Investment Thesis
CrowdStrike Holdings (NASDAQ:CRWD) is a cybersecurity company that offers endpoint security, threat intelligence and incident response services. CrowdStrike started off and is still best known for their endpoint security but is now expanding across other cybersecurity areas as well as adjacent areas like observability. Endpoint security focuses on securing endpoints (laptops, mobile devices, IoT devices, desktops) that connect to a network.
We have been long-term holders of CrowdStrike, having first bought the stock in January 2020. We were fortunate in that the pandemic massively accelerated CrowdStrike's growth, benefitted from the growth in cloud computing, artificial intelligence, and cybersecurity attacks. While these tailwinds remain, they have weakened post-pandemic. CrowdStrike's revenue growth rate has decelerated from 100%+ to 33% as it has grown from a $300 million to a $3.4 billion ARR company.
While we have been trimming CrowdStrike over time, it remains a 4% position for us that we plan on continuing to hold for the long term. At current prices, we do not plan on adding and may trim if the stock price jumps significantly, as we think there are better opportunities in the next-generation cybersecurity space as well as SaaS generally. As such, we rate the stock as a HOLD.
Traditional antivirus software vs next generation
Traditionally, endpoint security meant antivirus software, but the approach CrowdStrike and other next-generation providers take is very different. Traditional antivirus software relies on signature-based detection, which involves comparing files or code against a database of known malware signatures. Traditional antivirus software has several problems.
Firstly, because the virus database is only updated after a breach, it cannot protect against zero-day exploits or new malware. Small changes in the virus' code are often enough to fool traditional antivirus software. Secondly, the scanning process runs locally and frequently degrades system performance. One of us used to be a salesperson that pitched software products to clients. We always had to ensure that our antivirus software was turned off, as that would seriously degrade a laptop's performance in the middle of a presentation. On multiple occasions, we would forget, however, making ourselves and our company look terrible and potentially losing critical potential business.
Next-generation providers like CrowdStrike solve these problems through various methods. CrowdStrike uses a lightweight agent that offloads resource-intensive processing to the cloud, thus not degrading system performance of individual endpoints. Secondly, CrowdStrike employs behavioral analysis and machine learning to identify patterns and behaviors associated with known and unknown threats. By not solely relying on a malware signature database, CrowdStrike is able to respond to zero-day exploits.
Cybersecurity is a booming market that will growth significantly faster than GDP
The overall cybersecurity market is growing very quickly, with Fortune Business Insights forecasting a 13.8% CAGR for 2023-2030 for the global cybersecurity industry. This translates to the global cybersecurity market size increasing from USD 172 billion to 425 billion in 2030.
North America, CrowdStrike's largest region, is growing similarly. Specifically for endpoint security, Fortune Business Insights predicts a 9.3% CAGR as the global endpoint security market grows from $15 billion in 2024 to $30 billion in 2029.
Chart 1: North America Cyber Security Market Size, 2019-2030 (USD Billion)
Chart 2: North America Endpoint Security Market Size, 2019-2032
CrowdStrike benefits from cloud and AI adoption
Cybersecurity is clearly a fast-growing industry that is growing significantly faster than global GDP, which is expected to be around 2-3% a year. However, CrowdStrike should grow much faster than the general cybersecurity space because it is benefiting from both cloud adoption, AI adoption and a data network effect.
CrowdStrike was built as a cloud-native company from day one. Many competitors have instead stitched together various legacy and cloud solutions via acquisitions. While this approach is common, it creates a lot of cultural technical debt as legacy systems have difficulties communicating with each other, leading to missed breaches and slower performance. According to Markets And Markets, the cloud computing market is expected to grow at a 15% CAGR from 2023 to 2028. As customers migrate to the cloud, they realize that their legacy systems simply don't work and thus send out RFP's for cybersecurity providers that fit cloud needs. CrowdStrike wins many new clients this way.
CrowdStrike also benefits greatly from trends in AI. At a competitor's sales conference recently, several presenters mentioned that cybersecurity is increasingly becoming an AI vs AI arms race. Hackers look to use AI to find bugs and probe for weaknesses, while cybersecurity providers use AI to quickly identify patterns and behaviors that correspond to cybersecurity attacks. AI is a data game that benefits players that have a lot of data across all their clients. As a large player with next-generation capabilities, CrowdStrike fits this perfectly as it constantly ingests the right type of data from all its clients, applies machine learning algorithms to find suspicious behavior and then deploys its learnings across all clients.
Gartner's Magic Quadrant shows that CrowdStrike is a best-in-class leader, with both complete vision and execution ability.
Chart 3: Gartner Magic Quadrant for Endpoint Protection Platforms
Financials and Valuation
Comparable Multiples
There is no question that CrowdStrike is executing strongly, as ARR has grown from $360 million in March 2019 to $3.44 billion now. CrowdStrike has also been GAAP net income profitable for 4 quarters and has turned an operating profit in the last two quarters. CrowdStrike also has legendary FCF generation, with OCF margins reaching 44% in their Q4 2024 results (CrowdStrike Reports Fourth Quarter and Fiscal Year 2024 Financial Results | CrowdStrike Holdings, Inc.).
However, on a comparable multiple basis, CrowdStrike trades much more expensively compared to peers Zscaler (ZS), Palo Alto Networks (PANW) SentinelOne (S). We choose ZS and S as peers because they are both cloud native, next generation platforms. Zscaler, a network security provider, partners closely with CrowdStrike and they often bring each other into deals. SentinelOne is the closest pure-play competitor to CrowdStrike as it also focuses on next generation endpoint security. Palo Alto Networks has both legacy and next generation software and is one of the largest cybersecurity companies in the world.
Chart 4: Valuation Ratios for CrowdStrike and Peers
On a P/S/G ratio (which we define as Market Cap / TTM Sales / Revenue Growth Rate in Most Recent Quarter) or a P/S ratio (which we define as Market Cap / TTM Sales), CrowdStrike trades significantly higher than its peers, as both Zscaler and SentinelOne sport similar mid-30's growth rates while trading at much lower P/S ratios. CrowdStrike's premium is partially justified due to its GAAP profitability, but we don't think it deserves that large of a premium especially when compared to ZS, which also has strong operating cash flows. Palo Alto Networks has a similar P/S/G ratio owing to its lower growth rate of ~19% but is still cheaper on a TTM P/S ratio while being very profitable.
DCF Valuation
Using a 5-year DCF approach we get an IRR of 7.5% using the below assumptions:
- Annual revenue growth rate of 33% for next twelve months that then subsequently decreases, reaching 15% in Year 5, for a 5-year revenue CAGR of 24%.
- 75% gross margins in Year 5 in-line with current figures.
- 32% operating margins (or 43% operating income as a % of gross profits) as we expect R&D, Sales & Marketing and General Admin expenses to decrease as a % of revenue as CrowdStrike continues to gain economies of scale.
- Diluted share count of 248 million shares with 2% dilution a year, leading to 274 million shares in Year 5.
- Termina Price/Operating Income multiple of 40x. This terminal P / Op Income assumption is high compared to the S&P 500's current PE of 21x, but as a best-in-class SaaS company that is benefiting from key secular megatrends, we think this is justified.
- Current stock price of $295.
Table 1: CrowdStrike DCF Valuation Model
While an implied IRR of 7.5% is not terrible, we think it is too low compared to other stocks and we normally look for an IRR of at least 12%. This is especially true as we've ascribed rather generous valuation assumptions in terms of the terminal P/Op Income as well as.
While as investors we tend not to put too much emphasis on valuation, both a DCF model and comparable multiples are telling us the same thing - CrowdStrike is very expensive.
Conclusions
CrowdStrike is a best-in-class cybersecurity company that is executing very strongly. CrowdStrike continues to benefit from cloud adoption, AI megatrends and general cybersecurity growth. In addition, it has a strong balance sheet and robust free cash flow generation. However, the current price of $295 CrowdStrike trades at a represents a 23x TTM P/S and a 18x NTM P/S using our estimates, which for a 30% revenue grower is simply too high in our view. At current prices we prefer CrowdStrike's close partner Zscaler (ZS) or a generalized tech-focused ETF like QQQ.
Dragon Rock Capital
Entrepreneur with businesses in retail, wholesale and real estate. In previous career, I was an equities trader at a bulge-bracket investment bank and risk consultant for commercial banks. I am a CFA Charterholder, MBA, B.S. Engineering and Mathematics, FRM. Based in Hong Kong and looking for job opportunities to in Hong Kong, Singapore or remotely anywhere. Not investment advice.
Analyst’s Disclosure: I/we have a beneficial long position in the shares of CRWD either through stock ownership, options, or other derivatives. I wrote this article myself, and it expresses my own opinions. I am not receiving compensation for it (other than from Seeking Alpha). I have no business relationship with any company whose stock is mentioned in this article.
Seeking Alpha's Disclosure: Past performance is no guarantee of future results. No recommendation or advice is being given as to whether any investment is suitable for a particular investor. Any views or opinions expressed above may not reflect those of Seeking Alpha as a whole. Seeking Alpha is not a licensed securities dealer, broker or US investment adviser or investment bank. Our analysts are third party authors that include both professional investors and individual investors who may not be licensed or certified by any institute or regulatory body.
