SentinelOne Inc. (S, Financial) has established itself as a formidable competitor to CrowdStrike (CRWD, Financial), particularly in the realm of endpoint detection and response (EDR) and extended detection and response (XDR) solutions. According to Fortune Business Insights, the North American cybersecurity market size was $75.3 billion in 2023, with a projected compound annual growth rate (CAGR) of 14.3% over the next decade. This means that by 2030, the North American market alone could be approaching $200 billion, with additional growth opportunities internationally.
As I discussed in my previous article on CrowdStrike, CrowdStrike remains the more mature player with its renowned AI-powered Falcon platform, however, SentinelOne is proving to be an aggressive challenger in the space. The company has been rapidly gaining market share and is often compared to CrowdStrike in the same way that PepsiCo (PEP) is to Coca-Cola (KO). As with those two giants, I believe there is room for more than one winner in the cybersecurity market.
This article explores its business model, financial performance, and the potential risks and rewards for investors.
Fundamental Nature of SentinelOne
At the heart of SentinelOne's strategy is the belief that machines respond faster than humans to security breaches. Its flagship Singularity platform leverages artificial intelligence (AI). By automating threat detection, prevention, and response, SentinelOne aims to reduce the need for human intervention and improve the speed of response, particularly during security breaches.
SentinelOne's business model revolves around delivering cutting-edge, AI-driven cybersecurity solutions. The company's EDR and XDR data stack integrates endpoint protection, cloud workload protection, and IoT security into a centralized platform. The Singularity XDR platform offers AI-powered autonomous threat prevention, detection, and response capabilities across an organization's endpoints and cloud workloads, providing seamless, automated protection against a wide range of cyber threats.
Source: SentinelOne
Last year, SentinelOne launched Purple AI, an AI-powered virtual assistant integrated into the Singularity platform. Purple AI allows non-expert users to investigate incidents and hunt for threats using natural language commands. Early adopters have reported an 80% improvement in the speed of threat hunting and incident remediation, which speaks volumes about SentinelOne's focus on accessibility and ease of use.
Source: SentinelOne
While cloud security is a major focus for SentinelOne, they have zeroed in on runtime security, which they believe offers more differentiation compared to the commoditized cloud security posture management (CSPM) segment. Cloud workload protection (CWP) is a key area where they are looking to stand out, and I agree that this focus could yield significant market share in a space that is still highly fragmented.
Go-To-Market Strategy
SentinelOne employs a land-and-expand approach, initially entering organizations with their EDR solutions and then expanding its footprint by upselling additional services, such as XDR and cloud workload protection. This strategy allows the company to capture a smaller part of the business first and gradually grow its presence within the organization.
The company remains focused on new customer wins, continually launching products across cloud and data security. Over the past few years, SentinelOne has expanded its platform through both organic growth and mergers and acquisitions (M&A).
Another key strength of SentinelOne's strategy is its focus on building a robust partner ecosystem, which enables the company to scale effectively across new markets, particularly in mid-sized businesses and global expansions. The company has also strengthened its Incident Response offering by expanding its partnership with Google's Mandiant, positioning SentinelOne as a strategic vendor for high-profile incident response services.
SentinelOne has also been bringing in experienced talent to drive future growth. The recent appointment of Barbara Larson as Chief Financial Officer (CFO), along with the hiring of a new Chief Marketing Officer and Chief Revenue Officer, signals the company's commitment to scaling its business. Larson, formerly the CFO at Workday and a senior executive at VMware, brings valuable experience as SentinelOne aims to surpass $1 billion in revenue and continue its upward trajectory.
The Turning Point
SentinelOne's Q2 FY25 was a standout quarter, with revenue growing 33.1% year-over-year (YoY) to $199 million, alongside significant margin expansion. The company posted its first-ever quarter of positive non-GAAP net income, a major milestone. Annual recurring revenue (ARR) grew by 32% to $806 million, with customers spending over $100,000 in ARR increasing by 24%, and those spending more than $1 million grew even faster, setting another company record.
SentinelOne's gross margins, both GAAP and non-GAAP, continue to rise, demonstrating pricing power. However, one area to watch is the decline in dollar-based net retention, which fell from 132% in FY23 to 114% in FY24. While still impressive, this metric requires attention, as it reflects how much customers are expanding their contracts after the initial engagement.
Source: FinChat
The company's free cash flow (FCF) briefly turned positive in Q1 but reverted to a negative $5 million in Q2. However, with $700 million in cash and no debt, SentinelOne's balance sheet remains strong. Though the growing goodwill from its M&A activity, now representing 27% of total assets, warrants caution. A high level of goodwill can signal that the company paid a premium for acquisitions. If these acquisitions don't deliver the anticipated value, it shows management poor capital allocation skills.
On the liabilities side, 71% of total liabilities are made up of deferred revenue. This represents money that the company has received for services it has yet to deliver, thus normally called a "positive" liability, as it indicates strong sales and future revenue recognition, and as long as the company continues to execute well, deferred revenue can be seen as a healthy indicator of future performance and cash flow.
Outlook
SentinelOne raised its FY 2025 revenue guidance to $815 million, slightly above previous expectations. There was some investor disappointment regarding the lack of a larger upward revision, especially in light of CrowdStrike's July 2024 outage. However, the raised guidance does not account for potential customer gains from CrowdStrike's disruption. Any significant wins in the coming quarters could provide additional upside.
CEO Tomer Weingarten has noted that SentinelOne expects to benefit from the CrowdStrike outage, with improved pipeline activity and rising win rates. However, the company is not yet ready to quantify the financial impact in the coming quarters. While SentinelOne sees customers investing more resources into its platform, CrowdStrike CEO George Kurtz, at its Fal.Con conference has reported that CrowdStrike's pipeline activity has returned to pre-incident levels, making it unclear whether SentinelOne will see substantial gains. This is something that I am going to watch closely over the next few quarters.
The Bear case
SentinelOne has executed well, taking market share from larger players, and the global outage could catalyze further growth. That said, there are several risks to keep in mind.
The cybersecurity space is intensely competitive, with companies like Microsoft, CrowdStrike, and Palo Alto Networks (PANW, Financial) having much larger marketing budgets and deeper resources. If these competitors become more aggressive, as Tesla did with price cuts in the automotive industry, SentinelOne could struggle to maintain its momentum due to its smaller scale and resources.
Another risk lies in SentinelOne's reliance on channel partners, which presents concentration risk. In FY24, one partner accounted for 19% of revenue and 26% of receivables, while two others represented over 10% of receivables each. Though these are not end customers, reliance on channel partners introduces potential vulnerabilities if any relationships weaken.
Source: SentinelOne FY2024 10-K
Finally, dilution remains a concern. Stock-based compensation accounts for roughly 35% of revenue, and with an aggressive acquisition strategy, dilution could become a headwind for shareholders.
A Relative Bargain
According to the IDC Worldwide Modern Endpoint Security Market Shares 2023 report, SentinelOne grew the fastest among the top 10 vendors in 2023. Although it is smaller and more disruptive than players like Microsoft and CrowdStrike, its growth rate is impressive, and the company is becoming a serious contender in the sector.
SentinelOne is without any doubt the smaller player among its peers, with a market cap of $7.6 billion, despite being the company that is expected to grow its revenue the most over the next two years. SentinelOne is still in a hyper-growth/breakeven business cycle, thus P/S and P/GP are the most useful multiples to use.
Source: Author
SentinelOne currently trades at a P/S ratio of around 10.6x and a P/GP ratio of 14.4x, positioning it as one of the more attractively priced stocks among its peers. Given its smaller revenue base and aggressive growth strategy, I see an opportunity for multiple expansion as the company matures. A P/S ratio expansion closer to the peer average of 13.3x could deliver a significant upside for long-term shareholders.
A discounted cash flow analysis wouldn't be useful either, as SentinelOne has only just turned the FCF line and not consistently. However, I used a multiple method based on terminal EBITDA multiple and arrived at a price target of around $31.50, representing a 31% discount to its current price.
Source: Author
My final take
SentinelOne is emerging as a serious contender in the cybersecurity space, and I expect its recent momentum to continue. With one of the best quarters in its history and a significant profitability milestone achieved, the next step will be reaching consistent profitability, which I anticipate in Q2 or Q3 of next year. The company's focus on AI-driven automation, partnerships, and experienced hiring positions it for scale. If management can continue executing at this level, shareholders stand to benefit from multiple expansion and ongoing revenue growth.
While there are risks, I believe SentinelOne offers an attractive opportunity for long-term investors. At current valuations, the company presents a favorable risk-reward profile, and I am confident that as SentinelOne continues to execute, it will reward patient shareholders.
