SentinelOne, Inc. (NYSE:S) Q3 2024 Earnings Call Transcript

SentinelOne, Inc. (NYSE:S) Q3 2024 Earnings Call Transcript December 5, 2023

SentinelOne, Inc. beats earnings expectations. Reported EPS is $-0.03, expectations were $-0.08.

Operator: Good afternoon. Thank you for attending the SentinelOne Q3 FY 2024 Earnings Conference Call. My name is Victoria, and I’ll be your moderator today. All lines will be muted during the presentation portion of the call with an opportunity for questions and answers at the end. I would now like to pass the conference over to your host, Doug Clark, Vice President, Investor Relations. Thank you. You may proceed, Doug.

Doug Clark: Good afternoon, everyone, and welcome to SentinelOne’s earnings call for the third quarter of fiscal year ‘24 ended October 31st. With us today are Tomer Weingarten, CEO; and Dave Bernhardt, CFO. Our press release and the shareholder letter were issued earlier today and are posted on the Investor Relations section of our website. This call is being broadcast live via webcast, and an audio replay will be available on our website after the call concludes. Before we begin, I would like to remind you that during today’s call, we’ll be making forward-looking statements about future events and financial and performance, including our guidance for the fourth fiscal quarter and our full fiscal year ‘24 as well as long-term financial targets.

We caution you that such statements reflect our best judgment based on factors currently known to us and that our actual events or results could differ materially. Please refer to the documents we file from time to time with the SEC, in particular, our annual report on Form 10-K and our quarterly reports on Form 10-Q. These documents contain and identify important risk factors and other information that may cause our actual results to differ materially from those contained in our forward-looking statements. Any forward-looking statements made during this call are being made as of today. If this call is replayed or reviewed after today, the information presented during the call may not contain current or accurate information. Except as required by law, we assume no obligation to update these forward-looking statements publicly or to update the reasons actual results could differ materially from those anticipated in the forward-looking statements, even if new information becomes available in the future.

During this call, we will discuss non-GAAP financial measures unless otherwise stated. These non-GAAP financial measures are not prepared in accordance with generally accepted accounting principles. A reconciliation of the GAAP and non-GAAP results is provided in today’s press release and in our shareholder letter. These non-GAAP measures are not intended to be a substitute for our GAAP results. Our financial outlook excludes stock-based compensation expense, employer payroll tax on employee stock transactions, amortization expense of acquired intangible assets, acquisition-related compensation costs, restructuring charges and gain on strategic investments, which cannot be determined at this time and are, therefore, not reconciled in today’s press release.

And with that, let me turn the call over to Tomer Weingarten, CEO of SentinelOne.

Tomer Weingarten: Good afternoon, everyone, and thank you for joining our fiscal third quarter earnings call. We delivered strong third quarter results, which exceeded our expectations on all key metrics. And once again, we’re raising both our top line and bottom line guidance for fiscal year 2024. This was another quarter of solid execution in a demanding macro environment. Enterprises continue to modernize their endpoint security with the Singularity platform. In addition, we’re seeing strong demand for our Cloud Security and Data Lake solutions which combined grew triple digits. And I’m pleased to announce that we’ve begun delivering Purple AI to enterprises. We also solidified our lead with mid-market enterprises and expanded our business with leading MSP partners through larger and longer-term commitments.

Finally, we continued making significant progress towards profitability with our net income margin improving to negative 5%. Our pace of innovation and technology leadership continued to fuel growth. For the fourth consecutive year, SentinelOne led the MITRE ATT&CK Evaluation with 100% real time protection driven by autonomous security, which is critical in the modern threat landscape. In Gartner Peer Insights, we received a score of 4.8 out of 5 for outstanding customer experience and product capabilities. We’re leading the industry with breakthrough innovations across endpoint cloud data and AI, delivering a fully unified platform experience to organizations, once again setting SentinelOne far apart from other security vendors. We’re addressing critical enterprise security needs, remaining ahead of adversaries now and into the future.

As always, please read our shareholder letter published on the Investor Relations website, which provides a lot more detail. On today’s call, I’ll cover three key areas: one, details of our strong quarterly performance; two, the broader demand environment and state of cybersecurity; three, innovations that magnify our technology leadership and drive future growth across multiple markets. Let’s double click into our third quarter performance, which exceeded our top and bottom line expectations. Revenue grew 42% and total ARR grew 43% year-over-year. Net new ARR growth accelerated to 11% year-over-year, driven by a combination of new customers and existing customer expansion. Despite persistent macro challenges and escalation of geopolitical tensions, the combination of superior technology and solid execution is driving positive business momentum.

Our progress towards profitability remains a bright spot. We delivered a record high gross margin of 79% and we posted a ninth consecutive quarter of more than 25 points of operating margin expansion. In parallel, our free cash flow margin improved by 40 percentage points year-over-year and our net income margin approached only negative 5%. This tremendous progress reflects the scalability and power of our business model. We remain committed to building on this progress achieving positive free cash flow in the second half of next fiscal year. We’re succeeding in the endpoint market from large enterprises to mid-market and smaller businesses where we’re already a proven leader through our MSSP partnerships. Beyond endpoint, the momentum of our platform expansion into adjacent markets is picking up.

Our total customer base now exceeds 11,500. Recall, this number is dramatically understated as it does not include the customers served by our MSSP partners. We’re increasingly protecting more customers through this channel as enterprises are turning to MSSPs for managed security services, which is a highly scalable way to address the mid-market. At the same time, customers with more than $100,000 in ARR grew 33% and customers with more than $1 million of ARR grew even faster. Our success with large enterprises and platform adoption continues to drive higher ARR per customer, which increased about 15% year-over-year. In Q3, we generated strong momentum in the federal arena and secured several new agencies. Similarly, many large enterprises across global health care providers, technology pioneers, and multinational corporations continue to choose the Singularity platform.

These engagements include multiple aspects of the Singularity platform, such as endpoint cloud identity and our data lake. In Q3, Singularity Cloud and Singularity Data Lake were our fastest growing solutions. Combined, they represented over 20% of quarterly bookings and grew triple-digits. We’ve seen a notable uptick in demand for our unified Singularity Data Lake solution. This illustrates the growing diversity of our business and our expanding platform horizon. Singularity Cloud and Data Lake are so much more than add-on modules. These are highly differentiated and enterprise critical technologies with massive TAMs and long-term growth opportunities. Our dollar based net retention rate remained north of 150% as our existing customer base continues to deploy additional platform technologies.

We see significant long-term potential based on high customer retention and satisfaction, expanding product categories and early stage adoption from our installed base. Onto our partner ecosystem. We achieved another quarter of standout growth with our MSSP partners in Q3, and our momentum in mid-market enterprises remains strong. MSSPs represent the fastest growing channel category in the security market and the preeminent way to protect SMBs. Our platform architecture is purpose built to help service providers manage security at scale and drive meaningful growth. Multi-tenancy, automation and remote management make Singularity the platform of choice for MSSPs. In Q3, we continued to solidify our leadership position with MSSPs. On the competitive front, we continue to win a significant majority of competitive evaluations against both next-gen and legacy endpoint providers.

When you look beyond endpoint security, the competitive landscape tilts further in favor of SentinelOne. Our unified data and security platform architecture helps enterprises consolidate spend on products and consoles, resulting in better value, efficiency, and user experience. These jointed platforms do not result in better protection. Bigger brands do not mean better security. As proven by the string of massive breaches, these solutions are frequently breached. Just think about the many high profile cyber attacks in the last few months and the shortcomings should be obvious. We introduced a novel approach that yields real time superior protection and delivers fully autonomous cybersecurity and unified enterprise data in one place. With the migration to cloud-based architectures and the adoption of AI-based technologies, digital infrastructures are rapidly evolving.

More important now than ever before, our unified security data lake architecture enables organizations to move at the pace of AI while also modernizing enterprise-wide visibility and protection. In many cases, our competitors can’t even offer cloud security or security data lake. We have distinct technology advantages in these areas, including resource efficient workflow protection and an actual unified data architecture capable of ingesting enterprise-wide data. We are engaging with enterprises in winning deals with Singularity Cloud and Data Lake regardless of the installed endpoint vendor. Helping enterprises manage complete security data at scale with better cost and performance is a strategic conversation that is different from focusing on point solutions.

Over time, we believe these opportunities will open the doors for further consolidation with the Singularity platform, resulting in greater platform adoption. Let me highlight two examples. First, after 15 years of using Splunk, a large enterprise replaced it with Singularity Data Lake alongside our endpoint and cloud security. After consolidating multiple security needs on the Singularity platform, this enterprise has also deployed Purple AI to get a fully integrated autonomous experience. Like many others, the customer valued SentinelOne’s unified platform that fuses security data and actions, future proofing their enterprise security posture. Second, among many federal wins in the quarter, one of the agencies similarly selected SentinelOne to consolidate security across endpoint cloud and data.

This federal agency completely replaced their Legacy SIEM solution with Singularity Data Lake showcasing that SIEM is the past and Singularity Data Lake is the future. Our competitive wins demonstrate how AI-based technologies are fueling both new customer wins and significant expansion across multiple end markets. Let’s turn the discussion to the broader demand environment and cybersecurity landscape. The demand environment remains relatively consistent with last quarter. From a macro perspective, global economic challenges persist and are further typified by rising geopolitical tensions. Yet, the threat landscape remains unrelenting. The velocity and complexity of attacks have dramatically increased. As an example, dwell times have shrunk from months to days, presenting new challenges for corporate defenses and putting more emphasis on the need for real time protection.

A slew of recent high profile breaches showcase the enormous consequences for enterprises. A single attack can cost hundreds of millions of dollars, lost business, and disrupted operations. Events like these are constant reminders of why cybersecurity must be the top priority for CIOs around the world. The most unnerving part of these attacks is that they continue to circumvent so called large platform vendors. Time and again, point products and endless list of modules meshed together in these jointed platforms are consistently failing to protect enterprises. Vectors of attack are forever evolving, a constant moving target in the edge of AI. Cyber warfare has also taken a new turn towards online disinformation and manipulation. Geopolitical tensions are spilling into cyberspace, destabilizing and undermining normal business operations and even parts of society.

At SentinelOne, we’re ushering a new age of enterprise security, one that can outpace the threat landscape by taking a holistic approach to managing risk through AI-based real time operations. Beyond security software, there’s a clear need to assess, quantify, and articulate risk from security executives to the CEO and Board of Directors. A shift in risk management is needed to prepare and protect against fast acting complex cyber attacks. In Q3, we launched PinnacleOne, a strategic advisory practice to help enterprises and governments build world class cybersecurity programs. I’m thrilled to have Chris Krebs and Alex Stamos join SentinelOne. Both are renowned industry experts who lead with integrity. Combining their talents and SentinelOne’s technology leadership makes PinnacleOne a highly valuable and unique resource to enterprises and governments across the world.

PinnacleOne will help management teams and boards understand who the attackers are, what they’re after, and how to fortify their security framework beyond just deploying any single product. This will also help public and corporate leaders to better assess cyber risk and liabilities so they can develop effective strategies and mitigate potential impacts. Let me also share an update on our leading innovations across multiple growth areas. We recently hosted our first customer and partner conference and showcased our commitment to four key areas: data and AI, cloud, and as always, endpoint. As I’ve said before, cybersecurity is a data problem. We are the first company to introduce a fully unified data and security platform. Legacy SIEM solutions are falling behind and security vendors are clamoring to keep up.

SentinelOne’s unified data and security platform delivers cost efficiency and high performance at scale. In Q3 we secured large data deals, which reinforces the demand from large enterprises looking to modernize away from legacy SIEM solutions. Recent news of the leading SIEM vendor being acquired is further boosting enterprise interest in our Singularity Data Lake. We’re taking Singularity to the next level through AI. We’re disrupting the SIEM and security markets by fusing Purple AI with our unified data lake. Purple AI is fully integrated across the entire Singularity platform and user interface. It enhances investigations, simplifies threat hunting, makes recommendations and automates actions. In essence, it supercharges every SoC and data analyst unlocking efficiency and accelerating response times.

As I mentioned earlier, we’ve already started selling Purple AI to select customers. We expect general availability in Q1 of next year. The combination of Unified Data and Purple AI puts us in a strong position to deliver enterprise-wide security and disrupt the legacy data analytics market. Next, we’re expanding our cloud security offerings. We are already leading in cloud workload protection and cloud data security. In the coming year, Singularity Cloud will become a full featured CNAPP with agent-based and agentless capabilities. We’ll have more to share in the next couple of quarters. And as always, we will continue to maintain our technology leadership and endpoint. We achieved the 4th consecutive year of leadership in the MITRE Engenuity ATT&CK Evaluation.

Our approach to this year’s MITRE evaluation reflects our philosophy and protection that speed and autonomous security are critical. Unlike most participants in this test, you will see zero delays or configuration modifiers in SentinelOne’s results. In contrast, our closest next-gen competitor had over 20 delays and configuration changes. Achieving 100% detection and protection without any do-overs is the difference between a simulation and the real world. Attackers don’t offer extra time or a chance to make configuration changes. Singularity is built to be real time, AI-driven, and autonomous, critical to combat against modern threats. Before concluding my remarks, I’d like to mention some exciting updates. We’ve made some terrific additions to our leadership team that bring unrivaled industry expertise.

Michael Cremen joined SentinelOne in November as our new Chief Revenue Officer. Michael joins us as CRO from Elastic, where he was instrumental in scaling the business to $1 billion and beyond. His experience unites security and data in a way that ideally matches our mission. This transition has been thoughtfully planned over the past several quarters. I want to thank and congratulate Mark Parrinello, our former CRO, for its contributions and well deserved retirement. Mark will remain at SentinelOne until the end of this fiscal year to ensure smooth transition. As I mentioned earlier, I’m also excited to welcome Chris Krebs and Alex Stamos to the SentinelOne team. They are renowned for their cybersecurity thought leadership with deep experience across both public and private sector, including Homeland Security, CISA, and global tech giants like Facebook and others.

In closing, our technology and talent are stronger than ever, leading to another quarter of outperformance. Together, we remain focused on the long opportunity and maximizing our business potential. Most importantly, we’re focused on helping enterprises advance their infrastructure and security now and for the future. I want to thank all Sentinels as well as our valued customers, partners, and shareholders. With that, I will turn the call over to Dave Bernhardt, our Chief Financial Officer.

Dave Bernhardt: Thank you, Tomer. This afternoon, I’ll discuss our quarterly financial performance and provide additional context around our guidance for Q4 and fiscal year ‘24. As a reminder, all comparisons are year-over-year and all margins discussed are non-GAAP, unless otherwise noted. Our third quarter results exceeded our expectations across the board. We delivered high top-line growth and substantial margin expansion. Revenue grew 42% to $164 million and ARR grew 43% to $664 million, reflecting a net new ARR of $52 million in the quarter. Our net new ARR exceeded our typical third quarter seasonality and accelerated to 11% year-over-year growth. Our growth has accelerated despite persistent macro challenges. We delivered strength across all geographies.

Revenue from international markets grew 46% and represented 37% of revenue. Q3 revenue also benefited from a stronger contribution of our professional services, driven by elevated breach activity across legacy and competing platforms. As Tomer mentioned, deploying software alone doesn’t solve all security challenges. This is why we acquired KSG and launched expert advisory practice, PinnacleOne. We continue to drive a healthy mix of new customers and existing customer expansion across businesses of all sizes. Our ARR per customer rose 15% year-over-year to approximately $60,000 per customer. In addition, our momentum with MSSP partners, and by extension SMBs, was particularly strong as it continues to fuel a solid base of long-term growth.

We continue to take market share from incumbents and next-gen vendors, and our third quarter performance signifies our strong competitive position in enterprise demand for SentinelOne’s best-in-class cybersecurity. Looking beyond top line growth, our progress towards profitability remains a bright spot, evident by significant margin improvements. Our gross margin reached a new record of 79%, showing an 8% year-over-year improvement and comfortably within our long-term target range of 75% to 80% or higher. This important achievement reflects the benefit of our increasing scale and platform unit economics. Our margin improvement is indicative of healthy pricing and the value and innovation we deliver to customers. It also demonstrates the success of our land and expand strategy.

Our unified security and data architecture in a single platform is delivering meaningful value for SentinelOne as well as our customers. Q3 marked our 9th consecutive quarter of more than 25 percentage points of year-over-year operating margin expansion. Our increasing scale and cost discipline are driving substantial operating margin improvement. Q3 operating margin expanded 32 percentage points to negative 11%. And we’re not just improving our margins, we’ve also significantly reduced our operating losses by more than 60% to negative $18 million in Q3 from negative $50 million in the year ago quarter. Similarly, we improved our free cash outflow by about 60%. This is tremendous progress. It reflects the continuing success of our proactive efforts to enhance working capital and thoughtfully manage our costs.

We are committed to building on this progress and achieving positive free cash flow in the second half of our next fiscal year. Moving to our guidance for Q4 and the full fiscal year ‘24. The demand environment remains consistent with the trends we discussed last quarter. Indeed, customers are still facing higher costs of capital and additional approval layers. These dynamics can impact visibility into the timing or size of potential deals. It’s prudent to be mindful of these dynamics as we enter Q4, our seasonally largest quarter of the year. Despite operating in a challenging macro and geopolitical environment, we’re raising our revenue and margin expectations for fiscal year ‘24. Our teams are executing well, our win rates remain strong, and we are delivering operating leverage.

In Q4, we expect revenue of about $169 million, reflecting growth of 34% year-over-year. For the full year, we expect revenue of about $616 million, reflecting growth of 46% in fiscal year ‘24. This is an $11 million increase compared to the prior outlook of $605 million, above and beyond our Q3 beat. Based on this view, we’re on track to deliver about $200 million in net new ARR for the year, up from our prior expectation of $195 million. Based on our go to market momentum and strong competitive position, we feel confident in our ability to deliver against these higher full year growth targets. Importantly, we’re seeing durability in our new business generation and the trajectory of growth rates. Beyond endpoint security, we’re encouraged by increasing platform adoption of our adjacent solutions like cloud, data, identity, and AI to drive diverse growth opportunities for years to come.

Turning to the outlook for margins. We expect a Q4 gross margin of about 77.5%, implying a year-over-year increase of about 2.5 percentage points. On a constant currency basis, we expect our Q4 gross margin to be relatively consistent with Q3. Also for the full year, we are raising our gross margin guidance to 77%, up about 5 percentage points year-over-year and up 100 basis points when compared to our prior guide of 76%. We expect continued benefits from increasing scale and data efficiencies inherent in our business model. Finally, we expect operating margin to be negative 14% in Q4, implying an improvement of 23 percentage points year-over-year and is stronger than our prior expectation. For the full year, we are raising our guidance for operating margin to about negative 20%, up 5% compared to our prior annual guide of negative 25%.

This implies a significant improvement of more than 29 percentage points compared to fiscal year ‘23. We expect Q4 free cash flow margin to improve sequentially based on the seasonality of cash collections and payments and our improved operating margin outlook. We have a very strong balance sheet with $1.1 billion in cash, cash equivalents and investments, and zero debt. This provides durability and flexibility to optimize top-line growth and margin improvement. We are delivering industry-leading margin improvement and moving closer to achieving positive free cash flow generation. As I’ve said before, we’ll continue to grow market share and capitalize on large TAMs with disruptive technologies. Our investment approach remains selective and focused on key areas of competitive strength, notably data, AI, cloud and as always, endpoint.

This is evident by our strong top-line growth and industry-leading margin improvement. Thank you all for joining us today. We will now take questions. Operator, please open up the line.

See also 20 Real Examples Of Genetically Modified Organisms and Top 20 Most Valuable American Companies Today. 

Q&A Session

Operator: [Operator Instructions] Our first question comes from the line of Joshua Tilton with Wolfe Research.

Joshua Tilton: Hey, guys. Thanks for taking my questions, and congrats on a pretty solid quarter. Kind of just clarifications here, but customer additions came in a bit lower than we were expecting, anything to highlight there? And just you called out offering a broader CNAPP platform in the next 12 months. Is that going to be developed in-house or are you guys looking to make some acquisitions in that space?

Tomer Weingarten: The customer count is rounded down, but moreover, I think the amount of additions that we see for our MSSP [ph] channel is very significant, and that spans midsize enterprises all the way to SMBs. To us, I mean, it was a very strong quarter of customer additions. Moreover, the ARR per customer is obviously something that we optimize and reinvest in, and that obviously has another impact on the total customer count. Having seen our ARR go up per customer 15% year-over-year, obviously, that’s the exact trajectory that we want to see. So all of that kind of goes into the customer count, but all-in-all, a very healthy kind of net new quarter for us. As for CNAPP, I think we’ve been focused on developing internally for quite a few quarters.

We already have, I think a large subset of capability is already available in the market. With that, we always kind of look out there to see if there’s any interesting technologies. We never preclude an acquisition. But with that, we’re very-disciplined I think in how we approach acquisitions, especially these days. But all-in-all, I think we’re feeling more and more confident about our ability to provide a full CNAPP portfolio in the near future.

Operator: Our next question comes from the line of Brian Essex with JPMorgan.

Brian Essex: Thank you for taking the question, and great to see the margin expansion. It’s really nice to see. I guess, Tomer, just one question for you. Really interesting development with PinnacleOne. Could you maybe unpack a little bit what your intentions are with that part of the business? Is this going to be more of a lead gen innovation type consulting business or is it more incident response? And how might that impact — how might we expect that to impact revenue margins going forward?

Tomer Weingarten: Absolutely. Definitely not an incident response firm. We actually have already incident response capabilities within Vigilance. We’ve had them for about three years now. When we look at PinnacleOne, if you kind of look at what’s happening in the threat landscape for the past couple of years, we’ve seen an incredible shift, I think, in attack methodologies. And we’ve also seen, I think, just the failure of the product methodology. People obviously have security products, yet they’re still getting breached. And what we’re seeing more and more is not only the shift in liability to the boardroom, to the CEO, to the executive level but also the need to actually come up with a security strategy to assess risk and to understand risk, quantify it and convey it in a much better way.

PinnacleOne comes to address exactly that. It’s a highly strategic advisory service, again, with some of the best minds in cybersecurity that comes to help our customers and new prospect, design their security posture, regardless of the product, obviously. This is completely vendor neutral. Obviously, if you couple that with our technology leadership, if you couple that with the level of threat intelligence that we see and overall geopolitical mapping that we do, you get into a very unique service, I think, in the entire landscape and one that should provide for ample risk reduction for customers out there above and beyond the products that they deploy.

Brian Essex: And maybe, I don’t know if Dave could expand on the size of that business and margin impact given it’s more kind of a headcount-focused business?

Dave Bernhardt: Yes. And for Q4, I mean, it’s essentially immaterial. I think it’s under $1 million of total impact to the quarter. So, really no effect on revenue or margins for the current quarter. For next year, we’re obviously working on the plan for next year and we’ll give you guys more visibility on that when we announce Q4 earnings.

Operator: Our next question comes from the line of Saket Kalia with Barclays. Please go ahead.

Saket Kalia: Tomer, maybe for you, I just want to dig into the competitive environment a little bit in endpoint, not the usual suspects, but I think there are some public reports out there that Carbon Black may change hands again, may not stay with VMware as part of that sort of broader deal. Maybe the question for you is, can you just talk about them a little bit as a competitor, and whether you think that could be a significant share gain opportunity for SentinelOne?

Tomer Weingarten: Sure. Yes. I don’t put a lot of stock in rumors, as you can imagine. But at the same time, it’s definitely been one of the most preeminent share donors out there for the past couple of years. I think the technology has largely stagnated, and we’ve seen a pretty decent amount of Carbon Black displacements throughout the last couple of years. With that, I think the size of the business is not so material. So, it can really change or impact things in the endpoint market in a significant way. But with that, again, it’s a relatively easy target for displacement, Carbon Black was mainly on the EDR side, while most prominent vendors right now in endpoint actually cover both endpoint protection and EDR. Most customers are looking for one solution, one platform to cover both aspects. So that doesn’t bode well for Carbon Black, period. So I don’t know where they’re finally going to find a place or not, but I feel it’s relatively incremental.

Saket Kalia: Dave, maybe for my follow-up for you, and echo the prior comments, just great to see the continued improvement in operating loss. Can you just maybe talk about the restructuring program that we implemented earlier this year? And whether we’ve seen most of the benefits of that yet, whether there’s still some more benefit to come? How do you think about that sort of restructuring having played into this improvement and how much more is left?

Dave Bernhardt: The impact of the restructuring, it’s been included in our annual and quarterly guide since we announced it in Q1. So, no real incremental pick up from that. With that being said, we’re continuing to analyze the yield from our expense investments for growth and expanding market share. You see this evident in our continued operating margin expansion. I think we’re 9 straight quarters of 25% or more year-over-year improvement. And our Q3 results show margin improvement well and above any benefit we would have gotten from restructuring. So, we implemented that. We operated it essentially fully I think on June 1st and we’ve been off and running from that point on.