2023-03-10 11:15:19 ET
Summary
- CrowdStrike's technology differentiation has enabled the company to generate exponential growth in its subscription customer base.
- The company is operating above the rule of 60 as it continues to show solid revenue growth while generating strong margins, providing sustainability in the business in the long-term.
- CrowdStrike did very well in its 4QFY23 even as the macro backdrop was difficult and even became more aggressive against its competitor, SentinelOne.
- The TAM of the company continues to look promising and grow while management has been driving cost down through operating leverage and cost optimization efforts.
- My 1-year price target for CrowdStrike is $166, implying a 30% upside from current levels.
This article was first posted in Outperforming the Market on 9 March 2023.
Investment thesis
I recently shared with members of Outperforming the Market that I am ready to buy CrowdStrike (CRWD) on a pullback and provided them with the price level at which I am looking to enter a position in the company. In this article, I hope to share with you why I am optimistic about the company even as the macroeconomic conditions appear bleak as I find that CrowdStrike's valuation is finally looking reasonable.
I think that CrowdStrike is one of the best positioned pure play cybersecurity companies today. I do like CrowdStrike because it operates at more than the rule of 60, far surpassing the gold standard of the rule of 40 for software companies. This means that CrowdStrike is able to generate strong revenue growth, while doing so sustainably as it continues to have a strong and improving margin profile.
With an expansion in TAM in the next few years as a result of its new product roadmap, new initiatives and organic growth of its current TAM, I expect that CrowdStrike can continue to increase penetration in a very large cybersecurity market.
The company's stellar net retention rates highlight strong customer retention and expansion while its customer base continues to grow, with the largest companies amongst its customer base.
Lastly, I expect CrowdStrike to see margin improvements as a result of operating leverage and cost optimization efforts.
Introduction
CrowdStrike was founded in 2011 and it is currently run by its co-founder, George Kurtz .
Falcon provides protection to a wide range of devices, including laptop, server, IoT devices, amongst others, from cyber-attacks as it is backed by intelligence from frontline incident response services.
Its flagship Falcon suite is one of the industry's first SaaS endpoint security platforms.
Today, Falcon has more than 22 modules across endpoint, workload security, cloud security, IT operations, amongst others.
Technology leadership
Gartner Magic Quadrant recognized CrowdStrike as a leader in Endpoint Protection Platforms.
CrowdStrike scored well in innovation and market understanding, which was underpinned by the company's comprehensive offering. It also scored well for customer experience and overall viability.
Where CrowdStrike did not do so well is in pricing as its prices are in general higher than the average for competitors in the Magic Quadrant and it also gave less discounts.
This ability to price higher and with less discounts tells me that CrowdStrike has some sort of differentiation that enables this pricing differential.
Gaining market share
As a result of this strong technology leadership as a key differentiation factor for CrowdStrike, the company has been gaining market share in its key Endpoint Security market.
As can be seen below, CrowdStrike had only 3% market share in 2018. By 2021, CrowdStrike grew its market share to 12.6%, more than four times its market share in 2018 in just four years.
Corporate endpoint security global market share (Statista)
In 2022, CrowdStrike continued to gain market share to 17.7% , up about five percentage points from the prior year.
I think that based on history in the perimeter security space, we could see CrowdStrike continue to gain substantial share from current industry incumbents. Palo Alto Networks ( PANW ) was able to disrupt the perimeter security space as it brought new capabilities like next generation firewalls that displaced industry incumbents. That led to Palo Alto's market share growing from 6% to 26%. Industry incumbents like Cisco ( CSCO ) and Juniper Networks ( JNPR ) saw their combined market share drop from 70% to less than 50% with gains from new leaders Palo Alto Networks and Fortinet ( FTNT ).
Perimeter security market share gain by PANW (Author generated)
CrowdStrike's structural moat to enable continued share gains
At the end of the day, I think that CrowdStrike can continue to disrupt the corporate endpoint security market and gain share from the industry incumbents. As a result of the industry incumbent's delayed responses to the changing needs of customers, CrowdStrike's offering will enable a subscription model based on scalable cloud solutions.
The first thing I would note that changed the industry dynamics was that the cyber threats were increasing in evasiveness and complexity. As a result, companies needed fast, sophisticated and analytically grounded threat detection, prevention, and response capabilities.
This is best served by cloud delivered solutions, which means that organizations globally are starting to move towards SaaS endpoint security. Cloud solutions are increasingly sought after by organizations as a result of its ease of use, time to value, ongoing overhead costs, efficacy, and innovation agility, which have become increasingly obvious to organizations.
This set the perfect storm for CrowdStrike as the company's cloud native architecture and cloud administered flagship Falcon platform helps to level up the endpoint security landscape and bridge this technological gap which was not available previously in the market.
As a result of its cloud delivered solutions, CrowdStrike was able to use the large quantity and quality of security data collected, which is analyzed and helps enhance the platform's threat detection capabilities and prevention efficacy.
For reference, there are 6 trillion events streamed onto CrowdStrike's cloud infrastructure each week.
This has led to a structural moat for CrowdStrike which is able to provide such an unrivalled technical feat at a superior total cost of ownership as organizations no longer need to maintain servers for this purpose.
Strong growth in subscription customers
For CrowdStrike's fiscal year 2023, its subscription customers grew by 41% to 23,019. Of its customers, many of them are the largest and most established in their fields. More than half of the Fortune 100 and Fortune 500 are customers of CrowdStrike. 75% of the top 20 banks are customers of CrowdStrike.
CrowdStrike's customer base (CrowdStrike IR)
Large and expanding total addressable market
As can be seen below, management expects that its current portfolio's TAM will expand to $98 billion by 2025. By calendar year 2026, management expects the company's TAM to expand to $158 billion as a result of organic growth in TAM, new product roadmap, future initiatives and cloud security opportunities.
CrowdStrike's strong customer retention (IDC)
In terms of track record in growing its TAM, the figure below illustrates that clearly. From its original corporate workload security market, it has a TAM of $22 billion with six modules. In 2023, management has grown the TAM to $76 billion, an increase of 245% as a result of entry into new markets like IT Operations Management, Managed Security Services and added more than 15 modules along the way to add to its capabilities and offerings.
CrowdStrike's ability to grow TAM (CrowdStrike IR)
Operational metrics and financials
The CrowdStrike story is impressive because of the exponential growth in subscription ARR over the years. In the fourth quarter of the fiscal year of 2023, CrowdStrike continued to grow subscription ARR by 48% year on year. More importantly, looking at the big picture, subscription ARR has grown by 35 times since the first quarter of the fiscal year of 2018.
CrowdStrike's subscription ARR's exponential growth (CrowdStrike IR)
For the fiscal year of 2023, CrowdStrike's revenue grew to $2.2 billion, with subscription revenue growing 55% year on year. More impressively, 62% of CrowdStrike's subscription customers today use five or more modules, 39% use six or more modules and 22% use seven or more modules.
CrowdStrike annual revenue (CrowdStrike IR)
For the fiscal year 2023, CrowdStrike generated $677 million in free cash flows. This was up 53% year on year and amounts to a solid 30% free cash flow margin.
In addition, I like that CrowdStrike is seeing improvement in operating leverage over time as the subscription model scales up. As a result, sales and marketing expenses, research and development expenses and general and administrative expenses have fallen from 87%/46%/21% to 33%/19%/7% respectively.
CrowdStrike's improving operating leverage (CrowdStrike IR)
One of the most impressive things about CrowdStrike is their retention rates, in my view. Based on its own 120% benchmark for net retention rates, the company has managed to achieve at least 120% net retention rate for the last 20 quarters. Since net retention includes customer expansions as well, this highlights CrowdStrike's strong ability to retain existing customers and expand its business. At the same time, gross retention has stayed above 97% for the last 19 quarters, which is impressive, in my view, and shows the resilience of subscriptions from customers.
CrowdStrike's strong customer retention (IDC)
CrowdStrike targets to achieve more than 30% free cash flow margin, 20% to 22% operating margin and 77% to 82% subscription gross margin in the longer term. As of its 2023 fiscal year, it has already achieved 30% free cash flow margin, which was impressive, in my view, and shows that management is able to control costs and drive margins upwards.
CrowdStrike's target operating model (CrowdStrike IR)
As a result of its strong margins and revenue growth, CrowdStrike is operating a business model that continues to show sustainability while growing strongly. Whether CrowdStrike uses the free cash flow margin or non-GAAP operating margin, it is operating at the rule of 63 and 81 respectively, far above the rule of 40 , which is the gold standard for software companies.
Competitive landscape
Firstly, as highlighted by research compiled by JP Morgan, CrowdStrike has the best-in-class unit economics amongst cybersecurity peers. When looking at the customer Lifetime Value ("LTV") to Customer Acquisition Cost ("CAC") ratio, it shows the relationship between the company's lifetime value of its customer and the cost it takes to acquire that customer. As can be seen below, CrowdStrike has the highest LTV to CAC ratio of 4.9x as of its recent quarter and is a league on its own as it is almost 15% higher than the other leading cybersecurity companies.
CrowdStrike has best in class unit economics (JPM, company reports)
Secondly, as can be seen below, I think that it is very telling that CrowdStrike is not only able to gain share in the endpoint security market but do so at a pace that is faster than a mega-cap company like Microsoft ( MSFT ). That said, I think that the modern endpoint security market could see a stronger consolidation in the near-term as the stronger players continue to gain share of players that are lagging the market in terms of innovation and product offerings.
Worldwide market share in modern endpoint security (IDC)
Thirdly, in order to reach the $98 billion TAM by 2025, CrowdStrike needs to expand into and do well in the adjacent cloud security market. The company achieved public cloud ARR of $224 million in the recent quarter, making up 9% of total ARR. I think that we are seeing the early days of CrowdStrike's cloud security business as can be seen below, where it is ranked the fifth most popular cloud solution.
What solutions do you use for cloud security? (UBS Evidence Lab Cloud Infrastructure Survey)
Lastly, I need to address the risk that Microsoft brings to the table for CrowdStrike. Microsoft has seen momentum in the security space as a result of its dominance in operating systems, server and endpoint platforms. The key risk is that Microsoft may potentially commoditize security as part of its bundle. In my conversations with organizations, this is more prevalent for smaller organizations that are on the Microsoft stack. That said, I think that Microsoft sees the security market as an upsell potential for its Office 365 bundles. At the end of the day, it is less focused on gaining wallet share within endpoint security, in my view.
Recent 4QFY23 results
For the fourth quarter of FY2023, CrowdStrike saw strength in bookings although there were pressures from macro conditions as RPO grew 49% year on year to $3.4 billion, an acceleration of five percentage points sequentially. This was impressive, in my view even as sales cycles remain elongated in the quarter and with the absence of the usual fourth quarter budget flush. Billings were also well ahead of the market expectations of $884 million.
There was also a record net new customers of 1,873 this quarter, which was up 14% year on year, which is strong given the weak macro environment. Management also disclosed more than 400 customers with at least $1 million ending ARR. This group of customers has an average of 57% ARR growth year on year and an average of 10 modules.
Capital expenditures guidance for FY2024 was 6% to 8% , down from the 10% we saw in FY2023. This implies that the company did frontload some of its capital expenditures to manage their supply chain.
In terms of the fourth quarter FY2023 performance, management notes that there was an incremental sales cycle elongation compared to the prior quarter, but the team's strong pipeline management efforts and strong focus on top of the funnel activities helped bring the strength in the fourth quarter FY2023.
I think that management addressed that its Managed Security Service Provider ("MSSP") business looks to become more competitive with SentinelOne ( S ) as CrowdStrike looks focused on being more aggressive in the business with the hiring of Daniel Bernard from SentinelOne who played a big part in the successful MSSP franchise in SentinelOne.
Lastly, CrowdStrike's emerging products business posted strong growth, with ARR growing 116% year on year. Emerging products made up 13% of total ARR compared to 9% in the prior fiscal year.
Valuation
CrowdStrike is trading at 31x FY2024 EV/FCF. Even at FY2023 FCF, CrowdStrike trades at 41x EV/FCF.
I value CrowdStrike using EV/FCF method. I assume 30x FY2024 EV/FCF for CrowdStrike, which is at a discount to its peer group of enterprise software companies which are trading between 35x to 60x EV/FCF.
My one-year price target for CrowdStrike is $166, implying a 30% upside from current levels.
Risks
Competitive landscape
The competition is gradually getting less intense as most specialist challengers have been eliminated from the market in the last three years. That said, the main competitive pressure today comes from large players, which may bring more fierce competition. These large players include players like Microsoft.
Valuation or beta risk
As a company with relatively higher beta and multiples, this may cause the stock to be more sensitive to market movements. Furthermore, there is a risk that multiples may compress further, which is a risk for all higher multiple companies.
Cloud workload protection risks
As the cloud workload protection market is currently in what I call a gold rush phase, the market is fragmented and highly competitive. There are risks that CrowdStrike may not see as much stickiness or pricing power in these new use cases. Furthermore, there are many other competitors in the space, which makes it much more competitive for CrowdStrike. Solution suite expansion means run-ins with "superstore" cyber players - carving out solution depth in security orchestration and automation (SOAR), as well as extended detection and response (XDR) pain points increase the likelihood of run-ins with larger, deeper-pocketed security "superstores" like PANW, and even MSFT who typically use a combination of incumbency, account control, and pricing as competitive cudgels.
IT spending
As a result of IT budgets having been brought forward in the covid-19 pandemic, there are risks that the IT spending in the near-term could normalize and be weaker than what we have seen in the last few years. As a result, this might cause some risk to the top line in the near-term for CrowdStrike. Furthermore, weakness in the macroeconomic environment could also sour business sentiment and result in smaller spending on IT in the near-term.
Conclusion
CrowdStrike is a leading cybersecurity company that has demonstrated its ability to grow strongly and at the same time, do so sustainably as it has generated positive operating margins and free cash flow margins. As a result, it is operating far above the rule of 40 and the business continues to have room to grow.
Also, I expect revenues to accelerate as CrowdStrike continues to expand its TAM and introduce new products and new initiatives. At the same time, margins have improved significantly over the years as a result of its strong cost optimization efforts and operating leverage, which has contributed to reductions in sales and marketing, research and development and general administrative expenses as a percentage of revenues.
In addition, CrowdStrike has a large and growing customer base filled with established companies while it has high net retention rates, showing the company's resilience in terms of retaining and expanding subscription ARR. I also found it impressive that the recent fourth quarter FY2023 results continued to be strong even as the macro backdrop was weak, and the operating conditions were challenging for CrowdStrike.
My one-year price target for CrowdStrike is $166, implying a 30% upside from current levels.
For further details see:
CrowdStrike: Valuations Finally Reasonable For This Cybersecurity Leader