CrowdStrike’s Falcon Platform: A Game-Changer In Cybersecurity (NASDAQ:CRWD)
Since I last wrote about CrowdStrike (CRWD) on January 15, 2024, with a buy recommendation, the stock is up 22.47% compared to the S&P 500 Index (SPX) returns of 12.19%. One reason the stock has performed better than the S&P 500 is that investors were pleased by the company’s first quarter fiscal year (“FY”) 2025 results released on June 4, mainly since cybersecurity companies and software/cloud companies, in general, have produced mixed results this quarter in a challenging economic environment. The company beat consensus analysts’ revenue forecasts for the first quarter by 2% and exceeded non-GAAP (Generally Accepted Accounting Principles) earnings-per-share estimates by 4%. The stock rose 12% the day after the company released earnings.
One of the most significant secular trends in cybersecurity today is customers’ desire to consolidate multiple-point solutions onto one platform to save on costs. Over the last several years, the weaker economic environment has pushed companies towards more efficiency, meaning better ways of doing things at a lower price. If you listen to enough earnings calls or investor days from other companies in the cybersecurity industry, many of them will discuss some of the forces behind the consolidation of the cybersecurity industry onto platforms. For instance, Chief Executive Officer (“CEO”) Nikesh Arora from Palo Alto Networks (PANW) said on its third quarter FY 2024 earnings call:
At the accelerated pace of change in cyber, even with healthy increases in cybersecurity funding, many organizations aim to simply keep pace with the volume of threat activity they see. Most cannot do this and are increasingly receptive to a better way of tracking their security challenges — tackling their security challenges, windows sprawl and architectural complexity. We firmly believe that answer is platformization of cybersecurity over time.
Although the management of multiple cybersecurity companies has reached that same conclusion, only a few companies will likely be able to execute the vision of creating a viable cybersecurity platform. The market has awarded CrowdStrike one of the highest valuations of all cloud companies, likely because investors believe it will be one of the winners of the coming cybersecurity industry consolidation.
CrowdStrike’s latest results showing rapid adoption of its solutions indicate that cybersecurity customers may have concluded that the Falcon Platform gives them much better results for a lower cost. Aggressive growth investors should put this company on their watch list. If enterprises continue to adopt modules on the Falcon at a relatively rapid rate, the stock price will likely continue higher. I maintain my buy recommendation on CrowdStrike.
This article will briefly discuss the cybersecurity industry consolidation trend, the introduction of its generative AI product, Charlotte AI, a review of first-quarter earnings, a discussion of the risks and valuation, and an explanation of why this stock is a buy for aggressive growth investors.
Enterprises consolidate onto the Falcon platform
The following image from the company’s first quarter FY 2025 investor presentation shows multiple cybersecurity and Information Technology (“IT”) products that management believes the Falcon platform can replace. TCO stands for Total Cost of Ownership, which includes the cost of buying, operating, and removing a product from service. One potential reason customers are adopting its modules might be because they have evidence that CrowdStrike’s claims of lowering TCO are valid. CrowdStrike CEO said on the first quarter FY 2025 earnings call (emphasis added), “A recent IDC report quantifies CrowdStrike’s extreme cost savings. For every $1 invested in Falcon Solutions, our customers recognized $6 of cost savings.” If customers are actually seeing that level of cost savings, they have a tangible reason to adopt CrowdStrike modules.
You might notice that Microsoft (MSFT) is on the list of point solutions that CrowdStrike wants to replace. Microsoft is a significant player in the cybersecurity industry, offering products like Defender and other services. For those unaware, Microsoft bore the brunt of a significant intrusion of Microsoft Exchange in 2023, in which a group associated with the Chinese government breached several large accounts, including the emails of several U.S. government officials who have worked on national security matters. Microsoft lost much trust within the government and in the accounts that the hacker breached. CrowdStrike created a product called Falcon for Defender that protects Microsoft Defender products. Microsoft combines its Defender license with its productivity apps license into a service called Microsoft 365 E5. The CrowdStrike CEO said the following about E5 licensing and its new module designed to protect Defender on the first quarter earnings call (emphasis added):
And more recently, following yet another major Microsoft breach and CISA, Cyber Safety Review Board’s findings, we received an outpouring of requests from the market for help. We decided enough is enough. There’s a widespread crisis of confidence among security and IT teams within the Microsoft security customer base. At the request of organizations saddled with Microsoft E5 licensing, we delivered Falcon for Defender, a platform on-ramp to help organizations of all sizes start utilizing Falcon to secure their Microsoft Defender usage.
CrowdStrike sells 28 modules that provide solutions for Endpoint security, Cloud security, Identity security, SIEM (Security Information and Event Management), Threat Intel, Data Protection, Exposure Management, and more. The company uses a “land and expand” sales model to market these modules. It lands a customer with an initial deal, and new customers are increasingly landing with more and more modules. Past the initial land, a vital part of the platform’s growth is satisfying those new customers and getting them to adopt more modules.
One measure that shows that CrowdStrike’s “land and expand” sales model works is the number of customers who adopt modules. The following image shows the percentage of customers adopting more modules. When these metrics rise each quarter, it’s a sign that CrowdStrike’s business model is working. Customers adopting five, six, and seven modules rose 1% each since last quarter.
The more customers adopt CrowdStrike’s modules, the more the cybersecurity market consolidates onto the Falcon platform. CEO Kurtz said on the company’s first-quarter earnings call (emphasis added):
Through consolidation, the Falcon platform delivers innovation to solve tomorrow’s cybersecurity as well as broader IT and data problems. Our position as cybersecurity’s consolidation platform keeps CrowdStrike innovating to lead the industry forward. This focus has allowed us to ship game changing products at rapid pace.
During the company’s earnings call, CEO Kurz discussed several of the company’s newer modules that are gaining customer traction. In future articles, I will discuss many of those modules the CEO reviewed during the first quarter earnings call. This article will only briefly discuss its new generative AI product, Charlotte AI.
Charlotte AI
The World Economic Forum published an article in April 2024 that stated, “Four million professionals are urgently needed to plug the talent gap in the global cybersecurity industry.“ CrowdStrike created Charlotte AI as an AI-powered assistant to help bridge the gap between the number of cybersecurity professionals needed globally and the number of those professionals available. CrowdStrike’s generative AI assistant sits on top of the collective knowledge of the Falcon platform, automating various security-related tasks and making it so entry-level cybersecurity analysts have the capabilities of some of the most advanced cybersecurity experts.
With Charlotte AI, Tier 1 analysts, low-level analysts who usually monitor the network for threats and escalate security events to more experienced analysts, can now investigate the most complex security incidents and implement advanced security measures. The company’s CEO George Kurtz said at the Morgan Stanley Technology, Media & Telecom Conference:
So if you have a Tier 1 analyst in the SOC [Security Operations Center] or you’ve got Tier 1, 2 and 3, how do you take that Tier 1 [entry level] analyst and how do you turn it into a Tier 3 [most experienced] analyst? And so the goal for Charlotte wasn’t to be a chatbot. It was to be a virtual SOC assistant. And what that means is it takes the collective knowledge of CrowdStrike. So we’ve instrumented Charlotte to understand our intel. All of our intel for over a decade is in Charlotte. We’ve instrumented to understand the assets in a corporation specific to that company. We instrumented to understand the vulnerabilities and how they work and how the attacks work.
CrowdStrike defines the SOC within a company as “the nerve center of an organization’s cybersecurity operations, where experts monitor, analyze, and defend against cybersecurity threats.” A chatbot is merely an AI algorithm that simulates a conversation with human end users, and Charlotte AI does more than engage in dialogue and respond to user questions. It can automate tedious tasks, analyze data, identify threats, suggest actions, perform threat hunting, and begin remediation during a breach.
The company announced the general availability (“GA”) of Charlotte AI in February 2024. This generative AI product is still in its adoption phase, but the early feedback has been positive. George Kurtz said on the first quarter FY 2025 earnings call (emphasis added):
And lastly, Charlotte AI, every CISO [Chief Information Security Officer] is eager to see their employees become more productive. Every CISO wants their cybersecurity to be faster. The productivity gains are real and the benefits of making cybersecurity easier conversational and instant multiply the cybersecurity outcomes the Falcon platform creates. While still early, our POV [Proof of Value] close rate is close to 90%, reflecting excitement for Charlotte AI.
One bearish argument that CrowdStrike investors might encounter is that “Generative AI is just hype.” However, if enough customers find value in Charlotte AI, that objection may become obsolete as far as CrowdStrike is concerned, in short order. It’s still early days. Charlotte AI has the potential to become a hit product and may represent a potential upside to revenue growth.
First quarter FY 2024 results
One area that the market keys onto with this company in quarterly results is Annual recurring revenue (“ARR”), as the metric is critical to understanding whether its land and expand sales model is succeeding. Software-as-a-Service businesses like CrowdStrike often measure their financial health and estimate future revenue using ARR. For instance, a subscription-based company may have issues if ARR growth substantially lags revenue growth. Investors want to see that ARR growth matches or exceeds revenue growth. In the first quarter, CrowdStrike increased its ARR by 33% year-over-year to $3.65 billion, exceeding analysts’ ARR estimates of $3.63 billion. The ARR growth rate is also close to matching its subscription growth rate, a sign that revenue growth should continue at a relatively high rate.
Another standard benchmark for subscription businesses is Net New ARR, the total annual recurring revenue a company collects that year. Net New ARR excludes ARR taken in during previous years. Some use this metric as an even more precise tool for estimating future revenue growth. CrowdStrike grew its first quarter FY 2025 net new ARR 22% year-over-year to $212 million—a healthy sign. A good portion of the reason investors bid the stock up the day after earnings is that these numbers indicate the company has solid revenue growth ahead.
The following shows CrowdStrike’s guidance for the first quarter of FY 2025. Let’s compare guidance with the company’s actual results.
CrowdStrike’s total revenue during the quarter blew past company guidance to reach $921 million, increasing 33% year-over-year. Subscription revenue grew 34% year-over-year to $872 million. The company emphasizes subscription metrics, as it makes up around 95% of its revenue.
First quarter FY 2025 non-GAAP subscription gross margins remained flat year-over-year at 80%, below its long-term target of 82 to 85%. GAAP gross margins also remained flat over the previous year’s comparable quarter at 78%. In the first quarter of FY 2025, non-GAAP income from operations grew around 71% year-over-year to reach $198.7 million, beating company guidance. Non-GAAP operating margin was 21.6%, up 490 basis points (“bps”) from the previous year’s comparable quarter. These numbers are excellent as CrowdStrike continues progressing towards its long-term non-GAAP operating margin target of 28% to 32%.
CrowdStrike grew non-GAAP net income by 70% year-over-year to $231.7 million, above management’s first guidance. Non-GAAP diluted earnings-per-share (“EPS”) was $0.93, above the top-end of management’s guidance by $0.03. GAAP diluted EPS was $0.17, the company’s fifth consecutive quarter of GAAP profitability.
The company grew its quarterly free cash flow (“FCF”) by 42% year-over-year and achieved a quarterly FCF margin of 35%. Its trailing 12-month (“TTM”) FCF was $1.036 billion. CEO George Kurz said on the first quarter earnings call that CrowdStrike reached a “free cash flow Rule of 68, making us the only cybersecurity vendor of scale delivering this level of growth and profitability.“
This “free cash rule of 68” is a reference to the “Rule of 40,” which is a rule invented by venture capitalists to justify an investment in a subscription software business. The rule states that a company’s growth rate added to its profitability margin should equal at least 40 to achieve sustainable growth. What Kurz means by his “Rule of 68” statement is that adding CrowdStrike’s revenue growth to its FCF margin equals 68 and that no other cybersecurity company of scale has reached that level. When doing relative valuation exercises on this company compared to other cybersecurity companies, remember that CrowdStrike has better revenue growth and FCF profile than its competitors.
One reason the stock was up after earnings is that the company’s rapidly growing FCF of 42% is attractive to investors, as FCF growth represents the potential to reward investors in the future through share buybacks, dividend distributions, or debt elimination. A rapidly growing FCF also represents further potential revenue growth as management can reinvest FCF into the company through research and development or acquisitions. Last, a rapidly growing FCF raises the odds that increased earnings are coming down the pike. Additionally, CrowdStrike’s rapidly growing FCF is good news to investors who value the company through either its FCF or EPS.
CrowdStrike ended its first quarter of FY 2025 with $3.70 billion in cash and short-term investments and $742.87 million in long-term debt. Next let’s look at guidance.
Another potential reason investors were pleased with this earnings report is that management’s EPS guidance for the second quarter exceeded analysts’ estimates by 8%, and revenue guidance exceeded analysts’ estimates by $5.35 million, according to MarketBeat.
The company also raised its full-year FY 2025 revenue guidance from $3,924.9 – $3,989.0 million to $3,976.3 – $4,010.7 million. Management also raised its non-GAAP EPS guidance from $3.77 – $3.97 to $3.93 – $4.03.
Risks
The more CrowdStrike extends its platform’s capabilities through its modules, the more it may encounter legacy players with the resources to fight back. For instance, I already mentioned Microsoft, a company that likely won’t make it easy for CrowdStrike to invade its turf. My last article in the “Competitors” section briefly discussed its other primary competitors.
If CrowdStrike experiences a significant breach, the company could quickly lose its reputation. As a major security company, there are probably numerous hacking attempts against the Falcon platform. It only takes one successful hacking attempt to halt CrowdStrike’s rising stock price in its tracks.
The company’s valuation is the most significant risk to consider, which the article will discuss in the next section.
Valuation
Based on several traditional valuation ratios, people may argue that CrowdStrike is too rich for their blood. Its price-to-sales (P/S) ratio is 24.54, significantly higher than the Information Technology sector’s P/S ratio of 2.99. The stock also trades considerably higher than some of the more popular names in the Cybersecurity industry.
One rule of thumb I often use when valuing a stock is comparing the EPS estimated year-over-year growth rate to the stock’s forward P/E ratio in the same fiscal year. If the two values match, I usually consider the stock fairly valued. The following table shows that CrowdStrike’s forward P/E for each fiscal year exceeds the corresponding EPS growth rate—a sign of an overvalued stock.
The following table shows that CrowdStrike’s price-to-FCF (P/FCF) of 89.68 is above its three-year median and well above the Information Technology sector’s P/FCF of 18.33. Some might conclude that the market overvalues the stock.
Let’s look at a reverse discounted cash flow model to see what growth rates the current stock price implies.
Reverse DCF
The third quarter of FY 2024 reported Free Cash Flow TTM (Trailing 12 months in millions) |
$1036 |
Terminal growth rate | 2% |
Discount Rate | 10% |
Years 1 – 10 growth rate | 27.5% |
Current Stock Price (June 5, 2024, closing price) | $342.18 |
Terminal FCF value | $11.997 billion |
Discounted Terminal Value | $57.816 billion |
FCF margin | 31.5% |
Over the next ten years, the implied 27.5% FCF growth rate is aggressive since at least two analysts expect the company to only grow revenue at a compound annual growth rate (“CAGR”) of 24.52% to $27.34 billion over the next ten years. However, the company only achieved a trailing 12-month FCF margin of 31.5% at the end of the first quarter, well below its target range of 34% to 38%. If CrowdStrike reaches an FCF margin of 34%, it would need to grow by 26.4% over the next ten years. If the company achieves an FCF margin of 38%, it would only need to grow FCF at 24.9% over the next ten years. The company should get off to a good start as analysts estimate that CrowdStrike should grow FCF by a compound annual growth rate of 32.31% over the next three years.
Still, if all the assumptions in the above DCF are valid, the company would likely have to reach or exceed an FCF margin of 38% within the next several years or exceed analysts’ revenue estimates over the next ten years, which is possible. Analysts have underestimated CrowdStrike’s opportunity in the past, considering analysts made many upward revisions to revenue and EPS estimates over the last several years. A recent Seeking Alpha article stated, “Over the last three months, the company’s earnings per share estimates have been revised upwards 32 times, while its revenue estimates have seen 18 upward revisions vs. eight downgrades.“
I still rate CrowdStrike a buy despite the valuation
Conservative investors should probably give CrowdStrike a pass. If the company makes the slightest stumble in execution or competition begins to catch up and stunts its revenue growth or squeezes its margins, the stock price would likely significantly decline. One Seeking Alpha analyst believes it is far too expensive to invest in.
Although analysts’ earnings estimates make it hard to justify the stock’s valuation based on forward P/E ratios, Wall Street still rates CrowdStrike a strong buy with an average price target of $399.37, up 16.71% from the June 4 closing price. Wall Street analysts may give the company a high price target despite its perceived high valuation because its fundamental performance justifies it. A recent Seeking Alpha article quotes an Oppenheimer analyst (emphasis added):
“Amidst a challenging wave of software earnings, CrowdStrike continued its consistent execution and turned in another solid quarter,“ said Oppenheimer analyst Ittai Kidron and others in a note. “We believe the company is setting itself apart from the pack, and while this will certainly drive expectations higher, we believe the company can lean on its single-agent architecture and growing platform breadth to sustain its momentum.”
Suppose it is true that CrowdStrike is separating itself from the pack, will gain share from competitors, and will continue upselling existing customers; the odds of CrowdStrike’s future EPS and FCF growth eventually justifying the stock’s current valuation increase. If you are an aggressive growth investor interested in one of the highest-quality stocks in today’s market, consider buying a few shares.