CrowdStrike Stock: Too Much Downside Risk (NASDAQ:CRWD)

CrowdStrike’s (NASDAQ:CRWD) dominance in endpoint security and adjacent markets is becoming more apparent over time. While many cybersecurity companies face an ongoing slowdown, CrowdStrike’s growth appears to be stabilizing at a reasonably high rate given the company’s size, a notion that is supported by robust hiring and reasonably aggressive long-term financial targets. CrowdStrike is leaning into the current situation, suggesting that many of its competitors are struggling because they have flawed products.

This is all extremely positive, but it is difficult to get excited about the stock at current prices. CrowdStrike is already a large company, and it is maturing, leaving a far smaller growth runway than existed a few years ago. The stock can probably still outperform the market from current levels over a longer timeframe but there is a high probability of greater than a 50% drawdown in the event of macro weakness or a shift in narrative.

I suggested that CrowdStrike’s valuation was beginning to look stretched in January. The share price has moved higher since then, although has been fairly flat since the fourth quarter earnings call.

Market Conditions

While deal scrutiny remains elevated, CrowdStrike has stated that the macro environment has been stable in recent quarters. This is a sentiment broadly shared across cybersecurity peers. While end market exposure varies across companies, and could account for differences in outlook, CrowdStrike currently appears as bullish as anyone.

This is supported by a threat landscape that continues to evolve and expose customers to a greater variety and volume of threats. Based on internal research, CrowdStrike believes that attacks are becoming faster. The cloud is also becoming a larger target, with CrowdStrike observing a 75% increase in cloud intrusion attempts over the past year. Generative AI is another negative development, increasing the volume of attacks and enabling more people to perpetrate attacks.

The sophistication and volume of cyberattacks, along with things like SEC reporting requirements, are creating demand for additional tools, supporting growth of the market. CrowdStrike expects its addressable market to grow to 225 billion USD by 2028. Of note is how much of CrowdStrike’s addressable market now lies outside of its core endpoint and SecOps markets.

Not only does the opportunity continue to grow, CrowdStrike’s competitive position also appears to be strengthening. CrowdStrike has characterized most competitors as point products that leave customers trying to create a viable solution from stitched together pieces or “platforms” that are really a bundle of unintegrated solutions. Both of which can lead to high costs and poor outcomes, something that CrowdStrike has suggested is the real reason for customer spending fatigue.

CrowdStrike’s competitive position is demonstrated by its high growth, low churn and stable premium pricing. CrowdStrike believes it can sustain premium pricing as it still provides customers with a lower total cost of ownership.

CrowdStrike Business Updates

CrowdStrike’s business is based around a single lightweight agent that is easy to deploy and doesn’t require a reboot when installed. This is important as it allows CrowdStrike to easily rollout additional solutions and fully leverage the data its large endpoint footprint gives it. The endpoint market still offers CrowdStrike a large growth opportunity as an estimated 50% of the market is still using legacy AV.

Expansion into adjacent verticals is increasingly important to CrowdStrike’s growth though, and this is an area that the company is having enormous success. CrowdStrike’s cloud, identity and LogScale businesses now have ARR in excess of 850 million USD.

CrowdStrike recently added Data Security Posture Management to its cloud security business through the acquisition of Flow Security. Flow offers a cloud data runtime solution which provides continuous and real-time data visibility for both data at rest and data in motion. Something that is becoming increasingly important with the rise of LLMs.

Customers want a holistic cloud security solution that can protect against real-time threats and CrowdStrike can provide this through its single agent and agentless solution. CrowdStrike’s cloud security offering now includes identity, application security posture management, workload protection and cloud data protection.

CrowdStrike’s SIEM business is also beginning to takeoff, with LogScale ARR increasing 170% YoY in the fourth quarter. Over 1,000 customers are using the product, which is a small figure relative to CrowdStrike’s 20,000+ total customers. CrowdStrike believes it has access to around 85% of the core data that goes into a SIEM, which coupled with index free ingestion, creates a compelling solution. CrowdStrike, SentinelOne (S) and Elastic (ESTC) have all suggested that customers are abandoning legacy SIEMs.

CrowdStrike’s identity protection business surpassed 300 million USD ARR in the fourth quarter, more than doubling YoY. The majority of attacks involve identity vectors, making identity protection a critical part of any cybersecurity platform. CrowdStrike has suggested that peers either lack an identity protection solution or offer it as a non-integrated feature.

Falcon for IT has just been made generally available. This product aims to unify IT and SecOps, replacing legacy products with CrowdStrike’s single-agent architecture.

Charlotte AI is also now generally available, although I don’t believe the product will be particularly impactful. Charlotte AI won’t provide meaningful revenue as CrowdStrike appears to be pricing it for ubiquity. Over 80% of beta users believe that Charlotte will save them time, which could help make CrowdStrike’s platform stickier. Most cybersecurity companies plan on offering similar products though and it is not clear any of them will have an advantage.

Financial Analysis

CrowdStrike’s revenue increased 33% YoY in the fourth quarter to 845 million USD. Subscription revenue grew 33% and Professional services revenue was up 26%. ARR was 3.44 billion USD in Q4, up 34% YoY, and CrowdStrike delivered net new ARR of 282 million USD, a 27% YoY increase.

Customer growth remains solid, with CrowdStrike now having 29,000 subscription customers. Customer growth continues to moderate though, pointing the way to a lower growth future. It is worth noting that CrowdStrike is now making greater use of MSSPs and SMBs served through these partners do not show up in the customer count. CrowdStrike’s MSSP business grew triple digits YoY in the fourth quarter.

Customers continue to land larger, initially adopting 4.9 modules on average. CrowdStrike’s dollar-based net retention rate was 119% in the fourth quarter, in part due to the company landing bigger deals. This figure is still relatively high though and demonstrates the success that CrowdStrike is having driving consolidation on its platform.

CrowdStrike anticipates roughly 30% YoY revenue growth in the first quarter of FY2025 and 28-31% growth for the full year. The company is also targeting 10 billion USD ARR within the next five to seven years (16-23% growth). While this is probably a highly conservative public target, it does demonstrate the direction CrowdStrike’s growth is going as the company matures.

The number of job openings mentioning CrowdStrike in the job requirements has been fairly stable over the past 12 months. There is little to indicate a growth reacceleration at this stage but stable demand in the current environment is a positive.

Subscription and service gross profit margins were both solid in the fourth quarter, with CrowdStrike continuing to benefit from scale and economies of scope.

While it often goes overlooked, CrowdStrike’s services are a legitimate business in their own right. Many companies use services as a stealth customer acquisition tool and hence have low or even negative gross margins on their services.

CrowdStrike’s operating profit margin also continue to improve, which is impressive given that CrowdStrike is still investing in growth. Two years ago CrowdStrike’s target operating profit margin was only 20-22%, a figure that has now increased to 28-32%. I have long suggested that CrowdStrike would be highly profitable as the business matures and still think the company is on track for something like a 30-35% operating profit margin.

Operating profitability gains are being driven by sales and marketing expenses. CrowdStrike’s gross retention rate has been consistent at around 98%, which should see the burden of sales and marketing expenses continue to decline as the company matures.

CrowdStrike is still investing aggressively in R&D, which is reasonable given the size of the opportunity and CrowdStrike’s efficiency.

The number of CrowdStrike job openings has increased dramatically in recent months. This stands in stark contrast to most other software companies, who continue to hire at a fairly modest pace. This would seem to indicate expectations of an imminent growth reacceleration, although hiring could begin to weigh on improvements in profitability.

Conclusion

While CrowdStrike’s stock is now trading on an elevated revenue multiple again, I believe most investors still don’t fully appreciate the extent to which CrowdStrike is going to be one of the dominant software platforms in the future. The cybersecurity opportunity is large and continues to grow, providing CrowdStrike with a long growth runway. On a longer time frame, I expect CrowdStrike to move beyond security, further expanding its market. The stock price looks overextended in the near-term though and macro weakness or a stumble by CrowdStrike could easily see the stock full by more than 50%.