales of licenses.

 

52


Table of Contents

Operating Expenses

 

     Year ended December 31,     Change  
     2013     2014    
     Amount      % of
Revenues
    Amount      % of
Revenues
    Amount      %  
     ($ in thousands)  

Operating expenses:

               

Research and development

   $ 10,404         15.7   $ 14,400         14.0   $ 3,996         38.4

Sales and marketing

     32,840         49.7        44,943         43.6        12,103         36.9   

General and administrative

     4,758         7.2        8,495         8.2        3,737         78.5   
  

 

 

    

 

 

   

 

 

    

 

 

   

 

 

    

 

 

 

Total operating expenses

$ 48,002      72.6 $ 67,838      65.8 $ 19,836      41.3
  

 

 

    

 

 

   

 

 

    

 

 

   

 

 

    

 

 

 

Research and Development. Research and development expenses increased by $4.0 million, or 38.4%, from $10.4 million in 2013 to $14.4 million in 2014. This increase was primarily attributable to a $3.6 million increase in personnel costs and related expenses as we increased our research and development team headcount from 95 at the end of 2013 to 119 at the end of 2014 to support continued investment in our future product and service offerings. The increase was also attributable to a $0.4 million increase related to allocated overhead costs.

Sales and Marketing. Sales and marketing expenses increased by $12.1 million, or 36.9%, from $32.8 million in 2013 to $44.9 million in 2014. This increase was primarily attributable to a $9.8 million increase in expenses for salaries and related expenses due to increased headcount in all regions to expand our sales and marketing organization coupled with a $0.8 million increase in expenses related to our marketing programs and a $0.8 million increase in travel and related expenses. Our sales and marketing headcount grew from 135 at the end of 2013 to 202 at the end of 2014. The remainder of the increase is attributable to increased costs related to facilities and overhead allocation.

General and Administrative. General and administrative expenses increased by $3.7 million, or 78.5%, from $4.8 million in 2013 to $8.5 million in 2014. This increase was primarily attributable to an increase of $1.8 million in payroll expenses, including variable compensation to executive management, and due to increased headcount coupled with a $1.9 million increase in other expenses such as legal, accounting, facilities, directors’ fees, travel expenses and share incentive compensation expenses, and other administrative expenses.

Financial Expenses, Net. Financial expenses increased by $4.9 million from $1.1 million in 2013 to $6.0 million in 2014. This increase resulted primarily from expenses associated with the revaluation of fair value of warrants to purchase series B3 preferred shares of $2.9 million coupled with losses of $2.0 million due to exchange rate fluctuations.

Taxes on Income. Taxes on income increased from $1.3 million in 2013 to $4.5 million in 2014. This increase was attributable to an increase of $1.4 million in tax expenses in Israel and an increase of $1.8 million in tax expenses in foreign locations, mainly the United States.

Year Ended December 31, 2012 Compared to Year Ended December 31, 2013

Revenues

 

     Year ended December 31,     Change  
     2012     2013    
     Amount      % of
Revenues
    Amount      % of
Revenues
    Amount      %  
     ($ in thousands)  

Revenues:

               

License

   $ 27,029         57.3   $ 38,907         58.8   $ 11,878         43.9

Maintenance and professional services

     20,179         42.7        27,250         41.2        7,071         35.0   
  

 

 

    

 

 

   

 

 

    

 

 

   

 

 

    

 

 

 

Total revenues

$ 47,208      100.0 $ 66,157      100.0 $ 18,949      40.1
  

 

 

    

 

 

   

 

 

    

 

 

   

 

 

    

 

 

 

 

53


Table of Contents

Revenues increased by $19.0 million, or 40.1%, from $47.2 million in 2012 to $66.2 million in 2013. This increase was due to increased sales volume of our solution. This increase was also driven by growth in both our license revenues and our maintenance and professional services revenue. This growth was most pronounced in the EMEA region where revenues increased by $11.7 million compared to increases of $5.9 million in the United States and $1.4 million in the rest of the world. The significant increases in the EMEA region primarily resulted from three large transactions of greater than $1.0 million each with new customers that together accounted for $5.1 million of the increased revenue. Multiple large transactions or even a single large transaction in a specific period could continue to materially impact relative growth rates among our different regions for a particular period. We increased our number of customers from approximately 1,200 as of December 31, 2012 to approximately 1,500 as of December 31, 2013.

License revenues increased by $11.9 million, or 43.9%, from $27.0 million in 2012 to $38.9 million in 2013. In 2013, approximately 32% of license revenues were generated from sales to customers from whom we had generated revenues before this period. Substantially all of the license revenue growth resulted from increased sales of our Privileged Account Security Solution, driven by demand for our Privileged Session Manager and our Application Identity Manager.

Maintenance and professional services revenues increased by $7.1 million, or 35.0%, from $20.2 million in 2012 to $27.3 million in 2013. Maintenance revenues increased by $6.0 million from $16.3 million in 2012 to $22.3 million in 2013, with renewals accounting for approximately $4.2 million and initial maintenance contracts for approximately $1.8 million, respectively, of this increase. Professional services revenues increased by $1.1 million from $3.9 million in 2012 to $5.0 million in 2013 due to the provision of more services to customers.

Cost of Revenues and Gross Profit

 

     Year ended December 31,        
     2012     2013     Change  
     Amount      % of
Revenues
    Amount      % of
Revenues
    Amount      %  
     ($ in thousands)  

Cost of revenues:

               

License

   $ 1,002         2.1   $ 1,216         1.8   $ 214         21.4

Maintenance and professional services

     5,922         12.6        7,860         11.9        1,938         32.7   
  

 

 

    

 

 

   

 

 

    

 

 

   

 

 

    

 

 

 

Total cost of revenues

$ 6,924      14.7 $ 9,076      13.7 $ 2,152      31.1
  

 

 

    

 

 

   

 

 

    

 

 

   

 

 

    

 

 

 

Gross profit

$ 40,284      85.3 $ 57,081      86.3 $ 16,797      41.7
  

 

 

    

 

 

   

 

 

    

 

 

   

 

 

    

 

 

 

Cost of license revenues increased by $0.2 million, or 21.4%, from $1.0 million in 2012 to $1.2 million in 2013. The increase in cost of license revenues was driven primarily by an increase in license revenues.

Cost of maintenance and professional services revenues increased by $2.0 million, or 32.7%, from $5.9 million in 2012 to $7.9 million in 2013. The increase in cost of maintenance and professional services revenue was driven primarily by a $1.7 million increase in personnel costs and related expenses as our technical support and professional services headcount grew from 47 at the end of 2012 to 60 at the end of 2013.

Gross profit increased by $16.8 million, or 41.7%, from $40.3 million in 2012 to $57.1 million in 2013. Gross margins increased from 85.3% in 2012 to 86.3% in 2013. This increase was driven by our revenue growth outpacing the growth of our cost of revenues.

 

54


Table of Contents

Operating Expenses

 

     Year ended December 31,     Change  
     2012     2013    
     Amount      % of
Revenues
    Amount      % of
Revenues
    Amount      %  
     ($ in thousands)  

Operating expenses:

               

Research and development

   $ 7,273         15.4   $ 10,404         15.7   $ 3,131         43.0

Sales and marketing

     22,081         46.7        32,840         49.7        10,759         48.7   

General and administrative

     3,297         7.0        4,758         7.2        1,461         44.3   
  

 

 

    

 

 

   

 

 

    

 

 

   

 

 

    

 

 

 

Total operating expenses

$ 32,651      69.1 $ 48,002      72.6 $ 15,351      47.0
  

 

 

    

 

 

   

 

 

    

 

 

   

 

 

    

 

 

 

Research and Development. Research and development expenses increased by $3.1 million, or 43.0%, from $7.3 million in 2012 to $10.4 million in 2013. This increase was primarily attributable to a $2.6 million increase in personnel costs and related expenses as we increased our research and development team headcount from 70 at the end of 2012 to 95 at the end of 2013 to support continued investment in our future product and service offerings. The increase was also attributable to a $0.4 million increase related to allocated overhead costs.

Sales and Marketing. Sales and marketing expenses increased by $10.7 million, or 48.7%, from $22.1 million in 2012 to $32.8 million in 2013. This increase was attributable to an $8.0 million increase in expenses for salaries and related expenses due to increased headcount in all regions to expand our sales and marketing organization coupled with a $1.4 million increase in expenses related to our marketing programs and a $0.8 million increase in travel and related expenses. Our sales and marketing headcount grew from 100 at the end of 2012 to 135 at the end of 2013. The remainder of the increase is attributable to increased investment in marketing programs.

General and Administrative. General and administrative expenses increased by $1.5 million, or 44.3%, from $3.3 million in 2012 to $4.8 million in 2013. This increase was primarily attributable to an increase of $1.2 million in payroll expenses, including variable compensation to executive management, and due to increased headcount coupled with a $0.2 million increase in other expenses such as legal, facilities and other administrative expenses.

Financial Income (Expenses), Net. In 2012, financial income (expenses), net, was zero. In 2013, we had financial expenses, net, of $1.1 million. This change resulted primarily from an increase of $1.4 million in expenses associated with the measurement of fair value of warrants to purchase series B3 preferred shares, partially offset by a gain of $0.3 million due to exchange rate fluctuations.

Taxes on Income. Taxes on income increased from a tax benefit of $0.2 million in 2012 to tax expenses of $1.3 million in 2013. This increase was attributable to an increase of $1.8 million in tax expenses in Israel offset by a decrease of $0.3 million in the United States.

Quarterly Results of Operations and Seasonality

The following tables present our unaudited condensed consolidated quarterly results of operations in dollars and as a percentage of revenues for the periods indicated. This information should be read in conjunction with our audited consolidated financial statements and related notes included elsewhere in this prospectus. The historical quarterly results presented are not necessarily indicative of the results that may be expected for any future quarters or periods.

 

55


Table of Contents

The quarterly supplemental financial measures below include quarterly non-GAAP operating income, non-GAAP net income and net cash provided by operating activities, which are non-GAAP financial measures. See “Summary—Summary Consolidated Financial Data” for a description of how we calculate non-GAAP operating income and non-GAAP net income, a reconciliation of these non-GAAP financial measures to the most directly comparable GAAP measures and a discussion about the limitations of these non-GAAP financial measures.

 

    Three months ended  
    Mar. 31,
2013
    Jun. 30,
2013
    Sept. 30,
2013
    Dec. 31,
2013
    Mar. 31,
2014
    Jun. 30,
2014
    Sept. 30,
2014
    Dec. 31,
2014
    Mar. 31,
2015
 
    (in thousands)  

Consolidated Statements of Operations Data:

                 

Revenues:

                 

License

  $ 6,702      $ 9,717      $ 9,970      $ 12,518      $ 9,120      $ 11,129      $ 16,620      $ 24,451      $ 19,978   

Maintenance and professional services

    6,029        6,767        6,920        7,534        8,275        10,209        11,341        11,854        12,937   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Total revenues

  12,731      16,484      16,890      20,052      17,395      21,338      27,961      36,305      32,915   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Cost of revenues:

License

  269      243      223      481      628      733      462      831      550   

Maintenance and professional services

  1,865      2,001      1,920      2,074      2,425      2,875      3,072      3,681      3,707   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Total cost of revenues

  2,134      2,244      2,143      2,555      3,053      3,608      3,534      4,512      4,257   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Gross profit

  10,597      14,240      14,747      17,497      14,342      17,730      24,427      31,793      28,658   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Operating expenses:

Research and development

  2,269      2,568      2,717      2,850      3,237      3,342      3,658      4,163      4,117   

Sales and marketing

  6,817      7,740      7,876      10,407      9,433      9,682      11,040      14,788      13,460   

General and administrative

  965      1,055      1,156      1,582      1,481      1,637      2,041      3,336      3,578   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Total operating expenses

  10,051      11,363      11,749      14,839      14,151      14,661      16,739      22,287      21,155   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Operating income

  546      2,877      2,998      2,658      191      3,069      7,688      9,506      7,503   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Net income (loss)

$ 128    $ 2,598    $ 2,513    $ 1,396    $ (1,248 $ 1,230    $ 3,312    $ 6,660    $ 4,166   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

 

56


Table of Contents
    Three months ended  
    Mar. 31,
2013
    Jun. 30,
2013
    Sept. 30,
2013
    Dec. 31,
2013
    Mar. 31,
2014
    Jun. 30,
2014
    Sept. 30,
2014
    Dec. 31,
2014
    Mar. 31,
2015
 
    (as a % of total revenues)  

Consolidated Statements of Operations Data:

                 

Revenues:

                 

License

    52.6     58.9     59.0     62.4     52.4     52.2     59.4     67.3     60.7

Maintenance and professional services

    47.4        41.1        41.0        37.6        47.6        47.8        40.6        32.7        39.3   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Total revenues

  100.0      100.0      100.0      100.0      100.0      100.0      100.0      100.0      100.0   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Cost of revenues:

License

  2.1      1.5      1.3      2.4      3.6      3.4      1.6      2.3      1.7   

Maintenance and professional services

  14.7      12.1      11.4      10.3      14.0      13.5      11.0      10.1      11.2   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Total cost of revenues

  16.8      13.6      12.7      12.7      17.6      16.9      12.6      12.4      12.9   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Gross profit

  83.2      86.4      87.3      87.3      82.4      83.1      87.4      87.6      87.1   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Operating expenses:

Research and development

  17.8      15.6      16.1      14.2      18.6      15.6      13.1      11.5      12.5   

Sales and marketing

  53.5      46.9      46.6      51.9      54.2      45.4      39.5      40.7      40.9   

General and administrative

  7.6      6.4      6.8      7.9      8.5      7.7      7.3      9.2      10.9   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Total operating expenses

  78.9      68.9      69.5      74.0      81.3      68.7      59.9      61.4      64.3   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Operating income

  4.3      17.5      17.8      13.3      1.1      14.4      27.5      26.2      22.8   

Net income (loss)

  1.0   15.8   14.9   7.0   (7.2 )%    5.8   11.8   18.3   12.7
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

 

    Three months ended  
    Mar. 31,
2013
    Jun. 30,
2013
    Sept. 30,
2013
    Dec. 31,
2013
    Mar. 31,
2014
    Jun. 30,
2014
    Sept. 30,
2014
    Dec. 31,
2014
    Mar. 31,
2015
 
    (in thousands)  

Supplemental Financial Metrics:

                 

Non-GAAP operating income

  $ 627      $ 2,972      $ 3,108      $ 2,775      $ 347      $ 3,253      $ 8,374      $ 10,053      $ 9,049   

Non-GAAP net income

    209        2,845        3,270        2,160        304        2,448        5,877        7,207        5,712   

Net cash provided by operating activities

    3,699        3,024        6,485        6,951        8,898        3,781        835        10,326        14,869   

Total deferred revenues (as of three-months end)

    17,310        19,649        22,723        24,478        32,395        31,937        27,742        32,160        41,331   

Reconciliation of Operating Income to Non-GAAP Operating Income:

                 

Operating Income

  $ 546      $ 2,877      $ 2,998      $ 2,658      $ 191      $ 3,069      $ 7,688      $ 9,506      $ 7,503   

Secondary offering related expenses

    —          —          —          —          —          —          —          —          1,081   

Share-based compensation

    81        95        110        117        156        184        686        547        465   
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Non-GAAP operating income

$ 627    $ 2,972    $ 3,108    $ 2,775    $ 347    $ 3,253    $ 8,374    $ 10,053    $ 9,049   

Reconciliation of Net Income (Loss) to Non-GAAP Net Income:

Net Income (loss)

$ 128    $ 2,598    $ 2,513    $ 1,396    $ (1,248 $ 1,230    $ 3,312    $ 6,660    $ 4,166   

Secondary offering related expenses

  —        —        —        —        —        —        —        —        1,081   

Share-based compensation

  81      95      110      117      156      184      686      547      465   

Warrant adjustment

  —        152      647      647      1,396      1,034      1,879      —        —     
 

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

   

 

 

 

Non-GAAP net income

$ 209    $ 2,845    $ 3,270    $ 2,160    $ 304    $ 2,448    $ 5,877    $ 7,207    $ 5,712   

 

57


Table of Contents

Quarterly Revenue Trends. Our quarterly revenues increased year-over-year for all periods presented due to increased sales of licenses to new customers, as well as upsells to existing customers of new licenses as well as professional and support service contracts. Comparisons of our year-over-year total quarterly revenues are more meaningful than comparisons of our sequential results due to seasonality in the sale of our products and services. Our fourth quarter has historically been our strongest quarter for sales because our target customers are enterprises that generally make such license purchases in this quarter. While we believe that these seasonal trends have affected and will continue to affect our quarterly results, our rapid growth has largely masked seasonal trends to date. We believe that our business may become more seasonal in the future. Historical patterns in our business may not be a reliable indicator of our future sales activity or performance.

Quarterly Gross Profit and Margin Trends. Our quarterly gross profit increased year-over-year for all periods presented. Our fourth quarter gross profit has historically been our strongest, which is consistent with our quarterly revenue trends. Our quarterly gross margin has remained relatively consistent over all periods presented, and any fluctuation is primarily due to shifts in the mix of sales between licenses and maintenance and professional services, as well as the types and volumes of products sold.

Quarterly Operating Expense Trends. Our quarterly operating expenses increased year-over-year for all periods presented primarily due to the addition of personnel in connection with the expansion of our business. Our operating expenses generally increase in the fourth quarter of each year as expenses increase to accommodate the increased revenues encountered in this quarter. Research and development expenses increased sequentially over the periods as we increased our headcount to support continued investment in our future products and services offerings. Sales and marketing expenses increased significantly over the periods as we incurred costs associated with commission expenses to sales people, personnel costs associated with increases in headcount and an increase in overhead allocations. General and administrative expenses increased over the periods primarily due to an increase in personnel costs, legal expenses and professional services fees related to preparing to be a public company.

Liquidity and Capital Resources

We fund our operations with cash generated from operating activities. In the past, we have also raised capital through the sale of equity securities to investors in private placements and, to a lesser extent, through exercised options. Our primary current uses of our cash are ongoing operating expenses and capital expenditures.

As of March 31, 2015 and December 31, 2014, we had $191.7 million and $177.2 million of cash, cash equivalents and short-term bank deposits, respectively. This compared with cash, cash equivalents and short-term bank deposits of $73.6 million, $65.4 million and $46.0 million as of March 31, 2014, December 31, 2013 and 2012, respectively. We believe that our existing cash, cash equivalents and short-term bank deposits will be sufficient to fund our operations and capital expenditures for at least the next 12 months. Our future capital requirements will depend on many factors, including our rate of revenue growth, the expansion of our sales and marketing activities, the timing and extent of spending to support product development efforts and expansion into new geographic locations, the timing of introductions of new software products and enhancements to existing software products and the continuing market acceptance of our software offerings.

The following table presents the major components of net cash flows for the periods presented:

 

     Year Ended December 31,     Three months ended
March 31,
 
     2012     2013     2014       2014         2015    
     (in thousands)  

Net cash provided by operating activities

   $ 13,657      $ 20,159      $ 23,840      $ 8,898      $ 14,869   

Net cash provided by (used in) investing activities

     (3,233     (826     (51,445     549        23,659   

Net cash provided by (used in) financing activities

     (329     159        89,410        (97     234   

 

58


Table of Contents

A substantial source of our net cash provided by operating activities is our deferred revenues, which is included on our consolidated balance sheet as a liability. The majority of our deferred revenues consist of the unrecognized portion of upfront payments associated with maintenance and professional services, with the remainder consisting of payments for licenses that could not yet be recognized. We assess our liquidity, in part, through an analysis of our short and long-term deferred revenues that have not yet been recognized as revenues together with our other sources of liquidity. Deferred revenues for licenses are recognized when all applicable revenue criteria are met. Revenues from maintenance and support contracts are recognized ratably on a straight-line basis over the term of the related contract which is typically one year and, to a lesser extent, three years, and from professional services as services are performed. Thus, since we frequently recognize revenues in subsequent periods to when certain payments may be received, an increase in deferred revenues adds to the liquidity of our operations.

Net Cash Provided by Operating Activities

Our cash flows historically have reflected our net income coupled with changes in our non-cash working capital. During the three months ended March 31, 2015, operating activities provided $14.9 million in cash as a result of a decrease of $6.6 million in our non-cash working capital combined with net income of $4.2 million and $1.1 million of non-cash charges related to depreciation of $0.2 million, share-based compensation expenses of $0.4 million and tax benefit of $0.5 million coupled with a $3.0 million increase in long-term deferred revenues from three-year maintenance contracts for which we collected payment up front. The decrease in our non-cash working capital was due to a $6.2 million increase in short-term deferred revenues, a decrease of $4.4 million in trade receivables and a $0.9 million increase in trade payables which were partially offset by a $4.0 million decrease in employees and payroll accruals and other current liabilities and an increase of $0.9 million in prepaid expenses and other current assets. Our days’ sales outstanding (DSO) was 41 days for the three months ended March 31, 2015.

During the three months ended March 31, 2014, operating activities provided $8.9 million in cash as a result of a decrease of $7.4 million in our non-cash working capital and $1.7 million of non-cash charges related to a $1.4 million change in the fair value of warrants to purchase preferred shares, to depreciation of $0.2 million and share-based compensation expenses of $0.1 million coupled with a $1.0 million increase in long term deferred tax assets and long-term deferred revenues from three-year maintenance contracts for which we collected payment up front which were partially offset by a net loss of $1.2 million. The decrease in our non-cash working capital was due to a $6.7 million increase in short-term deferred revenues and a $5.3 million decrease in trade receivables and other current assets which were partially offset by decrease of $1.1 million in trade payables and $3.5 million in employees and payroll accruals and other current liabilities. Our DSO was 42 days for the three months ended March 31, 2014.

During the year ended December 31, 2014, operating activities provided $23.8 million in cash as a result of $10.0 million net income combined with a decrease of $3.1 million in our non-cash working capital, adjusted by $7.2 million of non-cash charges related to a $4.3 million change in the fair value of warrants to purchase preferred shares, share-based compensation expenses of $1.6 million, depreciation of $0.7 million and tax benefit of $0.6 million coupled with a $3.3 million increase in long-term deferred revenues from three-year maintenance contracts for which we collected payment up front and a $0.2 million increase in long-term liabilities. The decrease of $3.1 million in our non-cash working capital was due to a $4.4 million increase in short-term deferred revenues and a $5.5 million increase in employees and payroll accruals and other current liabilities, which were partially offset by a $6.5 million increase in trade receivable and an increase of $0.3 million in trade payables and prepaid expenses and other current assets. Our DSO was 68 days for the year ended December 31, 2014.

During the year ended December 31, 2013, operating activities provided $20.2 million in cash as a result of a decrease of $9.5 million in our non-cash working capital combined with net income of $6.6 million, adjusted by $2.3 million of non-cash charges related to a $1.4 million change in the fair value of warrants to purchase preferred shares, depreciation of $0.5 million and share-based compensation expenses of $0.4 million coupled

 

59


Table of Contents

with a $1.8 million increase in long-term deferred revenues from three-year maintenance contracts for which we collected payment up front. The decrease in our non-cash working capital was due to a $7.6 million increase in short-term deferred revenues and a $6.6 million increase in trade payables and employee-related accruals which were partially offset by increases of $3.3 million in trade receivables, $0.9 million in other current assets and $0.5 million in short-term deferred tax assets. Our DSO was 70 days for the year ended December 31, 2013.

During the year ended December 31, 2012, operating activities provided $13.7 million in cash as a result of a decrease in our non-cash working capital of $0.7 million combined with net income of $7.9 million, adjusted by $0.8 million of non-cash charges related to share-based compensation expenses of $0.3 million, depreciation of $0.3 million and a $0.2 million change in the fair value of warrants to purchase preferred shares coupled with a $2.9 million increase in long-term deferred revenues from three-year maintenance contracts for which we collected payment up front and a decrease in long-term assets, net, of $1.4 million. The decrease in our non-cash working capital was due to a $2.9 million increase in short-term deferred revenues and a $2.7 million increase in account and trade payables and employee-related accruals which were partially offset by increases of $3.1 million in trade receivables and $1.8 million in short-term deferred tax assets. Our DSO was 73 days for the year ended December 31, 2012.

Net Cash Provided by (Used in) Investing Activities

Net cash provided by investing activities was $23.7 million for the three months ended March 31, 2015. Net cash provided by investing activities was $0.5 million for the three months ended March 31, 2014. Net cash used in investing activities was $51.4 million for the year ended December 31, 2014. Net cash used in investing activities was $3.2 million and $0.8 million in 2012 and 2013, respectively. Investing activities have consisted primarily of investment in and proceeds from short-term deposits, and purchase of property and equipment.

Net Cash Provided by (Used in) Financing Activities

Our financing activities have primarily consisted of proceeds from the issuance and sale of our securities and proceeds from the exercise of share options. Net cash provided by financing activities was $0.2 million for the three months ended March 31, 2015. Net cash used in financing activities was $0.1 million for the three months ended March 31, 2014. Net cash provided by financing activities was $89.4 million and $0.2 million for the years ended December 31, 2014 and 2013, respectively. Net cash used in financing activities was $0.3 million in 2012.

Contractual Obligations

The following summarizes our contractual obligations as of December 31, 2014:

 

     Payments Due by Period  
     Total      2015      2016      2017      2018      2019 and
thereafter
 
     (in thousands)  

Operating lease obligations(1)

   $ 7,562       $ 2,301       $ 1,922       $ 636       $ 614       $ 2,089   

Uncertain tax obligations(2)

     322         —           —           —           —           —     

Severance pay(3)

     4,101         —           —           —           —           —     
  

 

 

    

 

 

    

 

 

    

 

 

    

 

 

    

 

 

 

Total

$ 11,985    $ 2,301    $ 1,922    $ 636    $ 614    $ 2,089   

 

(1) Operating lease obligations consist of our contractual rental expenses under operating leases of facilities and certain motor vehicles. We signed a new lease for our facilities located in Israel on February 26, 2015, and such obligation is excluded from the above table.
(2)

Consists of accruals for certain income tax positions under ASC 740 that are paid upon settlement, and for which we are unable to reasonably estimate the ultimate amount and timing of settlement. See Note 8(j) to our consolidated financial statements included elsewhere in this prospectus for further information regarding

 

60


Table of Contents
  our liability under ASC 740. Payment of these obligations would result from settlements with tax authorities. Due to the difficulty in determining the timing of resolution of audits, these obligations are only presented in their total amount.
(3) Severance pay relates to accrued severance obligations to our Israeli employees as required under Israeli labor laws. These obligations are payable only upon the termination, retirement or death of the respective employee and may be reduced if the employee’s termination is voluntary. These obligations are partially funded through accounts maintained with financial institutions and recognized as an asset on our balance sheet. Of this amount, $1.0 million is unfunded. See Note 2(i) to our consolidated financial statement included elsewhere in this report for further information.

Application of Critical Accounting Policies and Estimates

Our accounting policies and their effect on our financial condition and results of operations are more fully described in our consolidated financial statements included elsewhere in this prospectus. We have prepared our financial statements in conformity with U.S. GAAP, which requires management to make estimates and assumptions that in certain circumstances affect the reported amounts of assets and liabilities, revenues and expenses and disclosure of contingent assets and liabilities. These estimates are prepared using our best judgment, after considering past and current events and economic conditions. While management believes the factors evaluated provide a meaningful basis for establishing and applying sound accounting policies, management cannot guarantee that the estimates will always be consistent with actual results. In addition, certain information relied upon by us in preparing such estimates includes internally generated financial and operating information, external market information, when available, and when necessary, information obtained from consultations with third-parties. Actual results could differ from these estimates and could have a material adverse effect on our reported results. See “Risk Factors” for a discussion of the possible risks which may affect these estimates.

We believe that the accounting policies discussed below are critical to our financial results and to the understanding of our past and future performance, as these policies relate to the more significant areas involving management’s estimates and assumptions. We consider an accounting estimate to be critical if: (1) it requires us to make assumptions because information was not available at the time or it included matters that were highly uncertain at the time we were making our estimate; and (2) changes in the estimate could have a material impact on our financial condition or results of operations.

Revenue Recognition

We account for our software licensing sales in accordance with the Financial Accounting Standards Board, or FASB, Accounting Standards Codification, or ASC, 985-605, “Software Revenue Recognition.” ASC 985-605 generally requires revenues earned on software arrangements involving multiple elements to be allocated to each element based on the relative fair value of the elements when Vendor Specific Objective Evidence, or VSOE, of fair value exists for all elements and to be allocated to the different elements in the arrangement under the “residual method” when VSOE of fair value exists for all undelivered elements and no VSOE exists for the delivered elements.

Maintenance and professional services are sold separately and therefore the selling price (VSOE) is based on stand-alone transactions.

Under the residual method, at the outset of the arrangement with the customer, we defer revenues for the fair value of our undelivered elements and recognize revenues for the remainder of the arrangement fee attributable to the elements initially delivered in the arrangement (software product) when all other criteria in ASC 985-605 have been met. Any discount in the arrangement is allocated to the delivered element.

We recognize software license revenues when persuasive evidence of an arrangement exists, the software license has been delivered, there are no uncertainties surrounding product acceptance, there are no significant

 

61


Table of Contents

future performance obligations, the license fees are fixed or determinable and collection of the license fee is considered probable. Fees for arrangements with payment terms extending beyond customary payment terms are considered not to be fixed or determinable, in which case revenues are deferred and recognized when payments become due from the customer provided that all other revenue recognition criteria have been met.

Revenues from maintenance and support contracts are recognized ratably on a straight-line basis over the term of the related contract which is typically one year and, to a lesser extent, three years, and from professional services as services are performed.

Our agreements with distributors and resellers are non-exchangeable, non-refundable, non-returnable and carry no rights of price protection. Accordingly, we consider distributors as end-users.

We do not generally grant a right of return to our customers. In transactions where a customer’s contractual terms include a provision for customer acceptance, revenues are recognized when such acceptance has been obtained or as the acceptance provision has lapsed.

Deferred revenues include unearned amounts received under maintenance and support contracts, professional services and amounts received from customers for licenses but not recognized as revenues due to the fact that these transactions did not meet the revenue recognition criteria as of the balance sheet date.

Derivative instruments

ASC No. 815, “Derivative and Hedging”, requires companies to recognize all of their derivative instruments as either assets or liabilities in the statement of financial position at fair value. For those derivative instruments that are designated and qualify as hedging instruments, a company must designate the hedging instrument, based upon the exposure being hedged, as a fair value hedge, cash flow hedge or a hedge of a net investment in a foreign operation.

For derivative instruments that are designated and qualify as a cash flow hedge (i.e., hedging the exposure to variability in expected future cash flows that is attributable to a particular risk), the effective portion of the gain or loss on the derivative instrument is reported as a component of other comprehensive income and reclassified into earnings in the same period or periods during which the hedged transaction affects earnings. The remaining gain or loss on the derivative instrument in excess of the cumulative change in the present value of future cash flows of the hedged item, if any, is recognized in current earnings during the period of change.

To hedge against the risk of overall changes in cash flows resulting from foreign currency salary payments during the year, we have instituted a foreign currency cash flow hedging program. We hedge a portion of our forecasted expenses denominated in NIS. These forward and option contracts are designated as cash flow hedges, as defined by ASC 815, and are all effective, as their critical terms match underlying transactions being hedged.

Share-Based Compensation

Option Valuations

Under U.S. GAAP, we account for share-based compensation for employees in accordance with the provisions of the FASB’s ASC Topic 718 “Compensation—Stock Based Compensation,” or ASC 718, which requires us to measure the cost of options based on the fair value of the award on the grant date.

We selected the Black-Scholes-Merton option pricing model as the most appropriate method for determining the estimated fair value of options for the years ended December 31, 2012 and 2013 and for the period from January 1, 2014 and up to September 24, 2014. The resulting cost of an equity incentive award is recognized as an expense over the requisite service period of the award, which is usually the vesting period. We

 

62


Table of Contents

recognize compensation expense over the vesting period using the straight-line method and classify these amounts in the consolidated financial statements based on the department to which the related employee reports.

The determination of the grant date fair value of options using the Black-Scholes-Merton option pricing model is affected by estimates and assumptions regarding a number of complex and subjective variables. These variables include the expected volatility of our share price over the expected term of the options, share option exercise and cancellation behaviors, risk-free interest rates and expected dividends, which are estimated as follows:

 

    Fair Value of our Ordinary Shares. Because our shares are not publicly traded, we must estimate the fair value of ordinary shares, as discussed in “—Ordinary Share Valuations” below.

 

    Expected Term. The expected term of options granted represents the period of time that options granted are expected to be outstanding, and is determined based on the simplified method in accordance with ASC No. 718-10-S99-1, (SAB No. 110), as adequate historical experience is not available to provide a reasonable estimate.

 

    Volatility. The expected share price volatility was based on the historical equity volatility of the ordinary shares of comparable companies that are publicly traded.

 

    Risk-free Rate. The risk-free interest rate is based on the yield from U.S. Treasury zero-coupon bonds with a term equivalent to the contractual life of the options.

 

    Dividend Yield. We have never declared or paid any cash dividends and do not presently plan to pay cash dividends in the foreseeable future. Consequently, we used an expected dividend yield of zero.

From September 24, 2014, our ordinary shares are publicly traded, and therefore we currently base the value of options based on the market price of our ordinary shares.

Warrants to Purchase Preferred Shares

Prior to our initial public offering, we accounted for freestanding warrants to purchase our preferred shares as a liability on our balance sheet at fair value. We recorded warrants to purchase preferred shares as a liability because the underlying preferred shares were contingently redeemable (upon a deemed liquidation event) and, therefore, could have required us to transfer assets. The warrants were subject to re-measurement to fair value at each balance sheet date and any change in fair value was recognized as a component of financial income (expense), net, on the consolidated statements of comprehensive income.

We recorded the warrants at their estimated fair value utilizing the OPM with changes in the fair value of the warrant liability reflected in financial income (expense), net. Upon the completion of our initial public offering on September 24, 2014, the warrants were exercised to Series B3 preferred shares and later converted to ordinary shares. We re-measured the warrants as of the conversion date using the intrinsic value based on the initial public offering price.

The following assumptions were used to estimate the value of the Series B3 preferred share warrants as of December 31, 2012 and 2013 and March 31, 2014:

 

     Year ended
December 31,
    Three months ended
March 31, 2014
 
     2012     2013    

Expected volatility

     45     45     45

Expected dividends

     0        0        0   

Expected term (in years)

     2.5        2        0.75   

Risk free rate

     0.32     0.31     0.10

During the years ended December 31, 2012, 2013 and 2014, we recognized financial expenses in the amount of $0.2 million, $1.4 million and $4.3 million, respectively, from the re-measurement of the fair value of the

 

63


Table of Contents

warrants. For the three months ended March 31, 2014, we recognized financial expenses in the amount of $1.4 million from the remeasurement of the fair value of the warrants, while we did not incur any such expense during the three months ended March 31, 2015 because the warrants were exercised upon our initial public offering on September 24, 2014.

Income Taxes

As part of the process of preparing our consolidated financial statements we are required to estimate our taxes in each of the jurisdictions in which we operate. We account for income taxes in accordance with ASC Topic 740, “Income Taxes,” or ASC Topic 740. ASC Topic 740 prescribes the use of an asset and liability method whereby deferred tax asset and liability account balances are determined based on the difference between book value and tax bases of assets and liabilities and carryforward tax losses. Deferred taxes are measured using the enacted tax rates and laws that will be in effect when the differences are expected to reverse. We exercise judgment and provide a valuation allowance, if necessary, to reduce deferred tax assets to their estimated realizable value if it is more likely than not that some portion or all of the deferred tax asset will not be realized.

Deferred tax assets are classified as short or long-term based on the classification of the related asset or liability for financial reporting, or according to the expected reversal dates of the specific temporary differences, if not related to an asset or liability for financial reporting. We account for uncertain tax positions in accordance with ASC 740 and recognize the tax benefit from an uncertain tax position only if it is more likely than not that the tax position will be sustained on examination by the taxing authorities, based on the technical merits of the position. The tax benefits recognized in the financial statements from such a position should be measured based on the largest benefit that has a greater than 50% likelihood of being realized upon ultimate settlement. Accordingly, we report a liability for unrecognized tax benefits resulting from uncertain tax positions taken or expected to be taken in a tax return. We recognize interest and penalties, if any, related to unrecognized tax benefits in tax expense.

Off-Balance Sheet Arrangements

We do not currently engage in off-balance sheet financing arrangements. In addition, we do not have any interest in entities referred to as variable interest entities, which includes special purposes entities and other structured finance entities.

Quantitative and Qualitative Disclosure About Market Risk

Foreign Currency Risk

Our results of operations and cash flows are affected by fluctuations due to changes in foreign currency exchange rates. In 2014, the majority of our revenues were denominated in U.S. dollars and the remainder in other currencies, primarily euros and British pounds sterling. In 2014, the majority of our cost of revenues and operating expenses were denominated in U.S. dollars and NIS and the remainder in other currencies, primarily euros and British pounds sterling. Our foreign currency-denominated expenses consist primarily of personnel, rent and other overhead costs. Since a significant portion of our expenses is incurred in NIS and is substantially greater than our revenues in NIS, any appreciation of the NIS relative to the U.S. dollar would adversely impact our net loss or net income, as relevant. In addition, since the portion of our revenues generated in euros is significantly greater than our expenses incurred in euros, any depreciation of the euro relative to the U.S. dollar would adversely impact our net loss or net income, as relevant. We currently have less exposure to fluctuations in the exchange rate of the British pound because our revenues and expenses in that currency have an offsetting effect.

 

64


Table of Contents

The following table presents information about the changes in the exchange rates of the NIS against the U.S. dollar:

 

Period

   Change in Average Exchange Rate of the NIS
Against the U.S. dollar (%)

2015 (through March 31, 2015)

       2.9  

2014

       (0.9 )

2013

       (6.4 )

2012

       7.8  

The figures above represent the change in the average exchange rate in the given period compared to the average exchange rate in the immediately preceding period. Negative figures represent depreciation of the U.S. dollar compared to the NIS. We estimate that a 10% strengthening or weakening in the value of the NIS against the U.S. dollar would have decreased or increased, respectively, our net income by approximately $2.0 million in 2014. We estimate that a 10% strengthening or weakening in the value of the euro against the U.S. dollar would have increased or decreased, respectively, our net income by approximately $0.7 million in 2014. These estimates of the impact of fluctuations in currency exchange rates on our historic results of operations may be different from the impact of fluctuations in exchange rates on our future results of operations since the mix of currencies comprising our revenues and expenses may change.

For purposes of our consolidated financial statements, local currency assets and liabilities are translated at the rate of exchange to the U.S. dollar on the balance sheet date and local currency revenues and expenses are translated at the exchange rate at the date of the transaction or the average exchange rate dollar during the reporting period to the United States.

To protect against the increase in value of forecasted foreign currency cash flow resulting from expenses paid in NIS during the year, we have instituted a foreign currency cash flow hedging program. We hedge portions of the anticipated payroll of our Israeli employees in NIS for a period of one to twelve months with forward contracts and other derivative instruments. We do not use derivative financial instruments for speculative or trading purposes.

Other Market Risks

We do not believe that we have material exposure to interest rate risk due to the fact that we have no long-term borrowings.

We do not believe that we have any material exposure to inflationary risks.

New and Revised Financial Accounting Standards

The JOBS Act permits emerging growth companies such as us to delay adopting new or revised accounting standards until such time as those standards apply to private companies. We have irrevocably elected not to avail ourselves of this and, therefore, we will be subject to the same new or revised accounting standards as other public companies that are not emerging growth companies.

Recently Issued and Adopted Accounting Pronouncements

In May 2014, the FASB issued an accounting standard update on revenue from contracts with customers, which requires an entity to recognize the amount of revenue to which it expects to be entitled for the transfer of promised goods or services to customers. The new guidance will replace most existing revenue recognition guidance in U.S. GAAP when it becomes effective. The new standard is effective for us on January 1, 2017. Early application is not permitted. The standard permits the use of either the retrospective or cumulative effect transition method. We are currently evaluating the effect that the new guidance will have on our consolidated financial statements and related disclosures. We have not yet selected a transition method nor have we determined the effect of the standard on our ongoing financial reporting.

 

65


Table of Contents

BUSINESS

Overview

We are a global leader and pioneer of a new layer of IT security solutions that protects organizations from cyber attacks that have made their way inside the network perimeter to strike at the heart of the enterprise. Our software solution is focused on protecting privileged accounts, which have become a critical target in the lifecycle of today’s cyber attacks. Privileged accounts are pervasive and act as the “keys to the IT kingdom,” providing complete access to, and control of, all parts of IT infrastructure, industrial control systems and critical business data. In the hands of an external attacker or malicious insider, privileged accounts allow attackers to take control of and disrupt an organization’s IT and industrial control infrastructures, steal confidential information and commit financial fraud. Our comprehensive solution proactively protects privileged accounts, monitors privileged activity and detects malicious privileged behavior. Our customers use our innovative solution to introduce this new security layer to protect against, detect and respond to cyber attacks before they strike vital systems and compromise sensitive data.

Organizations worldwide are experiencing an unprecedented increase in the sophistication, scale and frequency of cyber attacks. The challenge this presents is intensified by the growing adoption of new technologies, such as cloud computing, virtualization, software-defined networking, enterprise mobility and social networking, which has resulted in increasingly complex and distributed IT environments with significantly larger attack surfaces. Organizations have historically relied upon perimeter-based threat protection solutions such as network, web and endpoint security tools as the predominant defense against cyber attacks, yet these traditional solutions have a limited ability to stop today’s advanced threats. As a result, an estimated 90% of organizations have suffered a cybersecurity breach according to a 2011 survey of approximately 580 U.S. IT practitioners by the Ponemon Institute, a research center focused on privacy, data protection and information security policy. Organizations are just beginning to adapt their security strategies to address this new threat environment and are evolving their approaches based on the assumption that their network perimeter has been or will be breached. They are therefore increasingly implementing new layers of security inside the network to disrupt attacks before they result in the theft of confidential information or other serious damage. Regulators are also continuing to mandate rigorous new compliance standards and audit requirements in response to this evolving threat landscape.

We believe that the implementation of a privileged account security solution is one of the most critical layers of an effective security strategy. Privileged accounts represent one of the most vulnerable aspects of an organization’s IT infrastructure. Privileged accounts are used by system administrators, third-party and cloud service providers, applications and business users, and they exist in nearly every connected device, server, hypervisor, operating system, database, application and industrial control system. Due to the broad access and control they provide, exploiting privileged accounts has become a critical stage of the cyber attack lifecycle. The typical cyber attack involves an attacker effecting an initial breach, escalating privileges to access target systems, moving laterally through the IT infrastructure to identify valuable targets, and exfiltrating, or stealing, the desired information. According to Mandiant, credentials of authorized users were hijacked in 100% of the breaches that Mandiant investigated, and privileged accounts were targeted whenever possible. Further, a study we conducted in 2014 using research from forensic firms, including Mandiant and Deloitte & Touche LLP, revealed that privileged accounts were exploited in at least 80% of the serious security incidents investigated by the firms included in our study.

We have architected our solution from the ground up to address the challenges of protecting privileged accounts and an organization’s sensitive information. Our solution provides proactive protection against cyber attacks from both external and internal sources and allows for real-time detection and neutralization of such threats. It can be deployed in traditional on-premise data centers, cloud environments and industrial control systems. Our innovative software solution is the result of over 15 years of research and expertise, combined with valuable knowledge we have gained from working with our diverse population of customers.

Our comprehensive, purpose-built Privileged Account Security Solution enables our customers to secure, manage and monitor privileged account access and activities. Our Privileged Account Security Solution consists of our Enterprise Password Vault, SSH Key Manager, Privileged Session Manager, Privileged Threat Analytics,

 

66


Table of Contents

Application Identity Manager and On-Demand Privileges Manager. These products share a common technology platform that includes our Digital Vault, Master Policy Engine and Discovery Engine, and integrates out of the box with over 100 types of IT assets in the datacenter or the cloud. Our solution complements network, endpoint, web and other security tools and enhances the effectiveness of other security defenses by preventing the misuse of privileged accounts that are built into these products.

As of March 31, 2015, we had approximately 1,850 customers, including approximately 40% of the Fortune 100 and approximately 18% of the Global 2000. We define a customer to include a distinct entity, division or business unit of a company. Our customers include leading enterprises in a diverse set of industries, including energy and utilities, financial services, healthcare, manufacturing, retail, technology and telecommunications, as well as government agencies. We sell our solution through a high touch, channel fulfilled hybrid sales model that combines the leverage of channel sales with the account control of direct sales, and therefore provides us with significant opportunities to grow our current customer base. This approach allows us to maintain close relationships with our customers and benefit from the global reach of our channel partners. Additionally, we are enhancing our product offerings and go-to-market strategy by establishing technology alliances within the IT infrastructure and security vendor ecosystem.

Our business has rapidly grown in recent years. During 2012, 2013 and 2014, our revenues were $47.2 million, $66.2 million and $103.0 million, respectively, representing year-over-year growth of 40.1% and 55.7% in 2013 and 2014, respectively. Our net income for 2012, 2013 and 2014 was $7.9 million, $6.6 million and $10.0 million, respectively. Our revenues for the three months ended March 31, 2014 and 2015 were $17.4 million and $32.9 million, respectively, representing year-over-year growth of 89.2%. Our net income for the three months ended March 31, 2015 was $4.2 million compared with a net loss of $1.2 million for the same period in 2014.

Industry Overview

The recent increase in sophisticated, targeted security threats by both external attackers and malicious insiders, along with an increase in the attack surface due to the growing complexity and distributed nature of IT environments, have made it extremely challenging for enterprises and governments around the world to protect their sensitive information. These challenges are driving the need for a new layer of security that complements traditional threat protection technologies by securing access to privileged accounts and preventing the exploitation of organizations’ critical systems and data.

Security threats are increasingly sophisticated and targeted

Organizations are experiencing an elevated level of increasingly sophisticated and targeted security threats. These advanced threats are frequently driven by organized groups such as: professional criminals attempting to gain access to valuable or sensitive information, state-sponsored groups that aim to further national agendas through industrial espionage or cyber warfare, and “hacktivists” pursuing a variety of socially-driven causes. These groups are highly motivated, technically advanced and are often well funded. They have become fundamental drivers of the heightened risk of cyber attacks.

Increasing complexity and openness of IT environments increases risk

To support business priorities and the evolving needs of their customers, enterprises are investing in new technologies and architectures that are rapidly increasing the complexity and openness of the IT infrastructure, including virtualization, cloud computing, mobility, software-defined networking, big data and social networking. A large enterprise’s IT infrastructure typically consists of tens of thousands of servers, databases, network devices and applications, and is often distributed across multiple geographic regions. Enterprises are increasingly adopting mobility and bring-your-own-device (BYOD) policies, allowing employees to access confidential company information and applications on mobile devices. Furthermore, many enterprises are outsourcing aspects of their infrastructure to cloud service providers and remote vendors, increasing their

 

67


Table of Contents

reliance on third parties to manage and protect their sensitive information. While these modern IT technologies offer organizations many benefits, they also increase the security risk by expanding the attack surface of the organization and increasing the complexity of security management.

Privileged accounts are widespread and vulnerable to attack

Privileged accounts represent one of the most vulnerable aspects of an organization’s IT infrastructure. Privileged accounts are those accounts within an organization that give the user high levels of access, or “privileged” access, to IT systems, applications and data. Privileged accounts are used by systems administrators to deploy and maintain IT systems and they exist in nearly every connected device, server, database, application and industrial control system. Additionally, privileged accounts extend beyond an organization’s traditional IT infrastructure to include employee-managed corporate social media accounts, which can be misused to cause significant reputational damage and other harm to an enterprise. With the increasing complexity of IT infrastructures, the number of privileged accounts has grown exponentially. We believe that organizations typically have two to four times more privileged accounts than employees. As a result, hijacking privileged accounts gives attackers the ability to access and download an organization’s most sensitive data, disrupt business operations, create additional user and privileged accounts, distribute malware, bypass existing security controls, perform other sensitive operations, and erase audit trails to hide their activity. Hackers, malicious insiders or even careless users pose a significant threat to organizations when they gain access to privileged accounts. Some well-publicized examples of cyber attacks that have compromised privileged accounts, according to sources in the public domain, include:

 

    Target. At the end of 2013, attackers were able to copy privileged domain administrator credentials via a “pass the hash” attack, then subsequently created new credentials that provided access to their target systems. This attack compromised the credit card information of millions of customers and caused significant brand and financial damage to the company.

 

    Sony Pictures Entertainment. In 2014, attackers were able to gain access to a large number of privileged account credentials that were left unprotected. These credentials enabled the attackers to access a wide range of systems, allowing them to steal copies of pre-release films, confidential internal emails and other sensitive data. The attack caused significant brand and financial damage to the company.

 

    U.S. Intelligence Agency. In 2013, a third-party systems administrator abused his insider status and authorized privileged credentials to download and make public hundreds of thousands of classified documents.

 

    South Korea. In 2013, South Korean TV stations and banks were attacked with data wiping malware. According to reports, the devastating attacks carried out on South Korea were precipitated by hackers obtaining a privileged administrator login to a security vendor’s patch management server via a targeted attack. The attackers then created malware that resembled a normal software update, tricking unsuspecting organizations into infecting their own systems with this malicious update.

 

    RSA. In 2011, after initially penetrating the network through a spear phishing email, an attack harvested legitimate user credentials, including privileged credentials needed to infiltrate the core RSA SecurID token master key database, thereby compromising the security of thousands of other companies, including several major U.S. defense contractors.

 

    Night Dragon. Starting in 2009 and reported in 2011, an attack was carried out against a number of energy firms that targeted proprietary operations and project-financing information. Once the initial system was compromised, the attack targeted local privileged administrative accounts, providing the attacker with broad access to the energy firms’ systems and confidential intellectual property.

 

68


Table of Contents

Exploiting privileged accounts is a critical stage of an attack lifecycle

Today’s advanced cyber attacks are typically designed to evade traditional threat prevention technologies that are focused on protecting the perimeter from outside breach. Once inside a network, many of these modern attacks follow a common lifecycle. Attackers typically attempt to advance from the initial breach, escalating their privileges and moving laterally through the system to identify and access valuable targets and confidential information so they can access their target systems and information. Once an attacker has hijacked the privileged credentials of an authorized user, its activities blend in with legitimate traffic and is therefore much more difficult to detect. Attackers can therefore operate undetected inside an organization for long periods of time. In fact, according to the 2013 Data Breach Investigations Report from Verizon, 66% of breaches take months or years to discover and approximately 70% of breaches were discovered by external parties who then notified the targeted company. According to Mandiant, the median length of time that attackers are on an organization’s network before being detected is approximately 230 days. The diagram below shows the typical lifecycle of a cyber attack.

 

 

LOGO

 

    Perimeter compromise. Attackers can gain entry into a corporate network through multiple attack vectors including email, web and endpoints. The most common technique used to penetrate an enterprise network and break through the network perimeter is a “phishing” attack through which an email is used to deliver malware to an employee of the target. Attackers have become highly sophisticated and are increasingly finding ways to evade traditional network perimeter threat detection technologies. In most cases, immediately after the initial compromise, attackers download malware tools and establish a connection to a command-and-control server to enable ongoing control.

 

    Escalate privileges. External attackers, after the initial compromise, target privileged accounts to facilitate the future stages of the attack. Through a variety of tactics, including keystroke logging malware, “pass the hash” attacks, dictionary attacks and other techniques, attackers attempt to gain possession of the credentials used to access privileged accounts. Malicious insiders typically already have some degree of privileged access but may need to escalate privileges to extend their access. Privilege escalation is a critical stage of the attack, because if privileged credentials are compromised, the attacker is able to move closer to sensitive data while remaining undetected.

 

69


Table of Contents
    Reconnaissance and lateral movement. Once armed with privileged credentials, attackers may conduct stealth reconnaissance across the network to locate other vulnerable systems, and then spread laterally across the network in search of target data and systems. As the attacker identifies an additional interesting target, it may again need to escalate its privileges to gain access to the newly identified system and then continue its reconnaissance.

 

    Data exfiltration. The final stage of an attack lifecycle is typically to exfiltrate the desired information from the target’s corporate network to a location that the attacker controls. Once the target information has been gathered in a staging area and is ready for exfiltration, the attacker can use its privileged access to bypass controls and monitoring technologies designed to prevent or detect exfiltration.

Malicious insiders continue to be a significant risk

Malicious insiders have historically been responsible for some of the most significant security breaches and continue to pose a significant risk to organizations. Insiders are generally trusted users such as employees, contractors and business partners. Insiders typically have trusted credentials and knowledge of the organization, and can therefore be extremely dangerous if they decide to exploit their position to steal confidential information, commit financial fraud, disrupt operations or cause other harm. Malicious insiders are often disgruntled employees or contractors driven by financial or personal motives and often seek valuable or sensitive information that can be used to harm the organization. These individuals and groups use their access to attempt to exploit privileged credentials in order to laterally move throughout the organization and gain access to valuable or sensitive information. In addition, accidental changes to system configuration settings or other system operating characteristics by well-intentioned insiders are also a significant risk, as they can cause expensive service disruptions and unknown security vulnerabilities.

Security-related regulatory and compliance requirements are challenging to manage

Governments and industry groups continue to enact new legislation and compliance standards regarding data protection and privacy and internal control. Furthermore, compliance requirements continue to become more stringent in response to the complex and evolving threat landscape. Regulations and compliance standards can overlap with one another, change very frequently, require costly and time consuming compliance measures and carry significant financial and reputational consequences for audit failure and non-compliance. Examples of such regulations include the Payment Card Industry Data Security Standard (PCI-DSS); the Federal Information Security Management Act (FISMA) and associated National Institute for Standards and Testing (NIST) Network Security Standards; the Sarbanes-Oxley Act; Title 21 of the U.S. Code of Federal Regulations, which governs food and drug industries; the North American Electric Reliability Corporation Critical Infrastructure Protection Plan (NERC-CIP); the German Federal Financial Supervisory Authority (BaFin) Minimum Requirements for Risk Management; and the requirements of Monetary Authority of Singapore’s Technology Risk Management Notices. The common theme of these regulations is generally a requirement that organizations implement control over privileged accounts, establish accountability to specific users and maintain a complete recording of privileged sessions.

Enterprises have historically relied on traditional security threat protection technologies

Organizations have invested heavily in security products to protect their IT infrastructure and valuable information. According to IDC, worldwide spending on IT security products is expected to grow from $32.0 billion in 2013 to $42.0 billion by 2017. Historically, the majority of this spending has been focused on perimeter threat protection products such as network, web and endpoint security. While prevention of the initial breach is an important layer of an enterprise security strategy, we do not believe that perimeter-based threat protection alone is sufficient to protect against today’s increasingly sophisticated and targeted external security threats or malicious insiders. Despite significant investments in perimeter-based threat protection solutions, most enterprises are still being breached. Therefore, we believe in the future a greater portion of the overall spend will be dedicated to solutions focused on the inside of the enterprise.

 

70


Table of Contents

Challenges in Protecting Privileged Accounts

The increasing sophistication, scale and frequency of advanced cyber attacks challenge traditional cybersecurity methods and create a need for a comprehensive approach to securing privileged accounts from use by external or internal attackers to gain access to and exploit an organization’s confidential data and IT systems. Such an approach must address a range of challenges presented by privileged accounts.

 

    Traditional security solutions’ limited ability to protect privileged credentials and critical assets from cyber attacks. Organizations worldwide continue to struggle to protect privileged credentials and critical assets despite significant investment in traditional perimeter, endpoint or identity-focused security solutions. Organizations’ attempts to solve this problem using a combination of disparate traditional security solutions do not address the unique requirements of securing privileged accounts. Without proactive, automated controls on privileged accounts, including privileged credential protection and real-time alerting on potential threats and malware isolation, attackers can bypass traditional security controls and exploit privileged accounts as a gateway to critical infrastructure, confidential data and other security solutions.

 

    Insufficient visibility and lack of automation in the management of privileged accounts. Traditional approaches to identifying and managing privileged accounts typically involve manual, time-consuming tasks performed on an infrequent or ad-hoc basis. These approaches do not ensure that organizations identify their complete inventory of privileged accounts or manage their privileged credentials securely. Manual approaches can result in common passwords used across multiple systems, unauthorized sharing of credentials, default passwords remaining in place and other behaviors that compromise security and leave IT systems susceptible to attack. These approaches do not provide a current, accurate and global picture of an organization’s security and compliance posture, decreasing security effectiveness and increasing IT operational costs.

 

    Inability to monitor and audit all privileged activity. Traditional information systems do not provide sufficient detail of privileged activities, or worse yet, allow privileged accounts to change security settings or delete system audit logs to hide wrongdoing. Without end-to-end monitoring and recording of all command-level privileged activities, organizations are unable to audit privileged activity. This leaves them at risk of failing compliance audits, being unable to hold privileged users accountable for their actions and lacking critical forensics information to help deconstruct and remediate an attack.

 

    Inadequate or delayed response time in detecting malicious and high risk behaviors. Many organizations often log high level privileged account activity as part of a broad, system-wide logging solution; however, this information is collected and stored amongst other vast data aggregations, and in many cases does not provide the right level of detail or context to understand what differentiates normal from anomalous behavior. Without regular and methodical review of these logs, identification of threats is often missed or delayed. Additionally, tampering with log files is one of the routine aspects of an advanced malware attack or internal hack, rendering such information or analysis inaccurate or incomplete. Organizations need a single platform that can collect and record complete, detailed records of privileged account activity, develop profiles of expected user behaviors and then alert in real-time on any deviations from expected behavior.

 

    Limited scalability of existing point solutions. Traditional solutions that attempt to address privileged account security are often delivered as tactical point tools rather than comprehensive solutions and lack enterprise-level scalability or support for globally distributed datacenters. In addition, an attempt to patch together such disparate point tools having different interfaces and architectures and typically provided by different vendors, leads to interoperability issues. Without a single, scalable solution, organizations must devote considerable time and resources to develop integration strategies for existing solutions with the rest of their IT security investments.

 

71


Table of Contents

Our Solution

Our solution provides proactive protection against cyber attacks from both external and internal sources and allows for real-time detection and neutralization of such threats. Our Privileged Account Security Solution provides organizations with the following benefits:

 

    Comprehensive platform for proactive protection of privileged credentials and target assets from cyber attacks. Our comprehensive solution for privileged account security enables our customers to proactively protect against and automatically detect and respond to in-progress cyber attacks before they strike vital systems and compromise sensitive data. Our unified solution to these previously disparate security needs enables our customers to preemptively remediate vulnerabilities and improve their security effectiveness from a central command and control point. We enhance the effectiveness of traditional security defenses by introducing a new security layer that prevents the misuse of privileged accounts which exist in virtually every piece of technology in the organization including security products.

 

    Automatic identification and understanding of the scope of privileged account risk. Our solution automatically detects privileged accounts across the enterprise and helps customers visualize the resulting compliance gaps and security vulnerabilities. This automated process reduces the time-consuming and error-prone task of manually tracking and updating privileged credentials, thereby decreasing IT operational costs. This enhanced visibility significantly improves the security posture of our customers and facilitates adherence to rigorous audit and compliance standards.

 

    Continuous monitoring, recording and secure storage of privileged account activity. Our solution monitors, collects and records individual privileged session activity down to every mouse click and keystroke. It also provides highly secure storage of privileged session recordings and robust search capabilities allowing organizations to meet their audit and compliance requirements. Session recordings also provide a full forensics record of privileged activity to facilitate a more rapid and precise response to malicious activity.

 

    Real-time detection, alerting and response to malicious privileged activity. Our Privileged Threat Analytics product builds on historical data collected by our comprehensive Privileged Account Security Solution and other network data sources to create and maintain a current profile of each privileged user’s behavior. It uses proprietary algorithms to profile and analyze individual privileged user behavior without impacting the privileged account session and creates prioritized alerts in real-time when abnormal activity is detected. These alerts allow our customers’ incident response teams to investigate and prioritize threatening activity and respond by terminating the active session.

 

    Purpose-built solution, architected for privileged account security. Our solution is architected across products to optimize security. Our Digital Vault, a secure repository for privileged credentials, offers multiple layers of security including robust segregation of duties, a secure proprietary communications protocol and military-grade encryption. Our Privileged Session Manager product establishes a single point of control for all privileged activity, effectively decreasing the attack surface by providing only proxy-based access to IT assets through our platform. This prevents infected administrator workstations from spreading malware or tampering with applications, databases and server configuration settings.

 

    Scalable and flexible platform that enables modular deployment. Our solution is scalable and flexible to enable deployments in large-scale distributed environments, and supports major operating systems, databases, applications, hypervisors, network devices and security appliances, for on-premise, cloud environments and industrial control systems. Every product in our Privileged Account Security Solution can be deployed and managed independently while still sharing resources and data from our shared technology platform. This design provides our customers the flexibility to deploy one or more of our products initially for a single use case and then expand over time to address more use cases or add additional solutions from our comprehensive platform.

 

72


Table of Contents

Our Market Opportunity

We believe that the security market is in the midst of a significant transition as enterprises are investing in a new generation of security solutions to help protect them against today’s sophisticated and targeted cyber threats from both external attackers and malicious insiders. Gartner estimates that by 2020, 60% of enterprise information security budgets will be allocated to rapid detection and response approaches, up from less than 10% in 2014. Recognizing that traditional perimeter-based threat protection solutions are not sufficient to protect against today’s advanced cyber threats, enterprises are investing in security solutions within the datacenter to protect the inside of their networks. According to a 2012 report by IDC, worldwide spending on datacenter security solutions was $10.7 billion in 2011 and is expected to grow to $16.5 billion by 2016, representing a compound annual growth rate of 9.3%. According to the same report, worldwide spending for IT security solutions was $28.4 billion in 2011 and is expected to grow to $40.8 billion in 2016, representing a compound annual growth rate of 7.6%.

We believe that privileged account security is a new, critical layer of security that is benefitting from this transition. Privileged accounts represent one of the most vulnerable aspects of an organization’s IT infrastructure and exist in nearly every connected device, server, hypervisor, operating system, database, application and industrial control system throughout on-premise and cloud-based datacenters. As a result, we believe that an increasing portion of the IT security budget, and specifically the datacenter security spend, will be allocated for privileged account security solutions.

Our Competitive Strengths

Our mission is to protect the heart of the enterprise from advanced cyber attacks. We have established a leadership position in protecting high-value data and critical IT assets by securing privileged accounts. Our leadership position in the market has been recognized in the IDC MarketScape: Worldwide Privileged Access Management 2014 Vendor Assessment. We have several key competitive strengths including:

 

    Trusted expert in privileged account security. We are a recognized brand name and a leader in privileged account security, protecting organizations worldwide against external threats that have already penetrated the perimeter, as well as threats that originate from within the perimeter by malicious or careless insiders. We have more than a decade of experience working with approximately 1,850 enterprises and government organizations, which we believe provides us with a competitive advantage in research, detection and remediation of privileged account security issues. This helps to ensure our products will continue to meet the continuously evolving business, security and operational requirements of the market.

 

    Technology leader driven by vision and focus on innovation. Our history of innovation is the cornerstone of our technology leadership. We pioneered Digital Vault technology, which is the foundation of our platform. In the following years, we introduced patented technology for application identity management, secure connectivity for remote vendors, integrated privileged activity monitoring, private and public cloud privileged account management and privileged threat analytics. We believe our commitment to continuous innovation through our culture and processes will continue to drive our market leadership over time.

 

    Global reach driven by direct and indirect sales organization. We have a broadly dispersed global hybrid sales channel as evidenced by our existing customer implementations in 65 countries. Our local presence in more than 20 countries and our broad network of over 200 channel and technology alliance partners worldwide underpins our product and brand success, and provides us with significant opportunities to grow our customer base while helping our current customers solve a greater portion of their security challenges.

 

   

Strong management team with significant IT security expertise. We have a highly talented management team, combining both public and private company experience and a demonstrated ability to effectively scale businesses. Our strong research and development organization has significant IT security expertise from past experience in leading IT security companies and Israel’s military

 

73


Table of Contents
 

technology units. We believe that our management team and engineering talent position us to continue to provide thought leadership and drive product innovation. We conduct our research and development activities in Israel, which we believe will continue to provide us with access to high quality engineering talent.

 

    Corporate culture committed to our customers’ success. Our culture reflects our employees’ passion for our mission and focus on protecting our customers and which we believe is a key ingredient of our success. Our commitment to our customers’ success is ingrained in our business strategy and is brought to life through constant customer interactions, employee functions and our engaging annual customer conferences attended by hundreds of customers and channel partners.

Our Growth Strategy

Our goal is to be the global leader in IT security solutions that protect organizations from cyber attacks that have made their way inside the network perimeter to strike at the heart of the enterprise. The key elements of our strategy to extend our global leadership include:

 

    Continue to innovate and enhance our solution. We intend to continue to innovate and develop new products and enhancements to existing products to strengthen our leadership position. For example, we introduced our first behavioral analytic product called Privileged Threat Analytics in December 2013 to enable our customers to profile and analyze individual privileged user behavior and create prioritized alerts when abnormal activity is detected. In addition, in November 2014 we continued the expansion of our proactive controls monitoring and management offering with the launch of SSH Key Manager, which is used by customers to authenticate privileged account users and verify trust during automated application-to-application communications. We also plan to continue our investment in advanced threat research to prevent attacks through emerging threat vectors, such as in privileged accounts for cloud environments and industrial control systems. We will also continue to engage with our customers to identify needs and opportunities that will enhance our future product development.

 

    Grow our customer base. We operate in a large, growing market and there are substantial opportunities to grow our customer base. We plan to leverage our strong global footprint across industry verticals, such as in financial services, pharmaceuticals, energy and utilities, telecommunications, retail, manufacturing and government, among others, to further expand our market reach. To drive the acquisition of new customers, we plan to grow our direct sales team, expand our channel partnerships and enhance our marketing efforts. In the future, we also plan to increasingly market our solution to middle-market organizations.

 

    Further penetrate our existing customer base. Our existing base of approximately 1,850 global customers provides a significant opportunity to drive incremental sales. Our platform provides our customers flexibility to deploy one or more of our products initially for a single use case and then expand over time to address more use cases as customer requirements expand. We therefore have a significant opportunity to expand by helping existing customers identify and address gaps in their privileged account security strategy. This opportunity results in the potential for upsells of additional products to address more use cases or incremental licenses of existing products to deploy throughout a customer’s infrastructure. We plan to pursue this strategy by further expanding our customer success team that is dedicated to ensuring the satisfaction and increased deployment of our products.

 

    Continue to expand our global presence by leveraging systems integrators and distribution partnerships. We believe there is a substantial opportunity to continue expanding our business globally as awareness of the need for privileged account security increases. Our channel partners, including systems integrators, distributors and value-added resellers, are a critical part of this expansion opportunity, especially in key emerging markets, such as those throughout Latin America, Eastern Europe and the Asia Pacific region. In 2014, approximately 50% of our revenues were generated from sales through our channel partners. In addition to adding new channel partners, we intend to strengthen existing channel partner relationships to drive greater sales of our products.

 

74


Table of Contents
    Selectively pursue strategic transactions. We may explore and pursue selective acquisitions to complement our product offerings, expand the functionality of our solution, acquire technology or talent, or bolster our leadership position by gaining access to new customers or markets.

Our Products

Our products secure organizations’ high-value data and critical IT assets by providing proactive protection against external and internal cyber threats and enabling real-time detection and neutralization of attacks.

Privileged Account Security Solution

 

 

LOGO

Our comprehensive, purpose-built Privileged Account Security Solution provides our customers a set of products that enable them to secure, manage and monitor privileged account access and activities. Our Privileged Account Security Solution consists of our Enterprise Password Vault, SSH Key Manager, Privileged Session Manager, Privileged Threat Analytics, Application Identity Manager and On-Demand Privileges Manager. These products share a common technology platform that includes our Digital Vault, Master Policy Engine and Discovery Engine, and integrates out of the box with over 100 types of IT assets in the datacenter or the cloud.

Enterprise Password Vault. Our Enterprise Password Vault provides customers with a powerful tool to manage and protect all privileged accounts across an entire organization, including physical, virtual or cloud-based assets. Customers can control how often to require scheduled password changes for different privileged accounts or grant passwords solely for one-time use based on operational needs and regulatory requirements. This automated process reduces the time-consuming and error-prone task of manually tracking and updating privileged credentials thereby enhancing system security and facilitating observance of audit and compliance standards.

SSH Key Manager. Our SSH Key Manager product, which we launched in November 2014, securely stores, rotates and controls access to SSH keys to prevent unauthorized access to privileged accounts. This includes the protection of keys at rest and in transit, granular access controls and integration with strong authentication solutions. Detailed audit logs and reporting capabilities provide visibility into key usage to meet audit and compliance requirements. SSH keys are used as an alternative to password credentials, commonly used for

 

75


Table of Contents

administrative access for users, devices and applications to UNIX and Linux systems. SSH Key Manager is a logical extension to our Privileged Account Security Solution, leveraging our shared technology platform infrastructure, enabling organizations to protect all privileged credentials with a single integrated platform that can be built out over time in accordance with business needs.

Privileged Session Manager. Our Privileged Session Manager protects IT assets including servers, applications, databases and hypervisors from malware and provides command-level monitoring and recording of all privileged activity. Privileged Session Manager prevents malware on an infected workstation from capturing a privileged credential and spreading to additional assets. It also provides a single point of control, forcing all privileged access to pass through our server, ensuring that all privileged activity is monitored and recorded. The single point of control also allows for real-time viewing of privileged activities, enabling customers to terminate privileged sessions in real-time as a threat is detected. In addition, Privileged Session Manager records complete privileged sessions and stores the recordings in the Digital Vault to prevent tampering. Auditors, forensics team and others are able to view and quickly search through an entire session recording for specific activities. Privileged Session Manager does not impact the privileged account session and can operate entirely in the background, although customers can opt to deter privileged account users from prohibited conduct by alerting users that their sessions are being recorded. We offer customers the choice of licensing Privileged Session Manager based on the number of devices secured or the number of concurrent sessions it monitors. Our Privileged Session Manager and Enterprise Password Vault serve complementary functions and are part of a shared platform. As such, we frequently sell them together.

Privileged Threat Analytics. Our Privilege Threat Analytics product uses proprietary algorithms to profile and analyze individual privileged user behavior and creates prioritized alerts when abnormal activity is detected. For example, our product can be used to detect privileged account access at unusual times or access to an abnormal quantity of privileged assets and terminate the session in real time. Privileged Threat Analytics uses historical data collected by our Privileged Account Security Solution and other network data sources to create and maintain a current profile of each privileged user’s behavior. It allows incident response teams to investigate the details that triggered the alert in order to prioritize and respond to the threat. We specialize in analyzing behavior related to privileged user behavior, thus providing vital intelligence on the most critical attack vector. This intelligence can be integrated into an organization’s existing systems and incident response processes enabling a faster response time.

Application Identity Manager. Our Application Identity Manager addresses the challenges of hard-coded, embedded credentials and cryptographic keys being hijacked and exploited by malicious insiders or external cyber attackers. This is enabled by our proprietary Digital Vault application provider technology, which eliminates the need to store such credentials in applications, scripts or configuration files. Instead, Application Identity Manager allows for secure, programmatic retrieval of needed credentials only at run-time and based on master policy control and monitoring.

On-Demand Privileges Manager. Our On-Demand Privileges Manager allows customers to limit the breadth of access of Unix/Linux administrative accounts and granularly restrict them from performing certain commands and functions. We also offer this product to customers using Windows through software licensed from an outside vendor.

Shared Technology Platform. Our shared technology platform is the foundation of our Privileged Account Security Solution and includes our Digital Vault, Master Policy Engine and Discovery Engine. Our Digital Vault is an encrypted server that only responds to preset vault protocols to ensure security throughout an organization’s network. Our Privileged Account Security Solution’s products use our Digital Vault to safely store, audit and manage passwords, privileged credentials, policy information and privileged account session data. Our Master Policy Engine provides a single, user-friendly interface for customers to set, manage and monitor privileged account security policies across an entire organization in a matter of minutes while allowing for granular level exceptions to meet the organization’s unique operational needs. Our Discovery Engine enables organizations to

 

76


Table of Contents

understand the scope of privileged account risk and helps to ensure that all privileged account activity is accounted for by automatically discovering new privileged accounts or changes to existing accounts. Our platform integrates out of the box with over 100 types of IT assets in the datacenter or the cloud, including leading operating systems, databases, network devices, security appliances, hypervisors, applications, industrial control systems and application servers. Our platform further leverages our proprietary vault protocol technology to enable distributed deployments across global networks for central management and auditing while providing enterprise-wide global coverage.

Sensitive Information Management Solution

Our Sensitive Information Management Solution provides a secure platform through which our customers’ employees can share sensitive files while enabling the customer to monitor who is sharing these files. This allows organizations to isolate, store, share and track sensitive files and documents, such as customer credit card information, human resource records, intellectual property documents and legal information in a secure, internal environment. It also allows organizations to exchange sensitive information securely and efficiently with their business partners, customers, suppliers and subcontractors. Our Sensitive Information Management Solution integrates with an organization’s existing applications and can be deployed on-premise or as a cloud service for faster audit readiness without the need for significant upfront cost.

Our Services

Maintenance and Support

Our customers typically purchase one year or, to a lesser extent, three years, of software maintenance and support in conjunction with their initial purchase of our products. Thereafter, they can renew such maintenance and support for additional one or three-year periods. These two alternative maintenance and support periods are common in the software industry. Customers pay for each alternative in full at the beginning of their terms. The substantial majority of our contracts sold are for a one-year term. For example, for the years 2012 through 2014 more than 90% of the renewal contracts were for one year terms.

Our global customer support organization has expertise in our software and how it interacts with complex IT environments. When sales are made to customers directly, we typically also provide any necessary maintenance and support pursuant to a maintenance and support contract directly with the customer. When sales are made through indirect channels, the channel partner typically provides the first and second level support and we provide only the third level support if the issue cannot be resolved by the channel partner.

Our maintenance and support program provides customers the right to software bug repairs, the latest system enhancements and updates on an if and when available basis during the maintenance period, and access to our technical support services. Our technical support services are provided via our online support center, which enables customers to submit new support queries and monitor the status of open and past queries. Our online support system also provides customers with access to our CyberArk Knowledge Base, an online user-driven information repository that provides customers the ability to address their own queries. Additionally, we offer email and telephone support during business hours to customers that purchase a standard support package and 24/7 availability to customers that purchase a premium support package.

Professional Services

Our products are designed for customers to be able to download, install and deploy our software on their own. They are highly configurable and many customers will select either one of our many trained channel partners or our professional services team to provide services. Our professional services team can be contracted to help customers fully plan, install and configure their solution to the needs of each organization’s security and IT environment. Our professional services team provides ongoing consulting services regarding best practices

 

77


Table of Contents

and the proper implementation of our solution to meet the requirements of each customer. Additionally, they teach best practices associated with use of our software through CyberArk University, which offers in-person and WebEx courses globally.

Our Technology

Our comprehensive Privileged Account Security Solution relies on a set of proprietary technologies that provide a high level of security, scalability and reliability. The core technologies included in our solution are as follows:

Secure Digital Vault Technology. Our proprietary Digital Vault technology provides a highly secure, isolated environment, independent of other software, and is engineered with multiple layers of security. Our Digital Vault provides a data encryption mechanism that eliminates the need for encryption key management by the end user, while each object in our Digital Vault is encrypted with its own unique encryption key. To ensure security throughout the network, our Digital Vault communicates within an organization’s network and over the internet through a proprietary and highly protected Vault Protocol, enabling an organization to implement the centrally managed Privileged Account Security Solution with products located in multiple datacenters and geographic locations. Our Digital Vault provides an additional level of protection by preventing the vault administrator from accessing or discovering protected data stored within it. In addition, our Digital Vault database is embedded, isolated and self-managed as part of our Digital Vault software, thereby blocking database administrator access to our Digital Vault database to further eliminate threats. Our Privileged Account Security Solution’s additional products use the highly secured Digital Vault to safely store, audit and manage passwords, privileged credentials, policy information and privileged account session data.

Sophisticated Threat Analytics Algorithms. Our team of cyber experts and development engineers has developed proprietary algorithms that are at the core of our Privileged Threat Analytics product. These algorithms were developed using our deep understanding of cybersecurity and cyber attack techniques, together with over a decade of rich experience in analyzing privileged account activities. Our Privileged Threat Analytics product uses these proprietary algorithms to construct a behavioral profile for privileged users within an organization and continuously updates the profile based on normal changes in behavior. Once a behavioral profile is established, the threat analytics algorithms provide the ability to look for deviations from that profile in order to identify anomalies in user behavior. It then scores each individual anomaly and determines the level of threat based on the correlation of such anomalous events. Alerts with full details of the incident, including the probability of malicious intent, can be raised immediately, allowing an organization’s incident response team to review the potential threat and take action when necessary.

Strong Application Authentication and Credential Management. Our Application Identity Manager product’s architecture allows an organization to eliminate hard-coded application credentials, such as passwords and encryption keys, from applications and scripts. Our secure, proprietary product permits authentication of an application during run-time, based on any combination of the application’s signature, executable path, or IP address, and operating system user. Following application authentication, the authenticated application uses a secure application programming interface, or API, to request privileged account credentials during run-time and, based on the application permissions in our Privileged Account Security Solution, up-to-date credentials are provided to the application. To ensure business continuity, and high availability and performance even within complex and distributed network environments, our advanced product architecture provides a secure local credentials cache on the application server, eliminating the dependency on network availability and traffic during a run-time application credential request. Our proprietary architecture provides even higher value in application server environments, allowing an organization to eliminate application credentials without the need to perform any code changes and without impacting application availability.

Privileged Session Recording and Controls. Our innovative privileged session recording and control mechanisms provide the ability to isolate an organization’s IT systems from end-user desktops, while monitoring and recording the privileged session activities. Our proprietary architecture provides a highly secure, proxy-based

 

78


Table of Contents

solution that does not require agent installation on the target systems and provides a single-access control point to the target systems. The architecture blocks direct communication between an end-user’s desktop and a target system, thus preventing potential malware on the desktop from infiltrating the target system. This architecture further ensures that privileged credentials will remain protected and will not be exposed to the end-user or reach the desktop. Comprehensive recording capabilities provide the ability to record every keystroke and mouse click on the privileged session, and also provide DVR-like recordings with search, locate and alert capabilities.

Our Customers

Our customer base has grown from approximately 990 customers as of December 31, 2011 to approximately 1,850 customers as of March 31, 2015, including approximately 40% of the Fortune 100 and approximately 18% of the Global 2000. Our customers include leading organizations in a diverse set of industries, including energy and utilities, financial services, healthcare, manufacturing, retail, technology and telecommunications, as well as government agencies.

Our business is not dependent on any particular customer. No customer or channel partner accounted for more than 10% of our revenues in any of the last three years. Our diverse global footprint is evidenced by the fact that in 2014, we generated 59.0% of our revenues from customers in the United States, 32.2% from the EMEA region and 8.8% from the rest of the world. Set forth below is a representative list of our customers. We selected these customers because they operate across a range of verticals, each of them spent a meaningful amount on products during the last two years and each is currently party to a maintenance and support contract with us.

 

Name

  

Industry

ANZ Banking Group Limited (Australia)    Financial services
American Electric Power    Energy and utilities
BT Group plc    Telecommunications
ConAgra Foods, Inc.    Retail
DBS Bank Ltd    Financial services
Exelon Corporation    Energy and utilities
ING North America Insurance Corporation    Insurance
Humana Inc.    Healthcare and pharmaceuticals
Manulife Financial Corporation    Financial services
Salesforce.com Inc.    Technology
Southwest Airlines Co.    Travel
Union Bank, N.A.    Financial services
Vodafone Group plc    Telecommunications

Case Studies

The following case studies are representative examples of how some of our customers in key verticals have selected, deployed and benefited from our solution.

Software Company

Challenge. A global software company needed to address a number of audit findings related to security controls of privileged accounts and strengthen its security after a serious security incident.

Solution and benefits. In 2010, this company selected us to address an initial audit finding in one of its departments. To do so, they licensed our Enterprise Password Vault to implement and manage proactive controls on privileged accounts. That deployment was expanded to other departments within the company to address similar audit issues over the next few years. In 2013, following a serious security incident in an area of its business previously unprotected by our solution, the company licensed Application Identity Manager, Privileged

 

79


Table of Contents

Session Manager and Privileged Threat Analytics. We understand from discussions with this customer that it made this decision based on our strong, existing relationship with this customer, our comprehensive Privileged Account Security Solution and their confidence in our experience with complex deployments. Total orders as of March 31, 2015 from this customer are over 140 times greater than the customer’s original order in 2010, which was approximately $45,000.

Healthcare Company

Challenge. A North-America-based managed healthcare company needed to address HIPAA-related audit findings regarding privileged account controls and monitoring. As their concerns for the security of their patients’ information grew as a result of high profile, high impact breaches, their senior executive team decided to implement a more aggressive, proactive security program.

Solution and benefits. To address the department-level audit findings, the company licensed Enterprise Password Vault in 2009. As part of their more aggressive, proactive security program, the company significantly expanded their deployment of Enterprise Password Vault across the enterprise in mid-2014, and added Privileged Session Manager later in the year. Our solution enables the company to proactively protect access to privileged accounts, monitor and record all privileged activity. Total orders as of March 31, 2015 from this customer are over eight times greater than the initial product order in 2009, which was approximately $440,000.

Insurance Company

Challenge. A North America-based global insurance company needed to resolve a high-severity internal audit finding regarding poor control and management around aspects of its privileged account security. At the same time, the company was beginning to tackle PCI compliance across the organization, discovering the need for a comprehensive means to manage and secure privileged accounts to scale the entire organization.

Solution and benefits. Addressing the immediate need created by the audit, this company licensed Enterprise Password Vault in 2007 to secure the exposed critical privileged accounts. Over the next four years as the insurance company tackled its PCI compliance mandate, the company expanded its use of Enterprise Password Vault, added Application Identity Manager and replaced home-grown technology with Privileged Session Manager to help ensure successful future audits. Total orders as of March 31, 2015 from this customer are over 28 times greater than the customer’s original order in 2007, which was approximately $110,000.

Energy Provider

Challenge. A North America-based provider of natural gas and crude oil needed to protect its industrial control systems from cyber threats. This company was particularly concerned about the added risk of using remote third parties to manage and maintain its natural gas and petroleum distribution systems worldwide.

Solution and benefits. In 2013, this company licensed our Enterprise Password Vault and Privileged Session Manager to provide a single, integrated solution that protects privileged user access to the management consoles of the customer’s industrial control systems and monitor and record the details of each privileged session. Our solution enables the company to closely control, monitor and audit the activity of third-party vendors and contractors. Total orders as of March 31, 2015 from this customer are approximately 2.5 times greater than the customer’s original order in 2013, which was approximately $175,000.

Financial Services Company

Challenge. A North America-based financial services company initiated a comprehensive, high-value asset protection project in response to increasing threats to its IT infrastructure and customer data. In addition to other data protection and monitoring technologies, this company recognized that it was critical to secure privileged account access to its critical systems and data.

 

80


Table of Contents

Solution and benefits. As part of a “defense in depth” strategy, this company licensed Enterprise Password Vault and Privileged Session Manager in 2012 to protect access to privileged accounts, isolate target assets from malware and monitor privileged activity. We believe this customer’s confidence in our ability to comprehensively address its privileged account security challenges, our architectural approach to session monitoring and isolation and our expertise with privileged account security deployments were key drivers of their decision. Total orders as of March 31, 2015 from this customer are over four times greater than the customer’s original order in 2012, which was approximately $650,000.

Diversified Infrastructure and Financial Services Firm

Challenge. A diversified infrastructure and financial services firm required proactive controls on privileged user and application credentials to be compliant with Sarbanes-Oxley after an external auditor identified its lack of privileged account security controls as a corporate-wide IT security risk.

Solution and benefits. In 2011, this company licensed our Enterprise Password Vault and On-Demand Privileges Manager to implement controls and manage policies on privileged user credentials and limit the scope of access for privileged users. We believe this company selected our solution to address its compliance and risk concerns because of our unified offering, scalability and performance, global presence and ability to work across traditional and cloud-based assets. Since its initial deployment, this company has expanded its use of our solution and has licensed our Application Identity Manager to dynamically manage privileged application credentials. Total orders as of March 31, 2015 from this customer are over two times greater than the customer’s original order in 2011, which was approximately $1.3 million.

Sales and Marketing

Sales

We believe that our hybrid sales model, which combines the leverage of high touch, channel sales with the account control of direct sales, has played an important role in the growth of our customer base to date. We maintain a highly trained sales force that is responsible for developing and closing new business the management of relationships with our channel partners and the support and expansion of relationships with existing customers. Our sales organization is organized by geographic regions, consisting of the Americas, EMEA and Asia Pacific region. As of March 31, 2015, our global network of channel partners consisted of over 200 resellers and distributors. Our channel partners generally complement our sales efforts by helping to identify potential sales targets, maintaining relationships with certain customers and introducing new products to existing customers and offering post-sale professional services and technical support. In 2014, we generated approximately 50% of our revenues from direct sales from our field offices located throughout the world. The majority of our sales in the United States are direct while the substantial majority of our sales in the EMEA region and the rest of the world are through channel partners. We work with many global systems integration partners, such as Hewlett-Packard Company and Wipro Limited, and several leading regional security value added resellers, such as Accuvant, Inc. and FishNet Security, Inc. (which recently merged their activities) and Computacenter Services and Solutions. These companies were each among our top 10 channel partners and we have derived a meaningful amount from sales to each of them during the last two years.

Our sales cycle varies by size of the customer, the number of products purchased and the complexity of the customer’s IT infrastructure, ranging from several weeks for incremental sales to existing customers to many months for sales to new customers or large deployments. To support our broadly dispersed global channel and customer base, as of March 31, 2015, we had sales personnel in 23 countries. We plan to continue investing in our sales organization to support both the growth of our channel partners and our direct sales organization.

Marketing

Our marketing strategy is focused on building our brand strength, communicating the benefits of our solution, developing leads and increasing sales to existing customers. We market our software as a solution to

 

81


Table of Contents

stop cyber threats before they have the chance to stop business. We execute our strategy by leveraging a combination of internal marketing professionals and a network of channel partners to communicate the value proposition and differentiation for our product, generating qualified leads for our sales force and channel partners. Our marketing efforts also include public relations in multiple regions and extensive content development available through our recently redesigned website. We are focused on an ongoing thought-leadership campaign to establish ourselves as a leader in the cybersecurity market. Our marketing team is expanding its efforts by investing in analytics-driven lead development, stronger global coordination, quick response to current events and proactive and consistent communication with market analysts.

Research and Development

Continued investment in research and development is critical to our business. Our research and development efforts are focused primarily on improving and enhancing our existing products and services, as well as developing new products, features and functionality. We believe the timely development of new products is essential to maintaining our competitive position. We regularly release new versions of our software which incorporate new features and enhancements to existing ones. We also maintain a dedicated team that researches reported advanced cyber attacks, the attackers’ techniques and methods that lead to new security development initiatives for our products and provide thought-leadership on targeted attack mitigation.

As of March 31, 2015, we had 126 employees focused on research and development. We conduct our research and development activities in Israel and we believe this provides us with access to world class engineering talent. Our research and development expenses were $7.3 million, $10.4 million and $14.4 million in 2012, 2013 and 2014, respectively. For the three months ended March 31, 2014 and 2015, research and development expenses were $3.2 million and $4.1 million, respectively.

Intellectual Property

We rely on a combination of patent, trademark, copyright and trade secret laws, confidentiality procedures and contractual provisions to protect our technology and the related intellectual property. As of March 31, 2015, we had two issued patents and 15 pending patent applications in the United States. We also had one provisional patent application in the United States. We also had two patents issued and 17 applications pending for examination in non-U.S. jurisdictions, and two pending Patent Cooperation Treaty patent examinations, all of which are counterparts of our U.S. patent applications. The claims for which we have sought patent protection relate to several elements in our technology, including the Discovery Engine within our Privileged Account Security Solution, Digital Vault, SSH Key Manager, Privileged Threat Analytics, Privileged Session Manager and Application Identity Manager.

We generally enter into confidentiality agreements with our employees, consultants, service providers, resellers and customers and generally limit internal and external access to, and distribution of, our proprietary information and proprietary technology through certain procedural safeguards. These agreements may not effectively prevent unauthorized use or disclosure of our intellectual property or technology and may not provide an adequate remedy in the event of unauthorized use or disclosure of our intellectual property or technology.

Our industry is characterized by the existence of a large number of relevant patents and frequent claims and related litigation regarding patent and other intellectual property rights. In particular, leading companies in the security industry have extensive patent portfolios. If we become more successful, we believe that competitors will be more likely to try to develop products that are similar to ours and that may infringe our proprietary rights. It may also be more likely that competitors or third parties will claim that our products infringe their proprietary rights. From time to time, third parties have asserted and may assert their patent, copyright, trademark and other intellectual property rights against us, our channel partners, users or customers, whom our standard license and other agreements obligate us to indemnify against such claims. Successful claims of infringement or misappropriation by a third party could prevent us from distributing certain products or performing certain services or could require us to pay substantial damages (including, for example, treble damages if we are found

 

82


Table of Contents

to have willfully infringed patents and increased statutory damages if we are found to have willfully infringed copyrights), royalties or other fees. Such claims also could require us to cease making, licensing or using solutions that are alleged to infringe or misappropriate the intellectual property of others, or to expend additional development resources to attempt to redesign our products or services or otherwise to develop non-infringing technology; enter into potentially unfavorable royalty or license agreements in order to obtain the right to use necessary technologies or intellectual property rights; and to indemnify our partners or other third parties. Even if third parties may offer a license to their technology, the terms of any offered license may not be acceptable, and the failure to obtain a license or the costs associated with any license could cause our business, results of operations or financial condition to be materially and adversely affected.

Competition

The IT security market in which we operate is characterized by intense competition, constant change and innovation. We believe that none of our competitors offer a fully comprehensive and integrated privileged account security solution; however, we do compete with companies that offer a broad array of IT security products. Our current and potential future competitors include CA, Inc., Dell Inc., International Business Machines Corporation and Oracle Corporation, in the access and identity management market, as well as providers of advanced threat protection solutions such as Hewlett-Packard Company, EMC Corporation, International Business Machines Corporation, FireEye, Inc., Splunk Inc. and Palo Alto Networks, Inc. and other smaller companies that offer products with a more limited range of functionality than our own offerings.

The principal competitive factors in our market include:

 

    the breadth and completeness of a security solution;

 

    reliability and effectiveness in protecting, detecting and responding to cyber attacks;

 

    analytics and accountability at an individual user level;

 

    ability of customers to achieve and maintain compliance with compliance standards and audit requirements;

 

    strength of sale and marketing efforts, including distribution and channel relationships;

 

    global reach and customer base;

 

    scalability and ease of integration with an organization’s existing IT infrastructure and security investments;

 

    brand awareness and reputation;

 

    innovation and thought leadership;

 

    quality of customer support;

 

    speed at which a solution can be deployed; and

 

    price of a solution and cost of maintenance and professional services.

We believe we compete favorably with our competitors on the basis of these factors. However, some of our current and potential future competitors may enjoy potential competitive advantages, such as greater name recognition, longer operating history, larger market share, larger existing user base and greater financial, technical and other resources.

Properties

Our corporate headquarters are located in Petach Tikva, Israel in an office consisting of approximately 38,320 square feet. The lease for this office expires in December 2016. We recently signed a new lease with our

 

83


Table of Contents

current landlord which will commence in 2017. Our U.S. headquarters are located in Newton, Massachusetts in an office consisting of approximately 21,000 square feet. The lease for this office expires in April 2022 with the option to extend for two successive five-year periods. We maintain additional sales offices in England, France, Germany and Singapore. We believe that our facilities are sufficient to meet our ongoing needs and that if we require additional space to accommodate our growth we will be able to obtain additional facilities on commercially reasonable terms.

Employees

As of March 31, 2015, we had 487 employees and subcontractors with 202 located in Israel, 161 in the United States, 41 in the United Kingdom and 83 across 21 other countries. The following table shows the breakdown of our global workforce of employees and subcontractors by category of activity as of the dates indicated:

 

Department

   As of December 31,      As of March 31,  
       2012          2013          2014        2015  

Sales and marketing

     100         135         202         231   

Research and development

     70         95         119         126   

Services and support

     47         60         76         91   

General and administrative

     22         27         33         39   
  

 

 

    

 

 

    

 

 

    

 

 

 

Total

  239      317      430      487   

With respect to our Israeli employees, Israeli labor laws govern the length of the workday, minimum wages for employees, procedures for hiring and dismissing employees, determination of severance pay, annual leave, sick days, advance notice of termination of employment, equal opportunity and anti-discrimination laws and other conditions of employment. Subject to certain exceptions, Israeli law generally requires severance pay upon the retirement, death or dismissal of an employee, and requires us and our employees to make payments to the National Insurance Institute, which is similar to the U.S. Social Security Administration. Our employees have pension plans that comply with the applicable Israeli legal requirements and we make monthly contributions to severance pay funds for all employees, which cover potential severance pay obligations.

None of our employees work under any collective bargaining agreements. Extension orders issued by the Israeli Ministry of Economy (formerly the Israeli Ministry of Industry, Trade and Labor) apply to us and affect matters such as cost of living adjustments to salaries, length of working hours and week, recuperation pay, travel expenses, and pension rights. We have never experienced labor-related work stoppages or strikes and believe that our relations with our employees are satisfactory.

Legal Proceedings

From time to time, we may be subject to legal proceedings and claims in the ordinary course of business. We are not currently a party to any material litigation. Regardless of the outcome, litigation can have an adverse impact on us because of defense and settlement costs, diversion of management resources and other factors.

 

84


Table of Contents

MANAGEMENT

Executive Officers and Directors

The following table sets forth the name, age and position of each of our executive officers and directors as of the date of this prospectus:

 

Name

  

Age

  

Position

Executive Officers

     

Ehud (Udi) Mokady

   46    Chief Executive Officer, President, Founder and Director

Chen Bitan

   45    General Manager, EMEA & Asia Pacific

Joshua Siegel

   51    Chief Financial Officer

Ronen (Ron) Zoran

   40    Vice President, Americas Sales

Nick Baglin

   40    Vice President, EMEA Sales

Dan Dinnar

   45    Vice President, Asia Pacific Sales

Roy Adar

   44    Senior Vice President, Product Management

John Worrall

  

56

   Chief Marketing Officer

Directors

     

Gadi Tirosh(3)(4)

   49    Chairman of the Board

David Campbell(1)(3)(4)

   52    Director

Ron Gutler(1)(2)(3)(4)(5)

   57    Director

Raphael (Raffi) Kesten(4)

   61    Director

Kim Perdikou(1)(2)(4)(5)

   57    Director

David Schaeffer(4)

   59    Director

Amnon Shoshani(2)(4)

   51    Director

 

(1) Member of our compensation committee.
(2) Member of our audit committee.
(3) Member of our nominating and governance committee.
(4) Independent director under the rules of the NASDAQ Stock Market.
(5) External director under the Companies Law.

Executive Officers

Ehud (Udi) Mokady is one of our founders, has served as our President and Chief Executive Officer since 2005 and previously served as our Chief Operating Officer from 1999 to 2005. From 1997 to 1999, Mr. Mokady served as general counsel at Tadiran Spectralink Ltd., a producer of secure wireless communication systems. From 1986 to 1989, Mr. Mokady served in a military intelligence unit in the Israel Defense Forces. Mr. Mokady was honored by a panel of independent judges with the New England EY Entrepreneur Of The Year™ 2014 Award in the Technology Security category. Mr. Mokady holds a Bachelor of Laws (LL.B.) from Hebrew University in Jerusalem, Israel and a Master of Science Management (MSM) from Boston University in Massachusetts.

Chen Bitan has served as our General Manager of EMEA & Asia Pacific since 2005 and as Head of Research & Development since 1999. From March 1998 to April 1999, Mr. Bitan worked as Project Manager for Amdocs Software Ltd., leading the development of billing and customer care systems for telecommunications providers. From 1995 to 1998, he worked for Magic Software Ltd. as Research and Development Group Manager leading the development of their 4GL products for the Asia Pacific market. From 1988 to 1995, Mr. Bitan led the programming education department as Department Manager at the Israel Defense Forces (IDF) Computer Studies Academy (Mamram). Mr. Bitan holds a Bachelor of Science in computer science and political science from Bar-Ilan University in Ramat-Gan, Israel.

Joshua Siegel has served as our Chief Financial Officer since May 2011. Prior to joining CyberArk, Mr. Siegel served as Chief Financial Officer for Voltaire Ltd., a provider of InfiniBand and Ethernet connectivity solutions,

 

85


Table of Contents

from December 2005 to February 2011, and as Director of Finance and then Vice President of Finance from April 2002 to December 2005. Voltaire completed an initial public offering and listing on NASDAQ in 2007 and was acquired by Mellanox Technologies, Ltd. in 2011. From 2000 to 2002, he was Vice President of Finance at KereniX Networks Ltd., a terabit routing and transport system company. From 1995 to 2000, Mr. Siegel served in various positions at Lucent Technologies Networks Ltd. (formerly Lannet Ltd.). From 1990 to 1995, he served in various positions at SLM Corporation (Sallie Mae—Student Loan Marketing Association). Mr. Siegel holds a Bachelor of Arts in economics and a Master of Business Administration (MBA) with a concentration in finance from the University of Michigan in Ann Arbor.

Ronen (Ron) Zoran has served as our Vice President of Americas Sales since January 2015 and has worked at CyberArk since our founding in 1999. Mr. Zoran has held several sales leadership positions at the Company, including Vice President of North America Sales from July 2013 to December 2014, Regional Director and Senior Director of Channels from January 2005 to June 2013, as well as research and development positions, such as R&D Group Manager and Director of Technical Services. From 1993 to 1999, Mr. Zoran served as an Officer and R&D Group Manager at the Technological Computer Center of the Israeli Defense Forces. He holds an MBA from Northeastern University and a Bachelor of Arts in Computer Science from Bar-Ilan University.

Nick Baglin has served as our Vice President of EMEA Sales since May 2012. Prior to joining CyberArk, Mr. Baglin worked for HP Enterprise Security Services, as EMEA General Manager and Global Sales Director from May 2011 to May 2012 and as Global Sales Director from December 2010 to May 2011. From January 2001 to December 2010, he worked for Vistorm Ltd., a provider of information assurance and managed security services, in various positions, including Director of Sales. Mr. Baglin holds a Bachelor of Science from the Manchester Metropolitan University in the United Kingdom.

Dan Dinnar has served as our Vice President of Asia Pacific Sales since August 2005 and was our Director of Sales in the Americas from 2002 to 2005. From 1999 to 2002, Mr. Dinnar served as Director of Sales at ProActivity, Inc., a business process re-engineering company. He holds a Bachelor of Arts in economics and business from the Technion—Israel Institute of Technology in Haifa, Israel. Mr. Dinnar will be leaving CyberArk in August 2015.

Roy Adar has served as our Senior Vice President of Product Management since February 2015. From January 2006 to January 2015, Mr. Adar served as our Vice President of Product Management. Prior to joining CyberArk, Mr. Adar held the position of Product Manager at NICE Systems Ltd., an Israeli software company, from 2002 through 2005. From 1997 to 2001, he worked at Integrity Systems, Inc., a technology support company, in several roles, including product development group manager and senior IT consultant. Mr. Adar holds an MBA from the Kellogg School of Management at Northwestern University in Illinois and a Bachelor of Arts in computer science from Open University in Tel Aviv, Israel.

John Worrall has served as our Chief Marketing Officer since December 2012. From May 2011 to December 2012, Mr. Worrall served as the Executive Vice President for CounterTack, Inc., a threat detection solutions company. From May 2010 to June 2011, Mr. Worrall was the Chief Marketing Officer for ActivIdentity, a cybersecurity group of HID Global Corporation, an enterprise security company. From January 2010 to April 2010, he carried out independent consulting projects. From November 1997 to August 2008, Mr. Worrall worked in various positions at RSA Security, Inc., including serving as Vice President and General Manager from January 2007 to August 2008, as Senior Vice President in Marketing from October 2005 to December 2006 and as Vice President of Global Marketing from January 2002 to September 2005. Mr. Worrall holds a Bachelor of Arts in economics from St. Lawrence University in New York.

Directors

Gadi Tirosh has served as a member of our board of directors since June 2011 and as chairman of the board since July 2013. Since 2005, Mr. Tirosh has served as Managing Partner at Jerusalem Venture Partners, an Israeli venture capital firm that focuses, among other things, on cyber-security companies and operates the JVP Cyber Labs incubator. From 1999 to 2005, he served as Corporate Vice President of Product Marketing and as a

 

86


Table of Contents

member of the executive committee for NDS Group Ltd. (later acquired by Cisco Systems, Inc.) a provider of end-to-end software solutions to the pay-television industry, including content protection and video security. Mr. Tirosh holds a Bachelor of Science in computer science and mathematics and an Executive MBA from the Hebrew University in Jerusalem, Israel.

David Campbell has served as a member of our board of directors since 2011. Mr. Campbell joined the Goldman Sachs’ Merchant Banking Division in 2004, where he currently serves as a Managing Director. Prior to this he held senior roles within Goldman Sachs’ Technology Group, including being elected to Technology Fellow in 2002. Additionally, Mr. Campbell serves on a number of technology company boards, including Applause Inc., AppSense Inc., AvePoint, Inc., BackOffice Associates, LLC, MetricStream Inc., ScienceLogic, Inc. and Spiceworks Inc. Mr. Campbell received a Bachelor of Engineering (Electrical) and a Bachelor of Arts from the University of Queensland in Australia.

Ron Gutler has served as a member of our board of directors since July 2014 and serves as an external director under the Companies Law. From May 2002 through February 2013, Mr. Gutler served as the Chairman of NICE Systems Ltd., a public company specializing in voice recording, data security, and surveillance. Between 2000 and 2011, Mr. Gutler served as the Chairman of G.J.E. 121 Promoting Investment Ltd., a real estate company. Between 2000 and 2002, Mr. Gutler managed the Blue Border Horizon Fund, a global macro fund. Mr. Gutler is a former Managing Director and a Partner of Bankers Trust Company, which is currently part of Deutsche Bank. He also established and headed the Israeli office of Bankers Trust. Mr. Gutler is currently a director of Wix.com Ltd. (NASDAQ: WIX). Mr. Gutler holds a Bachelor of Arts in economics and international relations and an MBA, both from the Hebrew University in Jerusalem.

Raphael (Raffi) Kesten has served as a member of our board of directors since April 2014. Since February 2015, Mr. Kesten has served as Managing Partner at Jerusalem Venture Partners as well as executive adviser to the Chairman and CEO of Cisco Systems, Inc. and to the Service Provider Video Security, Software & Solutions Group at Cisco Systems, Inc. He served as the Vice President of Service Provider Video Security, Software & Solutions Group at Cisco Systems, Inc. from 2012 to 2014. From 2000 to February 2015, Mr. Kesten has served as a Venture Partner for Jerusalem Venture Partners. He served as Senior Vice President and Chief Operating Officer at NDS Group Holdings Ltd. (later acquired by Cisco Systems, Inc.) from 2006 to 2012. From 1996 to 2006, Mr. Kesten worked as Vice President and General Manager of NDS Technologies Israel Limited. From 1991 to 1995, he served as Vice President of Operations and Production of Imaging Products at Indigo N.V. (later acquired by Hewlett-Packard Company). Between the years 1982 to 1991, Mr. Kesten held several engineering and managerial positions with Intel, Inc. Mr. Kesten holds a Bachelor of Science in chemical engineering from Ben-Gurion University of the Negev in Beer-Sheva, Israel and he completed the certificate program in Senior Business Management at the Hebrew University in Jerusalem, Israel.

Kim Perdikou has served as a member of our board of directors since July 2014 and serves as an external director under the Companies Law. Ms. Perdikou served as the Juniper Networks, Inc. board observer on two of Juniper’s portfolio companies from January 2013 to July 2014. From 2010 to August 2013, Ms. Perdikou served as the Executive Vice President for the Office of the Chief Executive Officer at Juniper Networks, Inc. Before that she served as the Executive Vice President and General Manager of Infrastructure Products Group and as Chief Information Officer at Juniper Networks, Inc. from 2006 to 2010 and from August 2000 to January 2006, respectively. Ms. Perdikou served on the board of directors and audit committee of Lam Research Corporation, a major provider of wafer fabrication equipment and services, from May 2011 to November 2012. Ms. Perdikou served as Chief Information Officer at Women.com from June 1999 to August 2000, and held the position of Vice President, Global Networks, at Reader’s Digest from March 1992 to April 1998, as well as leadership positions at Knight Ridder from June 1999 to August 2000, and Dun & Bradstreet from August 1989 to March 1992. Ms. Perdikou holds a Bachelor of Science in Computing Science with Operational Research from Paisley University in Paisley, Scotland, a Post-Graduate degree in Education from Jordanhill College in Glasgow, Scotland and a Masters in Information Systems from Pace University in New York.

 

87


Table of Contents

David Schaeffer has served as a member of our board of directors since May 2014. Mr. Schaeffer has served as the Chairman, Chief Executive Officer and President of Cogent Communications, Inc. (NASDAQ: CCOI), an internet service provider based in the United States that is listed on NASDAQ, since he founded the company in August 1999. Mr. Schaeffer was the founder of Pathnet, Inc., a broadband telecommunications provider, where he served as Chief Executive Officer from 1995 until 1997 and as Chairman from 1997 until 1999. Mr. Schaeffer holds a Bachelor of Science in Physics from the University of Maryland.

Amnon Shoshani has served as a member of our board of directors since November 2009. Since February 1995, Mr. Shoshani has served as the Founder and Managing Partner of Cabaret Holdings Ltd. and, since March 1999, he has also served as Managing Partner of Cabaret Security Ltd. and ArbaOne Inc. ventures activities where he had a lead role in managing the groups’ portfolio companies. From 1994 to April 2005, Mr. Shoshani owned a Tel-Aviv boutique law firm engaged in entrepreneurship, traditional industries and high tech, which he founded. Mr. Shoshani holds an LL.B. from Tel Aviv University in Israel.

Corporate Governance Practices

Under the Companies Law, companies incorporated under the laws of the State of Israel whose shares are publicly traded, including companies with shares listed on the NASDAQ Global Select Market, are considered public companies under Israeli law and are required to comply with various corporate governance requirements under Israeli law relating to matters such as external directors, the audit committee, the compensation committee and an internal auditor. This is the case even if our shares are not listed on a stock exchange in Israel. These requirements are in addition to the corporate governance requirements imposed by the Listing Rules of the NASDAQ Stock Market and other applicable provisions of U.S. securities laws to which we are subject (as a foreign private issuer). Under the Listing Rules of the NASDAQ Stock Market, a foreign private issuer, such as us, may generally follow its home country rules of corporate governance in lieu of the comparable requirements of the Listing Rules of the NASDAQ Stock Market, except for certain matters including (among others) the composition and responsibilities of the audit committee and the independence of its members within the meaning of the rules and regulations of the SEC.

As a foreign private issuer, we are permitted to comply with Israeli corporate governance practices instead of the NASDAQ Listing Rules, provided that we disclose those NASDAQ Listing Rules with which we do not comply and the equivalent Israeli requirements that we follow instead. We currently rely on this “foreign private issuer exemption” with respect to the quorum requirement for meetings of our shareholders. As permitted under the Companies Law, pursuant to our articles of association, the quorum required for an ordinary meeting of shareholders consists of at least two shareholders present in person or by proxy who hold or represent between them at least 25% of the voting power of our shares (and, with respect to an adjourned meeting, generally one or more shareholders who hold or represent any number of shares), instead of 33 1/3% of the issued share capital provided under the NASDAQ Listing Rules.

Board of Directors

Under the Companies Law, the management of our business is vested in our board of directors. Our board of directors may exercise all powers and may take all actions that are not specifically granted to our shareholders or to management. Our executive officers are responsible for our day-to-day management and have individual responsibilities established by our board of directors. Our Chief Executive Officer is appointed by, and serves at the discretion of our board of directors, subject to the employment agreement that we have entered into with him. All other executive officers are also appointed by our board of directors, and are subject to the terms of any applicable employment agreements that we may enter into with them.

We comply with the rule of the NASDAQ Stock Market that a majority of our directors be independent. Our board of directors has determined that all of our directors, other than our Chief Executive Officer, are independent under such rules. The definition of independent director under NASDAQ rules and external director

 

88


Table of Contents

under the Companies Law overlap to a significant degree such that we would generally expect the two directors serving as external directors to satisfy the requirements to be independent under NASDAQ rules. The definition of external director includes a set of statutory criteria that must be satisfied, including criteria whose aim is to ensure that there be no factor which would impair the ability of the external director to exercise independent judgment. The definition of independent director specifies similar, although less stringent, requirements in addition to the requirement that the board consider any factor which would impair the ability of the independent director to exercise independent judgment. In a