Bloomberg Intelligence Senior Analyst Mandeep Singh talks to SentinelOne COO, Nicholas Warner, about how SentinelOne is disrupting a fragmented endpoint security market.
SentinelOne and Fragmented Endpoint Security | Tech Disruptors by Bloomberg Intelligence: this mp4 audio file was automatically transcribed by Sonix with the best speech-to-text algorithms. This transcript may contain errors.
Mandeep Singh:
Hello and welcome to the Tech Disruptors Podcast hosted by Bloomberg Intelligence. In this podcast series, we talk with CEOs and management teams about their views on disruption and how it’s driving their decision making and strategy. My name is Mandeep and with me today is Nick Warner, CEO of Sentinel one. Nick, welcome to the podcast.
Nick Warner:
Thanks. It’s great to be with you.
Mandeep Singh:
Great. So, look, I mean, you guys reported results, fourth-quarter results, very impressive. Topline growth of 120%. And when you look at Gartner or one of these third-party providers, they claim that you probably have one of the most complete products in the EDR segment, but maybe we can start off with just how you see as the addressable market because EDR to me as an analyst is a new segment. This industry was traditionally antivirus and endpoints and now every company that I follow either says XDR or saw and they have different solutions and I’m sure there is a selling motion around it. But I’m curious in terms of how you see the addressable market for SentinelOne, given that you’ve gone public recently.
Nick Warner:
When we’re viewing our addressable market and doing so in traditional terms, relying on analysts’ estimations of different parts of the market, even as we sit today pre the acquisition that we just announced of Attivo Networks.
Mandeep Singh:
I think, yeah, we’ll talk about it.
Nick Warner:
And I think our estimation of our existing TAM before we are now announcing our acquisition into identity security is really 48, 48 billion in terms of traditional viewing of the total dollars at stake. And the reason it’s so large is really for us EDR and XDR are subsuming multiple sectors of cybersecurity. So when you think about traditional endpoint security, that’s about a $16 billion TAM. But then you think about security analytics, saw orchestration and response. That’s another call it 16 billion. And then it operations and management. That’s another say 16 billion. All together. All told, about 48 billion. And really what’s happening is that there is this generational shift away from traditional tools in each of those areas on-premise, signature-based, brittle approaches, appliance-based software that across the board what’s happening and truly has accelerated in the last couple of years with the work from home revolution that took place at the beginning of 2020 is really a move and a rush to cloud-native, cloud-based solutions. And from a timing perspective, are entrants in a broadway into the market was really perfectly timed in that what we represent is a truly extensible platform that can do elements of IT operations. We inherently do orchestration and security automation and obviously, our claim to fame is around endpoint security and visibility. I would also add, though, that typically what we see, especially in a deal-by-deal basis, is that the dollars are underrepresented because they are viewing it through the traditional existing technology spend.
Nick Warner:
And typically we find customers are more than willing to spend more on advanced and far more powerful and effective solutions like SentinelOne. So we feel like those dollars as big as that TAM is, actually is underrepresented. The last thing I would leave you with is as we announce this acquisition of Attivo network for us, there is an identity protection TAM of probably 4 billion that we now are playing in as well. So all told, it’s an enormous market and it’s definitely a market from a technology perspective that’s undergoing a pretty incredible revolution in the last few years. A lot of it is borne by the attack landscape really accelerating and taking epically for in terms of advanced technology being deployed by malicious actors, people working from home, the collapse of the traditional network, the rise of cloud workloads, and really the consumerization of applications and. Hardware. So this idea that really has taken root and is absolutely mainstream now is you need to protect and inspect at the point of execution whether or not that’s a laptop, a mac, a PC, a virtual machine, or a cloud workload. And all of those things really represent just a total changing of the guard as it relates to cybersecurity, which was in a lot of ways constructed around this physical notion of a network. And that is now all a thing of the past.
Mandeep Singh:
All right. So you mentioned so many things, so I probably will go over it one by one. You know, look, when we look at security, obviously, there are different vectors. And the reason why this space comes across as very fragmented is that there is some new vector that people will discover. It becomes a vulnerability point and then somebody will try to solve the problem. And that’s why you’ve got so many new companies that keep coming up. And the VC side is also funding a lot of these companies. But I guess coming back to SentinelOne and their value proposition like Microsoft claims that they have bundled security with their office suite. So in terms of your selling motion, how are you going out there and competing with somebody like Microsoft? And maybe if you can hone in on what your kind of focus customers are, is it the small and midsize or enterprise customers?
Nick Warner:
Yeah, I think the first thing I would say about a bundled approach and I think this probably will resonate with all of our listeners when is the last time you got something that was truly great for free? And in my experience, it’s the answer is never. And I think today, especially with the urgency and severity around cybercrime and cyberattacks, no one wants to settle for. The second best as it relates to our focus is enterprise accounts. And I think if you look at our results, our success there are growing success there. And momentum really bears out in terms of our financial results. Customers that are over 100,000 are our customers that are over $1,000,000 of are. Those are growing even faster than our overall hyper-growth as a business. But to be clear, this is part of the power of our technology that we built is by building in a lot of automation and autonomy into the technology itself. We’ve taken very advanced technology and we’ve made it incredibly easy to consume. So we have thousands of small and mid-sized customers. We have hundreds and hundreds and hundreds of very large customers using our technology.
Nick Warner:
And it’s really about democratizing advanced technology to better balance the scales against the adversaries and attackers who themselves are deploying very advanced techniques and technology against companies that really in the past several years, it has become totally clear that they really had been outgunned and out-innovated against their existing security stacks. So, you know, I think if you talk to a SentinelOne customer or partner, what they’ll tell you that is the biggest differentiation between us and others, even from a modern or Next-Gen perspective, is the level of automation and AI that we’ve layered into the product. So we don’t require, you know, dozens of security experts to care, feed and babysit the technology and to respond to alerts or incidents that we’re flagging. Our technology really has a high level of orchestration and remediation built into it, and that really has enabled organizations to vastly up-level their technology stack without having to make an enormous investment. And oftentimes it would be an untenable investment in all sorts of security experts to care and feed for this advanced technology platform.
Mandeep Singh:
So so maybe on that point, are organizations that are using SentinelOne at depth at this point of time? Are they just using SentinelOne or they’re using multiple security providers and you happen to be one of them? I’m curious because CrowdStrike also claims they focus on enterprise customers and their results also speak for themselves. So curious how we should think about it in terms of both doing well.
Nick Warner:
Yeah, well, one interesting industry fact is that the average large enterprise has 50 to 60 security vendors. And if, like me, you hear that go, wow, that’s how on earth do they manage all of those? I think if you talk to those large customers, they ask themselves that question every day. That’s the opportunity that presents itself really for companies like ourselves and a couple of other select companies that are that are doing advanced things from. A technology perspective is that there is an incredible need for consolidation of technology elements in cybersecurity. So that’s why if you looked at really what’s happened with our technology, it’s doing a lot more than just replacing antivirus. It’s doing a lot more than just replacing first wave EDR or visibility vendors. There has been. For all too long a real need to get away from having dozens and dozens of security vendors that are overlapping. Because what ends up happening and this is a very real thing in cybersecurity from a practitioner perspective, is this notion of alert fatigue. One incident will send off like 20 or 30 different alerts. What ends up happening is it’s like the old tale of the boy who cried wolf is that if you get too many alerts, you end up ignoring them, and then you end up missing the one valid one in the noise that all these different products that are stepping on each other’s toes are flagging in the account. So a lot of times less is more. And you want something that can really tie in all of the data, apply advanced algorithms to the data that’s being collected and intelligently flag at the right time if something malevolent is happening in your network or on your end-users machines. And that’s really been our that’s our focus as much as anything. Now, all of that said, there’s absolutely still a need for other security elements in the stack. There’s identity and access management providers. There are email security vendors. So there’s always going to be elements and products from other security vendors. But as far as really focused threat detection and response, that’s what we specialize in.
Mandeep Singh:
So I guess since you mentioned, you know, the solution is based on AI and there’s a lot of automation in that. I mean, CrowdStrike claims that, you know, they have a single agent architecture and they’ve been doing this much longer. And we know I really get better as you provide more data to the algorithm. So would it be fair to say that they probably have a head start when it comes to this AI-based approach compared to where you guys are right now?
Nick Warner:
Well, I think what you said is totally accurate, that they’ve been doing it longer, but we think that that’s a hindrance, not a help, because what it means is and what’s so important to this type of technology is the data fabric that sits underneath in the back end. So when you’re collecting all this data, how efficient can you be at scanning, collecting, saving, and then applying algorithms against the data? And if you look at a company say like a CrowdStrike that’s over a decade old, that’s built on data elements that now are very long in the tooth. And by if you’re leveraging things like Splunk. Splunk was a product 15 plus years ago. That was long before this data revolution. Splunk was not built in a cloud-native world. And so one major advantage that Sentinel one has as a quote-unquote newer vendor, I mean, we’re nine years old. We’ve been active in the market for about five or six years in terms of commercial success. But we feel like we have much more advanced technological underpinnings behind the scenes because frankly, we’re built on a more modern stack. I think another really important consideration is our acquisition of Scalar, which was a data analytics firm about a year ago, which we have subsequently totally replaced our back end data lake to one that’s powered exclusively by Scalyr. That was a really, really pivotal moment for us from a technology perspective because what that has powered us into is this notion of XDR, the ability to ingest other security vendors, data sources and do it at scale. And we could only do that had we replaced our back end with a modern, extensible, and internally owned data analytics technology. And that’s what that’s what we pulled off in the last several quarters. So really, really important. Back in consideration. I think on the front end, what we feel like we built is a much more automated solution. So, you know, a lot of times I think what we’ll hear customers describe CrowdStrike as is a managed service. And so it’s it’s a sensor-based platform that then is overseen by human operators. And for us that inherently is brittle. Humans can’t scale infinitely, but machines can. And so what we try to architect and build is a much more automated platform that could make autonomous decisions powered by machine learning. And we built-in remediation capabilities from an architectural perspective. What that means, I think the simplest way I can describe that is. Our software that runs on systems is much more of a smart agent rather than a passive sensor. And a lot of EDR vendors, including our public company peers, really have an architecture that’s a passive sensor that’s collecting data, and then they’re doing data, data hunting in the cloud. We’re doing it autonomously on the endpoint.
Nick Warner:
And the advantage to that is really twofold. The first is time to detect radically faster milliseconds or single digit seconds, rather than minutes or hours for human operators to sift through the data and figure out what’s going on. And the second thing is you have a much more durable level of protection because you’re not reliant on sending data to a cloud, a cloud platform, having human operators view that data and then sending your response out in a race against the clock. We’re doing all of what we do at machine speed, and that’s super important. When you think about modern attacks, how long does it take for ransomware to detonate and execute on a machine? Milliseconds or seconds. So you don’t want to insert humans into that detection process because they literally won’t be able to to beat the speed of a machine. And so I think that bears out in in testing the customers do. It definitely bears out in Gartner’s coverage where we were ranked number one in in use case applications for for company types A, B and C, which means advanced companies, mainstream companies and also conservative companies as it relates to security spend in that critical capability section of Gartner’s most recent coverage of our space, we were ranked number one in all three, and that really just speaks to having an advanced technology platform that’s also super effective, autonomous and easy to use.
Mandeep Singh:
Yeah, no, that makes a lot of sense. So maybe one last thing on the technical aspect of it. You mentioned cloud workloads as well as edge devices. If you had to, you know, kind of explain to an investment audience, which one do you think is a bigger opportunity and why?
Nick Warner:
I would say cloud workloads and what we’re seeing is really a massive, massive, massive shift away from internally built software applications that DevOps lifecycle taking place within an organization in a data center. And now a lot of that is taking place in cloud workloads. And then subsequently those applications live and reside in public clouds. And what’s inherent in that is this notion of from a DevOps perspective, you really can run a lot faster, but when you’re running really fast, what ends up happening is security gets left behind and forgotten about. And what we’re now seeing and certainly in the last year we’ve seen this is a lot of organizations are waking up and realizing what’s going on here. You know, 80% of our applications are living in cloud platforms on which we really haven’t deployed meaningful security. So back to your earlier question around the total addressable market, that cloud workload protection market, we’re still in the very early innings of a nascent phase of and that is not a technology or a security product replacement sales motion that is these platforms are totally unprotected and now they need to apply threat detection and security into those platforms. So we feel like that market is going to play out over the next several years. It will be as large or larger than that traditional endpoint security market, and we’re very much a part of that conversation.
Mandeep Singh:
So CrowdStrike did share their ARR coming from cloud workloads. I think they mentioned around 200 million run rate, something like that. Anything that you can share around what portion of your revenue is coming from cloud workloads right now?
Nick Warner:
I mean, I think what we broke out is our server and cloud workload business had grown ten X from the prior year. We’re not breaking out yet individual ARR metrics for that, but we are extremely pleased with how fast that business is growing. And again, that market is massive. I think one thing that the right perspective to keep in mind as it relates to the overall opportunity as in threat detection and this part of cybersecurity, which frankly is the most important part of cyber security, is that it’s such a big market. This is not a winner takes all market there. There is and will be room for a couple of leading vendors. And we have a lot of respect for the platform that CrowdStrike built. And I think in terms of how we view ourselves, we view ourselves as a more modern, orchestrated platform that really provides better protection. But it is a market that there when you talk about the amount of oxygen for vendors, there’s definitely room for a couple of leading vendors. I think at the end of the day, what we live and breathe competition from a vendor perspective all day long. But the perspective that we had sent, the one never lose is that our true competitors are the adversaries, and they’re not bound by corporate politics. They’re not bound by marketing budgets. We always have to innovate, stay on point, stay true to ourselves in terms of relentlessly pushing ourselves forward from an innovation perspective to battle our true competitors, which is the adversary and. Sadly, those competitors aren’t going anywhere any time soon.
Mandeep Singh:
Yeah. No. And just, I guess on the results. One more question. So clearly, investors are focused on, you know, the selling motion and the high sales and marketing intensity. And this quarter there was a notable improvement in terms of just the free cash flow metric. So how do you think about your sales cycle and maybe in terms of visibility like do you think the sales cycle has shortened given the heightened threat environment or just any characterization around the sales cycle and just overall selling motion with regards to partners or anything else that you want to add there?
Nick Warner:
Yeah, I think a wise strategic decision that we made a few years ago was to be 100% partner-focused. And what I mean by that is not just your traditional security resellers, but we invested early, both from a go-to market perspective, but also from a technology platform perspective in being able to build a product that would resonate with strategic partners, partners like MSSP, you know, managed security service providers, MDR, managed,detect and respond providers, IR firm’s, incident response firms, and we’ve over the last couple of years become the platform of choice for those providers. What we get from that is in that sales motion. These are not competitive sales motions. These are fast-moving, fast closing business deals that when we do a partnership with a managed service provider, we within months get deployed out to all of their customers. They don’t do competitive bake-offs and evaluations, etc… And so what we get is a really efficient sales motion. As we’ve announced really interesting partnerships with the likes of Mandiant, CRO, KPMG, you know, Alvarez and Marcel by Bea and others all around the world. Those incident responders are utilizing one’s platform as they’re responding to breaches around the world.
Nick Warner:
What we’re seeing is about a 90% conversion from when we get deployed in an incident response motion to becoming a paid sentinelOne customer. And we’re also seeing average sales cycles of under 60 days from start to finish there. So that’s another super-efficient way to go to market and to be relevant and inserted at a customer at the exact right time. And then if we combine that with this flywheel we built with our traditional security resellers, it really lets us punch well above our weight in terms of having a few hundred plus enterprise focus sellers here, as well as what we feel like is a world-class SMB and Insight sales team. But we combine that with the thousands of sellers from our security partner community around the world, and it just gives us incredible reach and scope. And I think what’s what’s really encouraging is we’re seeing that that investment we made a couple of years ago, it’s playing out in our results now as our as you mentioned, our triple-digit hyper-growth continues and we’re able to get more efficient at the same time, which is super rare in the industry.
Mandeep Singh:
Got it. So let’s get into some rapid-fire questions and you can keep your answers brief so that we can wrap it up in the next 10 minutes. Any misconceptions about SentinelOne that you want to clear with investors?
Nick Warner:
I think the first misperception that we battled up and through our IPO was that we didn’t have a lot of enterprise customers. And I think what now folks realize is we’re a public company and you view computer financials. You know, a majority of our business, 70 plus percent of our business is coming from enterprise deals. And in fact, that share internally is growing even faster. That part of our business is even growing faster than our macro hyper-growth.
Mandeep Singh:
Got it. What is one technology or trend that you are most excited about over the next 12 months or next few years?
Nick Warner:
I think the technology trend around automation is really exciting because as I mentioned in a previous question, from a security perspective, the fact that for a lot of times for pretty good reasons, enterprises have 50 or 60 different security vendors, let alone products that they have to stitch together. And even if with next-gen solutions that do more, let’s say that collapses down to 20 or 30 different security tools within an environment, the ability with XDR, the promise of XDR being able to orchestrate. With other security vendors. That is a really exciting notion, and that’s something that has started to bear out with our partnerships with the likes of Okta, with Zscaler. The fact that we can help orchestrate response actions within those platforms as well, that’s really exciting.
Mandeep Singh:
So Okta is not a competitor after your acquisition yesterday of Attivo?
Nick Warner:
Correct. Our acquisition of Attivo is is is really laser-focused on two areas. The first is identity-based deception technology, which really targets insider threats. And then secondly, threat detection and response for identity, the likes of Okta or even something like a cyber arc that’s much more of an identity and access management platform. So you purchase and use that framework and then you would use Sentinel One’s Attivo modules to monitor the health of your identity within your network, wherever that may be. That could be thousands or hundreds of thousands of machines around the world monitoring and making sure that credentials aren’t stolen. They’re not abused, they’re not misused. We’re focused on the threat detection part of it, which is a super important part of that market.
Mandeep Singh:
Got it. And so what are the assumptions that you have made about the future and what could go wrong with those?
Nick Warner:
Well, you know, I think what is always a pressing need within organizations is to show your value. For better or for worse, security is a cost center, not a profit center. And I think making sure that security stays top of mind, it’s not just good for our business. It’s really good for the health of business, period, because, you know, when you’re running a business, let’s say you’re some type of hardware manufacturer or you’re a retail or retail organization. Let’s say your medical organization, let’s say you’re an IT yourselves. The biggest, most existential threat that exists today is cyber attacks that can cripple and take down your network. We have seen organizations that literally were taken offline for a week, two weeks. Business can absolutely grind to a halt. That is the thing that worries me the most about this. In some ways, it’s a wonderful, interconnected world, but that is the inherent risk. And so what we’re always making sure we’re doing is staying top of mind and topical so we can get access to that budget. So businesses can. Retain uninterrupted operation. And really, at the end of the day, that’s what cybersecurity is all about, is enabling business continuity and expansion and making sure that the digital world we live in is safe.
Mandeep Singh:
What impact has COVID 19 pandemic had on your business?
Nick Warner:
You know, I think the biggest catalyst from a technology perspective was this work from home revolution, the force of digital innovation that took place in two weeks in March of 2020. Really what it led to from a cybersecurity perspective is the wholesale elimination of antiquated approaches that really were around. Well, most of our employees work behind firewalls. They’re there within physical offices. And so we can try to layer in protection that way. That was, you know, the notional thinking back then. That all got blown up at the beginning of 2020. And that change is permanent. If you look even now and you look at any employee survey information, the vast, vast, vast majority of employees and organizations are realizing that hybrid work is here to stay. And what that means is there just has to be a totally different way of approaching cybersecurity and you need to do security at the point of execution, which is really what. SentinelOne is all about protecting on the device, on the cloud workload, on that virtual machine as opposed to old, antiquated approaches that that leverage things like firewalls, etc., that are all going away permanently.
Mandeep Singh:
Down to the last two. So what is the most important metric of your business success?
Nick Warner:
Our top-line growth.
Mandeep Singh:
Okay. And I guess one last thing I wanted to ask you was just around your view of consolidation in this space. So if you can keep it brief. Yeah, I think we can wrap it there.
Nick Warner:
I mean, consolidation is absolutely happening. I think back to what I mentioned before around orchestration, I think this idea that folks are going to be able to rely on a single or only a handful of security vendors for all their needs. That’s probably not going to happen if we can collapse that average number of vendors that provide security to an organization, if we can cut that in half and then that remaining half, you have a modern XDR platform like SentinelOne providing all of the data ingestion, analysis and orchestration. That’s a true modern technology architecture that I think would be extensible and help protect folks into the next decade and beyond.
Mandeep Singh:
Great. Anything else that we haven’t talked about, which is important to The SentinelOne story?
Nick Warner:
No, I think we covered a lot. And I want to thank you again for the time. I enjoyed it.
Mandeep Singh:
Great. Thank you so much. And thanks to our listeners. We look forward to releasing this episode soon as well as doing our future episodes. So thanks again for your time and we wish you the very best and congrats on all the success.
Sonix has many features that you’d love including collaboration tools, powerful integrations and APIs, advanced search, automated subtitles, and easily transcribe your Zoom meetings. Try Sonix for free today.