SentinelOne: Benchmarking the S-1 Data

Yesterday SentinelOne filed their initial S1 statement. A S-1 is a document companies file with the SEC in preparation for listing their shares on an exchange like the NYSE or NASDAQ. The document contains a plethora of information on the company including a general overview, up to date financials, risk factors to the business, cap table highlights and much more. The purpose of the detailed information is to help investors (both institutional and retail) make informed investment decisions. There’s a lot of info to digest, so in the sections below I’ll try and pull out the relevant financial information and benchmark it against current cloud businesses. As far as an expected timeline - typically companies launch their roadshow ~3 weeks after filing their initial S-1 (the roadshow launches with an updated S-1 that contains a price range). After the roadshow launch there’s typically ~2 weeks before the stock starts trading. So we’re looking at roughly 5 weeks before any retail investor can buy the stock.

SentinelOne Overview

From the S1 - “We pioneered the world’s first purpose-built AI-powered extended detection and response, or XDR, platform to make cybersecurity defense truly autonomous, from the endpoint and beyond. Our Singularity Platform instantly defends against cyberattacks - performing at a faster speed, greater scale, and higher accuracy than possible from any single human or even a crowd… Our XDR platform ingests, correlates, and queries petabytes of structured and unstructured data from a myriad of ever-expanding disparate external and internal sources in real-time. We build rich context and deliver greater visibility by constructing a dynamic representation of data across an organization. As a result, our AI models are highly accurate, actionable, and autonomous. Our distributed AI models run both locally on every endpoint and every cloud workload, as well as on our cloud platform. On each endpoint and cloud workload, we run highly optimized AI models in a single lightweight software agent. Our Static AI model predicts file-based attacks of all types, even previously unknown threats, often referred to as “zero-day attacks,” with extreme precision in milliseconds. Our Behavioral AI model maps, monitors, and links all behaviors on the endpoint to create rich, contextual narratives that we call Storylines. These high-fidelity Storylines are continuously evaluated by our Behavioral AI model. When activity is deemed a threat, our software autonomously takes action to kill the attack. Because Storylines contain a complete record of unauthorized changes made during an attack, we are ready to remediate or roll back these changes. The power to turn back time on a device is unique in the market. It is the ultimate safety net and exemplifies autonomous cybersecurity. Thus, our software eliminates manual, expensive, and time-consuming incident cleanup.”

Product Overview

From the S-1: “The tiers of our Singularity Platform include:

Singularity Core. Our entry level security solution for organizations that want to replace antivirus tools with our EPP which we believe is more effective and easier to manage than legacy antivirus and next-gen antivirus products. Singularity Core includes our Static and Behavioral AI models and autonomous threat response and rollback features.

Singularity Control. Made for organizations seeking best-of-breed security with the addition of our “security suite” features for endpoint management. It provides additional features for control network connectivity, USB and Bluetooth peripherals, and to uncover rogue devices.

Singularity Complete. Our flagship offering that includes our full suite of product capabilities.

Market Opportunity

From the S-1: “According to IDC, the addressable market addressed by our solutions today is expected to reach $40.2 billion in 2024, growing at a compound annual growth rate, or CAGR, of 11.9% between 2021 and 2024. Our addressable market today represents revenue from the following markets:

Corporate Endpoint Security. A $9.7 billion market in 2021 and growing to $12.0 billion in 2024; comprising Modern Endpoint Security, Server Security (physical servers and cloud workload security), Information Protection and Control, and Endpoint Management.

Cybersecurity Analytics, Intelligence, Response, and Orchestration. A $13.1 billion market in 2021 and growing to $17.1 billion in 2024; comprising Device Vulnerability Assessment, Forensics and Incident Investigation, Policy and Compliance, Security Device Systems Management, Security Information and Event Management, or SIEM, and Software Vulnerability Assessment.

IT Operations Management. A $5.9 billion market in 2021 and growing to $11.1 billion in 2024.”

How SentinelOne Makes Money

From the S-1: “We generate substantially all of our revenue by selling subscriptions to our Singularity Platform. Our subscription tiers include Singularity Core, Singularity Control, and Singularity Complete. Additionally, customers can extend the functionality of our platform through our eight subscription Singularity Modules. We generally price our subscriptions and modules on a per agent basis, and each agent generally corresponds with an endpoint, server, virtual machine, or container. Our subscription contracts typically range from one to three years. We recognize subscription revenue ratably over the term of a contract. Most of our contracts are for terms representing annual increments, therefore contracts generally come up for renewal in the same period in subsequent years. The timing of large multi-year enterprise contracts can create some variability in subscription order levels between periods, though the impact to our revenue in any particular period is limited as a result of ratable revenue recognition.

Benchmark Data

The data shown below depicts how the [companySentinelOne data compares to the operating metrics of current public SaaS businesses.

Last Twelve Months (LTM) Revenue

SentinelOne’s LTM revenue was $113M. This will make it the smallest public cloud company

LTM Revenue Growth

SentinelOne’s LTM revenue growth was 101%, making it one of the few cloud businesses to have a growth rate >100%

Quarterly YoY Revenue Growth Trends

SentinelOne has shown nice growth acceleration over the last 4 quarters

LTM GAAP Gross Margin

SentinelOne’s LTM gross margins were 56%, on the low end for public cloud businesses

LTM GAAP Operating Margin

SentinelOne’s LTM Operating Margin was (134%), which is the lowest of all public cloud businesses

Net Revenue Retention

This metric is calculated by taking the annual recurring revenue of a cohort of customers from 1 year ago, and comparing it to the current annual recurring revenue of that same set of customers (even if you experienced churn and that group of customers now only has 9, or anything <10).

SentinelOne’s net revenue retention is 124%

Gross Margin Adjusted CAC Payback

(Previous Q S&M) / (Net New ARR x Gross Margin) x 12. This metric demonstrates how long it takes (in months) for a customer to pay back the cost at which it took to acquire them. In the chart below I’m taking the average of the 4 quarters leading up to IPO to normalize the business.

LTM S&M Expense as % of LTM Revenue

Not surprising given the heavy losses, SentinelOne has the highest spend on S&M as a % of rev of all public cloud businesses: 85%

Rule of 40

In the below chart I’m showing LTM revenue growth + LTM FCF margin. Despite SentinelOne’s high growth, their Rule of 40 is below average given their heavy losses

This post and the information presented are intended for informational purposes only. The views expressed herein are the author’s alone and do not constitute an offer to sell, or a recommendation to purchase, or a solicitation of an offer to buy, any security, nor a recommendation for any investment product or service. While certain information contained herein has been obtained from sources believed to be reliable, neither the author nor any of his employers or their affiliates have independently verified this information, and its accuracy and completeness cannot be guaranteed. Accordingly, no representation or warranty, express or implied, is made as to, and no reliance should be placed on, the fairness, accuracy, timeliness or completeness of this information. The author and all employers and their affiliated persons assume no liability for this information and no obligation to update the information or analysis contained herein in the future.

Comments

[Bazzz]

When will the stocks be available?

[Kunal Modasiya]

I feel this is like S1 is -- Crowdstrike in making - both operate in the same market, similar products, similar platform approach to security, and similar architecture - One Agent One Platform - Would this skyrocket ? Would be interesting to see the IPO price range and valuation. CRWD was valued at 7B at IPO and the rest is history...