Summary

• Netskope’s core advantage in SASE stems from its CASB-first, data-centric origins, which have compounded into deep SaaS semantics and transaction-level context as enterprise environments become more complex.
• Long-standing investment in DLP and app “grammar” enables granular, workflow-preserving controls, positioning Netskope to govern data usage precisely rather than rely on blunt allow/block policies.
• The platform appears well-positioned to extend these data-centric controls into the GenAI and agentic AI eras, where risk increasingly sits inside legitimate interactions rather than at the app boundary.
• NewEdge functions as a product enabler rather than mere infrastructure, making heavy inline inspection and rich enforcement usable at global scale without degrading user experience.
• This is Part 1, focused on technology, moat, and market structure, with Part 2 covering AI security, competitive comparisons, and the DCF valuation.

Executive Summary

Netskope sits at the center of a structural shift in enterprise security and SASE: environments are becoming far more complex (multi-cloud + on-prem, remote work, managed/unmanaged devices, hundreds of SaaS and private apps, more data types), and GenAI is now adding a new class of grey area interactions (prompts, responses, file uploads, and, soon, agentic workflows that execute actions across tools). In this world, security can’t be reduced to binary allow/block decisions without either crippling productivity or pushing users to route around controls. The winning model is increasingly context-rich security: the ability to understand, in real time, who is doing what, in which app instance, from which device, with which data, and whether that interaction is normal or risky.

Convequity’s core view, dating back to our earliest coverage of Netskope as a private company, is that the company’s CASB heritage and DLP obsession were not side features in a SASE world dominated by network security incumbents, but a compounding advantage that would become more valuable as SASE evolved toward data-centric, transaction-level control. In early SASE conversations, many investors and practitioners implicitly assumed the inline network layer would be the decisive battleground, and that CASB would be a supporting module. Our view was the opposite: CASB-grade SaaS understanding plus deep data classification would increasingly determine who could deliver granular policy without crushing productivity, especially as SaaS sprawl, shadow IT, and AI-driven data movement turned ordinary sessions into high-risk data transactions. That prediction has come to fruition. As the SASE market has matured, Netskope’s app and data semantics have proven to be a real differentiator in SSE, and increasingly a foundation for its broader SASE posture.

This also underpins a second Convequity hypothesis that has strengthened over time and is increasingly reflected in third-party validation. We believed it would be harder for inline network security incumbents to expand into CASB-grade SaaS and data understanding than it would be for Netskope to expand from out-of-band SaaS visibility into inline enforcement. The reason is simple: there are far fewer shortcuts to learning thousands of SaaS applications, their tenant/instance behaviors, their internal action models, and the many ways sensitive data can move and hide, than there are to building an enforcement plane once you already understand what needs enforcing. Over the past 1–2 years, as context has become the differentiator and as analysts have elevated Netskope’s standing in SSE/SASE, that early thesis has looked increasingly well-timed: Netskope’s out-of-band CASB roots became an asset in the inline SASE era because they supplied richer inputs for precision control.

Two other high-level takeaways matter for investors. First, Netskope’s NewEdge global network is not just a distribution layer; it is a product enabler. Deep inspection, granular DLP, and context-aware controls are only valuable if they don’t impose an unbearable user-experience tax. Netskope’s strategy has been to make rich, inline enforcement feasible at global scale by running its full stack consistently across a high-performance private network, reducing the traditional security vs performance trade-off that often limits how aggressively enterprises can enforce policy. Second, Netskope’s differentiation is increasingly aligned with where SASE appears to be heading: away from gateway inspection as the primary battleground and toward unified data protection and risk-adaptive access control. As the attack surface shifts toward data misuse, shadow AI, over-permissioned integrations, and tool-using agents, SASE leaders will be those that can continuously interpret context across users, apps, devices, and data and respond with graded controls (coach, step-up auth, justify, isolate), rather than defaulting to blunt blocks that break workflows.

We have been covering Netskope since 2021 as a private company, and the company’s IPO was in September 2025. Since the IPO, Netskope’s stock is down 22% while the NDX 100 is up 5%. We view this as an opportunity. The stock is trading at 10x EV/S despite 30%+ growth, positive FCF, and a credible path to competing well in SASE as AI drives a step-change in data movement and security requirements. An EV/S multiple around 10x implies the market expects growth to decelerate quickly and doubts Netskope can ultimately reach the kind of profitability seen at mature leaders like PANW and FTNT. Our view is the opposite: Netskope’s compounding app + data intelligence, paired with a purpose-built global network that makes real-time enforcement usable, gives the company a plausible technological moat in SASE that should translate into durable share gains and improving profitability over time.

It’s also worth highlighting a broader market dynamic that may be distorting perception. Many seat-based software and security businesses have been de-rated by investors even when growth remains solid, as the market frets that “human seats” are a capped TAM and that seat growth inevitably slows as penetration rises. Netskope is being priced in that same bucket today. But the AI era creates a credible path to a very different seat curve: agentic workflows imply a future where machine seats (agents, service accounts, autonomous tool-users) could outnumber human seats by 100x or more. If that plays out, vendors embedded in work and traffic flows (security control planes like Netskope and PANW, and work platforms like MNDY) are structurally positioned to capture a second S-curve as enforcement, governance, and policy expand from humans to fleets of non-human actors. The timing and monetization model will come down to execution, but the market is not pricing in much option value for that transition today. We will lay out the product and competitive evidence for this view throughout the report, and we will share our detailed DCF valuation later.

Why now: AI is turning “web traffic” into high-risk data transactions

The structural change isn’t just “more apps in the cloud.” It’s that enterprise activity is becoming a constant stream of high-variability data transactions across SaaS, private apps, APIs, and (increasingly) machine-to-machine workflows. GenAI accelerates this shift by turning everyday workflows into prompt + file + output exchanges, while agentic AI pushes even more of that activity into automated tool calls and background actions. The result is an explosion in data in motion and data at rest, occurring across far more places than corporate IT can comfortably see or control, and happening at higher speed than legacy controls were designed to handle.

The macro driver: exponential growth in data interactions, not just traffic volumes

1. AI-era enterprise environments are defined by simultaneity and distribution: multiple clouds plus residual on-prem, remote/hybrid work, managed and unmanaged devices, hundreds of SaaS and internal apps, and a widening range of data types (structured, unstructured, images/screenshots, code, embeddings, etc.). In this world, raw “secure connectivity” is necessary but insufficient. The practical bottleneck becomes whether a vendor can deliver consistent inline control at scale without becoming the performance tax that users route around. That’s where a globally distributed, high-performance security network matters: as the amount of inspection-worthy traffic rises, the ability to keep latency low while enforcing controls becomes a requirement, not a nice-to-have.