SentinelOne, Inc. (S) Earnings Call Transcript & Summary

Welcome back, everyone, to the software conference. My name is Brent Thill. SentinelOne, as you know, is a recent IPO that's come out with great fanfare and really happy to have the whole team, Dave Bernhardt, CFO. Dave was at Chegg for over 9 years and watched behind the scenes what he was able to do in that business model transformation, which was exceptional as an analyst covering that story from where they were to what they became. So Dave, congrats on all that hard work in the recent transaction. He's been CFO for a year. Nick is also with us as COO. He leads all global sales and field ops and previously held Head of Sales for Cylance. I can't talk this afternoon. And Doug is also with us from IR. Doug runs the program. Prior to that time, he was at Pinterest for 2 years and prior to that time, a decade at Goldman Sachs. So someone to get to know if you guys don't know Doug, Doug can handle all your questions as well. So thanks, Doug, for being part of this. And I'm going to turn it to Doug. He's got a quick intro. And then I will go to Dave, and then we'll jump into Q&A.

That's perfect. Thanks a lot, Brent. I just wanted to flash a very quick safe harbor statement for kind of legal and disclaimer purposes. Don't need to belabor this point. I think you've all seen it before. And with that, I will actually turn it over to Dave.

Sure, I can just give a quick minute or so introduction to SentinelOne. For those of you who are less familiar, just learning about us, we operate in the endpoint security market. We truly believe cyber defense must be more holistic, security must be autonomous, faster, more accurate. It must be a harmless AI and machine learning. Customers choose us for better protection, detection and remediation. Really, for us, security doesn't stop at the endpoint. It extends into IoT devices, cloud workloads and the enterprise data itself. And our approach is an open XDR technology. We completed our IPO earlier this summer, and we held our first earnings call last Wednesday afternoon. We reported ARR of $198 million with growth accelerating 127% year-over-year. We guided our third quarter revenue to grow in excess of 100% as well. Our customer count grew over 75% year-over-year. Our customers with ARR over $100,000 grew 140% year-over-year, and we achieved a record high 129% net retention rate. So boiling it all down, our growth was extremely well balanced, with contributions from new and existing customers, large enterprises across all our go-to-market channels and partners and geographically. I'd like to remind you to please look at our shareholder letter from this quarter for more detailed information. And with that, Brent, let's jump into Q&A.

Absolutely. I got my copilot, Cyber Joe Gallo, as well. And any questions you guys have, please ask on the portal. And Nick, these numbers are insane. You probably want Dave just keep reading those numbers. You've been in this industry a long time, and I'm curious what you think is different here? You've been part of a lot of great stories. But what's different in this cyber story that you haven't been part of in the past?

Well, I think what's different in the market is this generational shift that we're seeing to cloud-native technology and, in particular, really a move in a meaningful way to adopt machine learning-powered technologies that are cloud native. And that's very much an architectural shift just in terms of infrastructure but also really a revolutionary shift away from what the industry -- cybersecurity industry, frankly, had relied on for 20-plus years, which is retrospective reactive-based detection techniques to things that were predictive and truly preventative. And that is really what's very, very different about what the industry is undergoing today and what -- at SentinelOne, we're really grateful to be a key part of.

And when you think about -- we've heard out of the conference a number of cyber names present. And one of the themes we keep hearing is maybe the move to digital and this ongoing mass adoption is actually even having a bigger impact of adoption than breaches. I know it's a combination of both, but some have even alluded to just the pace of digital adoption is far surpassing the breach excitement from some CISOs. How would you characterize what you're seeing?

Well, in the market, I think it's a combination of several different structural tailwinds. If you think about the movement towards a 0 trust architecture, that's really become a fundamental tenet of cybersecurity. If you think about the move to that digital infrastructure, cloud native applications, cloud-born DevOps, the removal of network infrastructure in terms of firewalls, et cetera, the remote workforce, the unbelievable power and aptitude that systems have today that they didn't have 15 years ago. So these laptops are as high powered as a server was 10 years ago. So you think about the compute resource and data that resides on these things, those are permanent shifts that really have driven, I think, a very well-deserved focus on protecting and preventing at the point of execution at the endpoint on the workload, et cetera. And I think overarching all of that is you've seen this -- the really significant uptick in cyber threats and hacks and ransomware and the black swan events that we're having every few months now, major findings and deficiencies in a lot of Microsoft code that are being revealed, whether or not it was their cloud infrastructure or Exchange e-mail server infrastructure. All of these things, I think, have really led to a super heightened awareness. But more than awareness, we're seeing like a truly mainstream adoption of this type of technology. And we're still in the early innings of it, but it's very much a permanent shift for the better in the industry.

You've touted automation as a real key differentiator. Maybe if you can dive a little deeper in what you mean, why you have insulation around this opportunity. It seems like it's really stood out in a lot of the customer due diligence and the positioning that we've heard from you.

Yes. Thanks for that. It's always good to hear the channel checks are mapping in line with what we really are driving to philosophically, which is ease of use automation and effectiveness. And I think if you look at the industry, it's traditionally, to our detriment, been a human-powered approach. And what I mean by that is companies like a Symantec or McAfee would have to have reams and reams, hundreds of threat researchers who are manually writing detection rules, et cetera. And then what you had is sort of this replacement of the shift of saying, hey, look, we're going to monitor systems, but with sort of first wave EDR. We're going to have to shift all the people to be in the cloud to analyze and inspect behavior and try to make detections against the clock in real time. And for us, that didn't really feel like a paradigm change as much as just a shift of where that over reliance on humans was. And what we mean when we say automation is that we've built in machine learning capability that makes decisions on its own in real time based either on the attributes of what's trying to run or on literally just the behavior of systems. And why that's so important is it's really eliminating some of the last obstacles that remained for many companies to have meaningful cybersecurity. And those obstacles being ease of use, efficacy, ability to turn on the effective policies and have a really high detection rate with a super low false positive rate. And all of those things were quandaries that you sort of have to pick your poison in the past. You would either had great effectiveness and high false positives or no false positives but poor detection. And by bringing machine learning and automation to play, I think what we've done, one way to think about what SentinelOne has brought to the market is really taking very advanced and cutting-edge technology and democratizing it to make it super easy to purchase and deploy and find value in. And that's why we're getting such mass adoption across all sizes and shapes of enterprise businesses and organizations.

And you -- when you have over 100% growth, no complaints from anyone. But when you think about just the sustaining foundation you're putting in to support that type of growth, and can you just walk through what you're doing to help the team support what you're seeing? And everyone asks us like the sustainability I think you kind of look at a lot of the other cyber vendors and you're clearly seeing incredible growth. So you're not the only one saying things are good.

Yes. So I think for us, it really all starts with a customer-centric culture, and we very much have had that. But we've stayed disciplined to that through hyper growth. We're never losing sight of what we're trying to do is solve our customers' problems against a very tough and innovative competitor called the adversary. And I think that's the thing to keep in mind when you think about this space is that our real competitors are the nation state and criminal actors who are continually trying to one up even the best security technologies on the planet. And so what you really need to be very focused on is working alongside your customers solving those -- the problems of today and tomorrow. And we really have done that. I think from a go-to-market experience, what we've also focused on very much is our partner ecosystem. And so by being so focused on a technology platform rather than trying to wear dual hats as a services company as well as the technology vendor, what we've been able to do is really build technology that enables all sorts of different fulfillment and distribution channels to bring our product to market, whether or not it's incident responders, managed detection and response providers, MSSPs, traditional security resellers, global distributors. When you have a very easy-to-use product that is super flexible and is something that these companies, these distributors can build a services framework themselves around, that's when you get real lasting loyalty. And we're certainly punching well above our weight. If you look at our growth mapping against number of employees. And a huge part of that is because we've really gotten this gear effect from our channel partner ecosystem. So those really are 2 fundamentals that we always keep top of mind as we're innovating and building and executing against our plans.

When you think, Dave, just the foundation you're putting in to support this growth, can you walk through -- many have asked as it relates to the foundation to support this, what are the key pieces that you're finding helpful that are letting this spin maybe even without having to throw as many bodies at the problem.

Sure. So obviously, right now, with the growth we're having, we're investing in ourselves. Whether it's adding engineers for best-of-breed technology, adding to the go-to-market motion and increasing our sales force, these are the investments we're making now to be able to sustain growth later. So we're seeing some modest leverage in the model versus prior years. We expect that to continue as we scale. There's just so much opportunity in front of us right now that we don't want to miss trying to go after the larger market. We really want to establish a beachhead right now with our customers because we know that the land and expand is working. So there's a lot of investments we're making that we're going to see the benefits from over the upcoming years as well as now. We're going to continue to evaluate the path for these investments. And long term, I think the margin profile will follow. We've provided a long-term margin profile to the analyst community. We echoed that when we did our guidance for the current quarter. But really, we want to make sure that the investments we're making now allow us to achieve that 5 years from now.

I think a lot of questions about Scalyr. And maybe for those that don't know what it is, can you describe what you did, what they do and what this is going to mean for you 3 years down the road?

Sure. I can speak to that, and then I think Dave can speak to some of the back-end economics because there's certainly some big drivers and benefits there. But Scalyr was a data company that was focused on massive ingestion and organization of data at scale in an extremely efficient cost effective but also performance approach. And why that's so important is, fundamentally, the problems that we're trying to solve as a cybersecurity company, they're data problems. It's quantifying behavior to determine if it's malicious, trying to find that needle in an enormous haystack of data quickly, ingest, analyze and determine goodness or badness. But then if you look at our overall XDR vision, it's this idea that the Singularity platform is really transforming into an XDR platform with the ability to ingest other security products data and provide orchestration and action around that. And what we found in Scalyr is really a super unique company with unbelievably high performance in terms of ability to ingest data at scale but also a lot of efficiencies in the way they do what they do that would help us realize better back-end unit economics as we're in the data business ourselves, data from a security perspective. But that's initially what we've gotten from Scalyr is as we've integrated Scalyr into our back end and moving -- all new customers are now running on that Scalyr platform, we're working on integration for our current customers. What they're going to realize is even better performance in our visibility and hunting platform, the ability to have uniquely best-of-class retention capabilities in the market and as well as just having an incredibly high-quality data analytics framework, that's what we got with Scalyr. So super strategic acquisition for us. And one that -- what's been incredible to see is how quickly we've been able to integrate that into our back-end framework. Dave, anything you want to add?

No. I think you covered most of it. Just thinking of it from an economic standpoint, we increased our gross margin by 900 basis points in our Q2. Some of that is from Scalyr. We're seeing some of the efficiencies from new customers on that platform. We are weighed down a bit in Q3 and Q4 as we -- as Nick has said, as we transition the larger customers from the SentinelOne traditional back end to the Scalyr back end. So we're actually running duplicative storage and querying costs over that duration. So we expect to see suppressed margins for a couple of quarters back around the 59%, 60%. And then we see 62% as the baseline going forward as a stand-alone basis. So we know that this is kind of a new baseline for us, and we're excited about the trajectory from there up to the 75% to 80-plus percent that we expect long term.

Just over the -- our client hotline, don't shoot the messenger. I know this is your least favorite topic, but you know what is coming. The competition question against CrowdStrike. Can you give us just your quick high-level overview. And I think we all believe the market is pretty big, and there's 2 next-generation vendors and a bunch of legacy vendors that are getting crushed is our perspective. But maybe you can fill in from there.

Sure. I'll tell you from a go-to-market perspective, CrowdStrike is a good business, and we have a lot of respect for their technology and what they've done in the space. And certainly the both of us are fighting the good fight against the true competitors, which are the adversaries. I think the thing to really understand is this is an enormous market that I think is a totally unique combination of gigantic market with an incredible amount of disruption. And if you assigned like an alpha value to each, I don't think there's any market better in terms of broad market and current technology disruption taking place. And so there's going to be more than 1 winner in the space. I think, in terms of functional differences, what customers see uniquely with SentinelOne is automation, ease of use and the best protection and prevention in the market. We don't require a lot of heavy handed services or staffs of dozens or hundreds in a security operations center to care and feed for our technology. And why that's so important is because if you -- zooming out, if you look at one of the existential problems in cybersecurity is a human capital shortage. I haven't talked to a single company in my 20 years in cybersecurity have told me they have too many people on their security team. Never. Not once. And so there's always...

Nick, today our CSO spoke to all of our clients. And he said he had a job rec that's been open since January that he cannot fill.

Yes. Absolutely. And so if you think about millions of unfilled cybersecurity jobs around the planet, one of the -- I think one of the greatest value elements that we have is that we have technology that's automated, incredibly effective and very easy to deploy and care and feed because we've built in a lot of this automation with prevention as an outcome. And I think that's what customers see uniquely with SentinelOne as well as, I think, culturally, what they find is a company that's been very focused on innovation. And that's really what it takes in this space is perpetual innovation and working in tandem with our customers to continually build out our capabilities. And a question I get a lot is how have you guys burst on the scene in the last several years. And it's really been that. It's focusing on customers, solving really hard problems to solve in a very automated and easy-to-use way but then continuing to keep our foot on the pedal in terms of investment and innovation.

Cyber Joe is going to jump in. He had a couple.

A large platform player that had an Analyst Day earlier this week talked a lot about XDR. And I think it's a really interesting topic on who ultimately can win the next year, and maybe there's multiple winners. But I'm just kind of curious who do you think wins? Why is an endpoint vendor better differentiated versus, say, a network player? So I would just love your thoughts on that.

Yes. I mean in my opinion, there's really no question that we believe we're the best positioned in the space. And the reason for that is architectural. You can have network security-centric and firewall-centric companies that might have a reasonable amount of data that they want to stitch together, but large companies tend to be fairly closed. They have a closed ecosystem. They don't work well with others. They don't have an open API architecture. But more importantly than all of that is they're not really at the control plane. So their orchestration really stops with an alert and then you have to try to dive into another product to take action. What's totally unique about endpoint players that also have visibility is that we're running at the control plane implicitly. So if -- the name of the game in cybersecurity is visibility, context and control. And so with XDR, if you can stitch all those things together and architecturally, you have a software platform like a SentinelOne that's running at the control plane, we can take action. We also have unfettered visibility into everything. And I think looking back at what's happened really since the force digital revolution of March of 2020 with the pandemic is that it's put an almost total focus on being able to apply security where it matters, which is at the point of execution, whether or not that's a cloud workload, a server, a laptop, a virtual machine, a PC. And that's where endpoint companies like SentinelOne, that's where we're living and breathing and we have that real estate. And so I think that that's a huge factor in sort of the long-term winners in this space. And I think if you combine that with an acquisition of like a Scalyr, our ability to ingest both structured and unstructured data and then, most importantly, be able to take orchestrated action at the control plane with that, that's really what XDR is about. That's what makes XDR very different than SIM, which really was just an amalgamation of data signals that would just give you a collection of more data signals that you would then have to try to run to other products and orchestrate and take action on. Sort of that full life cycle that XDR is promising to deliver, I think, uniquely, control plane technologies like SentinelOne are really best suited to do that.

That makes a ton of sense, Nick. And then maybe just a quick one for Dave. Scalyr seems like it's been a great success for both top line potentially in the future as well as bottom line. How should we think about M&A? Are there any other tangential areas you'd like to get into or maybe ask and flip any areas you don't want to get into, say, network security or whatever it may be?

I think we're looking at everything. Obviously, we raised a significant amount of capital in our IPO. With the success of our Scalyr acquisition, we're certainly looking at whether we should buy, build or partner for future offerings. I think we'll be very acquisitive over the next few years. We're always analyzing these things, checking out different things that we think would be complementary, either as a tuck-in or more transformative as a larger expansion of our offering. So I think just stay tuned on that. I think there will be things to announce in the foreseeable future.

Thanks, guys, for joining. I really appreciate the time, and we look forward to staying in touch.

Thank you.

Appreciate it.