SentinelOne Inc. raised $1.2 billion in one of the cybersecurity industry's largest initial public offerings.
Founded seven years ago, SentinelOne launched its IPO earlier this month, and its shares began trading Wednesday at $35 per share on the New York Stock Exchange (NYSE). The endpoint security vendor first filed an S-1 form with the U.S. Securities and Exchange Commission on June 3, offering 32,000,000 shares of its Class A common stock with a proposed price between $26 and $29 a share. The company increased to $31-$32 a share, per an S-1 filing Tuesday.
In addition to going public, the vendor this week also added a familiar name to its advisory board: Christopher Krebs, former director of the Cybersecurity and Infrastructure Security Agency (CISA). Krebs, a widely respected infosec professional, was fired from CISA by former President Donald Trump in the wake of the 2020 presidential election; he later founded the Krebs Stamos Group, an infosec consultancy, with former Facebook CISO Alex Stamos.
While SentinelOne started off defending endpoint devices, it expanded into the cloud security market in 2018 and, more recently, introduced an extended detection and response (XDR) platform.
Fellow endpoint security and threat detection vendors have also gone public in recent years. In mid-2019, CrowdStrike raised $610 million, 70% above its IPO price of $34. In late 2020, McAfee returned to the NYSE, raising $620 million.
Eric Parizo, principal analyst at Omdia, said the move is primarily driven by the need to deliver maximum ROI to its investors. Parizo said SentinelOne is one of the few remaining independent pure-player endpoint detection and response (EDR) vendors, running up a tab of nearly $700 million in venture capital funding.
Much of that funding occurred just last year, as SentinelOne secured two substantial backings. In February 2020, it raised $200 million in series E funding. In November, the vendor announced it raised $267 million in series F funding, led by Tiger Global Management.
Parizo said in order to pay off investors and, ideally, deliver them a profit, SentinelOne either needed a multibillion-dollar acquisition or an IPO.
"Arguably, SentinelOne's last viable potential acquisition disappeared when VMware instead purchased rival EDR Carbon Black in 2019. So, barring an unexpected suitor, the only feasible option left is an IPO," Parizo wrote in an email.
Jon Oltsik, senior principal analyst at Enterprise Strategy Group, a division of TechTarget, said he also believes the move boils down to money. Though going public won't offer much in the short term from a product standpoint, he said, it will give the company an influx of money and a lot of publicity.
"As the company gets more media attention, it will focus on competitive messages vs. CrowdStrike, which is now seen as a market leader and a cybersecurity model company on Wall Street. The goal from there will be getting into more deals, more take-outs of the old guard AV players (McAfee, Symantenc) and XDR positioning," Oltsik wrote in an email.
In pursuit of long-term profitability on the public market, Parizo said, SentinelOne's strategy is to evolve into a full-featured XDR vendor, providing threat detection and response capabilities beyond the endpoint. The vendor is already moving in that direction, with its acquisition of data management specialist Scalyr in February.
According to Oltsik, SentinelOne is already influencing the endpoint security market, while the XDR market is not really established yet. The influx of investment money may also sway SentinelOne to branch out into the midmarket and possibly acquire other cybersecurity vendors to grow its footprint. "I could see it acquiring a company like Vectra [AI] or ThreatQuotient, for example," Oltsik said.
Though SentinelOne is making the move toward XDR, challenges in joining that market still exist. The biggest, according to Parizo, is keeping up with the competition.
"Top-tier vendors such as Palo Alto Networks, Trend Micro and, of course, VMware are all making XDR a centerpiece of their security solution strategy," he said. "In response, SentinelOne must find a way to differentiate."