Medici List crest
Disclaimer: This is a simplified summary of a public company filing. See full disclaimer here.

VARONIS SYSTEMS INC

CIK: 13611131 Annual ReportLatest: 2026-02-04

10-K / February 4, 2026

Varonis Systems, Inc.

Overview

  • Industry: Data security and governance software.
  • Mission: Protect enterprise data across cloud, SaaS, and on-premises environments; reduce data exposure and blast radius; automate data security, threat detection, and privacy/compliance workflows.
  • Delivery model: Primarily cloud-based (SaaS) with a unified Data Security Platform. Self-hosted products are scheduled for end-of-life on December 31, 2026.
  • Recent strategic moves: Acquisitions of Cyral (database activity monitoring) and SlashNext (AI-based email security); introduced Athena AI, a generative AI layer for security operations.

Platform and technology

  • Core platform: Varonis Data Security Platform (SaaS) automates data discovery, classification, access governance, threat detection, and response across multi-cloud and on-premises data stores.
  • Metadata-driven approach: Continuously collects and analyzes metadata to map data ownership, access, usage, and relationships at enterprise scale.
  • Automation: Reduces data exposure through least-privilege remediation, detects abnormal behavior, and contains threats automatically.
  • Advanced capabilities:
    • Data security posture management (DSPM)
    • Data access intelligence (permissions, activity, blast radius)
    • Continuous data discovery and classification for sensitive data
    • Discovery policy library covering GDPR, CCPA, US CUI
    • Least-privilege automation to remediate excessive access
    • Data activity monitoring, including AI-related events
    • Data detection and response with high-fidelity alerts and automated responses
    • User & Entity Behavior Analytics (UEBA) with evolving threat models
  • Specialized offerings: Database Activity Monitoring (DAM) and Interceptor for phishing prevention and link interception.
  • Coverage: Microsoft 365, Windows/NAS, Hybrid environments, and cloud platforms including Salesforce, AWS, Azure, Google Cloud, Google Workspace, Box, Jira, and others.
  • MDDR: Managed Detection and Response with 24x7 monitoring and response, available exclusively on the SaaS platform.
  • AI: Athena AI assists investigations, response, and reporting.

Products and packaging

  • Licensing: SaaS platform license unifying core capabilities; five prior licenses consolidated into a single Varonis Data Security Platform SaaS license.
  • Protection packages:
    • Microsoft 365 (SharePoint Online, OneDrive, Teams, Entra ID; optional add-ons for Exchange Online, Copilot, ChatGPT Enterprise)
    • Windows & NAS (CIFS, NAS storage; add-ons for on-prem AD, UNIX/Linux, Edge devices)
    • Hybrid (Microsoft 365 + Windows & NAS)
    • Cloud Environments (SaaS/IaaS across multiple cloud apps and databases)
  • Focus: Data-centric governance and monitoring to reduce blast radius by limiting access and automating responses; designed to scale with AI-driven workflows.

Customer base and coverage

  • Global footprint: Customers in more than 95 countries.
  • Customer profile: From small and mid-sized businesses to large multinational enterprises; a substantial portion of customers are larger enterprises that use automation at scale.
  • Channel model: Global network of channel partners (distributors/resellers) accounted for the majority of revenue in 2024 and 2025; agreements are generally non-exclusive.
  • Renewal dynamics: 2025 renewal rate above 90%.
  • Geographic mix: Approximately 71% of 2025 revenue derived from the United States (73% in 2024).

Employees and headcount

  • Total employees and independent contractors: 2,658 as of December 31, 2025.
    • United States: 1,139
    • Israel: 916
    • Other countries: 603

Financial snapshot

  • Net income (loss):
    • 2025: Net loss of $129.3 million
    • 2024: Net loss of $95.8 million
    • 2023: Net loss of $100.9 million
  • Transition: Moving from self-hosted to SaaS delivery; end-of-life for self-hosted products effective December 31, 2026.
  • Debt and liquidity:
    • 2029 Notes outstanding: $460.0 million as of December 31, 2025
    • Convertible note-related arrangements may result in stock dilution and include hedging/capped-call considerations.
  • Foreign currency: Revenues and expenses in multiple currencies; forward contracts used to mitigate some FX risk.

Intellectual property and regulatory

  • Patents: 116 issued US patents, 63 US pending; 95 issued non-US patents, 79 non-US patent applications; 31 PCT applications.
  • Trademarks: Company and product names (DatAdvantage, DataPrivilege, DatAlert, etc.) registered in the US and other jurisdictions.
  • Open source and third-party software: Uses open source components; license terms and compliance are monitored.

Strategic and regulatory context

  • Public sector: Some revenue from government contracts; procurement cycles can be lengthy and competitive, with compliance requirements and potential audits.
  • International operations: Presence in Israel, UK, France, Brazil, and Ukraine; operations are subject to regulatory, political, and security risks, including regional geopolitical tensions.
  • Tax: Complex tax profile with NOL carryforwards, impacts from U.S. tax reforms and international tax changes, and historical Israeli tax benefits that ended in 2020.

Growth strategy and risks

  • Growth priorities: Extend the platform through organic development and selective acquisitions; expand international sales and partnerships; scale SaaS, automation, and managed services; target larger enterprise accounts.
  • Competitive landscape: Competes with standalone and integrated providers across data security, discovery, classification, privacy, identity security, and threat detection.
  • Key risks: Economic volatility affecting IT spend; integration risks from acquisitions; dependence on channel partners; currency and tax exposure; potential stock volatility and related litigation; changing privacy and AI regulations.

Key takeaways

  • Offering: A unified, cloud-delivered data security platform that discovers, classifies, governs, and protects enterprise data across cloud, SaaS, and on-premises environments, with automation for remediation and threat response.
  • Delivery shift: Transitioning to a SaaS-first model with self-hosted products reaching end-of-life at the end of 2026; SaaS enables continuous updates, automation, and managed services.
  • Scale and reach: Global presence across 95+ countries, with strong US revenue exposure and renewal rates above 90%.
  • Resources and IP: 2,658 employees/contractors (end-2025), major engineering presence in Israel, an active patent portfolio, and strategic acquisitions to expand capabilities.
  • Financial posture: Net losses from 2023–2025 and outstanding 2029 notes totaling $460 million; convertible instruments that could affect equity structure.