Go ahead and get started. Welcome, everyone, and thank you all so much for joining. Doug Clark, investor relations here at SentinelOne. It's already been, in my opinion, an incredibly exciting day with demos, keynotes, customers, and partners. Thank you all for coming in person here today, and thank you all for coming on the webcast as well. Before we begin, I would like to remind you that during today's presentation, we will be making forward-looking statements. These statements reflect our views and expectations as of today only. While we believe these forward-looking statements are reasonable, the outcomes are subject to risks and uncertainties, so actual results could differ materially from our expectations. Please see the risk factors on our most recent 10-Q filed with the SEC for further information about these risks and uncertainties.
Furthermore, we undertake no obligation to update these forward-looking statements as a result of new information or future events. Additionally, unless otherwise stated, excluding revenue, all financial measures discussed in this presentation are non-GAAP. Please refer to our disclosures on why we use non-GAAP financial measures and the reconciliation of these non-GAAP financial measures to the most directly comparable GAAP financial measures, on our investor relations website and filings filed with the SEC, so with that out of the way, we have a terrific agenda for you all today and a lot of ground to cover. We're gonna be talking about strategy, technology, go-to-market, and financials, and then we'll end with a Q&A session, where we'll be taking questions from everybody in the room, so let's jump right into this. It's my pleasure to welcome Tomer Weingarten, our CEO and co-founder. Tomer, thank you very much.
Thank you. Okay, I got my mic. This is a slightly different stage than the one that we had this morning, but really great to see everybody in person. Appreciate you guys all joining us. It's hopefully been a good experience for you all thus far. Would love to kind of dive a bit more deeply into really some of the foundational technology decisions that we've made over the years in our roadmap going forward, as well as what opportunity do we really see in the markets that we play in and how we plan to capture it, so first of all, the emphasis that we have put on building a true autonomous system cannot be underscored.
To us, the only way forward in cybersecurity is by leveraging AI, is by building a system that can understand, plainly put, in real time, the signal that it captures and then gets to a decision, finds an insight, and automates action to prevent a bad thing from happening. Again, simply put, this is what SentinelOne has set to build from day one. We've done it on the Endpoint very successfully. We're the only product in the market that has a complete, autonomous, no update required capability that spans pretty much every supported operating system for compute devices.
We've done the same for Cloud Security around workloads, and that is what you're gonna see us do across every surface and every capability, whether the native ones, where we build controls that are designed to be deployed, or our Data Lake opportunity, which brings together the ecosystem of security products that folks have in their Enterprise. So just a few principles for us. AI-powered, we just talked about that. We've been an AI leader for, I would say, the duration of the company. We've innovated with AI, we've pushed the envelope of AI for security, and now with the AI SIEM and Purple AI, we're ushering a new era for how you can apply AI at scale across the entire Enterprise. One of the biggest challenges with AI, and this is not only in security, but more generally, is how do you make the data accessible?
How do you make sure that AI can actually traverse all of these different data points in the Enterprise? That's one of the biggest challenges, and Ric is gonna talk more about how the AI SIEM and our security Data Lake backend solves that, and obviously, going after the entire Enterprise posture is one of the most key elements of our strategy. Endpoint is an amazing market for us, but at the same time, it's very clear that customers out there are looking for full end-to-end protection, quality protection for every surface that they have, and in terms of the reach that we have, the entire go-to-market for SentinelOne has been built to extract every single part and reach every single part in the TAM, the respective TAMs that we play in. This is not a product that is designed just for Fortune 500.
This is not a platform that can work only for a small, medium business. This is the same product, the same code base, the same technology that serves half of the Fortune 10 and at the same time, a 50-seat small, medium business. That is obviously tremendous power. The intuitive nature of our interface, the level of automation, allows this system to be as applicable and as effective across the entire spectrum of the TAMs that we play in, and obviously, one of the things that we are very excited about is that we're starting to reach that breakout scale, that $1 billion in revenue scale. Obviously, we've IPO'd about three years ago.
We've since about 7x 'd our ARR since IPO in three years, but we're nearing this very rarefied air territory for cybersecurity vendors who cross the $1 billion mark, and obviously, it's just the beginning for us. A little bit about what is different in SentinelOne, in SentinelOne's technology stack. This is a great illustration that takes us through the generations of technologies, specifically around the Endpoint and how they've evolved. Obviously, you all remember. I hope McAfee and Symantec, they were the big Endpoint companies about a decade ago. They're no longer with us, and that's generally, I believe, a good thing.
We have since moved into what you all know as EDR products, which mainly have leaned on making the detection capability accessible for a professional team in the Cloud, thus requiring detection on one end and response orchestrated from the Cloud. This is what we call people-driving tech. This is what most security providers do today. This is why most of these systems require these updates to remain relevant, to be up to speed with attacks. And this is where we believe cybersecurity needs to scale, which is to the actual advent of AI driving these detections, not only for Endpoints, but for everything. This is where tech starts assisting people and not people just driving tech. That's why we believe that AI on device, the embedded algorithms that we've developed for years, are key to unlock further opportunities in the Endpoint space and outside.
Talking about these different components, behavioral AI and static AI were the two components that we developed about 7-10 years ago that reside on the Endpoint. We've ported some of those to actually work completely in a detachment for the Endpoint and on different data sources. As we go about extracting these other opportunities across the different facets of the Enterprise, we're leveraging the knowledge, the know-how, the data science teams, and the data that we've used for years to build these models, but we're now adapting them to solve different challenges.
We've done that with our Cloud workload protection suite, where it's the only Cloud workload protection platform on the market today that has embedded AI capabilities that can actually detect threats in real time and prevent them, which sounds very elementary, but it's actually something that doesn't exist outside of SentinelOne. And obviously, with the newly found generative AI capabilities, the foundational models bring us a multitude of different approaches and algorithms that allow us to then compound these two approaches, behavioral and static, with a grand orchestrating algorithm that can then stitch together multi-layered modalities that can tackle many different challenges in cybersecurity. Not just detecting malware-based threats, but also detecting user-based threats, anomalies, different types of... Okay.
Different types of actions that otherwise would have not been, we would not have been able to discover unless we would have this algorithm that can see and stitch together these typically uncorrelated data points. Obviously, as we go about building these models, it's really important to state the principles that we take. We have always been very transparent in how we deploy, how we code, and how we audit everything we build. And with AI systems, it's even more important to make sure you have complete auditability and transparency with every model that you build. So you see some of these principles, like transparency, safety, they are front and center with every single model, with every single algorithm that we develop, and that's incredibly important. Customers today care about the safety of models.
Models themselves, if they go unchecked, can cause damage on their own. So the safety of these models, the auditability, the move away from black box magic, is imperative for cybersecurity to scale. And that really results in a more resilient architecture. As I mentioned quite a few times, if you look at how SentinelOne operates today across tens of millions of protected devices across the world, it doesn't require a single update on average daily. The AI embedded algorithms are so effective that for any other, any other comparative product in the Endpoint market, this is a very, very different picture, where most of these products, by their own admission, by the way, need 10- 12 updates on a daily basis to keep current with threats. That's obviously a huge difference in how detection is being made.
It's not just about the updates, it's why are these updates needed and why are they not needed with a solution like SentinelOne? That obviously translates into some real-world outcomes that we all would love to avoid. No delayed detections. The delayed detection moniker sounds very friendly. It's just a delayed detection. A delayed detection means compromise. If you can't react in real time to an incident that happens, that's where these incidents escalate into breaches. And SentinelOne has been a leader four years in a row in the Gartner Magic Quadrant. We're incredibly proud of the result this year. We were the one of the vendors that made the most gains in the quadrant, while our two biggest competitors, I would say, have lost ground. So to us, this is another testament on the incredible progress that we're making in ushering this autonomous future for cybersecurity.
And it's not just Gartner. You've heard quite a bit about our leadership in MITRE for years, but also beyond the Endpoint for Cloud Security, SentinelOne is a leader. Once again, we have the ability to build best of breed capabilities, not just another checkbox, not something that we're expecting customers to just digest from us, but a capability that is so good that they will choose it on their own, that stands in itself, where they can adopt it regardless of the other components, regardless of Endpoint protection, regardless of anything we have. If they want the best SIEM in the world, they can find it with SentinelOne. If they want the best workload protection in the world, they can find it with SentinelOne, and that has been our approach with every single capability that we've built since inception.
And just to give you, a little bit of, I would say, a sneak peek into how this platform has come together, you see that there's full coherence in the order of capabilities that we've built over the years. And the ability to also support every and any third-party provider has put us in a very unique place, where we don't have to force customers to go all in with a single platform, rip and replacing all kinds of different things, pre-buying licenses, forcing to move away from different products. That is not the way. It is absolutely not the way. The open architecture approach that we've devised allows for flexibility, it allows for choice, and it allows for customers to weigh in their security decisions and choose the best product for them. It might not be SentinelOne all the time. We recognize that.
We want to be applicable no matter what you have in your Enterprise, be it one of our competitors, be it a Cloud Security company, it doesn't really matter. The ability for a backbone Data Lake to ingest data almost as a first-class citizen in the platform, then allows for these two other layers that you see, which is the security operations layer with the AI SIEM, and hyperautomation, which we just talked about today. These two layers are generic. They work across every single product that you have in the Enterprise, not just SentinelOne native surfaces. And obviously, the pinnacle of all of this is the ability to then apply AI processing on top of any piece of data that gets into that Data Lake. Once again, whether it's SentinelOne or a third party, that is the game changer.
The ability to stitch together the separate data points, silo product into one cohesive, AI-driven Enterprise defense is unique, and it's what we believe is gonna be the future of cybersecurity, and it's a pretty comprehensive platform, to say the least. We typically don't like to parse into every single module that we have, and we don't, you know, kind of go out and say, "Oh, yeah, we got 10+ attached modules." Honestly, we don't care that much about the single module. We care about product lines, we care about the key capabilities, which are very simple to understand: Endpoint, Cloud, data, and AI, t hat is it. Each one of those has a host of different modules in them. Some customers choose to go with some of them, some with more. It doesn't really matter to us that much.
We are laser focused at looking at these surfaces and adjacencies that obviously map into massive market opportunities in as their own product lines. Talking about the market opportunity, obviously, this is an incredibly sizable market, no matter how you slice and dice it. Whether it's the Endpoint security market, which is still 50% in the hands of the incumbents, or the data analytics market, which is a complete new opportunity, brownfield, to move away from incumbents with inferior architecture. We've been in that movie once in the Endpoint market. Just talked about McAfee and Symantec and where they are today. That is solely due to antiquated architecture and the lack of ability for some of these companies to reinvent, re-architect, and redeploy technology. A technology for data analytics that was developed 15 years ago is not gonna scale in the petabyte age.
You may sprinkle some new stuff, but the actual engine is not going to be rewritten. It just doesn't make any economic sense for some of these companies. That represents a tremendous opportunity for SentinelOne. And obviously, the Cloud Security market, pretty pristine greenfield opportunity, where every single workload that's deployed, either on the public Cloud, private Cloud, hybrid environments, on-premise and everybody has an on-premise environment. There's very few companies that only do public Cloud stuff. So when you look at all these newcomers for public Cloud, it's really clear they're not covering the entire gamut of workloads that you have in the Enterprise. And this is something that only SentinelOne, maybe a couple of other vendors, have the ability to cover today. So a great opportunity that lies in all of these data centers.
There's actually an interesting move these days to take more and more workloads on-premise, which actually bodes really well to the opportunity and how we see it. S o we really believe there's gonna be a new dawn for cybersecurity in the next two to three years, and we believe that we're incredibly well-positioned to change the face of cybersecurity more than we have been in the past decade or so. It's definitely not a solved problem. You can just see that from the amount of breaches that still happen day in and day out. The amount of different products, the disjointed platforms, the claim to fame by some other platforms that typically lead customers to rebound back into a best-of-breed capability, is something that we see more and more, and as I mentioned, more modules don't mean better security. It just doesn't.
It does definitely add more complexity. So for us, taking that autonomous approach, a unified platform, simplicity, simplicity, scalability, and moving security to be real time is the goal and is what we believe is gonna lead the cybersecurity market in the next few years. As I mentioned, the real-time security aspect is so incredibly important that we're also seeing customers starting to open up to the idea that something is wrong, that the way that things have been done to date are not contributing to better security. First and foremost, it's that need to have a system that sees events in real time and not after the fact. It sounds very, very trivial, but it's not, and there's no system out there that does that today.
If you're looking at the SIEM market, as an example, this data aggregator of today, these systems are not streaming systems. They're not real time. They can't even query a petabyte of data in under a second. Typically, it takes them a few minutes, so obviously, that cannot be the answer, so the move away from leaning on all the models of the past that are failing us every single day, I think, require and necessitate that question in the customer mind of what comes next, and how do I solve these challenges, and we believe we have some of the best ingredients in the market to solve those exact issues. We're executing well across our entire strategy, whether it's go-to-market or technology and customer acquisition. We've been one of the fastest-growing software companies in the public market, bar none, in the entire software universe.
We're acquiring customers across every part of the TAM, whether it's the largest Enterprise customers, all the way to SMBs, to our MSSP ecosystems, OEM partnerships, on-the-box motion, and platform expansion with existing customers. We have always believed in a very friendly go-to-market approach, which empowers our partners to be an augmentation of SentinelOne. That is actually have been one of the most important elements in the past few months, is a lot of these partners, shared partners of ours and our competitor, have turned back to SentinelOne to ask, "How can we help with expansion motion that might have been halted with other vendors?" So being there, being a trusted vendor and partner to that ecosystem, has been critical at this time. So obviously, we got a pretty significant amount of growth vectors that we're executing across and are growing towards.
Not only our go-to-market is wide reaching, but our ability to now go into new markets. These are very pristine. The opportunity is not even 50% or close to 50%, much like the Endpoint market. These are new opportunities. The data market is a new opportunity for us and for every other vendor out there. The Cloud Security opportunity is just in its first inception. The reason these markets at this stage are important for us, it's because there has been a definite sentiment and a change in consideration for what SentinelOne can do in light of some of the shortcomings of some other vendors. So as we look to the next few years and, in growing our customer base across these different TAMs, that consideration at this point in time is key.
It puts SentinelOne as a front contender for all these new surfaces in the Enterprise that represent the vast amount of that $100 billion target addressable market opportunity. Let's dive into the Endpoint market. It's been the core of what we do, and as I mentioned, still about 50% of it at the hands of some of these antivirus incumbents. We have been gradually taking share year after year, and we've been the vendor that takes the most share by percentages every single year, growing faster than anybody else. Both our competitors have stagnated in their market share acquisition. SentinelOne keeps on growing significantly within the Endpoint market. These percentages, some of them, for some vendors, really mean 10 million, 20 million, sometimes 30 million devices. If you think about some of our new partnerships, like Lenovo, that's a 30 million device partnership over a few years.
Imagine what it can do to transition away market share and change this pie chart. Speaking of that, not only we believe that the Lenovo partnership is transformational for the Endpoint market, and again, this will be gradual over years, enabling a large company like Lenovo with all these distribution channels takes time. But once this is up and running, and it's embedded within Lenovo's ThinkShield offering, which is a key component, key growth component for Lenovo, that will, of course, accelerate SentinelOne's market share in the Endpoint market. I'm also really excited about this one. We are sharing for the first time that our Cloud Security business has crossed $100 million in ARR. That's obviously significant scale for any player in the Cloud Security market.
There's almost no other established players, probably five players in the entire Cloud Security market, that are at a scale of $100+ million . It's us and some of our competitors. Having the ability to do that mostly on a workload protection suite, we just onboarded complete CNAPP capabilities, a complete CNAPP suite just lately, which means that most of this growth has actually come from runtime workload protection, which is still an under-penetrated market. So this is an incredible achievement. This business is growing faster than the overall business, and now, with our CNAPP suite, we expect more expansion with our customer base.
Speaking about a customer example, this is a small land two years ago, with just a portion of the workload environment side by side with another incumbent on the Endpoint side, and within three years, what you're seeing is a 10x expansion, including the Endpoint environment that was once again owned by a competing product. So the ability to land inside of the Cloud Security domain, regardless of the Endpoint provider, is a door for us to continue and expand into other footprints, even if the Endpoint footprint has already been deployed by a different vendor. We don't need to buy it out, we don't need to pre-pay the licenses, we don't need to screw platformization, we just need to deliver really great security, and customers naturally expand. And another incredible achievement is our growth with our data business, which has now crossed $70 million of ARR.
This is significant growth. Significant growth. And it comes on the back of data ingestion, it comes on the back of Data Lake sales, AI SIEM sales. All of those go into our data business, which is growing even faster than the Cloud Security business. So as you think about SentinelOne today, we already have three fairly established growth engines, definitely with Endpoint, but also with Cloud and with data, that will continue and sustain us for years to come. And our Singularity AI SIEM solution is actually very unique in how it can be deployed, and that's critical to unlock the data analytics opportunity. Our data analytics solution, our AI SIEM, is not only a product to rip and replace an existing vendor. That sometimes take a lot of time. Some customers have a pretty difficult time even mapping out what that could look like.
All customers have net new data that they wanna store and that they wanna make accessible. Transitioning versus transforming has been a unique market motion to SentinelOne that allows us to deploy side by side and provide an off-ramp from your existing data solution and into Singularity AI SIEM. We can also transform entirely. We can take away all data storage from your existing SIEM, but we recognize that this market moves at different pace for each and every customer, and use cases are quite unique. We believe the full unlock of this entire TAM, which means that we believe that our AI SIEM will be applicable to every opportunity … That's probably about 12 months away from where we are today. It's still a significant amount of the market that we can serve today.
One other thing that's incredibly important to remember: customers don't, if they're already existing customers, for each and every one of our capabilities, need to deploy anything new. The platform that they own, if they bought an Endpoint license or a Cloud license or Purple AI or Identity Security, is already the data backbone. They, in essence, can start ingesting data from third-party sources from the moment they wish to, if they already own the platform. They actually get some free tier of ingestion to start doing that without needing any interaction with SentinelOne, and that data growth is, much like the Cloud story, yielding expansion opportunities naturally.
This is a significant deal we've signed for a federal customer, where we started by onboarding an AI SIEM capability, and through the motions, we also recognized, or the customer more accurately recognized, that they can benefit significantly from our Endpoint capabilities, and then opted to buy Endpoint and replace the incumbent that was there, so a market motion that's predicated on data, different sellers, different use case, different problem set, is yielding naturally more expansion into other surfaces, given the complete integrated approach for the platform, and there's so many, so many reasons for these customers to move away from these incumbent solutions. Speed and cost are definitely the most impactful ones. On average, we see 50% cost savings. I've seen 80% cost savings, I've seen even more than that.
It really depends on the current set that the customer is using and what they're ingesting into their existing data solution. 80% faster, we're being very, very kind with these stats. I've seen cases where we're 80x faster. All data you store with AI SIEM is hot data. For those of you that have covered maybe the data analytics space at some point in time, you always had that notion of hot data and archive data and cold storage and all that stuff. Why? Why? Why do we need that? We need all data accessible for as long period as we can, and we need it to be fast, and that's what AI SIEM can deliver true to today.
And when you couple all of that with Purple AI, the advantage starts being significant in a way that's incomparable to almost any other vendor out there. Purple AI has the ability to bring together all these different data sources that are plugged into the Data Lake and stitch them together and uncover the hidden patterns that otherwise we, as humans, and no matter the size of the team that we have, are just unable to find. And obviously, being able to do that in real time is a pretty significant game changer for the entire security market. Couple that with natural language interfaces, with auto triage, with auto investigation, and you're starting to shorten the cycle of how we do cybersecurity in a very, very significant way.
And obviously, customers are starting to see incredible productivity gains from even using the first-generation capabilities we've released to market in the last couple of quarters, which we've talked about and have seen really great traction. I mean, double-digit attach within the first quarter of selling, just phenomenal traction. Just to recap, significant opportunity, open TAMs, best-of-breed products, a great strategy to overhaul cybersecurity. That's why we believe SentinelOne is an enduring company. And you see some of the team here today. We don't pick them just by height. I had to make that joke. Just incredible people. You know, obviously, you're gonna hear directly from them.
You know, Ric, who's been in charge of taking all these amazing, you know, concepts of products and actually making them something that runs and deliver, he's been with us for a while, and he's driving everything from technology to product to now cross-company operations. Barbara, that just joined us, is a significant force multiplier for us, with everything above and beyond finance and the operation of the company.
And obviously, Michael, which I think we've talked to most of you about, you know, at least in the past four to five quarters , on the level of impact that he's been bringing to the go-to-market organization, and they join a long list of folks that have been with us for quite a few years. And I would say, beyond everything else, the culture throughout the company is a culture of trust, a culture of transparency, and a culture of delivering on our promises, and you see that echoing through each one of these leaders. Speaking of that, it's also been reflected through so many different accolades.
Sometimes we go through those, they seem very generic, but SentinelOne has actually been the highest-rated cybersecurity employer on Glassdoor for the past, I think, four or five years. This is not an easy fit. We can't game any of these things. This is people, and what they believe, and what they think, and what they choose. So you're seeing one of the fastest-growing cybersecurity companies, or the fastest-growing software companies, with the highest-rated culture, with best-of-breed products that lead the market with AI. I would say SentinelOne is a tremendous company. Thank you all. I think this is where we're gonna switch and get you some actual technology talk, but appreciate the time.
All right. Good afternoon. Thank you for having me here. It's great to have your attention. Thank you for spending the time with us. So speaking of culture, it's no secret that we take great pride in protecting our customers. It's at the core of who we are, and over the past twelve months, we have witnessed and responded to a shifting landscape of threats. And our platform, which processes over a trillion events a year, even from everything from small businesses to Fortune 10 businesses worldwide, we get a very clear view of that threat landscape. And it's enabled us to see things like 90 different ransomware groups, including new and emergent threat actors like Ransom Hub, Hunters International, and Black Suit, who are making their mark on the cybercrime ecosystem. And despite the challenges that we uncover, we've done a great job of protecting our customer base.
We've detected and blocked over 500,000 ransomware attacks. We've stopped over 1,000 human-operated ransomware intrusions. We've identified over 300 malware variants, including notorious variants like Pikabot, QakBot, and Vidar. Say that 3x fast. But that proactive and relentless defense has been instrumental in stopping ransomware campaigns from infiltrating critical systems. We've stopped everything from state-sponsored actors from attacking critical infrastructure, to stopping malware that targets the healthcare and financial sector. And when we're not busy defending against these external threats, we're defending against internal threats for our customers. So this would be employees making misconfiguration in Cloud environments. But no matter how or where, we take great pride in being the first line of defense for our customers. So let's talk about where we're going.
As an industry, we've done a great job of being able to identify threats, whether that's through malware, intrusion, or anomalous behaviors. But as threat actors grow more sophisticated and we see more threats, the challenge and need for innovation is actually shifting towards response, and this includes the areas of things like triage, investigation, threat hunting, orchestrated response, and orchestrated remediation. That's why we are taking a multilayered approach and breaking new ground in the area of response based off of our leadership and detection. If we take Purple AI as an example, that empowers teams to ultimately respond and remediate nearly autonomously, driving down response times from hours to minutes. That's a huge win, not just in terms of cost-cutting, but reduction of risk exposure. Our AI SIEM actually takes things a step further.
It provides a seamless user interface that removes context switching from the analyst. It also provides AI affordances that automate key tasks, bringing greater efficiency and accuracy to those teams. Now, we're not in the business of replacing human analysts, but we are in the business of making them better, and it is very rare that you find a technology that simultaneously makes your teams faster, better, and more cost-effective all at once, but that's exactly what we're trying to do by autonomizing security operations and pushing the frontier of response. Now, since July 19, you can't talk about security without talking about architecture and secure by design. Let me start with, we are a technology company first and foremost. We are not a consultancy using technology to scale our services. That distinction is critical.
Now, based off of a recent congressional hearing, we are fully aware that our nearest competitor delivers 10-12 content updates per day. In comparison, we do the same volume of updates over the span of a quarter. The difference comes down to approach. We leverage AI to interpret events and make real-time judgments on the Endpoint. In comparison, others stream that telemetry to a Data Lake, where analysts sift through that, sometimes assisted by machine learning, but ultimately, when they make judgments, you're getting a delayed judgment. This is often overlooked when we talk about these two distinct companies. Furthermore, when we deliver a content update, it's meant to inform our models about new techniques that we've discovered in the threat landscape. It's not signatures, it's not regular expressions.
When we deliver those content updates, they're delivered in two processes that are operating in user mode, not kernel mode. This is exceptionally important because it means our risk is narrowed down to stalling or crashing an application, not taking out an operating system or potentially stalling business operations. When these content updates or software updates, or if we update our Cloud environments, happens, this is done through a progressive rollout that is controlled. We do not do updates across our entire customer base at once. We also put customers in control of these updates. So within their own environments, they're allowed to opt in and out of content updates, as well as versions of our Agent.
This gives them ample time to test within their own environments before they roll out to their global Enterprise, giving them more control of those environments so that they do not interfere with business operations. Now, the proof is in the numbers, but on our stats, when we look back over the past 24 months, less than 0.5%, 0.5% of our customer base have reported a significant issue. When we're not talking about architecture or security by design, usually in this industry, we're talking about security as a data problem, and ultimately how that compounds an overwhelming talent shortage within the industry. Now, these teams are ultimately stunned by the volume of data that they have to contend with, 'cause security platforms and data platforms are taking trillions of events and trying to distill that down to something meaningful.
Now, as I stated earlier, we've gotten a whole lot better at identifying threats. Heck, we've even gotten better at defending, despite the growing volume and sophistication of attacks. But overwhelmingly, there are two things that remain a significant challenge. First is, how do you deal with all of the threats you've identified? Most organizations are too constrained in terms of resources and budget to be able to get to the bottom of those backlogs, which means that they remain exposed. Secondarily, even if you have the data, often the insights are of poor quality due to lack of correlation or lack of enrichment, and that disconnect prevents you from being able to take meaningful action. Now, to get true context and to do informed decision-making, you need to centralize that data into either unified Data Lake or federated solutions and create a complete real-time view.
Today's technology is too difficult to operate, too costly to operate, too complex, and too slow, and addressing these challenges is really key for us to be able to keep up with an ever-changing security landscape. With our AI SIEM, we address both the data collection problem and the overwhelming deluge of data. This empowers our customers to take trillions of data points and distill that down to meaningful insights that actually deserve their attention in priority order. In addition, it allows us to take on the ability to recommend response, or actually, if they prefer, we can do those responses on their behalf. Putting this into context, it means taking trillions of data points, distilling that down to five alerts. Three of them are already on their way to being triaged by an intelligent assistant in the background who's been working diligently on their behalf.
Now, they say in marketing that, you know, if you provide too many options, it actually causes a lot of problems with the consumer experience, or in our case, the user experience. Recently, we saw in retail a shift from big-box stores down to curated, brand-focused stores. This ultimately makes the buying decisions a lot smoother, or the decisions of the user a lot smoother, and ultimately translated to one of the largest market capitalizations in retail. We're seeing that same trend right now within web search, which is akin to that big-box operator, and a shift over to AI-driven searches, which provide that very curated view that's summarized and easier to understand, more of that niche play like the Apple Store.
We're taking those same principles and applying that to the security context by providing analysts with a curated view that gives them the insights they need in priority order to protect their businesses. We see this as the greatest unlock within the cyber industry, 'cause as I stated earlier, it's very rare that you find technology that ultimately makes your teams faster, better, and more cost-effective all at once. Now, how do we actually do this? Like, how are we capable of doing this? Well, we were the pioneers on Endpoint automation, which really means that we are experts in building models that can take an understanding of deep context of processes, network traffic, and identities, and stitch that together in a very resource-constrained environment. When you look at AI SIEM, we're taking those same principles, that same expertise, and we're applying that broadly across the security ecosystem.
And what that translates to is that when you look at the CISO's portfolio of products, we can take all of those automations around triage, investigation, response, threat hunting, and remediation, and apply them broadly to the CISO's portfolio of products. That ultimately means that they gain the efficiencies that we can provide of our platform broadly, it saves them money, and it drives down their response time, and if you give a customer swift access to triaging alerts and you drive down their costs, you get two great outcomes, and those outcomes are simple: better security, happier customer. Our AI data-driven approach extends well beyond AI SIEM and Purple AI. It translates to every surface that we touch.
So when it comes to our Endpoint security product, our Cloud Security product, our Exposure Management product, or our Identity-Related products, all of them benefit from these same capabilities, and that's all delivered to you on one platform, with one agent and one unified view. And ultimately, we see taking the tedium out of this and automating these things, not just in terms of cost saving reduction, but we also see that as the future of security, because in our belief, applying AI to human operations is really about generating superhuman successes. So that, I would love to give you guys a demonstration of Purple AI to show you how it's helping our customers succeed.
Threat hunting is a critical part of security operations. Whether you're a small business, global organization, an IT practitioner just starting out in security, or an incident responder with many years of experience, Purple AI is your AI security analyst, ready to uplevel your skills and help you stay ahead of attacks. This is the homepage where I start my journey with Purple AI. If you're new to threat hunting, the Threat Hunting Quickstart card can help get you started. For example, if I were to look across my data for evidence of a threat actor group, I can use the Threat Actor card to do this. I can either choose one of the pre-populated questions or type my own. For this hunt, I want to look for the specific threat actor named FIN12. Purple AI takes my question and converts it to a Power Query.
This conversion from natural language to a Power Query saves me substantial time, not only to type the query, but to get the syntax correct. Query syntax language sprawl is an issue that plagues security analysts. To put this in perspective, in 2020, the Ponemon Institute found that 30% of organizations have between 31 and 50 security tools. Each of these tools potentially requires a different query syntax language. This means the security analysts in these organizations would need to know up to 50 different query languages to hunt across their data. Purple AI removes this friction and greatly improves my efficiency. The results are listed in the table here, which I can go through one by one. But why would I do this when Purple AI provides me a summary of all the events and confirms if FIN12 is in my environment?
Purple AI also summarizes each of the events, which I can use to take action directly on the threat itself. No need to switch consoles or menus, which would just slow me down. Purple AI is built into our platform, not just something bolted on. If I'm not sure what to ask next, I can use one of the follow-up questions, which are dynamically generated based on the results of my original question. Since FIN12 appears to be in my environment, I need to quickly notify my team and my management. Instead of laboriously copying and pasting snippets of information and adding context to an email manually, I'll just ask Purple AI to do it for me. Notice I didn't have to restate the information I needed included in the email. That's because I'm having a natural conversation with Purple AI in the context of what we call a notebook.
In the event I need to come back to this conversation, I can, or I can even share it with coworkers so they can continue the conversation on my behalf. Purple AI far exceeds what other products offer, which is typically in the form of simple assistance and generic chatbots. With Purple AI, your security team can detect threats earlier, respond faster, and stay ahead of attacks. Now let's look at some capabilities that Purple AI can help with in the future. Alert fatigue continues to plague security operations teams. A survey conducted during the RSA Conference of 2023 showed that 61% of the surveyed companies indicate they receive over 1,000 security alerts every day. This is a troubling statistic based on another study by IBM that showed 50% of these alerts are not investigated on a daily basis.
Security analysts need help not only triaging alerts, but also automating responses to them as well. That's where Purple AI comes in. Let's take a look at how Purple AI can help with these issues. This is the Singularity Operations Center console. It consolidates all of the SentinelOne products across Endpoint, Data Lake, and Identity. If we click on the alerts tab, we see all the alerts across these products as well. Now let's filter based on alerts found by Purple AI. These alerts were raised by Purple AI. So if we look at this first alert, an AWS account takeover via compromised Okta policy, the first thing to notice is that the analyzed sources actually don't contain SentinelOne data.
Because we've integrated data sources from AWS and Okta through our no-code marketplace, this data is in the Singularity Data Lake, giving Purple AI the access to analyze this data and find threats across it as well. But it's not just enough to raise new alerts. We also need help triaging the alerts, which Purple AI has done here and indicated that this is a true positive. It's also summarized the alert as well, and showing us the true positive rating across similar alerts that we've seen globally and how they've been graded. So I can believe within 75% accuracy that this is a true positive. But it's not just enough to triage the alerts, there also needs to be response to them as well.
Purple AI has analyzed the alert and come up with recommended action, which is to force authentication via an automation. We can see that there's actually 283 other alerts as well. So I don't have to go alert by alert and take this action. I can just apply this recommended action of forcing reauthentication across 283 open alerts. And then going forward, I can also create hyperautomation to trigger this solution for similar alerts going forward. Not only is Purple AI looking across my data and creating alert, it's also suggesting mitigation and hyperautomation to take care of these alerts going forward. These are critical capabilities that our security analysts need to continue to detect threats earlier, respond faster, and stay ahead of attacks.
Okay, great. Now you can certainly see why our customers are loving Purple AI. I just a few hours ago on the main stage at our One Con event, I moderated a customer panel, and I got to tell you, the whole room was buzzing when we had customers talking about the applicability of Purple AI, not just solving problems, but creating opportunities, and I got to tell you, probably the highest in demand and shortest sales cycle in terms of a product I've seen, that's great for customers and wonderful for CROs, so thank you very much. My name is Michael Cremen. I'm the CRO, as Tomer mentioned. I am really glad to be with all of you and be able to talk to you a bit about our go-to-market. A couple things.
It has been an interesting few months in the industry for sure. The threat landscape continues to explode. AI-led attacks are on the rise. One of the number one concerns that customers talk to me about is that, attack surface and trying to manage those very dynamic, and expanding environments that need to be protected. One of the reasons why AI and autonomous protection is just resonating more than ever before. With the global outage, the conversation with executives and customers and with our partners, into customers is not so much about brand, market share, it's about, what Ric talked about. It's about quality, risk mitigation, architecture, process, resiliency, and a cybersecurity strategy. Really, really important and something that's happening all over the world, across all segments, and in every industry, we're seeing that.
I received an email from HR on Monday. No, it wasn't, it wasn't a bad one, congratulating me for being at SentinelOne for a year, and I knew it was coming up. I didn't know which day, but it went very, very fast. I know. And I will tell you, it reminded me of why I decided to join SentinelOne. First of all, in almost every company I worked for, it's been hypergrowth, disrupting a market, which is always exciting, exhilarating, and the place to be. Certainly bringing a whole new level of value to markets and customers with partners. The partner aspect, by the way, was really important. The commitment we have to our partner ecosystem was tremendous.
But when I started really digging in and understanding how special the technology was, and the fact that SentinelOne was so far ahead in terms of from the beginning, you know, placing AI into that agent and the autonomous approach and more of a technology driving and helping people versus the reverse, was just big. And then, of course, again, in my job, the TAM's really important, and every time I looked, it got bigger.
Really exciting a nd then the other aspect, talking with Tomer and other executives, was understanding not only the level of ambition for the company, for our customers, but also where we were at in terms of size, scale, scope from a size of organization, go-to-market piece, overall business ARR, and it really fit well into what I've done and my track record in terms of coming in from a go-to-market leadership perspective and being able to scale into the billions with the company. So that all came together very nicely, and we haven't looked back. I haven't looked back for sure. It's been tremendous and a lot of fun. Now, there was a great foundation upon which I was able to come in and build on. So let me be very clear. I'm standing on the shoulders of people before me.
But what I say to you is, we really work to accelerate the good and transform into new areas. And if you take a look over the last three years, in this past year, we built on this, and that was really significantly accelerating growth. And the three areas we put immediate focus on were really around us expanding our customer base, and we measure that when we look at customers that are $100,000+ in terms of ARR. And you can see they're 3x over the last three years. And then looking at the Enterprise and really moving deep into the Enterprise segment, it's actually where I've come from with all my previous companies, across all the big industries that represent Enterprise, and we certainly look and measure at $1 million ARR customers, and you can see unbelievable growth there in the last three years.
We're really proud and excited about that, and that trend just continues, and there's big, big tailwinds there. And then finally, it's overall, not selling products, but selling a platform and expanding and extending well beyond Endpoint, as Tomer and Rick both talked about. And we're able to then look at an average ARR customer and seeing that increase significantly to measure our success there and really a platform selling. And you can see they're 2X after the last three years. So, we're proud of this. We're not stopping here by any means. This continues to go, but it's important measurements of our business and the progress that we've made in the market. The number one lever through all my experience in really scaling into the billions is the partner ecosystem.
What I'd share here is, coming into SentinelOne a year ago and taking a look at the commitment we had made to partners, and then looking at the different categories of partners, it can be complex, and if there isn't an integrated, holistic approach, there can be confusion and friction in the marketplace. So one of the first things that I did was take a look at everything we had set up in terms of partnership and do just what I said. Holistic approach, really understanding all the categories of partners and understanding their business and where they were going, and meeting with them there, but then also bringing in a level of talent who are proven with these entities.
They're well-known entities, but also proven in terms of understanding whether it's MSSPs, Cloud service providers, OEM, all the way through all the different components here, but then developing an integrated strategy that's relevant to everybody. So all of our partners around the world have a good understanding of where they sit in our go-to-market strategy, what we can bring them, designing programs that are very beneficial to their business, and really starting to see a true force multiplier. And this is the foundation in this partner ecosystem that's gonna lift us over the next three, four, five years, which is vitally important for us. This one may not seem as sexy.
I'm sorry, but the reality is, it's vitally important, and as I said, there's a good foundation, but really hardening, I'll call it the fundamentals from a sales and field and go-to-market standpoint are key. And really looking at all aspects that you see here. Of course, pipeline's crucial. Really understanding different ways and levers around creating more and more pipeline and managing the business a few quarters ahead from a pipeline management standpoint as well. Really took a look at all the important functions and bringing an Enterprise-class level to them, things such as revenue operations, sales enablement, our renewal organization.
I just talked about our partner ecosystem, but really having seasoned leaders that have operated at scale and significant growth trajectories, able to come in and bring a new level of maturity to these type, organizations and functions and really build for that future, again, is vitally important. The work we've done collectively with my good partner here, Eran, from a customer set, success standpoint, really looking at all the ways that we touch a customer, from our partners all the way through to customer success, our renewals team, our account team, and making sure that we have the right approach there and that it's seamless with customers, is vitally important. And then I talked about platform selling. The other thing I'd say is building a high-performance culture, really, really key, and all the aspects that go along with that.
And then finally, and really what you start with, is a operating model. The way that we run the business in the field, day in and day out, and you cast this net across all aspects of that, and you start building significant consistency, predictability, and sustainability, and that's exactly the path that we're on there. Look, I wanted to be brief. I wanted to let everybody know that we're just getting started, but it's a pleasure to be here with all of you. It's been great at SentinelOne, and I'm very bullish about the future, so thank you so much, folks. I do appreciate it, and I'm gonna turn things over to our CFO, Barbara. Oh, you're gonna go that way?
I'm just... Yeah.
Are you the only one that's gonna take the stairs?
I'm gonna take the stairs, guys, instead of the big leap of faith there. Much better. Good afternoon, everyone. It's great to be here. It's nice to see some familiar, friendly faces in the crowd as well. So as you've already heard, there's a lot to be excited about here at SentinelOne, but let me share a little bit about why I'm particularly thrilled to be here. And first and foremost, it's the technology. SentinelOne is a clear leader in innovation. We're not just keeping pace, we're setting the bar, and that is really powerful. Then you've heard, there's the culture. The leadership team here has built a culture where innovation and collaboration seamlessly come together. It's rare to see that blend, and it's a key driver of our long-term success.
Of course, as a CFO, I was drawn to the large market opportunity, the mission-critical nature of the technology, as well as the growth and financial profile of the company. After one month in the seat, I can see the opportunity here is substantial, not just for scale, but for operating leverage as well, and I'm really excited to be here and help drive that forward. SentinelOne been on an incredible growth journey. You can see that here. Again, the fastest-growing company in cyber for years. That's no small feat at all. Driving that growth is a powerful combination of new customer acquisition, as well as deeper partnerships with our existing customers. Our ARR grew 32% year- over- year in the most recent quarter, and we're well on our way to surpassing that significant milestone of $1 billion in ARR.
As you all know, being a subscription business, our revenue closely tracks our ARR growth over time, resulting in 33% year-over-year growth in our most recent quarter for revenue. And looking ahead, we see significant disruption in our core Endpoint market. With that disruption, comes opportunity to capture market share, and we're laser-focused on that opportunity and making the most of it. Beyond that, we're also addressing and succeeding in multiple large markets. You heard Tomer reference earlier, our Cloud Security solution has now surpassed $100 million in ARR, and we're already more than $70 million in ARR with our data offerings. Both are growing at a really rapid pace and are key growth drivers for our business going forward.
Now, as impressive as this revenue growth has been, our margin expansion really sets us apart, and it highlights our focus not only on scaling up, but on operating more efficiently as well. So we take a lot of pride in our best-in-class gross margin. Last quarter, we delivered 80% gross margin, and we're forecasting 79% for the current fiscal year. That gross margin performance reflects the power of our platforms, strong unit economics, our disciplined pricing, and our unified data architecture. We're also seeing significant improvement in our operating margins over time. Over the last three years, we've really seen that operating leverage start to kick in and drive profitability. Again, underscoring our growing scale, as well as our strong unit economics.
Then, in line with our operating margin, we've made solid progress expanding our free cash flow, which will fuel our ability to continue investing in innovation. But this is just the beginning, and we're well-positioned to continue building on this momentum. Now let's take a step back and look at our margin journey through a broader perspective since our first quarter as a public company. The long-term targets you see here on the slide, these are the same long-term targets we outlined during our IPO just three years ago. Look at where we are today, there in the middle, and the progress we've made since our IPO. We're already operating at the high end of our long-term gross margin target, 80% in Q2. Beyond gross margin, we've delivered meaningful leverage across every line item.
Overall, we're delivering on our commitment to build a scaled and profitable business. So where do we go from here? We're operating in an incredibly dynamic market environment right now, but one thing is clear: our focus on our customers and security has been and will continue to be the backbone of our success. Agility is our advantage right now. We're staying flexible, we're adapting, evolving, and building an organization that can seize on the opportunities to succeed in today's environment and well into the future. In the short 30 days I've been on board, I clearly see an opportunity to drive continued leverage and strong growth. So to that end, we're balancing growth and profitability. That continues to be at the core of our strategy. That won't change. We're sharpening our focus on delivering results with discipline and capturing the large opportunity in front of us.
Thank you, everyone, for joining us today. Hopefully, today's session gave you a clear picture of the opportunity that's in front of us, where we're headed, as well as what's next for the company. With that, I will invite my colleagues to join me back on stage, and we'd be happy to answer any and all questions you might have.
All right. W e need to be in an offset.
Okay, perfect. Well, while they're getting set. We will take questions, p lease limit yourself to one question. We'll go back and forth between the room and appreciate the time. We'll start over here.
Thanks very much. Brad Zelnick with Deutsche Bank, and thanks for the time and the presentation, and keynote this morning was fantastic. I wanted to drill into the OEM opportunity and what you've spoken about now multiple times, specifically with Lenovo and maybe more to come. For those of us in the room that remember the prior generation, and I'm looking to some folks that, you know, have been doing this for a while, the Endpoint companies of last generation actually were paying the OEMs for placement fees. Now, this time around, the deal that you have, we understand that they're paying you.
So tremendous opportunity, I think, across multiple different facets, but I think there are a number of questions as well, just in terms of, you know, how the opportunity flows through to the financials. And just any comment about the value and perhaps the ability to then successfully penetrate other OEMs and use this as a lever, as you said, to go out and go after the 50% plus of the market that are still using legacy products out there? Thank you.
Right. So, definitely a very different world between, you know, what the incumbents have done in the past decade and what we're seeing today. And by the way, this is not just for SentinelOne. One of our competitors have, I believe, a similar economic deal. I think what you're seeing more generally is a lot of these hardware companies are looking for more software-based ways to maximize and continue and capitalize on the reach that they have. So when they look at something like our AI capabilities, they're getting basically a two for one. One, they're getting better security, which I think everybody wants. It creates a great differentiator for them. AI-based security for the AI PC sounds like a pretty compelling offering.
And the second part is, it allows them to build a host of services, managed security services, that provide for another revenue channel for them. Taking it back to us, you asked about the economics of the deal. It's fairly simple. This is a subscription-based business. We get payment per license, and then we have the opportunity to activate the customer for the out years as well. So it's a very simple reseller-like approach, only it's something that is pre-bundled and attached to the already pre-existing engine for the PC sales, which is, for us, the benefit here, and for Lenovo, obviously, just another avenue for growth. They charge a price point for that offering, for the entire ThinkShield offering. Part of it we get, part of it they keep. So it's a growth engine for them on the software side.
It's a great growth engine for us, and also, as I mentioned, the out years opportunity is also reserved for SentinelOne. So it's something that will take a number of years to fully unlock if we do it right. Enablement is a big part of it. As I mentioned, Lenovo is a very, very big company. Training their entire sales force to speak security, to speak AI security, will take a bit of time, but they are, I think, fully committed. I've been pleasantly surprised by the level of commitment by Lenovo. They just had their own event a couple of days ago. ThinkShield, AI security, and SentinelOne has been front and center. So it's just great to see.
It seems to be a great partnership, and I also believe there's more OEM partners across different swaths of the Endpoint market that are looking to do the same things. The ability for our platform to work in an automatic, autonomous way, which we've talked so much about today, is critical for some of these providers. Not all of them want to stand up a full service, so you really have to have a product that's almost consumer-grade. Now, I would not suggest that we'll take SentinelOne to the consumer anytime soon, or maybe never, but that level of automation makes it a great candidate for OEM partners to put on their machines, knowing that it's kind of a fire-and-forget type of an offering, versus almost any other Endpoint vendor in this space.
Hey, good afternoon. Thank you for doing this, and thank you for taking the question. Brian Essex from JP Morgan. You know, Tomer, I think I see you said in the past that you were growth-constrained because you were focused on margins, and clearly hitting that, you know, approaching breakeven for profitability and cash flow is a substantial achievement. As you kind of look forward, now that you've kind of hit that level, investing for growth, where would you say like, you know, top three areas of growth investment are? And how do you manage growth versus profitability now that you've kind of achieved that benchmark, that milestone?
Yeah, it's, you know, obviously, that's the eternal question with us, and, and I, you know, always have a slightly more refined view on that as time progresses. I think first and foremost, you see the market opportunity, and that's what I think, you know, Barbara sees and Michael see as well. We wanna capture it. We definitely don't want to taper away with sales and marketing, so that would definitely be one area of growth. A lot of our philosophy around how we grow in the next few years is a reinvestment philosophy. It's basically trying to keep and expand our operating margin to the maximum that we believe will not constrain that growth in a severely negative way.
But at the same time, we don't want to veer away too much from our profitability profile. We believe that getting to that breakeven is a great milestone, but it's something that we want to continue and expand, as Barbara kind of alluded to. We all believe there is more leverage in the business. So as we extract that leverage, we expect more efficiencies, we expect more room with operating margin, and we take that, and we reinvest that back into growth.
So we are trying to balance all of these three different components into something that should, hopefully, and this is my belief, will be one of the leading, you know, growth companies in the market, even in the next couple of years. Can we do that? We're gonna all have to wait and see. And obviously, as we, you know, go to next quarter's earnings, we'll share more, and obviously in Q4.
Has that balance tilted in the past, like, two months?
Not in a significant way. I think we're constantly refining, you know, our view. We definitely see, you know, a more accentuated opportunity in the Endpoint market. There's no question. But look, a lot of what we've done, and I've said that, you know, numerous times, has really been just doubling down on our own organic momentum. What's happening in the space, you know, Barbara said it, too. It's such a dynamic space. Every single day there's something. You know, yesterday we saw probably the, you know, advent of the largest global espionage campaign the world has ever seen. That's new. So every day there is a catalyst for us, and we're just trying to stay nimble and make sure that we balance things in the most appropriate way.
Thanks, Tomer.
Thanks. It's John DiFucci from Guggenheim. You know, I just a small follow-up to Brian questions, and thank you, Tomer, for that detail. But I just wanna make sure I understand this. So Lenovo, as you put up on that slide, was 59 million units shipped, and that's the largest PC OEM out there, and they're not all, you know, business PCs. But are you gonna get paid? So Lenovo ships a business PC, let's say it's, I don't know, half that, whatever it is. Do you get paid on every PC they ship to a business because you're on there? Or does the business that they're shipping to have to say, "Yes, I do want that," and then you get paid on just those ones that say, "Yes, I do want it"?
I really have a question for Barbara, but I'm gonna be respectful to Doug, and maybe I'll follow up with her later.
Yeah, um-
Thanks.
Simply put, you know, everything that's within the ThinkShield envelope, which, I don't know, you, you got a Dell laptop, so you probably don't know, but- I know, but I want a Lenovo. You need, you need a Lenovo, right? But everything that comes with ThinkShield comes with SentinelOne, and I think that's the easy kind of lens to look at it. The joke was that if you had a Lenovo PC, you most likely have the ThinkShield offering. So put these two data points together, and I think you arrive at the conclusion.
Thanks. Rob Owens from Piper Sandler. And Zelnick, thanks for looking at me when you talked about twenty years ago and what OEM was doing. I really appreciate that. So, obviously, from a competitive perspective, two of your competitors have really moved towards bundling, call it what you want, platformization, flex programs. Talk about where go-to-market is, how willing you are to be flexible there, and just what pricing looks like in this dynamic, and, you know, why SentinelOne wins in the end?
Do you wanna take some of that, Michael?
Yeah, I'm happy to. What I really have liked about this past year being at SentinelOne is. It's one of the most flexible companies I've been in in terms of really understanding what our customers are looking for, meeting them at that place, working with our partners as well to really understand the opportunity and the requirements and really what the customer is looking to accomplish. So I feel that we have been very flexible, and I like the way that we've approached the market from that perspective, and we haven't made any dramatic changes 'cause we really haven't needed to.
Yeah. I mean, just to add to that, we support consumption-based pricing, we support ELAs, we support subscription, obviously. So we are just trying to give the best financial solution to customers. We give financing through our partner ecosystem. We don't feel like that's something that we need to take upon ourselves. And that works for customers. I mean, oddly enough, when you go into some of these, you know, customer commitment or credits type constructs, that's, you know, the word commitment is not necessarily something that, you know, customers like to hear, especially if it's a big out years commitment. Sometimes actually doing something that mirrors the actual consumption is a more favorable financial construct. So I think the key word is, as Michael said, is we're being flexible.
The one thing we're not doing is, you know, crazy discounting or giving stuff away for free. It's just, it's not us. And when customers talk to us, we're not putting it out there, we're not buying out contracts in masse. With that, there has been and will continue to be ad hoc situations where we're gonna come in, and we're gonna offer favorable terms. If it's something that we wanna win, if we believe it's strategic, we look at the lifetime value for these customers, and those are easy decisions. You're right to point that, you know, Microsoft have been offering bundling for years, and, you know, Palo has been offering, you know, free licenses for quite a few good years. I haven't seen that be an, you know, insurmountable headwind for us to continue and stick to.
We sell best, best-of-breed software. We charge a decent price for it. I remember, you know, five years ago, you know, we started with this, we had a price point, then we IPO'd. Everybody said our price point is, you know, rock bottom, we're dragging down the market, and now you come back to us, and you say: "Oh, you guys are pretty expensive. Everybody else is giving this stuff away for free." Our price point has been the same across that time frame, give or take a few cents, so all in all, you know, we believe there's value in what we do. We believe we price fairly and have priced fairly, and I think that's kind of the, you know, the prevalent motion that we see with our partners.
That said, you know, we are iterating, we are adding more site license type deals, deal structures. We are going to allow folks to buy the platform and use any capability that they want, call it flex, call it platformization, call it whatever. Buy the platform, use what you want. It's all the same to us at the end of the day, and we'll support all these pricing models.
Thank you. Saket Kalia at Barclays. I want to switch gears a little bit. And first of all, just thank you for the disclosure on Cloud and data ARR. I think those are, I think those are really important. Maybe the follow-up question is, and Tomer or Barbara, feel free to chime in, but, you know, I think it's roughly $170 million in ARR from those two businesses. What type of growth is that, sort of, first, year- over- year? And then secondly, maybe more for you, Tomer, the Cloud piece, and I always love asking this question, like, how do you kind of think about that Cloud market over the next few years? You have Cloud Security specialists, right?
You've got Endpoint players like yourself, and then you've got, I don't know, the network security vendors. Who has sort of the right to win in that $12 billion market?
Yeah. Look, as far as growth, you know, this is obviously growing, each one of them separately and both of them together, faster than the overall business, in a you know pretty significant way. I think what we're seeing is, you know, obviously, AI is driving also data sales, so everything is starting to get this compounded effect for growth, and we really like what we see there, in terms of growth. If I look at the overall Cloud Security market, I mean, look, to me, this market has converged into maybe four formidable players, which we're one of, and that paints a pretty you know simple picture, where one of these players is a network player that has done fairly well, probably leading the Cloud Security market in terms of revenue.
One of them is our Endpoint peer, which is probably kind of second level in revenue in that market. Then you get one standalone upstart that have done a great job in selling, a CSPM-oriented offering, and that's the only standalone that I've seen in the market that I believe is relevant. And then there's SentinelOne. I mean, that's kind of the short list of what you can do in Cloud Security today if you're looking at options. I have always said, ever since we started talking about workload protection, that to me, that is the true center of gravity for Cloud Security. Oddly enough, I think you're seeing some of the standalone player gravitate towards that direction as well, now that they've kind of disseminated the market with their CSPM offering.
The amount of workloads that require protection is basically boundless, and they keep on growing. So the majority of growth that I believe will be driven in the Cloud Security market is going to come, A, from reaching these workloads. It's totally under-penetrated. Nobody's covering all these workloads right now. Most of these vendors that we talked about has a very nascent workload coverage. Even Palo Alto Networks, which has been an established player in Cloud Security, I don't think they're known for their runtime security capabilities. So the workload vector, just the amount of workloads, is one big driver, and then it's the capability set. And I think you're seeing a couple of interesting approaches in the Cloud Security market, where you see folks try to paint that picture, you know, they call it code to Cloud, which.
You know, I somewhat believe that's a growth driver. It's the expansion of the platform. It's, you know, more stuff that loosely is connected. But I also see significant disruption to how we code in the next two to three years. So if you're putting all your eggs in the ASPM basket or, you know, integrating into the IDE and kind of going all in on code, while the IDE, the development interface for code, is going to change, is going to be most likely very AI-driven. I'm sure you've all seen what AI can do today in coding applications. Imagine where that world is going to be in two years. I don't know exactly how the models I see today for code-based security, the shift left movement, kind of come to terms with that.
So, I would be very cautious if, you know, people are kind of selling that notion of code to Cloud. What I'm hearing from customers is that it's more of a wait and see. I want to see how the coding landscape will evolve in the next couple of years. Investing now in something, integrating it, just to find that it's relatively irrelevant. I mean, just another example. I don't want to digress, but all these coding, code security platforms, they're there to try and tell you when you onboard the vulnerable library into your code. If you're coding with AI, you just ask AI, you know, "Make sure that these libraries aren't vulnerable or don't have any vulnerability," and done. You don't need a whole product just for that and, you know, all kinds of wizards and all that stuff.
So I do think that the next phase of growth in Cloud Security market doesn't come from code necessarily. Maybe I'm right, maybe I'm wrong. I think that DSPM or data security is an important component. I think that AI-SPM is also an important component, how we secure the usage of AI in the Enterprise through all the different facets that, right now, I believe, hinder adoption in many senses because we just lack the control. If we give unfettered access to an AI model to all employees in a given Enterprise, we have completely lost track of what's being shared, what's being returned. It's a data leakage nightmare, and I think that represents a big opportunity. So I think the Cloud Security market is going to evolve in these directions.
That's, you know, kind of definitely what we've been investing in and believe customers will absolutely need, almost under any type of scenario, in AI progression.
Thanks so much. It's Patrick Colville from Scotiabank. Congrats on the first analyst day you guys have done, I believe, right? So congrats. It's great. So in your presentation, you touched on one of your competitors' July 19 incident. You know, I think it was helpful you talked about why SentinelOne wouldn't suffer from such an incident. But I think the question on many investors' lips is: Is that incident driving new customer conversations in SentinelOne? You know, you kindly gave us, you know, the message during Q2 earnings six weeks ago, but, you know, what is the message as of today at One Con on, you know, the fallout from the July 19 incident? Thank you.
Yeah. I will return to the Q2 earnings and reiterate what I said on Q2 earnings. There has been a significant shift in consideration more than anything else. My belief is that this is a long-term impact, positive impact for SentinelOne. The customer conversations that we've been having have been significant, I would say. Those will unlock themselves over time. There are some folks that want to move, some folks that have already moved, some folks that will move. I think, again, the timeline is hard to predict. I'm not going to attempt in predicting it. I don't feel like we need to predict it. We got our own organic momentum, which is incredibly strong. So is this a net positive for SentinelOne? Absolutely. Did the other vendor take a reputation hit? Absolutely.
That would be the lens that I would encourage all of you to think about this. Net new Endpoint projects, you can imagine what was our position pre-outage, what is our position post-outage. In terms of customer churn, again, renewal cycles are going to educate us more on that. If there's one thing I think we can clearly share is that, in terms of the partner ecosystem, which if you think about it, have also, given what we hear, have lost, you know, a pretty significant amount of their inertia in terms of expansion movement with, with that competitor. And we share a lot of these partners, right? I mean, these partners work with a lot of vendors. I think they're absolutely coming back to us and looking to us as to how we can help with those expansion footprints.
So to me, again, it's a structural change that impacts SentinelOne probably the most. I think it impacts us in an incredibly positive way when you think about the adjacent surfaces. Obviously, you know, the growth with Cloud is going to be, you know, important to watch as well. But again, all of it is positive. I don't really want to get into numbers, mostly because I don't know. These things move at a certain pace that I can predict. But again, I sincerely believe our position is better than it was before.
Thank you. We have time for one final question.
Thanks. So I wanted to maybe ask Ric and Michael on SIEM. So you highlighted kind of the efficacy of it, why it's so strong, why it could compete standalone basis. But I think where SIEM is going in this new direction is it's kind of going from being a third-party neutral vendor to a kind of first party and native to somebody that already has strong proprietary data to offer, from the platform itself. So just given that SentinelOne might not have the incumbency on Endpoint in a lot of Enterprises, how do you both of you kind of approach that opportunity to displace some of the legacy SIEM vendors out there if you don't have that Endpoint incumbency?
I'll start- Yeah, please. I'll start. I think we're equally promiscuous, even if it is not our Endpoint. So if you want to give me CrowdStrike's Endpoint and have me do all the automation around triage, investigation, threat hunting, orchestrated remediation, and response, we'll do it all day long. On top of that, you can build out the same rule sets that you would otherwise have in the other SIEMs on top of that telemetry. So we look at that as a nice transition point to get one vendor in the portfolio and augment that, and not have to lead on a "Let's rip out CrowdStrike on the Endpoint."
Even though that's possible?
Yeah. No, I mean,
Please, tell me.
I'll just add to that. I think the consideration point for SIEM is so different than Endpoint, that thinking that just because of Endpoint incumbency, you have the right of passage to data, I don't even think that for our customer set. I think that you need to have the best capabilities possible, and that's what's gonna determine the consideration. Look, we have done deals where we ingest data from, you know, Palo Alto firewalls and CrowdStrike Endpoints. We've actually been the data bridge between, Microsoft and CrowdStrike all being put into a SentinelOne Data Lake. I think that at the end of the day, you don't want to replace one SIEM for the other. You want to pick a foundational technology for the next three to five years.
These things, there's not gonna be a rip-out motion, you know, every couple of years. This is gonna stick. It's gonna be significant. It's a significant integration effort. I think it's probably the hardest surface to replace, I would say, much beyond the Endpoint, definitely beyond the Cloud. Cloud is probably one of the easier ones. That's why I think that customers are taking their time. They're not jumping to all these glitzy offerings that come with the platform. I think it's all about capabilities, and you're seeing some players in this market which are a bit different. I mean, we immediately think, you know, SIEM, we think Splunk. Great, that's the incumbent. You know, you probably are thinking Palo because, you know, they bought QRadar, and you kind of believe that's gonna be a huge deal.
Not entirely sure how that plays out, given that most of QRadar is on-prem, and Cloud is and Palo is only Cloud, so there's some transition that's unnatural that's gonna have to happen there. You obviously see Microsoft with a kind of a highly integrated offering. But then you see Google, with Google Chronicle as an example, and they're a standalone SIEM player, and they actually have probably more scale today than what Palo Alto has in the SIEM world. I fully subscribe to the first part of your question. SIEM needs to be agnostic. It needs to be the UN of security. It needs to take in data from any surface, whether it's native or not, and that's why when we think about our market approach, we really think about it in a way that's detached from our Endpoint motion.
It's a great benefit. If you're running both our Endpoint and you're going for data, that's a huge benefit to you. You're getting all of that data for free into that Data Lake. But beyond that, I think there's so many different constructs and so many different other factors that are as important, that the consideration is first and foremost the functionality, and then, yes, it could be an added benefit to also have Endpoint or Cloud or any native surface, but that's not the prevailing motion.
Okay, thank you, everyone, for the questions. Thank you for joining us today. We'll speak to you again upon our earnings call. Appreciate it.
Thank you so much.
Thank you.
Thank you.