Everybody, Fatima Boolani back at it again. I run U.S. Software Equity Research here with my partner Tyler. I have the distinct pleasure of having the Sentinel team with me on stage today. I've got Nick Warner, President, Security, and to his left, Doug Clark, Investor Relations extraordinaire. Thank you very much for joining me today for what I think is gonna be a pretty animated discussion.
Great to be here.
Excellent. Well, Nick, I'm gonna jump right in and actually maybe start at a pretty high level. You've been at SentinelOne for five years, and you've worn a number of different hats while at SentinelOne. Maybe at sort of the highest level, you know, the company certainly has gone through many milestones and a pretty remarkable evolution. Some key observations from your tenure.
Well, I think the most macro observation I have is in the mainstream of adoption of this type of technology. In my time in the space, and I've recalled this in a couple of breakout sessions today with investors. It really went from a notion of we could never replace antivirus, to we'll never run cloud-native security technologies, to what's EDR, to well, that's only technology for large to largest of companies. It's really evolved rapidly to very much a mainstream must-have. What I mean by must-have is really what we're in the midst of is really a generational shift from on-premise static, signature-based, archaic technology to cloud-native, machine learning driven technology. Technology that can really consolidate stacks. Technology that can protect remote workers, hybrid workers, cloud workloads, et cetera.
That's been really invigorating. As I travel the world, you know, I was in Thailand at our Asia Pacific Partner Conference a couple weeks ago, and that buying motion is now in full swing, even in Asia Pacific. That wasn't the case probably three, four years ago because really, America was the leading edge of that revolution, several years ago, and we're really seeing global adoption now. As much as anything from an industry perspective, that's been a key change that's taken place in the last several years.
I think you're touching on a lot of addressable market opportunities that I wanna dig into in a lot more detail. Just sort of still staying high level with respect to the macroeconomic environment, you just mentioned you came back from Thailand or you launched more meaningfully in Thailand. Just biggest surprises and maybe deviations from your expectations year to date. You know, clearly a lot has changed. We see all the headlines, we read all the headlines. How has that impacted or not your business activity and expectations?
Yeah. You know, I think an upside surprise for us is just the massive velocity and momentum around the managed service business. What we're seeing now is that it's becoming the preferred adoption technique and approach for companies of all sizes, but particularly small and medium-sized companies. Where before that was really relegated to the very small part of the market, you know, like the sub 100 endpoint or sub 100 employee size organizations. We're seeing mass adoption of that, really all the way up through several thousand to 3,000+ employee organizations are going with a managed service approach, not just for technologies such as SentinelOne, but any type of cloud native technology. If you think about how, say, a Zscaler works from a SASE perspective, it makes sense.
It's time has come when you're adopting born in the cloud native security technologies. It just makes a lot of sense to have a third-party provider. For a lot of organizations, it makes an incredible amount of sense to have that managed by someone else. I think what has been great to see is the depth and breadth of that opportunity globally. My meetings in Asia Pacific a couple weeks ago, half of them were with managed service providers whose businesses are all exploding on the upside as well. I think we're gonna continue to see an incredible amount of momentum there globally, but across a lot of different sizes of business. That just couldn't have existed 10 years ago when folks were running siloed stacks of architecture. It was permanently changed for the better nowadays.
I think this is something that I really was eager to ask you. You have a ton of hindsight advantage. You've gained a lot of experience and exposure. Now, where has the sort of biggest dichotomy been seen relative to your prior experiences at these, you know, prior permutations of endpoint and workload security companies?
Yeah. It's a good question. You know, I've always learned more from failure than success. I think a couple key learnings I've seen in my 20 years in cybersecurity is, one, you have to build a platform. You can't build a feature. I think in our space that our core space that we're in today, I think what you've seen is a lot of, firstly, technologies that have been relegated to things of the past really were more features and less platforms. I think what I've also learned individually is culture matters in organizations, and you have to have a killer mindset. You have to have a customer acquisition and customer-first mindset.
The moment that you get silos, and I think, you know, my time at McAfee, which was Intel Security, you know, they had acquired 26 different companies, and what you ended up having is three very large business units. I think cooperation between those business units was challenging for a number of reasons. That leads me to the third thing, which is I think what gets lost is focus. What we really try to live every day at SentinelOne is we're focused on the mission, we're focused on our customers, and we are absolutely putting the needs of our customers first, and we're breaking down silos however possible. As we've grown and scaled organizationally, we put all of those things front and center, particularly when we're interviewing and onboarding and hiring.
Because at the end of the day, SentinelOne is really all about the people, the people who use our product, but also the people who are developing, selling, marketing our product.
Just from an addressable market standpoint and just tying and actually pulling on some of the threads you're alluding to around, there's been a lot of featurization. There's been a lot of siloization, dare I make up my own words. You know, investors certainly have a view that your core competence has been in endpoint security. The view is, okay, well, just because McAfee had XYZ share and size and Symantec had XYZ, you know, market share and size, that necessarily creates this sort of finite nature for endpoint security. You know, part A of the question is where are you on the displacement curve against some of these older generation technologies?
Largely, and more importantly, where is that misconception most deeply rooted that, hey, your core market is maybe more finite than not, just by virtue of how big Symantec was in the past and how big McAfee was in the past?
Yeah. I think there's a couple things there. I mean, first and foremost, easy answer from a core market perspective, we're in the third inning, if it's a nine-inning game. You know, that's evidenced by what we see at a lot of, for example, our managed service partners, where they are all in on SentinelOne, and we still only represent, you know, 10% or 15% of their total estate. That other 80%-85% is running some combo of antiquated signature-based AV technology that they are in the process of replacing over the coming quarters and years. You know, I think as it relates to enterprises and large enterprises, what you had seen is adoption of EDR-only technology by a lot of a lot of larger organizations.
They were still running, say, a Symantec or McAfee, Trend Micro, et cetera, and now they're in the process of taking a fresh look at the market. Vendor consolidation, particularly in this macro climate, is a big thing. We're seeing folks who are saying, "Hey, look, I have Symantec, I have Tanium, I have Carbon Black. I wanna consolidate that functionality, drive much better ROI, have much better capability and functionality, and do that in a single platform." You know, I think the answer to the third part of your question is really around the rise of cloud-native technology, the rise of data being king, and it's why our acquisition of Scalyr was so critical to our longevity in terms of being a platform, our extensibility as a technology.
We are unique in the space in that we entirely own our data stack from start to finish. We have fully 100% moved all of our existing customers over to that Scalyr infrastructure. All new customers are running on what we call our new data platform. You know, one of the dirty secrets of, say, the SIEM space, security information event management, is the vast majority of those companies OEM their data technology either from, like, a Splunk or an Elastic. If you don't own the most critical part of your technology stack, you're inherently gonna be brittle and not be able to expand and not be able to provide the best customer experience possible.
I think that was the downfall of a lot of legacy technologies, is they had grown through acquisition, but that acquisition was never integrated because you had different database systems, different servers, and so what you had is sort of this island of misfit toys that people would say, "Yeah, I own McAfee products," and they own 12 of them, and they didn't really talk to each other in an effective way. What we brought to market now, and growing beyond our core sort of endpoint platform, is this XDR platform that can literally ingest other data sources, make sense of it, allow you to analyze, store, retain incredible amounts of data and do it, and this is really the X factor as it relates to cloud-native platforms, do it in a highly scalable, easily adoptable way.
I mean, we have customers that can go from zero to a hundred miles an hour with our technology platform in a matter of weeks, and that just wasn't the case when you were having to stand up databases and failover servers and server architecture. I mean, the deployment of legacy SIEM technology, let alone antivirus technology or even first wave EDR on-prem technology, that would take months and months and months, and that is not the case anymore. What customers love about a platform that's cloud native and extensible, and we own the whole data experience, is that we can grow as fast as they want us to grow in terms of adoption and deployment of our technology. That is a totally different experience than what customers had with legacy technology years ago.
Nick, I think another angle of this perceived view of your fortunes maybe being tied to devices or unit shipment trends is tied to maybe a view on more traditional computing devices, right? You know, where does this conventional wisdom fall short?
Well, I mean, it's true in a sense in that a majority of our customers are running us on machines. You know, I look out at the crowd today, everybody has a mobile device. We protect those. Everybody also has a mobile laptop. We protect those as well. If you look just at the mobile device penetration for advanced threat defense technology, it's in the single digits. Most of the organizations we talk to, a lot of the most critical employees there, they might have one or maybe two PCs, and they have one or two phones. That's four surfaces, and maybe we're running on one. It's order of magnitude expansion capability there.
The second thing, even as it relates to that core part of the market, is if you look at the folks who have the largest market share still to date, it's Trend Micro, Symantec, McAfee. Those things are being relegated to the past. The share shift that we're seeing, still we have to enjoy an order of magnitude growth opportunity. As I'd mentioned, you're looking at a lot of our partners their current estate, we are maybe only running on 10%-15% of their total on-premise laptop-type devices. As it relates to cloud infrastructure is a total greenfield opportunity. The vast majority of organizations, when they first started pushing to the cloud and doing DevOps and deploying applications into the cloud, they were not running any type of cybersecurity, let alone runtime protection.
What we're seeing there is, again, it's a baseball game. We're in the top of the first inning there from a cybersecurity perspective. We see an extremely long runway there. We also see an outsized influence as it relates to dollars, because the dollars we're getting from protecting a Kubernetes cloud workload, a server environment, it's at least 4x what we're charging for your traditional desktop or laptop. An incredible amount of room to run there. We also think about the opportunity that we got into when we acquired Attivo, the identity security and credential security market is still a nascent market that we feel that total addressable market is in the many, many billions. Again, the thing to understand, adversaries and threat actors are after two things.
They're either after data, they wanna steal it or encrypt it, hold it for ransom, or credentials. Those are the two things they're after. We now can address both. Before, we only protected data against theft and encryption, but we were really looking for and found an incredible technology in Attivo to protect credentials. If you think about industry stats that something like 80% of cyberattacks start with stolen credentials, that underscores the opportunity from a business perspective, but the need from a cybersecurity perspective to protect that part of the estate. The vast majority of enterprises are doing little to nothing to protect credentials today. Sure, they might use two-factor authentication, et cetera. Those are architectures, not security products. We feel like there's a huge opportunity there in the coming quarters and years.
What I'm hearing, Nick, is you've got a lot of vectors at your disposal to continue to drive growth and momentum, right? Maybe sort of distilling this and sort of bringing it back to some of the financial and operational KPIs that you shared with us. Specifically on your annual recurring revenue and net retention rate metric. You know, thinking about the unit-based opportunity, right? Thinking about the pricing opportunity, thinking about the cross-sell/upsell opportunity, right? At a high level, if you were to kinda take these three vectors as driving those metric outcomes, how would you sort of stack rank any product, you know, your ARR performance and your NRR performance?
Yeah, I would say first and foremost, it's seat growth either within organizations. Many times they've gone with us to protect desktops, laptops, et cetera, and then they are now moving us over to the server estate, to the cloud estate within their environment. Again, the dollar share is not a one-to-one per device. You know, we're talking 4-to-1 minimum in terms of dollar contribution. You know, one example, we closed a large mid-seven-figure deal with a large telco earlier part of this year, and 50% of that deal was to protect their cloud workloads, which on a unit count perspective, is smaller than their PCs, but on a dollar contribution perspective, ended up being half the deal. Seven figures of that deal was to protect cloud.
That's a large contributing factor when we look at our current estate of, you know, 8,500 + direct customers. Another vector of growth is within our managed service and managed security service partnerships. Those things are gonna just continue to grow. We go from 100,000 endpoints to 200,000 to 300,000 to we have several now that are in the millions of endpoints under management, and that's gonna continue to grow. Then I think, after that, what we start to see regularly is module adoption. Things like Vigilance, which is our built-in managed service. It's a way to apply human context to the machine learning-driven detections that our technology are making. We're seeing adoption, 30%-40% of deals have that attached.
Probably a 50% uplift on that. We're seeing a lot of interest downmarket on that too. Before, when we first introduced it, that was just being consumed by our Fortune 1,000, Forbes Global 2,000 customers. We're seeing a lot of mid-enterprise customers adding that at time of renewal. Ranger, which is our network awareness, device management, device discovery module, we're seeing incredible adoption there. I think, down the road, what we're also seeing is a movement in our managed service space, and existing customers from running just Core Control to SentinelOne Complete.
In a nutshell, folks who are running SentinelOne Core Control, which is our platform bundle that is EPP only, and many of them are now moving to also add in EDR, and that represents a significant cross-sell and upsell opportunity. The balance for us that we're trying to drive is really between making sure that we're harvesting and enabling our customers with all the modules to give them the best protection to give us the best economic yield, but also keep our both eyes fully on new logo acquisition, because we're, again, as I mentioned, this is a once in a generation shift that's taking place in the largest part of cybersecurity, which is device protection. This massive movement away from formerly the biggest companies in cybersecurity, all of them have gone away.
If you think about what makes up McAfee today, you know, McAfee no longer exists. It's been broken into parts. There's a consumer business, there's Trellix. FireEye has gone away from a product perspective. The best part of that, which is Mandiant, is now gonna be part of Google. If you look at Symantec being broken up and being part of Broadcom and then having a standalone consumer business, that is a sea change that's taking place that what we don't wanna do is take our eye off the ball and understand that every flag that we can plant with SentinelOne is with that, you know, the net retention being in the 130s%, an incredible opportunity for us to continue to grow those customers.
We have to keep our eyes firmly on accelerating that new logo acquisition. We've been delighted by our results so far.
Clearly, like you're alluding to, you've had no problem driving new logo growth velocity. If I were to ask you, if you were to hypothetically hit the brakes on new logo acquisition activity and just sticking to your 8,500 direct customers today, what is that installed base opportunity that you can paint us between two vectors, the first vector being getting all your customers from Control all the way to Complete, so graduating them up from a bundle standpoint, and then just loading them up with the entire platform suite of capabilities? What would that theoretically look like? I guess what I'm asking you is, you know, what that ASP or deal size uplift could be to an average customer.
First of all, we'll never take our eyes off of acquiring new customers because again, it is a land grab right now and a gold rush in the market. That's why it's so important for us from an operational perspective to balance really rapidly improving our EBITDA and operational margins, which we've made absolutely incredible progress year-over-year. Balancing that with the fact that this is a land grab right now that's happening in our market, and there's really only a couple of substantial players out there. We need to make sure that we are expanding as fast as we can globally, and I think we're doing a good job there.
That said, from an opportunity perspective, I think one of the first places that we have started in a very material way is enabling our managed service partners to sell modules. Something I think folks don't realize is even with the incredible velocity and momentum that we've had with managed service partners, they were primarily only selling SentinelOne Control, and they weren't selling any modules. That's because we didn't have self-service capabilities for modules, auto-billing, auto-provisioning for the modules. We have now added that, and so we have seen already in the last few weeks incredible pent-up demand for, say, Vigilance, attaching Vigilance on managed service sales. The beauty of that is that managed service motion, one, we don't even have to provide level one and sometimes level two support for those customers. Two, these are non-competitive deals.
Three, we don't actually even have to have a sales force covering those accounts. We manage those partners, and underneath that is an ocean of end users underneath a set of distributors and other managed service partners. It's going to be an incredibly efficient way for us to cross-sell and upsell by enabling them to sell things like Ranger, sell things like Vigilance. I think where we're really looking to put gas in the fire there is continue enablement, training, and automation from a technology perspective for a managed service partner. That said, we've also really built out our renewals team in terms of putting in some very experienced leaders who can properly train on cross-sell, upsell, have those right time conversations with customers.
You know, I think the a double-edged sword in our space is our real competitors are the adversaries, and the adversaries at the same time are in a lot of ways our best marketing arm because they're always out there reminding customers of the need to ever expand their cybersecurity defenses. A lot of it has to do with continuing education and thought leadership that we're doing in the market, which gets people to think about, "Hey, I should be doing things to protect my credentials, protect my identities. You know, I should really extend our protection to all those mobile devices," which people spend as much or more time on now than they ever have before from a work perspective. I think from an overall NRR perspective, there's no reason that we shouldn't be staying in the 130s.
I think there's room to grow there. We already do best-in-class metrics there, but there's an incredible opportunity to come from a retention and growth perspective.
Sorry, go ahead, Doug.
Just add, I think, you know, to your question, like there is a substantial multiplier within the existing install base, right? Like in making a hit on a few of those large ones. Like you take something like cloud security, cloud workload protection.
We have more than a handful of customers where the cloud footprint and the opportunity per customer has been the same size, if not larger than the endpoint itself. That in and of itself is a multiplier on top of it. Layer in, you know, the Attivo, the identity suite, the data analytics aspect, the extension of the modules into the managed service ecosystem, as well as just the seat penetration within the managed service ecosystem. Like, all of those in and of themselves are substantial on an individual basis. Rolled up together, you know, a substantial multiplier opportunity.
I want to stay on this topic of the MSSP ecosystem for you. It's a very unique angle for you, so I wanna flesh out some of the differentiated aspects of this channel for you. Maybe just to start with sort of the arc of contribution here. You can share the numbers with me, but I know it's a lot meatier today in terms of how much of the business is driving for you today than it was certainly you know a year ago at the time of the IPO and then certainly two years ago. Maybe we start there, and we can poke around a little bit more.
I mean, the contribution there, like, you know, our top-line growth is pretty eye-popping. I mean, we hear that a lot, and we're proud of the work that we've done. It is even higher on the managed service side. We're not necessarily starting with a small base. I mean, we were doing reasonable amounts of managed service business a year ago, some two years ago, none three years ago. It's grown rapidly. I think as encouraging is if you zoom back out and just take a look at the managed service space period from a macro perspective, it is becoming, as I said, the preferred way to buy and consume this type of technology, advanced technology that's cloud native.
Regardless of if you're buying a product like a SentinelOne or if you're buying, you know, Okta or if you're buying an encryption or DLP product, it just makes a lot of sense. It's here to stay. Architecturally, we have some significant advantages over others in the space. First and foremost, we made a design decision about four years ago to build in full multitenancy into our platform. That was not easy to do. That took a year rewrite of our back-end architecture. We also had made an early design decision to have 100% available and open APIs into our infrastructure. If you think about totally open API, 100%, API infrastructure and five-layer multitenancy, those things are table stakes for a managed service provider.
Awkwardly providing that through tagging or some other, workarounds, that isn't gonna scale. What we've seen as folks, managed service providers, when they started to evaluate technologies in the space, they were quickly able to reduce the number of vendors they're looking at to one, because we were the only ones that provided that type of go-to-market, automation technology. I think from a go-to-market perspective, we've made a decision. We're not a services company. We're a technology provider. We're not gonna compete with our partners. We're gonna enable them. That really matters because no one's gonna wanna buy technology from a company that at the same time they're competing against for the business. That isn't true for, at least one of our peer company public competitors, and that really has been holding them back from an adoption perspective.
I know that because I spend a lot of my time, probably half of it in the field, talking to customers and partners. I always ask, "Why did you end up with SentinelOne?" It's the architecture, but it's also the go-to-market and the way we chose to partner and to not compete.
Is my inference correct that, you know, your customer count is perhaps in some respects understated, but yet the financial contribution from your MSSP and the expansion that you're realizing from your MSSP channel is very appropriately reflected in your net expansion rates, which sounds like it's giving you the confidence of sustaining that at the 130% plus zip code.
That's accurate. You know, we count each managed service partner as one customer. Underneath that one customer, there can be thousands of very small customers, of which we wouldn't want to, nor would it make sense from an operational perspective, to try to go after ourselves. You don't want to hire a sales team to go after 50, 60, 30, 150 employee accounts. What we have instead is a frictionless go-to-market there that lets us really focus on the core function of our direct sales force, which is partnering with system integrators and large resellers to go after those Global 2000, Fortune 500 accounts.
As a gross oversimplification, I've sort of thought of your model with the MSSPs as kind of an arms dealer approach. I think what, certainly we've talked about offline, but I think is worthwhile sort of mentioning is the economics with your MSSP customers are in line to, if not superior than if you were to do direct business with a Fortune 500 company of your choice. I'd love to dig into that a little bit as to why that would defy, you know, a natural sort of inclination to think that, hey, you might be doing a much wider estate right off the cuff with an MSSP partner, and yet your realized ASP per endpoint, let's say, is not materially different from, you know, a large company directly sold to.
It's typically significantly better economics from, like, a core product perspective, but it's also upside. Like, once we're able to really hit the gas on attaching a lot of modules, which to date we hadn't been doing in the managed service space. If you look at sort of C count to C count, you would say, well, you're actually realizing more dollars from a managed service partner, and that's with the absence of modules being attached, which we just recently unlocked. We expect that to grow tremendously. I think the other thing, if you take a step back and look at it from a TCO perspective. Even if you're buying great advanced technology like ours in a Fortune 500, you still are paying for a security operations team. You're still paying for deployment.
You're still paying for support, et cetera. With managed service offerings, all of that gets bundled in, and what you see is there's a lot less inspection on the actual economics of the subscription license and more in, well, we're spending X amount with this managed service partner, and they take care of everything. That's a big benefit. I think the other thing to understand also is the vast majority of those that deal flow is not competitive. Like, the competition is, do I go with a distributor from Pax8, or do I go with someone from NinjaOne or N-able or ConnectWise or one of those other managed service partners? Once that decision is made, they're gonna consume whatever that vendor is providing.
If we're the standard that they're providing, that really gets us out of that tit for tat feature function competition, which definitely helps the economics of the deal. I think the other thing, and this is not to be understated, is that the customer satisfaction level for those type of customers super high. They are very happy with the technology that they get, that they consume, and the support and management, which is again why I think what we're seeing is more and more other aspects of either IT or IT security being consumed that way by an increasing number of customers.
I'm gonna do a quick scan of the audience to see if there are any burning questions. No? All right. I can keep going. Just, you know, you mentioned the security operations center. You know, there's quite a fair bit of a renaissance, a technological renaissance, I would say, happening in the SOC that you're attuned to. It sounds like you're certainly attuned to. Thinking about the XDR opportunity for Sentinel and with your Singularity platform, where do you think we are broadly in sort of the investment and maybe modernization cycle for what I deem to be, you know, the SOC 4.0, if you will, or SIEM 4.0?
Really, you know, if you can address this in the context of, you know, SIEM and security analytics, and players who in the past and who now have maybe gotten a bad rap, kind of given their pricing models and things. Just sort of where we are on the investment cycle curve and then naturally the incumbency, or the incumbents sort of more price predatory approaches in that realm in the past.
Yeah. It's a multi-year journey. I think from a SIEM displacement perspective, it's a story that will be playing out over the next few years. Like, XDR is still in its nascent phases. I think going back to what I mentioned before, it is all about the architecture and the vast majority of both data analytics solutions like Splunk, Elastic, et cetera, and SIEM solutions, whether or not it's like QRadar, ArcSight, and the like, those were built in an on-premises world. Those were built before the rise of cloud workloads. They were built before K8s, Kubernetes. They were built before instrumentation was being strapped onto servers and workloads which generate an incredible amount of data.
What you've seen is, from a data analytics perspective, this attempted forklift from an on-prem architecture to the cloud, and that dog doesn't hunt. Like, it just doesn't work well. If you think about, go back and think about the disruption that took place with Salesforce between, like, Siebel and Oracle CRM. It was an entirely different user experience if you're interacting with a born in the cloud platform versus an on-premise platform that then was shoved into the cloud. That story is playing out from an analytics perspective. How it is economically playing out is costs are rising for the likes of Splunk, et cetera, and the amount of data that's being generated in today's digital world has risen exponentially. Those platforms were literally not built when that data problem existed.
It is the old adage of, like, you're trying to put 10 lb of stuff into a 5 lb bag. What people see in a platform like SentinelOne's, and why we really scoured the world, ultimately finding only two vendors that fit the bill, and we bought one of them from a data analytics perspective. We needed a hyperscale, super fast, born in the cloud data analytics platform, and we found that with Scalyr. That's why we embarked on this, what turned out to be a year and a half journey to fully upgrade our infrastructure to a native born in the cloud platform is because now what we can offer to our customers is ultimate extensibility that leverages the power of the cloud. You can pump in all the data you want.
You're gonna be able to retain it for as long as you want. You aren't gonna have to worry about DBAs or sizing servers or or understanding how to connect data and server backups, et cetera. It's all 24/7 available, and it's all much faster from a search capability than anything you had before. The work that needs to be done for anyone in the industry now that's embarking on XDR from a vendor perspective is workflows, automation, and integrations. That's what we're really focused on. We prioritize some of the top integrations, so whether or not it's Ping or Okta or Zscaler, Mimecast, Proofpoint, we have production-grade integrations built today.
We have many customers that are pulling that data into our XDR platform, but that's gonna be a multi-quarter process to build out more and more of those integrations and then build workflows around that. Architecturally, we have clear blue water advantage over those legacy architectures of the past. I don't know about you folks, but if you talk to any customer that's running Splunk, you know, they'll love it or hate it, but the folks who love it, they will tell you the biggest thing that they want to address in the quarters going forward is how do I put less data in Splunk? How do I spend less on my Splunk infrastructure? Because the costs have arisen in stark contrast with the functionality they're getting out of that.
That's the long-term opportunity as it relates to XDR. We feel like we're incredibly well-positioned. I think the last thing to note with this sort of blanket statement of XDR is it's extended detection and response, but the focus really needs to be extended detection and response. The focus on detection and response, the only vendors that can properly provide that are endpoint players because we run at the point of execution, so we can respond, we can remediate. Other products and technologies that claim to be XDR players, if they don't have a point of control on your network to actually stop that attack or remediate a set of attacks that already took place, they aren't true XDR. We feel like we're super well-positioned there, but that is gonna be a multi-year journey for the industry.
I think I wanna spend the last couple of minutes of the conversation around the investment philosophy, and you know, particularly around what you're titrating, what you're not, what is maybe more of a responsive approach to your investment scope for the remainder of the year, particularly again, in reaction to what you may or may not be seeing in the macro.
Again, well, as I had mentioned, we're gonna be balancing, fiscal responsibility and that drive towards cash flow positive with the once in a generation opportunity that we think we're in the midst of from an expansion perspective. Where we're absolutely pouring resources in is our MSSP MDR partnerships because we see, unparalleled growth opportunity there. We are also pouring a ton of resources, internally into our cloud business because we are seeing, total greenfield opportunity there with amazing unit economics, and again, a fundamental architectural advantage that we have. We don't run in kernel on servers or in K8s, everybody else does, so that is an enormous advantage. You could talk to 100 DevOps and CloudOps folks, and they're gonna.
If you ask them, "Do you wanna run something that is a kernel-level driver or something that is more passive?" 100 out of 100 will tell you, "There's no way I'm putting a kernel-level driver into my most critical part of my infrastructure." We built and designed our solution specifically because of that, but that has given us a fundamental architectural advantage. We're at the very early stages of the push to protect the cloud, so we're gonna continue to really focus on those two primary areas from an investment perspective, against the backdrop of looking to double and then double our business again.
Last question. You haven't been shy about sort of adding to the portfolio inorganically. How much or how less are you inclined to do that again with private market, valuation dislocation to the extent you see some white space in the portfolio? Just M&A as, sort of a driver of either technological, moat widening or market share widening.
I think we'd be less interested in trying to buy market share and buy revenue than acquire interesting technologies that can further expand our platform. I think one of the interesting elements that we've unfolded is S Ventures. We've made some early-stage investments in some really interesting technologies, and I think that helps keep us firmly on the pulse of what's new and next, while at the same time further educating ourselves and, by extension, our customers on where else we think the puck's gonna move. There's a lot of technology out there that's interesting.
I think one of the biggest challenges for companies is to really remain focused on the mission at hand, which for us is about building out this XDR platform, protecting our customers, and listening to our customers and hearing what are interesting challenges that we can address that would be good for us as a business, but also increase our value to customers. We're actively looking in the market constantly at what's new. Again, I think we'd be more interested in the technology and less of a need to try to acquire market share customers because we're doing that incredibly well on our own today.
I think we'll cap it there. Thank you for encouraging my shot clock violation. I appreciate the time.
You're welcome.
Thank you.
Thanks, everybody.