Thanks very much for joining us. I know you've all been waiting for this, and sorry about the confusion with the other room, but we are here. Today I'm hosting Tomer and Dave from SentinelOne. I prepared a whole list of questions to ask about the company, the background, etc. But I'm gonna flip the page, and I'm gonna ask the questions about the quarter, because I think that all of you are here to understand two basic questions. Number one is to understand the accounting issues that the company had and understand how much more risk there is in the business. Number two, to understand the competitive landscape. I got from you questions before this, and all the questions were around the same two topics.
I'm gonna start with the same two topics, Dave and Tomer, and thanks so much for joining us today.
Sure.
I'm gonna make it kind of in an organized way. The correction to the ARR was $27 million, 5% of total, right, ARR. The question is, can you take us first through the correction? What were the sources? I know this is. You explained it on the conference call, but what were the sources? The second question after that is, talk about your checks and balances that you have in place that may help to mitigate such issues in the future.
Yeah. No, for sure. Look, we got into this quarter, that I think that what is important to say about it was actually not a very bad quarter. I think with all the noise around, you know, the adjustment, I think we still need to kind of set a few things straight. We delivered 75% ARR growth post as an adjustment, so all these numbers include adjustment. Incredibly strong. We missed our own mark on where we wanted to go. It was a $3.5 million miss, that put revenue growth at 70% year-over-year in some of the toughest environments out there. It also came with, you know, net retention rate close to 130%. Again, one of the best marks in the industry.
Obviously, we need to perform better, but let's remember also from which bar we're starting, and couple that with 97% gross retention rate. As we finished the quarter and given that revenue discrepancy, we were very surprised, because typically, you know, we got good predictability into revenue. We don't expect to miss revenue. We started digging and trying to understand what was that difference? Why didn't we see the revenue that we expected to see? We went back and we basically started looking at 2 different factors that impacted about 200 accounts out of the 10,000 overall contracts that we've been able to parse, which is the entirety of our customer base, pretty much.
In the course of the two weeks leading to earnings, we saw that there was lack of controls for a portion of our upsell opportunities, where people entered upsell opportunities that were in aggregate amount of both the renewal and the upsell, but did not churn properly the renewal portion of it, which created an expectation of that renewal ARR to be there, come, you know, come the date for that renewal. Again, about 200 accounts that we found that discrepancy. We worked incredibly hard to make sure that by earnings, and this was concluded two days prior to earning, was brought into the board's attention, the audit committee, to our auditors.
We worked incredibly hard to make sure that we give you the full scope of everything that's there. That adjustment amounts to about half of that overall $27 million number. The other half was more elective. We could have also elected to do it in a different time, but given that we saw that this adjustment is anyway gonna be bad news, there's no going around it, we said, you know, "Let's just make sure that we total all the different elements that we want to total." We also decided to change our consumption methodology recognition into ARR, basically indexing all of our consumption business, which is about 10% of our overall ARR. We're talking about $50 million of ARR that is consumption base in our business post-adjustment.
We took down all consumption matrix to the committed contract values alone, which means no upside, no downside. If anything, our ARR at this point is a bit understated. All in all, we elected to take out the volatility in the consumption model from our ARR calculation. It's not because the consumption is not there. It's because we started seeing patterns of consumption changes that we thought could create more volatility and less predictability into the future, and we said, "We don't want that. That's not serving, not to us, not to our shareholders," and we took that out. We did both of these things in tandem. That was the all-in $27 million figure. There's nothing beyond that. There's nothing different.
If at all, I can say that after reviewing 10,000 contracts and having Dave's team not sleep for approximately two weeks, it's squeaky clean.
Yeah
Like I would probably can point to a lot of other companies where if you audit all of their contracts, you're probably gonna find something. You know, now we know this is the scope. This is it. We've added new controls, obviously, to make sure that this will not happen again. Lock down all the fields in Salesforce. There's a 3-way approval that needs to happen for any adjustment of any opportunity, any deal sizes. We recognize the mistakes, we saw them, we fixed them, put new controls. There's nothing else outside of that in our business. Terribly apologize, you know, to all of you for that ever happening. You know, definitely caught us as well by surprise, that is it.
Even if you factor in all of these changes, that 5% of ARR, that probably means that last year we grew 100%, not 105%. In the grand scheme of things, I mean, our fundamentals are intact. All other metrics are intact. There is no impact to revenue, no impact to operating margin, no impact to deferred revenue, none of that. This was all about future expectations in ARR that were not there, and we needed to remove, and that is it. I mean, Dave, if you want to add something.
No, no, that's exactly it. I mean, we first noticed it, we reached out to Tomer immediately, reached out to our general counsel, to external legal, to our auditors, to the audit committee, to the board. Like, the path of, you know, from the point where we identified it to the point where we, you know, made this a full scope, and it was can we possibly get through the entire audience of analysis? You know, I think that happened within, I don't know, 12 hours before we started the process, and then we just kept going. You know, obviously, ARR is not a GAAP metric.
You know, it is a number that gets reviewed by auditors, but it's more of a cursory review, where, you know, they make sure it ties out, they look at the logic. We are working with them to make sure that we have better controls around it, because it is a public, reporting number that we have out as a key metric. We are working with them to make sure we have the tightest of controls around this metric going forward, so it's not gonna be an issue. Yes, agree. Totally apologetic for it.
Does anyone in the audience has any question about accounting? We're gonna make it interactive. That's the easiest way to do it. If you have any other question, just raise your hand, if not, I'll move on to the next topic. No, we're good? Perfect.
In the corner, I think.
I think you covered it. Oh, here we go.
Hold on. Sorry. If you don't mind, just wait for the mic. Yep, here we go.
It isn't specific, specifically accounting, but I'd be curious about the chain of events, like how. You know, where did it start? Was it sales reps, and who found out? That whole process, I think you walked a bit through it, but I'd like to understand a little bit of color and basically what, you know, some of the color around what you're doing to avoid it, you know, or anything like that happening again, kind of plugging those gaps.
Sure. I can walk through some of the timeline. You know, you would expect.
Let's do it in two minutes.
Sure. You would expect that, you know, one quarter of your previous quarter's ARR should become revenue in a given quarter. You know, with that, maybe you have some adjustments for churn, you know, late deployment, but they should be things that are pretty easily identified. You know, obviously, that was one component of it, and we looked at that, then we said: "Okay, that doesn't make up the revenue shortfall," obviously. The next question was, did we miss any potential billings out there? Did we have a multiyear renewal that we missed, something that should be expected to come through and did not? We went through the entire population of those, felt really good about that. Great, our systems work properly.
The next piece was the consumption piece, which was, okay, well, we've seen some disconnects where we saw consumption swings, where some of the consumption was elevated in previous quarters based on excess usage in a given quarter, which created the expectation that we would have that revenue in the next quarter. That was a piece of the adjustment as well, and even that didn't make up the revenue miss. You know, I'm a former auditor, as well as most of my team. The next question was, is there anything in the ARR expectation that led us to believe that we should have had revenue that was coming?
We started at the most the biggest contracts and just worked our way down, and we started to find this dynamic within the upsell, the renewal or early renewal to upsell sales motion, where we'd sort of identified this was a larger issue than we had anticipated. I think when I first reached out to you, Tomer, it was a few million dollars, and then I reached out again, and it was higher, and I reached out again, and it was higher. We said, "Okay, how do we possibly get through the entire population?" When you look at that and you say, "Okay, well, that's about a $13 million-$14 million adjustment," expectation's about $3.5 million, that would have put us above our revenue guidance for the year f or the quarter.
Thank you.
My next question is about the business itself. You took the ARR growth in the last three quarters from 50% to 47 to 35, and 35 is on the basis of post-adjustment. If I add back the 27 to the previous year, the decline is actually bigger. There is quite substantial decline in the ARR growth versus your previous expectations. The question is, what drives it? What drives the... I'll give you the background. Some of the investors are concerned that the competitive environment is much more fierce or much more negative than you're willing to admit or one is willing to admit. The question is, what drives the decline in the ARR?
Sure. Let's start with that 50%. I mean, 50% was an indicative number we gave Q3 of last year when the environment fell completely apart. We missed a quarter, a quarterly targets. Our competitors missed their quarterly targets. Everybody was missing everything. Most companies at that point in time, I think, you know, some view as to what they think they can do next year. We tried as well. At that point in time, we were growing 100%, triple digit ARR, at that point in time. I think what we wanted to accomplish more than most, more than anything, is to just give any form of indication of the ballpark revenue we should be expecting next year. We wanted to let people know it's not gonna be the classical 20% deceleration year-over-year in normal environment, but it's gonna be something around 50%.
Mm-hmm.
From the line of sight we had, from what we knew back then. That was the first kind of view into this year's guidance. It wasn't a fully-fledged guidance. It was a Q3 last year. That's what we knew, and that's what we put out there. Towards the end of the year, you know, again, we kind of looked at better what we believe the conversion mechanics are in this environment. You know, trying to factor in deal elongation, you know, obviously, deal deferral. I think we factored the majority of that in, but I think we missed a couple of things. One, I think we did not anticipate the level of downgrades, which part of it was that consumption adjustment.
We just saw, you know, customers in Q4, you know, going up above and beyond their consumption, their contractual consumption, but come Q1, indexing down pretty significantly. We started believing that's gonna be a more dramatic trend, and that could, you know, present some volatility in the business, so we took care of that. I think the other thing is a bit more in our own operating philosophy, where I think what happened in the past couple of years, given such tremendous momentum and economic environment, is that we were really used to running our business with, you know, pretty much no buffers whatsoever, no margin of error. I mean, we always overachieved. We always had great quarters. Consumption was always on the up and up.
On the flip side, you look at some other companies out there, obviously, with every given quarter, they got almost $100 million of buffer, you know, different setting expectations, the difference in setting expectations to kind of play around with. Which means that in a very volatile environment, you get this, you know, you get this factor that you can enjoy. I, at some point, just didn't feel we have enough of that. You know, we kind of came back and said, "Look, we need to give everybody a more stable, more predictable view. This is not an environment where the level of volatility can provide, you know, something that I think all of us can stomach." Does it mean that the growth will be there or not? I don't know. I'm not a prophet.
I do know that we needed more margin of error in our business, that was a big part of it. Let me touch on competitive, the competitive environment. The competitive environment is shit. We're fighting an incredibly dirty competitor that can't win with technology, thus, uses every other tactic to win. These are things that we don't do. We don't conduct ourselves this way, the competitive environment is not, you know, not a, not a healthy one. I wouldn't say it's a healthy, competitive environment. I think if you look at, you know, by proxy at the network security market, you see established players. Everybody controls their own estate. They don't, you know, go after each other. They don't need to go after each other, they're not panicking about any one of the others.
In endpoint, things are very different, given that this is all about net new estate addition as well. This is, you know, a market which is still, you know, a good chunk of it is in the hand of incumbents. There's a lot of new accounts to win, even though, you know, you see for us, for our competitors, that part is slowing down, especially in this environment. People just generally don't really wanna make a lot of changes. I think that that goes into that very tough, competitive environment. It's a narrative-induced environment. When we put our technology in front of customers, we win. When we say we have, you know, sustained competitive win rates, we mean it. I mean, that part is a tried and tested number. When we go into these opportunities, our technology, time and time again, wins.
We need to get better at, you know, changing that narrative. We need to get better in opening the aperture for the top-of-the-funnel opportunity that we have. There's another thing I wanna share with everybody. I mean, you kind of seen us talk more and more about our maturation process from an endpoint company and into a platform company.
That also has a tax about, you know, about what we do. We're definitely maturing and evolving our go-to-market organization, and have been doing so in prior quarters as well, so our sellers can actually be proficient in selling a fully fledged platform and our future capabilities. Our security data lake capability, which is highly differentiated from that same competitor that probably lingers around in your mind, is a massive market opportunity for the long term for SentinelOne. We don't want to discount that. We wanna continue and build into our long-term success, and some of it, obviously, takes away from the amount of focus that we put only on endpoint. If you think about, you know, 100% of our salespeople population, instead of all of them being focused on endpoint, there's a degree of them that are focused on cloud opportunities.
There are a degree that's focused on security data lake opportunities. Some of those are kind of building up. Cloud is already a substantial part of our business. You know, it's definitely also a more pristine market in terms of competition. All of that, you know, funnels through what I believe is the right approach for revenue diversification into the future. It's what we're gonna continue doing while obviously, we're able to, you know, produce meaningful growth in endpoint and without this year. All in all, I think it's all of the above.
Yeah.
Let's not ignore the competition. There, there are other factors in play, and generally, you know, we look at this as a much more of a longer-term market opportunity than what happens this year or even what happens specifically with endpoint dynamics.
Do you think competition is an important topic just because there are so many players with a solution? Not a similar solution, just a solution. The question is whether pricing is a factor with customers? Meaning, if you have someone who is committing suicide with pricing, does it impact it, your ability to sell, or the technology matters?
Yeah. I think that two years ago, price didn't matter that much. I think in this environment, price matters a lot. I think that, you know, competitors out there that are willing to just discount to do $0 deals, they win some share, and they deflect some share loss. There's no question about it. It's still in the grand scheme of things, it's still anecdotal. Like, people can't sustain a business, obviously, with giving $0 accounts, so they're doing it where they are fearful the most. We've not done a single $0 deal in our existence. We don't do loss profile deals at all, nor can we allow.
Maybe someone like, you know, a big established network player that has already, you know, milked the network segment for their revenue dollars, can now throw in some stuff into the estate, so no new vendors are getting introduced into their estate. That's not a long-term approach as well, and the functionality there is not what people are looking for, and I think that you're gonna see some folks get disillusioned pretty quickly, as we've seen with Microsoft, as an example. Even Microsoft, which is, you know, obviously another significant force in this market. You know, some people think about it, and they do their best to present it as a free dollar, free licenses, you know, type of an offering. It is not. It really is not.
I think we're also doing a better and better job now to show people the hidden cost of E5, and how much you're actually spending, you know, given the data cost, the management cost, which are all tangible, you know, line items for the CFO to review. Again, it's not, it's not a zero dollar, you know, market. I don't think it makes sense that people today think about, you know, paying more for a AI-based spellchecker than they are on endpoint protection. I mean, it's not, you know, it's not healthy for cybersecurity.
Got it. Specifically on Microsoft, you know, in the high end, there are different players. We see Microsoft more in the low end, where bundling is important. How do you handle the bundling efforts of Microsoft? How do you handle the fact that it's a bigger company with a broader security portfolio?
Yeah. Look, part of it is recognized that they're gonna be there. I mean, right? I mean, we're gonna have some of the accounts on the market go with Microsoft. That's a fact of life. I mean, we can't negate the entire effect, but, you know, these are statistics. At the end of the day, you got to really ring-fence what you feel is gonna be the share that Microsoft can take away. That is reflected in our win rates, and we keep very close tabs on it. Specifically, I think you're seeing more and more that if you're able to articulate, A, the hidden cost of using something like Microsoft, and it's actually not that hidden, you just need to bring it to bear, because Microsoft obviously will not do it for you.
Also, obviously, talk about the technology positioning and the foundation for the future in what you're procuring from a vendor like ours or maybe the other pure plays. You also get to realize something very simple: Microsoft is not a security platform.
It's a bunch of products fused together into a big portfolio of security products. It's not one cohesive platform out of which you consume different products. You got products and products families, one on top of the other, that don't really give you that same cohesive coverage. Sometimes not even coverage to their own operating systems. You get customers out there that they might even wanna go with E5, but they can't get the coverage. They can't get the coverage to Microsoft's own operating system, nonetheless, to Linux environments, cloud environments, you know, asset inventory, identity security. All of those are very, I think, adjacent things to what Microsoft is doing at its core. A lot of these offerings, they don't talk together, they don't mesh together, they're not priced together, they're not licensed together.
Especially if you go and start to think about the overall opportunity for an enterprise security platform, you also see that Microsoft might have different components, but there's some more work for them to do. I think in that, if you look at the security data lake, market that's forming, you actually see very different players that are going with that approach. I mean, you see us, which we kind of ushered that concept into the market-
You see Google Security Operations, and you see Amazon Security Lake, and you don't see a lot of the others that took a more kind of EDR approach versus this approach, versus the same approach, versus the log approach, and giving you 7 different consoles to do, you know, 20 different things. I think there's also something to be said about how the market is forming, and, you know, it still remains to be seen.
Right. One of the other questions I got was: How do you manage to compete in the market being a smaller company? What I mean by that is, when you consider some of your competitors, they're much bigger, right? Some of them are platform players, like Palo Alto, like Microsoft. You may call it individual products, but it's still a big platform as is.
You're more focused, you're smaller, but you have state-of-the-art technology. Where is the line between being too small to be very advanced with technology? Where are the use cases where customers tell you, "I need you despite your size. Your size does not matter to us," or customers that take the opposite approach, like, "We only need, you know, check the box on antivirus," I'm taking it to the extreme. "Check the box, and we're gonna go with bigger companies.
Yeah. Look, this environment, for sure, is harder for smaller vendors, and I think everybody that has followed our story should recognize that. I do think that there's a balance there between getting the care and the technology, because it's not just the technology. If something goes wrong in your Microsoft environment, their size doesn't matter. It actually works into your disadvantage. They don't really care. That's a fact of life. You got no one to call to, you got no one that will help you. I think that's different with some of the pure plays, specifically different with us. I think we're able to do that. We, you know, have grown significantly, more than any other company in our scale.
you know, we're reaching, you know, bigger and bigger scale every single day. It is absolutely harder for us as a smaller vendor in this environment, and I think we factor some of it into what we can do. It's not coming into, I think, manifestation in, "Oh, they're too small, I'm not gonna go with them." Our financial viability is as good as anybody else's. it's more in, we don't have the reach, that some of the bigger platform vendors have. We don't have the same marketing budgets, we don't have the same narrative control, and we don't have the same channel ecosystem, even though I think we've made significant strides. We're now bigger than almost any other endpoint vendor outside, you know, these top three that we've talked about.
We just can give you a clue on what we've done in 2 years of being a public company. All in all, you know, I can say that, we have a favorable position competitively. I think our technology is by far better than what the others are putting into the space. I think we continue to push innovation in the, in ways that the others just can't, and that is why we continue and win. Yes, being a smaller vendor in this market, in any market, I think right now in this economic environment, is not an easy thing, and it's definitely not an advantage.
We only have a few minutes left, and I still have two more questions. I'm gonna switch to finances first, and then I'll go back to fundamentals. Dave, path to profitability, one of the biggest risks in a, in a weak environment, is that investors start become more sensitive to profitability. Talk about path to profitability.
Sure. Everything we've been doing, you know, honestly, for the past couple years, has had this, you know, fiscal 25, you know, break even or better EBIT. You know, that was the goal. That's where we wanted to be. Every effort we've made has been towards that. If you look, you know, we've been shaving off 25, 30 points of EBIT losses as a percentage of revenue every year, and, you know, now we're guiding in that 25%-29% range. You know, we did a restructuring event, the day of earnings, so that helped right size our expenses with our new kind of lowered expectations for the year in terms of ARR.
You know, that was done because we were looking to move to, you know, lower cost regions for some of this, for diversification. You know, we were looking at areas of the company that, you know, honestly, we should reinvest in more and reallocating resources. You know, in terms of our sales force, you know, we have capacity to do far more than what we're goaling out this year, or, sorry, than what we're anticipating from goaling out this year. There's a lot of opportunity for us to, with essentially minimal headcount growth, still exceed the numbers that people are expecting for us to do next year. That's our goal. You know, we've been really tight and focused on expenses because it became something that we couldn't avoid. You know.
When the economy changed, we weren't showing up on anyone's radar. You know, if I look back at the IPO, we were losing 120% EBIT margin. Now we're at 25. It's two years. You know, you look at our gross margin then, we were 53%, I think, going into the quarter of the IPO, and now we're 75%. We've made tremendous advancements in just our economic profile to get to that. We just started from a really small scale, which makes it a lot harder when you're trying to grow, compete against a Microsoft, a Palo, a CrowdStrike. Everything we're doing is to get to that margin profile where we can get to that and turn to profit later.
Got it. Is there any question from the audience? No, we're good. I can keep going with my last question. Tomer, platform, where do you take, y ou have, from memory, about 10 modules that you're selling, maybe more, maybe less, but around that number. What are the important ones, and where do you take the platform from here?
Yeah. We got about 20 different capabilities. By the way, part of that realigning of cost was to make sure we can actually focus on the ones that are important and, you know, are important to our future. To us, you know, identity, security data lake, cloud, beyond endpoint, I mean, these are the important aspects of what we do. Security data lake is a massive target opportunity, $40 billion, if you look at security analytics, going and disrupting kind of the SIEM industry in earnest. If you couple that with what can be done today with AI on an enterprise-wide horizontal data lake, you get to a complete new reality in cybersecurity. It's no longer about a Chatbot for EDR data and name it whatever you want.
It is about fundamentally changing how you think about security in the enterprise lens and the company-wide lens versus these point product lens, and AI can enable that. AI can look at all that data, AI can give you that scale, and AI can supercharge you to automate your environment to a point that maybe will get some advantage over the attackers. Right now, just reminding everybody, the attackers are out innovating every single company out there today. Nobody has enough defenses today versus the capabilities that the attackers have now with LLMs and generative AI, and that part is the most dangerous piece of all of cybersecurity. Beyond the competitive hoopla, we need to also make sure that we provide for a better secure world, and that was our goal always.
Great. Thank you.
Thank you very much.
Thank you.
Thanks.