This conference call transcript was computer generated and almost certianly contains errors. This transcript is provided for information purposes only.EarningsCall, LLC makes no representation about the accuracy of the aforementioned transcript, and you are cautioned not to place undue reliance on the information provided by the transcript.
spk00: Good evening. Thank you for attending the Sentinel-1 second quarter 2022 earnings conference call. All lines will be muted during the presentation portion of the call, with an opportunity for questions and answers at the end. I would now like to pass the conference over to your host, Doug Clark, head of investor relations with Sentinel-1. Thank you. You may proceed.
spk16: Good afternoon, everyone, and welcome to Sentinel-1's earnings call for the second quarter of fiscal year 2022, ended July 31st. With us today are Tomer Weingarten, co-founder and CEO, Nicholas Warner, COO, and Dave Bernhardt, CFO. Our press release and the shareholder letter were issued earlier today and are posted on our website. This call is being broadcast live via webcast. And following the call, an audio replay will be available on the investor relations section of our website. Tomer, Nick, and Dave will begin with prepared remarks and then we'll open the call for questions. Before we begin, I would like to remind you that during today's call, we'll be making forward-looking statements regarding future events and financial performance, including our guidance for the third fiscal quarter and full fiscal year 2022, as well as certain long-term financial targets. We caution you that such statements reflect our best judgment based on factors currently known to us and that actual results and events could differ materially. Please refer to the documents we file from time to time with the SEC, in particular our S-1 and our quarterly report on Form 10-Q. These documents contain and identify important risk factors and other information that may cause our actual results to differ materially from those contained in our forward-looking statements. Any forward-looking statements made during this call are being made as of today. If this call is replayed or reviewed after today, the information presented during the call may not contain current or accurate information. Except as required by law, we assume no obligation to update these forward-looking statements publicly or to update the reasons actual results differ materially from those anticipated in the forward-looking statements, even if new information becomes available in the future. During this call, unless otherwise stated, we will discuss non-GAAP financial measures. These non-GAAP financial measures are not prepared in accordance with generally accepted accounting principles. A reconciliation of GAAP and non-GAAP results is provided in today's press release and in our shareholder letter. These non-GAAP measures are not intended to be a substitute for our GAAP results. The financial outlook that we provided today excludes stock-based compensation expense, which cannot be determined at this time and are therefore not reconciled in today's press release. And with that, let me turn it over to Tomer Weingarten, CEO of SensibleOne.
spk01: Welcome, everyone, and thanks for joining our first earnings call as a public company. This is the start of an open and informative dialogue. We value trust and transparency and now have the opportunity to model this as a public company. And since this is our first earnings call, I'd like to give some background on our journey and how we got here. I will then turn it to Nick and Dave to provide some highlights from our most recent quarter and outlook. We launched Sentinel-1 in 2013 with the idea that cybersecurity needs to operate at faster speeds, greater scale, higher accuracy, and most importantly, do this through more automation. We created an autonomous cybersecurity platform to deliver our vision. Attacks and threats are only becoming more sophisticated and more common, and legacy solutions and human defenses just can't keep up. Look no further than all the ransomware attacks. Unfortunately, this isn't new, and it isn't going away, and it's impossible to ignore. Our mission to protect our customers and our way of life has never been more important in a digitized world. There are several structural forces at play that will drive long-term and sustained growth for us and our industry. The growing threat landscape is just one of them. Next is the digital enterprise environment. More devices, more places, more data requires updates to critical enterprise infrastructure, and that includes new attack surfaces such as containers and workloads. At the same time, we've moved to a hybrid work environment. This is the new normal, forcing a revolution of how we work, where we work from, and fundamentally, how we secure the future of work. The only way to ensure safety and security is with zero trust. across the entire enterprise from endpoint to cloud. Companies want partners and platforms, not siloed point solutions. Our OpenXDR approach is helping unify the entire enterprise view from data to device to cloud. Putting all of this together, cybersecurity has never been more critical and more challenging for the enterprise. That gives me tremendous confidence in the long-term growth potential in front of Sentinel-1. Over the last eight years at SentinelOne, we've developed AI and machine learning models, built patented storyline technology, and created an in-house cloud data platform. We knew from the beginning that the best solution would have to harness the power of data and AI. And as a result, we're delivering real-time, industry-leading threat detection and response from endpoint to IoT to cloud. To us, prevention is a fundamental component of modern-day cybersecurity. Equally critical is machine speed detection, response, and remediation. We've achieved many important milestones already this year. Certainly, the IPO is part of that. At the same time, top scores from MITRE ATT&CK, the industry standard test for EDR, as well as a high score in the Gartner critical capabilities for each buyer type have helped build credibility and industry recognition. Operationally, we've extended our board of directors and instituted an advisory board. And with an eye to the future, we just announced that we'll be opening an R&D facility in the Czech Republic to support our growing scale and global presence. Finally, delighting our customers. I'm especially proud that our Net Promoter Score, or NPS, has risen every single quarter in the past year. It jumped in Q2 to above 70. That puts us well above the ranks of many consumer and technology companies and ahead of category-defining technologies loved by users such as the iPhone. Our customers choose us as their cybersecurity partner, and we take their responsibility and trust seriously. We're helping our customers stay ahead of adversaries, prevent breaches, and autonomously respond through innovation. Turning to the business. In Q2, our ARR growth accelerated to 127% year-over-year, and our revenue was up 121%. I want to pause on that for a second. Our business is expanding well into the triple digits, both for ARR and revenue. And our guidance for Q3 shows that we expect that to continue. Our growth is very well balanced across new and existing customers, as well as large and mid-sized enterprises. Enterprises represent about two-thirds of our business today, and we're gaining even more traction. In Q2, we added the highest number of customers with ARR, over $1 million, compared to prior quarters. We're also expanding with existing customers through securing more devices and surfaces, along with bringing new security, control, and visibility modules. Our net retention rate was the highest it's ever been at 129%. Our channel partners are bringing us into an increasing number of opportunities, giving our sales teams access, scale, and reach around the globe. Nick will talk a lot more about our differentiated go-to market and how that's fueling growth. I'm proud of the technology and the innovation we're bringing to customers through our Singularity XDR platform. We sell three platform tiers, core, control, and our most comprehensive and popular tier, complete. These tiers enable us to bring our technology to a diverse set of buyer types and organizations from medium-sized businesses all the way to the world's largest Fortune 500 enterprises. We also offer more than 10 modules that extend our platform value to more enterprise needs, from IoT discovery and security to cloud and container workload protection. Our modules help customers with today's critical management, protection, and visibility challenges. In Q2, we enhanced our capabilities around automation, zero trust, and data. First, automation. Automation is key to neutralizing threats effectively and in real time. Security teams simply can't analyze and respond to billions of events every day. The response piece is especially important. A human-powered 1.1060 benchmark is a legacy model. Our customers want real-time response and protection. This is why our patented Storyline technology is so important. It monitors and contextualizes all events across an enterprise at machine speed. That means fewer and more accurate alerts based on data. It also means autonomous remediation, taking machine-delivered responses to a whole new level of automatic efficiency. The chief information security officer of the Fortune 500 oil company captured it well, saying, Sentinel-1's storyline technology fundamentally changes EDR. Instead of people having to manually assemble data points, the technology assembles stories for us and even makes decisions in real time. Game-changer. We listen to our customers adding even more automation capabilities. In Q2, we added Storyline Active Response or STAR. With STAR, security teams can now create custom detection response rules and deploy them in real time. In other words, write the rules once, then let it trigger automatic alerts and instant responses enterprise-wide. That's more control and more automation and more prevention. The second area of focus is around zero trust. Every edge of the network must be secured. We did this in two ways in Q2, tackling rogue IoT devices and expanding zero-trust partnerships. An enterprise can't protect what it can't see, including IoT and unmanaged devices. One compromised printer can quickly become an adversary's home base for an attack. The solution for the IoT and unmanaged device challenge is our Ranger module. Ranger identifies and tracks all rogue IoT devices. And we've just released AutoDeploy. Our new AutoDeploy capability tackles one of the oldest problems in enterprise IT, quickly deploying protection to unmanaged and sometimes unreachable assets with ease. Ranger AutoDeploy takes a center one endpoint and enables it to transmit protection to any and all unmanaged devices surrounding it. This is a first. And we're already seeing demand for auto-deploy, which helps secure a million-dollar customer win in Q2, where we replaced legacy AV in one of our other major next-gen competitors. We also expanded our marketplace ecosystem through new partnerships with Zscaler and Cloudflare. Partnering with other zero-cost leaders strengthens our customers' security postures. Finally, we're focused on data. Cybersecurity is fundamentally a data problem. We use AI to parse petabytes of data, identify anomalies, and autonomously mitigate attacks in real time. Earlier this year, we acquired Scalar, enhancing our ability to ingest index-free data at scale from structured and unstructured sources. Our goal is to optimize for scale, performance, and cost. We're excited about the future go-to-market synergies. We've also begun transitioning our data back into Scalar for new proof-of-concept deployments, onboarding new customers, and scale. Before I turn it to Nick and Dave, I want to say I'm excited about what we've achieved as a company. I'm proud of the scale of our business and the triple-digit growth rates we've now delivered for two consecutive quarters. This is truly a testament to the hard work of the entire team at SentinelOne. Thank you to all of our employees. and also our customers and partners. Your feedback and trust puts us on the winning side of cyber warfare every day. I'm even more excited about what we can do from here. The endpoint security market is large and growing, and we're just at the beginning. Cyber defense should be even more holistic. It has to be flexible and automated, and that means not just across endpoint operating systems, but also IoT devices, servers, cloud workloads, and the data itself. This is XDR. We are XDR. And with that, let me turn it to Nick Warner, our Chief Operating Officer.
spk05: Thank you, Tomer. And I'd also like to welcome everyone. I've been at SentinelOne for over four years now. Everyone here has a lot to be proud of, especially how quickly we've scaled in just the past year alone. We've built a go-to-market flywheel of sales and marketing, our channel, and technology partners. Together, our brand and market traction is reaching new highs. Let's discuss the business. ARR of nearly 200 million and growing 127% is nothing short of astounding. Looking back, it took over three years to reach 100 million in ARR and just three quarters to nearly reach the next 100 million. Our future is unbounded. That's because of vision, execution, and listening to the needs of our customers. Over 5,400 customers use our Singularity XDR platform. That's over 2,000 more than last year. I'm delighted to help protect that many businesses. Our customers are diverse in size, scope, and geography. Our focus on automation, speed, and accuracy is critical to any enterprise. In fact, all enterprises. We're protecting even more mission-critical businesses. In Q2, we added one of the largest telecommunications and mass media companies in North America. And we also added one of the world's largest global financial institutions as well. Make no mistake, this is a competitive market. We go up against incumbent and next-gen players all the time. When I think about how we're doing in the market, three things capture it most effectively. One, our 97% gross retention rate. which means our customers are happy and staying with us. Two, we don't compete with our channel partners, so they are able to lead with our technology platform. We enable and embrace the channel. And three, we win more than 70% of POCs against the competition. That's the significant majority of competitive wins and displacements against any and all competing vendors. Let me share some more detail from the quarter. We're making tremendous progress with large enterprises, which represent about two-thirds of our business. We grew customers with ARR over $100,000 by 140% versus last year. We added the highest number of million-dollar ARR customers this past quarter. In the past year, we've more than tripled the number of customers with ARR over 1 million. It's clear from both of those points that we're succeeding with larger customers and landing larger deals. Our net retention rate was 129%, a new record for our company. Fantastic execution from our sales and go-to-market teams. We're helping customers expand agent deployments, access more functionality with package tiers, and adopt new module solutions. When it comes to our modules, our innovations help enterprises do more. Just looking at our modules that cover IoT, cloud, and data, these grew more than 6x year-over-year in Q2, and represent over 10% of the quarter's new business. We're still early with our modules and see this as a long-term lever for our business. Next, I'll share some insights on our go-to-market. Our internal sales and support teams combined with our diverse and growing partner ecosystem gives us an incredibly vast reach. Earlier this year, we rolled out a new channel partner training and accreditation program. Feedback has been positive. and we've issued over 2,000 accreditations to date. Our strong channel metrics are leading pipeline and traction indicators. We partner with managed security service providers, MSSPs, managed detection and response providers, MDRs, and incident response, IR, partners. We equip them with industry-leading capabilities, and in return, we get tremendous market access and scale. We don't compete with them, we support and enable their business. We're rapidly expanding this ecosystem, and it's driving meaningful growth for us. I want to double-click on our incident response partnerships. Driven by the rising wave of ransomware attacks, breaches have become pervasive for businesses around the world. In the unfortunate but often common case of a company being breached, IR partners are called in to identify and remediate the attack. They use our technology to understand what's going on stop the attack, and remediate the network. Our ecosystem of IR partners are armed with the best technology available when it comes to rapidly recovering from a breach. After seeing the immediate value of our technology, we see extremely high adoption rates post-breach, as post-breach enterprises standardized on Sentinel-1 as a modern approach to cybersecurity. In Q2, we added over a dozen additional IR partners and are bringing more online in Q3 and beyond. It's not just quantity, but quality. In Q2, we added world-renowned IR partners like Kroll, Alvarez and Marcel, and Group IB. These and others are global leaders with extensive enterprise relationships. These are the go-to experts who cyber insurers and boards call when there is a breach. In fact, our IR partner ecosystem is our fastest growing channel. For all of us at SentinelOne, our values and goals align on protecting customers and putting them first. From sales to support, marketing to channels, business development to customer success, Vigilance MDR to Sentinel Labs, our go-to-market organization is world-class, and I'm proud to work with this global team of relentless Sentinels each and every day. Thank you. And let me turn it over to Dave Bernhardt, our CFO.
spk13: Nick, Tomer, thank you. And thank you all for joining us today and hopefully in the future. I'll touch on a few of the highlights before we open for Q&A. There's a lot more detail in our shareholder letter, which I welcome you to view on the investor relations section of our website. We are very excited about our performance in the second quarter. Looking at our Q2 results, we achieved record revenue of $46 million, increasing 121%. Fueled by new customers and existing customer expansion, we delivered ARR of 198 million in the quarter, accelerating 127% year over year. Even after backing out the 10 million in acquired ARR from Scalar, our organic growth was still well into the triple digits. Obviously, we're very enthusiastic about our top line drivers. Now I'll discuss our costs and margins and then provide our guidance outlook. Our non-gap gross margin in Q2 was 62% and expanded 900 basis points, a healthy pickup from last quarter. The biggest benefits are coming from our increasing scale and business expansion. Additionally, we're also starting to see benefits from our renegotiated cloud hosting agreement, which we signed earlier this year to align with our expected growth. Looking at the rest of our P&L, we're investing for growth and it's clear that it's working, once again reflected in our triple-digit top-line growth rates. During the quarter, we made strategic investments in preparation for becoming a public company, enhancing our product, and scaling our go-to-market. Our non-GAAP operating margin was negative 98%, an improvement over negative 101% in the year-ago quarter, even as we prepared for our IPO. In the shareholder letter, we've reiterated our long-term margin targets. These are the same targets that we shared during the IPO. The key point is that as we progress to our long-term targets, we intend to invest in growth, while also improving our margins and profitability. A recent example is the diversification of our R&D footprint outside of Israel and Silicon Valley. We just announced that we'll be expanding our engineering excellence into the Czech Republic. With all of this opportunity in front of us, fiscal 2022 remains an investment year. Now for our outlook for Q3 and the full fiscal year. In Q3, we expect revenue of 49 to 50 million, reflecting growth of 102% at the midpoint. For the full year, we expect revenue of 188 million to 190 million, or 103% growth at the midpoint. We expect the strong momentum we saw in Q2 to continue next quarter, and our structural tailwinds to persist. Combined with ongoing benefits from our product innovation, improved brand awareness, and continuing to scale our go-to-market, this collectively supports our triple-digit growth outlook. We expect Q3 non-GAAP gross margin to be between 58 to 59% and full-year gross margin of 58 to 60%. Most importantly, this remains well above 53% we reported in the first fiscal quarter this year and at or above 58% we delivered in fiscal 2021. We are benefiting from increased scale, cloud hosting agreements, and processing efficiency gains. Reflected in our guidance is our plan to migrate existing customers to our scalar backend in Q3 and Q4. The migration will result in some duplicative storage and processing costs as we ensure data and performance continuity. This is intended to further improve data processing for the future and unlock long-term platform and go-to-market synergies. Excluding the redundant costs for the scalar migration, we estimate fiscal 2022 gross margin would be roughly similar to our gross margin we achieved this quarter. Finally, for operating margin, we expect negative 96 to 99% in Q3. Our full year operating margin guidance is for negative 99 to 104%. This is an improvement upon our fiscal year 2021 operating margin of negative 107%. We see tremendous opportunity for growth, and the investments we're making today will put us in a position to succeed for the long term. Finally, we have two quick housekeeping items. Both of these are included in the shareholder letter with more detail as well. The first item is share count. We ended Q2 with total basic shares outstanding of $265 million. This is the base run rate going forward. The second item is the lockup. We have two triggers. The first is on September 28th. If the stock price remains at current levels, it will unlock up to approximately 40 million outstanding shares as of July 31, 2021, excluding vested equity awards. The remainder of the lockup will expire subsequent to our Q3 earnings report. In closing, Q2 was an excellent quarter with strong execution, and we're expecting that momentum to continue into the second half of the year. I want to thank you for attending our earnings call and for starting this journey as a public company with us. Operator, can you please open up the lines for questions? Thank you.
spk00: Certainly. We will now begin the question and answer session. If you would like to ask a question, please press star followed by 1 on your touch-tone keypad. If for any reason you would like to remove this question, please press star followed by 2. Again, to ask a question, press star 1. We will pause here briefly to allow questions to generate in queue. The first question is from the line of Hamza Farawala with Morgan Stanley. Thank you. You may proceed.
spk02: Hey, guys. Thank you for taking my question, and congrats on your first quarter post-IPO. Just on maybe a question for either Nick or Tomer, I wanted to dig into some of the partnership announcements you guys have made in recent months, particularly with Zscaler and Cloudflare. What do you think – One for Tomer, to what extent does that validate your technology, given that you're partnering with other next-gen vendors on the network security side? And then from a go-to-market perspective for Nick, what type of incremental benefit will these partnerships bring?
spk01: Yeah, thanks for the question, Hamza. And, you know, for us, it's really about, you know, really stepping forward towards a more inclusive OpenXDR approach and also kind of producing a more zero-trust ecosystem around the Sentinel-1 Singularity platform, you know, really fusing together endpoint, which is kind of the edge of the network, with the cloud and now identity and the user as well. To us, that's really the trinity that... forms zero trust. And that's why we're partnering with these vendors. Obviously, we find them in more and more accounts that we sell into. So that also becomes something that our customers are asking us to do. So all in all, I mean, it just really, you know, kind of falls in line with both of our zero trust strategy in our open XDR approach. And the idea is over time to continue and ingest more data from all these adjacent solutions in the enterprise into our OpenXDR platform. So to us, again, it really falls into the strategy that we took by enabling our customers to pick any vendor and really build on top of the Singularity platform.
spk05: Hi, and this is Nick here. From a go-to-market perspective, what it means for our customers is we really allow them to realize even greater ROI on previous solutions that they've purchased. So, you know, the average enterprise has a few dozen different vendors covering various parts of their security enterprise. And with our vision of XDR being open, being inclusive, being easy to use, what we're really doing is up-leveling the capabilities of those traditional and already installed products, adding tremendous value with the Singularity platform, but weaving that all in together to a complete and holistic view of security, which is really the promise that we're delivering upon with XDR.
spk03: Scott, thank you.
spk00: Thank you. The next question is from Brian Essex with Goldman Sachs. You may proceed.
spk04: Hi, good afternoon. Thank you for taking the question. Congratulations on another really nice quarter of acceleration here. Maybe, Tomer, I would love to get your feedback on, I think in your prepared remarks, you talked about two-thirds of your business is enterprise-focused. What was the mix in the quarter in forward for larger enterprise mix. You know, I see that, you know, landed costs per new logo is certainly much higher than it was last quarter. So just trying to think about the trajectory there and maybe the most fundamental thing that changed in the quarter to drive that improvement.
spk01: Yeah, you know, for us, it really is a good mix. I mean, we feel like our traction in the enterprise and, you know, definitely 140% growth year over year on 100K deals and above, you know, it's a good reflection of how much bigger we're landing in accounts. 225% on $1 million deals, again, a good reflection of our traction in the enterprise. But at the same time, we feel presence in the mid-market is important, and it's something that actually is a very efficient go-to-market for us. So we like that mix. We feel it's a good mix for us. We'll continue to drive it, definitely on the enterprise side. We're seeing more land with our complete tier, actually with more attached to ranger, more attached to vigilance, more attached to data retention. So all in all, we're seeing massive adoption for not only kind of what is now becoming our premium tier, which is complete, But on top of that, to the add-on modules that we have, and we intend to do the same also on the mid-market, we enable our channel ecosystem to carry more than just endpoint protection and sell also cloud security. So all in all, we feel that mix is a healthy one and one that we would like to carry into the future.
spk04: Maybe just a quick follow for Dave. You mentioned real quick the duplicative costs associated with the scalar migration. When might we see that abate and maybe the margins might be able to maybe better accelerate off the conclusion of that?
spk13: Sure. It's predominantly in the second half of this year. So you'll see it in Q3, you'll see it in Q4, and then it should dissipate beyond there. We're working on getting our largest customers over first, which is why you see the dip that we're expecting, you know, in the second half. But, you know, going forward, we think we should have a baseline of around where we're at right now, you know, barring any other efficiencies we see in the product as we continue to advance it.
spk04: Got it. Very helpful. Thank you very much.
spk00: Thank you, Mr. Essex. The next question is from Saket Kalia with Barclays. You may proceed.
spk09: Okay, great. Hey, guys. Thanks for taking my questions here and echo my congrats on becoming a public company. Tomer, maybe for you, I was wondering if you could just talk a little bit about kind of the broader distribution channel a bit. I guess the question is how do you sort of judge the scale of your channel and And where do you see it kind of going in the next year coming off the IPO?
spk01: Yeah, it's a great question because we look at our channel in a very inclusive manner. We definitely kind of look at the distribution channel, reselling channel, the ones that are a little bit more classic to security is one that we're incredibly strong in. And at the same time, the ability to also take the same platform, license it to MSP providers, gives us a tap into a complete different part of the TAM. And as Nick mentioned in the prepared remarks, Our ability to now sign up most of the incidence response providers, most of the leading incidence response providers in the U.S. is providing for another channel that kind of extends the gamut of what we see in terms of market opportunities. So all in all, we feel pretty good about our market presence in the channel ecosystem. We're growing. We're, you know, um making more accreditations we're training the channel better um we're expanding globally so to us i mean we feel like we've built a really strong foundation in the channel but now they're just growing and accelerating and obviously enabling the channel preparing more modules um is another tier in our ability to unlock the vast opportunity um in the channel ecosystem
spk05: This is Nick here. What I'd also add to that is uniquely with SentinelOne, we've made a strategic decision to enable and not compete with the various multidimensional channel partners out there, whether that's MDRs, MSPs, or incident response partners, obviously, as well as your traditional resale partners. And what that's really driven by enabling their business and not competing is incredible loyalty and uh and um and brand loyalty with sentinel one and that's something we've been working really hard on for the last several years so we're really starting to see that that flywheel kick in in all the different facets of our go-to-market channel partner ecosystem
spk09: Got it. That's really helpful. David, maybe for my follow-up for you, you know, Tomer just sort of talked about this just briefly in the last question, but I was wondering if you could just double-click a bit on the mix of customers across the different singularity tiers, you know, specifically core, control, and complete. You know, what are you sort of seeing in terms of new customers and existing customers in terms of the tiers that they're sort of opting for?
spk13: Sure. So about half of our customers still use core or control, with the larger enterprise customers obviously using the complete solution. There's a mix across all of them, but there's certainly an opportunity for us to continue to see the customers in core control to expand up to the more complete offering, as well as add more modules, et cetera, et cetera. I think that goes into why you're seeing 129% NRR you know, we're seeing customers not just expand their footprint in terms of endpoints, but also expand into, you know, much more robust offerings.
spk09: Very helpful. Thanks, guys.
spk00: Thank you. The next question is from the line of – well, I apologize. One moment, please. With Rob Owens, you may proceed.
spk07: Great, and I appreciate you guys taking my question. I think building a little bit on Sokka's question, but I want to touch on the net dollar retention rates. And is this coming from an expansion in seats? Is this coming from the tiers that you talked about and the upsell within the base? Or is a lot of that growth coming from adjacent modules?
spk01: It's actually, you know, all of the above. And we definitely focus on basically providing the customer the choice. You know, license counts naturally organically extend over time. We see that time and time again. But at the same time, it's very clear that we have much more in the back today versus maybe a year ago. and customers want to procure more from Sentinel-1. They want to cover more surfaces. They want to use more abilities. They're opting out for our services. So all in all, we're seeing traction all across these three different vectors, which would be, again, you know, seat count extension, more modules, different tiers. You know, we see that time attack again, and we like that net retention rate. I mean, we feel it's going to hover around these rates, you know, for kind of the foreseeable future, and we like that contribution.
spk07: And as we look at customer acquisition, typically who are you going up against? Are you still seeing a lot of replacement of legacy out there, which would imply that there's still a long way to go in this market, or is the battle coming down to more of the next-gen providers? Thanks.
spk01: Yeah, no, I think it's 99% displacing an incumbent. You know, it's always going to be competitive with, you know, at least one other next-gen competitor. But outside of that, I mean, we are doing displacements here and there, very anecdotal, but we have those. But the vast majority of what we see, you know, it's absolutely taking market share from the incumbent. It's always a displacement. You know, we've had multiple, you know, years-long customers of Symantec and McAfee switching over to Sentinel-1 this quarter, as it's been with the past quarters as well. So we think, you know, the market momentum in customers understanding that they need to change the mindset and really move over to a next-gen offering is now really mainstream, and I think that comprises the vast majority of our pipeline.
spk07: Thanks for the color, Tomer.
spk00: Thank you. The next question is from Brent Bill with Jefferies. You may proceed.
spk03: Thanks, Tomer. You mentioned the IoT cloud and data center seemed really good uptake. I'm curious if you could just talk through, you know, how you look at the next couple of years in this segment and what you're seeing. I know you mentioned one of the IoT wins drove a multi drove a million dollar plus win. Can you just maybe help shape what's happening when these transactions are getting involved and what you're seeing with overall expansion of deals.
spk01: absolutely you know ranger for us has become truly you know competitive advantage our ability to not only discover all devices on the network but now also to automatically deploy and help customers you know reach all these devices in a complete automatic manner it's something that is incredibly unique in the space and it's driving more adoption driving more seat count And all in all, it drives this ability for customers to shift away from their incumbent vendor with ease. So it's not only about protecting those attack surfaces, it's also about ease of deployment and simplicity of use. So we're seeing massive traction with that. We're seeing the ability for almost every customer that we have today to go in and provide that functionality. It's zero additional deployment. It's completely cloud delivered. So it's incredibly easy to consume. Again, Ranger is one of our fastest growing modules and same goes for data retention. we're now seeing you know think about the the white house executive order that mandates law collection data retention the ability to keep um security data input telemetry for longer is actually fueling customers to procure more and more data retention and archiving directly from our platform it's something that's highly unique to us you know definitely part of the reason why we've expanded our offering um in knowledge scaler as a data analytics back-end So the ability to really address all of these new opportunities in cybersecurity that might have not been there a couple of years ago are now not only an opportunity but also a competitive differentiator that we have.
spk03: Great. Thank you.
spk00: Thank you. The next question is from Tal Elani with Bank of America. Thank you. You may proceed.
spk12: Hi, guys. Congrats on a great quarter. I have a few questions. I want to speak about competition. Can you characterize your competition between, you know, you highlighted 70% win rate. Can you characterize the competition? How is it going versus legacy players? And what drives competition? corporates that were on legacy system for a long time, what drives them now to migrate, and then also the competition versus the new players like CrowdStrike and others. And if you can talk about your, you know, we spoke about product differentiation, but I want to talk about the value of automation, how is that coming to play, and also pricing differences. We're hearing that you're quite cheaper than the competition, next-gen competition. Thanks.
spk01: Yeah, you know, I believe, you know, for us, it's really about the holistic approach we're taking that allows us to win both against incumbents and against next-gen, you know, peers. The ability to give a full-spectrum solution, a full-spectrum platform that ranges from best-of-week prevention all the way to detection and response and remediation all all of that in a complete, uniform, autonomous manner. It's a big difference from what the others are doing in this space. We feel like for a lot of these customers, they're going more and more frustrated by this need to constantly put down fires. For us, if you take a more prevention-first approach, you can actually stop these fires from actually ever happening. Um, and that just drive efficiencies. And I think if you're looking at, um, you know, all these incumbent vendors and incumbent footprints, obviously there's massive, massive amount of breaches there, even for the next gen peers. I mean, we're seeing a lot of their customers and we've had a multimillion dollar displacement. this quarter for a customer that grew increasingly frustrated with the multiple infections, with the inefficiency on protecting server environments, and they wanted a more automatic solution. They wanted a solution that can actually remediate um and clean up all the infections they were seeing but at the same time turn into more of a preventive approach where i'm not saying that you can prevent everything but you can absolutely do a better job on prevention and really stop that firefighting mode or improve it significantly and that is what our platform is incredibly unique in that's the advantage of ai and machine learning and i think that's the reason why we're winning you know both against incumbents that don't only provide the protection piece, but also think about hardening, think about anti-tampering. These are all things that our platform can cover today. It's incredibly holistic, again, in nature. And once again, when you look at the peers, they're focused on detection and response. That's what they do. They bundle a service with it. For us, it's about technology. It's about creating a more secure endpoint in the most holistic way possible.
spk12: Got it. And about pricing, is being cheaper than next-gen competition the strategic goal for you? I mean, how do you characterize your pricing versus competition?
spk01: Yeah, I don't think we're cheaper than the competition. I think if you look at it, you know, apples to apples, you'll see that the prices are pretty much similar. I think we take a different approach. I think we take a much more transparent approach and we don't force customers to opt into tiers. We don't, you know, force them to use our service. So all in all, I mean, they can actually choose what they want to procure from us. But again, apples to apples, I think you'll see that prices are very, very similar. Don't think we're cheaper by any degree.
spk05: One thing I would add to that, this is Nick here, is from a budget perspective, what we don't try to do is hijack a customer's security budget into forcing them to buy reams of services hours to support a non-automated product. What we're bringing is automation and machine learning, ease of use, and really we're democratizing very advanced technology. What that enables customers to do is achieve the outcome we're driving for them and our prospects and customers. which is protection and prevention. And so from an apples to apples perspective, we're typically at or higher from a technology perspective, but we enable customers to best put that money to use buying technology, and more importantly, really implement that technology fully to get the best protection and visibility on the planet. Great.
spk12: I have a quick one. If I can squeeze in. If not, I'll ask you privately. CrowdStrike highlighted on the last call that they want Workday from you, and they highlighted false positives and reasons why they said that this customer switched to them. I think it's just fair to ask the question if you can refer to their statements and announcement on this customer. Thanks.
spk01: Yeah, I mean, I think it's something that you'll see anecdotally happening. I mean, we've had, you know, in excess of a million-dollar ACV displacement this quarter as well for a Fortune 500 company, and they cited the same. So I think it's, you know, in different environments, you might see different difficulties. I think a lot of it is sometimes about, you know, relationships. But I think what's incredibly interesting about the customers that we've displaced is is the reference they made to the amount of infections they have to deal with, which, you know, to us is really, you know, why you're bringing in the cybersecurity solution. You want to prevent these infections from happening. So to us, I mean, post-positives performance, it's always something that you deal with. I mean, they deal with that. We deal with that. It's something that you'll deal with that forever. But, again, infection is something that's unacceptable, and I think that's why you see customers at scale, again, multimillion-dollar ACVs shifting away, and that's kind of what we see in this space today.
spk05: And this is Nick here. Time and time again, what we've seen for several years now is folks go with Sentinel-1 for really a unique combination of prevention, OS coverage and support, automation, and then lastly, as Tomer had mentioned, efficacy. So our ability to protect, to prevent, and to keep our customers safe. Great. Thank you.
spk00: Thank you. The next question is from Andrew Malinsky with Wells Fargo. You may proceed.
spk15: Great, thank you, and congrats on a very good quarter. Just two quick questions for you. A number of vendors are talking about the start of another firewall refresh cycle, but given the comments you've made today, it sounds like you're indicating that we're also at the start of an endpoint refresh cycle, and as more enterprises rip out their aging legacy solutions, So I'm just wondering if that's the right characterization of the strong demand that you're seeing, or do you think the ransomware attacks that we've seen over the last nine months may be fueling the momentum? I'm just really trying to get that feel for how long this exceptionally strong momentum can continue.
spk01: i think it's a it's a combination of quite a few factors i mean you know definitely some tailwinds i mean from um you know the hybrid work environment and into refresh cell cycles to increase you know need of abilities to the government pointing out edr solutions as one that should become mandatory in environments so i think there are many different drivers to what we're seeing right now in endpoint security um i think we're the road is long and i think what really is important to understand about our platform is we're much more than endpoint security. So for a lot of these new accounts that we're winning, the net new logo motion that we have, it is already going into other adjacencies in the enterprise, whether it's IoT security or cloud security, So it's not only the endpoint repair cycle, but actually something that drives an overall look at your entire cybersecurity posture. And we're becoming this trusted partner for these enterprises to actually continue and grow up and down the stack and in different surfaces. So all in all, I mean, it drives... I think a complete overhaul of the cybersecurity stack. I wouldn't call it necessarily a refresh cycle, just because there are so many different secular trends that are pushing it toward just modernized environments and the ability to extend into every part of what is now a completely flexible parameter versus the parameter that we've seen in the past, which was mainly kind of a firewall bound. Today, that's completely dissolved. Today, it's device to cloud. And that's really what's driving, you know, massive motion in our market.
spk05: I think what we're seeing really is best characterized as a generational shift away from signature-based approaches to machine learning and automated-driven protection and visibility. And that's what we're experiencing. We're still in early innings, but it's massive, it's macro, and it's global.
spk15: That's great. Thank you. And just my follow-up question, as it relates to some of the million-dollar ARR customers that you landed, I'm wondering if you could just give us any more color in terms of maybe how many agents those deals typically involve or how many modules they typically purchase. I'm just wondering, ultimately, how much of an opportunity there is that those customers for additional purchases experience down the road? Are they buying everything and maxing out their purchase on the initial purchase to get to that million plus spend, or is there a big opportunity with those going forward? Thanks.
spk01: We feel it's far from it, and it can vary significantly. We definitely see the ability to expand into other footprints in the enterprise in almost every account that we lend. We're also putting more and more modules. Just last quarter, we were actually um added two new modules into our into our roster and portfolio of capabilities um so all in all we feel pretty good about our ability to continue and grow in these customer accounts both in terms of covering more footprints but also in terms of selling more modules um you know we're definitely seeing better adoption for a ranger module as i mentioned but but again we got so many different abilities right now and we're seeing you know the beginning and the first innings of traction with a lot of our newer modules, and it's kind of a game that we saw, a film that we already saw, and we see it growing over time. So all in all, we feel the potential is quite significant.
spk07: Okay, thanks, guys.
spk00: Thank you. The next question is from Patrick Colville with Deutsche Bank. You may proceed.
spk10: Thank you for taking my question. So sequential ARR grew 37 million bucks, if I'm not mistaken. Just a kind of housekeeping item. I presume Scalar, because I closed in the first quarter, right? So that 10 million you called out of inorganic ARR fell in one queue, right? So that's 37 million that you guys did. This queue was all organic. Is that right?
spk13: That's correct. We got 9 million ARR when we acquired Scalar. It's now 10 million. You know, our focus with Scalar has obviously been on implementing the technology, not on really pushing our go-to-market. That's something we'll advance, you know, once we get it completely tied into the Sentinel-1 backend.
spk10: So, yes, 36 of the 37. Okay. Sorry, just for clarity, so 10 million is one queue, and there's a zero for two queues?
spk13: One million incremental between queue one and queue two. So we acquired them at nine. They're currently ten.
spk10: Okay. That's great. Can I just, I guess, follow on about the competitive environment? I mean, how has going public helped, you know, in the enterprise? Or I guess landing kind of VAR partners or SI partners is, you know, has the, I guess, the publicity and the profile of being a public company changed? assisted in that or is it actually kind of very similar to what you guys were already seeing, you know, pre-IQO?
spk01: i think we're definitely seeing an elevation of the brand and we're definitely seeing more you know more market presence i think the attack that we choose to you know be very transparent about what the company does has dispelled i think a lot of the misinformation that was there um around us in the market you know mainly fueled probably by competition um so for us right now you know we feel better traction We feel a better competitive environment. More at that, for sure. And that's not only fueled by our IPO, but also, you know, a great performance in the Gartner Magic Quadrant, where we were singled out of the vendor with the most critical capabilities out of every vendor out there for any buyer type. I mean, that just comes to show that from prevention and all the way to detection, response, and remediation, our platform today holds the most capabilities out of any other platform out there. So all in all, I think, again, multiple factors come into play, the IPO shining a spotlight on all of them, and now we're seeing, I think, just increased and accelerated traction across the board, both in partners and with customers, you know, with sales cycles and with competitive win rates. Great. Thank you so much.
spk00: Thank you. The next question is from . Thank you.
spk11: Congrats, guys, on the strong debut quarter. Dave, when we think about your Czech Republic R&D facility, Is that driven by global lack of talent? Is it driven by higher R&D costs in the West Coast or in Israel, or is it pretty much it will be above? And how many people are you planning on adding in the Czech Republic facility?
spk13: Sure. So we obviously look for global talent everywhere.
spk14: You know, one of the reasons we're looking at the Czech Republic is because they do have an excellent amount of climate security now. So we're going to continue to look for areas where we can advance what we need in terms of driving our product and our innovation. Obviously, there are areas that are economically more viable in terms of strategy. So we're going to continue to monitor that, and we'll do that for the foreseeable future.
spk11: Got it. Got it. Maybe a question on cohort analysis, if it's not too early. Can you talk to us maybe from a quantitative or maybe just from a qualitative perspective on the LTV of cohorts over the past few quarters now, going to say even a few years, specifically on the hills or the fact that your deals greater than $1 million have been fantastically on the rise as of late?
spk05: This is Nick here.
spk06: So, you know, we really think about growing the business from a new local perspective as well as land and expand. You know, if someone asks a question on that, the answer is yes, we're doing both. What we're seeing, and Tomer talked about this, is with the tremendous innovation, introduction of new modules, new services to protect, new problems to solve, we're seeing huge land and expand And in fact, 50% of a customer base is running our core or control package. We can upgrade those folks to complete many modules to cross-sell and up-sell. What we're also finding is at time of sale for new customers, they're traditionally landing with a complete package with other modules as well. So we're really seeing a combination of both of those things driving our average deal size, our and our retention, all of those things are up and to the right for really those reasons. I think the last thing I would leave you with is just echoing sort of overall market momentum, awareness and adoption of technology like Sentinel-1 is really taking root in a big, big way. And so that's also driving a lot of the adoption.
spk11: Got it. Thank you so much. Good luck. Thank you.
spk00: Thank you. The next question is from Roger Boyd with UBS. You may proceed.
spk17: Oh, terrific. Thank you very much for taking my question. I guess relative to the impressive net retention results, you called out the success with tiers and modules. Wondering if you could talk about the impact of cloud workload protection, where you think you are in that opportunity, and any sense of the penetration that that product has with customers today.
spk01: Yeah, you know, we're looking definitely to expand more and more into cloud security. And specifically, you know, when we talk about cloud security, we talk about workload protection platform and broadband protection. You know, today, I think we've shared that It's already about 10% contribution into our revenue is coming from the, you know, cloud and server protection piece that we sell. We see more and more traction in cloud security. And to us, you know, we also continue to bolster the capability set there. We've added CIS benchmarking capabilities just a couple of quarters ago, and we're seeing better and better adoption. You know, we've introduced our cloud worker protection platform as an integral part of the AWS marketplace. That drives adoption as well. So all in all, you know, we're definitely seeing an opportunity. It's almost completely greenfield there. And we feel like a lot of our customers are coming back to us now that they're starting their transition into the cloud and they're deploying into their Kubernetes environment, into native cloud environment. We actually have a product that is completely agentless that can tap into the Kubernetes control plane and immediately cover all containers So all in all, we feel well positioned to continue and capture market share in the cloud worker protection platform space. And to us, again, if you couple that with the platform approach, with everything coming back to the same security data lake, then you really start unlocking synergies and you allow security teams to really ask a question once and get an answer from every part of their enterprise network that spans from the endpoint and through the cloud, and that becomes a very unique proposition.
spk17: Very helpful. Appreciate the color. Thanks.
spk00: Thank you. The next question is from Alex Henderson with Needham. You may proceed.
spk08: Great. Thank you very much. That was a great question from Roger. But I wanted to go into a slightly different angle on the cloud architecture that you bring. Certainly, selling to the IR partners and selling to other MSSPs and the managed direct people, you end up having to integrate them into your platform. Can you talk a little bit about the degree to your cloud structure, your ability to integrate microservices, your cloud-native characteristics give you a differential advantage and to what extent that partnership integration makes your partners more sticky over time and amplifies that loyalty.
spk01: yeah for sure and you know our platform is 100 cloud native i mean we started in the cloud i mean it's it's something that is today built in a complete multi-tenanted way which is actually something that's relatively unique um in our space and it also what enables these uh partners to basically deliver their services in a much more effective manner um so they you know they get up and running in seconds they get a complete cloud tenant for for themselves They immediately deploy using our discovery and deployment services, and then they leave the platform there for us to come in and monetize. And once again, all of that is 100% pure cloud motion, which not only enables speed, but once again, ease of use, ease of deployment. which just turns out to be a much more efficient model than the platforms that they've been using in the past, which obviously were more on-prem bound. So to us, again, being completely cloud-native, being multi-tenanted is a competitive differentiator we have with that part of the market. But also you can probably see the same type of buying motion in the enterprise as well, where conducting the DOC, deploying the platform is becoming easier and easier in all in a cloud-delivered fashion.
spk08: I realize we're running long here, but I wanted to add a second question. Could you talk a little bit about your hiring plans and sales, what type of capacity you see going forward in terms of your ads for the next couple of quarters, and then What's the availability look like, and what does the cost look like? Are we seeing escalation in the prices of labor, and are there enough people out there to fulfill your needs?
spk05: Yeah, hi there. We're definitely investing for growth. It's an enormous opportunity out in front of us, so we're going to continue to invest and build and grow our go-to-market teams, our sales reps, sales engineers, you know, channel managers, really investing in our go-to-market engine. But at the same time, what we've been also able to yield is increasingly greater sales efficiency. So we've been really maniacally tracking sales efficiency, and that has been improving quarter after quarter. So we're going to actually have each quarter a bigger sales team that is also more efficient, helping us continue to drive growth But the last thing, and this is not to be underestimated with our unique go-to-market business, is that multidimensional channel that we talked about. Massive sales forces at various channel partners in the MDR space, MSSP partners, IR partners, traditional resellers and distributors. And so that's the right way to think about our global field presence is adding all of those folks up and understanding that each time we're adding a partner behind that, our hundreds of sales reps, you know, doing 2,000-plus accreditations to date, that's really building that flywheel. But we're absolutely going to continue to invest in our own Sentinel-1 personnel as it relates to go-to-market.
spk08: And on the cost and availability?
spk05: Well, what we're finding, and this sort of goes back to a question before around some of the benefits that we've seen with our IPO, is that that brand recognition doesn't just extend to channel partners and customers. It importantly extends to the best talent in the market. And so our ability to get really, really good folks who can hit the ground running, bring tremendous yield, that's enabling us to have great attraction and appeal to get the best talent in the market.
spk08: Great. Thank you very much.
spk00: Tom, I would now like to pass the call back over to Tomer Weingarten, CEO of SentinelOne. Thank you. You may proceed, Mr. Weingarten.
spk01: Thank you. And thank you all for joining us today. We look forward to talking to you again in the near future. Thanks a lot.
spk00: That concludes the conference call. Thank you for your participation and enjoy the rest of your day.
Disclaimer