Table of contents
What would a successful share portfolio have looked like in the last five years? Well, it would definitely have included stocks from a specific industry: cybersecurity. Only one cybersecurity share has not performed particularly well since its IPO: the SentinelOne share (ISIN: US81730H1095). While shares such as CrowdStrike, Palo Alto Networks and Qualys have consistently reached new highs in recent years and outperformed the broad market as a whole, SentinelOne's share price has painted a bleak picture.
Investors who were on board from the start would have lost more than half of their investment. The picture looks much better for the other shares in the cybersecurity sector over a three-year period:
SentinelOne only went public in 2021, so there is no data for longer periods yet.
Due to the price losses, SentinelOne now has an EV/sales ratio of less than 8, which is lower than ever before. In comparison, stock market participants are paying almost 28 times sales for its closest competitor CrowdStrike.
The company achieved the strongest sales growth of all in the quarter. So what is going on with the SentinelOne share? Why is it staying near all-time lows while other cybersecurity stocks are only going up? And how do analysts rate the SentinelOne share forecast?
The most important facts in brief
Three main targets have emerged in the area of cybersecurity: Authentication and identity management, cloud and network security, and endpoint protection. While Okta is responsible for authentication and Zscaler for network security, SentinelOne and CrowdStrike take care of endpoint protection.
In addition, companies such as Fortinet, Cisco and above all Palo Alto Networks offer comprehensive solutions across the entire range of products. CrowdStrike is also expanding its offering through targeted acquisitions and expanding into other areas.
The endpoint security division, in which SentinelOne operates, protects devices such as laptops, cell phones and servers that are connected to a company network. The aim is to prevent espionage, Trojans, viruses (malware) and phishing (data theft through fake emails or websites).
According to SentinelOne, the rapid use of cloud services and mobile working brings with it new threats. More mobile devices, often with different operating systems, increase the vulnerability of company systems. Endpoint protection is therefore very important.
The advanced solution is called “Endpoint Detection and Response”. It detects and responds to attacks with the help of machine learning and artificial intelligence. This is done by recognizing attack patterns, identifying suspicious activities and rules such as blocking certain websites.
SentinelOne's platform that offers these functions is called Singularity. According to SentinelOne, it is the first AI-driven platform for “endpoint detection and response”. The special thing about Singularity is that it is compatible with all operating systems such as Linux and Windows and can be used in the cloud, the hybrid cloud and without the cloud. Singularity aims to autonomously prevent or detect and eliminate threats.
SentinelOne uses artificial intelligence to continuously improve its detection and mitigation. While a static AI is there to identify and combat malicious files of any kind, SentinelOne has also created a “behavioral” AI called Storyline, which analyzes behavioral patterns from individual endpoints (i.e. laptops, cell phones, etc.). The data can be analyzed and tracked over long periods of time. As a result, incorrect or malicious behavior patterns are detected directly and can be combated. Once a threat has been identified, it can be combated fully autonomously.
Both of these features also help the company to effectively combat “zero-day attacks”, i.e. attacks that have not yet occurred in this form.
Storyline also has another major advantage: by recording behavior, it is possible to track exactly which changes to a file were caused by malicious intervention. Storyline can therefore fully autonomously restore the exact version of a file that existed before the attack. SentinelOne has patented this process.
However, the benefits of this are controversial in the industry. While SentinelOne speaks of a major competitive advantage, CrowdStrike defines the roll-back procedure as cumbersome and error-prone. But let's be honest - what company wouldn't say this about a patented application from its biggest direct competitor?
SentinelOne names CrowdStrike and VMWare, which was acquired by Broadcom in 2023, as its competitors in the field of endpoint security. The company also points to the comprehensive solution from Palo Alto Networks and the sometimes outdated solutions from Microsoft, McAfee and Symantec.
In many ways, CrowdStrike is SentinelOne's main competitor. Both have a similar business model, comparable partnerships with Zscaler and Okta and are named as leaders in endpoint security by analyst firm Gartner.
What are the differences between CrowdStrike and SentinelOne? A big advantage of SentinelOne is its versatility. CrowdStrike has some missing features for non-Windows operating systems and only works in the cloud. SentinelOne is therefore often preferred, especially for non-Windows systems. Another advantage of SentinelOne is its ease of use. The software is considered more intuitive, updates are simple and fast, and it can easily be extended with other products from SentinelOne or other cybersecurity companies.
CrowdStrike offers a more comprehensive platform with more features. Automated user and authorization management (CIEM) and security analysis during software development (ASPM) are integrated into the CrowdStrike software. These functions are missing from SentinelOne.
Both companies argue about the technical merits of their software. SentinelOne emphasizes its rollback procedure and its automated solution, while CrowdStrike stresses the reliability of its own solution. The data proves CrowdStrike right. At the independent analysis portal Mitre, CrowdStrike won both test categories: 100% and 99% detection rate with no false alarms. SentinelOne achieved 79% and 84%, but is clearly behind CrowdStrike. CrowdStrike also remains unchallenged in Gartner's Magic Quadrant.
CrowdStrike is also larger (3.3 billion euros in sales) than SentinelOne (670 million euros in sales). This allows CrowdStrike to train its AI with more data, which is likely to maintain the gap between the two companies.
Back to the strengths of SentinelOne. The company is currently growing faster than its competitors. In the last quarter, sales increased by 40% compared to the previous year. In the 2023 financial year, growth was even 47%. However, SentinelOne has a profitability problem. With a turnover of 621 million US dollars, it made a loss of 339 million US dollars, which corresponds to a net margin of over -50%.
EBIT was even more negative because high interest income only improved net profit, but not EBIT. A major burden was share-based compensation, which cost over USD 216 million and accounted for around two thirds of the net loss.
In fact, the number of shares has increased significantly over the past two years from 174 million at the end of 2022 to 294 million, diluting existing shareholders. This was also responsible for much of the share price loss.
Since mid-July, the share price has fallen more sharply than the market capitalization. Part of the share price loss is therefore caused by the continuous issuance of new shares (learn more about the outstanding shares metric here).
SentinelOne's management has announced a new compensation plan in 2021, issuing 35 million new shares (approx. 12% of existing shares). However, the annual report also stipulated that the share-based payment may increase the number of shares by a maximum of 5% per year. This means that the dilution for shareholders should be reduced - but shareholders should monitor this closely.
In the last quarter, SentinelOne became profitable in terms of both operating cash flow and free cash flow. This shows clear progress in profitability.
Let us now take a look at the balance sheet. On the assets side, the high level of cash is striking, which is sufficient to cover liabilities, as the company is already cash flow positive. The intangible assets, which consist almost exclusively of goodwill, are also striking. This mainly stems from the acquisitions of Scalyr (2021) and Attivo (2022), which added additional security and AI solutions to SentinelOne's portfolio.
The company is still managed by founder Tomer Weingarten. He has been CEO since the company was founded and is now also on the Board of Directors, which is not unusual in America. He is largely responsible for the success of SentinelOne.
David Bernhardt has been at his side as CFO since 2020. Bernhardt was previously CFO at Chegg, an online learning platform, and is therefore very familiar with the financial requirements of a high-growth technology company. He also held various positions at Palantir.
Analysts expect sales to continue to rise sharply in the coming years. Sales are expected to roughly double by 2027 and margins should continue to rise sharply.
SentinelOne is experiencing a megatrend with high growth rates and is on the way to profitability. Nevertheless, the share price has been falling since the beginning of the year. This is due to some bad news. Firstly, market leader Palo Alto Networks warned of lower cybersecurity spending by companies, which unsettled the industry. Secondly, SentinelOne missed expectations in the fourth quarter of 2023, including a falling net retention rate.
This was compounded by the acquisition of PingSafe, an Indian start-up, for over 100 million dollars in cash and shares. This further diluted the share base. Many investors consider this price to be too high. PingSafe is less than three years old, has fewer than 100 employees and has only received 3.3 million dollars in financing to date. In addition, the founder and CEO sold 2024 shares in SentinelOne for millions of dollars in mid-May. This further undermined investor confidence.
SentinelOne has made great progress in terms of profitability. The gross margin has also increased. Nevertheless, the company is still only valued at an EV/sales ratio of less than 8. This makes SentinelOne a top performer according to the High Growth Investing strategy.
At 40%, SentinelOne is growing faster than CrowdStrike and Palo Alto Networks, but is valued much lower. Gross margin is around 72%, only slightly lower than CrowdStrike's 75%.
In view of this, SentinelOne's current valuation could represent an interesting entry opportunity if dilution from acquisitions and share-based compensation is limited in the future.
This opinion is shared by analysts, the majority of whom recommend buying the shares and expect the share price to rise by around 33% on average.