SentinelOne at Goldman Sachs Conference: Strategic Moves and Market Position

On Monday, 08 September 2025, SentinelOne (NYSE:S) outlined its strategic vision at the Goldman Sachs Communicopia + Technology Conference 2025. The company emphasized its technological differentiation and market strategies, while also addressing financial impacts and competitive challenges. Despite a cautious outlook in certain areas, SentinelOne remains focused on innovation and strategic growth.

Key Takeaways

• SentinelOne’s acquisition of Observa is pivotal for enhancing AI and SIEM capabilities.
• FY2026 revenue impact from Observa is minimal, with a margin dilution of 50 basis points.
• Q2 revenue met expectations, and net new ARR exceeded forecasts by $15 million.
• The company is strategically targeting mid-market expansion and improving sales productivity.
• Emphasis on building a robust data platform to drive AI and application development.

Financial Results

• FY2026 Revenue Impact of Observa: Minimal effect expected.
• FY2026 Margin Dilution: Approximately 50 basis points.
• Q2 Revenue: Aligned with expectations, with net new ARR surpassing predictions by $15 million.
• Full Year Revenue Guidance: Increased by $2 million.
• Federal Vertical Outlook: Cautious due to deal timing and budget cycles.
• Revenue Growth: 23% in Q1 and 22% in Q2, with a full-year target of 22%.
• Margin Expansion: Focused on improving unit economics and sales productivity.
• Target Metric: Progressing towards the "rule of 40."

Operational Updates

• Observa Acquisition: Provides advanced data pipeline capabilities, enhancing data migration and AI connectivity.

- Enables a closed-loop system for autonomous customer experiences.

- Superior to competitors like Cribl in data connectivity and real-time anomaly detection.

- Reduces SIEM migration time from months to weeks.

• EDR Market Strategy: Strength in mid-market due to ease of use compared to larger competitors.

- MDR service acts as a supervisory layer for AI SIEM offerings.

- 50% of the endpoint market still held by incumbents like Symantec and Trend Micro.

Future Outlook

• Strategic Focus: Harmonizing R&D investments to maximize platform value.

- Emphasis on endpoint protection, data layer, AI, SIEM, and cloud security.

- Continued investment in marketing to drive platform demand.

- Aiming for durable growth and progress towards the "rule of 40."

• Identity Strategy: Addressing identity threat detection and response.

- Current PAM solutions deemed inadequate for agentic workflows.

- Developing new concepts for managing agentic identity crises.

Q&A Highlights

• ARR and Revenue Relationship: Q2 ARR was back-end loaded; professional services revenue was lighter than expected.
• Federal Vertical: Optimistic about federal opportunities but cautious due to potential timing shifts.
• Revenue Growth and Margin Expansion: Focus on stabilizing growth while driving efficiency.
• Deterministic vs. Non-Deterministic Approaches: Emphasized the need for transparency and a supervisory layer in security operations.

For a detailed understanding, readers are encouraged to refer to the full transcript below.

Full transcript - Goldman Sachs Communicopia + Technology Conference 2025:

Gabriela Borges: Okay, get started.

Following on the microphone?

Yeah, I think. Okay, cool. A little subtle. Hi, Gabriela Borges. Delighted to have on stage with me my colleague Max Gamperl and Tomer and Barbara from the SentinelOne team. Thank you so much for taking the time today, especially on a day with an M&A announcement. Great to have you.

Tomer, SentinelOne: My pleasure. Thank you.

Gabriela Borges: Tomer, I’d love to start on some of your core technology differentiation, and then we can talk about Observa. It was about this time last year where we were talking about seeing another step up in market education, specifically around the differences of SentinelOne’s technology approach versus kernel-based or other technology approaches in the endpoint space. I wanted to open up with a little bit of a reflection over the last 12 months. How do you feel about your ability to illustrate that competitive differentiation in the enterprise in particular? Do you feel like you’ve made progress there with educating the market?

Tomer, SentinelOne: Yeah, I mean, I think it’s definitely broader than just SentinelOne, right? I mean, we’ve seen Microsoft also try and kind of create a program that allows vendors to move out of the kernel to be able to monitor or get the same level of visibility from kernel-free user space-based solutions. As a whole, I think it raised the awareness for how you need to do security on the endpoint and the level of resilience you need to be operating at to make sure that you obviously don’t cause any type of disruption. I think today it is something that customers always ask about. We take a lot of pride in the fact that you can use our endpoint software even if it’s completely disconnected from the cloud, even if you have no connectivity, even if there’s no internet connection, it remains as effective.

I think that’s the biggest kind of differentiation point that we see when we talk about that kernel. Because at the end of the day, customers are going to be somewhat technical, and I think that the outcome is the thing that matters the most. The outcome here is an always-on agent no matter what happens with connectivity, which is a big thing. If we take it to air-gapped environments, suddenly it’s an opportunity. To us, I mean, it’s just another technical discussion point. It goes alongside with our agent being more lightweight, our agent being faster, our agent being one with the most coverage in the market, works completely kernel-free in Linux environments. I think it’s still a big deal and was a big deal even before the outage in non-Windows environments. I think it’s now also a consideration in Windows environments.

That’s probably the best way I would put it.

Gabriela Borges: I want to move us from talking about the core competency on endpoint to understanding your strategy with AI and SIEM. Maybe actually a great place to start is with the Observa acquisition from this morning. Maybe give it to us in one-on-one terms. How does Observa give you something that you didn’t have before, and where does it fit in the AI strategy and the next-gen SIEM stack?

Tomer, SentinelOne: Yeah, I mean, look, I’ll open at the highest level. There is not a single AI or enterprise transformation that can happen today without routing data from one place to the other, and typically from a legacy system and into an LLM-based system. You want to have the data accessible by AI and for AI. To do that, you really have to use something that’s called the data pipeline. The data pipeline gives you the ability not only to connect to any source of data in the enterprise, but also to manipulate that data, to transform it, to sanitize it, to enrich it, and make it ready to be fed into LLM-based systems. Broadly and outside of security, data pipelines are incredibly important. There’s been one legacy player in that market called Cribl that really had this more kind of structured code-based data pipeline.

As we’re seeing, obviously, through our SIEM motion, the need to migrate data specifically for security from one SIEM to the other, you start realizing all the deficiency points in the current approaches. What we started doing, I think it was kind of late March timeframe, is we started looking, okay, can we find something that can allow us to move data freely with non-structured schemas, something that’s really AI-driven that can maintain connectivity no matter what the connection point is and no matter what the destination point is? Can we find something that can do it as close as can be to real time? It can manipulate data in real time. Can we find something that has the most connecting capabilities to anything that you have in the enterprise? We looked at about 11 vendors, and we POC’d all of them, checked the performance, the security.

We just published on our blog, like, I think, an 11 criteria type of just our internal evaluation of these solutions. Observa was clearly just a mile ahead of all of those. We started talking to their customers, and we got the sense that, hey, you know what? We always felt like routing the data and the data lake story, like all of that needs to be more holistic. There’s really not a lot of credence to just have that component separate and that component separate. If you can bring these two together, you’ll just be able to expedite pretty much every data opportunity that you have because now you’re not leaning on a third party. The customer doesn’t need to go and find a way to route the data.

You can just bring it out of the box, which was another incredibly compelling thing with Observa, is that it’s almost fully self-served. If you think about some of these SIEM migration projects today, what happens is that even if you win the heart of the customer and you say, I got a much better SIEM for you, and they decide to move, they need to go about this long-haul project that needs to map out all the data sources, all the dashboards, all the rule sets, all this stuff. Sometimes they bring in a site. It’s going to take them months to really fully wholly move. Suddenly, with something like Observa, you’re talking about an out-of-the-box capability that spins up SaaS, completely DIY, and you click through your data sources, it connects, and it moves the data, and you’re done.

You can start migrating all the objects within some of these systems. I sincerely believe the things that are going to be possible with these types of technologies, call it in the next year or two, are going to change dramatically the barriers to entry. If once, I think maybe two or three years ago, we talked about the query language being a barrier to move, right? I think that obviously has been removed. Now you kind of hit all these other bottlenecks, and with a robust data pipeline, I mean, you’re removing the biggest barrier out there. For us, owning that, we feel it’s a very strategic layer in the enterprise. Again, it spans beyond security, and we would love to keep that offering as something that just allows you to move data even directly into LLMs.

Take your data from a legacy system, massage it a bit, enrich it, make it ready, context-ready, and have an LLM get access to it. I mean, that’s a huge, that’s what everybody’s trying to do right now. Again, an amazing service and a complement to our data and AI motion, but more generally, a very strategic point for us, point of insertion for us in any environment. That, to me, is kind of the last point on this, is we’ve always, throughout our journey, have been looking for ways to be relevant in any environment. I never like the it’s us or them dynamic, right? I mean, a lot of us in cybersecurity, it’s like, you take my platform, you know, all or nothing, right? I don’t subscribe to that stuff.

For me, something like a data pipeline, I mean, it’s amazing because you can come in into kind of a Microsoft-dominant environment and still be incredibly relevant. You can talk about the rest of the parts of your platform, but just getting that foot in the door, getting a unique capability out there, it’s always something that expands your opportunity set.

Gabriela Borges: Maybe just crystallize this for us. With your pipeline or your migrations that you’ve done so far on AI SIEM, how long does this data pipeline process typically take without Observa? What is it now? You sort of essentially said it was overnight, it sounds like.

Tomer, SentinelOne: Yeah, I mean, I definitely think that the two, three, four months timeframes that we’re seeing today, which are quick, really, really quick. We built a pretty nice system to allow you to migrate. It wasn’t as complete. It’s almost like you do, call it 75% migration in three, four months, and then you have the 15% that’s like the long tail of connectivity that you sometimes need. That goes away completely with Observa, and the time to get up is weeks. To us, in a fully tested, validated approach, we’ve seen it happen with Observa through weeks. We’ve seen it through us POCing Observa in our own private data center with petabytes of data. The scale is immediate.

The support in getting on-premise sources or cloud sources, moving data from cloud to cloud, something that a lot of customers really want to try and do, really hard to do, unifying different SIEM solutions. Many, many, many customers have actually more than one data storage and one SIEM. If you actually want to do security as a holistic thing, you have to start unifying these SIEM solutions. What Observa gives you is the ability to actually ingest data directly from the SIEM. You don’t have to go just to the sources. You can just connect to the SIEM, take the data from there. Very different reality for us starting today. We would love to translate that for customers for sure.

Gabriela Borges: How is it technically better than Cribl, or in what ways is it technically better?

Tomer, SentinelOne: Go to our website. Basically, Cribl is very CLI-based. Still a good solution, right? I mean, performant, works well, but very, very rigid. They built manually almost all of their connectors, and a lot of them, the moment you have a change in the field or some form of data envelope change, you kind of have to maintain it all the time. That part goes away with Observa. PII masking, real-time and only detection, all of those are just tremendous things. You can move a lot of logic into the pipe itself and just overall connectivity. They got so many connectors, just superior in pretty much every aspect that you want and even in performance. To us, again, it feels like just a next-generation data pipeline more than anything else.

Gabriela Borges: Barbara, maybe I’ll ask you the financial implications question. It seems like there is part one, which is how quickly can you ramp Observa. Any commentary on revenue and margin today? The second derivative question is, what are the implications for your emerging products portfolio and the SIEM piece in particular, or even the data piece too? It sounds like both those pieces move together.

Barbara, SentinelOne: Yeah, just to echo what Tomer said, this is very, very strategic for us. From a financial perspective, in FY2026, the revenue is de minimis. It’s pretty small, so there’s not going to be a significant top-line ARR or revenue impact in the current year. From a margin perspective, it’s approximately diluted by about 50 basis points. I think there’s two pieces to it. We can sell the data pipeline standalone, and we can sell it with our AI SIEM. The way we’re looking at it is it’s a catalyst to continue to drive our AI SIEM sales, but there’s also the opportunity to sell it standalone.

Gabriela Borges: Thanks, Evity.

Max Gamperl: Great. Tomer, can you bring us up to speed on what you’re seeing in the core EDR market? You accelerated endpoint last quarter. What are you seeing changing in the competitive landscape? What types of prospective customers are still using legacy solutions, and what would catalyze them to make the switch?

Tomer, SentinelOne: Yeah, so the most important part here is that 50% of the endpoint market is still, I think it’s probably the fourth year in a row that I’m sitting here and saying that about 50% of the market is still in the hands of incumbents. Symantec or Broadcom, sorry, Trellix, they changed name, but it’s the same thing. Trend Micro, Webroot, there’s a lot of it. That part of the market is half of it, but it’s not in the Fortune 500s, right? I mean, Fortune 500s have largely made an endpoint decision. They have multiple footprints. Sometimes there’s still some moves and shakes there. Basically, when you look at that incumbent part of the market, that brown field, it’s in the long-tail mid-market for endpoint protection.

The dynamic we’re seeing there is one that we like a lot because it’s a part of the market that cannot deal with complexity. Thus, when you look at our competitors, you know, look at somebody like Microsoft, it’s true they have the go-to-market engine and they’re lending a lot of those just by force of inertia, basically. For a 100-type person SMB, the level of complexity that brings is really not great for them. When they have the option, and if they have the option, and if they’re not getting this massive benefit from going for like an E5 or an E3, they choose to go with SentinelOne because it’s super simple. It’s plug and play. It’s one of the best solutions in the market, and it’s easy to use at the same time. It’s highly, highly accessible for that part of the market.

We typically don’t see the other market participants. The other market participants, you know, when they sell, they attach services to it, like probably 99% of the time. That’s not the greatest fit in that part of the market. It comes with a lot of commitment. Some others, you kind of have to have a complete platform desire for them to even be applicable. When we look at the mid-market where we have been traditionally strong, we just see continued strength. I mean, we’re seeing less competition. We’re seeing a great fit with our solution. I think that’s what’s driving the acceleration. That’s why we’re going to continue to focus in the endpoint market. We talk a lot about emerging. We add capabilities. We acquire capabilities. It’s 50% of our quarterly business now.

At the same time, if we had our pick, we would want to see the pie overall become bigger, not something eating from some, not emerging, taking away from endpoint, not endpoint taking away from emerging, just expanding the pie. It’s a good market. We’ll take incumbent displacements every day of the week. It’s definitely a much easier sales motion. I think it’s just about creating pipeline, executing on pipeline, and that’s what we’re doing there.

Max Gamperl: In your emerging products portfolio across SIEM, data, cloud, and Purple AI, what are you most excited about? What do you think is going to have the most meaningful impact in the next, say, 12 to 18 months?

Tomer, SentinelOne: Yeah, look, it’s like picking a kid, right? I really like what I see, you know, obviously with data. I mean, again, some of our components have strategic meaning. They’re not just components. Obviously, owning the data pipeline juncture, amazing. Having a real-time data lake, one of the only in the market, amazing. Those two are catalysts for everything AI. Because where do you apply AI? You apply it on the data. Where do you get the data? Through the data pipeline. Where do you store it and how do you traverse through it? In the data lake. How do you then automate action? Through hyperautomation. Today, I mean, post this acquisition, we basically have a complete closed loop of all capabilities to build a true autonomous experience for customers out there, regardless of the service, regardless of endpoint or cloud or whatever it’s going to be.

That’s what excites me the most, I would say, just the synergy of our products all the way to our MDR service. Our MDR service is now becoming a supervisory layer to our overall AI SIEM and AI offering. I think the world of cybersecurity is going to move at some point from these models that we see today, the thoughts about products and platform and services, into a more all-inclusive AI cybersecurity layer that can start really kind of orchestrate all the other parts of cybersecurity, all the other controls of cybersecurity.

Max Gamperl: In SIEM specifically, the incumbent products are very sticky. How do you see the evolution between security-specific data lakes versus broader SIEM data lakes progress? What would catalyze a customer to make the switch from an incumbent vendor?

Tomer, SentinelOne: Yeah, I mean, look, a lot of it goes back to the pipeline conversation. You’re just moving the data is pretty significant. Cost, huge factor. Latency, huge factor. I mean, we’ve just seen, just last week, like two or three AI-born cyber attacks. Now, we can all argue about the level of sophistication or not. We’ve actually seen cybersecurity vendors get breached by those same types of attacks. What you do see is the speed is increasing and the velocity of these attacks, you know, that’s increasing as well. You’re at that point that if you don’t have a system that can monitor in real time what’s going on and help you orchestrate action in real time to what’s going on, you’re going to be 100% left behind. It’s not even about the detection logic. It’s just about the completeness of visibility, the timeliness of visibility.

If I have a, I don’t know, a Splunk SIEM today, however sticky it is, at some point, I really need to figure out whether I’m comfortable with opening up that system and looking into the past because what I’m going to find there is going to be 10 minutes, hour, stale information sometimes. That, in our day of age, you know, just not acceptable if you ask me. Maybe acceptable for some, but it’s not acceptable if you want to be truly protected. It’s a lot of risk that’s building in those systems. It’s across the entire legacy stack. We’re not going to be fair picking only on the SIEM, but I think that’s where you’re going to start seeing the inertia move with security. Maybe then later on to broader IT, to your point.

Our focus right now is security, but I can definitely see a world where, you know, it’s so within reach that we’re going to expand the offering as well.

Max Gamperl: You may have heard there’s renewed debate around the identity market and understanding where endpoint vendors might fit in the identity security market. What’s your strategy in identity? Which elements of identity do you think would belong to SentinelOne versus needing to be sold separately?

Tomer, SentinelOne: Yeah, you know, healthy debate is always welcomed. I think that right now, it’s still a huge question mark on what’s going to happen with identity or identity security. I mean, the market is so non-structured, not well-formed, nor the problem. Like if we think about the next problems in identity security, I don’t know, and I’m sorry to say that, if a 20-year-old PAM provider is going to solve the agentic identity crisis. I just don’t see how these solutions even map together. By the way, if anybody’s situated to do that, it’s also not us. I mean, it’s going to be the IAM providers, the Identity and Access Manager providers. They, as the name would imply, are there to regulate access through identity.

I kind of feel like a lot of the talk about identity might be a little bit misguided, if you ask me, especially around like PAM and all that stuff. PAM was always like a very narrow footprint type of a solution. To think that that’s going to scale to like million and million and millions of ephemeral agentic spun-up processes, just don’t see it. I don’t see it even meeting the scale technically. I don’t know exactly what happens next in the identity market. I don’t see a solution today in the market that can solve that. Our place is really around identity threat detection and response and identity security posture management. I think that some of these models can be expanded to also deal with some agentic workflows, not with all agentic workflows. I really think there’s a new concept that’s needed.

It might not even be identity born. I don’t think it’s said and done that every ephemeral workload needs to have an identity of its own. I mean, it needs to have privileges, it needs to have permissions, it needs to have a system that governs it. To think that you can just manage all of those by saying, oh, an agentic thing is basically an equivalent to a human, and let’s put it in the system and put a policy and call it a day, I really don’t see it. I don’t have an answer for you, but I don’t like the current answers either.

Max Gamperl: It’s helpful.

Gabriela Borges: Let’s have a little bit of a discussion around go-to-market. Barbara, I’d love to get your view on this as well. For the longest time, SentinelOne has just had this really solid reputation in core endpoint. I think it’s been a little bit of an evolution to become more of a platform company. Now you’re at the point where 50% of bookings are coming from emerging solutions. Maybe level set us. What do you think is working well in the go-to-market in having customers think of you as more of a holistic AI closed-loop autonomous solution? Where do you still have more work to do?

Barbara, SentinelOne: You want to start?

Tomer, SentinelOne: I’ll say a few words. Obviously, it’s something we’ve been working on for more than a year now with the go-to-market evolution that we went through. Just the concept itself of moving from a product to a platform, it’s a journey for every company. We feel like we’ve made pretty significant strides. I think last quarter, our performance was heavily tied to broad-based execution. A lot of it was the fruit of changes that we’ve made along the years, right? Not just anything specific. That conscious effort to grow the emerging bucket, that conscious effort to move to sell the platform and introduce Flex, all these things have now created better accessibility for our platform and more velocity for our go-to-market. Nobody’s declaring victory internally. We still got a lot more work to do. It’s a constant evolution. I think marketing in itself is a place where we’re investing more.

As a whole, my job is to try and create the demand. Barbara is working hard on all the efficiencies and the proficiencies in the go-to-market engine. I think.

Gabriela Borges: Yeah, I would say from my perspective, like getting the engine, you know, executing well, like especially after Q1, obviously we were impacted by macro, but we also felt like that was something we could have executed better through. You can see that execution and that focus really paid off for us in Q2. On the other side of things, it’s just really looking hard at the unit economics within our sales and marketing and how do we improve that. How do we increase sales productivity for our direct reps. As we look at kind of all of the helpers around the reps, what’s the right balance. They’re doing a lot of benchmarking and focused on improving that metric over time. That’s where we’re really going to get the leverage in terms of expanding margins in the future.

From a benchmarking standpoint, tell us a little bit more about how you go about that exercise and where are we in terms of how long till we get to the benchmark that you want to hit.

Barbara, SentinelOne: Yeah, I would say we’re just getting started and we’re starting to see some benefits of that. We’ll see it in the second half with improved unit economics. It’s all the things from quota per head and number of SEs per AE, what’s the manager ratios? Really looking at all of those very data-driven metrics within sales as well as our marketing spend to improve that metric over time.

Gabriela Borges: Yeah, and it’s actually, this is a question for both of you as well. There is a little bit of a question around scale in the security industry. You’ve got Microsoft talking about $4 billion in security R&D. You’ve got Palo Alto Networks and CyberArk now combined will be a bigger company. You’ve got CrowdStrike that will say that they outspend you on sales and marketing and R&D. It’s a little bit of a question on how do you think about your ability to punch above your weight and deliver the type of net new ARR acceleration that you just put up in 2Q with a smaller OpEx budget when we know that in security, winning is not just what the technology you have today, it’s the investment you’re making in the technology roadmap and the go-to-market.

A little bit of a question on how you think about your relative scale versus some of these bigger competitors.

Tomer, SentinelOne: Yeah, I mean, look, it’s a 10-year in the making type of a question because when you start a company, you kind of start at the deficit point to begin with. Ten years ago, it was Symantec and McAfee that could have said the exact same thing. I mean, you’re a two-person startup. Your R&D budget is always going to be smaller than that. I do think eventually it comes down to innovation and it comes down to architecture. When you think about what we’re building, we’re not spread around across like 100 different things. I know it might look like that from the outside, but at the end of the day, we got four things, four disciplines. We got endpoint protection that’s leaning heavily on our data layer, and our data layer is where everything else lives. When we talk AI, it’s built on the data layer.

When we talk about the SIEM, it’s an application that’s built on the data layer. When we talk about our cloud security, it’s another application that’s built on our data layer. At the end of the day, I think we built, and we’ve talked about it actually for many years, this idea that you can build a highly robust data platform which will enable you to then unlock applications on top of. That’s exactly how our R&D works. We’re also, you know, we’re pretty good in choosing what not to do. We got 30 plus capabilities on the platform while others sometimes have, you know, 50 or 60 or 70. Not all of them, you know, are as important. Not all of them are differentiated. Not all of them are applicable in many of these accounts.

For us, I think just the focus and making sure when we invest R&D time, we invest it in strategic capabilities. When we make acquisitions, we invest it in strategic capabilities. The Prompt Security acquisition was exactly the same thing. Huge need, clear need, no other solution that can do what Prompt can bring. The immediacy of the solution, which means that it can be deployed right now to solve a customer issue, and the proximity to the endpoint, which is a great complement to the footprint that we already have. Even when you think about something like Prompt Security, it’s not going to be net new R&D for us. It’s going to lean on the existing R&D investments that we already have in the endpoint space.

When we look at all these components, for us, it’s always about how do we harmonize it to the point that we invest in what matters and that we continuously kind of get compounded value. I think that’s the only way to kind of look at these budgets that others have. We’re nimble and we’re incredibly efficient. At the end of the day, you also got incredible talent, right? People, sadly enough, have been trying to poach our people day in, day out. Most of the management in our peer is coming from SentinelOne. In many ways, we compete against SentinelOne. It’s all good. We love to see the space progressing. We love to see the innovation that’s being copied sometimes. It’s all good. It’s getting everybody more secure.

Gabriela Borges: Barbara, anything you would add here? I know you’ve been at companies of all sizes.

Barbara, SentinelOne: It’s focus. It’s all about focus and that ruthless prioritization, making sure you’re getting the return on the investments you’re making. Focus, focus, focus.

Gabriela Borges: Let’s pause for a moment. Questions from the audience? Max, you want to hit some of the fans?

Max Gamperl: Yeah, Barbara, let’s talk about Q2. Rarely do we see a software company beat net new ARR by $15 million and raise the revenue guide for the year by $2 million. Help us reconcile this gap.

Barbara, SentinelOne: You want me to do the math?

Max Gamperl: That’d be great.

Barbara, SentinelOne: Yeah, great question. We had a really strong Q2, very broad-based strength across the business. There are two dynamics, right? We were in line on revenue for Q2, but a $15 million beat, as you said. It was a very back-end loaded quarter. When you think of that outperformance, large deals primarily landed in the last week of the quarter, that doesn’t contribute very much to revenue. That’s number one. Number two is professional services. It came in lighter than we were expecting. It’s a small part of our business, but it did have an impact. As we thought about the full year impact and being very prudent in terms of our outlook, we took those two dynamics into account. More back-end loaded quarters and then lighter professional services in the second half.

If we did not have those, yes, we would have had a bigger raise, but instead we had two.

Max Gamperl: Got it.

Barbara, SentinelOne: Feeling really good about Q3 and the back half of the year, a lot of confidence around that.

Max Gamperl: That’s very clear. You did mention some conservatism around the outlook regarding the macro environment, particularly in the federal vertical. Is there anything specific that you can point us to in federal that’s making you more cautious than some of the other vendors we heard? Is there anything?

Barbara, SentinelOne: Yeah, I mean, we continue to feel really good about the opportunity we have in federal. I mean, the opportunities, the engagement we’ve got, it’s all very encouraging. We’ve got a lot of different growth drivers there. If you think about our solutions, our key focus areas, whether it’s endpoint, AI SIEM, cloud, hyperautomation, purple, they are all FedRAMP High. It gives us a lot of confidence around federal, but timing around deals in federal can shift depending on what budget cycles are and different program initiatives. We just took a more cautious outlook as we thought about our federal pipeline. Overall, feeling really good about that side of the business for us.

Max Gamperl: Great. Do you have time for one more? Yeah.

Barbara, SentinelOne: Yeah.

Max Gamperl: I’d love to. All right.

Barbara, SentinelOne: Yeah, please.

Max Gamperl: When we look into next year or the next couple of years, and street estimates are estimating stabilization at around 20% or more revenue growth over the next couple of years, at the same time, they expect margins to expand at a similar pace as in prior years. Help us reconcile being able to stabilize revenue growth while being able to expand margins at a similar rate.

Barbara, SentinelOne: Yeah, I would say it’s not either/or. It’s a balance. The good news is we’ve been really focused this year on stabilizing revenue growth. If you think about the first half, Q1 was 23%, Q2 22%, for the year 22%. Check stabilizing revenue growth and then continued focus on driving efficiency. Really focusing on driving efficiency. I talked about improving our sales unit economics as well and using some of that efficiency to reinvest for growth in the business. Overall, durable growth, continued operating leverage in the future, and really starting to make steady progress towards that rule of 40 metric and increasing our performance there over time.

Gabriela Borges: Tomer, I want to end on a technology question. How do you think about the balance between deterministic and non-deterministic in the security operations center, knowing how risk-averse security people are? How do you put enough guardrails on something like Purple AI Athena so that it’s safe or accepted while also having it be useful?

Tomer, SentinelOne: I have a really interesting vantage point on this one, given that 10 years ago or 12 years ago, when we started, we introduced a complete heuristic-based non-deterministic thing that was called endpoint protection or EDR or whatever we called it back then. We tried convincing people to go from a fully deterministic, antivirus-based, signature-based solution and into something that holds no signature and basically, you know, decides via heuristics whether something is better or good without ever knowing the file or the signature or any of that sort. To the point that there was no test in the space to validate whether what we do is even apples to apples because there was no apples to apples ability to compare. It took some time. I mean, it took some time.

I think that we had to prove to folks that this can be as accurate, at least as the kind of, you know, old world of signatures, but obviously that it can detect the whole barrage of things that signatures will never have the ability to do. I do think at the end of the day, it’s going to be, no matter the technology, it’s going to be market education. It’s going to take some time. You need to build a ton of trust in these systems. For us back then, and also now, transparency is going to be incredibly important. Just the ability to show what the system is doing, to put benchmark evaluations out there that show the efficacy in what is being done, it’s going to be key. You know, my team likes to say autonomy without accountability is not worth anything. I really like that.

Without having the ability to show exactly what happened, to audit it, and to have a supervisory layer, I think at least in the interim, you can never get to full autonomy. Even when you take a Waymo, at the end of the day, there’s a human out there in the control center that’s looking at everything. There’s an escalation; there’s going to be somebody there. Do not get fooled by the fully autonomous stuff, right? The same is going to go for security. I think there’s going to be, again, a supervisory layer, very deep technology that can do a lot of stuff autonomously, not everything autonomously, at least not in the immediate future. That, I think, is how the non-deterministic, via deterministic stuff is going to shake out.

The last thing I’ll say is that back then, and true to today as well, we felt like there was no other way. There is no way to scale cybersecurity with just deterministic stuff. There was just not enough prior knowledge. Attacks can be zero-day, which means that you can never detect them deterministically. I think it’s just a compromise we’re all going to have to live with. Like almost everything we’re doing today is becoming non-deterministic, non-biased, non-binary. Even when we drive our car and our car is going to start being more automated, that’s non-deterministic, right? You press the gas pedal, maybe it goes, maybe it doesn’t. You know, that’s the world we live in.

Gabriela Borges: It’s a great place to end. Tomer and Barbara, thank you for your time. Please join me in thanking the SentinelOne management team.

This article was generated with the support of AI and reviewed by an editor. For more information see our T&C.