Filed Pursuant to Rule 424(b)(5)

Registration No. 333-252902

Subject to completion, dated February9, 2021

Preliminary prospectus supplement
(To prospectus dated February9, 2021)

$400,000,000

Varonis Systems, Inc.

Common Stock

We are offering $400.0million of shares of our common stock pursuant to this prospectus supplement and the accompanying prospectus. Our common stock is listed on The Nasdaq Global Select Market under the symbol “VRNS.” On February8, 2021, the last reported sale price of our common stock as reported on The Nasdaq Global Select Market was $183.18 per share.

Investing in our common stock involves a high degree of risk. Please read “Risk factors” beginning on page S-23 of this prospectus supplement, on page 4 of the accompanying prospectus and in the documents incorporated by reference into this prospectus supplement and the accompanying prospectus.

	Per Share	Total
Public offering price	$	$
Underwriting discounts	$	$
Proceeds to us before expenses	$	$

We have granted the underwriters an option for a period of 30 days to purchase up to an additional $60.0million of shares of our common stock. If the underwriters exercise the option in full, the total underwriting discounts payable by us will be $13.2million, and the total proceeds to us, before expenses, will be $446.8million.

Neither the Securities and Exchange Commission nor any state securities commission has approved or disapproved of these securities or determined if this prospectus supplement or the accompanying prospectus is truthful or complete. Any representation to the contrary is a criminal offense.

Delivery of the shares of common stock is expected to be made on or about         , 2021.

	Joint book-running managers
J.P. Morgan	Barclays	Jefferies	RBC

          , 2021

Table of contents

Prospectus supplement

	Page
Important notice about information in this prospectus supplement and the accompanying prospectus	S-1
Special note regarding forward-looking statements	S-2
Summary	S-3
Risk factors	S-23
Use of proceeds	S-59
Capitalization	S-60
Material U.S. federal tax considerations for non-U.S. holders of our common stock	S-61
Underwriting	S-66
Selling restrictions	S-70
Legal matters	S-78
Experts	S-78
Incorporation of certain information by reference	S-79

Prospectus

You should rely only on the information contained or incorporated by reference in this prospectus supplement, the accompanying prospectus or any related free writing prospectus used by us (which we refer to as a “company free writing prospectus”), the documents incorporated by reference in this prospectus supplement and the accompanying prospectus, or any other information to which we have referred you. Neither we, nor the underwriters, have authorized anyone to provide you with different information. If anyone provides you with different or inconsistent information, you should not rely on it. This prospectus supplement, the accompanying prospectus and any related company free writing prospectus do not constitute an offer to sell, or a solicitation of an offer to purchase, the securities offered hereby in any jurisdiction to or from any person to whom or from whom it is unlawful to make such offer or solicitation of an offer in such jurisdiction. You should not assume that the information contained or incorporated by reference in this prospectus supplement or the accompanying prospectus is accurate as of any date other than the date on the front cover of the applicable document. Neither the delivery of this prospectus supplement, the accompanying prospectus and any company free writing prospectus, nor any distribution of securities pursuant to this prospectus supplement or the accompanying prospectus shall, under any circumstances, create any implication that there has been no change in our business, financial condition, results of operations and prospects since the date of this prospectus supplement or the accompanying prospectus.

You should read this prospectus supplement, the accompanying prospectus, the documents incorporated by reference in the accompanying prospectus, and any company free writing prospectus that we have authorized for use in connection with this offering, in their entirety before making an investment decision. You should also read and consider the information in the documents to which we have referred you in the section of the prospectus supplement entitled “Incorporation of certain documents by reference” and in the sections of the accompanying prospectus entitled “Where you can find more information” and “Incorporation of certain documents by reference.”

S-i

Neither we nor any of the underwriters have done anything that would permit this offering or possession or distribution of this prospectus supplement and the accompanying prospectus in any jurisdiction where action for that purpose is required, other than the United States. You are required to inform yourself about, and to observe any restrictions relating to, this offering and the distribution of this prospectus supplement and the accompanying prospectus.

For investors outside the United States: we have not, and the underwriters have not, done anything that would permit this offering or possession or distribution of this prospectus supplement, the accompanying prospectus and in any company free writing prospectus that we have authorized for use in connection with this offering in any jurisdiction where action for that purpose is required, other than in the United States. Persons outside the United States who come into possession of this prospectus supplement, the accompanying prospectus and any company free writing prospectus that we have authorized for use in connection with this offering must inform themselves about, and observe any restrictions relating to, the offering of the shares of common stock and the distribution of this prospectus supplement, the accompanying prospectus and any company free writing prospectus that we have authorized for use in connection with this offering outside the United States.

S-ii

Important notice about information in this
prospectus supplement and the accompanying prospectus

This prospectus supplement and the accompanying prospectus form part of a registration statement on Form S-3 that we filed with the Securities and Exchange Commission, or the SEC, using a “shelf” registration process. This document contains two parts. The first part is this prospectus supplement, which describes the specific terms of this offering of shares of our common stock. The second part is the accompanying prospectus, which gives more general information, some of which may not apply to this offering of shares of our common stock. Generally, when we refer only to the “prospectus,” we are referring to both parts combined. If the information about this offering of shares of our common stock varies between this prospectus supplement and the accompanying prospectus, you should rely on the information in this prospectus supplement.

Any statement made in this prospectus or in a document incorporated or deemed to be incorporated by reference into this prospectus will be deemed to be modified or superseded for purposes of this prospectus to the extent that a statement contained in this prospectus or in any other subsequently filed document that is also incorporated by reference into this prospectus modifies or supersedes that statement. Any statement so modified or superseded will not be deemed, except as so modified or superseded, to constitute a part of this prospectus. Please read “Incorporation of certain information by reference” in this prospectus supplement.

S-1

Special note regarding forward-looking statements

This prospectus supplement, the accompanying prospectus and the documents incorporated by reference herein and therein contain forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995, Section 27A of the Securities Act of 1933, as amended, or the Securities Act, and Section 21E of the Securities Exchange Act of 1934, as amended, or the Exchange Act, and are based on our management’s beliefs and assumptions and on information currently available to our management. Forward-looking statements include information concerning our possible or assumed future results of our business, financial condition, results of operations, liquidity, plans and objectives. Forward-looking statements include all statements that are not historical facts and in some cases can be identified by terminology such as “believe,” “may,” “anticipate,” “estimate,” “continue,” “anticipate,” “intend,” “should,” “plan,” “expect,” “predict,” “project,” “potential,” “will,” or the negative of these terms or other similar expressions that convey uncertainty of future events or outcomes.

These statements are based on the beliefs and assumptions of our management based on information currently available to management. Such forward-looking statements are subject to risks, uncertainties and other important factors that could cause actual results and the timing of certain events to differ materially from future results expressed or implied by such forward-looking statements. Factors that could cause or contribute to such differences are summarized under the caption “Summary—Summary risk factors” and further described under the caption “Risk factors,” and include other risk factors detailed from time to time in filings with the Securities and Exchange Commission (the “SEC”), including our Annual Report on Form 10-K for the year ended December31, 2020, filed with the SEC on February9, 2021 (the “2020 Form 10-K”) and incorporated by reference herein. Our ability to predict the results of our operations or the effects of various events on our operating results is inherently uncertain. Therefore, we caution you to consider carefully the matters described under the caption “Summary—Summary risk factors” and further described under the caption “Risk factors,” as well as certain other matters discussed in this prospectus supplement, the accompanying prospectus and the documents incorporated by reference herein and therein. Such factors and many other factors beyond the control of our management could cause our actual results, performance or achievements to differ materially from any future results, performance or achievements that may be expressed or implied by the forward-looking statements. Forward-looking statements speak only as of the date of each such statement, and unless we are required to do so under U.S. federal securities laws or other applicable laws, we do not intend to update or revise any forward-looking statements.

S-2

Summary

This summary highlights information more fully described elsewhere in this prospectus supplement and the accompanying prospectus and within the materials incorporated by reference herein. Because it is a summary, it does not contain all the information that you should consider before investing in our common stock. You should read this entire prospectus supplement carefully, including the accompanying prospectus, the “Risk factors” section in this prospectus supplement, the risks outlined under the heading “Risk Factors” in the 2020 Form 10-K, and our other reports incorporated by reference in this prospectus supplement and the accompanying prospectus, before making an investment decision. For more details on how you can obtain the documents incorporated by reference in this prospectus supplement and the accompanying prospectus, see “Incorporation of certain information by reference.”

Unless otherwise specified or the context otherwise requires, “we,”“us,”“our” or the “Company” and “Varonis” refer to Varonis Systems, Inc. and its consolidated subsidiaries unless otherwise stated or the context otherwise requires.

Our business

Overview

Varonis is a pioneer in data security and analytics, fighting a different battle than conventional cybersecurity companies. We are pioneers because over a decade ago, we recognized that enterprise capacity to create and share data far exceeded its capacity to protect it. We believed the vast movement of information from analog to digital mediums combined with increasing information dependence would change both the global economy and the risk profiles of corporations and governments. Since then our focus has been on using innovation to address the cyber-implications of this movement, creating software that provides new ways to track, alert and protect data wherever it is stored.

Data continues to amass in new and existing data stores both on premises and in the cloud, a trend we have seen accelerate as companies around the world embark on a wave of digital transformation initiatives. As these data stores grow, the relationships between the data they hold and the users that collaborate with it grow more complex, making those relationships difficult to visualize, understand and control without automation. Because enterprises now use many different combinations of data stores and require different levels of protection, our offering provides coverage flexibility through software licensing. We aim to keep pace with the relentless growth and complexity of data, starting in 2005 with a single license, offering ten licenses at the time of our initial public offering in 2014, and today offering more than 25 integrated licenses across the most common on premises and cloud data stores. We plan to continue investing in product development to deliver new products in the future.

Our software specializes in data protection, threat detection and response and compliance. Varonis software enables enterprises to protect data stored on premises and in the cloud: sensitive files and emails; confidential personal data belonging to customers, patients and employees; financial records; strategic and product plans; and other intellectual property. Recognizing the complexities of securing data, we have built an integrated platform for security and analytics to simplify and streamline security and data management.

The Varonis Data Security Platform, built on patented technology, helps enterprises protect data against cyberattacks from both internal and external threats. Our products enable enterprises to analyze data, account activity and user behavior to detect attacks. Our Data Security Platform prevents or limits unauthorized use of sensitive information, prevents potential cyberattacks and limits others by automatically locking down data, allowing access to those who need it and automating the removal of stale data when it is no longer useful. Our products efficiently sustain a secure state with automation and address additional important use cases including data protection, data governance, zero trust, compliance, data privacy, classification

S-3

and threat detection and response. Our Data Security Platform is driven by a proprietary technology, our Metadata Framework, that extracts critical metadata, or data about data, from an enterprise’s information technology (“IT”) infrastructure. Our Data Security Platform uses this contextual information to map functional relationships among employees, data objects, systems, content and usage.

The revolution in internet search occurred when search engines began to mine internet metadata, such as the links between pages, in addition to page content, thereby making the internet’s content more usable and consequently more valuable. Similarly, our Data Security Platform creates advanced searchable data structures out of available content and metadata, providing real-time intelligence about an enterprise’s massive volumes of data, making it more secure, accessible and manageable.

We believe that the technology underlying our Data Security Platform is our primary competitive advantage. The strength of our solution is driven by several proprietary technologies and methodologies that we have developed, coupled with how we have combined them into our highly versatile platform. Our belief in our technological advantage stems from us having developed a way to do each of the following:

• analyze the relationships between users and data with sophisticated algorithms, including cluster analyses and machine learning;

• visualize and depict the analyses in an intuitive manner, including simulating contemplated changes and automatically executing tasks that are becoming increasingly more complex for IT and business personnel;

• identify and automatically classify data as sensitive, critical, private or regulated;

• automate remediation to directory service objects and access controls on large file systems to safely ensure a least privilege model;

• profile users, devices and data to detect suspicious account behavior and unusual file and email activity using deep analysis of metadata, machine learning and user behavior analytics;

• generate meaningful, actionable alerts when security-related incidents are detected;

• enable security teams to investigate and respond to cyber threats more quickly and conclusively;

• automatically respond to severe incidents like ransomware to limit potential impact and reduce recovery times;

• determine relevant metadata and security information to capture without impacting the enterprise's computing and network infrastructure;

• modify and enrich that metadata in a way that makes it comparable and analyzable despite it having originated from disparate IT systems, and create supplemental metadata, as needed, when the existing IT infrastructure’s activity logs are insufficient;

• decipher the key functional relationships of metadata, the underlying data, and its creators; and

• use those functional relationships to create a graphical depiction, or map, of the data that will endure as enterprises continuously add large volumes of data to their network and storage resources.

The broad applicability of our technology has resulted in our customers deploying our platform for numerous use cases. These use cases include: automatic discovery and classification of high-risk, sensitive data; automated remediation of over-exposed data; centralized visibility and risk analysis of enterprise data and monitoring of user behavior and file activity; security monitoring and risk reduction; data breach, insider threat, malware and ransomware detection; automatic response to ransomware and other severe incidents to limit exposure and reduce recovery times; data ownership identification, assignment, and automatic involvement;

S-4

forensics, reporting and auditing with searchable logs; meeting security policy and compliance regulation; automatic data migration; intelligent archiving; and automated indexing for data subject requests related to privacy and compliance requirements.

We sell substantially all of our products and services to channel partners, including distributors and resellers, which sell to end-user customers, which we refer to in this prospectus supplement as our customers. We believe that our sales model, which combines the leverage of a channel sales model with our highly trained and professional sales force, has and will continue to play a major role in our ability to grow and to successfully deliver our unique value proposition for enterprise data. While our products serve customers of all sizes, in all industries and all geographies, the marketing focus and majority of our sales focus is on targeting organizations with 1,000 users or more who can make larger initial purchases with us and, over time, have a greater potential lifetime value. Our customers span leading firms in the financial services, public, healthcare, industrial, insurance, energy and utilities, technology, consumer and retail, media and entertainment and education sectors. We believe our existing customers represent significant future revenue opportunities for us.

Prior to 2019, an insignificant amount of our revenues had been generated pursuant to on-premises, subscription-based license arrangements ("subscription licenses"). In these arrangements, the customer has the right to use the software over a designated period of time. In the first quarter of 2019, we announced our transition to a subscription-based business model, and, as we have completed our transition, our subscription revenues account for almost all of our total license revenues as of the date of this prospectus supplement. Subscription licenses accounted for 55%, 30% and 3% of our total revenues for the years ended December31, 2020, 2019 and 2018, respectively. Perpetual license sales accounted for less than 1%, 17% and 52% of our total revenues for the years ended December31, 2020, 2019 and 2018, respectively. Subscription licenses accounted for 99%, 65% and 6% of our license revenues for the years ended December31, 2020, 2019 and 2018, respectively. We continue to expect revenues from subscription licenses to become an even more significant portion of our total revenues in the future, resulting in revenues that are expected to be more recurring and predictable.

Size of Our Market Opportunity

The International Data Corporation’s Data Age 2025: The Digitization of the World from Edge to Core study (the "Study") estimates that the amount of data created in the world will grow from 45 Zettabytes in 2019 to 175 Zettabytes (or 175 trillion gigabytes) in 2025. The Study was updated in 2020 showing that data created in 2019 grew more than 35% year over year. We expect this trend is likely to continue as more enterprises require technologies to protect and manage their data and centralize data management, analytics, data security and privacy.

We believe that the diverse functionalities offered by our platform position us at the intersection of several powerful trends in the digital universe. We further believe that the business intelligence and functionalities delivered by our platform define a new market. Although we are not aware of any third party studies that accurately define our addressable market, the functionality of our software platform overlaps with portions of several established and growing enterprise software markets as defined by Gartner, Inc. in 2020, including security software ($43.2billion), IT operations management ($30.9billion), infrastructure software ($19.8billion), storage management ($14.1billion), data integration ($5.5billion) and cloud access and cloud workload protection software ($1.7billion). Further, the security software market, which we believe is our largest opportunity, has grown at a compound annual growth rate of 35% since 2018. We believe that our comprehensive product offering will attract a meaningful portion of this overall spend, and we estimate that our total addressable market is approximately 20% of these markets, with the remainder coming from content services and other application software. We have attempted to measure our total addressable market by utilizing estimates from Forrester on the number of companies in North America and Europe that fit our target criteria, and then assuming that each customer purchases the double digit number of licenses that we aim to

S-5

sell to all of our customers. In both the “top-down” approach utilizing Gartner industry spend estimates, as of April 2020, and the “bottoms-up” approach utilizing Forrester customer estimates, as of December 2020, we estimate a total addressable market of more than $25.0billion. Lastly, we believe that the acquisition of Polyrize in the fourth quarter of 2020, which we expect will allow us to expand our platform to support cloud applications and data stores that we do not currently cover, has the potential to meaningfully expand the addressable market described above through the introduction of new licenses in the future.

Our Technology

Our proprietary technology extracts critical information about an enterprise’s data and its supporting infrastructure, and uses this contextual information, or metadata, to create a functional map of an enterprise’s data and underlying file systems. Our Metadata Framework technology has been architected to process large volumes of enterprise data and the related metadata at a massive scale with minimal demands on the existing IT infrastructure.

Key Benefits of Our Technology

Data Protection

Comprehensive Solution for Managing and Protecting Enterprise Data.    Our products enable a broad range of functionality, including data governance, least privilege and zero trust, as well as intelligent retention. Moreover, our solution is applicable across most major enterprise data stores (Windows, UNIX/Linux, Intranets, Intranets, email systems, Microsoft 365, including SharePoint Online and OneDrive for Business, Salesforce, AWS, Google Drive and Box).

Actionable Insight and Automation.    Our products help customers identify and prioritize risks to their data and automatically remediate exposures so that they are less vulnerable to internal and external threats, more compliant and consistently follow a least privilege model. Because of the complexity present in even modest enterprises, effective remediation is impossible at scale without intelligent automation.

Visibility and Data Monitoring Capabilities All in One Place.    Our solution combines analysis from disparate on-premises and cloud stores and infrastructure and presents them in a single view, even as data storage and user access become more dispersed and complex in hybrid environments.

Fast Time to Value and Low Total Cost of Ownership.    Our solutions do not require custom implementations or long deployment cycles. Our Data Security Platform can be installed and ready for use within hours and allows customers to realize real value once used. We designed our platform to operate on commodity hardware on premises or in the cloud, with standard operating systems, further reducing the cost of ownership of our product.

Ease of Use.    While we utilize complex data structures and algorithms in our data engine, we abstract that complexity to provide a sleek, intuitive interface. Our software is accessible through either a local client or a standard web browser and requires limited training, saving time and cost and making it accessible to a broader set of non-technical users.

Highly Scalable and Flexible Data Engine.    Our metadata analysis technology is built to be highly scalable and flexible, allowing our customers to analyze vast amounts of enterprise data. Moreover, our proprietary Metadata Framework is built with a modular architecture, allowing customers to grow into the full capabilities of our solutions over time.

S-6

Threat Detection and Response

Threat Detection and Response with User, Data and System Context.    Our solutions combine classification and data access governance with User and Entity Behavior Analytics (UEBA) on data stores, cloud applications, directory services and perimeter devices, including domain name system (DNS), virtual private network (VPN) and web proxy, for accurate detection and risk reduction. Our solutions reduce risk relating to unauthorized use and cyberattacks and reduce time to detection (TTD) and time to resolution (TTR) for incidents.

Protect Data from Insider Threats, Data Breaches, Malware and Cyberattacks.    Our solutions analyze how employee accounts, service accounts and admin accounts use and access data, profile employees’ roles and file contents, baseline “normal” behavior patterns, and alert on significant deviations from profiled behaviors. Our customers are able to detect advanced persistent threats, cybercriminals, rogue insiders, attackers that have compromised internal systems and employee accounts, malware, ransomware and other significant threats.

Compliance

Discover and Identify Regulated Data.    Our solutions automatically discover, identify and classify sensitive, critical and regulated data to help meet compliance requirements.

Monitor and Detect Security Vulnerabilities.    Our solutions analyze, monitor, detect and report on potential security vulnerabilities: helping companies achieve compliance by creating full audit trails, achieving a least privilege model and locking down sensitive data to only those who need it, and facilitate breach notification and security investigations. By ensuring least privilege, monitoring all access and alerting on potential misuse, Varonis enables privacy-by-design on data stores containing sensitive and regulated information.

Fulfill Data Subject Access Requests and Protect Consumer Data.    Our solutions help fulfill data subject access requests from file systems on premises and in the cloud. Customers can easily find relevant files, pinpoint who has access and enforce policies to move and quarantine regulated data.

Our Growth Strategy

Our objective is to be the primary vendor to which enterprises turn to protect their data. In the first quarter of 2019, we announced our strategic shift to a subscription-based business model, which allows our customers to better unleash the power of our platform through faster adoption of our integrated products. That transition has since been completed and, for the year ended December31, 2020, 99% of our licenses revenues are subscriptions and 97% of our totals revenues are recurring in nature. As of December31, 2020, we had a 116% dollar-based net retention rate, as calculated as the year-over-year growth in annual recurring revenues of active customers as of December31, 2019. As of December31, 2020, 63% of our customers with 500 employees or more had purchased four or more licenses, compared to 54% a year ago and 30% purchased six or more licenses, compared to 20% a year ago. The following are key elements of our growth strategy.

• Extend Our Technological Capabilities Through Innovation and Strategic Transactions.    We intend to increase, in absolute dollars, our current level of investment in product development in order to enhance existing products to address new use cases and deliver new products. We believe that the flexibility, sophistication and broad applicability of our Metadata Framework will allow us to use this framework as the core of numerous future products built on our same core technology. Our ability to leverage our research and development resources has enabled us to create a new product development engine that we believe can proactively identify and solve enterprise needs and help us further penetrate and grow our addressable markets. Additionally, in October 2020, in order to expand the Varonis Data Security Platform to cover additional cloud applications and infrastructure, we acquired Polyrize Security Ltd. (“Polyrize”), a provider of software that maps and analyzes relationships between users and data across a number of cloud applications and services. We plan to incorporate these capabilities into our platform in order to accelerate product

S-7

development and allow us to more quickly introduce new licenses, which we believe will in turn expand our addressable market. We will continue to seek additional opportunities to extend our technological capabilities and grow our business, from continued organic investments in our research and development efforts to technological tuck-in acquisitions.

• Grow Our Customer Base.    The unabated rise in enterprise data, ubiquitous reliance on digital collaboration and increased cybersecurity concerns will continue to drive demand for data protection, compliance and threat detection and response solutions. We intend to capitalize on this demand by targeting new customers, underpenetrated markets and use cases for our solutions. Our solutions address the needs of customers of all sizes, ranging from small and medium businesses to large multinational companies with hundreds of thousands of employees and petabytes of data. Although our solutions are applicable to organizations of all sizes, we will continue our focus on targeting larger organizations who can make larger purchases with us initially and over time.

• Increase Sales to Existing Customers.    We believe significant opportunities exist to further expand relationships with existing customers. Data growth (and subsequent security concerns) continues across all data stores, and enterprises want to standardize solutions that help them manage, protect and extract more value from their data, wherever it is stored. We will continue to cultivate incremental sales from our existing customers by driving increased use of our software within our installed base by expanding footprint and usage. We currently have six product families, consisting of DatAdvantage, DatAlert, Data Classification Engine, DataPrivilege, Data Transport Engine and DatAnswers with over twenty-five licenses under these product families. We believe our existing customer base serves as a strong source of incremental revenues given our broad platform of products, their growing volume and complexity of enterprise data and the associated security concerns. As we innovate and expand our product offering, we expect to have an even broader suite of products to offer our customers. Our perpetual license maintenance renewal rate for the year ended December31, 2020 continued to be over 90%. Our key strategies to ensure a high subscription license renewal rate and maintain our high maintenance renewal rate include focusing on the quality and reliability of our customer service and support teams to ensure our customers receive value from our products and providing software upgrades and enhancements when and if they are available.

• Grow Sales From Our Newer Licenses and Functionality.    We continue to introduce additional licenses and enhancements to existing products to support new functionalities. In the second quarter of 2020, we introduced a Remote Work Update to our platform to increase visibility into potential security issues related to remote work, including dashboards for unusual VPN, DNS and Web usage; comprehensive Microsoft Teams visibility; out-of-the-box reports for pinpointing exposed cloud data; and more threat models for Office 365. We also announced the acquisition of Polyrize in October 2020, which we expect will allow us to extend our platform to cover additional cloud data stores and applications that we do not currently support. In 2019, we announced Version 7 of our Data Security Platform, which included new dashboards to assess compliance and Active Directory risk and General Data Protection Regulation (“GDPR”) security risks so that customers can more easily identify critical risk in their hybrid environments, including vulnerable user accounts, at-risk cloud data and potential compliance violations, as well as performance enhancements, such as the usage of SOLR, an open-source enterprise-search platform, for faster, more scalable event retrieval and investigation. We also added classification functionality to help enterprises automatically discover and classify data that falls under data covered by the California Consumer Privacy Act, or CCPA. We added threat intelligence to our security insights, built incident response playbooks directly into the UI and made usability and performance improvements. In 2018, we introduced Varonis Edge, which analyzes perimeter devices like DNS, VPN and web proxy to detect attacks like malware, advanced persistent threat (“APT”) intrusion and data exfiltration, and enable enterprises to correlate events and alerts to track potential data leaks and spot vulnerabilities at the point of entry. We also released support for Box events and Data Classification Labels, integrating with Microsoft Information Protection (MIP) to help enterprises better classify, track and secure files across

S-8

enterprise data stores and to address additional compliance requirements from new data privacy laws and standards. We added classification categories to the Data Classification Engine, to better identify and analyze regulated data related to GDPR, personally-identifying information (“PII”), payment card industry (“PCI”) and protected health information (“PHI”). We enhanced DatAnswers to address data privacy and compliance use cases, enabling customers to fulfill data subject access requests and protect personally identifiable information. We have enhanced our products to provide even more value to our customers including: an updated user interface for DataPrivilege, additional data store support, new geolocation support, enhanced threat detection and security monitoring and new threat models to protect sensitive and regulated data against security breaches, malware, ransomware and insider threats, and optimizations to make DatAlert faster and more intuitive for security investigations. We believe these new additions to our product offering can be a meaningful contributor to our growth.

• Expand Our Sales Force.    Continuing to expand our sales force will be essential to achieving our customer base expansion goals. The sales force and our approach to introducing products to the market have been key to our successful growth in the past and will be central to our growth plan in the future. While our products serve customers of all sizes, in all industries and all geographies, the marketing focus and majority of our sales focus is on targeting organizations with 1,000 users or more who can make larger initial purchases with us and, over time, generate a greater potential lifetime value. Our customers span leading firms in the financial services, public, healthcare, industrial, insurance, energy and utilities, technology, consumer and retail, media and entertainment and education sectors. We also believe our existing customers represent significant future revenue opportunities for us. We believe that our sales model, which combines the leverage of a channel sales model with our highly trained and professional sales force and their ability to support our channel partners to efficiently identify leads, perform risk assessments and convert them to satisfied customers, has and will continue to play a major role in our ability to grow and to successfully deliver our unique value proposition for enterprise data. We intend to expand our sales capacity by adding headcount throughout our sales and marketing department.

• Establish Our Data Security Platform as the Industry Standard.    We have worked with several of the leading providers of network attached storage, or NAS, hybrid cloud storage, including Dell/EMC, IBM, NetApp, HP, Hitachi and Nasuni in order to expand our market reach and deliver enhanced functionality to our customers. We have worked with these vendors to assure compatibility with their product lines. Through the use of application programming interfaces, or APIs, and other integration work, our solutions also integrate with many providers of solutions in the ecosystem. We will continue to pursue such collaborations wherever they advance our strategic goals, thereby expanding our reach and establishing our product user interface as the de facto industry standard when it comes to enterprise data.

• Continue International Expansion.    We believe there is a significant opportunity for our platform in international markets to address the need for data protection and threat detection and response, as well as to comply with regulations such as the European Union's ("EU") GDPR. Revenues from Europe, the Middle East and Africa (“EMEA") accounted for approximately 26% of our revenues in 2020. Europe represented the substantial majority of revenues outside the United States. Although quarterly growth rates have fluctuated over the last few years in our European market, we believe that international expansion will be a key component of our growth strategy, and we will continue to market our products and services overseas.

Our Products

Our integrated platform of products currently contains six product families, most of which contain multiple licenses. Each license utilizes our core Metadata Framework technology to deliver features and functionality that allow enterprises to fully understand, secure and benefit from the value of their data. This architecture gives our clients the ability to select the features they require for their business needs and the flexibility to expand their usage simply by adding a license, and the fully-integrated nature of our products allows individual

S-9

products to enhance the functionality of the others. At the same time, the ease of consumption under a subscription-based model has allowed us to deliver on customer demand for a greater number of our licenses, providing our customers value more quickly while leading to substantial future license upsell and cross-sell opportunities.

• DatAdvantage.    DatAdvantage, our flagship product family, launched in 2006, builds on our Metadata Framework and captures, aggregates, normalizes and analyzes every data access event for every user on Windows and UNIX/Linux servers, storage devices, email systems and Intranet servers, without requiring native operating system auditing functionalities or impacting performance or storage on file systems. Through an intuitive graphical interface, DatAdvantage presents insights from massive volumes of data using normal computing infrastructure. It is also our presentation layer for IT departments, which provides an interactive map of relevant users, groups and data objects, usage and content, facilitating analysis from multiple vectors. IT departments can pinpoint areas of interest starting with any metadata object, simulate changes measuring potential impact against historical access patterns, and easily execute changes on all data stores through a unified interface. DatAdvantage identifies where users have unnecessary access based on user behavior and machine learning. The DatAdvantage product family currently contains 11 licenses, including:

• Individual DatAdvantage licenses for on premises data stores and infrastructure (Windows, Directory Services, Sharepoint, Unix/Linux and Exchange) and cloud data stores (OneDrive, Sharepoint Online, Exchange Online, Azure Active Directory and Box).

• Automation Engine, introduced in 2017, which automatically repairs broken file systems and safely remediates exposures, helps customers accelerate the enforcement of a least privilege model by limiting broad access without substantial manual effort or resources.

• DatAlert.    Introduced in 2013, DatAlert profiles users and devices and their associated behaviors with respect to systems and data, detects and alerts on meaningful deviations that indicate compromise, provides a web-based dashboard and investigative interface and seamlessly integrates with security information and event management systems (SIEM). DatAlert helps enterprises quickly detect suspicious activity, prevents data breaches and cyberattacks, performs security forensics, visualizes risk and prioritizes and accelerates investigation. In addition, the DatAlert product family contains Varonis Edge, which was introduced in 2018. Varonis Edge analyzes perimeter devices like DNS, VPN and web proxy to expand user and device profiles to detect attacks like malware, APT intrusion and data exfiltration and enables enterprises to correlate events and alerts at the perimeter with alerts and events concerning data to better spot attacks at the point of entry and egress, reducing time to detection and time to resolution for security incidents.

• Data Classification Engine.    As the volume of an enterprise’s information grows, enterprises struggle to find and tag different types of sensitive data, such as intellectual property, regulated content, including Personally Identifiable Information, and medical records. Furthermore, content by itself does not provide adequate context to determine ownership, relevance, or protection requirements. Introduced in 2009, Data Classification Engine identifies and tags data based on criteria set in multiple metadata dimensions and provides business and IT personnel with actionable intelligence about this data, including a prioritized list of folders and files containing the most sensitive data and with the most inadequate permissions. For the identified folders and files, it also identifies who has access to that data, who is using it, who owns it, and recommendations for how to restrict access without disrupting workflow. Data Classification Engine provides visibility into the content of data across file systems and Intranet sites and combines it with other metadata, including usage and accessibility. The Data Classification Engine product family currently contains six licenses, including:

• Individual Data Classification Engine licenses for on premises data stores and infrastructure (Windows/SharePoint and Unix) and cloud data stores (OneDrive and Sharepoint Online).

S-10

• Data Classification Policy Pack, introduced as GDPR Patterns in 2017, builds upon the Data Classification Engine with over 400 patterns for identifying and classifying personal information specific to GDPR and CCPA.

• Data Classification Labels, introduced in 2018, integrates with Microsoft Information Protection (MIP) to protect sensitive data across customer environments regardless of where it lives or how it is shared. Data Classification Labels allows users to automatically apply classification labels and encrypt files that it has identified as sensitive.

• DataPrivilege.    Introduced in 2006, DataPrivilege was designed for use by business unit personnel and provides a self-service web portal that allows users to request access to data necessary for their business functions, and allows owners to grant access without IT intervention. DataPrivilege enhances data protection and compliance by enabling business users to make access decisions based on queries, user requests and metadata analytics information, rather than static IT policies. DataPrivilege provides a presentation layer for business users to review accessibility, sensitivity and usage of their data assets and grant and revoke access. We currently offer DataPrivilege licenses for Windows and SharePoint.

• Data Transport Engine.    Introduced in 2012, Data Transport Engine provides an execution engine that unifies the manipulation of data and metadata, translating business decisions and instructions into technical commands such as data migration or archiving. Data Transport Engine allows both IT and business personnel to standardize and streamline activities for data management and retention, from day-to-day maintenance to complex data store and domain migrations and archiving. Data Transport Engine ensures that data migrations automatically synchronize source and destination data with incremental copying even if the source data is still in use, translates access permissions across data stores and domains and provides reporting capabilities for data migration status. Moreover, it also provides IT personnel the flexibility to schedule recurring migrations to automatically find and move certain types of data such as sensitive or stale data and to perform active migrations, dispositions and archiving safely and efficiently.

• DatAnswers.    DatAnswers was introduced in 2014 to provide secure, relevant and timely search functionality for enterprise data. In 2018, we enhanced DatAnswers to help meet growing demands to comply with data privacy regulations and eDiscovery requests, and to facilitate data subject access requests. As data privacy laws are becoming more prevalent across the globe, meeting subject access requests is a primary requirement in data regulation. As companies continue to generate and store data in numerous enterprise data stores, relevant files become harder to find and manage, and compliance officers, controllers, and administrators need to identify and locate relevant content related to a data subject. DatAnswers provides elevated search for compliance and e-discovery, helping solve the growing problem of being able to fulfill subject access requests to meet data privacy laws. We currently offer DatAnswers licenses for Windows, SharePoint, OneDrive and SharePoint Online.

We currently offer more than 25 licenses across our six product families, and since commencing our transition to a subscription model in the beginning of 2019, we have seen a significant increase in the number of licenses purchased by new customers, and in the engagement of our existing customers who are adopting more licenses. As of December31, 2020, 63% of our customers with 500 employees or more had purchased four or more licenses, compared to 54% a year ago and 30% purchased six or more licenses, compared to 20% a year ago. We believe the increase in these metrics underscores the logic behind our transition to a subscription model and confirms how we are unleashing the potential of our platform. This is reflected in ARR, which as of December31, 2020 grew 37% year-over-year to $287.3million. Additionally, renewal rates of maintenance on perpetual licenses continued to be over 90% for the year ended December31, 2020. As a result, the recurring component of our revenue base has significantly increased as we have completed our subscription transition, which now provides more visibility into future revenues and places us in a stronger position.

For additional discussion, see “Summary consolidated financial and other data.”

S-11

Our Customers

Our products are used by a wide range of enterprises, including Fortune 500 corporations and small and medium-sized businesses. Our customers span a broad array of industries and are located in over 85 countries.

Recent developments

COVID-19

In March 2020, the World Health Organization (”WHO”) declared the novel coronavirus COVID-19 (including any variants and mutations, "COVID-19") a global pandemic. The pandemic, which has continued to spread, has adversely affected workforces, economies, and financial markets globally, leading to an economic downturn, as well as continued economic uncertainty and is expected to disrupt general business operations until the virus is contained. We believe that the impact of COVID-19 on the way organizations operate and its long-lasting effects has increased our long-term opportunity to help our customers protect their data and detect threats, as well as achieve regulatory compliance. Nevertheless, in the early stages of the pandemic, we experienced a negative impact on our results of operations in the last two weeks of the first quarter, as we believe our customers’ focus turned primarily to the safety of their employees and to immediately position themselves to operate under a work-from-home environment. However, since that time, we have seen companies become more focused on the elevated risks associated with having a highly distributed workforce collaborating on multiple platforms. Companies around the world now have employees working remotely from potentially vulnerable home networks, accessing critical on-premises data stores and infrastructure through VPNs and sharing information in cloud data stores like Office 365 and Microsoft Teams. We believe this trend is likely to continue in the long-term and that we are well positioned to capitalize on the opportunity ahead. Specifically, crises create optimal conditions for cybercrime, and we can help protect data and infrastructure against hackers and rogue employees. As companies and organizations understand that a data-centric approach to security is critical and that these elevated risks are expected to be here for the long-term, we have seen continued customer engagement and inbound interest, with some of this interest converting into new business or the expansion of existing business.

The extent to which the COVID-19 pandemic impacts our business going forward will depend on numerous evolving factors that we cannot reliably predict, including the duration and scope of the pandemic; efficiency of available vaccines and the availability of such vaccines to the worldwide population; governmental, business, and individuals' actions in response to the pandemic; and the impact on economic activity including the possibility of recession or financial market instability. The uncertainty associated with the COVID-19 pandemic could affect management’s accounting estimates and assumptions, which in turn could result in greater variability with forward-looking guidance. For a discussion of certain risks associated with the COVID-19 pandemic, please refer to the section under the caption “Risk factors” below.

Stock Split

On February8, 2021, we announced a three-for-one split of our common stock to stockholders of record as of the close of business on March12, 2021. Trading of our common stock will begin on a split-adjusted basis on March15, 2021. Common stock and per share data in this prospectus supplement have not been adjusted for the impact of the split.

S-12

Corporate information

We were incorporated as a Delaware corporation in November 2004. Our principal executive office is located at 1250 Broadway, 29th Floor, New York, New York 10001. The telephone number at our principal executive office is (877) 292-8767. Our website address is www.varonis.com. We do not incorporate the information on, or accessible through, our website into this prospectus supplement, and you should not consider any information on, or that can be accessed through our website as part of this prospectus supplement. We have included our website address in this prospectus supplement solely for informational purposes.

We use various trademarks and trade names in our business, including, without limitation, “Varonis,” “DatAdvantage,” “DataPrivilege,” “DatAlert,” “DatAnywhere,” “Metadata Framework,” and “Data Transport Engine.” This prospectus supplement also contains trademarks and trade names of other businesses that are the property of their respective holders. We have omitted the ® and ™ designations, as applicable, for the trademarks we name in this prospectus supplement.

S-13

Summary risk factors

Our business faces significant risks. In addition to the summary below, you should carefully review the information under the caption “Risk Factors.” We may be subject to additional risks and uncertainties not presently known to us or that we currently deem immaterial. Our business, financial condition and results of operations could be materially adversely affected by any of these risks, and the trading prices of our common stock could decline by virtue of these risks. These risks should be read in conjunction with the other information in this prospectus supplement and the accompanying prospectus. Some of the more significant risks relating to our business include:

• Risks related to the industry in which we operate, which may adversely affect our business and results of operations and growth and the sale of our products, including (i) potential limited growth ability of the market for the enterprise software; (ii) prolonged economic uncertainties or downturns; (iii) an increased competition in our market; and (iv) a failure to comply with legal requirements, contractual obligations and industry standards regarding security, data protection and privacy we are subject to.

• Risks related to our operations, which may adversely affect our business and results of operations and growth and the sale of our products, including (i) the effects of the recent global COVID-19 outbreak on our business and our customers; (ii) security breaches, cyberattacks or other cyber-risks of our IT systems; (iii) fluctuation in our quarterly results of operations due to variability in our revenues; (iv) a failure of our subscription-based business model to yield the benefits that we expect; (v) a decline and fluctuation in our customer renewal rates, which may result in a decline in our revenues and earnings; (vi) a failure to manage our business growth effectively; (vii) difficulties to evaluate and predict our future prospects and our ability to forecast our future operating results; (viii) our inability to attract new customers and expand sales to existing customers, both domestically and internationally; (ix) inability to be profitable in the future; (x) inability to maintain successful relationships with our channel partners; (xi) collection and credit risks; (xii) as related to substantial currency exchange rates fluctuation; (xiii) a failure to maintain or enhance our brand recognition or reputation; (xiv) a failure to maintain and increase our sales to customers in the public sector; (xv) failure to meet export and import controls, to which we are subject, which, in addition, could subject us to liability or impair our ability to compete in international markets; (xvi) increase in risks associated with our international activities where we have a business in countries with a history of corruption and where we have transactions with foreign governments; and (xvii) risks associated with acquisitions of other entities or business.

• Risks related to human capital, which could adversely affect our results of operations and growth prospects, including; (i) a failure to maintain sales and marketing personnel productivity and a failure to hire and integrate additional sales and marketing personnel; (ii) a failure to retain, attract and recruit highly qualified personnel; and (iii) cessation of our co-founder, Chief Executive Officer and President’s services.

• Risks related to our technology, products, services and intellectual property, which could adversely affect sales of our products or future results of operations or business, including (i) a failure to continually enhance and improve our technology; (ii) our customer’s decision not to renew their subscription licenses or maintenance and support agreements or not to buy future products due to dissatisfactory from our technical support, customer success or professional services; (iii) a failure of the products in our platform to satisfy customers or to achieve increased market acceptance; (iv) interruptions or performance problems, including to our website or support website; (v) security breach of our software; (vi) as related to use of open source software, which in addition could negatively affect our ability to sell our software and subject us to possible litigation; and (vii) a false detection of security breaches, false identification of malicious sources or misidentification of sensitive or regulated information.

• Risks related to our tax regime, including (i) significant change in our effective tax rate, due to fluctuations in our stock price and its impact on the tax effects of the accounting for stock-based compensation; (ii) our ability to fully utilize our net operating loss carryforwards; (iii) our provision for income taxes or adverse

S-14

outcomes resulting from examination of our income tax returns; and (iv) the adoption of the U.S. tax reform and the enactment of additional legislation changes.

• Risks related to our 1.25% convertible senior notes due in 2025 (the “2025 Notes”) and our credit and security agreement with KeyBank National Association and other parties (the “Credit Facility”), including (i) decrease in our business flexibility and access to capital and increase of our borrowing costs, due to the substantial debt we incurred so far and which may further incur in the future; (ii) ability to raise additional capital and burden on our future cash resources, particularly if we elect to settle our debt obligations in cash upon conversion or upon maturity or required repurchase; (iii) restrictive and financial covenants in our Credit Facility that may limit our operating flexibility; (iv) inability to comply with restrictive and financial covenants in our Credit Facility that may result in an acceleration of payment of funds that have been borrowed; (v) dilution of our existing stockholders and potentially adversely affect the market price of our common stock due to the issuance of shares in connection with conversions of the 2025 Notes; (vi) a delay or prevention of a takeover attempt of the Company due to certain provisions under the 2025 Notes; (vii) accounting method applicable to the 2025 Notes, which could have a material effect on our reported financial results; (viii) an adverse effect on the value of the 2025 Notes and our common stock due to the capped call transactions; and (ix) default of all or some of the financial institutions which are counterparties to the capped call transactions, as a result of which the protection under the capped call transactions shall not be available to us.

• Risks related to our operations in Israel, including (i) certain conditions related to Israel since its establishment, which may limit our ability to develop and sell our products, and (ii) unavailability of certain tax benefits which were available to our Israeli subsidiary, or failure to meet certain conditions required to enjoy tax benefits.

• Risks related to our ownership of our common stock, including (i) substantial future sales of shares of our common stock, which could cause the market price of our common stock to decline; (ii) as we do not intend to pay dividend on our common stock, the return on investment might be limited to the value of our stock; and (iii) acquisition of our Company, which may be beneficial to our stockholders, might be more difficult due to anti-takeover provisions in our charter documents and under Delaware law and provisions in the indenture for the 2025 Notes and Credit Facility, which may also prevent attempts by our stockholders to replace or remove our current management.

• Risks related to this offering, including (i) our management’s broad discretion to determine how to use the funds raised in this offering, potentially in ways that may not enhance our operating results or the price of our common stock; and (ii) additional financing or future equity issuances may result in future dilution to our stockholders.

• General risk factors, which could substantially harm our business, including: (i) a failure to protect our proprietary technology and intellectual property rights; (ii) real or perceived errors, failures or bugs in our software; (iii) risks related to international operations; (iv) the lack of available capital on acceptable terms to support our business growth; (v) risks of fire, power outages, floods, earthquakes, pandemics and other catastrophic events, and interruption by manmade problems such as terrorism; (vi) changes in financial accounting standards, which may cause adverse and unexpected revenue fluctuations and impact our reported results of operations; (vii) volatility in the price of our common stock; (viii) the lack of published research or reports about our business the publish of negative reports about our business, which may adversely impact our stock price and trading volume; (ix) being a public company which subjects us to reporting requirements may strain our resources, divert management’s attention and affect our ability to attract and retain executive management and qualified board members; (x) internal control over financial reporting might not be determined to be effective, which may adversely affect investor confidence in our company and, as a result, the value of our common stock; and (xi) dilution of the percentage ownership of our stockholders that could cause our stock price to decline, due to future sales and issuances of our capital stock or rights to purchase capital stock.

S-15

Summary consolidated financial and other data

The following tables summarize our consolidated financial data. We have derived the summary consolidated statement of operations data for the years ended December31, 2018, 2019, and 2020 and the summary consolidated balance sheet data as of December31, 2019 and 2020 from our audited consolidated financial statements included in the 2020 Form 10-K, which is incorporated by reference herein. We have derived the summary consolidated balance sheet data as of December31, 2018 from our prior audited consolidated financial statements, which are not incorporated by reference herein. Our historical results are not necessarily indicative of the results to be expected in the future.

The following summary consolidated financial data should be read in conjunction with the section titled “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and our consolidated financial statements and related notes included in our 2020 Form 10-K which is incorporated by reference in this prospectus supplement and the accompanying prospectus.

	Year Ended December 31,
	2018			2019			2020
	(in thousands, except share and per share data)
Consolidated statement of operations data:
Revenues:
Subscriptions	$	8,750		$	76,730		$	161,188
Perpetual licenses		139,578			42,093			1,473
Maintenance and services		121,960			135,367			130,028
Total revenues		270,288			254,190			292,689
Cost of revenues(1)		27,683			35,144			44,261
Gross profit		242,605			219,046			248,428
Operating costs and expenses:
Research and development(1)		69,971			80,764			99,363
Sales and marketing(1)		168,309			169,898			179,902
General and administrative(1)		33,460			44,371			47,578
Total operating expenses		271,740			295,033			326,843
Operating loss		(29,135	)		(75,987	)		(78,415	)
Financial income (expenses), net		970			(389	)		(7,483	)
Loss before income taxes		(28,165	)		(76,376	)		(85,898	)
Income taxes		(413	)		(2,388	)		(8,112	)
Net loss	$	(28,578	)	$	(78,764	)	$	(94,010	)
Net loss per share of common stock, basic and diluted	$	(0.98	)	$	(2.60	)	$	(2.99	)
Weighted average shares used to compute net loss per share attributable to common stockholders, basic and diluted		29,020,645			30,257,410			31,445,631

S-16

(1)  Includes non-cash stock-based compensation expenses and payroll tax expense related to stock-based compensation as follows:

	Year Ended December 31,
	2018		2019		2020
	(in thousands)
Stock-based compensation expenses:
Cost of revenues	$	1,757	$	2,561	$	5,013
Research and development		9,645		13,188		21,979
Sales and marketing		16,081		14,782		25,578
General and administrative		7,478		15,608		16,015
Total stock-based compensation expenses	$	34,961	$	46,139	$	68,585

	Year Ended December 31,
	2018		2019		2020
	(in thousands)
Payroll tax expense related to stock-based compensation:
Cost of revenues	$	363	$	235	$	300
Research and development		180		162		333
Sales and marketing		3,135		1,908		2,789
General and administrative		297		343		471
Total payroll tax expense related to stock-based compensation	$	3,975	$	2,648	$	3,893

	As of December 31,
	2018		2019		2020
					Actual		As Adjusted(1)
	(in thousands)
Consolidated balance sheet data:
Cash, cash equivalents, marketable securities and short-term deposits	$	158,915	$	120,460	$	298,262	$	686,762
Working capital(2)		112,750		55,297		237,213		625,713
Total assets		284,978		318,312		555,482		943,982
2025 Notes(3)		—		—		253,000		253,000
Secured line of credit(4)		—		—		—		—
Deferred revenues, current and long-term		94,216		101,435		101,366		101,366
Total stockholders’ equity	$	125,370	$	93,532	$	94,071	$	482,571
Total capitalization	$	125,370	$	93,532	$	94,071	$	482,571

(1)  As adjusted (a) gives effect to (1) the issuance and sale of 2,813,644shares of our common stock in this offering based on an assumed public offering price of $183.18 per share, the last reported sale price of our common stock on The Nasdaq Global Select Market on February 8, 2021 (assuming no exercise of the underwriters’ option to acquire additional shares) and the receipt of an estimated $388.5 million in net proceeds therefrom, after deducting the underwriters’ discount and estimated offering expenses payable by us and (b) assumes the remaining net proceeds are held as cash and cash equivalents, marketable securities or short-term deposits.

(2) Calculated by subtracting total current liabilities from total current assets.

(3) In accordance with Accounting Standards Codification 470-20, “Debt — Debt with Conversion and Other Options” (“ASC 470-20”) convertible debt that may be wholly or partially settled in cash is required to be separated into a liability and an equity component, such that interest expense reflects the issuer’s non-convertible debt interest rate. Upon issuance, a debt discount is recognized as a decrease

S-17

in debt and an increase in additional paid-in capital. The debt component will accrete up to the principal amount over the expected term of the debt. ASC 470-20 does not affect the actual amount that we are required to repay, and the amount shown in the table above for the notes is the aggregate principal amount of the 2025 Notes and does not reflect the debt discount that we recognize or the increase in additional paid-in capital (or the corresponding increase to stockholders’ equity and total capitalization) reflected in our consolidated balance sheet.

(4) As of December 31, 2020, we had $70.0 million of availability and no debt outstanding under a secured line of credit with KeyBank National Association. For more information, see “Management’s Discussion and Analysis of Financial Condition and Results of Operations — Liquidity and Capital Resources — Revolving Credit Facility” in our 2020 Form 10-K incorporated herein by reference.

S-18

Key financial and operating metrics

In addition to our financial results, we monitor the following metrics, which include non-GAAP financial measures, along with other financial and operating metrics, to help us measure and evaluate the effectiveness of our operations:

	Year Ended December 31,
	2018		2019			2020
	(in thousands)
Non-GAAP operating income (loss)(1)	$	9,801	$	(27,200	)	$	(4,448	)
Non-GAAP net income (loss)(1)	$	10,932	$	(27,752	)	$	(7,655	)
Annual recurring revenues (as of period end)(2)	$	130,300	$	210,500		$	287,300

	Year Ended December 31,
	2018	2019	2020
Subscription revenues as % of total license revenues(3)	6%	65%	99%
% of customers with 500 employees or more purchasing four or more licenses at end of period	42%	54%	63%
% of customers with 500 employees or more purchasing six or more licenses at end of period	13%	20%	30%

(1)  Non-GAAP operating income (loss) and non-GAAP net income (loss) are non-GAAP financial measures. We define non-GAAP operating income as operating income (loss) excluding (i) stock-based compensation expense, (ii) payroll tax expense related to stock-based compensation, (iii) amortization of acquired intangible assets, and (iv) acquisition-related expenses. We define non-GAAP net income (loss) as net income (loss) excluding (i) stock-based compensation expense, (ii) payroll tax expense related to stock-based compensation, (iii) amortization of acquired intangible assets, (iv) acquisition-related expenses, (v) foreign exchange gains (losses), which for 2019 and 2020 includes exchange rate differences on lease contracts as a result of the implementation of ASC 842, “Leases,” effective as of January 1, 2019, (vi) amortization of debt discount and issuance costs, and (vii) acquisition-related taxes.

We believe that the exclusion of these expenses provides a more meaningful comparison of our operational performance from period to period and offers investors and management greater visibility to the underlying performance of our business. Specifically:

• Stock-based compensation expenses utilize varying available valuation methodologies, subjective assumptions and a variety of equity instruments that can impact a company's non-cash expense;

• Payroll taxes are tied to the exercise or vesting of underlying equity awards and the price of our common stock at the time of vesting or exercise, factors which may vary from period to period;

• Acquired intangible assets are valued at the time of acquisition and are amortized over an estimated useful life after the acquisition;

• Acquisition-related expenses are unrelated to current operations and neither are comparable to the prior period nor predictive of future results;

• We incur foreign exchange gains or losses from the revaluation of our significant operating lease liabilities in foreign currencies as well as other assets and liabilities denominated in non-U.S. dollars, which may vary from period to period;

• Amortization of debt discount and debt issuance costs, which relate to the 2025 Notes, is a non-cash item; and

• Acquisition-related taxes are unrelated to current operations and neither are comparable to the prior period nor predictive of future results.

S-19

The following tables reconcile each of operating income (loss) and net income (loss), the most directly comparable U.S. GAAP measure, to non-GAAP operating income and non-GAAP net income, respectively, for the periods presented:

	Year Ended December 31,
	2018			2019			2020
	(in thousands)
Reconciliation to non-GAAP operating income (loss):
Operating loss	$	(29,135	)	$	(75,987	)	$	(78,415	)
Add back:
Stock-based compensation expense		34,961			46,139			68,585
Payroll tax expenses related to stock-based compensation		3,975			2,648			3,893
Amortization of acquired intangible assets		—			—			264
Acquisition-related expenses		—			—			1,225
Non-GAAP operating income (loss)	$	9,801		$	(27,200	)	$	(4,448	)

	Year Ended December 31,
	2018		2019			2020
	(in thousands)
Reconciliation to non-GAAP net income (loss):
Net loss	$	(28,578)	$	(78,764)		$	(94,010)
Add back:
Stock-based compensation expense		34,961		46,139			68,585
Payroll tax expenses related to stock-based compensation		3,975		2,648			3,893
Amortization of acquired intangible assets		—		—			264
Acquisition-related expenses		—		—			1,225
Foreign exchange rate differences		574		2,225			1,726
Amortization of debt discount and issuance costs		—		—			4,096
Acquisition-related taxes		—		—			6,566
Non-GAAP net income (loss)	$	10,932	$	(27,752	)	$	(7,655	)

We believe that each of our non-GAAP financial measures is an important tool for financial and operational decision making and for evaluating our own operating results over different periods of time. The non-GAAP financial measures do not represent our financial performance under U.S. GAAP and should not be considered as alternatives to operating income (loss) or net income (loss) or any other performance measures derived in accordance with GAAP. Non-GAAP financial measures may not provide information that is directly comparable to that provided by other companies in our industry, as other companies in our industry may calculate non-GAAP financial results differently, particularly related to non-recurring, unusual items. In addition, there are limitations in using non-GAAP financial measures because the non-GAAP financial measures are not prepared in accordance with GAAP, and exclude expenses that may have a material impact on our reported financial results. Further, stock-based compensation expense and payroll tax expense related to stock-based compensation have been, and will continue to be for the foreseeable future, significant recurring expenses in our business and an important part of the compensation provided to our employees. Also, the amortization of acquired intangible assets are expected recurring expenses over the estimated useful life of the underlying intangible asset and acquisition-related expenses will be incurred to the extent acquisitions are made in the future. Additionally, foreign exchange rates may fluctuate from one period to another, and we do not estimate movements in foreign currencies. Finally, the amortization of debt discount and debt issuance costs are expected recurring expenses until the maturity of the 2025 Notes. The presentation of non-GAAP financial information is not meant to be considered in isolation or as a substitute for the directly comparable financial measures prepared in accordance with GAAP.

(2) Annual recurring revenues, or ARR, is a key performance indicator defined as the annualized value of active term-based subscription license contracts and maintenance contracts related to perpetual licenses in effect at the end of that period. Subscription license contracts and maintenance for perpetual license contracts are annualized by dividing the total contract value by the number of days in the term and multiplying the result by 365. The annualized value of contracts is a legal and contractual determination made by assessing the contractual terms with our customers. The annualized value of maintenance contracts is not determined by reference to historical revenues, deferred revenues or any other GAAP financial measure over any period. ARR is not a forecast of future revenues, which can be impacted by contract start and end dates and renewal rates.

(3) Total license revenues are calculated by adding subscription revenues and perpetual license revenues in the consolidated statement of operations.

S-20

The offering

Issuer	Varonis Systems, Inc.
Common stock offered by us	$400.0million of shares of common stock (or $460.0million of shares if the underwriters exercise in full their option to purchase additional shares as described below).
Option to purchase additional shares	We have granted the underwriters an option to purchase up to an additional $60.0million of shares of common stock. The underwriters may exercise this option at any time within 30 days from the date of this prospectus supplement. See “Underwriting.”
Common stock outstanding after giving effect to this offering	34,002,599shares (or 34,330,145shares if the underwriters exercise their option to purchase additional shares in full) based on an assumed public offering price of $183.18 per share, the last reported sale price of our common stock on The Nasdaq Global Select Market on February8, 2021.
Use of proceeds	We estimate that our net proceeds from this offering will be approximately $388.5million (or approximately $446.8million if the underwriters exercise their option to purchase additional shares in full), after deducting the underwriting discount and estimated offering expenses payable by us. We intend to use the net proceeds from this offering for general corporate purposes, including working capital and capital expenditures, and for potential acquisitions, including complementary businesses, technologies or assets. We do not have agreements or commitments to enter into any acquisitions at this time.
Listing	Our common stock is listed on The Nasdaq Global Select Market under the trading symbol “VRNS.”
Risk factors	You should read the section titled “Risk factors” beginning on page S-23 of this prospectus supplement and page 4 of the accompanying prospectus, and other information included or incorporated by reference in this prospectus supplement and the accompanying prospectus for a discussion of some of the risks and uncertainties that you should carefully consider before deciding to invest in our common stock.

Except as otherwise stated in this prospectus supplement, the number of shares of our common stock to be outstanding immediately after the closing of this offering is based on 31,818,954shares of common stock outstanding as of December31, 2020, and excludes as of that date: (a) 491,924shares of common stock reserved for issuance under our employee stock purchase plan; (b) 3,475,387shares of common stock reserved for issuance under our equity incentive plans, of which (i) 352,121shares of common stock are issuable upon exercise of options awarded and outstanding at a weighted average exercise price of $20.59, and (ii) 2,797,913shares of common stock are issuable upon vesting of restricted stock units, or RSUs, and earned and unvested performance stock units, or PSUs; and (c) shares of common stock issuable upon conversion

S-21

of our $253million aggregate principal amount of the 2025 Notes, which are convertible in certain limited circumstances at a conversion price of $92.12 per share, subject to adjustment.

Except as otherwise indicated, all information in this prospectus supplement:

• does not assume or give effect to the purchase of common stock under our employee stock purchase plan, the exercise of options or the vesting of RSUs and earned PSUs outstanding, or the conversion of any 2025 Notes, in each case, after December31, 2020;

• reflects an assumed public offering price of $183.18 per share of common the last reported sale price of our common stock on The Nasdaq Global Select Market on February8, 2021; and

• assumes no exercise of the underwriters’ option to purchase $60.0million of additional shares of common stock in this offering.

S-22

Risk factors

Investing in our securities involves risks. You should carefully consider the risks and uncertainties described below and in the “Risk Factors” section of the 2020 Form 10K4 (incorporated by reference in this prospectus supplement and the accompanying prospectus), and any other reports that we may file from time to time with the SEC, and all other information contained or incorporated by reference into this prospectus supplement and the accompanying prospectus, as updated by our subsequent filings under the Exchange Act, before investing in any of our securities. See “Incorporation of certain documents by reference” in this prospectus supplement and “Where you can find more information” in the accompanying prospectus.

Risks Related to the Industry in which we Operate

The market for software that analyzes, secures, governs, manages and migrates enterprise data is new and unproven and may not grow.

We believe our future success depends in large part on the growth of the market for software that enables enterprises to analyze, secure, govern, manage and migrate their data. In order for us to market and sell our products, we must successfully demonstrate to enterprise IT, security and business personnel the potential value of their data and the risk of that data getting compromised or stolen. We must persuade them to devote a portion of their budgets to a unified platform that we offer to protect, secure, govern, manage and extract value from this resource. We cannot provide any assurance that enterprises will recognize the need for our products or, if they do, that they will decide that they need a solution that offers the range of functionalities that we offer. Software solutions focused on enterprise data may not yet be viewed as a necessity, and accordingly, our sales effort is and will continue to be focused in large part on explaining the need for, and value offered by, our solution. We can provide no assurance that the market for our solution will continue to grow at its current rate or at all. The failure of the market to develop would materially adversely impact our results of operations.

Prolonged economic uncertainties or downturns could materially adversely affect our business.

Our business depends on our current and prospective customers' ability and willingness to invest in IT services, including cybersecurity projects, which in turn is dependent upon their overall economic health. Negative conditions in the general economy both in the United States and abroad, including conditions resulting from COVID-19, similar to the negative impact on our results of operations we experienced at the early stages of the pandemic in the last two weeks of the first quarter in 2020, changes in gross domestic product growth, potential future government shutdowns, the federal government's failure to raise the debt ceiling, financial and credit market fluctuations, the imposition of trade barriers and restrictions such as tariffs, political deadlock, restrictions on travel, natural catastrophes, warfare and terrorist attacks, could cause a decrease in business investments, including corporate spending on enterprise software in general and negatively affect the rate of growth of our business.

Uncertainty in the global economy makes it extremely difficult for our customers and us to forecast and plan future business activities accurately. This could cause our customers to reevaluate decisions to purchase our product or to delay their purchasing decisions, which could lengthen our sales cycles.

We have a significant number of customers across a variety of verticals, some of which are impacted significantly by the economic turmoil caused by the COVID-19 pandemic. A downturn in any of our leading industries, or a reduction in any revenue-generating vertical, may cause enterprises to react to worsening conditions by reducing their spending on IT. Customers may delay or cancel IT projects, choose to focus

​4        NTD: Printer to add hyperlink based on SEC rules on incorporation by reference.

S-23

on in-house development efforts or seek to lower their costs by renegotiating maintenance and support agreements. To the extent purchases of licenses for our software are perceived by customers and potential customers to be discretionary, our revenues may be disproportionately affected by delays or reductions in general IT spending. In addition, the increased pace of consolidation in certain industries may result in reduced overall spending on our software. If the economic conditions of the general economy or industries in which we operate worsen from present levels, our business, results of operations and financial condition could be adversely affected.

We may face increased competition in our market.

While there are some companies which offer certain features similar to those embedded in our solutions, as well as others with whom we compete in certain tactical use cases, we believe that we do not currently compete with a company that offers the same breadth of functionalities that we offer in a single integrated solution. Nevertheless, we do compete against a select group of software vendors that provide standalone solutions, similar to those found in our comprehensive software suite, in the specific markets in which we operate. We also face direct competition with respect to certain of our products, specifically Data Transport Engine, DatAnswers and DatAdvantage for Directory Services. As we continue to augment our functionality with insider threat detection and user behavior analytics and as we expand our classification capabilities to better serve compliance needs, such as GDPR, CCPA and other data privacy laws, we may face increased perceived and real competition from other security and classification technologies. As we expand our coverage and penetration in the cloud, we may face increased perceived and real competition from other cloud-focused technologies. In the future, as customer requirements evolve and new technologies are introduced, we may experience increased competition if established or emerging companies develop solutions that address the enterprise data market. Furthermore, because we operate in a relatively new and evolving area, we anticipate that competition will increase based on customer demand for these types of products.

In particular, if a more established company were to target our market, we may face significant competition. They may have competitive advantages, such as greater name recognition, larger sales, marketing, research and acquisition resources, access to larger customer bases and channel partners, a longer operating history and lower labor and development costs, which may enable them to respond more quickly to new or emerging technologies and changes in customer requirements or devote greater resources to the development, promotion and sale of their products than we do. Increased competition could result in us failing to attract customers or maintain licenses at the same rate. It could also lead to price cuts, alternative pricing structures or the introduction of products available for free or a nominal price, reduced gross margins, longer sales cycles, lower renewal rates and loss of market share.

In addition, our current or prospective channel partners may establish cooperative relationships with any future competitors. These relationships may allow future competitors to rapidly gain significant market share. These developments could also limit our ability to obtain revenues from existing and new customers.

Our ability to compete successfully in our market will also depend on a number of factors, including ease and speed of product deployment and use, the quality and reliability of our customer service and support, total cost of ownership, return on investment and brand recognition. Any failure by us to successfully address current or future competition in any one of these or other areas may reduce the demand for our products and adversely affect our business, results of operations and financial condition.

S-24

We are subject to a number of legal requirements, contractual obligations and industry standards regarding security, data protection and privacy, and any failure to comply with these requirements, obligations or standards could have an adverse effect on our reputation, business, financial condition and operating results.

Privacy and data information security have become a significant issue in the United States and in many other countries where we have employees and operations and where we offer licenses to our products. The regulatory framework for privacy and personal information security issues worldwide is rapidly evolving and is likely to remain uncertain for the foreseeable future. The U.S. federal and various state and foreign government bodies and agencies have adopted or are considering adopting laws and regulations limiting, or laws and regulations regarding, the collection, distribution, use, disclosure, storage and security of personal information. For example, the CCPA, which went into effect on January1, 2020, requires, among other things, covered companies to provide new disclosures to California consumers and afford such consumers new abilities to opt-out of certain sales of personal information.

Internationally, virtually every jurisdiction in which we operate has established its own data security and privacy legal framework with which we or our customers must comply. Laws and regulations in these jurisdictions apply broadly to the collection, use, storage, disclosure and security of data that identifies or may be used to identify or locate an individual, such as names, email addresses and, in some jurisdictions, Internet Protocol addresses. These laws and regulations often are more restrictive than those in the United States and are rapidly evolving. For example, the EU data protection regime, the GDPR became enforceable on May25, 2018. Additionally, the United Kingdom enacted legislation in May 2018 that substantially implements the GDPR, but the United Kingdom's exit from the EU (which formally occurred on January31, 2020), commonly referred to as “Brexit,” has created uncertainty with regard to the regulation of data protection in the United Kingdom. In particular, it is unclear how data transfers to and from the United Kingdom will be regulated following Brexit. Complying with the GDPR or other laws, regulations or other obligations relating to privacy, data protection or information security may cause us to incur substantial operational costs or require us to modify our data handling practices. Non-compliance could result in proceedings against us by governmental entities or others, could result in substantial fines or other liability and may otherwise adversely impact our business, financial condition and operating results.

Some statutory requirements, both in the United States and abroad, include obligations of companies to notify individuals of security breaches involving particular personal information, which could result from breaches experienced by us or our service providers. Even though we may have contractual protections with our service providers, a security breach could impact our reputation, harm our customer confidence, hurt our sales or cause us to lose existing customers and could expose us to potential liability or require us to expend significant resources on data security and in responding to such breach.

In addition to government regulation, privacy advocates and industry groups may propose new and different self-regulatory standards that either legally or contractually apply to us. We also expect that there will continue to be new proposed laws and regulations concerning privacy, data protection and information security, and we cannot yet determine the impact such future laws, regulations and standards may have on our business. New laws, amendments to or re-interpretations of existing laws and regulations, industry standards, contractual obligations and other obligations may require us to incur additional costs and restrict our business operations. Because the interpretation and application of laws and other obligations relating to privacy and data protection are still uncertain, it is possible that these laws and other obligations may be interpreted and applied in a manner that is inconsistent with our existing data management practices or the features of our software. If so, in addition to the possibility of fines, lawsuits and other claims, we could be required to fundamentally change our business activities and practices or modify our software, which could have an adverse effect on our business. We may be unable to make such changes and modifications in a commercially reasonable manner or at all, and our ability to develop new features could be limited. Any

S-25

inability to adequately address privacy concerns, even if unfounded, or comply with applicable privacy or data protection laws, regulations and policies, could result in additional cost and liability to us, damage our reputation, inhibit sales and adversely affect our business.

Furthermore, the costs of compliance with, and other burdens imposed by, the laws, regulations and policies that are applicable to the businesses of our customers may limit the use and adoption of, and reduce the overall demand for, our products. Privacy and personal information security concerns, whether valid or not valid, may inhibit market adoption of our products particularly in certain industries and foreign countries.

Risks Related to our Operations

The recent global COVID-19 outbreak has had, and could continue to have, harmful effects on our business and results of operations.

The COVID-19 pandemic and efforts to control its spread have significantly curtailed the movement of people, goods and services worldwide, including in most or all of the regions in which we sell our products and services and conduct our business operations. Internationally and domestically, federal, state, and local governments have taken a variety of actions to contain the spread of COVID-19. Many jurisdictions have required mandatory business closures, or imposed capacity limitations and other restrictions affecting our operations. At the end of the first quarter of 2020, we closed our offices and instructed employees to work remotely as a precautionary measure intended to minimize the risk of the virus to them, our customers, partners and the communities in which we operate. Since that time, we have complied with state and local requirements and have been opening and closing our offices based on these guidelines and recommendations. To the extent there are extended restrictions or closures, this may adversely affect economies and financial markets globally, leading to an economic downturn. Our operations, and the operations of our customers and partners, have been disrupted and may continue to be so for a period of time that cannot currently be predicted.

The move to remote working has not to date materially impacted our business operations and research and development activity; however, if our employees will not be able to continue working effectively as a result of the COVID-19 pandemic, including because of illness, quarantines, office closures, ineffective remote work arrangements or technology failures or limitations, our operations would be adversely impacted. Further, as recently seen in many places around the world, remote work arrangements may increase the risk of cybersecurity incidents, data breaches or cyber-attacks, which could have a material adverse effect on our business and results of operations, due to, among other things, the loss of proprietary data, interruptions or delays in the operation of our business, damage to our reputation and any government imposed penalty. While the move to remote working and virtual-only customer experience has not to date adversely impacted our sales, we have had to postpone or cancel customer and industry events or conduct them virtually, and we cannot predict with certainty the impact these changes may have on our sales.

Corporate expenditures are also subject to elevated scrutiny in the current environment and may lead to longer sales cycles. The pandemic, and its impact on our customers, has also made it more difficult to predict our future performance and we expect it will continue to be more challenging to estimate the pipeline conversion rates due to the economic uncertainty, and there is a greater risk that any guidance we provide to the market may turn out to be incorrect. We therefore cannot predict whether potential decreases in sales will be offset in subsequent periods by increased sales.

Additionally, concerns over the economic impact of COVID-19 have caused extreme volatility in financial and other capital markets which have temporarily adversely impacted, and may in the future adversely impact, our stock price.

S-26

Overall, and in addition to other risks discussed in this prospectus supplement, the COVID-19 pandemic gives rise to a number of risks, including, but not limited to, the following:

• our ability to expand within our existing customer base, including through the adoption of additional licenses;

• reduced economic activity which could lead to a prolonged recession, which could negatively impact consumer discretionary spending and in return could severely impact our business operations, financial condition and liquidity;

• our ability to continue to show the positive trends at the levels we have shown in the last several quarters for certain key performance metrics, such as renewal rates, ARR and dollar-based net retention rate;

• negatively affect our customer success efforts, our ability to enter into new markets and our ability to acquire new customers, in part due to potentially lower conversion rates on risk assessments and delay and lengthen our sales cycles due to virtual meetings;

• a reduction in the number of users as customers terminate and furlough employees;

• an increase in bad debt reserves as customers face economic hardship and collectability becomes more uncertain, including the risk of bankruptcies;

• our ability to timely retain, attract and recruit employees;

• a reduction in our operating effectiveness, employee productivity, sales and marketing efforts, as our employees work from home;

• potential negative impact on the health of our personnel and staff, particularly if a significant number of them are impacted, which could result in a deterioration in our ability to ensure business continuity during this disruption;

• our ability to remotely develop new products and enhance existing products; and

• our ability to raise capital.

These factors may make it more difficult for us to gain new customers and to expand within our existing customer base. While our revenues increased for the year ended December31, 2020 compared to the year ended December31, 2019, we may face future difficulties in gaining new customers and expanding within our existing customer base, similar to those difficulties we experienced during the last two weeks of the first quarter of 2020.

The full impact of COVID-19 on our business and our future performance is difficult to predict and there is some level of risk that any guidance we provide to the market may turn out to be incorrect. The challenges posed by COVID-19 on our business are uncertain and we will continue to evaluate our financial position in light of future developments, particularly those relating to COVID-19.

Security breaches, cyberattacks or other cyber-risks of our IT and production systems could expose us to significant liability and cause our business and reputation to suffer and harm our competitive position.

Our corporate infrastructure stores and processes our sensitive, proprietary and other confidential information (including as related to financial, technology, employees, marketing, sales, etc.) which is used on a daily basis in our operations. In addition to that, our software involves transmission and processing of our customers' confidential, proprietary and sensitive information. We have legal and contractual obligations to protect the confidentiality and appropriate use of customer data. Being a leading pioneer in the cyber industry, we may be an attractive target for cyber attackers or other data thieves.

S-27

High-profile cyberattacks and security breaches have increased in recent years, with the potential for such acts heightened as a result of the number of employees working remotely due to COVID-19. Security industry experts and government officials have warned about the risks of hackers and cyberattacks targeting IT products and enterprise infrastructure. Because techniques used to obtain unauthorized access or to sabotage systems change frequently and often are not recognized until launched against a specific target, we may be unable to anticipate these techniques or to implement adequate preventative measures. As we continue to increase our client base and expand our brand, we may become more of a target for third parties seeking to compromise our security systems and we anticipate that hacking attempts and cyberattacks will increase in the future. We cannot give assurance that we will always be successful in preventing or repelling unauthorized access to our systems. We also may face delays in our ability to identify or otherwise respond to any cybersecurity incident or any other breach. Additionally, we use third-party service providers to provide some services to us that involve the storage or transmission of data, such as SaaS, cloud computing, and internet infrastructure and bandwidth, and they face various cybersecurity threats and also may suffer cybersecurity incidents or other security breaches. Despite our security measures, our IT and infrastructure may be vulnerable to attacks. Threats to IT security can take a variety of forms. Individual and groups of hackers and sophisticated organizations, including state-sponsored organizations or nation-states, continuously undertake attacks that pose threats to our customers and our IT. These actors may use a wide variety of methods, which may include developing and deploying malicious software or exploiting vulnerabilities in hardware, software, or other infrastructure in order to attack our products and services or gain access to our networks, using social engineering techniques to induce our employees, users, partners, or customers to disclose passwords or other sensitive information or take other actions to gain access to our data or our users' or customers' data, or acting in a coordinated manner to launch distributed denial of service or other coordinated attacks. Inadequate account security practices may also result in unauthorized access to confidential and/or sensitive data.

Security risks, including, but not limited to, unauthorized use or disclosure of customer data, theft of proprietary information, theft of intellectual property, theft of internal employee's PII/PHI information, theft of financial data and financial reports, loss or corruption of customer data and computer hacking attacks or other cyberattacks, could require us to expend significant capital and other resources to alleviate the problem and to improve technologies, may impair our ability to provide services to our customers and protect the privacy of their data, may result in product development delays, may compromise confidential or technical business information, may harm our competitive position, may result in theft or misuse of our intellectual property or other assets and could expose us to substantial litigation expenses and damages, indemnity and other contractual obligations, government fines and penalties, mitigation expenses, costs for remediation and incentives offered to affected parties, including customers, other business partners and employees, in an effort to maintain business relationships after a breach or other incident, and other liabilities. We are continuously working to improve our IT systems, together with creating security boundaries around our critical and sensitive assets. We provide advanced security awareness training to our employees and contractors that focuses on various aspects of the cybersecurity world. All of these steps are taken in order to mitigate the risk of attack and to ensure our readiness to responsibly handle any security violation or attack. However, because techniques used to obtain unauthorized access or to sabotage systems change frequently and generally are not recognized until successfully launched against a target, we may be unable to anticipate these techniques or to implement adequate preventative measures. If an actual or perceived breach of our security occurs, the market perception of the effectiveness of our security measures and our products could be harmed, we could lose potential sales and existing customers, our ability to operate our business could be impaired, and we may incur significant liabilities, and we could suffer harm to our reputation and competitive position, and our operating results could be negatively impacted.

S-28

Our quarterly results of operations have fluctuated and may fluctuate significantly due to variability in our revenues which could adversely impact our stock price.

Our revenues and other results of operations have fluctuated from quarter to quarter in the past and could continue to fluctuate in the future partially due to the front-loaded revenue recognition nature of our business. Additionally, we have a limited operating history under our new subscription model, which makes it difficult to forecast our results. As a result, comparing our revenues and results of operations on a period-to-period basis may not be meaningful, and should not be relied on for any particular past quarter or other period results. Our revenues depend in part on the conversion of enterprises that have undergone risk assessments, which can be and are frequently performed remotely, into paying customers; however, given the spread of COVID-19 and the impact on our prospects, these risk assessments may not be converted at the same historical rates. At the same time, the majority of our sales are typically made during the last three weeks of every quarter. We may fail to meet market expectations for that quarter if we are unable to close the number of transactions that we expect during this short period and closings are deferred to a subsequent quarter or not closed at all. In addition, our sales cycle from initial contact to delivery of and payment for the software license generally becomes longer and less predictable with respect to large transactions and often involves multiple meetings or consultations at a substantial cost and time commitment to us. The closing of a large transaction in a particular quarter may raise our revenues in that quarter and thereby make it more difficult for us to meet market expectations in subsequent quarters and our failure to close a large transaction in a particular quarter or any renewals may adversely impact our revenues in that quarter. Moreover, we base our current and future expense levels on our revenue forecasts and operating plans, and our expenses are relatively fixed in the short-term. Accordingly, we would likely not be able to reduce our costs sufficiently to compensate for an unexpected shortfall in revenues and even a relatively small decrease in revenues could disproportionately and adversely affect our financial results for that quarter.

The variability and unpredictability of these and other factors, many of which are outside of our control, could result in our failing to meet or exceed financial expectations for a given period. If our revenues or results of operations fall below the expectations of investors or any securities analysts that cover our stock, the price of our common stock could decline substantially.

If the transition to a subscription-based business model we have completed fails to continue yielding the benefits that we achieved, our results of operations could be negatively impacted.

We have completed our transition to a subscription-based business model but it is uncertain whether the expected benefits will continue. Market acceptance of our products is dependent on our ability to include functionality and usability that address certain customer requirements. Additionally, we must optimally price our products in light of marketplace conditions, our costs and customer demand. At the start of the transition, we suffered a negative revenue and earnings impact, including on our quarterly results of operations. Such negative implications might return if we are unable to achieve the renewals we anticipate, either at all or on a timely basis.

This subscription strategy may give rise to a number of risks, including the following:

• our revenues and cash flows may fluctuate more than anticipated over the short-term as a result of this strategy;

• if our customers do not renew their subscriptions or do not renew them on a timely basis (including due to substantial implication of the economic turmoil caused by the COVID-19 pandemic), our revenues may decline and our business may suffer;

• the shift to a subscription strategy may raise, and has raised, concerns among our customer base, including concerns regarding changes to pricing over time;

S-29

• we may be unsuccessful in maintaining or implementing our target pricing or new pricing models, product adoption and projected renewal rates, or we may select a target price or new pricing model that is not optimal and could negatively affect our sales or earnings;

• our sales force may struggle with the additional requirements of selling subscription which may lead to increased turnover rates and lower headcount;

• if new or current customers desire only perpetual licenses, our subscription sales may lag behind our expectations; and

• our relationships with existing partners that resell perpetual license products may be damaged.

We may not be able to predict subscription renewal rates and their impact on our future revenues and operating results.

Although our subscription solutions are designed to increase the number of customers that purchase our solutions and the number of products purchased by existing and new customers to create a recurring revenue stream that increases and is more predictable over time, our customers are not required to renew their subscriptions for our solutions and they may elect not to renew when, or as we expect, or they may elect to reduce the scope of their original purchases or delay their purchase. We cannot accurately predict renewal rates given our varied customer base of enterprise and small and medium size business customers and the number of multiyear subscription contracts. Customer renewal rates may decline or fluctuate due to a number of factors, including offering pricing, competitive offerings, customer satisfaction and reductions in customer spending levels or customer activity due to economic downturns including, but not limited to, the COVID-19 pandemic, the adverse impact of import tariffs or other market uncertainty. If our customers do not renew their subscriptions when or as we expect, or if they choose to renew for fewer subscriptions (in quantity or products) or renew for shorter contract lengths or if they renew on less favorable terms, our revenues and earnings may decline, and our business may suffer.

We have been growing and expect to continue to invest in our growth for the foreseeable future. If we fail to manage this growth effectively, our business and results of operations will be adversely affected.

We intend to continue to grow our business and plan to continue to hire new sales employees either for expansion or replacement of existing sales personnel. If we cannot adequately and timely hire new employees and if we fail to adequately train these new employees, including our sales force, engineers and customer support staff, which processes have become more challenging during the COVID-19 period, our sales may not grow at the rates we project and/or our sales productivity might suffer, our customers might decide not to renew or reduce the scope of their original purchases, or our customers may lose confidence in the knowledge and capability of our employees or products. We must successfully manage our growth to achieve our objectives. Although our business has experienced significant growth in the past, we cannot provide any assurance that our business will continue to grow at the same rate, or at all.

Our ability to effectively manage any significant growth of our business will depend on a number of factors, including our ability to do the following:

• adequately and timely recruit, train, motivate and integrate new employees, including our sales force and engineers, while retaining existing employees, maintaining the beneficial aspects of our corporate culture and effectively executing our business plan, especially during this challenging period of the COVID-19 pandemic;

• satisfy existing customers and attract new customers;

S-30

• successfully manage and integrate our acquisition and any future acquisitions of businesses, including our recent acquisition, and including, without limitation, the amount and timing of expenses and potential future charges for impairment of goodwill from acquired companies;

• successfully introduce new products and enhancements;

• effectively manage existing channel partnerships and expand to new ones;

• improve our key business applications and processes to support our business needs;

• enhance information and communication systems to ensure that our employees and offices around the world are well-coordinated and can effectively communicate with each other and our growing customer base;

• enhance our internal controls to ensure timely and accurate reporting of all of our operations and financial results;

• protect and further develop our strategic assets, including our intellectual property rights;

• make sound business decisions in light of the scrutiny associated with operating as a public company and the increased strain and pressures associated with COVID-19; and

• capitalize on the transition from perpetual licenses to a subscription-based business model.

These activities will require significant investments and allocation of valuable management and employee resources, and our growth will continue to place significant demands on our management and our operational and financial infrastructure. There are no guarantees we will be able to grow our business in an efficient or timely manner, or at all. Moreover, if we do not effectively manage the growth of our business and operations, the quality of our software could suffer, which could negatively affect our brand, results of operations and overall business.

We have a limited operating history at our current scale, which makes it difficult to evaluate and predict our future prospects and may increase the risk that we will not be successful.

We have a relatively short history operating our business at its current scale. For example, we have increased the number of our employees and have expanded our operations and product offerings. This limits our ability to forecast our future operating results and subjects us to a number of uncertainties, including our ability to plan for and model future growth. We have encountered and will continue to encounter risks and uncertainties frequently experienced by growing companies in new markets that may not develop as expected. Because we depend in part on the market's acceptance of our products, it is difficult to evaluate trends that may affect our business. If our assumptions regarding these trends and uncertainties, which we use to plan our business, are incorrect or change in reaction to changes in our markets, or if we do not address these risks successfully, our operating and financial results could differ materially from our expectations and our business could suffer. Moreover, although we have experienced significant growth historically, we may not continue to grow as quickly in the future.

Our future success will depend in large part on our ability to, among other things:

• reap the benefits from the transition to a subscription-based model successfully;

• maintain and expand our business, including our customer base and operations, to support our growth, both domestically and internationally;

• our ability to successfully manage and integrate our acquisition and any future acquisitions of businesses;

• develop new products and services and bring products and services in beta to market;

S-31

• renew subscription and maintenance and support agreements with, and sell additional products to, existing customers;

• maintain high customer satisfaction and ensure quality and timely releases of our products and product enhancements;

• increase market awareness of our products and enhance our brand;

• maintain compliance with applicable governmental regulations and other legal obligations, including those related to intellectual property, international sales and taxation; and

• hire, integrate, train and retain skilled talent, including members of our sales force and engineers.

If we fail to address the risks and difficulties that we face, including those associated with the challenges listed above as well as those described elsewhere in this “Risk Factors” section, our business will be adversely affected, and our results of operations will suffer.

If we are unable to attract new customers and expand sales to existing customers, both domestically and internationally, our growth could be slower than we expect, and our business may be harmed.

Our success will depend, in part, on our ability to support new and existing customer growth and maintain customer satisfaction. Due to COVID-19, our sales and marketing teams have avoided in-person meetings and are increasingly engaging with customers online and through other communications channels, including virtual meetings. While our revenues increased for the year ended December31, 2020 compared to the year ended December31, 2019, there is no guarantee that in the future our sales and marketing teams will be as successful or effective using these other communications channels as they try to build relationships. If we cannot provide the tools and training to our teams to efficiently do their jobs and satisfy customer demands, we may not be able to achieve anticipated revenue growth as quickly as expected.

Our future growth depends upon expanding sales of our products to existing customers and their organizations and receiving subscription and maintenance renewals. If our customers do not purchase additional licenses or capabilities, our revenues may grow more slowly than expected, may not grow at all or may decline. There can be no assurance that our efforts would result in increased sales to existing customers (“upsells”) and additional revenues. If our efforts to upsell to our customers are not successful, our business would suffer.

Our future growth also depends in part upon increasing our customer base, particularly those customers with potentially high customer lifetime values. Our ability to achieve significant growth in revenues in the future will depend, in large part, upon the effectiveness of our sales and marketing efforts, both domestically and internationally, and our ability to attract new customers. Our ability to attract new customers may be adversely affected by newly enacted laws that may prohibit certain sales and marketing activities, such as recent legislation passed in the State of New York, pursuant to which, due to the declared disaster state of emergency attributed to COVID-19, unsolicited telemarketing sales calls are prohibited. If we fail to attract new customers and maintain and expand those customer relationships, our revenues may be adversely affected, and our business will be harmed.

We have a history of losses, and we may not be profitable in the future.

We have incurred net losses in each year since our inception, including a net loss of $94.0million, $78.8million and $28.6million in each of the years ended December31, 2020, 2019 and 2018, respectively. Due to our continued investment in the growth of our business, in 2020 our operating expenses increased to $326.8million compared to $295.0million and $271.7million in 2019 and 2018, respectively. Because the market for our software is rapidly evolving and has still not yet reached widespread adoption, it is difficult for us to predict our future results of operations. We expect our operating expenses to increase over the

S-32

next several years as we hire additional personnel, expand and improve the effectiveness of our distribution channels, and continue to develop features and applications for our software. In addition, as a public company, we have incurred, and will continue to incur, significant legal, accounting and other operating expense.

If we are unable to maintain successful relationships with our channel partners, our business could be adversely affected.

We rely on channel partners, such as distribution partners and resellers, to sell licenses and support and maintenance agreements for our software and to perform some of our professional services. In 2020, our channel partners fulfilled substantially all of our sales, and we expect that sales to channel partners will continue to account for substantially all of our revenues for the foreseeable future. Our ability to achieve revenue growth in the future will depend in part on our success in maintaining successful relationships with our channel partners.

Our agreements with our channel partners are generally non-exclusive, meaning our channel partners may offer customers the products of several different companies. If our channel partners do not effectively market and sell our software, choose to use greater efforts to market and sell their own products or those of others, or fail to meet the needs of our customers, including through the provision of professional services for our software, our ability to grow our business, sell our software and maintain our reputation may be adversely affected. Our contracts with our channel partners generally allow them to terminate their agreements for any reason upon 30 days' notice. A termination of the agreement has no effect on orders already placed. The loss of a substantial number of our channel partners, our possible inability to replace them, or the failure to recruit additional channel partners could materially and adversely affect our results of operations. If we are unable to maintain our relationships with these channel partners, our business, results of operations, financial condition or cash flows could be adversely affected. Finally, even if we are successful, our relationships with channel partners may not result in greater customer usage of our products and professional services or increased revenue.

We are exposed to collection and credit risks, which could impact our operating results.

Our accounts receivable and contract assets are subject to collection and credit risks. These agreements may include purchase commitments for multiple years of subscription-based software licenses and maintenance services, which may be invoiced over multiple reporting periods increasing these risks. For example, our operating results may be impacted by significant bankruptcies among customers, which could negatively impact our revenues and cash flows. Although we have processes in place that are designed to monitor and mitigate these risks, we cannot guarantee these programs will be effective. If we are unable to adequately control these risks, our business, operating results and financial condition could be harmed. Furthermore, as a result of the COVID-19 pandemic, existing customers may attempt to renegotiate contracts and obtain concessions, including, among other things, longer payment terms or modified subscription dates, or may fail to make payments on their existing contracts, which may materially and negatively impact our operating results and financial condition.

If currency exchange rates fluctuate substantially in the future, our results of operations, which are reported in U.S. dollars, could be adversely affected.

Our functional and reporting currency is the U.S. dollar, and we generate the majority of our revenues and incur the majority of our expenses in U.S. dollars. Revenues and expenses are also incurred in other currencies, primarily Euros, Pounds Sterling, Canadian dollars, Australian dollars and New Israeli Shekels (“NIS”). Accordingly, changes in exchange rates may have a material adverse effect on our business, results of operations and financial condition. The exchange rates between the U.S. dollar and foreign currencies have fluctuated substantially in recent years and may continue to fluctuate substantially in the future. Furthermore, a strengthening of the U.S.

S-33

dollar could increase the cost in local currency of our software and our subscription licenses and maintenance renewals to customers outside the United States, which could adversely affect our business, results of operations, financial condition and cash flows. Volatility in exchange rates may continue in the short-term after the United Kingdom's recent exit from the EU.

We incur expenses for employee compensation and other operating expenses at our non-U.S. locations in local currencies. The weakening of the U.S. dollar against such currencies would cause the U.S. dollar equivalent of such expenses to increase which could have a negative impact on our reported results of operations and our ability to attract employees in such non-U.S. locations due to the actual increase in the compensation to be paid to such employees. We use forward foreign exchange contracts to hedge or mitigate the effect of changes in foreign exchange rates on our operating expenses denominated in certain foreign currencies. However, this strategy might not eliminate our exposure to foreign exchange rate fluctuations and involves costs and risks of its own, such as cash expenditures, ongoing management time and expertise, external costs to implement the strategy and potential accounting implications. Additionally, our hedging activities may contribute to increased losses as a result of volatility in foreign currency markets and the difference between the interest rates of the currencies being hedged.

Our business is highly dependent upon our brand recognition and reputation, and the failure to maintain or enhance our brand recognition or reputation may adversely affect our business.

We believe that enhancing the “Varonis” brand identity and maintaining our reputation in the IT industry is critical to our relationships with our customers and to our ability to attract new customers. Our brand recognition and reputation is dependent upon:

• our ability to continue to offer high quality, innovative and error- and bug-free products;

• our ability to maintain customer satisfaction with our products;

• our ability to be responsive to customer concerns and provide high quality customer support, training and professional services;

• our marketing efforts;

• any misuse or perceived misuse of our products;

• positive or negative publicity;

• our ability to prevent or quickly react to any cyberattack on our IT systems or security breach of or related to our software;

• interruptions, delays or attacks on our website; and

• litigation or regulatory-related developments.

We may not be able to successfully promote our brand or maintain our reputation. In addition, independent industry analysts often provide reviews of our products, as well as other products available in the market, and perception of our product in the marketplace may be significantly influenced by these reviews. If these reviews are negative, or less positive than reviews about other products available in the market, our brand may be adversely affected. Furthermore, negative publicity relating to events or activities attributed to us, our employees, our channel partners or others associated with any of these parties, may tarnish our reputation and reduce the value of our brand. If we do not successfully enhance our brand and maintain our reputation, our business may not grow, we may have reduced pricing power relative to competitors with stronger brands, and we could lose customers or renewals, all of which would adversely affect our business, operations and

S-34

financial results. Moreover, damage to our reputation and loss of brand equity may reduce demand for our products and have an adverse effect on our business, results of operations and financial condition. Any attempts to rebuild our reputation and restore the value of our brand may be costly and time consuming, and such efforts may not ultimately be successful.

Moreover, it may be difficult to enhance our brand and maintain our reputation in connection with sales to channel partners. Promoting our brand requires us to make significant expenditures, and we anticipate that the expenditures will increase as our market becomes more competitive, as we expand into new markets and geographies and as more sales are generated to our channel partners. To the extent that these activities yield increased revenues, these revenues may not offset the increased expenses we incur.

Our success depends in part on maintaining and increasing our sales to customers in the public sector.

We derive a portion of our revenues from contracts with federal, state, local and foreign governments and government-owned or -controlled entities (such as public health care bodies, educational institutions and utilities), which we refer to as the public sector herein. We believe that the success and growth of our business will continue to depend on our successful procurement of public sector contracts. Selling to public sector entities can be highly competitive, expensive and time consuming, often requiring significant upfront time and expense without any assurance that our efforts will produce any sales. Government demand and payment for our products and services may be impacted by public sector budgetary cycles, or lack of, and funding authorizations, including in connection with an extended government shutdown, with funding reductions or delays adversely affecting public sector demand for our products and services. Factors that could impede our ability to maintain or increase the amount of revenues derived from public sector contracts include:

• changes in public sector fiscal or contracting policies;

• decreases or elimination of available public sector funding;

• changes in public sector programs or applicable requirements;

• the adoption of new laws or regulations or changes to existing laws or regulations;

• potential delays or changes in the public sector appropriations or other funding authorization processes;

• the requirement of contractual terms that are unfavorable to us, such as most-favored-nation pricing provisions; and

• delays in the payment of our invoices by public sector payment offices.

Furthermore, we must comply with laws and regulations relating to public sector contracting, which affect how we and our channel partners do business in both the United States and abroad. These laws and regulations may impose added costs on our business, and failure to comply with these or other applicable regulations and requirements, including non-compliance in the past, could lead to claims for damages from our channel partners, penalties, termination of contracts, and temporary suspension or permanent debarment from public sector contracting. Moreover, governments routinely investigate and audit government contractors' administrative processes, and any unfavorable audit could result in the government refusing to continue buying our products, which would adversely impact our revenue and results of operations, or institute fines or civil or criminal liability if the audit uncovers improper or illegal activities.

The occurrence of any of the foregoing could cause public sector customers to delay or refrain from purchasing licenses of our software in the future or otherwise have an adverse effect on our business, operations and financial results.

S-35

We are subject to governmental export and import controls that could subject us to liability or impair our ability to compete in international markets.

We incorporate encryption technology into certain of our products and these products are subject to U.S. export control. We are also subject to Israeli export controls on encryption technology since our product development initiatives are primarily conducted by our wholly-owned Israeli subsidiary. We have obtained the required licenses to export our products outside of the United States. In addition, the current encryption means used in our products are listed in the “free means encryption items” published by the Israeli Ministry of Defense, which means we are exempt from obtaining an encryption control license. If the applicable U.S. or Israeli legal requirements regarding the export of encryption technology were to change or if we change the encryption means in our products, we may need to apply for new licenses in the United States and may no longer be able to rely on our licensing exception in Israel. There can be no assurance that we will be able to obtain the required licenses under these circumstances. Furthermore, various other countries regulate the import of certain encryption technology, including import permitting and licensing requirements, and have enacted laws that could limit our ability to distribute our products or could limit our customers' ability to implement our products in those countries.

We are also subject to U.S. and Israeli export control and economic sanctions laws, which prohibit the shipment of certain products to embargoed or sanctioned countries, governments and persons. Our products could be exported to these sanctioned targets by our channel partners despite the contractual undertakings they have given us and any such export could have negative consequences, including government investigations, penalties and reputational harm. Any change in export or import regulations, economic sanctions or related legislation, shift in the enforcement or scope of existing regulations, or change in the countries, governments, persons or technologies targeted by such regulations, could result in decreased use of our products by, or in our decreased ability to export or sell our products to, existing or potential customers with international operations. Moreover, any new export or import restrictions, new legislation or shifting approaches in the enforcement or scope of existing regulations, or in the countries, persons or technologies targeted by such regulations, could result in decreased use of our products. Any decreased use of our products or limitation on our ability to export or sell our products would likely adversely affect our business, financial condition and results of operations.

Our business in countries with a history of corruption and transactions with foreign governments increase the risks associated with our international activities.

As we operate and sell internationally, we are subject to the Foreign Corrupt Practices Act of 1977, as amended (the “FCPAˮ), the U.K. Bribery Act of 2010 (the “UK Bribery Act”) and other laws that prohibit improper payments or offers of payments to foreign governments and their officials and political parties for the purpose of obtaining or retaining business. We have operations, deal with and make sales to governmental customers in countries known to experience corruption, particularly certain emerging countries in Eastern Europe, South and Central America, East Asia, Africa and the Middle East. Our activities in these countries create the risk of unauthorized payments or offers of payments by one of our employees, consultants, channel partners or sales agents that could be in violation of various anti-corruption laws, even though these parties may not be under our control. While we have implemented safeguards to prevent these practices by our employees, consultants, channel partners and sales agents, our existing safeguards and any future improvements may prove to be less than effective, and our employees, consultants, channel partners or sales agents may engage in conduct for which we might be held responsible. Violations of the FCPA or other anti-corruption laws may result in severe criminal or civil sanctions, including suspension or debarment from government contracting, and we may be subject to other liabilities, which could negatively affect our business, operating results and financial condition.

S-36

Acquisitions could disrupt our business and adversely affect our results of operations, financial condition and cash flows.

As we continue to pursue business opportunities, we may make acquisitions that could be material to our business, results of operations, financial condition and cash flows. Acquisitions involve many risks, including the following:

• an acquisition may negatively affect our results of operations, financial condition or cash flows because it may require us to incur charges or assume substantial debt or other liabilities, may cause adverse tax consequences or unfavorable accounting treatment, including potential write-downs of deferred revenues, may expose us to claims and disputes by third parties, including intellectual property claims and disputes, or may not generate sufficient financial return to offset additional costs and expenses related to the acquisition;

• we may encounter difficulties or unforeseen expenditures in integrating the business, technologies, products, personnel or operations of any company that we acquire, particularly if key personnel of the acquired company decide not to work for us;

• an acquisition may disrupt our ongoing business, divert resources, increase our expenses and distract our management;

• an acquisition may result in a delay or reduction of customer purchases for both us and the company we acquired due to customer uncertainty about continuity and effectiveness of service from either company;

• we may encounter difficulties in, or may be unable to, successfully sell any acquired products;

• an acquisition may involve the entry into geographic or business markets in which we have little or no prior experience or where competitors have stronger market positions;

• challenges inherent in effectively managing an increased number of employees in diverse locations;

• the potential strain on our financial and managerial controls and reporting systems and procedures;

• potential known and unknown liabilities or deficiencies associated with an acquired company that were not identified in advance;

• our use of cash to pay for acquisitions would limit other potential uses for our cash and affect our liquidity;

• if we incur debt to fund such acquisitions, such debt may subject us to material restrictions on our ability to conduct our business as well as financial maintenance covenants;

• the risk of impairment charges related to potential write-downs of acquired assets or goodwill in future acquisitions;

• to the extent that we issue a significant amount of equity or convertible debt securities in connection with future acquisitions, existing stockholders may be diluted and earnings per share may decrease; and

• managing the varying intellectual property protection strategies and other activities of an acquired company.

We may not succeed in addressing these or other risks or any other problems encountered in connection with the integration of any acquired business. Our ability as an organization to successfully acquire and integrate technologies or businesses is unproven. The inability to integrate successfully the business, technologies, products, personnel or operations of any acquired business, or any significant delay in achieving integration, could have a material adverse effect on our business, results of operations, financial condition and cash flows.

S-37

Risks Related to Human Capital

A failure to maintain sales and marketing personnel productivity or hire and integrate additional sales and marketing personnel could adversely affect our results of operations and growth prospects.

Our business requires intensive sales and marketing activities. Our sales and marketing personnel are essential to attracting new customers and expanding sales to existing customers, both of which are key to our future growth. We face a number of challenges in successfully expanding our sales force. Our transition to a subscription-based model, and the additional demands involved in selling multiple products, has increased the complexity and to some extent impose new challenges in finding, hiring and retaining qualified sales force members. We must locate and hire a significant number of qualified individuals, and competition for such individuals is intense. In addition, as we expand into new markets with which we have less familiarity and develop existing territories, we will need to recruit individuals who have skills particular to a certain geography or territory, and it may be difficult to find candidates with those qualifications. We may be unable to achieve our hiring or integration goals due to a number of factors, including, but not limited to, the challenge in remotely recruiting employees and adequately training them due to COVID-19, the number of individuals we hire, challenges in finding individuals with the correct background due to increased competition for such hires, increased attrition rates among new hires and existing personnel as well as the necessary experience to sell our Data Security Platform rather than individual software products. Furthermore, based on our past experience in mature territories, it often can take up to 12months before a new sales force member is trained and operating at a level that meets our expectations, and during the COVID-19 pandemic such training may take even longer. We invest significant time and resources in training new members of our sales force, and we may be unable to achieve our target performance levels with new sales personnel as rapidly as we have done in the past, or at all, due to larger numbers of hires or lack of experience training sales personnel to operate in new jurisdictions or because of the remote hiring and training process. Our failure to hire a sufficient number of qualified individuals, to integrate new sales force members within the time periods we have achieved historically or to keep our attrition rates at levels comparable to others in our industry may materially impact our projected growth rate.

Failure to retain, attract and recruit highly qualified personnel could adversely affect our business, operating results, financial condition and growth prospects.

Our future success and growth depend, in part, on our ability to continue to recruit and retain highly skilled personnel and to preserve the key aspects of our corporate culture. Because our future success is dependent on our ability to continue to enhance and introduce new products, we are particularly dependent on our ability to hire and retain engineers. Any of our employees may terminate their employment at any time, and we face intense competition for highly skilled employees. Competition for qualified employees, particularly in Israel, where we have a substantial presence and need for qualified engineers, from numerous other companies, including other software and technology companies, many of whom have greater financial and other resources than we do, is intense. Moreover, to the extent we hire personnel from other companies, we may be subject to allegations that they have been improperly solicited or may have divulged proprietary or other confidential information to us. In addition, during the COVID-19 pandemic, which is characterized as an unstable period, to some extent it may be more difficult to timely attract and train new employees. If we are unable to timely attract, retain or train qualified employees, particularly our engineers, salespeople and key managers, our ability to innovate, introduce new products and compete would be adversely impacted, and our financial condition and results of operations may suffer. Equity grants are a critical component of our current compensation programs. If we reduce, modify or eliminate our equity programs or if there will be decline in our stock price as a result of which the value of our equity compensation shall be lower, we may have difficulty attracting and retaining employees.

S-38

We are dependent on the continued services and performance of our co-founder, Chief Executive Officer and President, the loss of whom could adversely affect our business.

Much of our future performance depends in large part on the continued services and continuing contributions of our co-founder, Chief Executive Officer and President, Yakov Faitelson, to successfully manage our company, to execute on our business plan and to identify and pursue new opportunities and product innovations. The loss of Mr.Faitelson's services could significantly delay or prevent the achievement of our development and strategic objectives and adversely affect our business.

Risks Related to our Technology, Products, Services and Intellectual Property

Our failure to continually enhance and improve our technology could adversely affect sales of our products.

The market is characterized by the exponential growth in enterprise data, rapid technological advances, changes in customer requirements, including customer requirements driven by changes to legal, regulatory and self-regulatory compliance mandates, frequent new product introductions and enhancements and evolving industry standards in computer hardware and software technology. As a result, we must continually change and improve our products in response to changes in operating systems, application software, computer and communications hardware, networking software, data center architectures, programming tools, computer language technology and various regulations. Moreover, the technology in our products is especially complex because it needs to effectively identify and respond to a user's data retention, security and governance needs, while minimizing the impact on database and file system performance. Our products must also successfully interoperate with products from other vendors.

While we extend our technological capabilities though innovation and strategic transactions, we cannot guarantee that we will be able to anticipate future market needs and opportunities or be able to extend our technological expertise and develop new products or expand the functionality of our current products in a timely manner or at all. Even if we are able to anticipate, develop and introduce new products and expand the functionality of our current products, there can be no assurance that enhancements or new products will achieve widespread market acceptance.

Our product enhancements or new products could fail to attain sufficient market acceptance for many reasons, including:

• failure to accurately predict market demand in terms of product functionality and to supply products that meet this demand in a timely fashion;

• inability to interoperate effectively with the database technologies and file systems of prospective customers;

• defects, errors or failures;

• negative publicity or customer complaints about performance or effectiveness; and

• poor business conditions, causing customers to delay IT purchases.

If we fail to anticipate market requirements or stay abreast of technological changes, we may be unable to successfully introduce new products, expand the functionality of our current products or convince our customers and potential customers of the value of our solutions in light of new technologies. Accordingly, our business, results of operations and financial condition could be materially and adversely affected.

S-39

If our technical support, customer success or professional services are not satisfactory to our customers, they may not renew their subscription licenses or maintenance and support agreements or buy future products, which could adversely affect our future results of operations.

Our business relies on our customers' satisfaction with the technical support and professional services we provide to support our products. Our customers have no obligation to renew their subscription licenses or maintenance and support agreements with us after the initial terms have expired. Our customers who had originally purchased perpetual licenses have an option to renew their maintenance agreements. For us to maintain and improve our results of operations, it is important that our existing customers renew their subscription licenses and maintenance and support agreements, if applicable, when the existing contract term expires. For example, our perpetual license maintenance renewal rate for each of the years ended December31, 2020, 2019 and 2018 continued to be over 90%. Customer satisfaction will become even more important as almost all of our licensing has shifted to subscription license agreements.

If we fail to provide technical support services that are responsive, satisfy our customers' expectations and resolve issues that they encounter with our products and services, then they may elect not to purchase or renew subscription licenses or annual maintenance and support contracts and they may choose not to purchase additional products and services from us. Accordingly, our failure to provide satisfactory technical support or professional services could lead our customers not to renew their agreements with us or renew on terms less favorable to us, and therefore have a material and adverse effect on our business and results of operations.

Because we derive substantially all of our revenues and cash flows from sales of licenses from a single platform of products, failure of the products in the platform to satisfy customers or to achieve increased market acceptance would adversely affect our business.

In 2020, we generated substantially all of our revenues from sales of licenses from five of our current product families, DatAdvantage, DatAlert, Data Classification Engine, DataPrivilege and Data Transport Engine. We expect to continue to derive the majority of our revenues from license sales relating to these products in the future. As such, market acceptance of these products is critical to our continued success. Demand for licenses for our platform of products is affected by a number of factors, some of which are outside of our control, including continued market acceptance of our software by referenceable accounts for existing and new use cases, technological change and growth or contraction in our market. We expect the proliferation of enterprise data to lead to an increase in the data analysis demands, and data security and retention concerns, of our customers, and our software, including the software underlying our Data Security Platform, may not be able to scale and perform to meet those demands. If we are unable to continue to meet customer demands or to achieve more widespread market acceptance of our software, our business, operations, financial results and growth prospects will be materially and adversely affected.

Interruptions or performance problems, including associated with our website or support website or any caused by cyberattacks, may adversely affect our business.

Our continued growth depends in part on the ability of our existing and potential customers to quickly access our website and support website. Access to our support website is also imperative to our daily operations and interaction with customers, as it allows customers to download our software, fixes and patches, as well as open and respond to support tickets and register license keys for evaluation or production purposes. We have experienced, and may in the future experience, website disruptions, outages and other performance problems due to a variety of factors, including technical failures, cyberattacks, natural disasters, infrastructure changes, human or software errors, capacity constraints due to an overwhelming number of users accessing our website simultaneously and denial of service or fraud. In some instances, we may not be able to identify the cause or causes of these performance problems within an acceptable period of time. System failures or outages, including any potential disruptions due to significantly increased global demand on certain

S-40

cloud-based systems during the COVID-19 pandemic, could compromise our ability to perform our day-to-day operations in a timely manner, which could negatively impact our business or delay our financial reporting. It may become increasingly difficult to maintain and improve the performance of our websites, especially during peak usage times and as our software becomes more complex and our user traffic increases. If our websites are unavailable or if our users are unable to download our software, patches or fixes within a reasonable amount of time or at all, we may suffer reputational harm and our business would be negatively affected.

If our software is perceived as not being secure, customers may reduce the use of or stop using our software, and we may incur significant liabilities.

Our software involves the transmission of data between data stores, and between data stores and desktop and mobile computers, and may in the future involve the storage of data. We have a legal and contractual obligation to protect the confidentiality and appropriate use of customer data. Any security breaches with respect to such data could result in the loss of this information, litigation, indemnity obligations and other liabilities. The security of our products and accompanied services is important in our customers' decisions to purchase or use our products or services. Security threats are a significant challenge to companies like us whose business is providing technology products and services to others. While we have taken steps to protect the confidential information that we have access to, including confidential information we may obtain through our customer support services or customer usage of our products, we have no direct control over the substance of the content. Security measures might be breached as a result of third-party action, employee error, malfeasance or otherwise. We also incorporate open source software and other third-party software into our products. There may be vulnerabilities in open source software and third-party software that may make our products likely to be harmed by cyberattacks. Moreover, our products operate in conjunction with and are dependent on products and components across a broad ecosystem of third parties. If there is a security vulnerability in one of these components, and if there is a security exploit targeting it, such security vulnerability may adversely impact our product vulnerability and we could face increased costs, liability claims, reduced revenue, or harm to our reputation or competitive position. Because techniques used to obtain unauthorized access or sabotage systems change frequently and generally are not identified until they are launched against a target, we may be unable to anticipate these techniques or to implement adequate preventative measures.

There can be no assurance that the limitations of liability in our contracts would be enforceable or adequate or would otherwise protect us from any such liabilities or damages with respect to any particular claim. While we maintain insurance coverage for some of the above events, the potential liabilities associated with these security breach events could exceed the insurance coverage we maintain.

Any or all of these issues could tarnish our reputation, negatively impact our ability to attract new customers or sell additional products to our existing customers, cause existing customers to elect not to renew their maintenance and support agreements or subject us to third-party lawsuits, regulatory fines or other action or liability, thereby adversely affecting our results of operations.

Our use of open source software could negatively affect our ability to sell our software and subject us to possible litigation.

We use open source software and expect to continue to use open source software in the future. Some open source software licenses require users who distribute open source software as part of their own software product to publicly disclose all or part of the source code to such software product or to make available any derivative works of the open source code on unfavorable terms or at no cost. We may face ownership claims of third parties over, or seeking to enforce the license terms applicable to, such open source software, including by demanding the release of the open source software, derivative works or our proprietary source code that was developed using such software. These claims could also result in litigation, require us to purchase a costly

S-41

license or require us to devote additional research and development resources to change our software, any of which would have a negative effect on our business and results of operations. In addition, if the license terms for the open source code change, we may be forced to re-engineer our software or incur additional costs. Finally, while we implement policies and procedures, we cannot provide assurance that we have incorporated open source software into our own software in a manner that conforms with our current policies and procedures and we cannot assure that all open source software is reviewed prior to use in our solution, that our programmers have not incorporated open source software into our solution, or that they will not do so in the future.

In addition, our solution may incorporate third-party software under commercial licenses. We cannot be certain whether such third-party software incorporates open source software without our knowledge. In the past, companies that incorporate open source software into their products have faced claims alleging noncompliance with open source license terms or infringement or misappropriation of proprietary software. Therefore, we could be subject to suits by parties claiming noncompliance with open source licensing terms or infringement or misappropriation of proprietary software. Because few courts have interpreted open source licenses, the manner in which these licenses may be interpreted and enforced is subject to some uncertainty. There is a risk that open source software licenses could be construed in a manner that imposes unanticipated conditions or restrictions on our ability to market or provide our solution. As a result of using open source software subject to such licenses, we could be required to release proprietary source code, pay damages, re-engineer our solution, limit or discontinue sales or take other remedial action, any of which could adversely affect our business.

False detection of security breaches, false identification of malicious sources or misidentification of sensitive or regulated information could adversely affect our business.

Our cybersecurity products may falsely detect threats that do not actually exist. For example, our DatAlert product may enrich metadata collected by our products with information from external sources and third-party data providers. If the information from these data providers is inaccurate, the potential for false positives increases. These false positives, while typical in the industry, may affect the perceived reliability of our products and solutions and may therefore adversely impact market acceptance of our products. As definitions and instantiations of personal identifiers and other sensitive content change, automated classification technologies may falsely identify or fail to identify data as sensitive. If our products and solutions fail to detect exposures or restrict access to important systems, files or applications based on falsely identifying legitimate use as an attack or otherwise unauthorized, then our customers' businesses could be adversely affected. Any such false identification of use and subsequent restriction could result in negative publicity, loss of customers and sales, increased costs to remedy any problem and costly litigation.

Risks Related to our Tax Regime

Our tax rate may vary significantly depending on our stock price.

The tax effects of the accounting for stock-based compensation may significantly impact our effective tax rate from period to period. In periods in which our stock price is higher than the grant price of the stock-based compensation vesting in that period, we will recognize excess tax benefits that will decrease our effective tax rate, while in periods in which our stock price is lower than the grant price of the stock-based compensation vesting in that period, our effective tax rate may increase. The amount and value of stock-based compensation issued relative to our earnings in a particular period will also affect the magnitude of the impact of stock-based compensation on our effective tax rate. These tax effects are dependent on our stock price, which we do not control, and a decline in our stock price could significantly increase our effective tax rate and adversely affect our financial results.

S-42

Multiple factors may adversely affect our ability to fully utilize our net operating loss carryforwards.

A U.S. corporation's ability to utilize its federal net operating loss (“NOL”) carryforwards is limited under Section 382 of the Internal Revenue Code of 1986, as amended (the “Code”), if the corporation undergoes an ownership change.

We have accumulated a $207.8million NOL since inception. Future changes in our stock ownership, including future offerings, as well as changes that may be outside of our control, could result in a subsequent ownership change under Section 382, that would impose an annual limitation on NOLs. In addition, the cash tax benefit from our NOLs is dependent upon our ability to generate sufficient taxable income. Accordingly, we may be unable to earn enough taxable income in order to fully utilize our current NOLs.

Changes in our provision for income taxes or adverse outcomes resulting from examination of our income tax returns could adversely affect our results.

We are subject to income taxation in the United States, Israel and numerous other jurisdictions. Determining our provision for income taxes requires significant management judgment. In addition, our provision for income taxes could be adversely affected by many factors, including, among other things, changes to our operating structure including a review of our intellectual property (“IP”) structure, changes in the amounts of earnings in jurisdictions with different statutory tax rates, changes in the valuation of deferred tax assets and liabilities and changes in tax laws. Significant judgment is required to determine the recognition and measurement attributes prescribed in Accounting Standards Codification 740-10-25 (“ASC 740-10-25”). ASC 740-10-25 applies to all income tax positions, including the potential recovery of previously paid taxes, which if settled unfavorably could adversely impact our provision for income taxes. Our income in certain countries is subject to reduced tax rates provided we meet certain employment and capital investment criteria. Failure to meet these commitments could adversely impact our provision for income taxes.

We are also subject to the regular examination of our income tax returns by the U.S. Internal Revenue Service (the “IRS”) and other tax authorities in various jurisdictions. Tax authorities may disagree with our intercompany charges, cross-jurisdictional transfer pricing, IP structure or other matters and assess additional taxes. While we regularly assess the likelihood of adverse outcomes resulting from these examinations to determine the adequacy of our provision for income taxes, there can be no assurance that the outcomes from these regular examinations will not have a material adverse effect on our results of operations and cash flows. Further, we may be audited in various jurisdictions, and such jurisdictions may assess additional taxes against us. Although we believe our tax estimates are reasonable, the final determination of any tax audits or litigation could be materially different from our historical tax provisions and accruals, which could have a material adverse effect on our results of operations or cash flows in the period or periods for which a determination is made.

The adoption of the U.S. tax reform and the enactment of additional legislation changes could materially impact our financial position and results of operations.

On December22, 2017, the Tax Cuts and Jobs Act (the “TCJA”) that significantly reforms the Code was enacted. The TCJA, among other things, includes changes to U.S. federal tax rates, imposes significant additional limitations on the deductibility of certain expenses, restricts the use of net operating loss carryforwards arising after December31, 2017, allows for the expensing of capital expenditures. Due to the expansion of our international business activities, any changes in the U.S. taxation of such activities may increase our worldwide effective tax rate and adversely affect our financial position and results of operations. Further, foreign governments may enact tax laws in response to the TCJA that could result in further changes to global taxation and materially affect our financial position and results of operations.

S-43

We conduct our operations in a number of jurisdictions worldwide and report our taxable income based on our business operations in those jurisdictions. Therefore, our intercompany relationships are subject to transfer pricing regulations administered by taxing authorities in various jurisdictions. While we believe that we are currently in material compliance with our obligations under applicable taxing regimes, the relevant taxing authorities may disagree with our determinations as to the income and expenses attributable to specific jurisdictions and may seek to impose additional taxes on us, including for past sales. If such a disagreement were to occur, and our position were not sustained, we could be required to pay additional taxes, interest and penalties, which could result in one-time tax charges, higher effective tax rates, reduced cash flows and lower overall profitability of our operations.

The Organization for Economic Cooperation and Development (“OECD”) introduced the base erosion and profit shifting project which sets out a plan to address international taxation principles in a globalized, digitized business world (the “BEPS Plan”). During 2018, as part of the BEPS Plan, more than 80 countries chose to implement the Multilateral Convention to Implement Tax Treaty Related Measures to Prevent BEPS (“MLI”). The MLI significantly changes the bilateral tax treaties signed by any country that chose to implement the MLI. In addition, during 2019 the OECD, the EU and individual countries (e.g., France, Austria and Italy) each published an initiative to tax digital transactions executed by a non-resident entity and a local end-user or local end consumer. Under each initiative, the local payer is obligated to withhold a fixed percentage from the gross proceeds paid to the non-resident entity as a tax on executing a digital transaction in that territory, provided the entity's sales in that territory exceeds a certain threshold (“Digital Service Tax”). As a result of participating countries adopting the international tax policies set under the BEPS Plan, MLI and Digital Service Tax, changes have been and continue to be made to numerous international tax principles and local tax regimes. Due to the expansion of our international business activities, those modifications may increase our worldwide effective tax rate, create tax and compliance obligations in jurisdictions in which we previously had none and adversely affect our financial position.

Risks Related to the 2025 Notes and Credit Facility

We have incurred substantial indebtedness that may decrease our business flexibility, access to capital, and/or increase our borrowing costs, and we may still incur substantially more debt, which may adversely affect our operations and financial results.

In May 2020 we issued the 2025 Notes. As of December31, 2020, we had $253.0million outstanding aggregate principal amount of the 2025 Notes. In addition, on August21, 2020 we entered into a credit and security agreement with KeyBank National Association and other parties thereto (the “Credit and Security Agreement”) for a three-year secured revolving credit facility of $70.0million, with a letter of credit sublimit of $15.0million and an accordion feature under which the Company can increase the credit facility to up to $90.0million (the “Credit Facility”). As of December31, 2020, we had no outstanding obligations under our credit facility. Our indebtedness may limit our ability to borrow additional funds for working capital, capital expenditures, acquisitions or other general business purposes, limit our ability to use our cash flow or obtain additional financing for future working capital, capital expenditures, acquisitions or other general business purposes, require us to use a substantial portion of our cash flow from operations to make debt service payments, limit our flexibility to plan for, or react to, changes in our business and industry, place us at a competitive disadvantage compared to our less leveraged competitors and increase our vulnerability to the impact of adverse economic and industry conditions.

S-44

Our debt obligations may adversely affect our ability to raise additional capital and will be a burden on our future cash resources, particularly if we elect to settle these obligations in cash upon conversion or upon maturity or required repurchase.

Our ability to meet our payment obligations under the 2025 Notes and any outstanding indebtedness under our Credit Facility, depends on our future cash flow performance. This, to some extent, is subject to general economic, financial, competitive, legislative and regulatory factors, as well as other factors that may be beyond our control. There can be no assurance that our business will generate positive cash flow from operations, or that additional capital will be available to us, in an amount sufficient to enable us to meet our debt payment obligations and to fund other liquidity needs. If we are unable to generate sufficient cash flow to service our debt obligations, we may need to refinance or restructure our debt, sell assets, reduce or delay capital investments, or seek to raise additional capital. Our ability to refinance our indebtedness will depend on the capital markets and our financial condition at such time. We may not be able to engage in any of these activities or engage in these activities on desirable terms, which could result in a default on our debt obligations. As a result, we may be more vulnerable to economic downturns, less able to withstand competitive pressures and less flexible in responding to changing business and economic conditions. In addition, our Credit Facility limits our ability to incur additional indebtedness under certain circumstances. If we are unable to obtain capital on favorable terms or at all, we may have to reduce our operations or forego opportunities, and this may have a material adverse effect on our business, financial condition and results of operations.

Our credit facility contains restrictive and financial covenants that may limit our operating flexibility.

Our Credit Facility contains certain restrictive covenants that either limit our ability to, or require a mandatory prepayment in the event we, among other things, incur additional indebtedness, issue guarantees, create liens on assets, make certain investments, merge with or acquire other companies, change business locations, pay dividends or make certain other restricted payments, transfer or dispose of assets, enter into transactions with affiliates and enter into various specified transactions. We, therefore, may not be able to engage in any of the foregoing transactions unless we obtain the consent of our lenders or prepay the outstanding amount under our Credit Facility. Our Credit Facility also contains certain financial covenants and financial reporting requirements. Our obligations under our Credit Facility are secured by all of our property, with certain exceptions. We may not be able to generate sufficient cash flow or sales to meet the financial covenants or pay the principal and interest under our Credit Facility. Furthermore, future working capital, borrowings or equity financing could be unavailable to repay or refinance the amounts outstanding under our Credit Facility. In the event of a liquidation, all outstanding principal and interest would have to be repaid prior to distribution of assets to unsecured creditors, and the holders of our common stock would receive a portion of any liquidation proceeds only if all of our creditors, including our lenders, were first repaid in full.

If we are unable to comply with the restrictive and financial covenants in our Credit Facility, there would be a default under the terms of that Credit and Security Agreement, and this could result in an acceleration of payment of funds that have been borrowed.

If we were unable to comply with the restrictive, negative and financial covenants in our Credit Facility, there would be a default under the terms of the Credit and Security Agreement. In such event, there can be no assurance that we would be able to make necessary payments to the lenders or that we would be able to find alternative financing. Even if we were able to obtain alternative financing, there can be no assurance that it would be on terms that are acceptable.

S-45

We may issue additional shares of our common stock in connection with conversions of the 2025 Notes, and thereby dilute our existing stockholders and potentially adversely affect the market price of our common stock.

In the event that the 2025 Notes are converted and we elect to deliver shares of common stock, the ownership interests of existing stockholders will be diluted, and any sales in the public market of any shares of our common stock issuable upon such conversion could adversely affect the prevailing market price of our common stock. In addition, the anticipated conversion of the 2025 Notes could depress the market price of our common stock.

The fundamental change provisions of the 2025 Notes may delay or prevent an otherwise beneficial takeover attempt of us.

If the Company undergoes a “fundamental change”, subject to certain conditions, holders may require the Company to repurchase for cash all or part of their 2025 Notes at a fundamental change repurchase price equal to 100% of the principal amount of the 2025 Notes to be repurchased, plus accrued and unpaid interest to, but excluding, the fundamental change repurchase date. In addition, if such fundamental change also constitutes a “make-whole fundamental change”, the conversion rate for the 2025 Notes may be increased upon conversion of the 2025 Notes in connection with such “make-whole fundamental change”. Any increase in the conversion rate will be determined based on the date on which the “make-whole fundamental change” occurs or becomes effective and the price paid (or deemed paid) per share of our common stock in such transaction. Any such increase will be dilutive to our existing stockholders. Our obligation to repurchase the 2025 Notes or increase the conversion rate upon the occurrence of a make-whole fundamental change may, in certain circumstances, delay or prevent a takeover of us that might otherwise be beneficial to our stockholders.

The accounting method for convertible debt securities that may be settled in cash, such as the 2025 Notes, could have a material effect on our reported financial results.

Under ASC 470-20, an entity must separately account for the liability and equity components of the convertible debt instruments (such as the 2025 Notes) that may be settled entirely or partially in cash upon conversion in a manner that reflects the issuer's economic interest cost. The effect of ASC 470-20 on the accounting for the 2025 Notes is that the equity component is required to be included in the additional paid-in capital section of stockholders' equity on our consolidated balance sheet at the issuance date and the value of the equity component would be treated as debt discount for purposes of accounting for the debt component of the 2025 Notes. As a result, we will be required to record non-cash interest expense through the amortization of the excess of the face amount over the carrying amount of the expected life of the 2025 Notes. We will report larger net losses (or lower net income) in our financial results because ASC 470-20 requires interest to include both the amortization of the debt discount and the instrument's cash coupon interest rate, which could adversely affect our reported or future financial results, the trading price of our common stock and the trading price of the 2025 Notes.

In addition, under certain circumstances, convertible debt instruments (such as the 2025 Notes) that may be settled entirely or partly in cash may be accounted for utilizing the treasury stock method, the effect of which is that the shares issuable upon conversion of such 2025 Notes are not included in the calculation of diluted earnings per share except to the extent that the conversion value of such 2025 Notes exceeds their principal amount. Under the treasury stock method, for diluted earnings per share purposes, the transaction is accounted for as if the number of shares of common stock that would be necessary to settle such excess, if we elected to settle such excess in shares, are included in the denominator for purposes of calculating diluted earnings per share.

S-46

In August 2020, the Financial Accounting Standards Board issued Accounting Standards Update 2020-06, ASC Subtopic 470-20 “Debt — Debt with “Conversion and Other Options” and Accounting Standards Codification subtopic 815-40 “Hedging — Contracts in Entity's Own Equity” that changes the accounting for the convertible debt instruments described above. Under the new standard, an entity may no longer separately account for the liability and equity components of convertible debt instruments. Additionally, the treasury stock method for calculating earnings per share will no longer be allowed for convertible debt instruments whose principal amount may be settled using shares. Rather, the if-converted method may be required. Application of the “if converted” method may reduce our reported diluted earnings per share. The standard is effective for fiscal years beginning after December15, 2021, including interim periods within those fiscal years and early adoption is permitted. We cannot be sure whether other changes may be made to the accounting standards related to the 2025 Notes, or otherwise, that could have an adverse impact on our financial statements.

The Capped Call Transactions may affect the value of the 2025 Notes and our common stock.

In connection with the issuance of the 2025 Notes, we entered into Capped Call Transactions with certain financial institutions. The Capped Call Transactions are expected generally to reduce or offset the potential dilution upon conversion of the 2025 Notes and/or offset any cash payments we are required to make in excess of the principal amount of converted 2025 Notes, as the case may be, with such reduction and/or offset subject to an initial cap price of $141.72 (the “Cap Price”), subject to certain adjustments under the terms of the Capped Call Transactions.

From time to time, certain financial institutions (with which we entered into the Capped Call Transactions) or their respective affiliates may modify their hedge positions by entering into or unwinding various derivatives with respect to our common stock and/or purchasing or selling our common stock or other securities of ours in secondary market transactions prior to the maturity of the 2025 Notes. This activity could also cause or avoid an increase or a decrease in the market price of our common stock.

The potential effect, if any, of these transactions and activities on the price of our common stock or 2025 Notes will depend in part on market conditions and cannot be ascertained at this time. Any of these activities could adversely affect the value of our common stock.

As of December31, 2020, our stock price was higher than the Cap Price under the Capped Call Transactions, hence, as of December31, 2020, and as long as our common stock price shall be higher than $141.72, the incremental amount by which the stock price exceeds the Cap Price is not protected under the Capped Call Transactions.

We are subject to counterparty risk with respect to the Capped Call Transactions.

All or some of the financial institutions (which are counterparties to the capped call transactions) might default under the Capped Call Transactions. Our exposure to the credit risk of the counterparties will not be secured by any collateral. Past global economic conditions have resulted in the actual or perceived failure or financial difficulties of many financial institutions. If an option counterparty becomes subject to insolvency proceedings, we will become an unsecured creditor in those proceedings with a claim equal to our exposure at the time under the capped call transactions with such option counterparty. Our exposure will depend on many factors but, generally, an increase in our exposure will be correlated to an increase in the market price and in the volatility of our common stock. In addition, upon a default by an option counterparty, we may suffer adverse tax consequences and more dilution than we currently anticipate with respect to our common stock. We can provide no assurance as to the financial stability or viability of the option counterparties.

S-47

Risks Related to our Operations in Israel

Conditions in Israel may limit our ability to develop and sell our products, which could result in a decrease of our revenues.

Our principal research and development facility, which also houses a portion of our support and general and administrative teams, is located in Israel. Since the establishment of the State of Israel in 1948, a number of armed conflicts have taken place between Israel and its neighboring countries, as well as incidents of terror activities and other hostilities, and a number of state and non-state actors have publicly committed to its destruction. Political, economic and security conditions in Israel could directly affect our operations. We could be adversely affected by hostilities involving Israel, including acts of terrorism or any other hostilities involving or threatening Israel, the interruption or curtailment of trade between Israel and its trading partners, a significant increase in inflation or a significant downturn in the economic or financial condition of Israel. Any on-going or future armed conflicts, terrorist activities, tension along the Israeli borders or with other countries in the region, including Iran, or political instability in the region could disrupt international trading activities in Israel and may materially and negatively affect our business and could harm our results of operations.

Certain countries, as well as certain companies and organizations, continue to participate in a boycott of Israeli companies, companies with large Israeli operations and others doing business with Israel and Israeli companies. The boycott, restrictive laws, policies or practices directed towards Israel, Israeli businesses or Israeli citizens could, individually or in the aggregate, have a material adverse effect on our business in the future.

Some of our officers and employees in Israel are obligated to perform routine military reserve duty in the Israel Defense Forces, depending on their age and position in the armed forces. Furthermore, they have been and may in the future be called to active reserve duty at any time under emergency circumstances for extended periods of time. Our operations could be disrupted by the absence, for a significant period, of one or more of our officers or key employees due to military service, and any significant disruption in our operations could harm our business.

Our insurance does not cover losses that may occur as a result of an event associated with the security situation in the Middle East or for any resulting disruption in our operations. Although the Israeli government has in the past covered the reinstatement value of direct damages that were caused by terrorist attacks or acts of war, we cannot be assured that this government coverage will be maintained or, if maintained, will be sufficient to compensate us fully for damages incurred and the government may cease providing such coverage or the coverage might not suffice to cover potential damages. Any losses or damages incurred by us could have a material adverse effect on our business.

The tax benefits that were available to our Israeli subsidiary terminated in 2020 and unless new tax benefits become available in the future, our Israeli subsidiary could become subject to an increase in taxes.

Our Israeli subsidiary has benefited from a status of a “Beneficiary Enterprise” under the Israeli Law for the Encouragement of Capital Investments, 5719-1959, or the Investment Law, since its incorporation. Based on an evaluation of the relevant factors under the Investment Law, including the level of foreign (i.e., non-Israeli) investment in our company, we have determined that the effective tax rate to be paid by our Israeli subsidiary as a “Beneficiary Enterprise” has historically been approximately 10%. If our Israeli subsidiary does not meet the requirements for maintaining this status, for example, if the Israeli subsidiary materially changes the nature of its business or, if the level of foreign investment in our company decreases, it may no longer be eligible to enjoy this or any other reduced tax rate. As a result, our Israeli subsidiary would be subject to Israeli corporate tax at the standard rate, which, as of January1, 2021 was set at 23%. Even if our Israeli subsidiary continues to meet the relevant requirements, the tax benefits that the status of “Beneficiary Enterprise” provides terminated on December31, 2020 with respect to income generated after

S-48

that date. Unless new tax benefits become available to us, the amount of taxes that our Israeli subsidiary would pay would increase, as all of our Israeli operations would consequently be subject to corporate tax at the standard rate, which could adversely affect our tax expenses and effective tax rates. Additionally, if our Israeli subsidiary increases its activities outside of Israel, for example, through acquisitions, these activities may not be eligible for inclusion in Israeli tax benefit programs. The tax benefit derived from the status of “Beneficiary Enterprise” is dependent upon the ability to generate sufficient taxable income. Accordingly, our Israeli subsidiary may be unable to earn enough taxable income in order to fully utilize its tax benefits.

Risks Related to the Ownership of our Common Stock

Substantial future sales of shares of our common stock could cause the market price of our common stock to decline.

Sales of a substantial number of shares of our common stock into the public market, or the perception that these sales might occur, for whatever reason, including as a result of the conversion of the outstanding 2025 Notes, could depress the market price of our common stock and could impair our ability to raise capital through the sale of additional equity securities. We are unable to predict the effect that such sales may have on the prevailing market price of our common stock.

As of December31, 2020, we had options, RSUs and PSUs outstanding that, if fully vested and exercised, would result in the issuance of approximately 3.1million shares of our common stock. All of the shares of our common stock issuable upon exercise of options and vesting of RSUs and PSUs have been registered for public resale under the Securities Act. Accordingly, these shares will be able to be freely sold in the public market upon issuance as permitted by any applicable vesting requirements.

We do not intend to pay dividends on our common stock, so any returns will be limited to the value of our stock.

We have never declared or paid cash dividends on our common stock. We currently anticipate that we will retain any future earnings and do not expect to pay any dividends in the foreseeable future. Any determination to pay dividends in the future will be at the discretion of our board of directors and will be dependent on a number of factors, including our financial condition, results of operations, capital requirements, general business conditions and other factors that our board of directors may deem relevant. In addition, the Credit and Security Agreement for our Credit Facility contains a prohibition on the payment of cash dividends. Until such time that we pay a dividend, stockholders, including holders of our 2025 Notes who receive shares of our common stock upon conversion of the 2025 Notes, must rely on sales of their common stock after price appreciation, which may never occur, as the only way to realize any future gains on their investments. Accordingly, investors must rely on sales of their common stock after price appreciation, which may never occur, as the only way to realize any future gains on their investments.

Anti-takeover provisions in our charter documents and under Delaware law and provisions in the indenture for our 2025 Notes and Credit Facility could make an acquisition of us, which may be beneficial to our stockholders, more difficult and may prevent attempts by our stockholders to replace or remove our current management, thereby depressing the trading price of our common stock and 2025 Notes.

Provisions in our amended and restated certificate of incorporation and amended and restated bylaws may delay, discourage or prevent an acquisition of us or a change in our management, including transactions in which stockholders might otherwise receive a premium for their shares, or transactions that our stockholders might otherwise deem to be in their best interests. These provisions include:

• authorizing “blank check” preferred stock, which could be issued by the board without stockholder approval and may contain voting, liquidation, dividend and other rights superior to our common stock, which would increase the number of outstanding shares and could thwart a takeover attempt;

S-49

• a classified board of directors whose members can only be dismissed for cause;

• the prohibition on actions by written consent of our stockholders;

• the limitation on who may call a special meeting of stockholders;

• the establishment of advance notice requirements for nominations for election to our board of directors or for proposing matters that can be acted upon at stockholder meetings; and

• the requirement of at least 75% of the outstanding capital stock to amend any of the foregoing second through fifth provisions.

In addition, because we are incorporated in Delaware, we are governed by the provisions of Section 203 of the Delaware General Corporation Law, which limits the ability of stockholders owning in excess of 15% of our outstanding voting stock to merge or combine with us, unless the merger or combination is approved in a prescribed manner. Although we believe these provisions collectively provide for an opportunity to obtain greater value for stockholders by requiring potential acquirers to negotiate with our board of directors, they would apply even if an offer rejected by our board were considered beneficial by some stockholders. In addition, these provisions may frustrate or prevent any attempts by our stockholders to replace or remove our current management by making it more difficult for stockholders to replace members of our board of directors, which is responsible for appointing the members of our management.

In addition, if a “fundamental change” occurs prior to the maturity date of the 2025 Notes, holders of the 2025 Notes will have the right, at their option, to require us to repurchase all or a portion of their Convertible Notes. If a “make-whole fundamental change” (as defined in the Indenture) occurs prior the maturity date, we will in some cases be required to increase the conversion rate of the 2025 Notes for a holder that elects to convert its 2025 Notes in connection with such “make-whole fundamental change”. These features of the 2025 Notes may make a potential acquisition more expensive for a potential acquiror, which may in turn make it less likely for a potential acquiror to offer to purchase our company, or reduce the amount of consideration offered for each share of our common stock in a potential acquisition. Furthermore, the Indenture prohibits us from engaging in certain mergers or acquisitions unless, among other things, the surviving entity assumes our obligations under the 2025 Notes. Last, under our Credit Facility we cannot sell or transfer or otherwise dispose of any assets of the Company to any person or entity subject to certain exceptions and we cannot merge, amalgamate or consolidate with any other entity.

Risks Related to this Offering

We have broad discretion to determine how to use the funds raised in this offering, and may use them in ways that may not enhance our operating results or the price of our common stock.

We currently intend to use the net proceeds from this offering for general corporate purposes, including working capital and capital expenditures, and for potential acquisitions, including complementary businesses, technologies or assets. We do not have agreements or commitments to enter into any acquisitions at this time for which we may use the net proceeds of this offering. Accordingly, we will have broad discretion as to how we use the net proceeds that we receive from this offering. We could spend the proceeds that we receive from this offering in ways that our shareholders may not agree with or that do not yield a favorable return. You will not have the opportunity as part of your investment decision to assess whether the net proceeds are being used appropriately. Investors in this offering will need to rely upon the judgment of our Board of Directors and management with respect to the use of proceeds. If we do not use the net proceeds that we receive in this offering effectively, our business, financial condition, results of operations and prospects could be harmed, and the market price of our shares of common stock could decline.

S-50

Additional financing or future equity issuances may result in future dilution to our stockholders.

We may need to raise additional funds in the future to finance our growth, our merger and acquisition plans, investment activities, continued research and product development, and for other reasons. Sales of substantial amounts of our common stock, or the perception that such sales could occur, could adversely affect the prevailing market price of our common stock and our ability to raise capital. We may issue additional common stock in future financing transactions or as incentive compensation for our executive management and other key personnel, consultants and advisors. Issuing any equity securities would be dilutive to the equity interests represented by our then-outstanding shares of common stock. The market price for our common stock could decrease as the market takes into account the dilutive effect of any of these issuances. Furthermore, we may enter into financing transactions at prices that represent a substantial discount to the market price of our common stock. A negative reaction by investors and securities analysts to any discounted sale of our equity securities could result in a decline in the trading price of our common stock.

General Risks Factors

Failure to protect our proprietary technology and intellectual property rights could substantially harm our business.

The success of our business and competitive position depends on our ability to obtain, protect and enforce our trade secrets, trademarks, copyrights, patents and other intellectual property rights. We attempt to protect our intellectual property under patent, trademark, copyrights and trade secret laws, and through a combination of confidentiality procedures, contractual provisions and other methods, all of which offer only limited protection and may not now or in the future provide us with a competitive advantage.

As of January29, 2021, we had 74 issued patents in the United States and 28 pending U.S. patent applications. We also had 41 patents issued and 63 applications pending for examination in non-U.S. jurisdictions, and three pending PCT patent applications, all of which are counterparts of our U.S. patent applications. We may file additional patent applications in the future. The process of obtaining patent protection is expensive and time-consuming, and we may not be able to prosecute all necessary or desirable patent applications at a reasonable cost or in a timely manner all the way through to the successful issuance of a patent. We may choose not to seek patent protection for certain innovations and may choose not to pursue patent protection in certain jurisdictions. Furthermore, it is possible that our patent applications may not issue as granted patents, that the scope of our issued patents will be insufficient or not have the coverage originally sought, that our issued patents will not provide us with any competitive advantages, and that our patents and other intellectual property rights may be challenged by others or invalidated through administrative process or litigation. In addition, issuance of a patent does not guarantee that we have an absolute right to practice the patented invention. Our policy is to require our employees (and our consultants and service providers that develop intellectual property included in our products) to execute written agreements in which they assign to us their rights in potential inventions and other intellectual property created within the scope of their employment (or, with respect to consultants and service providers, their engagement to develop such intellectual property), but we cannot provide assurance that we have adequately protected our rights in every such agreement or that we have executed an agreement with every such party. Finally, in order to benefit from patent and other intellectual property protection, we must monitor, detect and pursue infringement claims in certain circumstances in relevant jurisdictions, all of which is costly and time-consuming. As a result, we may not be able to obtain adequate protection or to enforce our issued patents or other intellectual property effectively.

S-51

In addition to patented technology, we rely on our unpatented proprietary technology and trade secrets. Despite our efforts to protect our proprietary technologies and our intellectual property rights, unauthorized parties, including our employees, consultants, service providers or customers, may attempt to copy aspects of our products or obtain and use our trade secrets or other confidential information. We generally enter into confidentiality agreements with our employees, consultants, service providers, vendors, channel partners and customers, and generally limit access to and distribution of our proprietary information and proprietary technology through certain procedural safeguards. These agreements may not effectively prevent unauthorized use or disclosure of our intellectual property or technology and may not provide an adequate remedy in the event of unauthorized use or disclosure of our intellectual property or technology. We cannot provide assurance that the steps taken by us will prevent misappropriation of our trade secrets or technology or infringement of our intellectual property. In addition, the laws of some foreign countries where we operate do not protect our proprietary rights to as great an extent as the laws of the United States, and many foreign countries do not enforce these laws as diligently as government agencies and private parties in the United States.

Moreover, industries in which we operate, such as data security, cybersecurity, compliance, data retention and data governance are characterized by the existence of a large number of relevant patents and frequent claims and related litigation regarding patent and other intellectual property rights. From time to time, third parties have asserted and may assert their patent, copyright, trademark and other intellectual property rights against us, our channel partners or our customers. Successful claims of infringement or misappropriation by a third party could prevent us from distributing certain products, performing certain services or could require us to pay substantial damages (including, for example, treble damages if we are found to have willfully infringed patents and increased statutory damages if we are found to have willfully infringed copyrights), royalties or other fees. Such claims also could require us to cease making, licensing or using solutions that are alleged to infringe or misappropriate the intellectual property of others or to expend additional development resources to attempt to redesign our products or services or otherwise to develop non-infringing technology. Even if third parties may offer a license to their technology, the terms of any offered license may not be acceptable, and the failure to obtain a license or the costs associated with any license could cause our business, results of operations or financial condition to be materially and adversely affected. In some cases, we indemnify our channel partners and customers against claims that our products infringe the intellectual property of third parties. Defending against claims of infringement or being deemed to be infringing the intellectual property rights of others could impair our ability to innovate, develop, distribute and sell our current and planned products and services. If we are unable to protect our intellectual property rights and ensure that we are not violating the intellectual property rights of others, we may find ourselves at a competitive disadvantage to others who need not incur the additional expense, time and effort required to create the innovative products that have enabled us to be successful to date.

We have registered the “Varonis” name and logo and “DatAdvantage”, “DataPrivilege”, “DatAlert”, “DatAnywhere” and other names in the United States and, as related to some of these names, certain other countries. However, we cannot provide assurance that any future trademark registrations will be issued for pending or future applications or that any registered trademarks will be enforceable or provide adequate protection of our proprietary rights.

We also license software from third parties for integration into our solution, including open source software and other software available on commercially reasonable terms. We cannot provide assurance that such third parties will maintain such software or continue to make it available. We also rely on confidentiality agreements, consulting agreements, work-for-hire agreements and invention assignment agreements with our employees, consultants and others.

Despite our efforts to protect our proprietary technology and trade secrets, unauthorized parties may attempt to misappropriate, reverse engineer or otherwise obtain and use them. In addition, others may independently discover our trade secrets, in which case we would not be able to assert trade secret rights or develop similar technologies and processes. Further, the contractual provisions that we enter into may

S-52

not prevent unauthorized use or disclosure of our proprietary technology or intellectual property rights and may not provide an adequate remedy in the event of unauthorized use or disclosure of our proprietary technology or intellectual property rights. Moreover, policing unauthorized use of our technologies, trade secrets and intellectual property is difficult, expensive and time-consuming, particularly in foreign countries where the laws may not be as protective of intellectual property rights as those in the United States and where mechanisms for enforcement of intellectual property rights may be weak. We may be unable to determine the extent of any unauthorized use or infringement of our solution, technologies or intellectual property rights.

Real or perceived errors, failures or bugs in our software could adversely affect our growth prospects.

Because our software uses complex technology, undetected errors, failures or bugs may occur. Our software is often installed and used in a variety of computing environments with different operating system management software, and equipment and networking configurations, which may cause errors or failures of our software or other aspects of the computing environment into which it is deployed. In addition, deployment of our software into computing environments may expose undetected errors, compatibility issues, failures or bugs in our software. Despite testing by us, errors, failures or bugs may not be found in our software until it is released to our customers. Moreover, our customers could incorrectly implement or inadvertently misuse our software, which could result in customer dissatisfaction and adversely impact the perceived utility of our products as well as our brand. Any of these real or perceived errors, compatibility issues, failures or bugs in our software could result in negative publicity, reputational harm, loss of or delay in market acceptance of our software, loss of competitive position or claims by customers for losses sustained by them. In such an event, we may be required, or may choose, for customer relations or other reasons, to expend additional resources in order to help correct the problem. Alleviating any of these problems could require significant expenditures of our capital and other resources and could cause interruptions or delays in the use of our solutions, which could cause us to lose existing or potential customers and could adversely affect our operating results and growth prospect.

Our long-term growth depends, in part, on being able to continue to expand internationally on a profitable basis, which subjects us to risks associated with conducting international operations.

Historically, we have generated the majority of our revenues from customers in North America. For the year ended December31, 2020, approximately 70% of our total revenues were derived from sales in North America. Nevertheless, we have operations across the globe, and we plan to continue to expand our international operations as part of our long-term growth strategy. The further expansion of our international operations will subject us to a variety of risks and challenges, including:

• sales and customer service challenges associated with operating in different countries;

• increased management travel, a lack of travel due to pandemics, infrastructure and legal compliance costs associated with having multiple international operations;

• difficulties in receiving payments from different geographies, including difficulties associated with currency fluctuations, payment cycles, transfer of funds or collecting accounts receivable, especially in emerging markets;

• variations in economic or political conditions between each country or region;

• economic uncertainty around the world and adverse effects arising from economic interdependencies across countries and regions;

• the uncertainty around the effects of global pandemics, including the COVID-19 outbreak, on our business and results of operations;

•  uncertainty around a potential reverse or renegotiation of international trade agreements and partnerships;

S-53

• the continued economic and legal uncertainty around how Brexit will impact the United Kingdom's access to the EU Single Market, the related regulatory environment, the global economy and the resulting impact on our business;

• compliance with foreign laws and regulations and the risks and costs of non-compliance with such laws and regulations;

• ability to hire, retain and train local employees and the ability to comply with foreign labor laws and local labor requirements, such as representations by an internal labor committee in France which is affiliated with an external trade union and the applicability of collective bargaining arrangements at the national level in certain European countries;

• compliance with laws and regulations for foreign operations, including the FCPA, the UK Bribery Act, import and export control laws, tariffs, trade barriers, economic sanctions and other regulatory or contractual limitations on our ability to sell our software in certain foreign markets, and the risks and costs of non-compliance;

• heightened risks of unfair or corrupt business practices in certain geographies and of improper or fraudulent sales arrangements that may impact financial results and result in restatements of financial statements and irregularities in financial statements;

• reduced protection for intellectual property rights in certain countries and practical difficulties and costs of enforcing rights abroad; and

• compliance with the laws of numerous foreign taxing jurisdictions and overlapping of different tax regimes and digital tax imposed on our operations in foreign taxing jurisdictions.

Any of these risks could adversely affect our international operations, reduce our revenues from outside the United States or increase our operating costs, adversely affecting our business, results of operations and financial condition and growth prospects. There can be no assurance that all of our employees, independent contractors and channel partners will comply with the formal policies we have and will implement, or applicable laws and regulations. Violations of laws or key control policies by our employees, independent contractors and channel partners could result in delays in revenue recognition, financial reporting misstatements, fines, penalties or the prohibition of the importation or exportation of our software and services and could have a material adverse effect on our business and results of operations.

We may require additional capital to support our business growth, and this capital might not be available on acceptable terms, or at all.

We continue to make investments to support our business growth and may require additional funds to respond to business challenges, including the need to develop new features or enhance our software, improve our operating infrastructure or acquire complementary businesses and technologies. Accordingly, we may need to engage in equity or debt financing to secure additional funds. If we raise additional funds through future issuances of equity or convertible debt securities, our existing stockholders could suffer significant dilution, and any new equity securities we issue could have rights, preferences and privileges superior to those of holders of our common stock. Any debt financing that we may secure in the future could involve restrictive covenants relating to our capital raising activities and other financial and operational matters, which may make it more difficult for us to obtain additional capital and to pursue business opportunities, including potential acquisitions. We may not be able to obtain additional financing on terms favorable to us, if at all. If we are unable to obtain adequate financing on terms satisfactory to us when we require it, our ability to continue to support our business growth and to respond to business challenges could be significantly impaired, and our business may be adversely affected.

S-54

Our business is subject to the risks of fire, power outages, floods, earthquakes, pandemics and other catastrophic events, and to interruption by manmade problems such as terrorism.

A significant natural disaster, such as a fire, flood or an earthquake, an outbreak of a pandemic disease (such as COVID-19) or a significant power outage could have a material adverse impact on our business, results of operations and financial condition. In the event our customers' IT systems or our channel partners' selling or distribution abilities are hindered by any of these events, we may miss financial targets, such as revenues and sales targets, for a particular quarter. Further, if a natural disaster occurs in a region from which we derive a significant portion of our revenue, customers in that region may delay or forego purchases of our products, which may materially and adversely impact our results of operations for a particular period. In addition, acts of terrorism could cause disruptions in our business or the business of channel partners, customers or the economy as a whole. Given our typical concentration of sales at each quarter end, any disruption in the business of our channel partners or customers that impacts sales at the end of our quarter could have a significant adverse impact on our quarterly results. All of the aforementioned risks may be augmented if the disaster recovery plans for us and our channel partners prove to be inadequate. To the extent that any of the above results in delays or cancellations of customer orders, or the delay in the development, deployment or shipment of our products, our business, financial condition and results of operations would be adversely affected.

Changes in financial accounting standards may cause adverse and unexpected revenue fluctuations and impact our reported results of operations.

A change in accounting standards or practices could harm our operating results and may even affect our reporting of transactions completed before the change is effective. New accounting pronouncements and varying interpretations of accounting pronouncements have occurred and may occur in the future. Changes to existing rules or the questioning of current practices may harm our operating results or the way we conduct our business. Additionally, the adoption of new or revised accounting principles may require that we make significant changes to our systems process and controls.

Our stock price has been and will likely continue to be volatile.

The market price for our common stock has been, and is likely to continue to be, volatile for the foreseeable future, and is subject to wide fluctuations in response to various factors, some of which are beyond our control. These factors, as well as the volatility of our common stock, could affect the price at which our convertible noteholders could sell the common stock received upon conversion of the 2025 Notes and could also impact the trading price of the 2025 Notes. Since shares of our common stock were sold in our initial public offering in March 2014 at a price of $22.00 per share, our common stock's price on The Nasdaq Global Select Market has ranged from $13.25 to $191.98 through February5, 2021. On February5, 2021, the closing price of our common stock was $189.78. The market price of our common stock may fluctuate significantly in response to a number of factors, many of which we cannot predict or control, including the factors listed below and other factors described in this “Risk Factors” section:

• actual or anticipated fluctuations in our results or those of our competitors;

• the financial projections we may provide to the public, any changes in these projections or our failure to meet these projections;

• failure of securities analysts to initiate or maintain coverage of our company, changes in financial estimates by any securities analysts who follow our company, or our failure to meet these estimates or the expectations of investors;

S-55

• ratings changes by any securities analysts who follow our company;

• announcements of new products, services or technologies, commercial relationships, acquisitions or other events by us or our competitors;

• new announcements that affect investor perception of our industry, including reports related to the discovery of significant cyberattacks;

• changes in operating performance and stock market valuations of other technology companies generally, or those in our industry in particular;

• price and volume fluctuations in certain categories of companies or the overall stock market, including as a result of trends in the global economy;

• the trading volume of our common stock;

• changes in accounting principles;

• sales of large blocks of our common stock, including sales by our executive officers, directors and significant stockholders;

• additions or departures of any of our key personnel;

• lawsuits threatened or filed against us;

• short sales, hedging and other derivative transactions involving our capital stock;

• general economic conditions in the United States and abroad;

• changing legal or regulatory developments in the United States and other countries;

• conversion of the 2025 Notes; and

• other events or factors, including those resulting from war, incidents of terrorism, pandemic (such as COVID-19) or responses to these events.

In addition, the stock markets have experienced extreme price and volume fluctuations that have affected and continue to affect the market prices of equity securities of many technology companies. Stock prices of many technology companies have fluctuated in a manner unrelated or disproportionate to the operating performance of those companies. Furthermore, technical factors in the public trading market for our common stock may produce price movements that may or may not comport with macro, industry or company-specific fundamentals, including, without limitation, the sentiment of retail investors (including as may be expressed on financial trading and other social media sites), the amount and status of short interest in our securities, access to margin debt, trading in options and other derivatives on our common stock and any related hedging or other technical trading factors. In the past, stockholders have instituted securities class action litigation following periods of market volatility. If we were to become involved in securities litigation, it could subject us to substantial costs, divert resources and the attention of management from our business and adversely affect our business, results of operations, financial condition and cash flows and may cause a significant increase in the premium paid for our directors and officers insurance.

If securities or industry analysts do not publish research or reports about our business, or publish negative reports about our business, our stock price and trading volume could decline.

The trading market for our common stock depends in part on the research and reports that securities or industry analysts publish about us or our business, our market and our competitors. We do not have any control over these analysts or their expectations regarding our performance on a quarterly or annual basis. If

S-56

one or more of the analysts who cover us downgrade our stock or change their opinion of our stock, our stock price would likely decline. If we fail to meet one or more of these analysts' published expectations regarding our performance on a quarterly basis, our stock price or trading volume could decline. If one or more of these analysts cease coverage of our company or fail to regularly publish reports on us, we could lose visibility in the financial markets, which could cause our stock price or trading volume to decline.

The requirements of being a public company may strain our resources, divert management's attention and affect our ability to attract and retain executive management and qualified board members.

As a public company, we are subject to the reporting requirements of the Exchange Act, the Sarbanes-Oxley Act of 2002 (the “Sarbanes-Oxley Act”), the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, the listing requirements of The Nasdaq Global Select Market and other applicable securities rules and regulations. Compliance with these rules and regulations have increased our legal and financial compliance costs, make some activities more difficult, time-consuming or costly and increase demand on our systems and resources.

The Exchange Act requires, among other things, that we file annual, quarterly and current reports with respect to our business and results of operations. The Sarbanes-Oxley Act requires, among other things, that we maintain effective disclosure controls and procedures and internal control over financial reporting. In order to maintain and, if required, improve our disclosure controls and procedures and internal control over financial reporting to meet this standard, significant resources and management oversight is required. As a result, management's attention may be diverted from other business concerns, which could adversely affect our business and results of operations. We may need to hire more employees in the future or engage outside consultants, which will increase our costs and expenses. In addition, changing laws, regulations and standards relating to corporate governance and public disclosure are creating uncertainty for public companies, increasing legal and financial compliance costs and making some activities more time consuming. These laws, regulations and standards are subject to varying interpretations, in many cases due to their lack of specificity, and, as a result, their application in practice may evolve over time as new guidance is provided by regulatory and governing bodies. This could result in continuing uncertainty regarding compliance matters and higher costs necessitated by ongoing revisions to disclosure and governance practices.

Being a public company, these rules and regulations have made it more expensive for us to obtain director and officer liability insurance, and in the future we may be required to accept reduced coverage or incur substantially higher costs to obtain coverage. These factors could also make it more difficult for us to attract and retain qualified members of our board of directors, particularly to serve on our audit and compensation committees, and qualified executive officers.

As a result of disclosure of information in our filings with the SEC, our business and financial condition have become more visible, which we believe may result in threatened or actual litigation, including by competitors and other third parties. If such claims are successful, our business and results of operations could be adversely affected, and even if the claims do not result in litigation or are resolved in our favor, these claims, and the time and resources necessary to resolve them, could divert the resources of our management and adversely affect our business and results of operations.

We are obligated to develop and maintain proper and effective internal control over financial reporting. These internal controls may not be determined to be effective, which may adversely affect investor confidence in our company and, as a result, the value of our common stock.

We are required, pursuant to Section 404 of the Sarbanes-Oxley Act, to furnish a report by management on, among other things, the effectiveness of our internal control over financial reporting on an annual basis. This assessment includes disclosure of any material weaknesses identified by our management in our internal control over financial reporting. We are also required to have our independent registered public accounting

S-57

firm issue an opinion on the effectiveness of our internal control over financial reporting on an annual basis. During the evaluation and testing process, if we identify one or more material weaknesses in our internal control over financial reporting, we will be unable to assert that our internal control over financial reporting is effective.

If we are unable to assert that our internal control over financial reporting is effective, or if our independent registered public accounting firm is unable to express an opinion on the effectiveness of our internal control over financial reporting, we could lose investor confidence in the accuracy and completeness of our financial reports, which could cause the price of our common stock to decline, and we may be subject to investigation or sanctions by the SEC.

Future sales and issuances of our capital stock or rights to purchase capital stock could result in additional dilution of the percentage ownership of our stockholders and could cause our stock price to decline.

Future sales and issuances of our capital stock or rights to purchase our capital stock could result in substantial dilution to our existing stockholders. We may sell common stock, convertible securities and other equity securities in one or more transactions at prices and in a manner as we may determine from time to time. If we sell any such securities in subsequent transactions, investors may be materially diluted. New investors in such subsequent transactions could gain rights, preferences and privileges senior to those of holders of our common stock.

S-58

Use of proceeds

We estimate that our net proceeds from this offering will be approximately $388.5million (or approximately $446.8million if the underwriters exercise their option to purchase additional shares in full), after deducting the underwriting discount and estimated offering expenses payable by us.

We intend to use the net proceeds from this offering for general corporate purposes, including working capital and capital expenditures, and for potential acquisitions, including complementary businesses, technologies or assets. We do not have agreements or commitments to enter into any acquisitions at this time for which we may use the net proceeds of this offering.

We have not yet determined the amount of net proceeds to be used specifically for any of the foregoing purposes. Accordingly, our management will have significant discretion and flexibility in applying the net proceeds from this offering.

S-59

Capitalization

The following table sets forth our capitalization as of December31, 2020:

• on an actual basis; and

• on an as-adjusted basis to give effect to the issuance and sale of our common stock offered hereby and the application of the estimated net proceeds therefrom as set forth under “Use of proceeds,” based on an assumed public offering price of $183.18 per share (the last reported sale price of our common stock on The Nasdaq Global Select Market on February8, 2021), after deducting the underwriting discount and estimated offering expenses payable by us.

This table should be read in conjunction with, and is qualified in its entirety by reference to, “Use of proceeds” and our consolidated financial statements and related notes and “Management’s Discussion and Analysis of Financial Condition and Results of Operations” included in the 2020 Form 10-K (which is incorporated by reference into this prospectus supplement and the accompanying prospectus).

	As of December 31, 2020
	Actual			As Adjusted(1)
	(in thousands)
Cash and cash equivalents, marketable securities and short-term deposits	$	298,262		$	686,762
Debt:
2025 Notes(1)		253,000			253,000
Credit Facility(2)		—			—
Stockholders’ equity:
Common stock, par value $0.001 per share; 200,000,000 shares authorized, actual and as adjusted; 31,818,954 shares issued and outstanding, actual; 34,002,599 shares issued and outstanding, as adjusted(3)		32			34
Accumulated other comprehensive loss		9,371			9,371
Additional paid-in capital		395,410			783,908
Accumulated deficit		(310,742	)		(310,742	)
Total stockholders’ equity		94,071			482,571
Total capitalization	$	94,071		$	482,571

(1)  In accordance with ASC 470-20, convertible debt that may be wholly or partially settled in cash is required to be separated into a liability and an equity component, such that interest expense reflects the issuer’s non-convertible debt interest rate. Upon issuance, a debt discount is recognized as a decrease in debt and an increase in additional paid-in capital. The debt component will accrete up to the principal amount over the expected term of the debt. ASC 470-20 does not affect the actual amount that we are required to repay, and the amount shown in the table above for the 2025 Notes is the aggregate principal amount of the notes and does not reflect the debt discount that we recognize or the increase in additional paid-in capital (or the corresponding increase to stockholders’ equity and total capitalization) reflected in our consolidated balance sheet.

(2)  As of December 31, 2020, we had $70 million of availability and no debt outstanding under a secured line of credit with KeyBank National Association.

(3)  The number of shares of our common stock issued and outstanding excludes as of December 31, 2020: (a) 491,924 shares of common stock reserved for issuance under our employee stock purchase plan; (b) 3,475,387 shares of common stock reserved for issuance under our equity incentive plans, of which (i) 352,121 shares of common stock are issuable upon exercise of options awarded and outstanding at a weighted average exercise price of $20.59, and (ii) 2,797,913 shares of common stock are issuable upon vesting of RSUs and earned and unvested PSUs; and (c) shares of common stock issuable upon conversion of our $253 million aggregate principal amount of the 2025 Notes, which are convertible in certain limited circumstances at a conversion price of $92.12 per share, subject to adjustment.

S-60

Material U.S. federal tax considerations for non-U.S. holders of our common stock

The following discussion is a summary of the material U.S. federal income tax consequences to Non-U.S. Holders (as defined below) of the purchase, ownership and disposition of our common stock sold in accordance with this prospectus, but does not purport to be a complete analysis of all potential tax effects. The effects of other U.S. federal tax laws, such as estate and gift tax laws, and any applicable state, local, or non-U.S. tax laws are not discussed. This discussion is based on the U.S. Internal Revenue Code of 1986, as amended, or the Code, Treasury Regulations promulgated thereunder, judicial decisions and published rulings and administrative pronouncements of the IRS, in each case in effect as of the date hereof. These authorities may change or be subject to differing interpretations. Any such change or differing interpretation may be applied retroactively in a manner that could adversely affect a Non-U.S. Holder of our common stock. We have not sought and will not seek any rulings from the IRS regarding the matters discussed below. There can be no assurance the IRS or a court will not take a contrary position to that discussed below regarding the tax consequences of the purchase, ownership and disposition of our common stock.

This discussion is limited to Non-U.S. Holders that hold our common stock as a “capital asset” within the meaning of Section 1221 of the Code (generally, property held for investment). This discussion does not address all U.S. federal income tax consequences relevant to a Non-U.S. Holder’s particular circumstances, including the impact of the Medicare contribution tax on net investment income. In addition, it does not address consequences relevant to Non-U.S. Holders subject to special rules, including, without limitation:

• U.S. expatriates and former citizens or long-term residents of the United States;

• persons subject to the alternative minimum tax;

• persons holding our common stock as part of a hedge, straddle, or other risk reduction strategy or as part of a conversion transaction or other integrated investment;

• persons subject to special tax accounting rules as a result of any item of gross income with respect to our common stock being taken into account in an applicable financial statement;

• banks, insurance companies and other financial institutions;

• brokers, dealers, or traders in securities;

• “controlled foreign corporations,” “passive foreign investment companies,” and corporations that accumulate earnings to avoid U.S. federal income tax;

• partnerships or other entities or arrangements treated as partnerships for U.S. federal income tax purposes (and investors therein) or other entities or arrangements that are pass-through or disregarded entities for U.S. federal income tax purposes or persons that hold their common stock through such partnerships or other entities or arrangements;

• tax-exempt organizations or governmental organizations;

• persons deemed to sell our common stock under the constructive sale provisions of the Code;

• persons who hold or receive our common stock pursuant to the exercise of any employee stock option or otherwise as compensation;

• persons that own, or are deemed to own, more than 5% of our common stock (except to the extent specifically set forth below);

S-61

• regulated investment companies

• tax-qualified retirement plans; and

• “qualified foreign pension funds” as defined in Section 897(l)(2) of the Code and entities all of the interests of which are held by qualified foreign pension funds.

If an entity (or arrangement) treated as a partnership for U.S. federal income tax purposes holds our common stock, the tax treatment of a partner or beneficial owner of the entity will depend on the status of the partner or beneficial owner, the activities of the entity and certain determinations made at the partner or beneficial owner level. Accordingly, entities treated as partnerships for U.S. federal income tax purposes holding our common stock and the partners or beneficial owners in such entities should consult their tax advisors regarding the U.S. federal income tax consequences to them.

THIS DISCUSSION IS FOR INFORMATIONAL PURPOSES ONLY AND IS NOT TAX ADVICE. INVESTORS SHOULD CONSULT THEIR TAX ADVISORS WITH RESPECT TO THE APPLICATION OF THE U.S. FEDERAL INCOME TAX LAWS TO THEIR PARTICULAR SITUATIONS AS WELL AS ANY TAX CONSEQUENCES OF THE PURCHASE, OWNERSHIP AND DISPOSITION OF OUR COMMON STOCK ARISING UNDER THE U.S. FEDERAL ESTATE OR GIFT TAX LAWS OR UNDER THE LAWS OF ANY STATE, LOCAL OR NON-U.S. TAXING JURISDICTION OR UNDER ANY APPLICABLE INCOME TAX TREATY.

Definition of a Non-U.S. Holder

For purposes of this discussion, a “Non-U.S. Holder” is any beneficial owner of our common stock that is neither a “U.S. person” nor an entity (or arrangement) treated as a partnership for U.S. federal income tax purposes. A U.S. person is any person that, for U.S. federal income tax purposes, is or is treated as any of the following:

• an individual who is a citizen or resident of the United States;

• an entity created or organized under the laws of the United States, any state thereof, or the District of Columbia that is classified as a corporation for U.S. federal income tax purposes;

• an estate, the income of which is subject to U.S. federal income tax regardless of its source; or

• a trust that (1) is subject to the primary supervision of a U.S. court and the control of one or more “United States persons” (within the meaning of Section 7701(a)(30) of the Code), or (2) has a valid election in effect to be treated as a United States person for U.S. federal income tax purposes.

Distributions

As described in the section of this prospectus entitled “Dividend Policy,” we do not anticipate declaring or paying dividends to holders of our common stock in the foreseeable future. However, if we do make distributions of cash or property on our common stock, such distributions will constitute dividends for U.S. federal income tax purposes to the extent paid from our current or accumulated earnings and profits, as determined under U.S. federal income tax principles. If a distribution exceeds our current and accumulated earnings and profits, the excess amounts will not be treated as dividends for U.S. federal income tax purposes. Rather, the excess will first constitute a return of capital and be applied against and reduce a Non-U.S. Holder’s adjusted tax basis in its common stock, but not below zero. Any amount distributed in excess of tax basis will be treated as capital gain and will be treated as described below under “— Sale or Other Taxable Disposition.” Any such distributions will also be subject to the discussions below under the sections titled “Information Reporting and Backup Withholding” and “Additional Withholding Tax on Payments Made to Foreign Accounts.”

S-62

Except as described below with respect to effectively connected dividends and subject to the discussions below of backup withholding and Sections 1471 to 1474 of the Code (such Sections and related Treasury Regulations commonly referred to as the Foreign Account Tax Compliance Act, or FATCA), dividends paid to a Non-U.S. Holder of our common stock will be subject to U.S. federal withholding tax at a rate of 30% of the gross amount of the dividends (or such lower rate specified by an applicable income tax treaty, provided the Non-U.S. Holder furnishes a valid IRS Form W-8BEN or W-8BEN-E (or other applicable documentation) certifying qualification for the lower treaty rate). If a Non-U.S. Holder holds the stock through a financial institution or other intermediary, the Non-U.S. Holder will be required to provide appropriate documentation to the intermediary, which then will be required to provide appropriate documentation to the applicable withholding agent, either directly or through other intermediaries. A Non-U.S. Holder that does not timely furnish the required documentation, but that qualifies for a reduced treaty rate, may obtain a refund of any excess amounts withheld by timely filing an appropriate claim for refund with the IRS. Non-U.S. Holders should consult their tax advisors regarding their entitlement to benefits under any applicable income tax treaty.

If dividends paid to a Non-U.S. Holder are effectively connected with the Non-U.S. Holder’s conduct of a trade or business within the United States (and, if required by an applicable income tax treaty, the Non-U.S. Holder maintains a permanent establishment or a fixed base in the United States to which such dividends are attributable), the Non-U.S. Holder will be exempt from the U.S. federal withholding tax described above. To claim the exemption, the Non-U.S. Holder must furnish to the applicable withholding agent a valid IRS Form W-8ECI, certifying that the dividends are effectively connected with the Non-U.S. Holder’s conduct of a trade or business within the United States.

Any such effectively connected dividends will be subject to U.S. federal income tax generally in the same manner as if the Non-U.S. Holder were a U.S. person and be subject to U.S. federal income tax on a net income basis at the regular graduated U.S. federal income tax rates. A Non-U.S. Holder that is a corporation also may be subject to a branch profits tax at a rate of 30% (or such lower rate specified by an applicable income tax treaty) on its effectively connected earnings and profits for the taxable year that are attributable to such dividends, as adjusted for certain items. Non-U.S. Holders should consult their tax advisors regarding any applicable tax treaties that may provide for different rules or rates.

Sale or Other Taxable Disposition

Subject to the discussions below regarding FATCA and backup withholding (see “— Information Reporting and Backup Withholding” and “— Additional Withholding Tax on Payments Made to Foreign Accounts”), a Non-U.S. Holder generally will not be subject to U.S. federal income tax on any gain realized upon the sale or other taxable disposition of our common stock unless:

• the gain is effectively connected with the Non-U.S. Holder’s conduct of a trade or business within the United States (and, if required by an applicable income tax treaty, the Non-U.S. Holder maintains a permanent establishment or a fixed base in the United States to which such gain is attributable);

• the gain is recognized by a Non-U.S. Holder that is a nonresident alien individual present in the United States for 183 days or more during the taxable year of the disposition and certain other requirements are met; or

• our common stock constitutes a U.S. real property interest, or USRPI (as defined under Section 897(c)(1) of the Code), by reason of our status as a U.S. real property holding corporation, or USRPHC (as defined under Section 897(c)(2) of the Code), for U.S. federal income tax purposes.

Gain described in the first bullet point above generally will be subject to U.S. federal income tax generally in the same manner as if the Non-U.S. Holder were a U.S. person and be taxed on the net gain derived from the sale or other taxable disposition under regular graduated U.S. federal income tax rates. A Non-U.S. Holder that is a corporation also may be subject to a branch profits tax at a rate of 30% (or such lower rate specified by an applicable income tax treaty) on a portion of its effectively connected earnings and profits for the taxable year that are attributable to such gain, as adjusted for certain items.

S-63

Gain described in the second bullet point above will be subject to U.S. federal income tax at a rate of 30% (or such lower rate specified by an applicable income tax treaty), on the net gain derived from the disposition, which may be offset by U.S. source capital losses of the Non-U.S. Holder (even though the individual is not considered a resident of the United States), provided the Non-U.S. Holder has timely filed U.S. federal income tax returns with respect to such losses.

With respect to the third bullet point above, we believe we currently are not, and do not anticipate becoming, a USRPHC. Because the determination of whether we are a USRPHC depends, however, on the fair market value of our USRPIs relative to the fair market value of our non-U.S. real property interests and our other business assets, there can be no assurance that we currently are not a USRPHC or that will not become a USRPHC in the future, and no formal determination has been made or is anticipated to be made by us with respect thereof. Even if we are or were to become a USRPHC, our common stock will not be treated as a USRPI if our common stock is “regularly traded,” as defined by applicable Treasury Regulations, on an established securities market, and such Non-U.S. Holder owned, actually or constructively, 5% or less of our common stock throughout the shorter of the five-year period ending on the date of the sale or other taxable disposition of, or the Non-U.S. Holder’s holding period for, our common stock. If none of the above exceptions apply, such non-U.S. holder generally will be taxed on its net gain derived from the disposition at the U.S. federal income tax rates applicable to United States persons (as defined in the Code).

Non-U.S. Holders should consult their tax advisors regarding the application of the above to their particular situation, including the potential application of any available income tax treaty that may provide for different rules.

Information Reporting and Backup Withholding

Payments of dividends on our common stock will not be subject to backup withholding, provided the applicable withholding agent does not have actual knowledge or reason to know the holder is a U.S. person and the holder either certifies its non-U.S. status, such as by furnishing a valid IRS Form W-8BEN, W-8BEN-E, W-8ECI, or W-8EXP, or otherwise establishes an exemption. However, information returns are required to be filed with the IRS in connection with any dividends on our common stock paid to the Non-U.S. Holder, regardless of whether any tax was actually withheld. In addition, proceeds of the sale or other taxable disposition of our common stock within the United States or conducted through certain U.S.-related brokers generally will not be subject to backup withholding or information reporting, if the applicable withholding agent receives the certification described above and does not have actual knowledge or reason to know that such holder is a U.S. person, or the holder otherwise establishes an exemption. Proceeds of a disposition of our common stock conducted through a non-U.S. office of a non-U.S. broker generally will not be subject to backup withholding or information reporting.

Copies of information returns that are filed with the IRS may also be made available under the provisions of an applicable treaty or agreement to the tax authorities of the country in which the Non-U.S. Holder resides or is established or organized.

Backup withholding is not an additional tax. Any amounts withheld under the backup withholding rules may be allowed as a refund or a credit against a Non-U.S. Holder’s U.S. federal income tax liability, provided the required information is timely furnished to the IRS.

Non-U.S. holders should consult their tax advisors regarding the application of the information reporting and backup withholding rules to them.

S-64

Additional Withholding Tax on Payments Made to Foreign Accounts

U.S. federal withholding taxes may be imposed under FATCA on certain types of payments made to non-U.S. financial institutions and certain other non-U.S. entities. Specifically, a 30% withholding tax may be imposed on dividends on, or, subject to the proposed Treasury Regulations discussed below, gross proceeds from the sale or other disposition of, our common stock paid to a “foreign financial institution” (as defined by the Code to include, in addition to banks and traditional financial institutions, entities such as investment funds and certain holding companies) or a “non-financial foreign entity” (as defined in the Code), unless (1) the foreign financial institution undertakes certain diligence, reporting and withholding obligations, (2) the non-financial foreign entity either certifies it does not have any “substantial United States owners” (as defined in the Code) or furnishes identifying information regarding each substantial United States owner, or (3) the foreign financial institution or non-financial foreign entity otherwise qualifies for an exemption from these rules. If the payee is a foreign financial institution and is subject to the diligence, reporting and withholding requirements in (1) above, it must enter into an agreement with the U.S. Department of the Treasury requiring, among other things, that it undertake to identify accounts held by certain “specified United States persons” or “United States-owned foreign entities” (each as defined in the Code), annually report certain information about such accounts and withhold 30% on certain payments to non-compliant foreign financial institutions and certain other account holders. Accordingly, the entity through which our common stock is held will affect the determination of whether such withholding is required. Foreign financial institutions located in jurisdictions that have an intergovernmental agreement with the United States governing FATCA may be subject to different rules.

Under the applicable Treasury Regulations and administrative guidance, withholding under FATCA generally applies to payments of dividends on our common stock. While withholding under FATCA would have applied also to payments of gross proceeds from the sale or other disposition of stock on or after January 1, 2019, recently proposed Treasury Regulations eliminate FATCA withholding on payments of gross proceeds entirely. Taxpayers generally may rely on these proposed Treasury Regulations until final Treasury Regulations are issued.

The FATCA withholding tax will apply to all withholdable payments without regard to whether the beneficial owner of the payment would otherwise be entitled to an exemption from imposition of withholding tax pursuant to an applicable tax treaty with the United States or U.S. domestic law. Prospective investors should consult their tax advisors regarding the potential application of withholding under FATCA to their investment in our common stock.

S-65

Underwriting

We are offering the shares of common stock described in this prospectus supplement through a number of underwriters. J.P. Morgan Securities LLC, Barclays Capital Inc., Jefferies LLC and RBC Capital Markets, LLC are acting as joint book-running managers of the offering and as representatives of the underwriters. We intend to enter into an underwriting agreement with the underwriters. Subject to the terms and conditions of the underwriting agreement, we have agreed to sell to the underwriters, and each underwriter has severally agreed to purchase, at the public offering price less the underwriting discounts and commissions set forth on the cover page of this prospectus supplement, the number of shares of common stock listed next to its name in the following table:

Name	Number of shares
J.P. Morgan Securities LLC
Barclays Capital Inc.
Jefferies LLC
RBC Capital Markets, LLC
Total

The underwriters are committed to purchase all the shares of common stock offered by us if they purchase any shares. The underwriting agreement also provides that if an underwriter defaults, the purchase commitments of non-defaulting underwriters may also be increased or the offering may be terminated.

The underwriters propose to offer the shares of common stock directly to the public at the public offering price set forth on the cover page of this prospectus supplement and to certain dealers at that price less a concession not in excess of $              per share. Any such dealers may resell shares to certain other brokers or dealers at a discount of up to $              per share from the public offering price. After the offering of the shares to the public, if all of the shares of common stock are not sold at the public offering price, the underwriters may change the offering price and the other selling terms. Sales of any shares made outside of the United States may be made by affiliates of the underwriters.

The underwriters have an option to buy up to             additional shares of common stock from us to cover sales of shares by the underwriters which exceed the number of shares specified in the table above. The underwriters have 30 days from the date of this prospectus supplement to exercise this option to purchase additional shares. If any shares are purchased with this option to purchase additional shares, the underwriters will purchase shares in approximately the same proportion as shown in the table above. If any additional shares of common stock are purchased, the underwriters will offer the additional shares on the same terms as those on which the shares are being offered.

The underwriting discount is equal to the public offering price per share of common stock less the amount paid by the underwriters to us per share of common stock. The underwriting discount is $        per share. The following table shows the per share and total underwriting discounts and commissions to be paid to the underwriters assuming both no exercise and full exercise of the underwriters’ option to purchase additional shares.

	Without option to purchase additional shares exercise	With full option to purchase additional shares exercise
Per share	$	$
Total	$	$

S-66

We estimate that the total expenses of this offering, including registration, filing and listing fees, printing fees and legal and accounting expenses, but excluding the underwriting discounts and commissions, will be approximately $500,000. The underwriters have agreed to reimburse us for certain of these expenses.

A prospectus supplement and the accompanying prospectus in electronic format may be made available on the websites maintained by one or more underwriters, or selling group members, if any, participating in the offering. The underwriters may agree to allocate a number of shares to underwriters and selling group members for sale to their online brokerage account holders. Internet distributions will be allocated by the representatives to underwriters and selling group members that may make Internet distributions on the same basis as other allocations.

We have agreed that we will not (i) offer, pledge, sell, contract to sell, sell any option or contract to purchase, purchase any option or contract to sell, grant any option, right or warrant to purchase, lend or otherwise transfer or dispose of, directly or indirectly, or submit to, or file with, the Securities and Exchange Commission a registration statement under the Securities Act relating to, any shares of our common stock or securities convertible into or exercisable or exchangeable for any shares of our common stock, or publicly disclose the intention to make any offer, sale, pledge, loan, disposition or filing, or (ii) enter into any swap or other arrangement that transfers all or a portion of the economic consequences associated with the ownership of any shares of common stock or any such other securities (regardless of whether any of these transactions are to be settled by the delivery of shares of common stock or such other securities, in cash or otherwise), in each case without the prior written consent of J.P. Morgan Securities LLC for a period of 60 days after the date of this prospectus supplement.

The restrictions on our actions, as described above, do not apply to certain transactions, including (i) the shares of our common stock to be sold in this offering, (ii) the issuance of shares of common stock or securities convertible into or exercisable for shares of our common stock pursuant to the conversion or exchange of convertible or exchangeable securities or the exercise of warrants or options (including net exercise) or the settlement of RSUs) (including net settlement), in each case outstanding on the date of the underwriting agreement and described in this prospectus supplement; (iii) grants of stock options, stock awards, restricted stock, RSUs, or other equity awards and the issuance of shares of our common stock or securities convertible into or exercisable or exchangeable for shares of our common stock (whether upon the exercise of stock options or otherwise) to our employees, officers, directors, advisors, or consultants pursuant to the terms of an equity compensation plan in effect as of the closing of this offering and described in this prospectus supplement, provided that such recipients enter into a lock-up agreement with the underwriters; or (iv) our filing of any registration statement on Form S-8 relating to securities granted or to be granted pursuant to any plan in effect on the date of the underwriting agreement and described in this prospectus supplement or any assumed benefit plan pursuant to an acquisition or similar strategic transaction.

Our directors and executive officers (the “lock-up parties”) have entered into lock-up agreements with the underwriters prior to the commencement of this offering pursuant to which each lock-up party, with limited exceptions, for a period of 60 days after the date of this prospectus supplement (such period, the “restricted period”), may not (and may not cause any of their direct or indirect affiliates to), without the prior written consent of J.P. Morgan Securities LLC, (1) offer, pledge, sell, contract to sell, sell any option or contract to purchase, purchase any option or contract to sell, grant any option, right or warrant to purchase, lend or otherwise transfer or dispose of, directly or indirectly, any shares of our common stock or any securities convertible into or exercisable or exchangeable for our common stock (including, without limitation, common stock or such other securities which may be deemed to be beneficially owned by such lock-up parties in accordance with the rules and regulations of the SEC and securities which may be issued upon exercise of

S-67

a stock option or warrant (collectively with the common stock, the “lock-up securities”)), (2) enter into any hedging, swap or other agreement or transaction that transfers, in whole or in part, any of the economic consequences of ownership of the lock-up securities, whether any such transaction described in clause (1) or (2) above is to be settled by delivery of lock-up securities, in cash or otherwise, (3) make any demand for, or exercise any right with respect to, the registration of any lock-up securities, or (4) publicly disclose the intention to do any of the foregoing. Such lock-up parties have further acknowledged that these undertakings preclude them from engaging in any hedging or other transactions or arrangements (including, without limitation, any short sale or the purchase or sale of, or entry into, any put or call option, or combination thereof, forward, swap or any other derivative transaction or instrument, however described or defined) designed or intended, or which could reasonably be expected to lead to or result in, a sale or disposition or transfer (by any person or entity, whether or not a signatory to such agreement) of any economic consequences of ownership, in whole or in part, directly or indirectly, of any lock-up securities, whether any such transaction or arrangement (or instrument provided for thereunder) would be settled by delivery of lock-up securities, in cash or otherwise.

The restrictions described in the immediately preceding paragraph and contained in the lock-up agreements between the underwriters and the lock-up parties do not apply, subject in certain cases to various conditions, to certain transactions, including (a) transfers of lock-up securities: (i) as bona fide gifts or for bona fide estate planning purposes; (ii) by will or intestacy; (iii) to any trust for the direct or indirect benefit of the lock-up party or any immediate family member; (iv) to a partnership, limited liability company or other entity of which the lock-up party or the party’s immediate family members are the legal and beneficial owner of all of the outstanding equity securities or similar interests; (v) to a nominee or custodian of a person or entity to whom a disposition or transfer would be permissible under any of the foregoing; (vi) in the case of a business entity, to certain affiliated business entities or as a distribution to equityholders; (vii) by operation of law, such as, among other things, pursuant to a qualified domestic order; (viii) to us from an employee upon death, disability or termination of employment of such employee; (ix) as part of a sale of the lock-up party’s lock-up securities acquired in open market transactions after the completion of this offering; (x) to us in connection with the vesting, settlement or exercise of equity awards, options, warrants or other rights to purchase shares of our common stock (including, in each case, by way of “net” or “cashless” exercise), including for the payment of exercise price and tax and remittance payments due as a result of such vesting, settlement or exercise (where all shares received upon the exercise, vesting or settlement are subject to the terms of the lock-up agreement); (xi) pursuant to a bona fide third-party tender offer, merger, consolidation or other similar transaction that is approved by our board of directors and made to all holders of our capital stock involving a change of control of the Company, provided that if such transaction is not completed, all such lock-up securities would remain subject to the restrictions of the lock-up agreement; or (xii) pursuant to Rule 10b5-1 trading plans for the transfer of shares of lock-up securities entered into before the date of the lock-up agreements; (b) exercises or settlements of outstanding equity awards, options or warrants granted pursuant to existing plans, provided that the underlying shares will continue to be subject to the terms of the lock-up agreement; and (c) the establishment of Rule 10b5-1 trading plans for the transfer of lock-up securities, provided that such plans do not provide for the transfer of lock-up securities during the restricted period. Three of our executives and one of our directors are parties to Rule 10b5-1 trading plans, which may result in the sale of up to 141,187shares of our common stock during the lock-up period. Additionally, four of our executive officers are permitted to sell shares of our common stock solely for the purposes of covering tax withholding relating to the vesting of an aggregate of 219,149 RSUs and/or PSUs during the lock-up period. J.P. Morgan Securities LLC, in its sole discretion, may release the securities subject to any of the lock-up agreements with the underwriters described above, in whole or in part at any time.

We have agreed to indemnify the underwriters against certain liabilities, including liabilities under the Securities Act.

S-68

Our common stock is listed on The Nasdaq Global Select Market under the symbol “VRNS”.

In connection with this offering, the underwriters may engage in stabilizing transactions, which involves making bids for, purchasing and selling shares of common stock in the open market for the purpose of preventing or retarding a decline in the market price of the common stock while this offering is in progress. These stabilizing transactions may include making short sales of common stock, which involves the sale by the underwriters of a greater number of shares of common stock than they are required to purchase in this offering, and purchasing shares of common stock on the open market to cover positions created by short sales. Short sales may be “covered” shorts, which are short positions in an amount not greater than the underwriters’ option to purchase additional shares referred to above, or may be “naked” shorts, which are short positions in excess of that amount. The underwriters may close out any covered short position either by exercising their option to purchase additional shares, in whole or in part, or by purchasing shares in the open market. In making this determination, the underwriters will consider, among other things, the price of shares available for purchase in the open market compared to the price at which the underwriters may purchase shares through the option to purchase additional shares. A naked short position is more likely to be created if the underwriters are concerned that there may be downward pressure on the price of the common stock in the open market that could adversely affect investors who purchase in this offering. To the extent that the underwriters create a naked short position, they will purchase shares in the open market to cover the position.

The underwriters have advised us that, pursuant to Regulation M of the Securities Act, they may also engage in other activities that stabilize, maintain or otherwise affect the price of the common stock, including the imposition of penalty bids. This means that if the representatives of the underwriters purchase common stock in the open market in stabilizing transactions or to cover short sales, the representatives can require the underwriters that sold those shares as part of this offering to repay the underwriting discount received by them.

These activities may have the effect of raising or maintaining the market price of the common stock or preventing or retarding a decline in the market price of the common stock, and, as a result, the price of the common stock may be higher than the price that otherwise might exist in the open market. If the underwriters commence these activities, they may discontinue them at any time. The underwriters may carry out these transactions on The Nasdaq Global Select Market, in the over-the-counter market or otherwise.

Other relationships

The underwriters and their respective affiliates are full service financial institutions engaged in various activities, which may include sales and trading, commercial and investment banking, advisory, investment management, investment research, principal investment, hedging, market making, brokerage and other financial and non-financial activities and services. Certain of the underwriters and their affiliates have provided, and may provide from time to time in the future, a variety of these services to the Company and to persons and entities with relationships with the Company, for which they received and may receive customary fees and expenses. In the ordinary course of their various business activities, the underwriters and their respective affiliates, officers, directors and employees may purchase, sell or hold a broad array of investments and actively traded securities, derivatives, loans, commodities, currencies, credit default swaps and other financial instruments for their own account and for the accounts of their customers, and such investment and trading activities may involve or relate to assets, securities and/or instruments of the Company (directly, as collateral securing other obligations or otherwise) and/or persons and entities with relationships with the Company. The underwriters and their respective affiliates may also communicate independent investment recommendations, market color or trading ideas and/or publish or express independent research views in respect of such assets, securities or instruments and may at any time hold, or recommend to clients that they should acquire, long and/or short positions in such assets, securities and instruments.

S-69

Selling restrictions

Other than in the United States, no action has been taken by us or the underwriters that would permit a public offering of the securities offered by this prospectus supplement in any jurisdiction where action for that purpose is required. The securities offered by this prospectus supplement may not be offered or sold, directly or indirectly, nor may this prospectus supplement or any other offering material or advertisements in connection with the offer and sale of any such securities be distributed or published in any jurisdiction, except under circumstances that will result in compliance with the applicable rules and regulations of that jurisdiction. Persons into whose possession this prospectus supplement comes are advised to inform themselves about and to observe any restrictions relating to the offering and the distribution of this prospectus supplement. This prospectus supplement does not constitute an offer to sell or a solicitation of an offer to buy any securities offered by this prospectus supplement in any jurisdiction in which such an offer or a solicitation is unlawful.

Notice to prospective investors in the European Economic Area

In relation to each Member State of the European Economic Area (each, a “Relevant State”), no shares have been offered or will be offered pursuant to the offering to the public in that Relevant State prior to the publication of a prospectus supplement in relation to the shares which has been approved by the competent authority in that Relevant State or, where appropriate, approved in another Relevant State and notified to the competent authority in that Relevant State, all in accordance with the Prospectus Regulation), except that offers of shares may be made to the public in that Relevant State other than at any time under the following exemptions under the Prospectus Regulation:

A.  to any legal entity which is a qualified investor as defined under the Prospectus Regulation;

B.  to fewer than 150, natural or legal persons (other than qualified investors as defined under the Prospectus Regulation), subject to obtaining the prior consent of the underwriters; or

C.  in any other circumstances falling within Article 1(4) of the Prospectus Regulation, provided that no such offer of shares shall require us or any underwriter to publish a prospectus pursuant to Article 3 of the Prospectus Regulation or supplement a prospectus pursuant to Article 23 of the Prospectus Regulation and each person who initially acquires any shares or to whom any offer is made will be deemed to have represented, acknowledged and agreed to and with each of the underwriters and us that it is a “qualified investor” implementing Article 2(e) of the Prospectus Regulation.

In the case of any shares being offered to a financial intermediary as that term is used in the Prospectus Regulation, each such financial intermediary will be deemed to have represented, acknowledged and agreed that the shares acquired by it in the offer have not been acquired on a non-discretionary basis on behalf of, nor have they been acquired with a view to their offer or resale to, persons in circumstances which may give rise to an offer of any shares to the public other than their offer or resale in a Relevant State to qualified investors as so defined or in circumstances in which the prior consent of the underwriters have been obtained to each such proposed offer or resale.

For the purposes of this provision, the expression an “offer to the public” in relation to any shares in any Relevant State means the communication in any form and by any means of sufficient information on the terms of the offer and any shares to be offered so as to enable an investor to decide to purchase or subscribe for any shares, and the expression “Prospectus Regulation” means Regulation (EU) 2017/1129.

S-70

Notice to prospective investors in the United Kingdom

No shares have been offered or will be offered pursuant to the offering to the public in the United Kingdom prior to the publication of a prospectus in relation to the shares which has been approved by the Financial Conduct Authority, except that it may make an offer to the public in the United Kingdom of any shares at any time:

A.  to any legal entity which is a qualified investor as defined under Article 2 of the UK Prospectus Regulation;

B.   to fewer than 150 natural or legal persons (other than qualified investors as defined under Article 2 of the UK Prospectus Regulation), subject to obtaining the prior consent of the representatives for any such offer; or

C.   in any other circumstances falling within Section 86 of the FSMA

provided that no such offer of the shares shall require us or any of our representatives to publish a prospectus pursuant to Section 85 of the FSMA or supplement a prospectus pursuant to Article 23 of the UK Prospectus Regulation.

For the purposes of this provision, the expression an “offer to the public” in relation to the shares in the United Kingdom means the communication in any form and by any means of sufficient information on the terms of the offer and any shares to be offered so as to enable an investor to decide to purchase or subscribe for any shares and the expression “UK Prospectus Regulation” means Regulation (EU) 2017/1129 as it forms part of domestic law by virtue of the European Union (Withdrawal) Act 2018 and the expression “FSMA” means the Financial Services and Markets Act 2000.

Notice to prospective investors in Canada

The shares may be sold only to purchasers purchasing, or deemed to be purchasing, as principal that are accredited investors, as defined in National Instrument 45-106 Prospectus Exemptions or subsection 73.3(1) of the Securities Act (Ontario), and are permitted clients, as defined in National Instrument 31-103 Registration Requirements, Exemptions and Ongoing Registrant Obligations. Any resale of the shares must be made in accordance with an exemption from, or in a transaction not subject to, the prospectus requirements of applicable securities laws.

Securities legislation in certain provinces or territories of Canada may provide a purchaser with remedies for rescission or damages if this prospectus supplement (including any amendment thereto) contains a misrepresentation, provided that the remedies for rescission or damages are exercised by the purchaser within the time limit prescribed by the securities legislation of the purchaser’s province or territory. The purchaser should refer to any applicable provisions of the securities legislation of the purchaser’s province or territory for particulars of these rights or consult with a legal advisor.

Pursuant to section 3A.3 of National Instrument 33-105 Underwriting Conflicts, or NI 33-105, the underwriters are not required to comply with the disclosure requirements of NI 33-105 regarding underwriter conflicts of interest in connection with this offering.

Notice to prospective investors in Switzerland

The shares may not be publicly offered in Switzerland and will not be listed on the SIX Swiss Exchange, or the SIX, or on any other stock exchange or regulated trading facility in Switzerland. This document does not constitute a prospectus within the meaning of, and has been prepared without regard to the disclosure standards for issuance prospectuses under art. 652a or art. 1156 of the Swiss Code of Obligations or the disclosure standards for listing prospectuses under art. 27 ff. of the SIX Listing Rules or the listing rules of any

S-71

other stock exchange or regulated trading facility in Switzerland. Neither this document nor any other offering or marketing material relating to the shares or the offering may be publicly distributed or otherwise made publicly available in Switzerland.

Neither this document nor any other offering or marketing material relating to the offering, us, or the shares have been or will be filed with or approved by any Swiss regulatory authority. In particular, this document will not be filed with, and the offer of shares will not be supervised by, the Swiss Financial Market Supervisory Authority, or FINMA, and the offer of shares has not been and will not be authorized under the Swiss Federal Act on Collective Investment Schemes, or CISA. The investor protection afforded to acquirers of interests in collective investment schemes under the CISA does not extend to acquirers of shares.

Notice to prospective investors in the Dubai International Financial Centre

This document relates to an Exempt Offer in accordance with the Markets Rules 2012 of the Dubai Financial Services Authority, or DFSA. This document is intended for distribution only to persons of a type specified in the Offered Securities Rules of the DFSA. It must not be delivered to, or relied on by, any other person. The DFSA has no responsibility for reviewing or verifying any documents in connection with Exempt Offers. The DFSA has not approved this prospectus supplement nor taken steps to verify the information set forth herein and has no responsibility for this document. The securities to which this document relates may be illiquid and/or subject to restrictions on their resale. Prospective purchasers of the securities offered should conduct their own due diligence on the securities. If you do not understand the contents of this document you should consult an authorized financial advisor.

In relation to its use in the Dubai International Financial Centre, this document is strictly private and confidential and is being distributed to a limited number of investors and must not be provided to any person other than the original recipient, and may not be reproduced or used for any other purpose. The interests in the securities may not be offered or sold directly or indirectly to the public in the Dubai International Financial Centre.

Notice to prospective investors in the United Arab Emirates

The shares have not been, and are not being, publicly offered, sold, promoted or advertised in the United Arab Emirates (including the Dubai International Financial Centre) other than in compliance with the laws of the United Arab Emirates (and the Dubai International Financial Centre) governing the issue, offering and sale of securities. Further, this prospectus supplement does not constitute a public offer of securities in the United Arab Emirates (including the Dubai International Financial Centre) and is not intended to be a public offer. This prospectus supplement has not been approved by or filed with the Central Bank of the United Arab Emirates, the Securities and Commodities Authority or the Dubai Financial Services Authority.

Notice to prospective investors in Australia

This document:

• does not constitute a disclosure document or a prospectus under Chapter 6D.2 of the Corporations Act 2001 (Cth), or the Corporations Act;

• has not been, and will not be, lodged with the Australian Securities and Investments Commission, or ASIC, as a disclosure document for the purposes of the Corporations Act and does not purport to include the information required of a disclosure document for the purposes of the Corporations Act; and

• may only be provided in Australia to select investors who are able to demonstrate that they fall within one or more of the categories of investors, or Exempt Investors, available under section 708 of the Corporations Act.

S-72

The shares may not be directly or indirectly offered for subscription or purchased or sold, and no invitations to subscribe for or buy the shares may be issued, and no draft or definitive offering memorandum, advertisement or other offering material relating to any shares may be distributed in Australia, except where disclosure to investors is not required under Chapter 6D of the Corporations Act or is otherwise in compliance with all applicable Australian laws and regulations. By submitting an application for the shares, you represent and warrant to us that you are an Exempt Investor.

As any offer of shares under this document will be made without disclosure in Australia under Chapter 6D.2 of the Corporations Act, the offer of those securities for resale in Australia within 12 months may, under section 707 of the Corporations Act, require disclosure to investors under Chapter 6D.2 if none of the exemptions in section 708 applies to that resale. By applying for the shares you undertake to us that you will not, for a period of 12 months from the date of issue of the shares, offer, transfer, assign or otherwise alienate those shares to investors in Australia except in circumstances where disclosure to investors is not required under Chapter 6D.2 of the Corporations Act or where a compliant disclosure document is prepared and lodged with ASIC.

Notice to prospective investors in Japan

The shares have not been and will not be registered pursuant to Article 4, Paragraph 1 of the Financial Instruments and Exchange Act. Accordingly, none of the shares nor any interest therein may be offered or sold, directly or indirectly, in Japan or to, or for the benefit of, any “resident” of Japan (which term as used herein means any person resident in Japan, including any corporation or other entity organized under the laws of Japan), or to others for re-offering or resale, directly or indirectly, in Japan or to or for the benefit of a resident of Japan, except pursuant to an exemption from the registration requirements of, and otherwise in compliance with, the Financial Instruments and Exchange Act and any other applicable laws, regulations and ministerial guidelines of Japan in effect at the relevant time.

Notice to prospective investors in Hong Kong

The shares have not been offered or sold, and will not be offered or sold, in Hong Kong, by means of any document, other than (a) to “professional investors” as defined in the Securities and Futures Ordinance (Cap. 571 of the laws of Hong Kong), or the SFO, and any rules made thereunder; or (b) in other circumstances which do not result in the document being a “prospectus” as defined in the Companies (Winding Up and Miscellaneous Provisions) Ordinance (Cap. 32) of Hong Kong, or the CO, or which do not constitute an offer to the public within the meaning of the CO. No advertisement, invitation or document relating to the shares has been or may be issued or has been or may be in the possession of any person for the purposes of issue, whether in Hong Kong or elsewhere, which is directed at, or the contents of which are likely to be accessed or read by, the public of Hong Kong (except if permitted to do so under the securities laws of Hong Kong) other than with respect to shares which are or are intended to be disposed of only to persons outside Hong Kong or only to “professional investors” as defined in the SFO and any rules made thereunder.

Notice to prospective investors in Singapore

Each representative has acknowledged that this prospectus supplement has not been registered as a prospectus with the Monetary Authority of Singapore. Accordingly, each representative has represented and agreed that it has not offered or sold any shares or caused the shares to be made the subject of an invitation for subscription or purchase and will not offer or sell any shares or cause the shares to be made the subject of an invitation for subscription or purchase, and has not circulated or distributed, nor will it circulate or

S-73

distribute, this prospectus supplement or any other document or material in connection with the offer or sale, or invitation for subscription or purchase, of the shares , whether directly or indirectly, to any person in Singapore other than:

(i)    to an institutional investor (as defined in Section 4A of the Securities and Futures Act (Chapter 289) of Singapore, as modified or amended from time to time, or the SFA)) pursuant to Section 274 of the SFA;

(ii)   to a relevant person (as defined in Section 275(2) of the SFA) pursuant to Section 275(1) of the SFA, or any person pursuant to Section 275(1A) of the SFA, and in accordance with the conditions specified in Section 275 of the SFA; or

(iii) otherwise pursuant to, and in accordance with the conditions of, any other applicable provision of the SFA.

Where the shares are subscribed or purchased under Section 275 of the SFA by a relevant person which is:

(i)    a corporation (which is not an accredited investor (as defined in Section 4A of the SFA)) the sole business of which is to hold investments and the entire share capital of which is owned by one or more individuals, each of whom is an accredited investor; or

(ii)   a trust (where the trustee is not an accredited investor) whose sole purpose is to hold investments and each beneficiary of the trust is an individual who is an accredited investor, securities or securities-based derivatives contracts (each term as defined in Section 2(1) of the SFA) of that corporation or the beneficiaries’ rights and interest (howsoever described) in that trust shall not be transferred within six months after that corporation or that trust has acquired the shares pursuant to an offer made under Section 275 of the SFA except:

(a)   to an institutional investor or to a relevant person, or to any person arising from an offer referred to in Section 275(1A) or Section 276(4)(i)(B) of the SFA;

(b)   where no consideration is or will be given for the transfer;

(c)   where the transfer is by operation of law;

(d)   as specified in Section 276(7) of the SFA; or

(e)   as specified in Regulation 37A of the Securities and Futures (Offers of Investments) (Securities and Securities based Derivatives Contracts) Regulations 2018.

Singapore SFA Product Classification — In connection with Section 309B of the SFA and the CMP Regulations 2018, unless otherwise specified before an offer of the shares, we have determined, and hereby notify all relevant persons (as defined in Section 309A(1) of the SFA), that the shares are “prescribed capital markets products” (as defined in the CMP Regulations 2018) and Excluded Investment Products (as defined in MAS Notice SFA 04-N12: Notice on the Sale of Investment Products and MAS Notice FAA-N16: Notice on Recommendations on Investment Products).

Notice to prospective investors in Bermuda

Shares may be offered or sold in Bermuda only in compliance with the provisions of the Investment Business Act of 2003 of Bermuda which regulates the sale of securities in Bermuda. Additionally, non-Bermudian persons (including companies) may not carry on or engage in any trade or business in Bermuda unless such persons are permitted to do so under applicable Bermuda legislation.

Notice to prospective investors in Saudi Arabia

This document may not be distributed in the Kingdom of Saudi Arabia except to such persons as are permitted under the Offers of Securities Regulations as issued by the board of the Saudi Arabian Capital Market Authority, or the CMA, pursuant to resolution number 2-11-2004 dated October 4, 2004 as amended by resolution number 1-28-2008, as amended, or the CMA Regulations. The CMA does not make any

S-74

representation as to the accuracy or completeness of this document and expressly disclaims any liability whatsoever for any loss arising from, or incurred in reliance upon, any part of this document. Prospective purchasers of the securities offered hereby should conduct their own due diligence on the accuracy of the information relating to the securities. If you do not understand the contents of this document, you should consult an authorized financial adviser.

Notice to prospective investors in the British Virgin Islands

The shares are not being, and may not be offered, to the public or to any person in the British Virgin Islands for purchase or subscription by or on behalf of the Company. The shares may be offered to companies incorporated under the BVI Business Companies Act, 2004 (British Virgin Islands), or the BVI Companies, but only where the offer will be made to, and received by, the relevant BVI Company entirely outside of the British Virgin Islands. This prospectus supplement has not been, and will not be, registered with the Financial Services Commission of the British Virgin Islands. No registered prospectus has been or will be prepared in respect of the shares for the purposes of the Securities and Investment Business Act, 2010 or the Public Issuers Code of the British Virgin Islands.

Notice to prospective investors in China

This prospectus supplement will not be circulated or distributed in the PRC and the shares will not be offered or sold, and will not be offered or sold to any person for re-offering or resale directly or indirectly to any residents of the PRC except pursuant to any applicable laws and regulations of the PRC. Neither this prospectus supplement nor any advertisement or other offering material may be distributed or published in the PRC, except under circumstances that will result in compliance with applicable laws and regulations.

Notice to prospective investors in Korea

The shares have not been and will not be registered under the Financial Investments Services and Capital Markets Act of Korea and the decrees and regulations thereunder, or the FSCMA, and the shares have been and will be offered in Korea as a private placement under the FSCMA. None of the shares may be offered, sold or delivered directly or indirectly, or offered or sold to any person for re-offering or resale, directly or indirectly, in Korea or to any resident of Korea except pursuant to the applicable laws and regulations of Korea, including the FSCMA and the Foreign Exchange Transaction Law of Korea and the decrees and regulations thereunder, or the FETL. The shares have not been listed on any of the securities exchanges in the world including, without limitation, the Korea Exchange in Korea. Furthermore, the purchaser of the shares shall comply with all applicable regulatory requirements (including but not limited to requirements under the FETL) in connection with the purchase of the shares. By the purchase of the shares, the relevant holder thereof will be deemed to represent and warrant that if it is in Korea or is a resident of Korea, it purchased the shares pursuant to the applicable laws and regulations of Korea.

Notice to prospective investors in Malaysia

No prospectus or other offering material or document in connection with the offer and sale of the shares has been or will be registered with the Securities Commission of Malaysia, or the Commission, for the Commission’s approval pursuant to the Capital Markets and Services Act 2007. Accordingly, this prospectus supplement and any other document or material in connection with the offer or sale, or invitation for subscription or purchase, of the shares may not be circulated or distributed, nor may the shares be offered or sold, or be made the subject of an invitation for subscription or purchase, whether directly or indirectly, to persons in Malaysia other than (i) a closed end fund approved by the Commission, (ii) a holder of a Capital Markets Services Licence, (iii) a person who acquires the shares, as principal, if the offer is on terms that the shares may only be acquired at a consideration of not less than RM250,000 (or its equivalent in foreign currencies) for each transaction, (iv) an individual whose total net personal assets or total net joint assets

S-75

with his or her spouse exceeds RM3 million (or its equivalent in foreign currencies), excluding the value of the primary residence of the individual, (v) an individual who has a gross annual income exceeding RM300,000 (or its equivalent in foreign currencies) per annum in the preceding twelve months, (vi) an individual who, jointly with his or her spouse, has a gross annual income of RM400,000 (or its equivalent in foreign currencies), per annum in the preceding twelve months, (vii) a corporation with total net assets exceeding RM10 million (or its equivalent in a foreign currencies) based on the last audited accounts, (viii) a partnership with total net assets exceeding RM10 million (or its equivalent in foreign currencies), (ix) a bank licensee or insurance licensee as defined in the Labuan Financial Services and Securities Act 2010, (x) an Islamic bank licensee or takaful licensee as defined in the Labuan Financial Services and Securities Act 2010, and (xi) any other person as may be specified by the Commission; provided that, in the each of the preceding categories (i) to (xi), the distribution of the shares is made by a holder of a Capital Markets Services Licence who carries on the business of dealing in securities. The distribution in Malaysia of this prospectus supplement is subject to Malaysian laws. This prospectus supplement does not constitute and may not be used for the purpose of public offering or an issue, offer for subscription or purchase, invitation to subscribe for or purchase any securities requiring the registration of a prospectus with the Commission under the Capital Markets and Services Act 2007.

Notice to prospective investors in Taiwan

The shares have not been and will not be registered with the Financial Supervisory Commission of Taiwan pursuant to relevant securities laws and regulations and may not be sold, issued or offered within Taiwan through a public offering or in circumstances which constitutes an offer within the meaning of the Securities and Exchange Act of Taiwan that requires a registration or approval of the Financial Supervisory Commission of Taiwan. No person or entity in Taiwan has been authorized to offer, sell, give advice regarding or otherwise intermediate the offering and sale of the shares in Taiwan.

Notice to prospective investors in South Africa

Due to restrictions under the securities laws of South Africa, no “offer to the public” (as such term is defined in the South African Companies Act, No. 71 of 2008 (as amended or re-enacted), or the South African Companies Act)) is being made in connection with the issue of the shares in South Africa. Accordingly, this document does not, nor is it intended to, constitute a “registered prospectus” (as that term is defined in the South African Companies Act) prepared and registered under the South African Companies Act and has not been approved by, and/or filed with, the South African Companies and Intellectual Property Commission or any other regulatory authority in South Africa. The shares are not offered, and the offer shall not be transferred, sold, renounced or delivered, in South Africa or to a person with an address in South Africa, unless one or other of the following exemptions stipulated in Section 96(1) applies:

Section 96(1)(a): the offer, transfer, sale, renunciation or delivery is to:

(i)    persons whose ordinary business, or part of whose ordinary business, is to deal in securities, as principal or agent,

(ii)   the South African Public Investment Corporation,

(iii)  persons or entities regulated by the Reserve Bank of South Africa,

(iv)  authorised financial service providers under South African law,

(v)   financial institutions recognised as such under South African law,

(vi)  a wholly-owned subsidiary of any person or entity contemplated in (iii), (iv) or (v), acting as agent in the capacity of an authorized portfolio manager for a pension fund, or as manager for a collective investment scheme (in each case duly registered as such under South African law), or

(vii) any combination of the persons in (i) to (vi), or

S-76

Section 96(1)(b): the total contemplated acquisition cost of the securities, for a single addressee acting as principal is equal to or greater than ZAR1,000,000 or such higher amount as may be promulgated by notice in the Government Gazette of South Africa pursuant to section 96(2)(a) of the South African Companies Act.

Information made available in this prospectus supplement should not be considered as “advice” as defined in the South African Financial Advisory and Intermediary Services Act, 2002.

Notice to prospective investors in Israel

In the State of Israel this prospectus supplement shall not be regarded as an offer to the public to purchase shares of common stock under the Israeli Securities Law, 5728 –1968, which requires a prospectus to be published and authorized by the Israel Securities Authority, if it complies with certain provisions of Section 15 of the Israeli Securities Law, 5728 –1968, including, inter alia, if: (i) the offer is made, distributed or directed to not more than 35 investors, subject to certain conditions ,or the Addressed Investors; or (ii) the offer is made, distributed or directed to certain qualified investors defined in the First Addendum of the Israeli Securities Law, 5728 –1968, subject to certain conditions, or the Qualified Investors. The Qualified Investors shall not be taken into account in the count of the Addressed Investors and may be offered to purchase securities in addition to the 35 Addressed Investors. The Company has not and will not take any action that would require it to publish a prospectus in accordance with and subject to the Israeli Securities Law, 5728 –1968. We have not and will not distribute this prospectus supplement or make, distribute or direct an offer to subscribe for our common stock to any person within the State of Israel, other than to Qualified Investors and up to 35 Addressed Investors.

Qualified Investors may have to submit written evidence that they meet the definitions set out in of the First Addendum to the Israeli Securities Law, 5728 –1968. In particular, we may request, as a condition to be offered common stock, that Qualified Investors will each represent, warrant and certify to us and/or to anyone acting on our behalf: (i) that it is an investor falling within one of the categories listed in the First Addendum to the Israeli Securities Law, 5728 –1968; (ii) which of the categories listed in the First Addendum to the Israeli Securities Law, 5728 –1968 regarding Qualified Investors is applicable to it; (iii) that it will abide by all provisions set forth in the Israeli Securities Law, 5728 –1968 and the regulations promulgated thereunder in connection with the offer to be issued common stock; (iv) that the shares of common stock that it will be issued are, subject to exemptions available under the Israeli Securities Law, 5728 –1968: (a) for its own account; (b) for investment purposes only; and (c) not issued with a view to resale within the State of Israel, other than in accordance with the provisions of the Israeli Securities Law, 5728 –1968; and (v) that it is willing to provide further evidence of its Qualified Investor status. Addressed Investors may have to submit written evidence in respect of their identity and may have to sign and submit a declaration containing, inter alia, the Addressed Investor’s name, address and passport number or Israeli identification number.

S-77

Legal matters

The validity of the shares of common stock offered hereby will be passed upon for us by White & Case LLP. Certain legal matters in connection with this offering will be passed upon for the underwriters by Goodwin Procter LLP.

Experts

The consolidated financial statements of Varonis Systems, Inc. appearing in Varonis Systems, Inc.'s Annual Report (Form 10-K) for the year ended December31, 2020 and the effectiveness of Varonis Systems, Inc.'s internal control over financial reporting as of December 31, 2020, have been audited by Kost Forer Gabbay & Kasierer, a member of Ernst & Young Global, independent registered public accounting firm, as set forth in their reports thereon, incorporated by reference, and incorporated herein by reference. Such consolidated financial statements are incorporated herein by reference in reliance upon such reports given on the authority of such firm as experts in accounting and auditing.

S-78

Incorporation of certain information by reference

The SEC allows us to “incorporate by reference” into this prospectus supplement and the accompanying prospectus the information we file with them, which means that we can disclose important information to you by referring you to those documents. Any statement contained or incorporated by reference in this prospectus supplement and the accompanying prospectus shall be deemed to be modified or superseded for purposes of this prospectus supplement and the accompanying prospectus to the extent that a statement contained herein, or in any subsequently filed document which also is incorporated by reference herein, modifies or supersedes such earlier statement. Any statement so modified or superseded shall not be deemed, except as so modified or superseded, to constitute a part of this prospectus supplement and the accompanying prospectus. We incorporate by reference the documents listed below (excluding any portions of such documents that have been “furnished” but not “filed” for purposes of the Exchange Act):

• our Annual Report on Form 10-K for the fiscal year ended December31, 2020, filed on February9, 2021;

• the portions of our Definitive Proxy Statement on Schedule 14A, filed on April15, 2020, that are incorporated by reference into our Annual Report of Form 10-K for the fiscal year ended December31, 2019;

• our Current Report on Form 8-K (only with respect to Item 8.01 therein), filed on February8, 2021; and

• the description of our common stock set forth in our registration statement on Form 8-A, filed on February25, 2014 pursuant to Section 12 of the Exchange Act, and any amendment or report filed for the purpose of updating this information (including Exhibit 4.1 to our Annual Report on Form 10-K for the fiscal year ended December31, 2020).

All documents we file pursuant to Section 13(a), 13(c), 14 or 15(d) of the Exchange Act on or after the date of this prospectus supplement and prior to the termination of the offering under this prospectus supplement are incorporated by reference in this prospectus supplement and the accompanying prospectus from the date of filing of the documents, except for information furnished under Item 2.02 and Item 7.01 of Form 8-K and related exhibits under Item 9.01 of Form 8-K, which is not deemed filed and not incorporated by reference. Information that we file with the SEC will automatically update and may replace information in this prospectus and information previously filed with the SEC.

You may obtain any of these incorporated documents from us without charge, excluding any exhibits to these documents unless the exhibit is specifically incorporated by reference in such document, by requesting them from us in writing or by telephone at the following address:

Varonis Systems, Inc.

1250 Broadway, 29th Floor

New York, NY 10001

Attention: Legal Department

(877) 292-8767

Documents may also be available on our website at http://ir.varonis.com. Information contained on our website does not constitute part of this prospectus supplement and the accompanying prospectus.

S-79

$400,000,000

Varonis Systems, Inc.

Common stock

Prospectus supplement

Joint book-running managers

J.P. Morgan Barclays Jefferies RBC

        , 2021