SentinelOne: Likely Best Positioned To Benefit From The CrowdStrike Incident (NYSE:S)

Thesis

The cybersecurity trade will proceed to develop shortly and outperform the market within the coming years. Traders trying to purchase into the trade at present ought to take a look at CrowdStrike (CRWD) rivals comparable to SentinelOne (NYSE:S), partially as a result of their choices may see elevated demand because of fallout from the current CrowdStrike outage.

Writer’s Be aware: I wrote an funding thesis for CrowdStrike in 2021, and it has been an ideal performer since then. When you’re not aware of CrowdStrike and its rivals in endpoint safety, I like to recommend studying that article first. This text might be thought of a revision of that thesis.

A Lesson From Historical past

On Friday morning, CrowdStrike was on the entrance web page of each main newspaper, however not for purpose. They launched a software program replace that triggered a serious know-how outage, grounding flights and inflicting hospitals, banks, governments, and different companies to report varied points. It is value noting that the outage solely impacted Microsoft (MSFT) gadgets.

It is tough to consider one other know-how outage of this scale in current historical past, even exterior of cybersecurity. Nonetheless, CrowdStrike definitely is not the primary cybersecurity firm to disappoint its prospects. For my part, this incident has some similarities to an incident reported by fellow cybersecurity firm Okta (OKTA) in March of 2022.

Again then, Okta introduced that roughly 2.5% of its prospects had their personal information stolen from Okta’s database by hackers. This broken Okta’s model as a trusted cybersecurity firm; a consequence that naturally follows at any time when a cybersecurity firm will get breached, particularly if they do not shortly mitigate the difficulty and notify their prospects.

In distinction, CrowdStrike has claimed that Friday’s mostly-resolved incident was merely a bug they launched by mistake, not a cybersecurity breach. Nonetheless, the Washington Submit reported that some unbiased cybersecurity consultants had been unconvinced that it was unintended. Both method, it is inevitable that such a serious incident could have a damaging affect on CrowdStrike’s model. Even when it was an accident, it makes CrowdStrike’s high quality management processes and inner controls look unacceptable.

After each aforementioned incidents, traders reacted shortly. Okta’s inventory fell by round 6% the morning after its breach was introduced, whereas CrowdStrike inventory dropped by 11% on Friday. The long-term affect on CrowdStrike’s inventory is unknown, however a historical past lesson from Okta would not bode properly. The next chart compares Okta’s efficiency because it was breached to its friends’ efficiency:

Inventory Δ Inventory Value (since 3/22) Δ Income (since 3/22) Δ Income (2020) OKTA -44% 62% 42% CRWD 37% 114% 82% ZS -18% 116% 56% PANW 59% 51% 17% FTNT -12% 40% 29% S -46% 184% 101% SPY 21% – – Click on to enlarge

Supply: In search of Alpha

At first look, Okta’s 62% income progress since its breach seems to be respectable. Nonetheless, Okta was as soon as considered a high-growth darling. Its progress previous to the breach was similar to fast-growing friends like Zscaler, whereas its progress afterwards has been extra similar to that of mature cybersecurity corporations like Palo Alto Networks.

This shift in expectations was mirrored within the inventory value; Okta’s inventory has fallen by 44% since its breach, due partially to a number of compression. Throughout this similar time interval, the S&P rose by 21% and lots of cybersecurity friends did even higher.

In fact, there have been many components at play throughout this time interval apart from the breach. CrowdStrike and most different cybersecurity corporations have all the time scored properly on the Rule of 40, and have been worthwhile in current quarters. However, Okta has by no means been worthwhile no matter how briskly it has been rising. Moreover, Okta exists in a distinct segment subsector of cybersecurity which can naturally expertise totally different ranges of demand than different subsectors.

Whereas many components definitely contributed to Okta’s slowing progress and normal underperformance, it is affordable to take a position based mostly on the timing that their breach – and the ensuing injury to their model – was one issue.

It’s miles from a foregone conclusion that CrowdStrike will endure an analogous destiny, but it surely’s not out of the query. Whereas the cybersecurity trade has been consolidating, it is nonetheless fiercely aggressive, and there is no doubt that the gross sales groups of CrowdStrike’s rivals will use this incident to their benefit.

Competitors in Endpoint Safety

CrowdStrike made its title in endpoint safety, a cybersecurity area of interest targeted on defending particular person gadgets like computer systems and tablets. In line with the analyst agency Gartner, CrowdStrike was best-in-class in 2023:

Whereas CrowdStrike could also be primary, many corporations are labeled as leaders, together with Microsoft, Development Micro (OTCPK:TMICY), SentinelOne, and Palo Alto Networks. On this aggressive panorama, these rivals may benefit from CrowdStrike’s mis-steps.

For my part, the current incident was a black swan occasion; the prospect of CrowdStrike inflicting one other comparable incident sooner or later is sort of low. Nonetheless, that might be a tough case to make to upset prospects whose companies had been severely impacted. It’s totally attainable that a few of CrowdStrike’s present prospects will change to rivals out of frustration, and it may be rather a lot simpler for rivals to win new prospects within the close to time period.

CrowdStrike Downgraded to Maintain

Maybe essentially the most excessive response to the CrowdStrike incident can be to quick the corporate’s inventory. The fallout from this incident may embody slowing income progress and authorized points, so it is definitely not out of the query that CrowdStrike inventory may proceed to fall.

Nonetheless, the cybersecurity trade general has grown quickly over time and can seemingly proceed to take action going ahead. Even when CrowdStrike begins to underperform friends because of this incident, that does not imply its inventory will go down. Total, I would a lot fairly be lengthy cybersecurity than quick cybersecurity, whatever the firm (and shorting shares may be very dangerous usually, no matter trade).

On the opposite excessive, one may take a look at the double-digit dip in CrowdStrike’s inventory after the incident as a shopping for alternative. Finally, this incident shall be outdated information, and from a monetary standpoint, it is attainable that CrowdStrike will proceed to thrive as if nothing occurred. Whereas I believe it is a fairly seemingly final result, CrowdStrike’s inventory is priced as if it is a assure. Even after the ten% dip on Friday, CrowdStrike continues to be the costliest inventory within the cybersecurity trade.

Inventory P/S Income Progress (yoy) CRWD 21 34% MSFT 14 14% PANW 14 20% S 10 41% TMICY 4 10% Click on to enlarge

Supply: In search of Alpha

CrowdStrike is at the moment far pricier than rivals, a valuation which was arguably justified in gentle of its market management and best-in-class mixture of progress and profitability. Nonetheless, I consider that the current incident provides important danger to CrowdStrike and warrants a bigger re-rating. At this level, it is nonetheless attainable that CrowdStrike will observe in Okta’s footsteps and see its progress sluggish to be extra according to extra mature rivals.

Even with out factoring within the current incident, CrowdStrike was prone to slowing progress as a result of legislation of huge numbers. It is because, at over $3 billion in gross sales over the previous 12 months, CrowdStrike is already a big firm. It’s totally uncommon for a corporation of this measurement to develop income at 30%+ per 12 months for very lengthy. As soon as progress slows – whether or not as a result of incident or normal maturation – will probably be tough for CrowdStrike inventory to outperform from its present valuation. Based mostly on these dangers, I take into account CrowdStrike a maintain at present costs.

SentinelOne turns into a powerful purchase

SentinelOne stands out as essentially the most uneven – and maybe finest – funding alternative in cybersecurity for many who deem CrowdStrike unappealing at this level. That is for 3 causes.

First, SentinelOne’s enterprise is most just like CrowdStrike’s, given its deal with endpoint safety. The opposite rivals listed within the prior part are massive and diversified, which means that solely a small portion of their companies are positioned to instantly profit from CrowdStrike’s struggles. (It must be famous that SentinelOne technically provides prolonged detection and response, which has similarities to endpoint safety however contains extra surfaces comparable to cloud. Whatever the terminology, their choices are just like CrowdStrike’s.)

Second, SentinelOne’s inventory has been buying and selling flat for over a 12 months regardless of enhancing financials. Other than its persistently best-in-class income progress (which is admittedly a low bar on condition that the corporate has only one/fifth of CrowdStrike’s income), the corporate simply posted its first quarter with optimistic free money movement per share. Its -45% revenue margin continues to be abysmal, however margins have been persistently shifting in the appropriate route. Even within the worst case, if SentinelOne cannot scale to be a viable enterprise by itself, it may nonetheless be an ideal acquisition for a bigger cybersecurity firm.

Lastly, current macro traits are tailwinds for SentinelOne. The corporate has lengthy been touting the advantages of integrating synthetic intelligence with cybersecurity, and lately any firm that merely mentions AI has seen its inventory value enhance. Whether or not that is rational or not is a query for an additional article, but it surely’s not one thing that SentinelOne traders ought to complain about, on condition that the inventory has but to see an “AI bump” of its personal. Equally, whereas it is onerous to spin SentinelOne’s lack of profitability as a optimistic, will probably be much less of a damaging in an atmosphere with falling rates of interest. Particularly, on this atmosphere, it would not make sense to me that an organization like SentinelOne – rising shortly with a strong stability sheet – has a decrease P/S ratio than most of its slower rising rivals.

In fact, there is no doubt that SentinelOne is a dangerous funding on condition that it is comparatively new to public markets, has been unsuccessful in them up to now, suffers from a extreme lack of profitability, and has been out-grown by CrowdStrike because it was based. These dangers stored me on the sidelines till the CrowdStrike outage. However I am betting that the outage shall be a catalyst for SentinelOne to enhance its progress charges and, finally, its margins and inventory value.

Different funding choices

Traders who deem SentinelOne too dangerous can take a look at Palo Alto Networks as an alternative. This firm has been making huge strikes in endpoint safety lately, which may show well timed given CrowdStrike’s points. It is now a pacesetter within the Gartner magic quadrant, when it wasn’t even included within the quadrant two years in the past.

Outdoors of endpoint safety, Palo Alto Networks is a blue chip cybersecurity firm which has numerous and complete choices. Which means, not like SentinelOne, it is positioned to proceed succeeding whether or not or not there’s extra fallout from CrowdStrike. In spite of everything, it is a longtime firm which has been profitable for longer than CrowdStrike or SentinelOne have existed.

The primary purpose I’ve a slight desire for SentinelOne over Palo Alto Networks is solely valuation. Palo Alto Networks’ valuation is cheap, however its P/S ratio is a bit excessive relative to its historic common (though the identical might be stated for the market general). In the meantime, its income progress has been secure for years, however is at the moment on the decrease finish of its historic vary.

In fact, it is value mentioning the opposite leaders in Gartner’s magic quadrant as properly, particularly Development Micro and Microsoft. Nonetheless, these corporations are usually not rising in a short time relative to the general cybersecurity trade. And Microsoft is much from a pure play on cybersecurity. Whereas I’ve lengthy beneficial Microsoft inventory and can proceed to take action, I would not take into account it a cybersecurity funding.

Conclusion

A take a look at a previous incident impacting cybersecurity corporations revealed that traders must be cautious about “shopping for the dip” and dismissing the current CrowdStrike outage. Whereas it is very attainable that CrowdStrike will proceed to be a profitable enterprise and funding, rivals like SentinelOne look extra interesting at this level. They will instantly profit from CrowdStrike’s mis-steps, and their inventory is at the moment at a extra enticing valuation.