Thesis highlight
SentinelOne (NYSE:S) is fairly valued, and I believe investors should wait for more catalyst of visibility into change in growth trajectory before investing. As I lay out below on the bull case of S, the concern I have is near-term weakness that is expected by the market. While some investors might suggest that now is the time to buy, since all negative expectations are baked in, I believe it would not be too late to invest when we have a better near-term outlook.
Company overview
S builds cybersecurity systems against sophisticated malware and cyberattacks.
Cybersecurity is essential
Cybersecurity is, at its core, a data problem. Machine learning advancements in AI are causing widespread disruption across many sectors because these programs can now analyze large amounts of data and draw conclusions with little to no human input. Since this is the case, I think AI is ready to make significant strides in the field of cybersecurity.
I believe organizations must make use of the petabytes of data it generates in order to achieve fully autonomous cyber defense. In addition, I’m confident that the rate of data creation will skyrocket in the years to come. Therefore, businesses have a lot to lose if they were to ignore the need for cybersecurity. This is especially as the amount of private information held by businesses and their customers continues to grow exponentially, which would mean the number of cyberattacks on those businesses by increasingly sophisticated criminals.
Hackers are always on the lookout for new ways to steal sensitive information for use in future attacks, destroy data to sabotage operations, or encrypt data to hold it for personal gains. Cybercriminals use a wide range of sophisticated techniques to obtain access to an organization’s data via its endpoints and applications. To make things worse, a global network of individual attackers gives it practically infinite scale and the ability to operate independently of borders. Attempts to pinpoint and eliminate all potential entry points for cybercriminals have amounted to a fruitless game of whack-a-mole because of the lack of mechanisms to hold them accountable for their actions.
Consequently, organizations today place a premium on solutions that can assist them strengthen their ability to defend against cyberattacks.
SentinelOne XDR approach is revolutionary
Existing tools can be useful in specific situations, but they cannot detect all of the threats that businesses face. For instance, signature-based approaches are good at spotting previously-seen attacks, but not so great at preventing novel threats like unknown malware. Therefore, organizations have continued to incur substantial losses as a result of cyberattacks, despite deploying a wide variety of point solutions.
Exploiting AI is a next step. In order to effectively prevent breaches, large amounts of data, of varying types, must be ingested and analyzed in real time, and first-generation AI tools are incapable of doing so. Most of these apps rely on simple algorithms that are so inefficient at producing useful “signals” that can be used. As a possible solution, some of these instruments upload data to the cloud in the expectation of making use of the immense computing power there; however, this has not resolved the issue. AI algorithms can only perform as well as the data they are given and the speed at which they can process it, so if the data or processing speed is insufficient, the AI will not be able to effectively solve the problem it is being used for. In other words, moving the problem to a different location or platform (such as the cloud) does not necessarily improve the AI’s ability to solve it. These tools are useless without contextual data that has been carefully curated. They can’t react as quickly as machines can, so they miss a lot of opportunities to stop or prevent particularly fast attacks.
On the other hand, SentinelOne’s platform can process of data from a wide variety of sources in real time, creating a rich context for data by creating a dynamic visualization of information from across an organization. This means that SentinelOne’s AI models are extremely precise, practical, and self-sufficient. In addition, the AI models are deployed on both S own cloud platform and the cloud infrastructure of all of its users. Furthermore, customers are protected even when they are not linked to the cloud, thanks to SentinelOne’s AI models that run on the endpoints themselves.
When multiple data sources are correlated, anomalies become apparent, and S Streaming AI in the cloud can spot them. In addition, analysts can quickly and easily scour through petabytes of data to probe occurrences and track down threats due to S platform ability to provide visibility across all digital assets in a single console.
SentinelOne Vs. CrowdStrike
I think it’s important to talk about the differences between S and CrowdStrike (CRWD) because they’re both making significant headway in Endpoint-related markets. Both firms, in my opinion, provide cutting-edge innovations that are eating into the market share of more established competitors. Despite the fact that they take slightly different approaches to technology, I believe that both companies have a significant opportunity to take share in the Endpoint and adjacent markets, and I estimate that together they only occupy a small portion of the market (both companies total revenue is only sub $2 billion).
That said, CRWD has mentioned the SentinelOne displacement on multiple occasions. Nonetheless, I don’t think this is a zero-sum game, and I’ve heard of transactions in which S replaced CRWD. Therefore, I think it’s important to contextualize the “noise” that these kinds of stories create. The truth is that there are a lot of variables that determine the victor. Most importantly, S and CRWD both capture the majority of their business from vendors who rely on outdated antivirus software. My analysis of the market suggests that it can accommodate rapid expansion from a variety of disruptive players over a considerable time horizon.
Apart from the dynamics of the market, I think CRWD is a good model for S’s future development. Compared to CRWD, S is still in its early stages. When comparing the two companies’ financials side by side, striking similarities emerge. The CRWD’s development may also serve as an example of how S’s financials may grow if growth plans are executed properly. For instance, S gross margins in the mid-60s are significantly lower than software industry peers, which may cause some concern. But they’re not too far off from CRWD’s when it was producing about the same amount of ARR. CRWD’s execution has resulted in significant margin expansion thanks to the company’s scaling over infrastructure costs, increased attach rates, and more effective market penetration. In my opinion, S should scale in tandem with the progress of CRWD.
Expectations have been reset since 3Q23
S’s 3Q23 earnings were the latest in a string of cyber prints that fell short of expectations. While ARR growth remains in the triple digits, growth in net new business has slowed to 30%. With the stock price and valuation having dropped nearly to an all-time low since earnings, I think all the negative expectations have been factored in.
Investors may be on the lookout for a catalyst, and S’s positive reiteration of its framework to breakeven margin in FY25 may be it, given the current high rates environment. Aside from that, despite lower-than-expected FCF in 3Q23, S committed to a quarterly FCF breakeven by the end of FY24. Since the valuation methodology is changing to FCF multiples, the fact that management is committed to this framework regardless of macro developments in the coming year is encouraging.
Valuation
At the current share price, my model suggests that S stock is fairly valued. My belief is that the industry is extremely large, and there is certainly plenty of room for S to grow further; as a result, the model is highly sensitive to how quickly S can grow.
However, growth is expected to slow significantly from more than 100% historically to 55% in FY24, based on consensus estimates. As evidenced by the valuation decline, this significant slowdown has undoubtedly reset expectations for the stock. While I believe S has a good chance of reaccelerating growth once we get past this bad macro backdrop, I believe sentiment will only change when there is more visibility.
As a result of these considerations, I value S at $13.46 in FY24, which is roughly the same price as it is today.
Risks
TAM may not be as big as I expect
I expect that as S develops its presence in adjacent markets, it will face competition from a number of well-established, highly innovative corporations. S’s ability to increase its market share could be severely hampered as a result of this.
Execution risk
CRWD’s strong execution ability is the key to its improved margin, as mentioned above. Although this may be true for S as well, if S fails to execute, market expectation on near- and long-term margin will be impacted, and the stock will suffer as a result.
Conclusion
SentinelOne offers a revolutionary approach to cybersecurity through its use of AI and machine learning to analyze large amounts of data in real time and provide a rich context for detecting and preventing cyber threats. The platform’s ability to process petabytes of data from multiple sources and spot anomalies, as well as the ease with which analysts can investigate threats, make it an effective tool in the fight against cyberattacks. Additionally, the increasing importance of cybersecurity and the growing amount of sensitive data held by businesses make it a necessary investment for organizations looking to protect themselves and their customers.
While all of these are bullish points, I believe it would be wiser to invest later when there are clearer signs that S’s growth rate can re-accelerate.
Be the first to comment