For as long as humanity has existed, there have been those seeking to take for themselves what belongs to others!
Nordic Vikings pillaged and sacked European villages. While Mongol raiders destroyed everything in their path. As the world and economies evolved, so did those seeking to threaten us. People and businesses didn’t need to worry about the Mongol horde, but about large and organized criminal organizations.
Over the years, governments began developing comprehensive military and police forces that were meant to protect them from various foreign and domestic threats. At the same time, many private companies began offering products and services to protect society and businesses from these “rent seekers”.
This is when we saw the rise of multibillion-dollar companies such as Lockheed Martin, Raytheon, Leonardo, Northrop Grumman, Rheinmetall, and many others.
Today, the world doesn’t deal with Mongol hordes, but with North Korean, Russian, and other digital hordes!
These thieves are not riding on horseback to steal our daughters and grain. Instead, they are riding on a digital horse, aiming to steal our data, cripple our businesses, and disrupt our daily lives, all for profit.
As our economies and daily lives become increasingly more digital and connected, the need for robust security systems grows. So, the next wave of multibillion-dollar protection companies will be the ones selling digital missiles and digital security.
This is where SentinelOne comes in.
SentinelOne is a software company specializing in AI-driven cybersecurity solutions.
They are a dynamic challenger, seeking to disrupt the dominance of CrowdStrike through a differentiated, autonomous, agent-centric architecture and a strategic focus on emerging AI-driven threats.
The company is currently in a 76% drawdown from its 2021 highs, as hypergrowth is over, and investors question whether it can truly challenge CrowdStrike.
However, it trades at a fraction of CrowdStrike’s multiple, despite comparable growth and margins nearing profitability. This makes Sentinel a potentially attractive investment opportunity.
In this report, I will look at the business and how Sentinel plans to challenge CrowdStrike.
1. Business Model
2. The Opportunity
3. Valuation
4. Conclusion
1. Business Model
Sentinel is a subscription-based cybersecurity services company with revenues of $821.5 million in 2024 that is rapidly attacking the legacy industry players’ market share.
They are an AI-first and Cloud-first challenger.
The old legacy cybersecurity companies, such as McAfee and Symantec, are still heavily reliant on slow, on-premises-based, people-powered, expensive solutions that lack scale and flexibility.
The next generation of cloud native cybersecurity providers, such as Microsoft, is an improvement, but they are data-intensive, suffer from siloed data, and reactive cybersecurity responses.
Meanwhile, SentinelOne serves customers through a single unified platform that is faster, cheaper, and more scalable than the legacy solutions!
It provides threat prevention and response across the whole organization.
Singularity Platform
Their primary product is the Singularity Platform, a cloud-native, AI-driven security platform designed to autonomously prevent, detect, and respond to cyber threats across:
Endpoints
Networks
Cloud
Identity credentials
Threat types
In cybersecurity, an endpoint refers to any device or connection point that serves as an entry or exit point for data. Computers, smartphones, data servers, and connected devices are all endpoints. Sentinel makes sure that these systems are secure. Additionally, the platform enables endpoint segmentation, controlling how endpoints connect to the rest of the network and to each other.
A network essentially consists of thousands and sometimes even millions of endpoints. Ensuring that all devices and systems in a network can share data quickly and securely is a must to have any functioning network.
Network and endpoint segmentation ensures that only authorized endpoints have access to specific parts of the network, minimizing the risk of cyberattacks spreading across the system.
Next, the Singularity platforms enable the secure and fast functioning of the cloud!
Doesn’t matter if it’s public cloud, private cloud, on-premises, or hybrid environments. SentinelOne customers rely on the company to ensure all data is easily accessible, uncorrupted, and secure.
However, this platform's strength lies in its single, lightweight, AI-driven agent, which is installed on endpoints and workloads to autonomously prevent, detect, and respond to cyber threats in real time.
This on-device autonomy is a core value proposition, distinguishing SentinelOne from solutions that rely on continuous cloud connectivity or human intervention for threat mitigation. By making decisions at machine speed, the platform equips every endpoint to intelligently respond to threats, regardless of its location or connectivity status.
This is especially important as hackers are increasingly using progressively more advanced methods to penetrate systems. Thus, Sentinel ensures that its customers are protected from all threat types.
Malware
Ransomware
Phishing
Credential theft
AI attacks
Insider threats
The credentials and insider threats are especially important. As it has become harder for hackers to penetrate systems, they have realized that it is easier to use someone’s legitimate access. Either by stealing the password, or blackmailing or bribing an insider with access. Sentinel’s systems detect suspicious activity and flag it.
SaaS
Sentinel operates a software-as-a-service (SaaS) business model that uses the land and expand strategy to increase its market share.
The idea is simple, acquire a large enterprise customer with a single product, then upsell more services through volume discounts. This strategy has been exceptionally effective for Sentinel.
As we can see in the graph above, ARR has exploded from a mere $67M in 2020 to $1B today!
While the long-term CAGR sits at a healthy 63.6%, current quarterly growth has fallen to 24%. Additionally, the company stopped disclosing net dollar retention this year, after it fell from 132% in FY 2023 to 110% in FY 2025.
This KPI measures how much the customers they had last year spend this year. So, it excludes the growth coming from acquiring new customers. A net dollar retention of 110% means that if Sentinel had not gained any new customers, their business would have grown by 10%. Total revenue growth was 32.3%, meaning that most of the growth came from acquiring new customers, not existing customers using more services.
This compares rather poorly to their main competitor, CrowdStrike, whose retention rate was 112%, despite having 4 times more revenue.
Many investors expressed concerns that poor customer retention drove the change in disclosure.
As we can see in the graph above, the company closed Q2 2025 with 1,513 customers with ARR above $100K. This was an increase of 23% Y/Y, slower than the 24% ARR growth.
Ideally, investors would like to see large customers growing faster than the overall ARR, as that would signal strong retention.
This performance is good, but not stellar. So it is clear that SentinelOne is having retention issues.
Flex
Just in Q2 2025, the company announced its SentinelOne Flex offering, which is clearly aimed at improving customer retention by simplifying pricing and speeding up contract signing.
This new offering streamlines procurement with a single unified platform agreement. Traditional software licensing often locks customers into rigid, long-term contracts. This makes negotiating new vendor agreements time-consuming, as before anything can be purchased, inputs are needed from legal, finance, procurement, and whichever department uses the software.
Flex aims to remove this bottleneck, slowing the adoption of new products by offering quarterly flexibility and a single master agreement. This ease of use and rapid scalability lower switching costs and make it less likely for customers to churn due to contract or procurement complexity.
Furthermore, customers can dynamically optimize spending by adjusting licensing usage and entitlements depending on deployment needs. Crucially, this can be done quickly, without needing to negotiate new contract terms.
Most importantly, Flex improves transparency and drives data-based decision-making by facilitating usage tracking with real-time dashboards and in-product metering.
On the surface, it might seem counterintuitive, why make it easier for customers to use less of your services? Well, Sentinel hopes that by making it easier to reduce spending, customers will be less resistant to larger and longer contracts. Then, once these contracts are signed and new products are being used, customers will hopefully not cancel them.
Most people working in a corporate environment will confirm that employees often hate change. It is quite difficult to remove something that is already in use, as functioning systems and processes have been built around it.
Another factor of Flex is that while it does make it easier to spend less, it also makes it easier to spend more. I think on a net-net basis, this will improve retention.
“Flex provides customers with full access to the entire Singularity platform, enhancing our opportunity to expand our footprint across customer environments. The reception for Flex is outstanding, with an 8-figure total deal value validating the model, and many customers and prospects choosing the new structure. It enables our team to land bigger deals with higher efficiency and expand with greater velocity.” SentinelOne FY Q2 2026 Earnings Call
2. The Opportunity
As I mentioned in the introduction, the threat landscape is evolving, and fast. Nowadays, everything is a computer, and more often than not, that computer is connected to a large network, which itself is connected to an even larger cloud ecosystem.
Every endpoint, every part of the network, every cloud workload, and every data center is a potential point of failure!
This makes cybersecurity one of the most important and fastest-growing industries globally.
Researchers at Grand View Research forecast the cybersecurity market to grow with a 12.9% CAGR to reach $500.7B by 2030!
SentinelOne is an active market share taker in some of the fastest-growing segments of this industry.
Endpoint Security
Data Analytics
Cloud Security
Identity Security
Generative AI Security
Let’s quickly analyze the opportunity for each of these.
Endpoint Security
As per the slide from Sentinel 2024 Investor Presentation, the 2025 TAM for endpoint security is $17B!
The increasing adoption of zero-trust security models, which assume that no user or device can be trusted by default, necessitates robust endpoint security as a foundational layer.
Singularity Endpoint is their core endpoint protection platform and endpoint detection and response solution. Often, this endpoint security serves as the entry point for most customers seeking to protect their systems. This makes it essential for any aspiring cybersecurity company to offer robust endpoint protection.
Luckily, Sentinel’s offering is as good as it gets.
Per Gartner’s 2025 Magic Quadrant for Endpoint Protection Platforms, SentinelOne is ranked as the 3rd place leader behind CrowdStrike and Microsoft. This is a clear indicator that their offering is widely respected in the industry.
Simply put, Sentinel’s opportunity in endpoint security lies in its ability to leverage its cutting-edge, AI-powered technology to meet the growing demand for advanced protection, expand its platform beyond the endpoint, and effectively compete against well-established players by demonstrating superior value and performance.
As we can see in the pie chart above, 52% of endpoint security is still handled by legacy players. Sentinel is set to continue stealing their market share as these legacy players are too slow to adapt to changing technology trends.
Data Analytics
As per the slide from Sentinel 2024 Investor Presentation, the 2025 TAM for data analytics security is $31B!
The growth of this segment directly follows the growth of the global data analytics market. If you are wondering how big this industry could be, all you need to do is look at Palantir.
Palantir is an AI-driven, data analytics giant, with a $363B market cap. The company has seen demand for its services explode in the last few years. This was caused by an increased desire by governments and corporations to make better decisions.
Data analytics analyzes billions of data points to find important insights, saving organizations money and empowering better decisions. Palantir helps organizations like Airbus make a better plane, oil companies to extract oil cheaper, and public transit networks to operate with more efficiency.
However, for these insights to generate the desired outcome, they need to be based on reliable data that was analyzed accurately.
Sentinel’s cybersecurity solutions are doing exactly that by safeguarding customers’ valuable data from corruption and leakage. If data is corrupted, it might cause the organization to make an incorrect decision, possibly costing millions.
At the same time, if proprietary information spills out, its usefulness to the organization decreases.
Cloud Security
As per the slide from Sentinel 2024 Investor Presentation, the 2025 TAM for cloud security is $12B!
This doesn’t come as a surprise, as cloud adoption is growing rapidly worldwide.
Depending on the estimate, around 70-80% of global IT budgets still go to on-premises solutions. This is because governments and large organizations have spent decades building out their IT infrastructures and have somewhat functioning systems. These organizations are slow to switch, despite the many advantages of doing so. Largely because of cost and infrastructure challenges.
For these reasons, cloud so far has largely been driven by the new age technology companies, who don’t have costly legacy systems to maintain. However, many experts predict that in the next two decades, the ratio of cloud and on-premises spending will flip.
This means that Trillions of dollars of spending will shift to the cloud!
As that happens, the importance of cloud security will only grow. Organizations can’t risk having their data compromised.
And in this domain, again, Sentinel demonstrates strong execution. In Gartner’s 2024 Customers’ Choice for Cloud-Native Application Protection Platforms survey, Sentinel ranked as the supplier with the best overall cloud security experience and the highest interest from customers for adoption.
98% of surveyed customers would be willing to recommend!
Identity Security
As per the slide from Sentinel 2024 Investor Presentation, the 2025 TAM for identity security is $50B!
As I mentioned earlier, many systems have become so secure that stealing someone’s password is the easiest way to gain access. This means that organizations are spending a lot of their cybersecurity efforts on ensuring that employee and system access points are secure.
Many people reading this will confirm that it is getting increasingly more annoying and difficult to access a system at work. At my previous job, I had to carry a work phone on which I had an authenticator app. I needed to enter a password to access that app every time I needed a code from it to access some software on my work laptop.
I used this app literally 20 times a day, as the software I was using logged me out if I was inactive for just a few minutes.
Our provider of identity security was Okta. And we were paying them a lot of money for a seemingly simple feature. This demonstrates the importance of safe system access. As someone working in the finance department, I had access to sensitive information that could be valuable to hackers.
This is why companies pay a premium for identity security!
In the future, organizations will increasingly rely on AI agents that autonomously browse systems to retrieve information. It will be very important to have strict identity security to make sure that these AI agents don’t make costly mistakes.
SentinelOne is in a great position to grow in this segment, thanks to its comprehensive cybersecurity portfolio!
The Generative AI Opportunity
SentinelOne is a pioneer in this new, but very fast-growing and important cybersecurity segment. Generative AI services, such as ChatGPT, Gemini, and Perplexity, are only as good as their data. If the data their models are trained on is compromised, then the usability of the whole model is damaged.
As per the slide from Sentinel 2024 Investor Presentation, the 2025 TAM for generative AI security is $3B!
It might seem small compared to the other segments, but as the adoption of LLM models grows, so does the need for their security.
For instance, data leakage concerns are slowing down adoption. If businesses can’t be certain that their questions and data don’t leak into the answers of other users’ questions, they won’t use the models.
Unlike traditional security tools, prompt security is purpose-built to address the unique risks of GenAI, such as model hallucinations, prompt leaks, and unauthorized data access.
Furthermore, Sentinel’s GenAI security tools protect both the user and the model.
In the same way, how users don’t want their questions or data leaked to other users, GenAI platforms don’t want their models compromised. Especially as an increasingly larger share of GenAI queries move from simple questions to sophisticated file and data analysis.
Importantly, this prompt security offering is an entry point that begins Sentinel’s work with an AI company. As these companies grow and release new products, Sentinel’s experience and understanding of their unique cybersecurity challenges position them well to capture a larger share of the AI security business in the future.
3. Valuation
As I mentioned in the introduction, Sentinel’s stock has fallen 76% from its all-time high in 2021. The fall was not only driven by the bursting of the technology bubble of 2021, but also by decelerating revenue growth.
Y/Y revenue growth has fallen from 120% in FY 2022 to 22% in FY Q2 2026. Additionally, Sentinel is unprofitable, so I will use P/S to value the company.
As we can see in the table above, Sentinel trades for a P/S of 6.5, which is significantly lower than the P/S of 25 of their peer, CrowdStrike. While looking at P/FCF, Sentinel’s 149 is much higher than Crowd’s 97. This is because Sentinel, as a company, is earlier in its margin development story.
Furthermore, if we look at forward metrics, we see that Sentinel still looks significantly cheaper than CrowdStrike!
Sentinels’ 2027 P/S of 4.3 is three times lower than CrowdStrike's 15. Profitability and cash flow valuation metrics also show that Sentinel is much cheaper, with a P/E of 40 vs 70, and a P/FCF of 28 vs 47.
In the table above, I have placed analyst growth estimates for two companies.
Sentinel is forecast to end this year with 21.7% revenue growth, and 57% over the next 3 years. In addition to growing top-line, analysts expect the company to become profitable and massively grow its FCF.
While it seems analysts expect CrowdStrike to grow sales slightly faster, 64% vs 57%, the premium at which the company trades doesn’t seem to be justified.
While CrowdStrike might be a superior business to Sentinel in terms of size and profitability, in my opinion, Sentinel could be a superior investment at current valuations!
3.1. Valuation Model
As usual, I built a valuation model to see what kind of returns Sentinel One investors could be expecting.
First, I model a revenue CAGR of 19% by 2030, slightly above analysts’ 2027 earnings growth.
That would result in revenues of $2.35B by 2030!
Operating margin of 25%.
Tax, net interest, and other costs of 20%.
We get net income of $469.8M, a margin of 20%!
While Sentinel has increased their shares outstanding by 6-7% per year in the last 3 years, I model dilution decreasing to 4%. This is because, as companies reach profitability, they often start to rely less on share-based compensation to compensate their employees.
With a P/E of 40, we get to a price of $45.62 per share, an upside of 147.9%, CAGR of 16.3%, to today’s price of $18.40!
Furthermore, the upside increases to 209.9% if the market assigns a P/E of 50.
Overall, while SentinelOne is not cheap, I think its valuation could be attractive if the company maintains its growth trajectory and improves margins.
Where I could see this go wrong is if they do a large and highly dilutive acquisition. That could signal that the management is not confident in their long-term growth strategy. So far, they have only done a few small bolt-on acquisitions that have improved their offering in certain verticals.
4. Conclusion
In conclusion, SentinelOne is an attractive cybersecurity bet!
The company is building an AI-first cybersecurity offering that is challenging legacy players for market share in verticals such as Endpoint security, Identity, Cloud security, and Data analytics. Additionally, SentinelOne is a pioneer in the fast-growing niche of GenAI security. The use of large language models is growing rapidly, thus, the requirement for their security is projected to become more and more stringent.
Overall, the company operates in segments that have a total addressable market of $100B!
While the company does seem to have some retention challenges, they are not severe and are being tackled with its Flex offering. By allowing for more flexibility in their pricing and contracts, the company is cutting down on negotiation time and signing larger and larger deals.
As the opportunity section shows, Sentinel operates in segments that are projected to show significant growth for years to come, as the world becomes more digital and AI-driven. In this more digital economy, cybersecurity is becoming a must-have.
Lastly, as the valuation analyses showed, Sentinel is significantly cheaper than its main direct rival CrowdStrike, despite offering comparable top-line growth. While Sentinel is unprofitable and lags CrowdStrike in margin development, they are expected to bridge the gap in a few years.
As the valuation model showed, with a reasonable 19% CAGR through 2030, and operating margins of 25%, investors could be looking at a 147.9% return!
However, if Flex doesn’t deliver improvements in retention, competition accelerates, and growth slows down, the company could underperform.
Thank you for reading Global Equity Briefing!
Global Equity Briefing is an investing newsletter with a focus on analysing global companies. I have written highly detailed Deep Dives on Nu Bank, Ferrari, Palantir, Grab, Celsius, Mercado Libre and Hello Fresh!
Additionally, I have written Investment Cases on Meta, Amazon and Google! and comparisons of Visa vs Mastercard and Eli Lilly vs Novo Nordisk!
My goal for 2025 is to write around 4-6 articles per month!
Subscribe to get all my articles as soon as they are released!
Support my work by becoming a paid subscriber!
You can follow me on Social Media below:
X(Twitter): TheRayMyers
Threads: @global_equity_briefing
LinkedIn: TheRayMyers
Disclaimer: Global Equity Briefing by Ray Myers
The information provided in the "Global Equity Briefing" newsletter is for informational purposes only and does not constitute financial advice, investment recommendations, or an offer or solicitation to buy or sell any securities. Ray Myers, as the author, is not a registered financial advisor, and readers should consult with their own financial advisors before making any investment decisions.
The content presented in this newsletter is based on publicly available information and sources believed to be reliable. However, Ray Myers does not guarantee the accuracy, completeness, or timeliness of the information provided. The author assumes no responsibility or liability for any errors or omissions in the content or for any actions taken in reliance on the information presented.
Readers should be aware that investing involves risks, and past performance is not indicative of future results. The author may or may not hold positions in the companies mentioned in the "Global Equity Briefing" report. Any investment decisions made based on the information in this newsletter are at the sole discretion of the reader, and they assume full responsibility for their own investment activities.