New Trial Position - SentinelOne

I decided to take a trial position in SentinelOne, and to get to know the company better, I made this video over the weekend:

https://www.youtube.com/watch?v=AtMjMqFWj_c

In the video, I talk about 4 things:
a) What SentinelOne does: Protecting endpoints and cloud workloads
b) Financials: Among the best in most categories except profitability, where it is rapidly improving.
c) Why I’m excited: superb and improving financials, short term upside due to the growth stock rotation, similarities to other SaaS companies that have worked out very nicely for the Exponential portfolio.
d) Risks: May have just had a temporary turn towards profitability which may not last, valuation risk, slowing enterprise customer growth.

Also, I had actually posted this onto the board this morning, but it got deleted. I spoke about it with Saul, and he was not sure why. We think it may have been an accident, so I am going to try re-posting it here. If you are a mod, and you are aware of some rule I am breaking here, can you please message me and let me know? Thanks!

65 Likes

The last post and this one reek of spamming.

Cheers
Qazulight

12 Likes

The last post and this one reek of spamming.

Qaz, I can’t figure out what you mean by spamming. Exponential Dave is a regular on the board, not a spammer. If you look back at his last 20 board posts you will see that six(!) of them had over 100 recs, and two had over 200 recs.

Saul

48 Likes

Saul,

I don’t have a problem with Exponential Dave or his analysis. However the original post and this one had little content and a link to further content. At first glance on the first post I did not even look at the poster and assumed it was a Reddit spammer. The second had a little more information and an implied, but not actual question, “Why was my post pulled” I answered the implied question.

Cheers
Qazulight

12 Likes

ExponentialDave,

What do you make of S’s non-Gaap operating margin guidance in context?

On the one hand:

Revenue:
Q1 2021: 37,400
Q2 2021: 45,800 22% seq
Q3 2021: 56,000 had guided 50,000 or 9% got 22%
Q4 2021G: 61,000, again 9% seq guide

Q1 2021: YoY 108% revenue; gross margin: 51%
Q2 2021: YoY 121% revenue; gross margin: 59%
Q3 2021: YoY 128% revenue; gross margin: 64%

On the other hand:

Q1 2021: nonGaap Op Mar -127%
Q2 2021: nonGaap Op Mar -98%
Q3 2021: nonGaap Op Mar -69%

Q4 2021G: -80%! Currently behind CRWD 2018 by 1 quarter, S would be walking backwards big time while CRWD closed the subsequent equivalent quarter by improving from -66% to -50%.

“We see tremendous opportunity for growth and the investments we’re making today will put us in a position to succeed for the long term.”

The quote per se is clear. But I wonder what others think in context. Not valuations, NET was up 3% today with S down 6%, similar valuations (actually better for S when growth adjusted). Rather, I think context in terms of what seems to my untrained eye as super aggressive pursuit of growth relative to other companies discussed here.

7 Likes

They currently are spending 88% of their revenue on Sales & Marketing. Based on an article recently on S.A. regarding Zscalar (the revenue juicer), some SaaS companies reportedly are offering rebates, and then throwing the costs of those rebates into S&M expenses.

Let’s say that for every $10M in sales they are doing, they are rebating $3M to the customers. They then report $10M of that as Revenue, $3M goes into S&M costs, and they are spending another $5M on advertising, sales salaries, commissions, etc.

I do not know if that is happening, but it does raise a question. Would love to hear if this is a potential issue here. They (and Monday.com) are spending inordinate amounts of money on S&M. Can they possibly have that many S&M folks on board when we know they are hard to find/train/retain?

For this stage of their growth, where revenue is expanding rapidly, but they are spending, spending spending on sales, will they be able to ultimately ratchet down the S&M costs and generate the cash that we always talk about happening with traditional SaaS companies? Because without those rebates, they’d be far less competitive in the marketplace I’d think.

5 Likes

Well for Monday - I can completely believe that their over saturation of Youtube advertising spending costs them that whether they are doing rebates or not. I doubt they do because they give free access at initial landing stage for up to a certain number of users.

ZS are not going to be doing that as they roll out to enterprises on a company wide basis I would think not a per user basis.

Ant

2 Likes

Thank you Dave! I wanted to add couple of notes:

  1. The gross margins are improving (and previously were impacted) due to the company migrating some of their clients to use the new Scalyr tool (similar to Crowdstrike’s Humio) so there was extra cost associated with storage and compute power = due to the workload being processed on 2 different platforms. They have temporary suspended the migration and that will probably resume in 2022. Their long term GM target (and analyst estimates) are 77% or so - which is in the CRWD’s range.

  2. The IPO lockup expiration was last week (December 9th) - expect volatility here, which we can see from the Up/Down stock price movement on High volume. This is probably scheduled selling - but I see their COO has sold some shares in the past couple of days.

Regarding their tech:

  1. Their agent is actually not light weight, it takes about 25GB of space - which is a weakness when it comes down to mass deployments. So their solution may not be easy to deploy at scale, especially if space is unavailable at the device that needs to be protected.

  2. The issue in general with automatic detection and response is that this approach generates a lot of false positives, which can impact the work of individuals (and workloads). So this may lead to frustration and potential churn. Crowdstike has pointed that as their weakness. A risk of churn that needs to be monitored.

24 Likes

1) Their agent is actually not light weight, it takes about 25GB of space - which is a weakness when it comes down to mass deployments. So their solution may not be easy to deploy at scale, especially if space is unavailable at the device that needs to be protected.
In fact, S1’s agent size is about 200MB, slightly bigger than CRWD as S1 runs static AI to establish baseline file and device behavior in which to identify anomalous activity, relating to when the file was received and how long the file was open. I don’t think there will be any issues for a 200M agent deployments.

See their technical brief below:

https://www.skssecurity.nl/wp-content/uploads/2015/03/Sentin…

2) The issue in general with automatic detection and response is that this approach generates a lot of false positives, which can impact the work of individuals (and workloads). So this may lead to frustration and potential churn. Crowdstike has pointed that as their weakness. A risk of churn that needs to be monitored.

According to the excellent article from Convequity below, S can deliver fully automated responses - the detection, quarantine, deletion, and system recovery - all within the EPP software itself, but also has the EDR-based TrueContext ID technology that can catch more sophisticated attacks and help SOC analysts triage with far fewer false positive alerts.

https://seekingalpha.com/article/4454383-why-sentinelone-is-…

Apart from this, SentinelOne had the no1 performance among all the vendors in the MITRE ATT&CK Evaluations, beat Crowd Strike by a large margin.

Zoro

12 Likes

They currently are spending 88% of their revenue on Sales & Marketing. Based on an article recently on S.A. regarding Zscalar (the revenue juicer), some SaaS companies reportedly are offering rebates, and then throwing the costs of those rebates into S&M expenses.

I’m not an accounting professional but accounting for rebates as far down the income statement as S&M would seem very strange and against GAAP, if true.

Rebates are not a new thing, and have an accepted means of being accounted for under GAAP. You start with gross sales, subtract the rebates, which is a contra revenue item, to get to net sales. Net sales is what is reported in financial statements as “revenue,” though when rebates are material many companies will detail out gross revenue, rebates, and net revenue. Rebates should be accounted for before cost of sales, let alone S&M cost.

Zscaler says as much in its 10-K:

Variable Consideration
Revenue from sales is recorded at the net sales price, which is the transaction price, and includes estimates of variable consideration. The amount of variable consideration that is included in the transaction price is constrained and is included in the net sales price only to the extent that it is probable that a significant reversal in the amount of the cumulative revenue will not occur when the uncertainty is resolved.

If our services do not meet certain service level commitments, our customers are entitled to receive service credits, and in certain cases, refunds, each representing a form of variable consideration. We have historically not experienced any significant incidents affecting the defined levels of reliability and performance as required by our subscription contracts. Accordingly, estimated refunds related to these agreements were not material to the periods presented.

We provide rebates and other credits within our contracts with certain customers, which are estimated based on the value expected to be earned or claimed on the related sales transaction. Overall, the transaction price is reduced to reflect our estimate of the amount of consideration to which we are entitled based on the terms of the contract. Estimated rebates and other credits were not material during the periods presented.

source:
https://www.sec.gov/ix?doc=/Archives/edgar/data/1713683/0001…

Here’s the same blurb from CrowdStrike’s 10-K:

Variable Consideration
Revenue from sales is recorded at the net sales price, which is the transaction price, and includes estimates of variable consideration. The amount of variable consideration that is included in the transaction price is constrained and is included in the net sales price only to the extent that it is probable that a significant reversal in the amount of the cumulative revenue will not occur when the uncertainty is resolved.

If subscriptions do not meet certain service level commitments, our customers are entitled to receive service credits, and in certain cases, refunds, each representing a form of variable consideration. We have historically not experienced any significant incidents affecting the defined levels of reliability and performance as required by our subscription contracts. Accordingly, any estimated refunds related to these agreements in the consolidated financial statements is not material during the periods presented.

We provide rebates and other credits within our contracts with certain resellers, which are estimated based on the most likely amounts expected to be earned or claimed on the related sales transaction. Overall, the transaction price is reduced to reflect our estimate of the amount of consideration to which we are entitled based on the terms of the contract. Estimated rebates and other credits were not material during the periods presented.

source:
https://www.sec.gov/ix?doc=/Archives/edgar/data/1535527/0001…

ZS and CRWD both have the same accountant (PWC), so it’s not surprising that the verbiage is almost identical.

Also, the cash flow statements of these companies would look much worse if the author’s assertion were true. Unless I see evidence to the contrary, I’m inclined not to believe this part of his writeup.

Mike

36 Likes

…accounting for rebates as far down the income statement as S&M would seem very strange and against GAAP, if true.

I’m a CPA, but most of my experience is with governments and non-profits. Your argument that rebates should go as a contra-revenue makes good, intuitive sense (like something similar to a refund or discount), but this may be one of those gray-area things where they rationalize that it is done to entice the customer and could therefore be classed as S&M. These companies are heavily audited, so one would hope that if this needs to be reclassified, it will be.

7 Likes

Hi Zoro,

The information about the agent size comes from George Kurtz, either in one of the earning calls or one of their presentations and investor conferences. I’m not talking about the runtime memory foot print of the agent, but about the space required for the agent to run, since threat management and data gets stored locally and syncs with their AI periodically.

Due to that or other similar architecture limitation, deployments at scale for specific environment are not straightforward or feasible, again per the same source.

Regarding, automatic detection and response- they lost clients again per George Kurtz/Crowdstrike provided information due to these blocks preventing legitimate processes from execution.

I’m bullish on SentinelOne, but I do see limitations in both platforms so this will be a multi player market moving forward, where 1 solution will be better fit than the other, depending on the exact clients environment.

2 Likes

1) Their agent is actually not light weight, it takes about 25GB of space - which is a weakness when it comes down to mass deployments. So their solution may not be easy to deploy at scale, especially if space is unavailable at the device that needs to be protected.
In fact, S1’s agent size is about 200MB

Without having do dig into any documentation or technical analysis for S, needing 25gb of space to run is ridiculous on its face. It would disqualify S from being an endpoint company except on the most expensive of laptops, PCs, and servers. This MacBook I’m typing on would use 10% of its capacity just for the S client. How then could S be marketing its product to work on IOS, Android and Chrome with its new mobile client: https://finance.yahoo.com/news/sentinelone-brings-xdr-ios-an…. None of those devices could possibly run a client anywhere near as large as the 25GB number.

Reality is that both Crowd and SentinelOne have great products. Both products have been very successful. S’s product would not have taken off like this if it was that resource intensive on the device. I am sure there are issues with S, just as there are issues with CRWD, but in the end both of them get something like 97% customer satisfaction and S has more than 6,000 customers, having added more than 2500 new customers year over year with a dollar based net retention rate of more than 130%. If there was something as materially wrong with S’s product these results would not have been possible in a market as competitive as is the security market.

So I will follow the numbers. The numbers indicate whatever the technicality of the agent size, it is not material to wide spread and rapid mass adoption, including small businesses and large enterprises. It is possible that S has hit low hanging fruit and will find future such growth more difficult (unlikely, but that is always a risk with a company at this small of a relative run rate ($237 million ARR), but it is not indicative of some major issue with the size of the agent on the device. In fact not even practical in most instances, but much less able to grow this rapidly to that many customers in the END POINT market.

This all said, I have recently taken an interest here and did buy some this week. I like to swoop in like a vulture. However, as Saul teaches, it is sometimes better to buy the winners on the way up. S’s share price is on the way down at the moment, rapidly. Yes, recent IPO. Circumstances…but we have all seen this sort of price movement with recent IPOs, so here is to that being the case here!

Beyond this, the only other issue I see with S is their margins. Their gross margins is actually a positive here. Gross margins are expected to materially tick upwards over the next year or two to the 70-80% range. Love to see that sort of improvement. However, their operating margin is expected to get worse into Q4 according to the CFO. Something like -90%. That is counter to the conversation about showing financial leverage and its comparison with CRWD. So that is an issue I need to dig further into. But for the moment, I like to try new stocks on. I’ve dug through the tech and the business to my satisfaction to understand what is going on here, the share price seems opportunistic, and I will take a day or two to try it on.

Tinker

47 Likes

“However, their operating margin is expected to get worse into Q4 according to the CFO. Something like -90%”

-90% is for the full year, not Q4. S is guiding for -83 to -80% next quarter. Further, S beat their Q3 guidance for non-gaap operating margin by 28.4%! If we assume the same beat, they will do around -53% next quarter.

Q3 guidance: (99)-(96)%, Q3 result: (69.1)%
Q4 guidance: (83)-(80)%

10 Likes

On the discussion about disk size, the doc linked by Zoro clearly states 200MB on disk when used in a typical way.

For an endpoint device used in a typical way
over a 24-hour period, this amounts to a total delay of just
one second. SentinelOne’s monitoring process runs at low
priority on the system, and consumes between 0%-4%
CPU cycles. It’s memory footprint is about 20MB and the
agent occupies approximately 200MB on disk.

Although I found on reddit if you want to have ransomware warranty you’ll have to adhere to certain terms and turn on certain options which will make disk usage grow.

VSS (Volume Shadow Copy Service) is enabled and functioning on all Windows endpoints. VSS Disk Space Usage allocation must be configured with at least 10% on all disks.
https://www.reddit.com/r/msp/comments/ifdr9e/comment/g2n8dwt…
https://www.sentinelone.com/legal/ransomware-warranty/

5 Likes

Here is my take as someone in the industry and using a lot of these tools:
EndPoint security is an extremely Crowded Space!

  • Microsoft (very strong position), VMware/Carbon BLack, Crowdstrike, Mcafee, Sentinel One, TrendMicro, Sophos, Cyberreason, and many other niche players.

  • Most of these tools do very similar things and all vendors claim to be “lightweight”, use AI and have the least amount of false positives. For this reason its going to be hard to have strong pricing power in future as is especially with the way Microsoft is doing their bundling for M365 and a modern cloud enterprise. They make it so attractive financially to use it its going to make it very hard to raise prices or lower marketing for the other companies.

  • Despite the amount of false positives companies must use them and optimize them correctly to keep up with modern cybersecurity threats.

  • Crowdstrike has outperformed by expectations as a company a lot and I definitely missed the boat on it. That being said I am skeptical if it will keep up the hyper growth beyond another year and its in a very swelled market cap range (IMO). That being said it is much more intriguing to me than SentinelOne who I view as barely a top 5 option in the space and definitely more hype than legit option. Crowdstrike’s leadership also have a lot more industry cred than SentinelOne.

17 Likes

That being said [Crowdstrike] is much more intriguing to me than SentinelOne who I view as barely a top 5 option in the space and definitely more hype than legit option.

mtk76,

Thank you for your industry take. The problem is, it doesn’t square with the fact that SentinelOne is growing revenue at triple digit rates, or that it has 416 customers spending $100,000+ with them each year, or that its current customers are spending roughly 30% more on average every year (as their NRR attests), or that they count as customers such large enterprises as AutoDesk, McKesson, EA, Estee Lauder, Samsung, and Sysco. They also have smaller more techie customers like Sutterfly, Pandora, and Fiverr. All this seems to support SentinelOne’s legitimacy. How would you, with your industry experience, account for all this?

Also, the outcomes aren’t just market leader or failure, right? I don’t imagine SentinelOne needs to be a “top 5 option” to be a successful investment…what if they simply have a very valid niche that the larger players may not do as well as they do? The more crowded the space, my guess would be, that’s because the opportunity is large and the winners may be varied.

Thanks again,
Bear

43 Likes