CrowdStrike: The Endpoint Security Leader (NASDAQ:CRWD)

CrowdStrike Holdings, Inc. (NASDAQ:CRWD) is the leading Endpoint security player in the burgeoning field of Cybersecurity – a sector that is seeing renewed attention from Artificial Intelligence threats as AI moves mainstream, gets better and also used by the Dark side, reminding us that even purported panaceas have evil uses too. Recent estimates for TAM, (Total Addressable Markets) like this one from CrowdStrike have skyrocketed to $158Bn by 2026, showing how essential Cybersecurity management will be in the future.

The Cybersecurity Landscape

The Cybersecurity industry has several segments, with network security dominated by the likes of Palo Alto (PANW) and Fortinet, Inc. (FTNT), Endpoint security by CrowdStrike, Microsoft (MSFT) and SentinelOne (S) and access control or ZTNA (Zero Trust Network Access) led by the likes of Zscaler, Inc. (ZS). Some work together like Zscaler and CrowdStrike complementing each other’s offerings while the larger players gravitate towards Single Player SASE (Secure Access Service Edge) bundling several Cybersecurity products to keep the spear phishers and their brethren outside.

According to IDC, within Endpoint security, which grew 27% for the year ended June 2022, CrowdStrike was the market leader with $17.7 market share, closely followed by behemoth Microsoft at 16.4%. Endpoint pure play, SentinelOne was the fastest grower that year growing from 1.7% to 2.8%

Key drivers and trends

Remote access – work from home: The proliferation of end users working from home or remotely, led to the massive growth in the Endpoint security market with end users’ devices like personal computers and mobile phones being popular soft targets and points of entry for threats.

Bigger is better: One of the main trends in Cybersecurity seems to be the migration towards providing end-to-end solutions with several products and modules through a single platform. Since Cybersecurity coverage is so wide, a single offering doesn’t cut it anymore. An industry which is now full of security specialists or pure plays and strong tech giants like Microsoft could eventually coalesce around strong one stop shops.

Major Cybersecurity Segments and Some Key Players

As we can see from the table, each segment has common large players capable of competing in different segments.

While CrowdStrike and Microsoft have about 34% market share, the emergence of single SASE vendors is a likely threat to Endpoint pure plays. As we see below, this segment is dominated by large players like Palo Alto, Cisco (CSCO) and Fortinet, all of whom have Endpoint security capabilities.

Single Vendor SASE (SECURE ACCESS SERVICE EDGE) – Gartner Magic Quadrant

I expect consolidation in the industry based on these findings from Gartner.

Single-vendor SASE offerings deliver multiple converged network and security as-a-service capabilities, — such as software-defined WAN (SD-WAN), secure web gateway (SWG), cloud access security broker (CASB), network firewalling and zero trust network access (ZTNA) — using a cloud-centric architecture.

SASE supports branch office, remote worker and on-premises general internet security, private application access and cloud service consumption use cases. It is delivered primarily as a service and enables zero trust access based on the identity of the user, device or entity, combined with real-time context (such as device security posture) to enforce and govern security and compliance policies. Single-vendor SASE offerings should have a common management plane and data lake across all capabilities.

By 2025, one-third of new SASE deployments will be based on a single-vendor SASE offering, up from 10% in 2022. By 2025, 80% of enterprises will have adopted a strategy to unify web, cloud services and private application access using a SASE/SSE architecture, up from 20% in 2021. By 2025, 65% of enterprises will have consolidated individual SASE components into one or two explicitly partnered SASE vendors, up from 15% in 2021.

Ironically, for all the talk about safety, nothing is safe when it comes to competitors encroaching upon each other’s segments. Going forward, single vendor SASE players could dominate Cybersecurity markets and compete in the Endpoint security segment with their own Managed Detection and Response offerings. The major exceptions would be a) talent gaps in slower, entrenched incumbents and b) strong product expertise from a pure play like CrowdStrike, with best-in-class offerings with many modules capturing several threat areas through a single platform. Being a leader over Microsoft in Endpoint security is testimonial to its strengths.

Similarly, within the SSE (Security Service Edge) or Zero Trust Network segment, which is currently led by Zscaler, there are large competitors like Palo Alto, Cisco and Broadcom (AVGO)

Security Service Edge Gartner Magic Quadrant

Competitors

CrowdStrike at $3Bn in revenues has the highest growth rate of 33% among the larger players, with the much smaller SentinelOne growing just 3 points faster at 36%. The largest player, $5.5Bn, Fortinet is expected to grow at only 20% showing some maturity. Zscaler, which competes with Fortinet and Palo Alto, with $1.6Bn in revenues and 26% growth has the highest P/S multiple of 14.2, but even with 78% gross margins is unprofitable at operating levels with a loss of 14%. Fortinet, which dropped 25% in August after poor guidance, has the best operating profits at 22% and a lower valuation of 9X sales and 40X earnings, but with an earnings growth of 25% has a pretty reasonable PEG of only 1.6.

While CrowdStrike does look expensive at 13X sales, its growth is solid at 33%, its margins have been improving and at 75% gross and -1% operating, it looks very likely to get to GAAP profitability next year in my view.

Buying CrowdStrike

I own CrowdStrike and recommend buying it on declines.

Fast-growing sector: This sector is hot and according to CrowdStrike’s estimates slated to grow at 27% from $76Bn to $158Bn in the next 3 years.

Widening its net: CrowdStrike has been fending off large players by increasing its own product offerings. Last quarter, it cited an increase of 80% for customers using 8 or more modules. One of CrowdStrike’s key strategies is to keep adding products to increase stickiness and partner with the likes of Zscaler to fill gaps. Besides having more products, this dovetails perfectly with its Land and Expand Strategy, which has seen NRR grow over 120%, over the last 4 years. As market segment lines get blurred and customers slowly migrate to large SASE end to end vendors, CrowdStrike is doing well with its land and expand strategy, firming itself as a vendor addressing several components.

Growing with channel partners like Amazon (AMZN): In Q2 FY2024, 64% of its growth came from channel partners with CrowdStrike being AWS’s leading Cybersecurity partner.

An integrated Cybersecurity platform: One of CrowdStrike’s competitive advantages is having a security platform and not security point products. Building integrated modules is key to detecting and fending off threats and providing a single integrated platform to clients, which is better and easier for them to use and CrowdStrike to service.

CEO and Co-Founder, George Kurtz, gave this example from the Q2-earnings call.

Let me share several recent new customer wins that speak to this. First is a major auto manufacturer that tried but failed to consolidate their security on Microsoft E5. This company’s security team quickly realized Microsoft’s complexity, multiple consoles, lack of integration, miss detections and complex deployments hampered their ability to defend themselves and consolidate. This customer is now consolidating on the Falcon platform with Falcon Complete for Endpoint, Identity and Cloud. Now with a single agent, single user interface and single platform, they have complete visibility across their end points, cloud and identities and the ability to stop threats in real time. By moving from expensive Microsoft E5 to CrowdStrike, organizations can save 50% plus per user per year on Microsoft licensing costs, adding up to millions of dollars of savings.

Strong enough to fend off larger competition: I spoke with two experts in Cybersecurity, a VP who buys security and network solutions for a large company with offices and workplace locations in North America and Europe and a senior partner in a security consulting firm and gleaned the following.

There is a shortage of Cybersecurity talent with deep knowledge of specific vendor products. I believe that employee retention and increased skill sets will be key as threats increase. Expert knowledge is key to choosing vendors and both often bemoaned the lack of expert support in difficult situations. However, on the plus side, they maintained that they had not seen major Cybersecurity budget cuts in the last 10 years. The VP who’s a large buyer of network security equipment also mentioned that he’s often besieged by large vendors claiming to be experts in Endpoint security, when as an industry veteran he’s absolutely sure that this is not their core strength and — when it comes to security he would not comprise. Similarly, the senior partner for the large cybersecurity practice also ensures that he never allows his clients to compromise on security, regardless of the bundled cost savings – to him security was too important an issue to accept inferior products. Thus, I believe that pure plays like CrowdStrike will continue to do well in spite of bundling trends and large competitors, but they have to expand modules and offerings, maintain quality and retain experts, that is key. Between Endpoint security and network firewalls there are several threats and realistically you must try and prevent them by continuing to add products. Pre-covid the Endpoint was so much smaller, and even with the efforts to bring folks back to the office, WFH will likely never reverse. Besides, with the advent of AI, the dark side will also get darker ensuring strong demand for the Cybersecurity industry

As we can see from the table above, the torrid growth of 67% in the last three years has come down to 33% in the next 3, which, while pales in comparison, is still excellent growth! I’m also very impressed with the steady growth in GAAP gross margins to 75-76% from 70% in FY2020. On an Adjusted basis, CrowdStrike is very profitable with an estimated $607Mn or 20% of revenues and should throw up a lot of operating of cash of $920Mn in FY2024 or 30% of revenues! CrowdStrike was also GAAP profitable in 1H FY2024, but that was due to interest income; I would rather focus on operating metrics.

It’s also expected to grow ARR at 37% this year, in line with total revenue and expects $ based NRR over 120% in FY2024, in line with targets, besides a gross retention rate of 98%. Management also guided to less than 2% dilution due to SBC this year and less than 3% next year, which is fair for a fast grower.

Sure, the Forward Sales multiple is high at 13, but high revenue and earnings growth offset some of it with P/S coming down to 7.7 in FY2027 when it still expects 30% revenue growth. I would accumulate slowly in the $140-165 range. This is a market leader with high growth in a secular growth industry.