Skip to content
Logo-main-white.860316a8

I/O Fund

  • Home
  • Free Stock Analysis
  • AI Stocks
  • BEST OF 2025
  • Analysts
  • Nvidia Hub
  • About
    • Case Studies
    • About Us
    • Premium Services
    • Pricing
    • Notable Wins
    • I/O Fund Reviews
    • Media
  • Contact Us

Category: Cybersecurity

This Stock Is Crushing Salesforce, MongoDB And Snowflake In AI Revenue

Posted on October 22, 2024June 30, 2026 by io-fund
This Stock Is Crushing Salesforce, MongoDB And Snowflake In AI Revenue

This article was originally published on Forbes on Updated Oct 17, 2024, 09:02pm EDTForbesForbes on Updated Oct 17, 2024, 09:02pm EDT

Palantir has been one of the top-performing AI software stocks this year with a 156% YTD return, thanks to accelerating revenue growth and strong business momentum from its Artificial Intelligence Platform (AIP) released last year.

AIP sets Palantir apart from the rest of the SaaS universe, driving visible AI-related growth and acceleration in multiple different metrics – at this time, other leading AI favorites such as Snowflake or MongoDB can’t say the same. Outside of the cloud hyperscalers, Palantir is one of the rare few that sees AI drive both real returns for its business and real value for its customers due to AIP.

Below, I break down how Palantir’s AIP is putting it a step above peer Salesforce, MongoDB and Snowflake with visible AI growth, and its undeniable ‘secret sauce’.

Palantir’s AI Growth is Visible

AIP has driven tremendous growth for Palantir’s business since its release, with primary impacts arising in the commercial segment. A clear inflection point in Palantir’s growth is visible following AIP’s release, while other ‘AI’ cloud peers can’t say the same about AI-driven growth.

Palantir said that “US commercial continues to accelerate in Q2 2024 alongside [the] AIP revolution” with “unprecedented demand”, and the numbers to back this up:

  • 55% YoY revenue growth in US commercial to $159 million, accelerating from 40% YoY in Q1.
Palantir US Commercial Revenue

US Commercial revenue growth accelerated to 55% YoY in Q2 as revenue rose to $159 million.

Source: I/O Fund

  • 83% YoY growth in US commercial customers to 295 and 98% YoY growth in US commercial deals closed to 123.
  • 103% YoY growth in US commercial remaining deal value and 152% YoY growth in US commercial total contract value to $262 million. Chief Revenue Officer Ryan Taylor explained that “one of the most notable indicators of our delivery is the volume of existing customers who are signing expansion deals, many of which are a direct result of AIP.”

Here’s what the growth in US commercial customers looks like:

US Commercial Customer Count

Palantir's US Commercial customer growth has reaccelerated over the past few quarters thanks to AIP.

Source: I/O Fund

US commercial customer growth began to stagnate through late 2022 and early 2023, but following AIP’s release in Q2 2023, customer count re-accelerated. There is a clear inflection point from where QoQ customer additions were decelerating – from 12 net adds in Q1 2023 to six net adds in Q2 2023. Following the AIP-driven acceleration, net adds rose to 20 QoQ in Q3 2023, then 40 QoQ in Q4 2023.

This matches a similar acceleration in commercial customer growth as Palantir quickly became a market darling following its IPO, which was seen as a way to drive growth in the commercial sector. From Q4 2020 to Q4 2021, commercial customers grew nearly 5X. Now, as a stock market darling once more with a unique and unbeatable AI offering, Palantir is seeing commercial growth resume.

Sign up for I/O Fund's free newsletter with gains of up to 2600% because of Nvidia's epic run – Click hereClick hereClick here

Palantir is King of AI Among Cloud SaaS Stocks

Other leading cloud ‘AI’ stocks are struggling to put up AI-driven growth numbers like Palantir.

Salesforce reported 8% YoY revenue growth in Q2, decelerating from 11% YoY in Q1, as subscription revenue growth decelerated to 9% YoY, down from 12% YoY in Q1. Salesforce sees Q3 revenue growth of 7%, another deceleration. The full-year revenue growth of just 8% to 9% translates to the SaaS giant struggling to realize AI gains. Furthermore, Salesforce’s more AI-aligned offerings, MuleSoft and Tableau, decelerated sharply in Q2, from 27% YoY to 13% YoY for MuleSoft and 21% YoY to 11% YoY for Tableau.

MongoDB witnessed a much steeper deceleration in Q2, as Atlas and new workload wins struggled at the start of the year. In Q1, MongoDB reported 22% YoY growth with Atlas growth of 32% YoY, and this decelerated to 13% YoY revenue growth in Q2 as Atlas declined 5 percentage points QoQ to 27% YoY. For the full year, MongoDB guided to about 14.6% YoY growth in Q2 as it slightly boosted its outlook, a steep deceleration from 31% YoY growth in fiscal 2024.

Snowflake’s product revenue growth decelerated from 34% YoY in Q1 to 30% YoY in Q2, and while this was ahead of its guidance by 3 percentage points, growth is set to decelerate further in Q3. Management guided for 22% YoY growth in product revenue for the third quarter, a steeper QoQ deceleration rate, with the full year product revenue guide of 26% YoY. Despite management saying that they see “great traction” in early stages of AI products, there’s no visible inflection or acceleration in growth.

In sharp contrast, AIP has helped Palantir drive a significant topline acceleration over the past four quarters.

Palantir Quarterly Revenue Growth, YoY

AIP's strong momentum has helped drive quarterly revenue growth to 27.2% YoY in Q2 2024, up from 12.7% in Q2 2023.

Source: I/O Fund

Palantir reported 27.2% YoY revenue growth in Q2, aided by strength in US commercial stemming from AIP as well as government revenue accelerating significantly. Palantir’s YoY revenue growth bottomed in Q2 2023 at 12.7%, the same quarter as AIP’s release, with revenue growth now 15 points higher. Despite guiding for a slight 2 percentage point deceleration in Q3 to 25.2% YoY growth, Palantir would only need to beat its guide by 1.5% to keep this revenue acceleration intact.

Fundamentally, what’s most critical for shares is maintaining a revenue growth rate above 20% for the foreseeable future – analysts currently estimate fiscal Q2 2025 to be the one quarter of the next eight with revenue growth just below that threshold. Given AIP’s strength just one year following its launch, with clear inflections in customer and revenue growth, it will be the telling sign of Palantir’s AI status if it can maintain these revenue growth rates as it scales.

Palantir’s AIP Separates it From the SaaS Universe

Palantir’s standout performance so far in 2024 against SaaS peers can be attributed to the success of AIP, which, at its core, is a comprehensive AI platform that lets enterprises lever Palantir’s AI and machine learning tools and harness the power of the latest large language models (LLMs) within Foundry and Gotham.

Gotham was the company’s first product and is built for government operatives in defense and intelligence sectors. The platform enables users to identify patterns hidden deep within datasets using semantic, temporal, geospatial and full-text analysis, with mixed reality capabilities to allow operations to be run in virtual environment as well. Graph allows data objects to be seen as nodes and edges, while Map track geo-located objects, run searches and display key data.

Foundry was built for the commercial sector, and is centered around the three-layer Ontology Core, integrating semantic, kinetic, and dynamic layers for real-time data analytics and AI-powered decision making capabilities:

  • The Semantic layer brings volumes of data into one place, and lets users generate detailed object properties
  • The Kinetic layer brings operations and business behaviors into a real-time graph linked back to the Semantic layer, creating the basis for AI-driven analytics, real-time monitoring, identification of inefficiencies, and ability to optimize workflows
  • The Dynamic layer connects models to objects and actions, reasoning across both the Semantic and Kinetic layers for AI-powered automation and AI-driven decision making, alongside multi-step simulations with AI predictive analytics to explore possibilities of changing actions or events

AIP combines with Foundry’s data operations suite and Apollo’s autonomous software deployment capabilities as part of Palantir’s ‘AI Mesh’, providing enterprise and government customers with a full suite of AI products from the web to mobile to the edge. With the Ontology, linking data and logic into an AI-accessible environment, Palantir brings generative AI directly to an enterprise’s operations, delivering real-time AI-driven operational decision-making abilities.

Palantir describes Gotham and Foundry as the “ability to construct a model of the real world from countless data points.” AIP links this all together, and this is what separates Palantir as a standout in the SaaS space — outside of the cloud hyperscalers, Palantir is one of the rare few that sees AI drive both real returns for its business and real value for its customers due to AIP.

What further sets AIP apart is its scalability, interoperability and versatility. With AI Mesh, organizations can integrate AI across different operations and applications, while its design facilitates interoperability with existing enterprise software and systems. AIP is also extremely versatile, having been successfully and seamlessly integrated into enterprises spanning a wide range of industries from tech to healthcare to aerospace, while still driving value to customers.

The uniqueness of Palantir’s AIP and value that it can quickly provide has driven growth for the company. CEO Alex Karp said in Q2 that “growth across the commercial and government markets has been driven by an unrelenting wave of demand from customers for artificial intelligence systems that go beyond the merely performative and academic.”

Essentially, there is constant strong demand for an applicable, scalable, versatile AI platform that can drive real-time results with an instant value-add for an organization. Chief Revenue Officer Ryan Taylor added that Q2’s “exceptional results are a reflection of a market that is quickly awakening to a reality that our customers have already known, we stand alone in our ability to deliver enterprise AI production impact at scale.”

Every Thursday at 4:30 pm Eastern, the I/O Fund team holds a webinar for premium members to discuss how to navigate the broad market, as well as various stock entries and exits. We offer trade alerts plus an automated hedging signal. The I/O Fund team is one of the only audited portfolios available to individual investors. Learn more here.Learn more hereLearn more here.

Government is Palantir’s Secret Sauce

While Palantir is undoubtedly seeing strong business momentum in the commercial sector, the government sector remains Palantir’s bread and butter, being that the government sector has funded the company and allowed it to aggressively invest in AIP while expanding margins, with a recent growth acceleration

In Q2, US government revenue accelerated to 24% YoY growth, up 12 percentage points from 12% YoY growth in Q1. Overall, government revenue growth was 23% YoY, up 7 percentage points from 16% YoY in Q1. Management noted that Palantir was “selected for several notable awards in Q2, which led to the strongest US government bookings quarter since 2022, reflecting the growing demand for our government software offerings.”

This included a production contract from the DoD, Chief Digital and Artificial Intelligence Office (CDAO) for an AI-enabled operating system for the DoD, with an initial $153 million order and additional awards for up to $480 million over a 5-year period.

The acceleration in the government segment aided overall revenue growth in the quarter, as the government continues to remain Palantir’s primary revenue source, accounting for nearly 55% of total revenue. This is why the government segment is vital for Palantir, and is its ‘secret sauce’ – these long-term, high-value government contracts provide consistent and recurring revenue and financial stability, allowing the company to venture and invest to scale AIP while expanding margins and increasing its profitability.

Conclusion

Palantir has been on a tear this year, and is outperforming major cloud competitors, thanks to the strength and uniqueness of its AIP offering. Palantir has the best of both worlds in government contracts and AI exposure, as well as accelerating enterprise AI adoption and strong customer and revenue growth.

The one caveat is Palantir’s valuation, at 34x FY24 revenue and 29x FY25 revenue, is increasingly challenging to sustain. In the past, the low 20x revenue multiple range has tended to be the level that even the industry’s leading SaaS names have struggled to break past over the last few years.

Given the outsized valuation, the I/O Fund is looking for a lower entry in Palantir before adding the stock to our portfolio. Join the I/O Fund’s next webinar on Thursday, October 24th where Knox Ridley, Technical Analyst, will discuss the firm’s buy zones and targets for AI leaders. Learn more here.

Please note: The I/O Fund conducts research and draws conclusions for the Fund’s positions. We then share that information with our readers. This is not a guarantee of a stock’s performance. Please consult your personal financial advisor before buying any stock in the companies mentioned in this analysis.

Recommended Reading:Recommended Reading:

  • Nvidia, Mag 7 Flash Warning Signs For StocksNvidia, Mag 7 Flash Warning Signs For Stocks
  • Why the I/O Fund is Not Buying Nvidia Right Now: Video InterviewWhy the I/O Fund is Not Buying Nvidia Right Now: Video Interview
  • Cybersecurity Stocks Seeing Early AI GainsCybersecurity Stocks Seeing Early AI Gains
  • 4 Things Investors Must Know About AI4 Things Investors Must Know About AI
Posted in Ai Platforms, AI Stocks, Cybersecurity, CybersecurityLeave a Comment on This Stock Is Crushing Salesforce, MongoDB And Snowflake In AI Revenue

Cybersecurity Stocks Seeing Early AI Gains

Posted on October 1, 2024June 30, 2026 by io-fund
Cybersecurity Stocks Seeing Early AI Gains

This article was originally published on Forbes on Updated Sep 26, 2024, 10:29pm EDTForbesForbes on Updated Sep 26, 2024, 10:29pm EDT

Cybersecurity is becoming increasingly important in the age of AI, as the number and sophistication of threats increase. Combining cybersecurity with AI has a natural affinity as cyberattacks are computer generated, and in turn, computers are uniquely capable of finding computer-generated threats. Utilizing AI to identify threats and for pattern recognition and anomaly detection is not new by any means, but rather what is now rapidly coming to market are platforms enabled with generative AI, to enable threat detection and prevention before attacks occur.

Despite cybersecurity being one of the most promising sectors to reap the benefits from AI, popular stocks have stumbled this year. CrowdStrike had a faulty update that caused global outages with high profile airlines affected. Palo Alto also recorded its largest-ever one-day decline as it cut its outlook; the company is taking a near-term hit as it pivots toward becoming a platform, which will fare better for AI purposes rather than a collection of disparate vendor products.

AI offerings are becoming more prevalent, and the first signs of AI-related growth are arising in the leading names in the industry. Below, I look at the demand environment for leading cybersecurity stocks CrowdStrike, Zscaler, Palo Alto, and Fortinet, and which ones have key metrics hinting toward underlying strength.

AI Opening New Opportunities as Threats Rise

Nearly one year ago, the I/O Fund discussed for its free newsletter readers how cybersecurity was the next industry to be disrupted by AI, not only by improving threat detection and prevention capabilities but also because AI-based attacks were on the rise. AI is aiding enterprises to expedite threat prevention, yet hackers are similarly expediting the end-to-end attack life cycle, and could potentially execute larger and more complicated attacks faster than ever before.

According to McKinsey, 51 percent of organizations believe generative-AI is driving new risks in cybersecurity, down slightly from 53 percent in a similar survey from 2023. However, only 33 percent of organizations are actively working to mitigate AI-related cybersecurity risks, with 16 percent already witnessing a negative consequence or event.

A report from the World Economic Forum predicts that AI could push cyber incidents and data breaches to a new record high in 2024, even after a 72% YoY increase in data breaches in 2023. Palo Alto said it is seeing an “uptick in mega-breaches” with multi-billion dollar impacts, as ransomware public extortion activity has risen more than 50% from 2022. Zscaler also sees ransomware attacks continuing to rise, up 18% YoY, though victims and payloads have gotten increasingly large, with 57% more victims and 144% more payloads.

Ransomware Attacks Data

Zscaler sees ransomware attacks continuing to rise, up 18% YoY, though victims and payloads have gotten increasingly large, with 57% more victims and 144% more payloads

Source: I/O Fund

The new dynamic created by AI in the industry from both a threat and protection standpoint offers a long-term growth runway. As Palo Alto puts it, the year 2024 “will be a phenomenal year in the utilization of AI in cybersecurity,” but it “will pale by comparison to what is yet to come.”

Sign up for I/O Fund's free newsletter with gains of up to 2600% because of Nvidia's epic run – Click hereClick here

Palo Alto Networks: 4x Growth to $200M AI ARR

Palo Alto’s management believes AI “continues to generate significant excitement in the market,” and “adoption is proceeding at a rapid pace faster [than] any other new technology.” They see AI not only creating “transformative use cases” enabling new revenue streams and efficiencies, but also enabling cybercriminals to broaden attacks, improve targeting, and scale beyond what can currently be controlled by humans.

Palo Alto is rolling out a comprehensive AI product suite, with the launch of AI Access, AI SPM, and AI Runtime Security in May, combined with its AI-driven SecOps platform Cortex and AI integrations in its Prisma Cloud and SASE offerings. Palo Alto noted in Q4’s earnings call that its AI Access could be deployed to its 5,000+ Prisma Access customers, while nearly 1,000 customers were also interested in AI Access. This is an incredibly strong response given that early access to the solution was launched in July, only one month prior to management’s comment.

In fiscal Q4, Palo Alto disclosed that its AI ARR (AI Access, AI SPM, AI Runtime) had surpassed $200 million to close out the year, for 4x YoY growth. While growth is rapid, AI’s scale is still small, due to the recent timing of launches. However, AI already accounts for nearly 5% of Next-Gen Security (NGS) ARR, and is set to grow its share of NGS ARR as products scale.

Palo Alto is also seeing strong growth in Cortex, with ARR surpassing $900 million in fiscal 2024. Cortex XSIAM delivered north of $500 million in bookings, with customer count rising 4x YoY. Palo Alto has previously noted that XSIAM drives much higher ARR, with customers who adopt XSIAM having >5x ARR compared to those that do not. Continuing to accelerate customer adoption of XSIAM while growing Cortex’s customer base (up nearly 20% YoY to >6,100) can drive strong long-term growth for the fastest-growing product in Palo Alto’s history.

With the strengths arising in AI, Palo Alto is expecting NGS ARR growth to remain robust, though headline growth is decelerating due to the law of large numbers. NGS ARR is guided to increase 34% to 36% YoY in Q1 of fiscal 2025, reaching between $4.33 billion to $4.38 billion. On a dollar basis, that represents YoY growth of $1.13 billion, marginally higher than the $1.12 billion it added from Q1 2023 to Q1 2024, where YoY growth was reported at 53% — essentially, Palo Alto is maintaining the same growth in dollar terms despite operating at a larger scale.

Zscaler: AI Contributing 3 Points to Growth

Zscaler launched its AI Analytics solutions at the end of 2023, and is already seeing strong contributions from these new products, including its Risk360, Business Insights, Unified Vulnerability Management and more. Zscaler’s management believes that “the increasing use of AI is creating new avenues of growth,” and “the rising adoption of Gen AI is exposing new gaps in organizations' security posture.”

Management said that AI Analytics was “seeing strong traction” in Q4, and “contributed nearly 3 points to new and upsell business growth in Q4 and 2 points for the entire fiscal '24,” even with the products being available for just a portion of the year. While Zscaler did not break out AI’s contribution in dollar terms, it noted that it saw record new and upsell business in Q4 and a record $1 billion-plus in quarterly bookings (driven by the new and upsell business), suggesting that the AI Analytics was a strong driver for the quarter under the hood.

Zscaler is also prioritizing data center and AI investments to support this growth in AI Analytics. For fiscal 2025, management said that they expect “data center CapEx to be approximately 3 points higher as a percent of revenue compared to fiscal 2024,” due to investments to upgrade cloud and AI infrastructure. Property and equipment purchases have been accelerating on a quarterly basis to nearly $50 million in Q4, and totaled 7% of revenue for the entirety of FY24, so Zscaler looks to be eyeing a move closer towards the 10% range. As a result of these increased data center investments, free cash flow margin is expected to decline from 27% in FY24 to 23.5% to 24% in FY25.

Zscaler Property and Equipment Purchases

Zscaler's property and equipment purchases have been accelerating on a quarterly basis to nearly $50 million in Q4, and totaled 7% of revenue for the entirety of FY24

Source: I/O Fund

Additionally, despite closing out its fiscal 2024 with a double beat in Q4, Zscaler’s guide for FY25 was light, pointing to a revenue growth deceleration of ~6 percentage points YoY. Zscaler also left clues that AI Analytics and other new products will continue to see strength in FY25, saying that sales productivity was better than expected, driven by new and upsell business. The trend is set to continue in FY25 and strengthen in the second half of the fiscal year.

Fortinet: AI-Driven Ops Account for 10% of Billings

Fortinet did not break out AI revenue or ARR like Palo Alto has, but management said that in fiscal Q2, “AI-driven SecOps accounted for 10% of total billings,” an increase of 1 point QoQ but flat YoY. Fortinet’s FortiAI solution is currently available in its FortiAnalyzer, FortiSIEM, and FortiSOAR products but will be expanded to more products in the future.

However, AI-driven SecOps’ billings have been lumpy, and are lower in Q2 than they were in Q4. Based on the 10% figure, Q2’s AI-driven SecOps billings were approximately $154 million, up just over 22% QoQ but down more than (17%) from $186 million in Q4. AI-driven SecOps also has not surpassed 10% of total billings in each of the last four quarters.

AI-Driven SecOps Billings

Fortinet's Q2 AI-driven SecOps billings were approximately $154 million, up just over 22% QoQ but down more than (17%) from $186 million in Q4

Source: I/O Fund

Management guided for billings to be approximately flat to up low single-digits QoQ in Q3, implying that AI-driven SecOps’ contribution will not rise significantly unless SASE or Secured Networking declines significantly, which is unlikely to be the case. As a result, Fortinet may not see its AI-driven products meaningfully contribute to billings growth or drive a newfound acceleration in the metric.

Despite this, Fortinet took steps to broaden its AI security portfolio, acquiring Lacework in Q2. Management expects Lacework’s “organically developed AI-driven cloud-native application protection platform will be combined with the power of Fortinet’s Security Fabric platform, ensuring broad protection across the network, cloud, and endpoint.” The move is expected to add $10 billion to Fortinet’s TAM, per management’s projections.

Every Thursday at 4:30 pm Eastern, the I/O Fund team holds a webinar for premium members to discuss how to navigate the broad market, as well as various stock entries and exits. We offer trade alerts plus an automated hedging signal. The I/O Fund team is one of the only audited portfolios available to individual investors. Learn more here.Learn more here.

CrowdStrike Discusses AI Opportunities Without Disclosing AI Numbers

While peers Palo Alto and Zscaler put forth some early AI revenue and growth numbers, CrowdStrike has not, but management has discussed AI-related opportunities in some detail.

CrowdStrike has not broken out any AI-specific growth numbers or contribution, but arguably has a very strong product suite with its Falcon platform and its new generative AI-powered security analyst Charlotte AI. Management sees a long runway ahead for AI in cybersecurity, with a $225B 2028 AI-native security TAM, explaining that “decreasing TCO and increasing efficiencies through AI and automation are clearly voiced organizational priorities and will be for years to come.”

CrowdStrike believes Charlotte AI holds “an incredible amount of promise,” and has been training this AI security assistant to “be a malware reverse engineer, … to translate threat hunting queries, … to help automate reporting, … [and] to do some incident response use cases,” to improve efficiency and accelerate back-end processes when working in conjunction with humans. Management says that its “best-in-class module adoption” is “supercharged by Charlotte AI [and] makes the Falcon platform sticky for all users.”

Adoption rates for CrowdStrike’s modules remain strong, with adoption of 6+ and 7+ rising 1 point each sequentially to 45% and 29%. Additionally, similar to Palo Alto, CrowdStrike’s ‘hypergrowth’ products (LogScale next-gen SIEM, Cloud and Identity Security) are witnessing strong growth, with ending ARR for the group surpassing $1 billion, up 85% YoY.

Conclusion

Cyberattacks are rising in both number and sophistication. While 2024 has been a bit of a wild ride for the industry, cybersecurity is only growing in importance in the age of AI. The industry’s leading companies are progressing with AI-powered product deployments, seeing long runways ahead despite minimal signs of growth at the moment.

Palo Alto’s AI portfolio is contributing ~$200 million, or 5%, of total ARR, while Zscaler’s products are contributing just 3 points to upsell growth. Fortinet is seeing AI-driven SecOps contribute 10% of billings, though that has been relatively unchanged for four quarters. Meanwhile, CrowdStrike has yet to put a firm number on AI-related growth, though next-gen products are recording rapid growth.

Cyberstock Company Charts

Cybersecurity stocks command a premium to the broad SaaS universe with early signs of AI growth.

Source: YChartsYCharts

Due to their early exposure to AI and revenue streams, cybersecurity stocks command a premium to the broad SaaS universe. Despite its valuation crunch after its incident, CrowdStrike remains the third most-expensive software stock on a top-line basis, with Palo Alto also in the top ten. Fortinet and Zscaler both trade around the 10x forward revenue level, nearly double the median 5.5x multiple for the sector.

Our goal (always) is to perform deep dive research to identify winners, and then to subsequently identify a good entry. I will be direct and say our firm is not a buyer in this market as I believe most tech stocks will trade lower in the next 3-6 months. Yet, it’s never too early to perform research and get our ducks in a row for when the market affords solid entries. Interestingly, despite cybersecurity AI revenue numbers looking low, it’s one of the only software verticals where there is AI revenue. I think investors should pay attention to these early green shoots.

While Wall Street is worried about how much AI is costing, the I/O Fund is busy calculating how big the AI opportunity can get in the next few years and how investors can participate. Learn more about the I/O Fund’s holdings and consistent deep dive research on AI stocks, crypto and more here.here.

Please note: The I/O Fund conducts research and draws conclusions for the Fund’s positions. We then share that information with our readers. This is not a guarantee of a stock’s performance. Please consult your personal financial advisor before buying any stock in the companies mentioned in this analysis.

Recommended Reading:

  • 4 Things Investors Must Know About AI
  • AI PCs Have Arrived: Shipments Rising, Competition Heating Up
  • Prediction: Microsoft Azure To Reach $200 Billion In Revenue By 2028
  • Nvidia Stock Is Selling Off: It’s Not Because Of Blackwell
Posted in Cloud Software, Cybersecurity, CybersecurityLeave a Comment on Cybersecurity Stocks Seeing Early AI Gains

Cybersecurity Stocks: CrowdStrike Soars While Palo Alto And Zscaler Fall

Posted on March 10, 2024June 30, 2026 by io-fund
Cybersecurity Stocks: CrowdStrike Soars While Palo Alto And Zscaler Fall

This article was originally published on Forbes on Mar 7, 2024,08:19pm ESTForbes Forbes on Mar 7, 2024,08:19pm EST

This year has led to a split landscape for cybersecurity stocks, with two of cybersecurity leaders up more than 20% YTD while others are negative YTD. In the past, we’ve discussed the resiliency of the cybersecurity trend being that it’s one of the highest costs that enterprises face at 12% of IT budgets on average. The cost of cybercrime continues to rise, and is estimated to reach $10.3 trillion by 2025 and $13.8 trillion by 2028. AI and automation are playing an increasingly large role in the industry, with 560,000 new pieces of malware detected every day. Software systems cannot keep up with this, and AI is already assisting human teams in identifying which threats require more analysis.

Cybersecurity Stock Charts

Source: Data by YCharts

Despite the strength of the trend, we are seeing mixed results across cybersecurity leaders. Palo Alto cut its billings and revenue forecast in a shift to a “platformization” approach. Zscaler fell despite beating on the top and bottom line as it pointed to a rather sharp deceleration in calculated billings. In contrast, CrowdStrike rose nearly 11% after it beat estimates with another record in net new ARR, and guided fiscal Q1 marginally ahead of consensus. Adding to CrowdStrike’s strength, Fortinet has rallied double-digits year-to-date despite signaling that growth is slowing, with revenue and billings set to decelerate sharply this year.

However, if we zoom out, it’s quite clear what the strongest cybersecurity stock has been with CrowdStrike’s 1-year returns of 162% well ahead of its peers. The analysis below looks at why some are starting the year exceptionally strong, while others are not in the leading cloud vertical of cybersecurity.

Cybersecurity Stocks Price Change

Source: Data by YCharts

Sign up for I/O Fund's free newsletter with gains of up to 221% – Click hereClick hereClick here

Fortinet: Growth Is Slowing

Although Fortinet reported solid improvement in operating income and EPS for fiscal 2024, revenue growth and billings growth is slowing considerably. Revenue increased 10.2% YoY to $1.42 billion in the quarter, a 570 bp deceleration from 16% growth in Q4. Fortinet had initially guided for billings to decline YoY to $1.63 billion at midpoint, but it handily beat its guide as it reported 8.5% growth with billings of $1.89 billion. This was a 280 bps acceleration from 5.7% billings growth in Q3, but a far cry from the 30% range seen through 2021 and 2022, with growth decelerating swiftly through 2023.

Fortinet Billings Trends

Source: I/O Fund

Q4’s billings were driven by signing 13 deals above >$10M generating $232M in billings (up 177% YoY). However, the Q4 beat was short lived with Q1’s guide pointing to a (5%) YoY decline in billings to $1.43 billion at the midpoint. Growth is expected to be minimal for the full year, with Fortinet pointing to $6.4 billion to $6.6 billion in billings, or growth of 0% to 3%.

This would represent a significant slowdown in billings growth over the past two years, from 33.8% in 2022 to 14.4% in 2023 to the low-single digit range for 2024. Revenue growth is decelerating rather rapidly as a result, with Fortinet’s $5.76 billion guide for the full year pointing to growth in the high single digit range from $5.31 billion in 2023. Consensus estimates were at $5.94 billion for 11.9% growth, but that has since been revised lower to $5.79 billion for 9.1% growth.

Product revenue has declined for two consecutive quarters, in part due to tough comps in late 2022. Management explained that product revenue “will continue to be impacted by project and product digestion in 2024,” though the “selling environment should improve in the second half of 2024 and into 2025.”

Fortinet Revenue Growth

Source: I/O Fund

Services revenue growth has slowed to under 25%, the lowest level since early 2022. Given services’ share at nearly 66% of revenue in Q4, a prolonged deceleration would bode negatively for revenue growth moving forward. There were positives emerging in SecOps, which grew 44%, and SSE element of SASE, which management added also witnessed more than 40% growth in the quarter.

Palo Alto: Billings and Revenue Forecasts Cut in Platformization Approach

Palo Alto shares plunged over (28%) after its fiscal Q2 earnings report when management cut its billings and revenue forecast for the full year. We had informed our readers in the analysis “The Strongest Cybersecurity Stocks in Q3” in December following Palo Alto’s weak billings in Q1 that this was “amplifying concerns that revenue and billings growth is decelerating.”

Palo Alto also unveiled a stronger push for “platformization” among its three platforms to drive vendor consolidation, saying that it intends to make “significant additional investments” in this strategy as it will be “a major area of focus for us as we move forward.”

Revenue in fiscal Q2 increased 19% YoY to $1.98 billion, a 1 percentage point deceleration from 20% in Q1. Palo Alto cut its full year revenue guide by $0.2 billion to $7.95 billion to $8.0 billion, for growth of 15% to 16% YoY, and also cut its billings forecast by ~5%. Palo Alto is now seeing billings at $10.1 to $10.2 billion, for growth of 10% to 11% YoY, down from its prior view for $10.7 to $10.8 billion due to impacts in its federal government business. This implies a further deceleration over the next two quarters, potentially to revenue growth in the low teens.

However, next-gen offerings continued to see strong demand and growth: networking security SASE ARR increased more than 50% YoY for the fifth consecutive quarter, while Next-Gen Security (NGS) ARR rose 50% YoY to $3.49 billion. Palo Alto also saw the highest number of deals signed for XSIAM (Extended security intelligence and automation management) in the quarter.

Billings Growth

Source: I/O Fund

Palo Alto is taking a more aggressive approach to “platformizing” its offerings as customer LTV increases exponentially per platform added. It sees the near-term headwinds to revenue and billings growth as merely a blip in its long-term target to reach $15 billion in NGS ARR by 2030, up from its guided $3.95 to $4 billion in 2024. Revenue growth is expected to remain pressured through FY24 and begin inflecting higher through the end of FY25 (12 to 18 months), as the headwinds of this approach begin to fade.

Platform G2K Customers

Source: Investor Relations

While this exponential increase in customer long-term value alone can support this strategy shift, peer Fortinet also highlighted other positives around this approach: “Consolidation allows security solutions to share data and communicate with each other, reducing complexity, improving security effectiveness, easing the need for skilled labor, and lowering the total cost of ownership. Consolidation drove our SecOps business to 44% growth, with strong growth from EDR, SIEM, email security, and NDR.”

Every Thursday at 4:30 pm Eastern, the I/O Fund team holds a webinar for premium members to discuss how to navigate the broad market, as well as various stock entries and exits. We offer trade alerts plus an automated hedging signal. The I/O Fund team is one of the only audited portfolios available to individual investors. Learn more here.Learn more hereLearn more here.

Zscaler: Calculated Billings to Decline Sequentially

Zscaler beat on the top and bottom line, and marginally boosted its full year revenue and calculated billings forecast. Despite the beat and raise, Zscaler guided for a (7%) sequential decline in calculated billings for Q3, suggesting further deceleration in this key metric to the low-20% range.

Revenue increased 35% YoY to $525 million, a slight deceleration from 40% growth in Q1; Zscaler guided for 28% YoY growth in Q3 to $535 million at midpoint. As a result, Zscaler marginally boosted its full year revenue outlook to $2.118 to $2.122 billion, up approximately 1% from its prior view for $2.09 to $2.10 billion.

Zscaler tightened its billings growth outlook to $2.55 to $2.57 billion, at the upper end of its prior forecast for $2.52 to $2.56 billion. This correlates to 25% to 26% YoY growth. We had said in December following Q1’s release that the fact Zscaler “did not raise its full-year billings outlook as it tends to do” suggested that ‘billings growth will decelerate through the remainder of the fiscal year.” This is currently what is playing out – calculated billings increased 34% in Q1, decelerating to 27% in Q2. Q3’s forecast for a (7%) QoQ decline implies calculated billings of $584 million, or a further deceleration to just 21% growth.

Calculated Billings Growth

Source: I/O Fund

GAAP profitability remains elusive, unlike peers CrowdStrike and Palo Alto, who have both recorded quarters with GAAP operating and net profitability. Zscaler has been making inroads on the GAAP profitability front, with GAAP operating margin just above (9%) and GAAP net margin at (6.7%) for the past two quarters. However, until Zscaler can meaningfully reduce operating expenses, currently at approximately 87% of revenues, GAAP profitability will continue to remain elusive should growth decelerate.

Interestingly, Zscaler commented that it believes it is “still operating in a challenging macroenvironment and customers continue to scrutinize large deals,” and that its 2024 outlook balances its “business optimism with ongoing macroeconomic uncertainties and sales leadership changes.”

CrowdStrike: Shares Fly With Record Net New ARR, Robust RPO, Margin Strength

CrowdStrike reported a new record for net new ARR in Q4, far surpassing the record it set in the previous quarter, as GAAP margins continued to strengthen. For FY25, CrowdStrike’s guide was marginally above consensus, yet the market is clearly pleased with this continued expansion in operating and net margins. The turnaround on net new ARR is notable, yet the turnaround on GAAP profitability is what is most impressive compared to its cloud peers, especially considering the far majority of cloud stocks are years away from GAAP profitability (if they ever get there). We covered the earnings report in-depth for our premium members here.

Net new ARR accelerated significantly in the quarter to 27% growth, which is a 14-point acceleration from 13% growth in Q3. This is up from 2% growth for net new ARR in the year ago quarter. The turnaround in this particular key metric is notable, especially compared to other cloud stocks whose key metrics are decelerating. ARR increased 34% to $3.44 billion, which was down 1 percent from 35% growth last quarter.

CrowdStrike’s management stated that the company continues “to aggressively invest in our innovation engine and flank the company to achieve its vision of reaching $10 billion in ARR over the next 5 to 7 years.” That would imply about 200% growth in 5-7 years. The growth of deals with total value exceeding $1 million accelerated to “over 30%” this quarter for 250 customers.

Crowdstrike GAAP Margin Trends

Source: I/O Fund

Margins strengthened across the board – driven by four quarters of GAAP gross margin at 75% and GAAP subscription margin at 78%, both up from the prior year. To further illustrate CrowdStrike’s margin expansion, GAAP operating income was $30 million this quarter compared to (-$61.5) million in the year ago quarter. This is up from $3.2 million last quarter. For the full year, CrowdStrike nearly broke even from operations, reporting just a ($2 million) loss from operations, or a (0%) margin, an 800 bp improvement from FY23. CrowdStrike also reported its first full year with GAAP net profitability, reporting a 2.9% net margin, compared to an (8.2%) margin in FY23.

CrowdStrike echoed Zscaler with its macro commentary, saying that it believes the “current macro environment remains stable and consistent with prior quarters,” as it expects “continued deal scrutiny throughout this coming year.” Management added that its fiscal Q1 and FY25 guidance “assumes a consistent, challenging macro backdrop.”

Conclusion

The 1-year performance across cybersecurity leaders is quite variable, ranging from an impressive 161% to a mere 17%. This makes it well worth our time to monitor the metrics driving performance in this sector. Billings growth will be important to continue to track, as some hints of weakness last quarter spilled over into reduced forecasts from Palo Alto and Fortinet. Revenue deceleration will also be a key metric to watch given the decelerations guided from Palo Alto and Fortinet. Most importantly, these key metrics can provide clues as to which companies will be strongest moving into the rest of 2024 and beyond.

If you own Cybersecurity stocks or are looking to own these stocks, consider joining us for our next broad market webinar. Every Thursday at 4:30 pm Eastern, the I/O Fund team holds a webinar for premium members to discuss how to navigate the broad market, manage risk, as well as revealing our various long-term game plans regarding stock entries and exits. We offer trade alerts plus an automated hedging signal. The I/O Fund team is one of the only audited portfolios available to individual investors. Learn more here.

Please note: The I/O Fund conducts research and draws conclusions for the Fund’s positions. We then share that information with our readers. This is not a guarantee of a stock’s performance. Please consult your personal financial advisor before buying any stock in the companies mentioned in this analysis.

Recommended Reading:

  • The Next Market AI Will Disrupt Is Cybersecurity
  • The Strongest Cybersecurity Stocks In Q3
  • CrowdStrike: On The Brink Of Becoming GAAP Profitable
  • The Magnificent 7 Are Falling Like Dominos; Only 3 Remain
Posted in Cloud Software, Cybersecurity, CybersecurityLeave a Comment on Cybersecurity Stocks: CrowdStrike Soars While Palo Alto And Zscaler Fall

The Strongest Cybersecurity Stocks In Q3

Posted on December 4, 2023June 30, 2026 by io-fund
The Strongest Cybersecurity Stocks In Q3

This article was originally published on Forbes on Forbes Forbes on Nov 30, 2023,09:40pm EST

Cybersecurity stocks have performed well in 2023, rising about +26.5% YTD, with the security backdrop boosted by an increase in data breaches and ransomware. Quarterly spending has increased approximately +12.7% YoY to ~$37.6 billion through the first half of the year, although commentary from sector leaders Fortinet and Palo Alto raised some concerns about spend optimization, with billings forecasts from the two weaker than expected.

Despite beating on the top and bottom lines, Zscaler provided flat billings guidance while revenue growth is set to slow. CrowdStrike was GAAP profitable from operations for the first time ever as net new ARR reached a record, but billings and ARR growth both decelerated.

Cybersecurity Market Growth Slows in Q2

Zscaler and CrowdStrike reported their October quarters this week with both providing important commentary that the macro environment is tougher than usual. CrowdStrike’s management said that buyers still remain cautious since the “macroenvironment remains challenging with continued increased budget scrutiny.” Zscaler said that while the “global macro environment remains challenging, and customers continue to scrutinize large deals, … customer sentiment seems to be stabilizing.”

Looking back at the cybersecurity market through Q2 offers a bit of color on those broader trends impacting growth this year. The market registered a third straight quarterly deceleration in Q2, per Canalys estimates, as the global market recorded +11.6% YoY growth to $19.0 billion.

This marked a slight deceleration from the +12.5% growth in Q1 to $18.6 billion, and a sharper deceleration from the +15.8% growth rate seen in 2022, as the cybersecurity market topped $71 billion for the year.

Cybersecurity Market Growth, Quarterly YoY

Source: CANALYS

Growth in North America remained resilient at +12.6% YoY in Q2, the bellwether of the market considering it accounts for more than half of total spending. Latin America and EMEA growth remained in the double digits, though both decreased approximately 180 to 210 bp sequentially. APAC growth saw the largest slowdown, from +10.7% YoY in Q1 to +8.8% YoY in Q2.

Headwinds Remain in Play in Q3

Budget cuts, consolidation, and optimization are some of the trends at play in the cybersecurity market that are pulling 2023’s growth rates lower. Microsoft CEO Satya Nadella said in January during its fiscal Q2 earnings call that customers were “consolidating on our security stack, in order to reduce risk, complexity and cost.”

CrowdStrike CEO George Kurtz echoed Nadella’s view in the company’s Q1 earnings call in March that customers “want to reduce cost and headcount, reduce the number of point products and agents, reduce complexity and simplify operations.”

Venture capital funding deals and deal value also reflect this challenging environment persisting through Q3. According to Crunchbase, deal count declined just over (-15%) from Q2 to 153. Although deal value was marginally higher at $1.9 billion compared to ~$1.8 billion in Q2, it was about (-30%) lower YoY as large late-stage deals faded. VC funding has totaled just $6.4 billion YTD, on track to mark the lowest level of funding for cybersecurity startups since 2019, which totaled $8.8 billion.

Cybersecurity VC Funding

Source: CRUNCHBASE

Despite such cost and complexity concerns, companies are still committed to protecting data and operations. It’s this point that will drive long-term growth of the industry in the face of these near-term headwinds: there will always be more data to protect.

Sign up for I/O Fund's free newsletter with gains of up to 221% – Click hereClick hereClick here

Fortinet: Q4 Guidance Soft, Billings to Decline YoY

Fortinet declined (-12.4%) following its Q3 earnings report for three key reasons: Q3 revenues marginally missed estimates, Q4 revenue guide was below consensus, and most importantly, Fortinet is projecting a YoY decline in net billings.

Fortinet reported revenues of $1.33 billion in Q3, which missed expectations by just $20 million. For Q4, Fortinet guided revenues $80 million lower at midpoint than the consensus estimate of $1.49 billion.

Q4 billings were projected to be between $1.56 to $1.70 billion, representing a YoY decline of ~(1%) to (9%). Management’s transition to SASE and security operations, and challenging network comps, are some of the factors behind the revenue slowdown with Fortinet seeing “modest” revenue growth for the next few quarters.

Fortinet Billings Growth YoY

Source: I/O FUND

Fortinet’s billings slowdown and the lowered revenue forecast is a concern as 2023 would mark Fortinet’s slowest billings growth since its IPO in 2009. Growth is estimated at just +10.2% YoY at the $6.165 billion midpoint. It’s also a significant slowdown from the +34% and +35% billings growth seen in 2022 and 2021. Management said the growth slowdown in Q3 stemmed from “1 month shorter contract duration and importantly, lackluster appliance demand.”

A slowdown in product revenue growth is likely a driving factor behind the lowered revenue forecast for 2023. Product revenue is forecast to increase only +9% YoY to $1.935 billion – this is well below 2022’s +42% growth, 2021’s +37% growth, and its +23.7% average growth rate since 2009. CEO Ken Xie said that “the Secure Networking market is experiencing slower growth as product demand returns to normal levels following two years of elevated growth.” He added that “building and product revenue fell below our expectation” due to that slowdown in Secure Networking.

Palo Alto: Billings Weaker than Expected, Underlying Metrics Strong

Palo Alto shares fell (-5.4%) following its fiscal Q1 earnings report, but have since gained more than +14% to rise to new highs. The initial negative reaction stemmed from a lowered billings forecast as well as hints that revenue growth is slowing below 20%, but other underlying metrics remained strong.

Palo Alto reported +20% YoY revenue growth to $1.88 billion and +16% YoY billings growth to $2.02 billion, which came in below its prior outlook for $2.05 to $2.08 billion in the October quarter. This miss is amplifying concerns that revenue and billings growth is decelerating — revenue growth was at the lowest level since fiscal Q4 2020, while billings growth was at the lowest level in more than four years and marks a second quarter with growth below +20%.

Palo Alto Revenue, Billings  YoY Growth

Source: I/O FUND

For the full year, Palo Alto lowered its billing forecast to $10.7 to $10.8 billion, from a prior view of $10.9 to $11.0 billion. This correlates to YoY growth of +16% to +17%, roughly in line with the recent quarter’s +16% growth rate. Palo Alto cited volatility in contract duration, increased financing demand, and increased demand for deferred billings plans for the lowered forecast. CFO Dipak Golechha said that the company “saw the rising cost of money have an important and incremental impact on customer behavior in [fiscal] Q1.” Similar to Fortinet, Palo Alto saw minimal growth in product revenue, at just +3% YoY, with the majority of revenue growth driven by service revenue, +25% YoY.

Aside from that, Palo Alto had multiple underlying strengths in the report, especially with its next-gen offerings. Next-Gen Security ARR increased +53% YoY to $3.23 billion, and SASE ARR increased +60% YoY. Palo Alto saw very strong growth in multi-module customers, with +155% YoY growth in those adopting 5+ modules, and +59% YoY growth in those adopting 3+. XSIAM’s pipeline exceeded $1 billion, with more than $500 million of that pipeline added in Q1.

Zscaler: Billings Guide Unchanged, Revenue Growth May Slow

Zscaler maintained its billing guide for the full year, although revenue and EPS both came in ahead of expectations in its fiscal Q1. Large customer growth continued to slow, while fiscal Q2’s guide hinted at a possible deceleration in revenue growth.

Zscaler reported $497 million in revenue, +40% YoY, which handily beat expectations and the company’s guidance for +33% YoY growth to $473 million in revenue. While it did post +131% YoY growth in adjusted EPS to $0.67 and a surge in free cash flow, Zscaler remains unprofitable on a GAAP basis.

GAAP operating loss improved 33% YoY to ($46 million), while GAAP operating margin improved 10 percentage points to (9%). At its scale of more than $2 billion in annual revenue, it’s likely the market will want Zscaler to soon shift to operating profitability, which could be tough at the moment given that sales, marketing and R&D accounted for ~98.8% of gross profit in Q1. SBC also remained high at $129.1 million, or ~26% of revenue.

Billings growth remained strong, at +34% YoY to $456.6 million. However, Zscaler did not raise its full-year billings outlook as it tends to do, even if only by a few million; its outlook remained unchanged at +24% to +26% YoY growth, or $2.52 to $2.56 billion. That outlook suggests that billings growth will decelerate through the remainder of the fiscal year.

Fiscal Q2’s revenue guide also hinted at some early signs of revenue deceleration, with the $506 million guide pointing to YoY growth of approximately +30.5%. Fiscal 2024’s guide calls for +29.5% YoY growth at midpoint to $2.095 billion, again indicating that revenue growth in fiscal Q3 and Q4 is likely to slow to the mid to high-20% range.

ARR Chart

Source: I/O FUND

Growth in large customers of over $1M in ARR has slowed significantly by 21 points over the past year, from 55% growth down to 34%. Growth in $100K+ ARR customers has also slowed from 37% to 22%.

Every Thursday at 4:30 pm Eastern, the I/O Fund team holds a webinar for premium members to discuss how to navigate the broad market, as well as various stock entries and exits. We offer trade alerts plus an automated hedging signal. The I/O Fund team is one of the only audited portfolios available to individual investors. Learn more here.Learn more hereLearn more here.

CrowdStrike: Net New ARR Rises to Record, But Billings Decelerate

CrowdStrike beat on the top and bottom lines and guided fiscal Q4 marginally above consensus. The report in itself was fairly strong, as net new ARR rose to a record and CrowdStrike recorded its first-ever quarter with positive operating income. However, ARR growth and billings growth both decelerated, similar to peers who are also seeing decelerating billings. Management added that “buyers are still cautious” as the “macroenvironment remains challenging with continued increased budget scrutiny.”

Crowdstrike Net New ARR

Source: I/O FUND

Net new ARR rebounded to a record $223.1 million, +12.6% YoY, a strong recovery from Q1 and setting the stage for another possible record to close out FY24. With this rebound in net new ARR, CrowdStrike’s ARR topped $3 billion for the first time, reaching $3.15 billion in fiscal Q3. CrowdStrike emphasized that it is the “fastest and only pure play cybersecurity software vendor in history” to surpass the $3 billion ARR milestone.

However, ARR growth is still decelerating, as is billings growth. ARR growth in fiscal Q3 was +34.6% YoY, a slight deceleration from Q2’s +36.9% YoY growth rate and a sharper deceleration from the +55% YoY growth rate from fiscal Q3 last year. What’s important is that CrowdStrike soon shows ARR bottoming and stabilizing, instead of decelerating further into the +20% range or even the high teens.

Crowdstrike ARR, YoY Growth

Source: I/O FUND

Billings also decelerated, matching what we’ve seen so far with CrowdStrike’s peers. Billings were calculated to have fallen (-2%) QoQ and +9% YoY to $821.5M for Q3, a significant slowdown from the +13% QoQ and +22% YoY growth rate recorded in the prior quarter. You can read more about billings and ARR in our CrowdStrike’s Q3 earnings recaphere.

Crowdstrike billings growth/decline

Source: I/O FUND

Pictured Above: I/O Fund calculations for CrowdStrike’s billings growth/decline

CrowdStrike also recorded its first quarter to generate operating income, albeit at a razor-thin 0.4% operating margin. However, this shift to a positive margin benefited the bottom-line, allowing net margin to expand ~225 bp QoQ to ~3.4%. This marked CrowdStrike’s third straight quarter of GAAP profitability, with sequential growth in each of the three quarters. We had previously mentioned that while CrowdStrike had begun to post GAAP profitability, it was preferable that the company be GAAP profitable from operations rather than interest income – now, the next task is for CrowdStrike to show further growth in operating income.

Conclusion

Aside from Fortinet, the remaining cybersecurity stocks covered here have all rallied to new highs following earnings, despite each report having some weaknesses. Cybersecurity stocks are investor favorites due to an ever-growing need for cybersecurity solutions among enterprises and high cash flow generation metrics – all of the four reported free cash flow margins higher than 30%. Billings growth remains an important metric to track, given the decelerations seen this quarter and hints at more deceleration ahead. Yet, these key metrics are providing clues as to which companies will be strongest moving into 2024.

Damien Robbins, Equity Analyst at the I/O Fund, contributed to this article.

Recommended Reading:

  • Apple’s Services Growth Flywheel Continues To Strengthen
  • Nvidia’s Fiscal Q3 Earnings Preview: The Pressure Is On
  • Tesla Sells 33% Of Vehicles Below Average Cost, BYD Pulls Ahead
  • Solar Stocks Still Searching For A Bottom
Posted in Cloud Software, Cybersecurity, CybersecurityLeave a Comment on The Strongest Cybersecurity Stocks In Q3

The Next Market AI Will Disrupt Is Cybersecurity

Posted on October 4, 2023June 30, 2026 by io-fund
The Next Market AI Will Disrupt Is Cybersecurity

This article was originally published on Forbes on Forbes Forbes on Sep 29, 2023,12:05am EDT

Cybersecurity is one of the highest costs that enterprises face at 12% of IT budgets on average, and this cost is rapidly rising. While a company can lay off staff or reduce marketing and R&D expenses during a period of lower growth, enterprises cannot compromise on cybersecurity. The rise in the number of attacks and the increased sophistication of attacks means this expense will continue to grow, yet AI and automation can help.

According to Cybercrime Magazine, if cybercrime were a country, it would be the world’s third-largest economy, second to the United States and China. The costs that enterprises dedicate to cybersecurity are expected to increase from $8 trillion to $10.5 trillion by 2025. Statista agrees with Cybercrime Magazine’s estimates, stating the cost of cybercrime will reach $10.3 trillion by 2025 and $13.8 trillion by 2028.

At the I/O Fund, we are positioning for AI and automation to play an important role in this critical, no-compromise industry. There are 560,000 new pieces of malware detected every day, and software systems cannot keep up with this. AI is already assisting human teams in identifying which threats require more analysis, and in the near-term, this will meaningfully lower cybersecurity costs. There is also a shortage of cybersecurity talent, with a 2022 survey stating 59% of companies have a shortage in this department and may not be able to effectively handle a cybersecurity attack.

Below, we look at how AI is set to disrupt cybersecurity next and what is being said on the topic.

Sign up for I/O Fund's free newsletter with gains of up to 221% – Click hereClick hereClick here

How AI Can Improve Incident Response and Threat Detection

Combining cybersecurity with AI has a natural affinity as cyberattacks are computer generated, and in turn, computers are uniquely capable of finding computer-generated threats. Automation reduces the number of false positives. Instead of getting every piece of telemetry that requires the security team to investigate, AI-assisted endpoint detection and response solutions eliminates the noise so that the security team is only responding to those that have the potential to be critical.

Fundamentally, cybersecurity is a data problem. Cybersecurity platforms ingest, correlate, and query petabytes of structured and unstructured data from disparate external and internal sources in real-time. Cybersecurity platforms then build rich context and deliver greater visibility by constructing a dynamic representation of data across an organization.As a result, AI-driven cybersecurity platforms are often highly accurate in triggering a response.

The number of endpoints in a corporate network are exponentially growing with 27 billion endpoints expected to be connected by 2025. There have been staggering studies done that show 68% of enterprises have experienced a compromised endpoint. Compromised credentials across desktops, laptops, and mobile devices are often the hardest points of access to secure. Algorithms can detect new malware on endpoints based on the attributes of known malware. Unauthorized access, data breaches and cyber threats from endpoints will also help to drive demand for edge-based, decentralized AI cybersecurity solutions.

The network security market is a large contributor to cybersecurity spend. Machine learning algorithms help systems to learn by experience, which helps to identify malware in encrypted traffic and find insider threats. Machine learning algorithms do not need to decrypt, rather can spot the malicious patterns and find threats hidden with encryption.

Cloud security is the fastest growing segment within cybersecurity. AI/ML can help to identify suspicious cloud app logins, detect location-based anomalies, and quickly identify threats through IP reputation analysis. Threat prevention is possible through ingesting cloud telemetry with AI systems, foregoing the need for expert rule engineering. Attack path simulation is also made possible with AI, to help simulate the path an attacker would take to reduce coverage gaps. Egress web traffic can be monitored without the need to configure virtual machines by focusing on limiting egress based on source, identity, destination and request types. Machine learning models can also detect new API threats based on large training data sets. These are a few examples of how AI/ML is improving cloud security.

Chat-GPT heightens security risks as generative AI is capable of writing malicious code or acting as a sidekick to the human hacker writing malicious code. To level the playing field, the best defense will also be self-learning, generative AI tools. The downloads for Chat-GPT have plateaued considerably among consumers. Meanwhile, the use of Chat-GPT among hackers is rising on an exponential curve. This helps illustrate why the adoption curve for AI may be healthier among enterprises (rather than consumers) in the medium-term.

According to Mackenzie Jackson, a developer advocate with GitGuardian, Chat-GPT is likely to give rise to a greater number of hackers. This new generation is called “AI Hackers” because previously they could not hack on their own, but are now able to hack with generative AI as their sidekick.

Generative AI used for nefarious purposes

Source: RAPID7: BAIN & COMPANY

Every Thursday at 4:30 pm Eastern, the I/O Fund team holds a webinar for premium members to discuss how to navigate the broad market, as well as various stock entries and exits. We offer trade alerts plus an automated hedging signal. The I/O Fund team is one of the only audited portfolios available to individual investors. Learn more here.Learn more hereLearn more here.

What the C-Suite is Saying About AI & Cybersecurity

McKinsey released a recent report where 53 percent of organizations believe generative-AI is driving new risks in cybersecurity. Not only can AI help enterprises expedite threat detection, but hackers can also expedite the end-to-end attack life cycle. In another survey, 38 percent of enterprises stated they are mitigating AI-related cybersecurity risks compared to 32 percent who are mitigating inaccuracies, indicating cybersecurity is the top risk that is AI-related at this time.

According to Forbes, 56% of enterprises ranked governance, security and auditability issues as their highest-priority concern with AI/ML spend. This survey was completed in 2021, and it’s likely this number is higher today.

What Public Company CEOs are Saying

Microsoft has one of the largest cybersecurity businesses in the world at $20 billion. This is larger than six best-of-breed companies combined. The company has been working for years on new automation features called CoPilot, which was released to the public this month. Although it’s being marketed for Windows, Office 365 and the browsers Bing and Edge, yet will also become an AI companion for it’s cybersecurity business. Per the CEO in the most recent earnings call: “our Security Copilot, the first product to apply this next generation of AI to SecOps will be available to customers via paid early access program this fall.”

Beth Kindig Twitter Post

Source: BETH KINDIG'S TWITTER

Palo Alto Networks is a company that has outsized returns this year of up to 78% following the most recent earnings call. It’s currently trading at 66% gains YTD. The CEO stated in the most recent earnings call: “I think what's important to understand is that over the last five years, cybersecurity TAM has continued to rise. It has grown at approximately 14%, and it has grown twice the pace at which the IT market has grown […] and possibly now with the sort of arrival of AI as a mainstream opportunity, every one of us is trying to make sure we grab that with both hands. So, we will continue to see the pace of technology spend go sort of up or forward.”

Palo Alto Price Change

Source: YCHARTS

Cloudflare is a stock that is up 35% YTD and is edging out the Nasdaq-100 this year, which is no small feat given the rally Big Tech has seen. The CEO recently stated that his company is seeing an uptick in business on their R2 product: “And by our estimates, Cloudflare is the most commonly used cloud provider across the leading AI startups. They're using R2 to help arbitrage the lowest GPU cost to train their models.”

Conclusion:

Using AI to identify threats and for pattern recognition and anomaly detection is not new by any means. Rather what is rapidly coming to market are platforms enabled with generative AI and automation that is self-learning, so that a threat is detected before it occurs rather than after the cyberattack. Rather than threat detection, the ultimate goal is threat prevention.

AI will not entirely replace security professionals anytime soon, but it can contribute to efficiency by automating threat detection, analyzing data sets, and by continuously learning to identify anomalies and new attacks before they occur. By offering agentless solutions, theoretically, fewer human agents will be needed. For new technologies, the adoption curve can be challenging (go ask virtual reality enthusiasts how that’s going). But for industries where AI can offer a value proposition that can predictably lower costs at a reasonable price, a market will form. We think one of the next markets to be disrupted by AI will be cybersecurity.

If you own cybersecurity stocks, or are looking to own cybersecurity stocks, we encourage you to attend our weekly premium webinars, held every Thursday at 5:00 pm EST. Next week, we will discuss a cybersecurity stock we recently entered and one that we are eyeing closely – what our targets are, where we plan to buy, as well as where we plan to take gains.

I/O Fund Equity analyst, Royston Roche, contributed to this analysis.

Recommended Reading:

  • Cloudflare Stock Misses On Cash Flow In Q1
  • Microsoft – AI Will Help Drive $100 Billion In Revenue By 2027
  • CrowdStrike Stock: Cloud Darling Reports Weak Sequential Key Metrics
  • Cybersecurity Continues To Lead Cloud Stocks
Posted in Cloud Software, Cybersecurity, CybersecurityLeave a Comment on The Next Market AI Will Disrupt Is Cybersecurity

Cybersecurity Stock Faceoff: CrowdStrike Vs. Zscaler Vs. Cloudflare

Posted on October 3, 2022June 30, 2026 by io-fund

In the analysis below, I/O Fund analyst Royston Roche puts three strong cybersecurity stocks up against one another on fundamentals. He assigns 3 points for first place and 2 points for second place and 1 point for third place across each of the fundamental criteria. This helps draw a conclusion on which of the three cybersecurity stocks are strongest based on their financials. We chose these three stocks as they are often neck-and-neck on gains and investor sentiment. Read below to find out which of these contenders will win the face off!

The Cybersecurity sector has been less immune to macro environment challenges like supply chain issues, geopolitical tensions, covid restrictions, and trade wars. The Chief Information Security Officer (CISO) surveys also suggested that enterprise spending will increase in 2022 from the previous year. 

The role of Chief Information Security Officers has greatly increased in the last few years, and the recentrecent CISO survey done by Heidrick & Struggles suggests that the security teams have been increasing in size. Another finding from the survey is that CISOs have significant visibility with the board of directors, which shows the growing importance of the cybersecurity sector. Since security breaches can prove costly, corporations and governments will continue to invest in this sector.

We have also recently coveredrecently covered in our free newsletter that the cybersecurity sector continues to lead cloud stocks. This cohort of stocks continue to beat the analyst estimates which is another reason for investors to continue to closely monitor this sector. In this analysis, we compare three cybersecurity companies that all have promising products and provide cybersecurity solutions to modern cloud environments.

Below is a quick recap of the three companies that we have covered in length in our previous articles.

Zscaler’sZscaler’s product has done exceptionally well considering the crowded cybersecurity market. This is due to its best-of-breed, singular focus on security edge and zero trust. Primarily, Zero Trust architecture began to replace VPNs in a meaningful way in 2020 and this has sustained due to the Zero Trust model offering deeper and more scalable protection by eliminating implicit trust. 

Zero Trust Security is built on the premise that no one should be trusted within or outside the network. In the traditional security systems, it is difficult to obtain access from outside the network while those located inside the network were trusted. With Zero Trust, these trust assumptions are removed with tools such as multi-factor authentication, giving access for a limited time, and to also verify, authorize and to have a continuous check on all the data points that are given access.

Next up, CrowdStrikeCrowdStrike was founded with the goal of reinventing security for the cloud era.  CrowdStrike’s Falcon platform delivers comprehensive breach protection against today’s most sophisticated attacks on the endpoint. Due to the sheer number of endpoints in a corporate network, this is where the majority of attacks are made. Compromised credentials across desktops, laptops, and mobile devices are often the hardest points of access to secure.

CrowdStrike’s AI based security model is focused on collecting large amounts of data, centrally storing it in a single model, and continuously training its algorithms with vast amounts of data.  The more data that the Falcon Platform collects, the more intelligent the platform becomes in detecting and stopping breaches.

Our third contender is Cloudflare. What’s remarkable about CloudflareCloudflare is how the company has leveraged its content delivery network footprint to simultaneously be a leader in application and website security. The company further innovated with Zero Trust security, combined with SASE network connectivity, and more recently leveraged the elimination of egress fees for object storage. The latter is the most exciting as Cloudflare has already proven its ability in attracting developers and driving down costs and will now take on AWS head-to-head.

Analyst revenue estimates for the next four quarters

Revenue Estimates for Next Four Quarters

Source: Seeking Alpha 

Note: Zscaler has a fiscal year ending in July, CrowdStrike in January, and Cloudflare in December. We have adjusted the information above to reflect the calendar year quarters.

In the above chart, the three companies are ranked based on the revenue estimates for the next four quarters. CrowdStrike is expected to grow the fastest among the three companies in the next four quarters when we average each quarter's growth.

The analysts expect Zscaler’s revenue to grow 48% YoY to $340.7 million in the Q3 CY2022. The company’s revenue grew 61% YoY to $318.1 million in Q2 CY2022 (beat estimates by 4.1%). They expect CrowdStrike's revenue to increase 51% YoY to $575.05 million in Q3 CY2022. CrowdStrike grew its revenue 58% YoY to $535.2 million in Q2 CY2022 (beat estimates by 3.6%). 

The analysts expect Cloudflare’s revenue to grow 45% YoY to $250.64 million in Q3 CY2022. The company’s revenue grew by 54% YoY to $234.5 million in Q2 CY2022 (beat estimates by 3.1%). However, all three companies show a deceleration in growth compared to the most recent quarter.

Analyst adjusted EPS estimates for the next four quarters

Analyst Adjusted EPS Estimates for Next Four Quarters

Source: Seeking Alpha 

In the above chart, the three companies are ranked based on the adjusted EPS estimates for the next four quarters. Zscaler ranks first with the highest average growth. However, Cloudflare’s data was not available for all quarters. In this case, I am assigning 3 points to both Zscaler and Cloudflare, because Cloudflare’s EPS is now turning positive. It’s an important milestone when a company turns profitable and the analysis should not overlook this. Below, we look closer at the significant change for Cloudflare in the analyst adjusted EPS estimates beat history chart. 

The analysts expect Zscaler’s adjusted EPS to be $0.26 in Q3 CY2022. The company had reported an adjusted EPS of $0.25 (beat estimates by $0.04) in Q2 CY2022 compared to $0.14 for the same period last year. CrowdStrike is expected to report $0.32 in Q3 CY2022. The company had reported adjusted EPS of $0.36 (beat estimates by $0.09) in Q2 CY2022 compared to $0.11 in the same period last year. 

Cloudflare is expected to report break-even adjusted EPS in the Q3 CY2022. The company had also reported break-even adjusted EPS (beat estimates by $0.01) in Q2 CY2022 compared to a net loss per share of $0.02 in Q2 CY2021.

Analyst revenue estimates for the next three years

Analyst Revenue Estimates for Next Three Years

Source: YCharts and Seeking Alpha 

The above chart compares the three companies based on the revenue estimates for the next three years. CrowdStrike ranks at the top with the highest compound annual growth rate of 41% in the next three years.

Zscaler’s revenue grew by 62% YoY to $1.09 billion in the FY ending July 2022. Consensus for fiscal year 2023 ending in July is for revenue growth of 38% YoY to $1.50 billion. CrowdStrike’s revenue grew by 66% YoY to $1.45 billion in the FY ending January 2022. Consensus for fiscal year ending in 2023 is for revenue growth of 54% YoY to $2.23 billion. Cloudflare’s revenue grew by 52% YoY to $656.43 million in the FY ending December 2021. Analysts expect Cloudflare’s revenue to grow 48% YoY to $970.73 million in the FY ending December 2022.

Analyst adjusted EPS estimates for the next three years

Analyst Adjusted Estimates for Next Three Years

Source: YCharts and Seeking Alpha 

The above chart compares the three companies based on the adjusted EPS estimates for the next three years. CrowdStrike ranks at the top with the highest CAGR of EPS. Also, I would assign 3 points to Cloudflare as the CAGR calculation is not possible since the company previously had negative EPS. However, reaching profitability is a significant milestone for a cloud company. 

Analyst revenue estimates beat history

The next benchmark is ranking the three companies based on the number of times the company beat estimates. 

Zscaler beat revenue estimates in the last 16 quarters.

Zscaler Beat Revenue Estimates

Source: Seeking Alpha

CrowdStrike beat revenue estimates in the last 14 quarters. 

Crowdstrike Beat Revenue Estimates

Source: Seeking Alpha

Cloudflare beat revenue estimates in the last 12 quarters.

Cloudflare Beat Revenue Estimates

Source: Seeking Alpha

All three companies beat revenue estimates on all occasions and have ranked the same with three points. 

Analyst adjusted EPS estimates beat history

The next benchmark is ranking the three companies based on adjusted EPS estimates beat. 

Zscaler beat the adjusted EPS estimates in the last 16 quarters. 

Zscaler Adjusted EPS Estimate Beat

Source: Seeking Alpha

CrowdStrike beat adjusted EPS estimates in the last 14 quarters. 

Crowdstrike Adjusted EPS Estimate Beat

Source: Seeking Alpha

Cloudflare beat adjusted EPS estimates in the 10 out of the last 12 quarters and was in-line once.

Cloudflare Adjusted EPS Estimate Beat

Source: Seeking Alpha

In the above benchmark, Zscaler and CrowdStrike get 3 points and Cloudflare gets 1 point.

Price to Sales Ratio

Zscaler, Crowdstrike and Cloudflare Price to Sales Ratio

Source: YCharts

The next benchmark is ranking the three stocks based on the P/S ratio. CrowdStrike ranks the top with the lowest P/S ratio of 20.08, followed by Zscaler at 20.74, and Cloudflare at 21.63. 

CrowdStrike has also the lowest NTM P/S ratio of 14.66 followed Zscaler and Cloudflare which both have 15.79. 

Free Cash Flow Margin

Free Cash Flow Margin

Source: YCharts

The next benchmark is ranking the three companies based on the recent quarter’s free cash flow margin. CrowdStrike ranks at the top with a free cash flow margin of 25%, followed by 24% for Zscaler, and -2% for Cloudflare. Also, CrowdStrike’s free cash flow has been consistently positive, as seen in the chart above.

Operating Margin

Operating Margin

Source: YCharts

The last benchmark is ranking based on the recent quarter’s operating margin. CrowdStrike ranks at the top with an operating margin of -9%, followed by Zscaler’s -26%, and Cloudflare’s -28%.

Conclusion

Boxing Match Winner

In our cybersecurity face off, CrowdStrike is the winner with 28 points. The company has better forward revenue growth, free cash flow margin, operating margin, and the management has consistently shown its ability to beat estimates.  

Second place is Zscaler, which had a strong earnings report. The company’s revenue beat of 4.1% was higher than CrowdStrike’s 3.6% beat and Cloudflare’s 3.1%. Zscaler’s revenue guidancerevenue guidance for the next quarter is $340 million at the mid-point of the guidance, representing a YoY growth of 47.5%. It was significantly higher than the consensus estimates of $326.16 million, a 6% guidance beat for the next quarter.

Third place was Cloudflare, primarily due to the company’s negative free cash flow while peers are much stronger here. Secondly, Cloudflare has reached profitability on a non-GAAP basis in Q3 2021 which is an important milestone for a cloud company yet the margin is thin and the company could slip to unprofitable off any given earnings report. However, tech is led by product and Cloudflare has made some exciting, strategic moves lately, which we've outlined in past analysis. This is a comprehensive fundamental overview, yet truly anything can happen, and each earnings season things change. So, stay tuned as we monitor these three for progress moving forward.

Posted in Cybersecurity, CybersecurityLeave a Comment on Cybersecurity Stock Faceoff: CrowdStrike Vs. Zscaler Vs. Cloudflare

Cybersecurity Stock Faceoff: CrowdStrike Vs. Zscaler Vs. Cloudflare

Posted on October 3, 2022June 30, 2026 by io-fund

In the analysis below, I/O Fund analyst Royston Roche puts three strong cybersecurity stocks up against one another on fundamentals. He assigns 3 points for first place and 2 points for second place and 1 point for third place across each of the fundamental criteria. This helps draw a conclusion on which of the three cybersecurity stocks are strongest based on their financials. We chose these three stocks as they are often neck-and-neck on gains and investor sentiment. Read below to find out which of these contenders will win the face off!

The Cybersecurity sector has been less immune to macro environment challenges like supply chain issues, geopolitical tensions, covid restrictions, and trade wars. The Chief Information Security Officer (CISO) surveys also suggested that enterprise spending will increase in 2022 from the previous year. 

The role of Chief Information Security Officers has greatly increased in the last few years, and the recent CISO survey done by Heidrick & Struggles suggests that the security teams have been increasing in size. Another finding from the survey is that CISOs have significant visibility with the board of directors, which shows the growing importance of the cybersecurity sector. Since security breaches can prove costly, corporations and governments will continue to invest in this sector.

We have also recently covered in our free newsletter that the cybersecurity sector continues to lead cloud stocks. This cohort of stocks continue to beat the analyst estimates which is another reason for investors to continue to closely monitor this sector. In this analysis, we compare three cybersecurity companies that all have promising products and provide cybersecurity solutions to modern cloud environments.

Below is a quick recap of the three companies that we have covered in length in our previous articles.

Zscaler’s product has done exceptionally well considering the crowded cybersecurity market. This is due to its best-of-breed, singular focus on security edge and zero trust. Primarily, Zero Trust architecture began to replace VPNs in a meaningful way in 2020 and this has sustained due to the Zero Trust model offering deeper and more scalable protection by eliminating implicit trust. 

Zero Trust Security is built on the premise that no one should be trusted within or outside the network. In the traditional security systems, it is difficult to obtain access from outside the network while those located inside the network were trusted. With Zero Trust, these trust assumptions are removed with tools such as multi-factor authentication, giving access for a limited time, and to also verify, authorize and to have a continuous check on all the data points that are given access.

Next up, CrowdStrike was founded with the goal of reinventing security for the cloud era.  CrowdStrike’s Falcon platform delivers comprehensive breach protection against today’s most sophisticated attacks on the endpoint. Due to the sheer number of endpoints in a corporate network, this is where the majority of attacks are made. Compromised credentials across desktops, laptops, and mobile devices are often the hardest points of access to secure.

CrowdStrike’s AI based security model is focused on collecting large amounts of data, centrally storing it in a single model, and continuously training its algorithms with vast amounts of data.  The more data that the Falcon Platform collects, the more intelligent the platform becomes in detecting and stopping breaches.

Our third contender is Cloudflare. What’s remarkable about Cloudflare is how the company has leveraged its content delivery network footprint to simultaneously be a leader in application and website security. The company further innovated with Zero Trust security, combined with SASE network connectivity, and more recently leveraged the elimination of egress fees for object storage. The latter is the most exciting as Cloudflare has already proven its ability in attracting developers and driving down costs and will now take on AWS head-to-head.

Analyst revenue estimates for the next four quarters

Source: Seeking Alpha 

Note: Zscaler has a fiscal year ending in July, CrowdStrike in January, and Cloudflare in December. We have adjusted the information above to reflect the calendar year quarters.

In the above chart, the three companies are ranked based on the revenue estimates for the next four quarters. CrowdStrike is expected to grow the fastest among the three companies in the next four quarters when we average each quarter's growth.

The analysts expect Zscaler’s revenue to grow 48% YoY to $340.7 million in the Q3 CY2022. The company’s revenue grew 61% YoY to $318.1 million in Q2 CY2022 (beat estimates by 4.1%). They expect CrowdStrike's revenue to increase 51% YoY to $575.05 million in Q3 CY2022. CrowdStrike grew its revenue 58% YoY to $535.2 million in Q2 CY2022 (beat estimates by 3.6%). 

The analysts expect Cloudflare’s revenue to grow 45% YoY to $250.64 million in Q3 CY2022. The company’s revenue grew by 54% YoY to $234.5 million in Q2 CY2022 (beat estimates by 3.1%). However, all three companies show a deceleration in growth compared to the most recent quarter.

Analyst adjusted EPS estimates for the next four quarters

Source: Seeking Alpha 

In the above chart, the three companies are ranked based on the adjusted EPS estimates for the next four quarters. Zscaler ranks first with the highest average growth. However, Cloudflare’s data was not available for all quarters. In this case, I am assigning 3 points to both Zscaler and Cloudflare, because Cloudflare’s EPS is now turning positive. It’s an important milestone when a company turns profitable and the analysis should not overlook this. Below, we look closer at the significant change for Cloudflare in the analyst adjusted EPS estimates beat history chart. 

The analysts expect Zscaler’s adjusted EPS to be $0.26 in Q3 CY2022. The company had reported an adjusted EPS of $0.25 (beat estimates by $0.04) in Q2 CY2022 compared to $0.14 for the same period last year. CrowdStrike is expected to report $0.32 in Q3 CY2022. The company had reported adjusted EPS of $0.36 (beat estimates by $0.09) in Q2 CY2022 compared to $0.11 in the same period last year. 

Cloudflare is expected to report break-even adjusted EPS in the Q3 CY2022. The company had also reported break-even adjusted EPS (beat estimates by $0.01) in Q2 CY2022 compared to a net loss per share of $0.02 in Q2 CY2021.

Analyst revenue estimates for the next three years

Source: YCharts and Seeking Alpha 

The above chart compares the three companies based on the revenue estimates for the next three years. CrowdStrike ranks at the top with the highest compound annual growth rate of 41% in the next three years.

Zscaler’s revenue grew by 62% YoY to $1.09 billion in the FY ending July 2022. Consensus for fiscal year 2023 ending in July is for revenue growth of 38% YoY to $1.50 billion. CrowdStrike’s revenue grew by 66% YoY to $1.45 billion in the FY ending January 2022. Consensus for fiscal year ending in 2023 is for revenue growth of 54% YoY to $2.23 billion. Cloudflare’s revenue grew by 52% YoY to $656.43 million in the FY ending December 2021. Analysts expect Cloudflare’s revenue to grow 48% YoY to $970.73 million in the FY ending December 2022.

Analyst adjusted EPS estimates for the next three years

Source: YCharts and Seeking Alpha 

The above chart compares the three companies based on the adjusted EPS estimates for the next three years. CrowdStrike ranks at the top with the highest CAGR of EPS. Also, I would assign 3 points to Cloudflare as the CAGR calculation is not possible since the company previously had negative EPS. However, reaching profitability is a significant milestone for a cloud company. 

Analyst revenue estimates beat history

The next benchmark is ranking the three companies based on the number of times the company beat estimates. 

Zscaler beat revenue estimates in the last 16 quarters.

Source: Seeking Alpha

CrowdStrike beat revenue estimates in the last 14 quarters. 

Source: Seeking Alpha

Cloudflare beat revenue estimates in the last 12 quarters.

Source: Seeking Alpha

All three companies beat revenue estimates on all occasions and have ranked the same with three points. 

Analyst adjusted EPS estimates beat history

The next benchmark is ranking the three companies based on adjusted EPS estimates beat. 

Zscaler beat the adjusted EPS estimates in the last 16 quarters. 

Source: Seeking Alpha

CrowdStrike beat adjusted EPS estimates in the last 14 quarters. 

Source: Seeking Alpha

Cloudflare beat adjusted EPS estimates in the 10 out of the last 12 quarters and was in-line once.

Source: Seeking Alpha

In the above benchmark, Zscaler and CrowdStrike get 3 points and Cloudflare gets 1 point.

Price to Sales Ratio

Source: YCharts

The next benchmark is ranking the three stocks based on the P/S ratio. CrowdStrike ranks the top with the lowest P/S ratio of 20.08, followed by Zscaler at 20.74, and Cloudflare at 21.63. 

CrowdStrike has also the lowest NTM P/S ratio of 14.66 followed Zscaler and Cloudflare which both have 15.79. 

Free Cash Flow Margin

Source: YCharts

The next benchmark is ranking the three companies based on the recent quarter’s free cash flow margin. CrowdStrike ranks at the top with a free cash flow margin of 25%, followed by 24% for Zscaler, and -2% for Cloudflare. Also, CrowdStrike’s free cash flow has been consistently positive, as seen in the chart above.

Operating Margin

Source: YCharts

The last benchmark is ranking based on the recent quarter’s operating margin. CrowdStrike ranks at the top with an operating margin of -9%, followed by Zscaler’s -26%, and Cloudflare’s -28%.

Conclusion

In our cybersecurity face off, CrowdStrike is the winner with 28 points. The company has better forward revenue growth, free cash flow margin, operating margin, and the management has consistently shown its ability to beat estimates.  

Second place is Zscaler, which had a strong earnings report. The company’s revenue beat of 4.1% was higher than CrowdStrike’s 3.6% beat and Cloudflare’s 3.1%. Zscaler’s revenue guidance for the next quarter is $340 million at the mid-point of the guidance, representing a YoY growth of 47.5%. It was significantly higher than the consensus estimates of $326.16 million, a 6% guidance beat for the next quarter.

Third place was Cloudflare, primarily due to the company’s negative free cash flow while peers are much stronger here. Secondly, Cloudflare has reached profitability on a non-GAAP basis in Q3 2021 which is an important milestone for a cloud company yet the margin is thin and the company could slip to unprofitable off any given earnings report. However, tech is led by product and Cloudflare has made some exciting, strategic moves lately, which we've outlined in past analysis. This is a comprehensive fundamental overview, yet truly anything can happen, and each earnings season things change. So, stay tuned as we monitor these three for progress moving forward.

Posted in Cybersecurity, CybersecurityLeave a Comment on Cybersecurity Stock Faceoff: CrowdStrike Vs. Zscaler Vs. Cloudflare

Crowdstrike: Cybersecurity is Tech’s Leading Sector

Posted on July 6, 2022June 30, 2026 by io-fund

Note: Beth Kindig contributed to this article

We pointed out recently that the market has indiscriminately penalized tech stocks across the board and cybersecurity stocks are simply caught in the cross fire. Q1 earnings proved that cybersecurity stocks are insulated from supply chain issues and remain a number one priority across corporate budgets. Specifically, cybersecurity-related companies reported top line and bottom-line beats plus a handful raised guidance while consumer-related tech and less cash efficient cloud verticals lowered or missed guidance this past quarter.

We also covered the high probability that cybersecurity would show strength prior to earnings in our quarterly webinar. You can reference this discussion in our Q2 webinar at minute 30:09.

If you look closely, the market has been efficient recently across the cloud sector as the top valuations in the category are those with healthy top lines balanced with a positive free cash flow margin.

Source: YCharts

CrowdStrike recently released strong results as revenue grew 61% year-over-year to $487.8 million and beat the Wall Street revenue estimates by 5%. The company has also been delivering strong free cash flow, and in the most recent quarter, the company reported a free cash flow margin of 32%. The company’s modern cybersecurity products and good fundamentals has prompted us to revisit the stock. Notably, we've owned Crowdstrike twice in the past and the stock has treated us well.

Security Software Market

According to the C-Suite surveys, cybersecurity remains a top priority in corporate spending. Enterprise spending is expected to increase in 2022 from the previous year, according to Chief Information Security Officer (CISO) surveys. Considering the level of cloud spending in both 2020 and 2021, an increase in already high budgets is impressive. The CISO survey states that 44% expected budgets to increase in 2022 compared to 41% in 2021, and only 2% expected a decrease compared to 6% the previous year.

According to the Morgan Stanley CIO surveys, security software is the least likely to be cut if the economy worsens in 2022. To some degree, this could make cybersecurity a safe haven for investors over the next few years.

Similarly, Security Software ranked the second highest priority among CIOs when asked which external IT spending will see the most significant increase in spending in 2022.

According to Gartner’s CIO survey concluded in 2021, cyber and information security is the top priority of planned investments by companies for 2022. Monika Sinha, VP at Gartner, said, “There is a continued need to invest in cybersecurity as the environment becomes more challenging. A high level of composability would help an enterprise recover faster and potentially even minimize the effects of a cybersecurity incident.”

CrowdStrike Product Overview:

CrowdStrike was founded with the goal of reinventing security for the cloud era.  CrowdStrike’s Falcon platform delivers comprehensive breach protection against today’s most sophisticated attacks on the endpoint. Due to the sheer number of endpoints in a corporate network, this is where the majority of attacks are made. Compromised credentials across desktops, laptops, and mobile devices are often the hardest points of access to secure.

Ponemon Institute conducted a survey in 2019 where IT security professionals reported that 68% of IT professionals had experienced one or more endpoint attacks, up from 54%. The survey is a bit outdated yet illustrates how hackers use endpoints specifically to gain access to data assets and IT infrastructure. At the time, the average endpoint breach costs $9 million.

CrowdStrike’s AI based security model is focused on collecting large amounts of data, centrally storing it in a single model, and continuously training its algorithms with vast amounts of data.  The more data that the Falcon Platform collects, the more intelligent the platform becomes in detecting and stopping breaches. 

The company’s cloud-native Falcon platform was built to provide automated protection to stop sophisticated cyber-attacks. It is capable of protecting workloads across servers, laptops, virtual machines, mobile, cloud, and the Internet of Things (IoT). With hybrid deployments, and the internet of things, the risk of cyber-attacks has increased, and the need to protect digital assets has increased.

The Falcon platform has 22 modules offered via a subscription-based model under various categories like cloud security, endpoint security, Crowd XDR, Security & IT Operations, Managed Services, Threat Intelligence, Identity Protection, and Log Management. These modules can be easily deployed on the customer’s endpoints and workloads and can be easily scaled depending on the needs of each customer.

One of the most popular upgrades is Falcon Complete, Crowdstrike’s fully managed detection and response solution that offers Fusion no-code security automation to proactively remediate issues. Translation: less technical employees can work alongside Falcon Complete throughout IT and security departments. This is important due to a cybersecurity training gap between the small talent pool and the dire need for larger security teams.

The upgrade process for modules within the Falcon Complete tier is driving Crowdstrike’s ongoing growth. For example, the company recently reported over 100% growth year-over-year in ending ARR for the Discover, Spotlight, Identity Protection and Log Management modules. The company also stated “the number of customers adopting 6 or more and 7 or more modules grew more than 100% year-over-year” –this is due to Crowdstrike increasing the number of modules they offer for trial from 4 to 12 in the most recent quarter.

This is not to be confused with subscription customers that adopted 6 or more modules, which grew 35%, yet may be a leading indicator of what is to come if the trials were this popular. At the end of Q1 FY2023, 71% of subscription customers had four or more modules and 59% had five or more modules. The company is “retiring” the four or more modules key metric moving forward as it’s becoming commonplace to upgrade to this number of modules.

The users need to download a lightweight agent on each endpoint and cloud workload with only a single agent required to upgrade to the various modules. The agent also protects workloads when offline and sends data to the Falcon platform. The data from workloads are analyzed by machine learning models and are capable of preventing future attacks. The events are sent to the Threat Graph in real-time to be further analyzed.

The Threat Graph is a proprietary and a dynamic graph database. It continuously looks for malicious activity by using Artificial Intelligence. The data needs to be collected only once and can be used to analyze how to prevent future attacks. It also enables the company to introduce new products by using the same data and this is one of the reasons that CrowdStrike was able to rapidly introduce new modules.

The company has a smart filtering system that helps filter enormous amounts of data. The company estimates that a typical endpoint generates 100 GB of unfiltered system event data daily. A typical corporation will have several endpoints. The company’s smart filtering helps reduce the noise, and the Falcon agent only sends the crucial data required for detecting, preventing, and investigating attacks. It thereby improves the performance and allows for efficiently analyzing large volumes of data.

The Threat Graph is a powerful product in preventing breaches as it predicts and prevents modern threats in real-time through endpoint telemetry, threat intelligence and AI-powered analytics. This works alongside the modules to offer a best-of-breed endpoint security solution that offers a combination of agent-based and agentless solutions on one dashboard across public cloud, multi-cloud, and hybrid deployments. The company feels that agent-based is still essential to offer pre-runtime and runtime protection, whereas according to Crowdstrike, agentless-only solutions offer partial visibility and lack remediation capabilities (i.e., the company is referring to SentinelOne which we’ve covered here and also here).

The company has three graphs: Threat Graph, Intel Graph and the recently-launched Asset Graph.

Threat Graph: As discussed, takes trillions of data points from millions of sensors and enriches the threat intelligence from third-party sources (hence “crowd” strike). This offers full visibility and provides automated threat prevention.

Intel Graph: Offers threat intelligence by correlating massive amounts of data and provides insights into any shifts in tactics or techniques

Asset Graph: Newly-launched to increase protection across attack vectors such as cloud, on-premise systems, mobile, IoT and connects them into a unified, visual graph rather than a list.

We’ve discussed with both Datadog and SentinelOne why standardization is key to a cloud company’s long-term growth (and survival really). Crowdstrike is a prime example of this as endpoint security companies are able to slowly move into new territory. The Humio acquisition was discussed on the call as analysts were wondering if Crowdstrike has been taking territory from SIEM vendors. Because the endpoints are arguably the most difficult to protect, I would expect both Crowdstrike and SentinelOne to successfully take more turf across security vendors as they move through product expansion.

According to the recent report from International Data Corporation (IDC), CrowdStrike is ranked No.1 in Worldwide Corporate Endpoint Security Market Share with 12.6% of the $10.3 billion market, up from 6.3% in 2019. The company is also the largest vendor in the modern endpoint security submarket with a 15.5% market share in 2021, up from 12% in 2020. Similarly, CrowdStrike has been named as the leader in ‘The Forrester Wave’ Endpoint Detection and Response Providers, Q2 2022. Source: Investor Presentation. It has also ranked No. 1 in the coveted 2021 Fortune 50 list, which is the list of companies that have best prospects for future growth.  

As we discussed in our Q2 webinar at minute 30:09, cybersecurity is one of the only areas where spending is increasing following tech-heavy budgets in 2020 and 2021. Here is what Crowdstrike in regards to this point:

Joseph GalloJoseph Gallo

You’ve alluded to it and so far the numbers appear to indicate that cyber and your business is resilient. But George, in your convos with customers and Burt, in your guidance methodology, is the world a little less rosy than it was a quarter ago? Are you seeing any change in the velocity of deals closing or hesitation from customers? And if you could break that into by geo or deal size, that would be great. Thanks.

George KurtzGeorge Kurtz

Yes, I’ll try the first part. No, we haven’t seen any slowdown in terms of the willingness to buy security. It continues to be the number one risk factor for any Board of Directors. Again, when you look at some of the e-crime impact and taking out business, it is not a discretionary spend. It’s — in the hierarchy of corporate needs, it’s probably shelter.No, we haven’t seen any slowdown in terms of the willingness to buy security. It continues to be the number one risk factor for any Board of Directors. Again, when you look at some of the e-crime impact and taking out business, it is not a discretionary spend. It’s — in the hierarchy of corporate needs, it’s probably shelter.

We’ve also hammered on standardization and the driving down of costs in the Q2 webinar at 34.45 prior to this earnings season. Here is what Crowdstrike’s CEO George Kurtz had to say about this in the most recent earnings call following our webinar:

And in fact, when you look at the current environment, we have a customer saying we want to consolidate more. We want to go in with — all in with CrowdStrike. We want to get rid of this extra spend that we have in other areas, too many agents. And we can upsize our deals while decreasing the overall security spend by consolidating things like vulnerability management, by consolidating log management capabilities, et cetera. We can put it together and give them a much more effective technology with better outcome, lower cost and lower management concerns.we have a customer saying we want to consolidate more. We want to go in with — all in with CrowdStrike. We want to get rid of this extra spend that we have in other areas, too many agents. And we can upsize our deals while decreasing the overall security spend by consolidating things like vulnerability management, by consolidating log management capabilities, et cetera. We can put it together and give them a much more effective technology with better outcome, lower cost and lower management concerns.

The company’s total addressable market (TAM) is growing. It was $25 billion during the company’s IPO in 2019 and is expected to reach $126 billion in 2025 with planned new offerings. The TAM is expected to be $71 billion in 2024 with the current portfolio offering.

Financials:

The company’s revenue growth has been strong. In the recent quarter, revenue grew by 61% YoY to $487.8 million. Subscription revenue which accounted for 94% of the total revenue, grew by 64% YoY to $459.8 million. The management expects revenue to grow 52% in the next quarter to $515 million at the mid-point of the guidance.

Source: YCharts

The company’s key performance metrics are strong. Its annual recurring revenue (ARR) grew by 61% YoY to $1.92 billion, with a net new ARR of $190.5 million in the recent quarter. The company’s dollar-based net retention rate (DBNRR) was above 120% in the recent quarter. This is the 17th consecutive quarter of above 120% DBNRR which shows the company’s strong retention metrics.

The company’s subscription customers grew by 57% YoY to 17,945. It has a strong base of enterprise customers. As of January 31, 2022, the company’s customers include 65 of the Fortune 100, 254 of the Fortune 500, and 15 of the top 20 U.S. banks.

Source: Investor Presentation

The company has stable gross margins. In Q1 FY2023, the company reported a gross margin of 74% which was at the same level as Q1 FY2022. It shows that the company has been able to maintain its cost of revenue in proportion to the increase in its revenues. Similarly, the subscription gross margin was 77% in both Q1 FY 2023 and Q1 FY2022. The adjusted subscription gross margin was 79% and was within management’s target of over 77% to 82%.

The operating margins are improving. The loss from operations reduced from -$31.3 million (-10%) in the Q1 FY2022 to -$23.9 million (-5% of revenue) in the recent quarter. The company’s operating expenses as a percentage of total revenue fell by 5.53%. Particularly, sales and marketing expenses fell by 4.95%. Its strong subscription business model is also helping the company to improve its operating leverage. The adjusted operating income was $83 million (17% of revenue) in the recent quarter when compared to $29.8 million (10% of revenue) in the same period last year. The management’s target range for the adjusted operating margin is over 20% to 22% which it expects to reach in FY2025.

Source: YCharts

The net loss was -$31.5 million (-6.5% of revenue) in Q1 FY2023 compared to -$85 million (-28% of revenue) in the same period last year. While the company’s margins are improving, as explained in the above paragraph. The wider difference in the net loss reduction was primarily due to the provision of taxes related to the Humio acquisition, which was included in the Q1 FY2022. The company reported an adjusted net income of $74.8 million compared to an adjusted net income of $23.3 million in the same period last year.

The company's cash flows are also good. In the recent quarter, the company reported a free cash flow of $157.5 million (32% of revenue). In the words of George Kurtz, President, CEO, and Co-Founder, “In 8 out of the last 10 quarters, we have delivered 30% or greater free cash flow margin. Our powerful combination of growth, profitability and cash flow is reflected in our continued performance well in excess of the SaaS industry’s Rule of 40 benchmark. In Q1, we achieved a Rule of 78 on a non-GAAP operating income basis and when calculated on a free cash flow basis, a Rule of 93.”

The company also raised the revenue guidance for FY 2023 ending January to $2.19 billion to $2.21 billion from the earlier guidance of $2.13 billion to $2.16 billion, representing a YoY growth of 52% at the mid-point of the revised guidance.

Valuation

 The company is currently trading at a P/S ratio of 23 and a forward P/S ratio of 17. Its forward P/E ratio is 137. When we compare on a fwd P/S ratio, the company has a slightly higher valuation than SentinelOne and Cloudflare. However, the company ranks the best when we compare on a fwd P/E ratio. This metric will gain importance since, in the current environment, investors are looking for companies with profits. So, we believe that CrowdStrike has a better chance to outperform. The valuation is good when compared to its peers and taking into consideration the cash flows along with improving margins.

Note: Zscaler is not an exact comparable in the below chart since its fiscal year ends in July, while the other companies have their fiscal year ending December/January.

Wall Street Analysts notes 

Morgan Stanley analyst Hamza Fodderwala upgraded the stock to overweight from equal weight. The analyst said, “CrowdStrike (CRWD) is seeing further adoption based on conversations with Chief Information Officers and is seeing 100% growth from its non-endpoint offerings, which now account for 15% of its annual recurring revenue, showing that its total addressable market could be $30B bigger than first thought.”

Oppenheimer analyst Ittai Kidron lowered the company’s price target to $250 from $300 and kept an Outperform rating. He said, “CrowdStrike reported a strong Q1, beating expectations behind continued momentum for its emerging modules and strong customer growth.” He adds, “While the guidance is somewhat conservative and takes into account the potential for macroeconomic headwinds, the analyst remains bullish and believes CrowdStrike is in the early innings of addressing a massive growth opportunity.”

Piper Sandler analyst Rob Owens lowered the company’s price target to $230 from $250 and kept an Overweight rating on the shares. He said, “The company reported another strong beat and raise quarter that saw all metrics come in ahead of Street expectations.” He adds, “While a $22M annual recurring revenue beat on the Street number is a smaller magnitude beat compared to recent quarters, the solid growth and margin dynamics at near $2B scale is impressive”.

Risks to consider 

CrowdStrike faces tough competition from legacy providers and also innovative companies like SentinelOne. We have SentinelOne in our portfolio because we like this company’s growth profile while being centered within the (relative) safe haven of cybersecurity. We feel this is a great sector to hold a higher growth position.

The company has been undergoing losses since its inception. At the same time, the losses are being narrowing. However, if the company cannot achieve consistent profitability in the coming years, it could adversely affect the stock.

Valuation is less of a concern now than it was in the past.

Conclusion

The Cybersecurity sector will perform well as corporations and governments must protect their digital assets as breaches are very costly. We believe that companies like CrowdStrike, which have their products built for the cloud and specialize in endpoints, will stand to benefit, and will have defensible positions as they expand into other markets. We also like the improving financials, particularly the solid free cash flows, which is an important financial metric in the current uncertain macro environment.

Posted in Cloud, Cybersecurity, IdentityLeave a Comment on Crowdstrike: Cybersecurity is Tech’s Leading Sector

SentinelOne: A Strong Defender and Q4 Review

Posted on March 28, 2022June 30, 2026 by io-fund

SentinelOne: A Strong Defender and Q4 Review

The marketing language between Crowdstrike and SentinelOne is thick, and I don’t expect this to change anytime soon. We’ve called SentinelOne a “stellar product” in our first analysis and an “exceptional product” in our second analysis. This is based not only on detection, where Crowdstrikes rank high, but also on accuracy of triggering a response. 

The product differentiation is best summed up by the fact other vendors require data to be sent to the cloud for analysis and often have many humans monitoring the alerts to take action. Meanwhile, SentinelOne uses automation to find the threat which reduces the number of false positives. Instead of getting every piece of telemetry that requires the security team to investigate, SentinelOne’s endpoint detection and response solution eliminates the noise so that the security team is only responding to those that have the potential to be critical.

SentinelOne often emphasizes the fact that legacy antivirus powered by human-generated signatures still remains a widely used security technology. This is in spite of the fact that they are ineffective and reactive. Human-powered endpoint detection and response, or EDR, emerged as the alternative in which people became the detection and response crew.

Speed is everything in security and SentinelOne asserts Crowdstrike’s 1-10-60 rule is outdated. The 1-10-60 response rule claims the best achievable cybersecurity outcome is capped at one minute to detect an attack, 10 minutes to investigate, and 60 minutes to respond. Meanwhile, recent ransomware attacks have proved that it only takes milliseconds to breach an organization and cause damage. 

Data + AI = Storylines

SentinelOne believes that cybersecurity is fundamentally a data problem. The company’s Singularity Platform ingests, correlates, and queries petabytes of structured and unstructured data from ever-expanding disparate external and internal sources in real-time. It builds rich context and delivers greater visibility by constructing a dynamic representation of data across an organization. As a result, the company’s AI models are often highly accurate in triggering a response. 

The company’s distributed AI models run both locally on every endpoint and every cloud workload, as well as on the company’s cloud platform and the AI models predict threats in milliseconds. The behavioral AI model maps and links all behaviors on the endpoint to create Storylines. When an activity is deemed to be a threat, the system automatically takes action to kill the attack. 

In the cloud, the company’s platform aggregates these Storylines. The streaming AI detects anomalies that surface when multiple data feeds are correlated with additional external and internal data. By providing full visibility into the Storyline of every secured device across the organization through one console, the platform makes it fast for analysts to search and hunt for threats.

Storylines maintain a complete record of unauthorized changes that are made during an attack and can roll back or remediate any damage done during an attack very quickly. The ability to turn back time on a device is unique to SentinelOne. According to the company, this is the “ultimate safety net” and eliminates costly incident cleanup.

S versus CRWD = No Clear Answers

The challenge for analysts and investors is that Crowdstrike also has a strong product and is certainly the heavyweight in the space with SentinelOne being the defender. We’ve written a more thorough overview on product comparing SentinelOne and Crowdstrike here. 

In our previous analysis, we’ve discussed SentinelOne’s strength in ranking at the top in Peer Reviews despite ranking lower across industry analyst reviews. The most recent MITRE ATT&CK evaluations showed a very strong report for Crowdstrike on 100% detection yet showed very strong results for SentinelOne on 100% visibility and no misdetection. 

If public investors are looking for clarity directly from the source, there will be none offered as these two companies are committed to battling it out on earnings calls, marketing materials and anywhere else they can find an opening. 

It probably says something about S, however, that CRWD would even bother to defend itself given its annual revenue will be over $2 billion when S is at roughly $400 million. In other words, why bother with a competitor 1/5th your size in a crowded endpoint security vendor market? I imagine it’s because S makes bold, ongoing statements like this in their earnings calls and elsewhere: “We've maintained incredibly strong win rates in all competitive situations against both legacy and next-gen vendors. This is because of the breadth of our platform, covering endpoints and surfaces of all types, cloud workloads, Kubernetes, mobile devices and IoT devices and soon, identity.”

Cloud Security Segment Could Rival Endpoint Security

Cloud is a growth lever for SentinelOne as the company leverages a microservices architecture for rapid and frequent updates. The company offers support for Kubernetes workloads with additional runtime protection and simplified deployment. 

In our previous write-up, we had stated this was the most important statement on the Q3 call:

“Cloud still remains our fastest-growing module. About 10% of endpoints are covered by cloud and servers. It has been our fastest-growing module for some time. Cloud is a piece of the business, I think that we think will expand greatly in the future. We anticipate that at some point, it will be the similar size to the endpoint market.”

The company stated that across the company, it’s the “cloud workload protection and data retention modules that outperformed the most with year-over-year ACV growth of over 10X.” We are talking outsized growth on small numbers but this is key to watch moving forward with the more revelatory statement long-term coming from Q3 about the market matching the endpoint market.

In August, the company released SentinelOne Storyline Active Response (STAR) which is the cloud-based automation engine that allows security teams to create custom detection and response rules. 

The company stated DataSet was up 20% year-over-year. The product DataSet is what became of last year’s Scalyr acquisition, a leading cloud-native data analytics platform that serves as a big data engine for the XDR platform. This speeds up the process and drives down costs by ingesting and correlating terabytes of data at machine speed and also makes SentinelOne more competitive against SIEM tactics for data correlation and response.

Here is the advantage of DataSet when comparing to the competition, as stated in the call: “And I think that a lot of the large enterprises out there are looking at that because otherwise, if they're going with a different EDR vendor, they suddenly need to figure how are they going to retain data on the back of maybe a different platform. And that's sometimes going to be just incredibly costly. With us, it comes on the back of a single platform.”

Attivo Acquisition

SentinelOne extends the definition of XDR beyond “endpoint’ to include other data points on a network, such as containers, cloud-native applications, and even email or messaging. With the Attivo acquisition, the company will have more in-network and identity detection in the event a hacker is mimicking an employee or authorized user. This is especially important given the recent SolarWinds hack. 

Attivo Networks specializes in Active Directory, which helps IT departments connect users to Windows-based IT systems. This means it could help SentinelOne’s cross-sell into more traditional enterprises, which was alluded to on the call. There were many questions on the Attivo acquisition, but ultimately management stated it would be accretive on gross margin and accretive on operating margin (whew – you could feel the collective sigh of relief on the call – we do not want those margins going in the wrong direction right now). 

“So obviously, we have stated that [Attivo] accretive to our gross margin. From an operating margin standpoint, I think this current year, while we take into account our expected integration costs, the margin profile will be very similar to ours. If you take out those costs on a go-forward basis, it would be accretive to ours on an operating margin basis. And we'll have that guidance, obviously, when we specifically guide next quarter.”

Attivo’s specialization with Active Directory lends the acquisition to a post-SolarWinds world. Active Directory is the widely-used authentication system that was leveraged by hackers in the SolarWinds hack. 

SolarWinds is known to be the “largest and most sophisticated operation that [Microsoft] has seen” with over 1,000 skilled engineers likely working on the operation. Although Crowdstrike was not infiltrated due to not using Microsoft’s email client, the cybersecurity company also did not detect the abnormal API calls until after FireEye disclosed their breach. The blog published by Crowdstrike said that they later discovered “abnormal calls to Microsoft cloud APIs during a 17-hour period several months ago.” In response, Crowdstrike released a reporting tool to manage permissions for Azure AD environments.

Crowdstrike has cited issues with the authentication architecture with Active Directory on Windows and Azure Active Directory, which was exploited to move laterally in the SolarWinds hack. The CEO of Crowdstrike called Microsoft’s Active Directory “antiquated.” 

It may be a boon for SentinelOne that Crowdstrike is throwing shade on Microsoft as a large percentage of the Fortune 500 are committed to Microsoft. Notably, SentinelOne specifically stated in the past it covers email and will now cover Active Directory with best-of-breed identity threat detection and lateral movement prevention, which was used in SolarWinds.

The acquisition price is $617 million in cash and stock contributing $40 million in revenue for the full year. Attivo has ARR growth of 50% with primarily large enterprises making up the customer base with an analyst pointing out that ARR per customer for Attivo is double Sentinel. 

Q4 Earnings Overview

SentinelOne leads their earnings calls with ARR growth as the top key metric for the company. In Q4, ARR growth was 123% and revenue growth was 120% year-over-year for total revenue of $65.6 million. 

Total ARR is nearing $300 million while annual revenue for the upcoming fiscal year 2023 is guided at $368 million, with ARR suggesting this guide could be easily met over the next four quarters. Most importantly, customers over the $100K range are growing at a rate that is double overall customer growth at 137% and 70%, respectively. 

The overall customer growth represents a slowdown from 79% YoY to 70% YoY while larger account growth was fairly flat at 141% in Q3 to 137% in Q4. 

The company guided for Q1 revenue of $74.5 million, compared to revenue in Q4 of $65.6 million. This is important because management has stated in the past, Q1 revenue was down sequentially by 20% to 25%. “Our revenue guidance for Q1 implies that we should be at or better than typical Q1 net new ARR seasonality, which has been down between 25% to 35% sequentially in the past 2 years.”

Notably, the I/O Fund is unable to track where the ARR was down “for the past 2 years” but the sequential growth is headed in the right direction. The numbers we have show Q1 FY2021, net new ARR declined 37% QoQ to $8 million yet in Q1 FY2022 it grew +8% QoQ to $30 million. This year, the sequential growth will be +13.5%. 

Higher ARR sequentially for the upcoming Q1 is likely driven by the record number of 100,000-plus deal and a record number of million-dollar plus deals. International is another area of strength as the company saw revenue grow 140%. This represents 31% of revenue – so something to watch closely as a near-term driver.

Net retention is higher at SentinelOne at 129% down from 130% compared to Crowdstrike in the 121-123% range. 

In the current macro climate, across all growth stocks, the top line is battling the bottom line. On one hand, the market is trying to price in a slowing growth environment, and on the other hand, the market wants a perfect bottom line. Rarely do these two things coexist – strong growth in a slowing growth environment with a great bottom line. We are tech growth investors so we want to be careful of demanding that tech growth stops acting like tech growth.  

What we are looking for at I/O Fund is what companies can maintain growth with an improving bottom line.an improving bottom line. We think to dump resilient growth in a slowing growth environment isn’t necessarily the correct answer. Obviously, we are well diversified with top holdings that have strong bottom lines (AMD, NVDA) but we are also not dismissive of growth-oriented business models.  

With that said, SentinelOne has adjusted operating losses of ($63) million. The company has GAAP-operating losses of 109% or ($71) million. The margins noted include a 12% improvement to gross margin and a 38% improvement to operating margin.

It would be easy to discount the company based on the losses and to look at Crowdstrike with positive free cash flow and believe it’s the better stock. In this fierce debate, we are siding with SentinelOne primarily for its ability to run automated security from the data lake, as well as next-gen EDR/endpoints. 

SentinelOne’s forward guidance is for 80% growth in FY2023 for $368 million in revenue and 99% growth for the first fiscal quarter ending in April for $74.5 million in revenue. The company is guiding for “high 60% gross margins by year-end” on a Non-GAAP adjusted basis and operating margins of negative (57.5%) operating margin by year-end for an improvement of 25%. The company’s long-term target is EBIT margin of 20%-plus. 

Sales and marketing costs are improving over time with S&M trending closer to 100% of revenue in the past to 65% of revenue. Usually if an incumbent has strong margins like Crowdstrike, it serves as a model to help alleviate concerns of profitability long-term. Crowdstrike became profitable around the $200 million quarterly mark in July of 2020 so that could put us around H2 CY2023 for SentinelOne. Bradley goes into more depth below.

Notably, Crowdstrike had a rocky road with the stock being down 50% during the Q3 2019 selloff and then a total of 68% from peak to trough during March 2020. However, even if an investor had terrible timing and bought at IPO, the stock is now up 251% following yet another major selloff of Q1 2022. At its most recent peak, the returns were 390% if you had bought at IPO. 

I’m sure you can see the parallel I’m drawing with SentinelOne and some of our more recent buys – which are at/near the low. In the fierce debate between Crowdstrike and SentinelOne, the only thing that matters to us is whether SentinelOne’s product can potentially carry the newly public company on a similar path in terms of price action. We believe it can.

Comments on SentinelOne’s margin relative to CrowdStrike’s 

By Bradley Cipriano

SentinelOne and CrowdStrike are peers, so it makes sense to compare the two. However, CrowdStrike’s financials are much stronger than SentinelOne’s largely because CrowdStrike has significant scale (CrowdStrike is at nearly 6x the revenue run rate as SentinelOne). To account for the differences in scale, I compared SentinelOne’s latest results to CrowdStrike’s results when it was at a similar revenue run rate. As I’ll discuss below, SentinelOne’s results appear in-line with CrowdStrike’s but there are important differences in accounting treatment that impact the comparison.

SentinelOne’s Q4 FY2022 sales of $65 million are about equal to CrowdStrike’s Q3 FY2019 sales of $66 million. I use Q3 FY2019 for my base period for CrowdStrike, but also make comparisons to Q4 FY2019 to better account for seasonality. 

At this stage, SentinelOne is similar to CrowdStrike based on both sales growth and gross margins. For instance, SentinelOne grew sales 17% QoQ in Q4 FY2022 vs CrowdStrike’s 19% QoQ growth in Q3 FY2019. SentinelOne’s gross margin was 63%, which was slightly below CrowdStrike’s gross margin of 66% in Q3 FY20219. 

An area where SentinelOne is showing leverage is sales efficiency. SentinelOne’s Q4 FY2022 Sales and marketing expense was 64% of sales, which compares favorably to CrowdStrike’s 70% S&M margin (as of Q3 FY2019). However, Q4 tends to be a seasonally strong quarter for Enterprise, and relative to CrowdStrike’s Q4 FY2019 S&M margin of 61%, SentinelOne was slightly above that metric.

Further down the income statement, the differences grow between the two peers. SentinelOne’s R&D and G&A margins were much higher than CrowdStrike’s at this stage. For instance, SentinelOne’s R&D margin was 65% vs 39% for CrowdStrike, and its G&A margin was 42%, or double CrowdStrike’s 21% margin at a similar revenue run rate. As a result, SentinelOne’s operating margin of -108% as of Q4 FY2022 compares unfavorably to CrowdStrike’s -63% and -39% operating margin as of Q3 and Q4 FY20219, respectively.

However, there are important differences in accounting that impact this comparison. For instance, SentinelOne has accrued much more expenses than CrowdStrike at this stage, which essentially pulls forward expenses. For instance, SentinelOne’s accrued expenses increased 252% YoY to $84 million, which represented 61% of quarterly operating expenses. A rise in accrued expenses leads to a concurrent rise in operating expenses on the income statement, and is a sign of conservative accounting. 

It appears that SentinelOne has more conservative accounting than CrowdStrike did at a similar run rate. For instance, in Q4 FY2019, CrowdStrike’s accrued expenses were 46% of total operating expenses. Had SentinelOne’s accrued expense profile been similar to CrowdStrike’s, it would have reported ~$20 million less in quarterly expenses. Stated differently, SentinelOne’s operating margin would have been closer to -78% in Q4 had it not ramped the accrual of expenses, which compares more favorably to CrowdStrike’s operating margin at a similar run rate. 

Another important concept to consider is the capital intensity of both business models. If a company capitalizes more expenses to the balance sheet, its earnings will look relatively stronger. It is noteworthy that SentinelOne has just $25 million in net PP&E while at a $65 million quarterly revenue run rate, while CrowdStrike had $74 million in PP&E, or nearly 3x as much, at a similar run rate. During the latest quarter, SentinelOne capitalized just $1 million of expenses to the balance sheet, versus $15 million for CrowdStrike in Q4 FY2019. This $14 million delta impacts comparisons between the two. 

Taken altogether, SentinelOne recognized ~$20 million more in accrued expenses, and CrowdStrike capitalized ~$14 million more in expenses while at similar revenue run rates. If we adjust SentinelOne’s earnings for this $35 million delta, its Q4 operating margin would be closer to -55%, which compares more favorably to CrowdStrike’s -39% operating margin as of Q4 FY2019 and -63% operating margin in Q3 FY2019. 

To summarize, SentinelOne is at a similar run rate as CrowdStrike in Q3 FY2019. Sequential revenue growth is about even and gross margins are comparable. SentinelOne has moderately stronger sales leverage but has much higher R&D and G&A expense. However, SentinelOne has more conservative accounting, as it has expensed more costs to the income statement rather than to the balance sheet relative to CrowdStrike. For instance, had SentinelOne accrued expenses at a similar rate as CrowdStrike, its quarterly operating expenses would be ~$20 million lower. Furthermore, CrowdStrike has capitalized more expenses than SentinelOne has at a similar run rate, which added a further ~$14 million delta between the two. By accounting for these timing differences, SentinelOne’s operating margin appears more in-line with CrowdStrike’s at a similar run rate. 

Finally, SentinelOne guided for 80% topline growth for FY2023, which is slightly above CrowdStrike’s guide for 74% topline growth for FY2020. SentinelOne is expected to grow slightly faster than CrowdStrike did at a similar run rate. The faster growth rate will front load more expenses, and also contributes to a lower margin profile.  In all, SentinelOne’s margins appear relatively in-line with CrowdStrike’s after considering accounting differences and projected growth rates. 

Posted in AI Stocks, Cybersecurity, SoftwareLeave a Comment on SentinelOne: A Strong Defender and Q4 Review

SentinelOne: Exceptional Product at a Decent Valuation

Posted on January 6, 2022June 30, 2026 by io-fund

SentinelOne: Exceptional Product at a Decent Valuation

 

At time of writing, SentinelOne is trading very close to its IPO opening price of $46.00 when the stock opened for trading on June 30th. We outlined how this price included a large 900% premium from its last private valuation round. Now that SentinelOne has more trading history and is doubling its revenue every year, the stock is catching up to its public market premium. By posting 128% revenue growth or more, the valuation has come down quite a bit. We are in the last quarter for fiscal 2022 and for fiscal year 2023, SentinelOne is trading at 33X expected revenue for 2023. We think this is a reasonable buy zone for a company with this level of growth that is expected to continue.

I’ll review the product which was first covered here in my Forbes write-up. Below, Bradley also discusses the operating losses and other key points regarding the financials losses that are being front-loaded from customer acquisitions as it captures market share. However, he outlines in more detail below that there are signs of leverage in its model. Customer growth is especially strong with SentinelOne and the net retention rate is healthy. We also discuss SentinelOne’s products and why cloud is a key area of strength. 

SentinelOne Product Overview: Fight Machine-with-Machine

 

SentinelOne is an AI-powered cybersecurity company at the forefront of autonomous threat detection and prevention. The company is one of the first to introduce autonomous threat detection and prevention. It has developed an AI-powered XDR platform to make cybersecurity protection truly autonomous from the endpoint and beyond. Endpoint security refers to protecting the endpoints or entry points of the end-user devices such as desktop PCs, laptops, mobile devices, and servers from being exploited. SentinelOne expands this definition (hence XDR for “extended” instead of EDR) to include more data points.

Overview of SentinelOne

The product differentiation is best summed up by the fact other vendors require data to be sent to the cloud for analysis and often have many humans monitoring the alerts to take action. Meanwhile, SentinelOne uses automation to find the threat which reduces the number of false positives. Instead of getting every piece of telemetry that requires the security team to investigate, SentinelOne’s endpoint detection and response solution eliminates the noise so that the security team is only responding to those that have the potential to be critical.

According to SentinelOne’s S1, “Cyberattacks have become the output of military-grade, highly resourced, and automated nation-state and cybercrime operations. We envisioned a revolutionary data and artificial intelligence paradigm where technology alone could autonomously prevent, detect, and respond to cyberattacks. It is time to fight machine with machine.”

They emphasize that legacy antivirus powered by human-generated signatures still remains a widely used security technology. This is in spite of the fact that they are ineffective and reactive. Human-powered endpoint detection and response, or EDR, emerged as an alternative where people became the detection and response crew.

This approach led to the “1-10-60” rule which claims the best achievable cybersecurity outcome was capped at one minute to detect an attack, 10 minutes to investigate, and 60 minutes to respond. Recent ransomware attacks have proved that it only takes milliseconds to breach an organization and cause damage. 

SentinelOne: Singularity XDR Platform

SentinelOne launched the XDR solution in the first half of 2020 prior to going public in 2021. This platform offers Active EDR, which allows for more visibility and automated responses for Endpoint Detection and Response (EDR). SentinelOne has many competitors in the EDR space while XDR extends the definition of “endpoint” to not only include devices and workstations, but to also include other data points on the network, such as containers and cloud-native applications, and also across the entire stack, such as email, the network, and identity. Extended detection and response (XDR) is cross-layered detection and response. XDR collects and automatically correlates data across multiple security layers – email, server, cloud workloads, and network – so threats are detected faster and security analysts improve investigation and response times.

SentinelOne uses many data sources to create a data lake. The single pool of raw data is built across a wide range of sources, including other vendors or internal data sources. Automation works best with a lot of data and SentinelOne is compatible with AWS, Azure or Okta, Splunk, Zendesk, and Slack. What matters to customers is that every threat is detected very quickly, and SentinelOne proposes a solution that is able to do both because automation and AI is best done at the data level rather than managing thousands of user endpoints to mitigate attacks.

The company’s Singularity Platform ingests, correlates, and queries petabytes of structured and unstructured data from ever-expanding disparate external and internal sources in real-time. It builds rich context and delivers greater visibility by constructing a dynamic representation of data across an organization. As a result, the company’s AI models are highly accurate. The company’s distributed AI models run both locally on every endpoint and every cloud workload, as well as on the company’s cloud platform and the AI models predict threats in milliseconds. The behavioral AI model maps and links all behaviors on the endpoint to create Storylines. When an activity is deemed to be a threat, the system automatically takes action to kill the attack.

Although SentinelOne and the XDR Platform is listed behind Crowdstrike and Microsoft on Gartner’s Magic Quadrant, SentinelOne leads on peer reviews. This was discussed in the earnings call with 97% of reviewers saying they would recommend SentinelOne in the 2021 Gartner Voice of the Customer Report. We had also noted the company’s strength on peer reviews in our first write-up. The company also scores high on the highly respected MITRE ATT&CK evaluations with 100% visibility and zero missed detections.

Cloud is a Growth Lever for SentinelOne

Cloud is a growth lever for SentinelOne as the company leverages a microservices architecture for rapid and frequent updates. The company offers support for Kubernetes workloads with additional runtime protection and simplified deployment. Kubernetes is automation orchestration for containers and allows for scaling of a container rather than an entire application. Kubernetes was created by Google and is used by 78% of companies managing containers with this open-source system.

This was probably the most important thing said on the call: “Cloud still remains our fastest-growing module. About 10% of endpoints are covered by cloud and servers. It has been our fastest-growing module for some time. Cloud is a piece of the business, I think that we think will expand greatly in the future. We anticipate that at some point, it will be the similar size to the endpoint market.”

According to the earnings call, cloud was the fastest growing segment: “In particular, our cloud workload protection product delivered the highest growth during the quarter, a testament to the demand for our real-time run-time protection for cloud workloads and containerized environments.” This was expanded on later to say: “The vast majority of what we sold this quarter was the Complete package. I think that we’re seeing just overall standardization on the Complete platform. People are opting for our complete EDR package. I think what I can also say on top of that is just increased adoption of our cloud modules. We’re just seeing increased demand for cloud workload protection.”

In terms of cloud being a growth driver competitively speaking, the company stated the following: “And obviously, if you look at our mix today, also going into the cloud security opportunity, kind of further compounds it, and it’s something that the incumbent vendors never had to offer.”

The company stated its biggest competitor here is Palo Alto Networks and a few startups.

Last February, SentinelOne acquired Scalyr, a leading cloud-native data analytics platform that serves as a big data engine for the XDR platform. This helps SentinelOne ingest “massive amounts” of data real-time for the XDR platform by eliminating data schema requirements and also reduces index limitations. This speeds up the process and drives down costs by ingesting and correlating terabytes of data at machine speed. This also makes SentinelOne more competitive against SIEM tactics for data correlation and response.

In August, the company released SentinelOne Storyline Active Response (STAR) which is a cloud-based automation engine that allows security teams to create custom detection and response rules. STAR requires security teams to turn queries into rules for detection, and this challenges legacy providers. SentinelOne’s platform aggregates Storylines, which is essentially behavioral AI. The textbook definition of behavioral AI is to track behavior on a device to reveal insights. SentinelOne leverages behavioral AI to make a decision without relying on sending signals to the cloud or to security engineers before a decision is made. Instead, SentinelOne uses ActiveEDR to sift through alerts and anomalies and to form storylines. The machine helps to identify the threat and then automates a response. This is differentiated from other EDR products that are only used to detect rather than to respond.

Ranger for Agent Deployment and IoT

SentinelOne is able to find any device connected to a network through a ML device fingerprinting engine (FPE) by running an inventory of IP-enabled devices. This helps to identify unsecured endpoints and to close the security gap in agent deployment. This is what is meant by “limited visibility” or lacking full visibility of every device where just one unknown device can run malware or host ransomware and compromise a network. Other cases of unsecured endpoints could be a new server that doesn’t have an agent or new employees who are onboarded without protection yet installed. Ranger and Ranger Pro detect and notify IT teams of these unsecured endpoints. This is especially important for the internet of things (IoT) where the number of devices connected to the internet proliferates and is hard to track. For example, hospitals are becoming smart hospitals where there are thousands of devices connected to the internet. In this example, Ranger would notify the IT department if one device was unprotected.

In the earnings call, it was stated that Ranger grew triple-digits and that “In Q3, two of our Fortune 10 customers renewed with multiyear deals, and both expanded their use of the Singularity platform, adding modules such as Ranger and remote script orchestration.” Adding modules like Ranger help to keep net retention rate strong, which reached a record 130% in Q3.

Remote Script Orchestration (RSO)

RSO is a new product released this past quarter. The goal is to increase the speed in response to cyberattacks. This is done by executing scripts and commands remotely across thousands of endpoints. The company provides a script library to run scripts for all platforms from a console to find single endpoints or multiple endpoints that are compromised. This allows security teams to collect whatever is needed from remote machines. This allows the security team to terminate processes, remove files, delete directories and other responses very quickly. With STAR, this can also be automated and RSO is built for users of all technical abilities due to the script library.

SentinelOne also supports Zero Trust which eliminates the need for perimeter-based security for better protection in remote work scenarios.

Product Differentiation

Cybercrime will cost companies $10.5 trillion annually by 2025 with the cybersecurity market worth $345 billion-$400 billion. SentinelOne’s addressable market is expected to reach $40.2 billion in 2024 with $12 billion from endpoint security and $17 billion in analytics, intelligence and response.

According to SentinelOne, using their products can produce cost savings can be up to 353% – granted this number is a marketing department, however, the point is that any company increasing ROI in cybersecurity has a real chance of taking market share if their product improves the results. The savings quoted is achieved by reducing the amount of cybersecurity tools a company needs by standardizing endpoint security across more data types. The consolidation in this case saves up to $3 million over a three-year period and the enhanced threat detection saves $671K over three years. Due to automation, $1.2 million can be saved over three years by reducing time and employee hours across the IT team.

This breakdown is important to look at because SentinelOne’s main value proposition is actually consolidation of cybersecurity tools, and secondly, its automation/reduced hours. This is a different argument then relying only on enhanced threat detection alone, which is the main argument for many of the competitors (debate on whose product is better).

We see real evidence of this in the financials with 4 quarters of revenue acceleration. Here’s how the company compares to other high growth cybersecurity names in terms of acceleration.

The product differentiation is best summed up by the fact other vendors are on the endpoint and require data to be sent to the cloud for analysis and often have many humans monitoring the alerts to take action. Meanwhile, SentinelOne uses automation to find the threat which reduces the number of false positives by leveraging a data lake. Instead of getting every piece of telemetry that requires the security team to investigate, SentinelOne’s endpoint detection and response solution eliminates the noise so that the security team is only responding to those that have the potential to be critical. Per SentinelOne: “What enterprises need is automated security, not repackaged legacy AV and crowd-powered protection.”

SentinelOne is not breaking ground in a new market rather its goal is be a superior product to take business away from legacy vendors. Here’s a quote from management: “I think it’s safe to assume that about over 50% of it is still in the hands of the incumbents. Looking at our pipeline for Q4 and the out quarters, that doesn’t seem to change. So to us, that cycle is still ongoing. It’s a pretty big TAM that we’re serving. And obviously, if you look at our mix today, also going into the cloud security opportunity, kind of further compounds it, and it’s something that the incumbent vendors never had to offer. So that makes the entire buying cycle really more sticky, more inclusive and just overall more important for the enterprise. So it becomes part of the picture. But again, in almost every account that we go into, call it high 90s, we see an incumbent vendor. So we don’t see that tapering away anytime soon.”

Financial Overview:

By Bradley Cipriano

 

SentinelOne has pioneered a new approach to endpoint cybersecurity and the company is quickly capturing market share.

We can see this in recent results, as annualized recurring revenue (ARR) has accelerated for four consecutive quarters. Furthermore, the acceleration in ARR helps explain the large losses incurred by SentinelOne, as customer acquisition costs are front loaded. However, as these new customers renew their contracts, the firm’s topline will continue to grow but expenses will normalize, leading to strong profitability in the future. I outline why in more detail below.

Accelerating growth drives large losses but losses are temporary

SentinelOne has reported four consecutive quarters of accelerating ARR growth. Specifically, ARR most recently increased 131% YoY in Q3 FY2022, an acceleration from the 127%, 116% and 96% YoY increase in Q2 FY2022, Q1 FY2022 and Q4 2 FY2021, respectively. As of the most recent quarter, ARR increased $37 million QoQ to $237 million, which marked the 10th consecutive quarter of QoQ increases in ARR (there are only 10 quarters disclosed). It is noteworthy that the most recent sequential increase in SentinelOne’s ARR was as large as the firm’s entire ARR metric in Q1 FY2020.

It is also notable that the acceleration in ARR started after the October 2020 quarter. In December 2020, the high-profile SolarWinds cyberattack was identified, which had exploited key vulnerabilities in numerous service providers such as SolarWinds, Microsoft products (Office 365) and VMware. SentinelOne outperformed the competition during this period and disclosed in its S-1 that none of its customers were impacted by the SolarWinds cyberattack. This event may have been a catalyst that identified SentinelOne as a leading cybersecurity platform. Furthermore, the company launched its XDR platform in early 2020 and covid lead to a general acceleration in software and cybersecurity usage during this period, each of which likely contributed to the acceleration in ARR shown below.

The growth in ARR also flowed to the income statement, as Q3 sales increased 128% YoY to $56 million, which marked the fourth consecutive quarter of accelerating YoY growth. Growth was driven by new customers, as SentinelOne disclosed in its 10Q that new customers accounted for 46% of its topline expansion in the most recent quarter, while existing customers contributed 37% and channel partners accounted for the remaining 17%. Acquisitions provided $4 million in sales, and absent the impact of M&A, organic sales increased 113% YoY.

During the quarter, revenue from international markets grew 159% year-over-year to $19 million, and represented 33% of total revenue, up from 29% a year ago. International markets will be a key area of growth for the company going forward. Furthermore, SentinelOne’s international growth was similar to CrowdStrike’s international growth when it was a similar size as SentinelOne (~$56 million in quarterly sales in FY2019). Specifically, CrowdStrike’s international sales increased 196% YoY to 23% of sales in FY2019, highlighting the similar path that SentinelOne is following. I compare SentinelOne and CrowdStrike in more detail further below.

Gross margin improved from 58% in the year-ago quarter to 64%, which represented an all-time high (10 quarters of public information). However, despite the improvement in gross margins, operating margins remained deeply negative. For instance, Q3 operating margin was -120%, a slight improvement from the year-ago quarter of -121% and an improvement from the 10-quarter average of -141%.

While it is concerning to see operating losses larger than sales, this is due to the rapid growth in new customers. As mentioned above, new customers accounted for the majority of topline growth, a favorable trend. Furthermore, acquiring customers front-loads expenses in the early years, but SentinelOne recognizes sales ratably, which makes losses appear outsized. As customers renew their contracts, these one-time customer acquisition expenses will decline, while the topline will expand as customers adopt more products. This trend will lead to an improvement in SentinelOne’s bottom-line going forward. 

Evidence of leverage in SentinelOne’s business

What is critical for SentinelOne’s story going forward is that there are signs that its subscription service is sticky, and that customers are increasing their spending. This would provide a light at the end of the tunnel that losses will turn into profits and cashflows. While SentinelOne is still a few years out from breaking even, there are positive signs that customers are both sticky and expanding their usage of its products. 

We can see this with net retention ratio (NRR), which improved to 130% in Q3, an all-time high, and was up from 115% in the year ago quarter. The improvement in NRR showcases that customers are expanding the amount of products they use each year, highlighting the success of SentinelOne’s ‘land-and-expand’ model. Furthermore, gross retention ratio, which only considers customer attrition, was 97% as of Q3, signaling that SentinelOne’s customers are sticking with the platform beyond one year.

Furthermore, SentinelOne’s customer metrics are also high quality. For instance, no single customer accounted for more than 3% of sales in the most recent quarter and the company disclosed that it has over 6,000 customers as of Q3, up 79% YoY. Furthermore, SentinelOne counts three Fortune 10 companies as customers, two of which recently renewed with multiyear deals in Q3. In its S-1, SentinelOne disclosed that it also counted 37 out of the Fortune 500 companies as customers, highlighting the large opportunity in front of it as there are still a plethora of enterprise customers yet to sign on.

Moreover, customers with ARR over $100,00 grew 141% YoY to 416, an acceleration from the 140% and 127% YoY growth rates in Q2 and Q1, respectively. SentinelOne’s success with enterprise customers suggests that the firm is rapidly capturing market share in the cybersecurity market.

Another example that highlights the leverage in SentinelOne’s model is the improvement in sales and marketing (S&M) expense. S&M expense increased just 1% QoQ in Q3, while Q3 sales increased 22% QoQ. This drove S&M margin down from 90% in Q2 to 74% in Q3, an all-time low. The improvement in S&M margin highlights that SeninelOne is spending less to attract customers, which is impressive considering that sales have been accelerating. As adoption grows, the company’s ability to expand the amount of products customers use will drive S&M margin lower, further improving its bottom-line in the future.

SentinelOne relative to CrowdStrike

SentinelOne’s metrics appear in-line when viewed relative to other cybersecurity platforms such as CrowdStrike. For instance, CrowdStrike’s S&M margin was 70% when its quarterly sales were around $56 million, This compares to SentinelOne’s S&M margin of 74% with $56 million in sales. Furthermore, SentinelOne’s sales grew 22% QoQ, which was faster than CrowdStrike’s 18% QoQ growth when its quarterly sales were $56 million. The faster growth rate helps explain the higher S&M margin.

However, SentinelOne has reported a steeper operating loss relative to Crowdstrike at $56 million in quarterly sales. This is likely due to timing, as SentinelOne went public with a rich valuation, which increases stock-based compensation expense. Expense items such as G&A expense may be inflated relative to historical periods for other tech stocks (like Crowdstrike), when tech valuations were lower.  Nonetheless, we expect the outsized SBC expense to normalize going forward. This will also improve SentinelOne’s bottom-line and bring it more in-line with peers in the future.

As shown below, SentinelOne and CrowdStrike had similar S&M margins when they were the similar sizes. However, CrowdStrike’s ARR was growing faster, as was its customer base. SentinelOne’s ARR per customer grew faster and its NRR was more robust. However, SentinelOne’s operating margin was considerably lower than CrowdStrike’s was. It should be noted that CrowdStrike was not public in 2018, so unrecognized SBC was not included in operating expenses. As mentioned above, we expect that SentinelOne’s earnings will improve as SBC from its recent IPO normalizes.

Outlook and Valuation

Looking forward, management expects Q4 sales to increase 103% at the midpoint to $61 million and raised their full-year guide for sales to $200 million, which increased the implied growth rate from 103% to 115% at the midpoint. Gross margin is expected to be 62%, up from the prior guide of 59% and an improvement of 100 bps YoY from FY2021. Finally, operating margin is expected to be -81% at the mid-point in Q4, demonstrating continued leverage in SentinelOne’s business model. 

Analysts expect growth to remain robust for the foreseeable future and FY2024 sales are forecasted to rise 185% from FY2022 levels to $570 million. Losses are also expected to persist throughout this time period, but are anticipated to materially improve by 2024. We are still early in SentinelOne’s growth story, but the opportunity in front of the company is large as its total addressable market was estimated to be around $30 billion in FY2021 and is expected to grow to $50 billion by 2024 (S-1).

The company’s market cap is below $12 billion and it currently trades at a 53x P/S multiple and a fwd (1-yr) P/S multiple of 33x. This is a premium relative to other cybersecurity competitors listed in its S-1, such as CRWD, which trade at a fwd P/S multiple of 22x. However, the company is clearly capturing market share from competitors, evident in its accelerating ARR metric discussed above, which warrants a premium valuation.

Furthermore, SentinelOne is unique in its growth as sales have accelerated for four consecutive quarters and the firm’s topline is growing over 100% YoY. Relative to other rapidly growing SaaS firms such as Snowflake, SentinelOne’s FY2023 fwd P/S ratio of 33x appears more in-line. There is also room for share price appreciation at this valuation. For instance, if SentinelOne’s sales grow to $570 million in FY2024 as expected and its fwd P/S multiple contracts to 30x (similar to CrowdStrike’s fwd P/S multiple when annual sales were at ~$500 million), the company’s share price will appreciate by 49% (assuming a constant share count).

Risks and Conclusions

There are some key risks going forward. SentinelOne’s approach to endpoint security is new and the market may not fully accept its approach of utilizing A.I. to combat cyber threats. Furthermore, the company has also reported large losses and these losses are expected to persist for the next few years. This may require SentinelOne to issue more shares, diluting shareholders. However, the company currently has $1.7 billion in cash on balance, which provides ample liquidity in the near term. Moreover, SentinelOne has limited financial information, which makes it difficult to thoroughly analyze the company’s financials and identify anomalies.

Despite the risks and limited financial history, SentinelOne appears to be well positioned in the cybersecurity market. ARR has accelerated for four consecutive quarters and it appears that the company is capturing market share, especially after demonstrating its success during the major SolarWinds hack in late 2020.

While losses are steep, there are signs of leverage in its business as S&M margin is improving. Furthermore, new customers are driving topline growth, which is favorable but also front loads customer acquisition costs. There is also evidence that SentinelOne’s customers are sticky, which suggests that the losses today are setting the company up well to report profits in the future. The company has a premium valuation relative to peers, which is warranted due to its elevated growth rate. Lastly, there is still room for capital appreciation even if the company’s multiple declines and mimics peers in the future. SentinelOne is early in its growth story and the market in front of it is massive, if it can continue to rapidly capture market share, it will likely reach profitability sooner than the Street currently expects.

Posted in AI Stocks, Cybersecurity, SoftwareLeave a Comment on SentinelOne: Exceptional Product at a Decent Valuation

Posts navigation

Older posts

Recent Posts

  • The IPO Glut of 2020: Why Valuations Have Gone Too Far
  • Zoom Discusses Two Important Catalysts In Q1 Earnings
  • Three Risk Management Tools the I/O Fund Offers
  • Micron Is Up 900%. Here’s Why the AI Memory Trade May Still Have Room to Run
  • Credo: Reliability Leader Aggressively Moves into Optics

Recent Comments

No comments to show.

Archives

  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025
  • April 2025
  • March 2025
  • February 2025
  • January 2025
  • December 2024
  • November 2024
  • October 2024
  • September 2024
  • August 2024
  • July 2024
  • June 2024
  • May 2024
  • April 2024
  • March 2024
  • February 2024
  • January 2024
  • December 2023
  • November 2023
  • October 2023
  • September 2023
  • August 2023
  • July 2023
  • June 2023
  • May 2023
  • April 2023
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • February 2018
  • January 2018

Categories

  • 5G
  • About
  • Accounting Tips
  • AdTech
  • Ai Platforms
  • Ai Platforms
  • Ai Platforms
  • Ai Platforms
  • Ai Platforms
  • Ai Platforms
  • Ai Platforms
  • Ai Platforms
  • Ai Platforms
  • Ai Platforms
  • Ai Platforms
  • Ai Platforms
  • Ai Platforms
  • Ai Platforms
  • Ai Platforms
  • Ai Platforms
  • AI Stocks
  • AI Stocks
  • Analysts
  • Application Monitoring
  • Application Monitoring
  • Applications
  • Applications
  • Applications
  • Applications
  • Applications
  • Applications
  • Applications
  • AR
  • Audit Reports
  • Autonomous Vehicles
  • Autonomous Vehicles
  • Autonomous Vehicles
  • Autonomous Vehicles
  • Autonomous Vehicles
  • Autonomous Vehicles
  • Autonomous Vehicles
  • Avod
  • Avod
  • Battery Charging
  • Bear Market
  • Bitcoin
  • Bitcoin
  • Bitcoin
  • Bitcoin
  • Bitcoin
  • Bitcoin
  • Bitcoin
  • Blockchain
  • Blockchain
  • Blockchain
  • Blockchain
  • Blockchain
  • Blockchain
  • Blockchain
  • Broad Market Today
  • Bull Market
  • Bull Market
  • Chainlink
  • Chainlink
  • Chainlink
  • Chainlink
  • China Stocks
  • Cloud
  • Cloud Infrastructure
  • Cloud Infrastructure
  • Cloud Infrastructure
  • Cloud Infrastructure
  • Cloud Infrastructure
  • Cloud Infrastructure
  • Cloud Infrastructure
  • Cloud Platforms
  • Cloud Platforms
  • Cloud Software
  • Cloud Software
  • Cloud Software
  • Cloud Software
  • Cloud Software
  • Cloud Software
  • Cloud Technology
  • Company
  • Company
  • Console Gaming
  • Console Gaming
  • Console Gaming
  • Consumer
  • Consumer
  • Consumer
  • Consumer
  • Consumer
  • Consumer
  • Consumer
  • Consumer
  • Consumer
  • Consumer
  • Consumer
  • Consumer
  • Consumer
  • Consumer
  • Consumer Tech
  • Corrections
  • Crypto Investment
  • Ctv
  • Ctv
  • Ctv
  • Ctv
  • Ctv
  • Ctv
  • Ctv
  • Ctv
  • Ctv
  • Ctv
  • Cybersecurity
  • Cybersecurity
  • Cybersecurity
  • Cybersecurity
  • Cybersecurity
  • Cybersecurity
  • Cybersecurity
  • Cybersecurity
  • Cybersecurity
  • Cybersecurity
  • Cybersecurity
  • Cybersecurity
  • Data
  • Data Analytics
  • Data Analytics
  • Data Analytics
  • Data Center
  • Data Center
  • Data Center
  • Data Center
  • Data Center
  • Data Center
  • Data Center
  • Data Center
  • Data Center
  • Data Center
  • Data Center
  • Data Center
  • Data Center
  • Data Center
  • Data Center
  • Data Center and Processing
  • Data Warehousing
  • Data Warehousing
  • Data Warehousing
  • Data Warehousing
  • Databases
  • Databases
  • Databases
  • Databases
  • Dating
  • Defi
  • Digital Ads
  • Digital Ads
  • Digital Ads
  • Digital Ads
  • Digital Ads
  • Digital Ads
  • Digital Ads
  • Digital Ads
  • Digital Ads
  • Digital Ads
  • Digital Ads
  • Digital Ads
  • Digital Ads
  • Digital Ads
  • E-Commerce
  • Earning Updates
  • Earning Updates
  • Earning Updates
  • Earning Updates
  • Earning Updates
  • Earnings Report
  • Earnings Report
  • Earnings Report
  • Earnings Report
  • Earnings Report
  • Earnings Report
  • Earnings Report
  • Earnings Report
  • ECommerce
  • Electric Vehicles
  • Electric Vehicles
  • Electric Vehicles
  • Electric Vehicles
  • Electric Vehicles
  • Electric Vehicles
  • Electric Vehicles
  • Energy Stocks
  • Enterprise
  • Enterprise
  • Enterprise
  • Enterprise
  • Enterprise
  • Enterprise
  • Enterprise
  • Enterprise
  • Enterprise
  • Ethereum
  • Events1
  • Events1
  • Exchange
  • Faq
  • Finance
  • Financial Analysis
  • Financial Analysis
  • Financial Analysis
  • Financial Analysis
  • Financial Analysis
  • Financial Analysis
  • Financial Analysis
  • Financial Analysis
  • Financial Analysis
  • Financial Analysis
  • Financial Analysis
  • Financial Analysis
  • Financial Markets
  • FinTech
  • Fundamental Analysis
  • Gambling
  • Gaming
  • Genomics
  • Glossary
  • Green Energy
  • Growth Stocks
  • Growth Stocks
  • Growth Stocks
  • Headsets
  • Headsets
  • Health Tech
  • Hydrogen
  • Identity
  • Identity
  • Identity
  • Inflation
  • Inflation
  • Inflation
  • Internet of Things
  • Interviews
  • Interviews
  • Interviews
  • Interviews
  • Investing
  • Investing
  • Ltbh
  • Ltbh
  • Ltbh
  • Ltbh
  • Ltbh
  • Macro Trends
  • Macro Trends
  • Market Trends
  • Market Trends
  • Market Trends
  • Market Trends
  • Market Trends
  • Market Trends
  • Market Trends
  • Market Updates
  • Market Updates
  • Market Updates
  • Market Updates
  • Market Updates
  • Market Updates
  • Market Updates
  • Market Updates
  • Market Updates
  • Market Updates
  • Media
  • Membership
  • Mining
  • Mobile
  • Mobile
  • Mobile
  • Mobile
  • Mobile Gaming
  • Mobile Gaming
  • Mobile Gaming
  • Multimedia
  • Music Streaming
  • NVDA | NVIDIA Corporation
  • Performance Updates
  • Pin Content
  • Podcasts
  • Podcasts
  • Podcasts
  • Portfolio
  • Premium Research
  • Press Releases
  • Press Releases
  • Productivity
  • Productivity
  • Productivity
  • Productivity
  • Productivity
  • Productivity
  • Productivity
  • Reports and Whitepapers
  • Research Services Preview
  • Resources
  • Resources
  • Semiconductor Stocks
  • Semiconductors
  • Semiconductors
  • Semiconductors
  • Semiconductors
  • Semiconductors
  • Semiconductors
  • Semiconductors
  • Semiconductors
  • Semiconductors
  • Semiconductors
  • Semiconductors
  • Semiconductors
  • Semiconductors
  • Social Media
  • Social Media
  • Social Media
  • Social Media
  • Social Media
  • Social Media
  • Social Media
  • Software
  • Software
  • Software
  • Software
  • Software
  • Software
  • Software
  • Software
  • Software
  • Software
  • Software
  • Software
  • Software
  • Software
  • Software
  • Solar
  • Solar
  • Stock Analysis PDFs
  • Stock Updates
  • Stock Updates (Blogs)
  • Supplychain
  • Supplychain
  • Supplychain
  • Supplychain
  • Supplychain
  • Supplychain
  • Svod
  • Svod
  • Svod
  • Svod
  • Svod
  • Svod
  • Tech Podcast
  • Tech Stock News
  • Tech Stock News
  • Tech Stock News
  • Tech Stock News
  • Tech Stock News
  • Tech Stocks
  • Tech Stocks
  • Tech Stocks
  • Tech Stocks
  • Tech Stocks
  • Tech Stocks
  • Tech Stocks
  • Tech Stocks
  • Tech Stocks
  • Tech Stocks
  • Tech Stocks
  • Tech Stocks
  • Tech Stocks
  • Tech Stocks
  • Technical Analysis
  • Telehealth
  • Telehealth
  • Telehealth
  • Telehealth
  • Testing Equipment
  • Testing Equipment
  • Top Tech Stock News
  • Travel
  • Trends Report
  • Tutorials
  • Uncategorized
  • Updates
  • Updates
  • Updates
  • Video
  • Video
  • Video
  • Video
  • Video Footage
  • VR
  • Webinar Alerts
  • Webinar Alerts
  • Webinars
Proudly powered by WordPress | Theme: iofund by iofund.co.uk.