SentinelOne, An impressive company

I really like this company. I feel Sentinel is the young blood in its security space while Crowdstrike is the big gorilla. They are both nimble, both adding new functions all the time. Crowd’s emphasis seems to be more on well trained teams of people solving the problems, while Sentinel’s seems more on having AI instantly finding the breach and stopping it without needing human intervention, but I’m sure that they overlap a lot. I think that there is plenty of room for both of them.

Sentinel announced results on August 31st. They were excellent.

ARR was up 122%. Sure they are including Ativa, but still…up 122%!

Revenue was up 124%. Five or six years ago, I would have been elated with a company growing revenue 28%, and here I have a hundred and 28%!!!

Gross margin was up 4 points sequentially and up 10 points yoy to 72%.

Op margins were minus 57% of revenue, improved from minus 98% a year ago.

Total customers grew more 60% yoy to over 8600 customers.

Customers with ARR over $100K grew 117% yoy to 755. Up 117% means that they have more than twice as many as they had a year ago.

NRR hit a record of 137%, up from 129% a year ago.

Operating Cash Flow and FCF margins are still terribly negative, but improved from a year ago.

Cloud security is their new field and has grown to 20% of their business from practically nothing a year ago. Endpoint security had been their main business and they are adding one thing after another (like Cloud and Identity, etc), but Endpoint is still growing like mad too, as is everything else. This company is growing incredibly fast.

They increased annual guidance, bringing it over 100% again (with three more quarters to raise in), but it’s hard to evaluate as they will be including Attivo from now on. All in all you can say that they will be reporting annual revenue growth probably over 110%, which is enormous, but organic growth about 95% or 100%, as a piece of revenue will be from the acquisition.

Unveiled a new product in August, XDR Ingest, a disruptive step in democratizing XDR, it provides our customers with a limitless data platform to ingest, retain, correlate, search, and act on all enterprise security data – real time and historical, from any source. Cybersecurity is a data problem.

SIEM has been the technology for retaining security data and applying security analytics to uncover and respond to threats. But the data ingestion process is arduous and retention costs are high. It requires too many operators and too much manual interaction to be effective at scale. XDR Ingest solves the people, process, and technology challenges, and we’re excited for our customers to thrive in the XDR era”.

Sounds awesome to me! but remember that I’m not a techie and don’t understand the tech at all, but people who are techies that I talked to also felt that it was “awesome”. We’ll have to see.

New alliances and acquisitions including an integration with Okta just announced this quarter.

Great tailwinds of worries about breaches with the Ukraine war, as well as new exciting products, and the acquisition of Attivo.

In Sept they launched a venture fund for startups that already bring interesting new uses to the Singularity Marketplace.

In Sept they also announced the first annual SentinelOne LABScon Security Research Conference. Just look at this partial list of speakers!!!

 Mark Russinovich, Microsoft Azure CTO

 Dmitri Alperovitch, CrowdStrike’s Co-Founder and former CTO

 Morgan Adamski, Director of NSA’s Cyber Collaboration Center

 Chris Krebs, the first director of the Dept of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA)


And Sentinel was able to round up all these ultra-big names! To me it sounds like it’s SentinelOne announcing: We’re the big-time now!!! We’re no longer a little startup/catch up company. We’ve arrived!

And they described their mission:

Our Mission

Cybersecurity is constantly changing. Time favors the adversary. Today’s challenges are nothing like tomorrow’s. Threats are becoming more and more advanced leveraging the power of automation.

Some wait and react. At SentinelOne, we innovate. Our mission is to **defeat every attack, every second, of every day.**Our Singularity Platform instantly defends against cyberattacks – performing at a faster speed, greater scale, and higher accuracy than possible from any single human or even a crowd. [:grinning:]. So, if our tech seems like something from the future, good — that’s exactly what it is.

Not being currently profitable is definitely out of favor in the current market, which makes it hard for the small very rapidly growing companies like Sentinel, but this is a very impressive company and I’m sticking with it. It’s now a 14.3% position.


Thank you Saul. I also want to share an important finding from S’s Citi’s 2022 Global Technology Conference presentation on Sep 8, 2022.

I think many board members were trying to compare SentinelOne with CrowdStrike at similar stage and many felt S’s total customer number is smaller than CRWD at similar run rate, which was a disappointment. But in this important interview, S’s President of Security (used to be COO) - Nick Warner told us a little secret about their total customer number which I think nobody was aware before.

Here you go:

So is my inference correct that your customer count is perhaps, in some respects, understated, but yet the financial contribution from your MSSP and the expansion that you’re realizing from your MSSP channel is very appropriately reflected in your net expansion rates, which sounds like is giving you the confidence of sustaining that at the 130% plus ZIP code?

That’s accurate. We count each managed service partner as one customer. But underneath that one customer, there can be thousands of very small customers. Of which we wouldn’t want to nor would it make sense from an operational perspective to try to go after ourselves. You don’t want to hire a sales team to go after 50, 60, 30, 150 employee accounts.

In another words, if S counts every single small customer (with 50-150 employees, they are not actually very small :slight_smile:) as a “customer”, their total customer number would have been huge - 1 MSSP = a few thousands! Now think about CRWD - as CRWD is competing with MSSP in many deals, they won’t consider them as a “customer” and they would only consider the “end customers” (regardless of their size), not channels in their total customer number statistics.

In summary, there is NOTHING to worry about S’s total customer number metrics and now they are going upmarket - plenty of room to grow tremendously while improving margin significantly with better unit economics among big accounts!

Some additional colors in this call:
Obviously, endpoint still remains our core, but the expansion that we’ve been experiencing in cloud workload protection and in the cloud security market as a whole has been really phenomenal. The integration of Attivo that – we’re 90 days into it, looks really, really promising, folding in a complete identity security portfolio, making it one holistic part of our platform.

On the importance of Scalyr (Dataset):
But we took that technology, and we basically infused our entire security platform with that super robust data analytics back end that will gradually allow us to put and allow our customers to put more and more data into the platform. And then when they ask the platform a question, when they run a query, when they want to search for something, now they get results from their entire network, not just the endpoint footprint, not just the cloud footprint, not just the separate silo, but really every piece of data that we can collect.

On S’s cost effectiveness in XDR space:
I think the best part of this entire story is that the cost profile for the platform is heaven and earth to what you find with some of the incumbent solution in the security analytics space. We literally do everything they do with, call it, fifth to tenth of the cost that it currently caused the customer to aggregate data on an incumbent platform, a SIM platform. And that in itself, I think, is just a major cost saver for folks today, especially in this macro environment, when you show up at the door and you say, I just want to sell you another product that’s one type of story, and it’s a great efficacy, and it has amazing capabilities. But you know what, it can also save you on your data ingestion cost, it’s going to save you on your data retention cost. And I think that becomes a really, really compelling story for a lot of the folks that we talk to today.

On cross-sell to Attivo’s customer base:
Attivo’s customer set was also really nice. I mean, they did a lot of Fortune 500s, almost equal amount as we had. I mean, that was their entire business. So to us, it was another great kind of foot in the door into these accounts and now we’re selling into those accounts as well. So all in all, it fits in a lot of different elements that we just found it kind of became a no-brainer at some point.

Here I believe Nick was talking about in Q2, they landed their Cloud Workload Protection solution to CRWD’s customers who had CRWD’s endpoint deployed for years - to me this really demonstrated S’s technical superiority in the promising Cloud Security space:
So we also changed our DNA as a company from, I think, a company that was very much known for its agent-based technology and endpoint protection into something that today is regarded as best of breed in cloud workload protection. What we, I think, said in the last earnings call was also important. We landed 2 major cloud-native companies for cloud workload protection, even though they weren’t our endpoint customers. They were using our closest competitor, yet they chose to go with us in their journey in the cloud. And that comes again only if you can provide truly differentiated best-of-breed tech. Otherwise, one would assume it’s going to be the obvious choice and the organic choice to just continue with the vendor that you have. So to me, all these parts in what we do are incredibly exciting, and I can go on and on.

Business as usual in this macroenvironment:
I think the vast majority of the impact that we’ve seen and why we still believe security is relatively a safe harbor in this environment. But even that largely subsided, and I think it’s a lot of kind of business as usual at this point in time. But look, we’re taking it day by day and every day springs up something new, and we’re just – we remain very, very vigilant as to how customers are thinking about budgets, and we’re also being relatively conservative. We took the year up, we guided up, but we did it conservatively. I think that in any other environment, you would have seen us do things differently. But better safe than sorry. And hopefully, we can surprise everybody for the rest.

Long S (my largest position at the moment)