SentinelOne: Excessive Valuation Overshadows A Stellar Product

Cybersecurity firm SentinelOne had its public offering late last month. The product is very promising as it automates cybersecurity, which eliminates noise so security teams only respond to those that are critical. This reduces human error from fatigue and can also reduce head count much like robotics process automation. However, the valuation overshadows the company’s potential. We’ve written recently about the unusual premium being charged from list price to opening price, yet SentinelOne takes the term “stretched valuation” to a new level with an 80 forward price-to-sales.

SentinelOne Valuation Overview:

The cybersecurity firm SentinelOne debuted on June 30th with the stock trading at $46, higher than the IPO price of $35. Earlier, the company had raised its IPO price twice. The shares jumped 21% on the opening day to close at $42.50, valuing the company at $10.9 billion. The last private valuation was $1.1 billion in February of 2020, with the company trading at a nearly 900% premium for public investors.

SentinelOne’s close competitor Crowdstrike was valued at $11.41 billion on the opening day of trading on June 12th, 2019. SentinelOne’s IPO was bigger than Crowdstrike’s as the company raised about $1.4 billion compared to Crowdstrike’s $703.8 million.

Pictured Above: SentinelOne is strong out the gate, but can it hold?

YCHART

SentinelOne grew its revenue year-over-year by 100% for the fiscal year ending January 31st, 2021 to $93.1 million. While the growth is extraordinary, the losses did increase from $76.6 million to $117.6 million.

In contrast, CrowdStrike, in its fiscal year ended January 31, 2021, grew its revenue by 82% year-over-year to $874.4 million. Net loss reduced from $141.8 million to $92.6 million. Also, if we compare the previous year of CrowdStrike’s IPO. CrowdStrike fared better as its revenue in the fiscal year ended January 31, 2019 and grew by 110% to $249.8 million. Net loss reduced from $141.3 million to $140.1 million. This is important to look at because Crowdstrike is two years older than SentinelOne. When adjusted for age, we see the competitor was growing at a similar rate at year 8.

Although we won’t know SentinelOne’s forward revenue and analyst consensus won’t be out until the first earnings report, we can do a back-of-the napkin calculation based off its current quarterly revenue of $37 million for an annual run rate of $150 million. At the current 12 billion market cap, the company is trading at an 80 forward P/S compared to Crowdstrike at 42 and Zscaler at 45.

Cyber Attacks are Increasing:

Cyberattacks are becoming more prevalent. According to Cybersecurity Ventures, cybercrime will cost the world around $10.5 trillion annually by the year 2025. This is one of the reasons why companies like SentinelOne and Crowdstrike are illustrating rapid growth.

According to IDC, the addressable market for the company’s solutions is expected to reach $40.2 billion in 2024, growing at a Compound Annual Growth Rate (CAGR) of 11.9% between 2021 and 2024. It mainly comprises of:

  • Corporate Endpoint Security A $9.7 billion market in 2021 and growing to $12.0 billion in 2024; comprising Modern Endpoint Security, Server Security (physical servers and cloud workload security), Information Protection and Control, and Endpoint Management.
  • Cybersecurity Analytics, Intelligence, Response, and Orchestration. A $13.1 billion market in 2021 and growing to $17.1 billion in 2024; comprising Device Vulnerability Assessment, Forensics and Incident Investigation, Policy and Compliance, Security Device Systems Management, Security Information and Event Management, or SIEM, and Software Vulnerability Assessment.
  • IT Operations Management. A $5.9 billion market in 2021 and growing to $11.1 billion in 2024.

According to ResearchAndMarkets.com, the worldwide cybersecurity industry is expected to reach $345.4 billion by 2026 growing at a Compound Annual Growth Rate (CAGR) of 9.7% from 2021 to 2026. Global Market Insights Inc. estimates that the cybersecurity market will grow from $170 billion in 2020 to $400 billion in 2027.

More recently, the world’s largest meatpacker, Brazil’s JBS SA, had a ransomware attack. The attackers hit the servers supporting North American and Australian IT systems. This led to the disruption in the company’s operations globally for a number of days. The company was forced to pay millions in ransom to restore the data.

Product Overview: Fight “Machine-with-Machine”

SentinelOne is an AI-powered cybersecurity company at the forefront of autonomous threat detection and prevention. The company is at the forefront in introducing autonomous threat detection and prevention. It has developed an AI-powered XDR platform to make cybersecurity protection truly autonomous from the endpoint and beyond. Endpoint security refers to protecting the endpoints or entry points of the end-user devices such as desktop PCs, laptops, mobile devices, and servers from being exploited.

The product differentiation is best summed up by the fact other vendors require data to be sent to the cloud for analysis and often have many humans monitoring the alerts to take action. Meanwhile, SentinelOne uses automation to find the threat which reduces the number of false positives. Instead of getting every piece of telemetry that requires the security team to investigate, SentinelOne’s endpoint detection and response solution eliminates the noise so that the security team is only responding to those that have the potential to be critical.

According to SentinelOne’s S1, “Cyberattacks have become the output of military-grade, highly resourced, and automated nation-state and cybercrime operations. We envisioned a revolutionary data and artificial intelligence paradigm where technology alone could autonomously prevent, detect, and respond to cyberattacks. It is time to fight machine with machine.”

They emphasize the fact that legacy antivirus powered by human-generated signatures still remains a widely used security technology. This is in spite of the fact that they are ineffective and reactive. Human-powered endpoint detection and response, or EDR, emerged as the alternative in which people became the detection and response crew.

This approach led to the “1–10–60” rule which claims the best achievable cybersecurity outcome was capped at one minute to detect an attack, 10 minutes to investigate, and 60 minutes to respond. Recent ransomware attacks have proved that it only takes milliseconds to breach an organization and cause damage.

SentinelOne uses the XDR platform. Extended detection and response (XDR) is cross-layered detection and response. XDR collects and automatically correlates data across multiple security layers — email, endpoint, server, cloud workloads, and network — so threats are detected faster and security analysts improve investigation and response times.

The company’s Singularity Platform ingests, correlates, and queries petabytes of structured and unstructured data from a myriad of ever-expanding disparate external and internal sources in real-time. It builds rich context and delivers greater visibility by constructing a dynamic representation of data across an organization. As a result, the company’s AI models are highly accurate.

The company’s distributed AI models run both locally on every endpoint and every cloud workload, as well as on the company’s cloud platform and the AI models predict threats in milliseconds. The behavioral AI model maps and links all behaviors on the endpoint to create Storylines. When an activity is deemed to be a threat, the system automatically takes action to kill the attack.

In the cloud, the company’s platform aggregates Storylines. As pointed out in the S-1 filing, the streaming AI detects anomalies that surface when multiple data feeds are correlated with additional external and internal data. By providing full visibility into the Storyline of every secured device across the organization through one console, the platform makes it fast for analysts to search and hunt for threats.

SentinelOne leverages a microservices architecture for rapid and frequent updates. The company offers support for Kubernetes workloads with additional runtime protection and simplified deployment. Kubernetes is automation orchestration for containers and allows for scaling of a container rather than an entire application. Kubernetes was created by Google and is used by 78% of companies managing containers with this open-source system.

Financials

The company’s revenue for the fiscal year ended January 31, 2021, grew by 100% year-over-year to $93.1 million. The revenue growth re-accelerated in the most recent quarter to 108% growth, or $37.4 million, for a run rate of $150 million.

In contrast, CrowdStrike, in its fiscal year ended January 31, 2021, grew its revenue by 82% year-over-year to $874.4 million. Net loss reduced from $141.8 million to $92.6 million.

Also, if we compare the previous year of CrowdStrike’s IPO. CrowdStrike fared better as its revenue in the fiscal year ended January 31, 2019, grew by 110% to $249.8 million. Net loss reduced from $141.3 million to $140.1 million.

The company’s annualized recurring revenue (ARR) for the fiscal year ended January 31, 2021, grew by 96% to $130.8 million. Customers with ARR of more than $100,000 increased from 104 to 219. The dollar-based net retention rate was dropped from 119% to 117%.

Gross margin dropped from 61% to 58% in the fiscal year 2021. One of the reasons for the drop in the gross margin was the expansion of the Singularity Platform drove the need to expand the cloud infrastructure. It expects the pressure to reduce once the business scales operations.

Net cash used in operating activities increased from $44.4 million to $66.6 million in the fiscal year 2021. The company has generated negative cash flows and have supplemented working capital through net proceeds from the sale of equity securities in the past.

As stated, in the first quarter ended April 30, 2021, revenue grew by 108% year-over-year to $37.4 million. Net losses increased from $26.6 million to $62.6 million. The losses are more than the company’s revenues in a similar manner like the fiscal year 2021 revenue.

The ARR grew by 116% to $161.3 million. Customers with an ARR of more than $100,000 or more increased from 122 to 277. The dollar-based net retention rate was 124%.

I/O FUND

Adjusted gross margin dropped from 58% to 53%. Net cash used in operating activities increased from $11.8 million to $30.8 million.

In contrast, Crowdstrike generated positive cash from operating activities of $147.5 million and a free cash flow of $117.3 million. CrowdStrike was also profitable on an adjusted basis and the management expects to be profitable on an adjusted basis for the fiscal year 2022.

SentinelOne has cash of about $1.6 billion post its initial public offering. The company plans to use the proceeds for working capital and general corporate purposes. It might also use the proceeds for the acquisition of, or investment in technologies, solutions, or businesses that complement the company’s business.

The company had 4,700 customers as of April 30, 2021. They include Estee Lauder, Aston Martin, JetBlue, Norwegian Airlines, National Oilwell Varco, Shangri-La, Blizzard, Autodesk, Fiverr, NVidia, and Wells Fargo, among others. The customers included three of the Fortune 10, 37 of the Fortune 500, and 66 of the Global 2000 companies.

Risks

As stated in the S-1 filing, the company derives most of its revenues from the channel partners. It derived 91% of the first quarter ended April 30, 2021, revenue from channel partners. The direct customer portion is low. The company has dual-class structure. Currently, Class B shareholders will hold 99.2% of the voting rights. This means the minority shareholders will have no say in the company’s decisions.

Gartner places SentinelOne behind Crowdstrike, Microsoft and TrendMicro in the Leadership quadrant. Gartner is a credible source that does many channel checks. The analyst points towards limited range of sensors and lack of fully featured data loss prevention. Notably, SentinelOne did receive the highest score for all Use Cases for Critical Capabilities at 4.60.

Conclusion:

If we look at the Gartner Magic Quadrant 2021 for endpoint protection CrowdStrike is in a better position than SentinelOne. It has recently purchased Humio, which points towards the company continuing as a leader in the AI cybersecurity industry. Most would agree that these two are comparable. The elephant in the room is that Crowdstrike is trading at nearly 50% less.

To summarize, is it a good product? Yes, and it’ll probably do quite well competing against Crowdstrike. Should you pay any price? Never, because stocks are not scarce.

Visit us at io-fund.com and sign up for our free newsletter covering tech stocks weekly.

Senior Product Evangelist in data and security. All things #startups #mobile, #data #security and #IoT. Snowboarder, book worm.