2023-04-18 03:06:26 ET
Summary
- During its investor briefing of earlier this month, CrowdStrike once more confirmed why it is a leader in the cybersecurity industry and my top pick.
- CrowdStrike has a strong competitive advantage, driven by its expertise in leveraging AI and ML to drive innovation and more capable cybersecurity solutions.
- CrowdStrike is poised for market share gains as its legacy peers can't keep up with the rate of industry innovation which puts CrowdStrike in a strong position.
- In addition to being a technology leader, CrowdStrike also offers top-notch financials with impressive revenue and EPS growth, while reporting an FCF margin above 30%.
- While the current fiscal year will be impacted by macro headwinds, CrowdStrike still expects to report an ARR of above $5 billion by the end of FY26, and I believe it can outperform.
Investment Thesis
I initiate my coverage of CrowdStrike ( CRWD ) and rate the company a buy at a current share price of $136, following CrowdStrike’s recent investor briefing presentation in which the company once more confirmed why it is one of the best-positioned cybersecurity companies in the world.
CrowdStrike is my number-one choice in the cybersecurity industry today. The company has a strong technological advantage versus legacy peers, which should cause substantial market share gains over the next few years. In addition, the company has been quickly expanding its platform, now offering 23 modules across several cybersecurity verticals, making the platform much more attractive to large enterprises as a single-platform, single-agent solution.
Besides a strong product offering, CrowdStrike also delivers top-notch financials with its growing revenue at a rapid pace while reporting a 30%+ free cash flow margin which is expected to expand over the next couple of years. Add to this the net retention rate of above 120% and the rapid addition of new customers, and this company is poised for impressive growth over the next several years. Simply put, CrowdStrike is a cybersecurity leader with massive growth ahead while delivering outstanding profitability. This company is a no-brainer at the right price, and with the share price down by almost 40% over the last 12 months, we might be looking at an attractive entry point for investors.
Within this article, I will show you why I believe CrowdStrike is the best cybersecurity play by diving into CrowdStrike’s fundamentals, financials, and growth opportunities. I will also extensively discuss its offering and competitive advantage to better understand what I am buying as an investor. Also, this will allow me to get a better idea of its growth prospects and industry dominance which are highly correlated, of course. Moreover, as an investor buying a part of a company, it's crucial to understand what they sell and what makes them a winner.
Let’s dive in!
CrowdStrike Holdings – A leader in Endpoint Security
CrowdStrike Holdings, founded in 2011, is a leading cloud-native cybersecurity company in the field of endpoint security through its Falcon platform. The company once started by offering a single cybersecurity module but quickly gained market share with this as its lightweight agent and its AI-powered prevention offered real innovation in the cybersecurity industry with impressive threat detection & response. Also, back in 2011/12, AI was not as popular as it is today. CrowdStrike leveraging this technology in its early stages really put it ahead of the pack from a technical perspective. And this leverage of AI and the strength of the single agent (agents refer to software components that are installed on endpoint devices or servers to provide continuous monitoring and protection against cyber threats) approach has allowed CrowdStrike to quickly expand its platform from one module to 23 today through the addition of cloud security, identity protection, security and IT ops, threat intelligence, and observability, on top of its already-dominant endpoint protection offering. Through these additional modules, CrowdStrike can extract more value from every customer using its platform by adding more modules to the product. Ultimately, upselling an existing customer is much easier than convincing a new customer. Also, by expanding its offering, the company’s TAM has quickly expanded.
Now, through the AI-driven single-agent Falcon platform, CrowdStrike has redefined the so-called XDR platform. An XDR (Extended Detection and Response) platform is a security solution that consolidates and correlates data from multiple security products and sources. It provides a centralized view of security alerts and incidents and uses advanced analytics and automation to detect and respond to threats. CrowdStrike primarily distinguishes itself from the competition by using advanced AI and ML over signature-based threat detection which is still used by traditional cybersecurity companies like McAfee, Symantec ( AVGO ), and even Microsoft ( MSFT ). Explaining a bit more on this, signature-based threat detection is a traditional approach to detecting and blocking malware and other types of cyber threats. It works by comparing the characteristics of a file or program with a database of known threat signatures. In the case of Microsoft, these signatures get updated about 7 times a day. If a match is found, the security system will flag the file as malicious and prevent it from executing. And this has worked perfectly for a very long time, but today, more and more cyber-attacks tend to be malware-free, making this way of threat detection very fragile. According to CrowdStrike, about 71% of the cyber-attacks today are malware-free already.
Opposed to the signature-based strategy from the legacy cybersecurity companies, CrowdStrike’s AI-driven method does not rely on known threat signatures, but its machine learning-based detection uses algorithms to analyze patterns and anomalies in data to identify potential threats, which allows it to adapt to new and emerging threats and can identify previously unknown threats based on their behavior. Therefore, it is very safe to assume that signature-based detection will quickly be replaced by AI-driven detection, favorably positioning CrowdStrike as a frontrunner today.
Summarizing this, it is actually really simple. The winning strategy for CrowdStrike is its one platform, one agent offering, delivering state-of-the-art full cyber protection driven by AI technology to ensure the highest quality threat detection.
As a result of this strong competitive advantage of CrowdStrike discussed above, the company is already the leader in endpoint security with a 17.7% market share, according to IDC . With this, it is far ahead of any of its “next-gen” peers with the top 10 only holding a 7.4% market share in total. Legacy signature-based vendors still hold a 46.7% market share in this industry, with Microsoft as the top competitor holding 16.4% of the market. And that legacy vendors still hold such a large share of the endpoint protection market is a good thing today as it screams opportunity for CrowdStrike. With signature-based solutions getting outdated, CrowdStrike is best positioned to steal away market share from these legacy companies over the remainder of the decade and massively increase its own market share as the leading next-gen vendor. It is simply a matter of time before enterprises move away from signature-based protection to keep data breaches low.
And CrowdStrike has not just accidentally chosen endpoint security as its central offering. CrowdStrike centers its offering around endpoint protection because 80% of the most valuable security data collected comes from the endpoint. The reason for this is the simple fact that this is where the activity happens, making it attractive for cybercriminals to target these individual devices such as traditional endpoints like laptops or modern workloads in the cloud. Moreover, 90% of successful cyberattacks and 70% of successful data breaches originate at the endpoint, making it the number one focus for enterprises and governments, especially with remote working remaining popular, resulting in many more endpoints.
I will get further into endpoint market growth drivers and what this means for CrowdStrike later in this article, but first I want to focus a bit more on its advantage versus competitors, and Microsoft in particular. I already mentioned the difference in threat detection approach as Microsoft seems to still work with signature-based technology, but during the latest investor briefing, CrowdStrike went much further by pointing out Microsoft's weaknesses.
According to CrowdStrike, 8 out of 10 customers choose CrowdStrike over Microsoft, and this is driven by several factors. This includes simplicity for customers as CrowdStrike operates one console with just one agent. At the same time, Microsoft Defender uses up to 9 consoles with multiple agents, making it complex, more expensive for the customer, and less effective. In addition, CrowdStrike made the bold claim that 95% of the compromised endpoint that CrowdStrike remediates are on Microsoft Windows, and 75% of those times, it was Microsoft Defender that was bypassed due to malware-free breaches, highlighting the weakness of the Microsoft offering. So yes, these numbers do look quite bad and CrowdStrike is not going easy on Microsoft at all.
That the CrowdStrike platform is indeed preferred over Microsoft Defender is also visible in research by Gartner . CrowdStrike easily outperforms Microsoft on every single metric and gets an overall rating of 4.8/5 versus Microsoft’s 4.4/5. With both receiving around 1000 reviews from customers, CrowdStrike is clearly better able to satisfy its customers with 97% willing to recommend CrowdStrike (vs 78% for Microsoft), which is quite an impressive metric and a good indicator of a successful cybersecurity vendor.
CrowdStrike operates by far the leading endpoint protection platform available today, driven by AI technology and a one-agent approach. Therefore, it is safe to say that the company is poised to meaningfully increase its market share in this market, especially by taking away market share from legacy vendors, positioning it well for solid financial growth. Overall, I believe CrowdStrike has a very strong competitive advantage and from a technical perspective, this is my number one bet in the cybersecurity industry for future success.
On that note, let’s move to the financials.
Top-notch financial metrics and plenty of growth ahead
The strength of the CrowdStrike platform is also reflected in its financials which are also top-notch after years of impressive above-industry growth. FY23 was no different with CrowdStrike reporting 54% revenue growth with revenue coming in at $2.24 billion, of which $2.11 billion is subscription revenue. Crucially, CrowdStrike also managed to show strong growth in its annual recurring revenue [ARR] numbers with it ending the year with $2.56 billion in ARR. In FY23, the company added a solid $828 million in net new ARR, which meant a 48% increase YoY, showing strong continued growth. This is the result of the company adding 6600 net new subscribers to its platform, bringing the total to 23,000 subscribers. Now, we will primarily focus on ARR growth when looking at CrowdStrike, as ARR is a key indicator of the company's ability to generate stable, predictable revenue streams over the long term. ARR represents the annualized value of recurring subscription revenue from customers at a given point in time, and it is a key metric for subscription-based businesses like CrowdStrike.
Back to the financials, CrowdStrike is well underway to achieve its FY26 end-of-the-year goal of reporting $5 billion in ARR. Management remained confident in achieving this, even though it does expect the current headwinds to remain and have a 10% negative effect on ARR growth in the first half of 2023. Still, doing the math, I believe this target should be easy to achieve for CrowdStrike. To reach this target, CrowdStrike does not need to sustain its current ARR growth rate (79% CAGR over the last 5 years) but simply needs to repeat what it did last year, which is adding $828 million in net new ARR. If it manages to keep doing this for the next three years, it will result in an ARR of around $5 billion. For FY24, CrowdStrike expects this number to remain similar to FY23. For FY24, it projects stronger growth in its ARR again as the economic situation improves, indicating that it expects to report an ARR meaningfully above $5 billion by the end of FY26.
Also, with CrowdStrike deriving 50% of its ARR growth from expansion (and the other 50% from new customers), its best-in-class expected 120% net retention rate for FY24 will be another contributor to strong ARR growth. This is how management summarized it:
Our best-in-class gross retention rate, strong dollar-based expansion rate, growing customer base, and our meaningful technology differentiation give us confidence in our ability to reach our vision and profitably grow this company to $5 billion in ARR and beyond.
And there is absolutely no reason to discuss against this. CrowdStrike looks well underway to outperform this target. Still, investors would have hoped for an upgrade of this outlook with its investor briefing. I think CrowdStrike chooses the remain conservative and not over-promise in this highly uncertain economic environment. Still, CrowdStrike will see a meaningfully higher ARR by the end of FY26, driven by several growth factors.
CrowdStrike is expected to see strong continued growth over the next several years, despite its increasing size. Yes, growth rates of 70%+ might be in the past now, but with the company still growing at above 50% YoY, investors really do not have much to complain about, even if this drops to 30%. Now, among the most important growth drivers are its growing customer base, the introduction of new modules, and maintaining best-in-class retention rates to increase the number of modules per customer.
As discussed earlier, the company has been introducing new modules at a rapid clip and still has many more cybersecurity product segments that it could penetrate with its Falcon platform. Through the offering of new modules, the platform gets more interesting to potential customers, and it allows the company to derive more revenue from each individual customer as is illustrated by this comment from management during the investor briefing:
Just five years ago, we only had 400 customers with greater than $60,000 in ARR. Now a customer needs to spend more than $1 million to be considered a top 400 customer.
And that the CrowdStrike module offering is growing can also be seen by looking at the average module count of new customers, which now stands at 4.8, up 118% over the last five years. It is therefore safe to say that with CrowdStrike introducing new modules, it will be able to drive growth by increasing its revenue per customer. Driving this are also brand recognition and enterprises looking to consolidate vendors to streamline operations and reduce headcount, especially in these treacherous times. Yet, this requires cybersecurity vendors to offer many different modules to satisfy all customer needs. This strong module adoption trend is visualized below and looks promising for CrowdStrike.
With CrowdStrike continuing to add new modules to its Falcon platform, it will get increasingly more attractive to large enterprises and SMBs. I believe this will result in continued strong growth in customer numbers and the average number of modules per customer.
That the CrowdStrike platform is also very much appreciated by its customers is reflected in its dollar-based net retention rates (DBNR) as the company ended the year with a 98% DBNR. Both DBNR and net retention are best-in-class as they have been for many years already. In addition, it shows customer satisfaction and a growing number of modules per customer.
And while customer growth is projected to remain strong, CrowdStrike does not necessarily need to increase its customer numbers at a massive clip to show strong growth as opportunities among its existing customer base also offer a long runway of growth. To illustrate this, if all existing customers started using all modules offered by CrowdStrike, this would result in an ARR of $12.2 billion based on FY23 customer data. Of course, it is not reasonable to assume every customer to start using all modules, but it does illustrate the sheer potential that is still there within the existing customer base.
So, overall, CrowdStrike looks well positioned to benefit from its Falcon platform dominance, new module releases, an increasing customer base, and best-in-class retention rates to drive its long-term growth. And that top-line growth and customer growth are strong is also reflected in its bottom-line numbers.
The company is profitable on a non-GAAP basis as it reported a non-GAAP net income of $368.4 million and EPS of $1.54 in FY23, up quite significantly from $0.67 in FY22. Its gross margin was a stunning 78% while the company grew its operating margin by 235 basis points, reporting an operating margin of 15.9%. CrowdStrike targets an operating margin of 20-22% and expects to reach this by FY25 which shows substantial margin improvement ahead as well.
CrowdStrike has already seen solid margin expansion over the years going from a gross margin of 57% in FY18 to 78% in FY23. And while CrowdStrike is not a growth-at-all-costs kind of company, it is determined to keep investing in its platform and see this pay off over the next several years. In FY23, the company kept growing its headcount by 46% YoY. Now, with layoffs across the tech sector, CrowdStrike has the opportunity to pick up some great talent which will pay off at a later stage. Therefore, I am not all too worried that the company is not able to report a positive GAAP margin. Despite its size, it is still very much in its growth stage, and I personally prefer it to keep investing in its future and market share gains.
Also, CrowdStrike reported a 30% free cash flow margin for the third year in a row, which is quite impressive. The fact that CrowdStrike was the only company with over $2 billion in LTM revenue, growing at above 50%, and reporting a free cash flow margin of above 30% shows just how impressive this really is. And despite heavy investments and a fair share of headwinds this year, CrowdStrike continues to target a free cash flow margin of 30%, which could expand to 32% by FY25 and beyond. This shows that management is indeed not aiming for growth at all costs but aims to achieve solid growth while reporting positive cash flows.
Overall, I believe CrowdStrike offers best-in-class financials across the board. And while investors may need to wait a couple of years for positive GAAP results, the impressive free cash flow margin, combined with stellar growth, is nothing to complain about. In addition, its solid DBNR and net retention metrics show that the company's offering is sticky and can increase revenue per customer which bodes well for future growth.
The strong cybersecurity industry outlook is a great tailwind
As discussed above, CrowdStrike management has plenty of internal levers to realize very impressive above-industry growth over the next several years and probably decades, but CrowdStrike is also seeing solid trends in the overall industry that will boost growth.
Among these trends is remote working which looks like it is here to stay. Data collected by research from Upwork shows that 22% of all Americans will be working remotely by 2025, which translates to 36.2 million people, up 87% from 2019 levels. This research shows that the remote working trend is here to stay and may only increase going forward. Data from Statista points to a similar trend and shows that the number of days employees work remotely is still far above 2019 levels, despite the normalization already behind us which means that this is the new normal.
Remote working significantly increases demand for endpoint protection because it expands the attack surface that organizations need to protect. When employees work remotely, they access corporate networks and data from their personal devices, which may not be as secure as the devices provided by their organizations. This creates a new set of vulnerabilities that attackers can exploit to gain unauthorized access to sensitive data and systems. Therefore, in a remote working environment, endpoint protection solutions are essential because they help organizations maintain visibility and control over their endpoints, even when they are outside of the corporate network.
And it is not just the remote working trend that causes a higher demand for cybersecurity solutions. AI technology is another factor that boosts the number of cyberattacks. New AI technologies such as ChatGPT allow cyber criminals to generate malicious code and emails at a faster, more automated pace, resulting in increased activity. In fact, it is the overall increase in digital activity and smart devices that expose individuals increasingly to cyber threats. The result is a significant increase in cyberattacks. According to Checkpoint Research , the number of attacks increased by 38% from 2022 to 2023, driven by the above-named factors. And this number of cyberattacks is not expected to slow down in the near future which results in the following estimate from Statista which shows that the estimated cost of cybercrime worldwide will continue to increase at a rapid rate.
In response, the expected growth for the cybersecurity industry is also strong. According to Grand View Research , the global cybersecurity industry should show growth at a CAGR of 12.3% until 2030. Getting a bit more specific, the endpoint security market where CrowdStrike is a leader, is expected to grow at a CAGR of 8.3% until 2028, also showing decent growth.
Reflecting this back to CrowdStrike again, according to IDC, the endpoint security market will have a TAM of $20 billion by 2026. With CrowdStrike well positioned to take market share from legacy vendors as discussed earlier, this means that if CrowdStrike were able to increase its market share to just 20%, which is very doable, this would mean that this alone would mean $4 billion in revenue by 2026. Yet, CrowdStrike today is much more than just endpoint protection. Therefore, adding in all the areas covered by CrowdStrike's leading XDR platform, management believes it will serve a TAM of $98 billion by 2025. And driven by its strength in endpoint protection and leading leverage of AI, I believe CrowdStrike will increase its market share across most of these industries over the next several years as its brand also grows.
Finally, adding to this new product releases, new initiatives, and a focus on cloud security over the next couple of years, and CrowdStrike believes its real TAM should be close to $158 billion by 2026. Obviously, this leaves CrowdStrike with a massive potential for strong continued growth and based on its impressive competitive advantage and it being ahead of the competition, I am quite bullish on these future prospects.
Outlook & Valuation
This article so far may have already given you a very good idea of the future outlook of CrowdStrike and that it looks very solid does not seem to be a question any longer. Yet, what can we expect in the near term from this cybersecurity leader with inflation and rising interest rates creating a tough macroenvironment to operate?
Back in March, when CrowdStrike reported its FY23 results, it also provided guidance for 1Q24 and fiscal FY24. For the first quarter, CrowdStrike guides for revenue to be in the range of $674.9 million to $678.2 million, up between 38-39%. This results in a non-GAAP net income expectation of between $121.1 million to $123.5 million and EPS of $0.50 to $0.51. This reflects strong continued growth, despite significant economic headwinds.
For FY24, management expects to report total revenue in the range of $2.96 billion to $3.01 billion, up 32% to 35% which means management expects growth to slow down by the second half of the year. Non-GAAP net income for the full year is expected to be between $535.9 million and $580.7 million, resulting in EPS of $2.21 between $2.39, up 49% YoY. This shows that management expects EPS to outgrow revenue as a result of margin expansion, primarily in the second half of the year. With these estimates, CrowdStrike expects to see CapEx growth of 6% to 8%. In addition, the FCF margin is expected to remain above 30% for FY24.
Given the continued increased budget scrutiny and elongated sales cycles, management does expect a 10% headwind for ARR growth which means ARR growth will be flat YoY, which as a result of the higher base, means low-30s ARR growth YoY. And honestly, I believe this is still a very strong outlook for CrowdStrike even though growth is slowing down largely as a result of economic headwinds.
Now, following my deep dive into the company and all the aspects laid out above, I arrive at the following financial expectations for the years until the company’s fiscal FY27.
(1Q23 estimate: revenue of $677 million and EPS of $0,52)
Shortly explaining these estimates, I expect CrowdStrike to show strong continued growth in its fiscal FY24, although slightly impacted by economic headwinds which cause a drop in revenue growth. For FY25, headwinds should largely disappear allowing the company to continue on its growth trajectory, although growth rates will remain in the low-30s as the company grows in size. A similar pattern is expected for both fiscal FY26 and FY27, with CrowdStrike continuously increasing margins and growing EPS at a slightly faster clip. In addition to the estimates above, I expect CrowdStrike to outperform its ARR target of $5 billion in FY26 and expect this to be closer to $5.2-$5.3 billion in ARR by the end of FY26.
Moving onto the valuation, CrowdStrike is currently valued at a forward P/E of 59x based on current analyst EPS estimates for FY24, which is everything but cheap, but this is as expected for a company growing at above 30% for the next four years while reporting a 30%+ free cash flow margin.
If we compare this to its peers, of which Zscaler ( ZS ) is the closest in terms of growth, CrowdStrike is still at the upper end. Zcaler is more expensive on a P/E metric but is also expected to grow slightly faster for the current year. If we look at the P/S ratio, CrowdStrike is again the most expensive one with a forward P/S ratio of 10, although this is only slightly above both Zscaler and Fortinet ( FTNT ). Still, it is hard to compare CrowdStrike with these technology companies as CrowdStrike is more profitable and double the size of Zscaler. At the same time, Fortinet is much larger than CrowdStrike and offers better profitability while its growth rates are far below that of CrowdStrike.
We can draw the simple conclusion that CrowdStrike is valued at a premium but well deserved. This is a best-in-class cybersecurity company with a very strong competitive advantage versus competitors. Therefore, investors should be willing to pay a premium for CRWD stock, and I believe a 55x P/E is justified for CrowdStrike right now.
Based on my fiscal FY25 EPS estimate and a P/E of 55x, I calculate a target price of $174 per share, leaving investors with a 28% upside. (Please note, this target price is solely based on its forward P/E and is only for indicative purposes.) For comparison, 44 Wall Street analysts currently maintain a $167 per share price target, combined with a buy rating.
Conclusion
CrowdStrike truly is a best-in-class cybersecurity company with a leading position in the endpoint protection industry while expanding the business into many other cybersecurity verticals. The competitive advantage of CrowdStrike is strong and I expect it to show meaningful market share growth, primarily in the endpoint protection industry. Additionally, by leveraging AI and ML technologies it is offering a higher quality, more capable product compared to other legacy vendors like Microsoft, putting the company on a pole position.
With management having plenty of levers to drive strong financial growth for the company and the cybersecurity and endpoint protection outlook looking strong, we should expect solid continued growth from CrowdStrike over the next several years.
Therefore, its current premium valuation is fully justified. Based on a P/E valuation and FY25 EPS, I calculate a target price of $174 per share, leaving investors with a 28% upside from current price levels of around $136 per share.
With the share price down by over 39% over the last 12 months, now is a great time to initiate or add to an existing position in CrowdStrike. Therefore, I rate CRWD stock a buy, based on an impressive competitive advantage, strong growth outlook, and excellent management team.
For further details see:
CrowdStrike: A Cybersecurity Technology Leader With Top-Notch Financials