CrowdStrike: Solid Growth With AI Data Advantage (NASDAQ:CRWD)

CrowdStrike (NASDAQ:CRWD) is a leading cybersecurity company that was an early adopter of Artificial Intelligence [AI]. Almost every company is now talking about “AI”, but you can see in my prior post (written over one year ago), AI has always been part of CrowdStrike’s core value proposition and messaging. Its threat intelligence and core algorithms have used AI from day 1 to detect anomalies and thus potential breaches. CrowdStrike’s CEO recently referred to AI as an “Arms Race” and I believe the company has a data advantage in this regard. Even without the AI tailwind, the company has continued to produce solid financial results as the business beat both top and bottom line growth estimates for Q1,FY24. In this post, I’m going to break down the company’s AI advantage before revealing my new valuation and forecasts for the business; let’s dive in.

AI Data Advantage

CrowdStrike’s primary product is its Falcon platform, which was rated as a leader by Gartner for endpoint security. For those who are unaware, “endpoints” are basically the devices at the edge of the network, this includes laptops, PCs etc. These are often the most vulnerable areas for breaches as that is where the user interacts with the network. CrowdStrike has also expanded into Cloud Security, Identity Protection, Threat Intelligence, Observability, and many more areas. The company’s primary value proposition is to provide a consolidated technology stack for Cybersecurity. This simplifies updates and reduces costs for Chief Information Security Officers [CISOs], who would have previously purchased single-point solutions.

The company’s competitive advantages have continued to grow in the AI industry. For example, I believe large language models [LLMs] will effectively become commodities, as any company can access Open AI’s models and even Meta has released its LLaMa model which is smaller but requires less computing power to train. Therefore, the real winners in the AI space will be the companies with a proprietary data advantage. I believe CrowdStrike is one of these companies as with every customer it signs up, it collects more data on threats (trillions of new events daily) which further informs and enhances its algorithm. This compounds on top of a decade of threat graphs and attack threat data. Its “OverWatch” system then uses humans to react with rapid incident response, and this also helps with the governance of its AI system.

Microsoft (MSFT) is also a Gartner leader in endpoint security with its E5 suite and Defender. However, CrowdStrike disclosed in its earnings call that it wins 8 out of 10 enterprise deals, against Microsoft. Now of course, this may be biased information, but the company does back it up with logic and strong messaging which states Microsoft systems are “more complex” and can even be a higher cost. For example, if a customer upgrades from E3 to E5, this can cost around $2.3 million more than a CrowdStrike subscription, according to management on its earnings call.

The forecasted growth in the AI industry is also expected to introduce more threats, as hackers can use the systems to create malicious code and run attack bots at scale. This is a negative for the number of breaches, but could also act as a catalyst for companies to increase the purchase of secure software.

In late May 2023, CrowdStrike launched a new generative AI product called “Charlotte AI”. This is basically an AI-powered security analyst that can be asked various questions about the system. Unlike many gimmicky generative AI products which have been launched, I believe this actually provides value. For example, a human analyst can ask details on which threats their system has seen and even the best remediation actions. This system also enables a security leader to prepare for reporting to the C-suite and answer specific questions easily.

The business has also scored a partnership with AWS and is utilizing its latest AI Bedrock service to build applications on top. I believe this was spurred on by a common competitor (Microsoft), and signals a split in the industry, as technology companies “pick a side”.

Growing Financials

CrowdStrike reported solid financial results for the first quarter of the fiscal year 2024. Its revenue increased by a rapid 42% year over year to $693 million and beat analyst forecasts by $16.4 million. The vast majority of this revenue ($651.2 million) was derived from subscription services, which rose by 42% YoY. Professional services revenue also continued to grow by a rapid 48% year over year to $41.4 million, as enterprises executed implementation projects. ARR or Annual Recurring revenue rose to a staggering $2.73 billion, up a solid 42% year over year.

Despite the solid figures, its revenue growth rate is slightly slower than the blistering 66% YoY growth reported in 2022 and 82% reported in 2021. However, given the tough macroeconomic environment, I expected a slowdown in growth rate. I personally believe this will reverse thanks to the aforementioned industry trends related to AI, which I will discuss more on in the “Valuation and Forecasts” section.

CrowdStrike also has a solid “land and expand” growth model, and the first quarter was punctuated by a mix of new customer wins and cross-sells. Its customers which have adopted over five modules now represented 60% which is substantial. I believe these cross-selling opportunities can be further enhanced with new products such as Charlotte AI.

Global markets also offer a runway for growth, and international revenue grew by a solid 53% year over year.

Moving onto margins, CrowdStrike reported a non-GAAP gross margin of 78%, which was a new record. This was driven by the optimization of its workloads and data center investments, which I believe will continue to result in a payoff as the company scales.

Its non-GAAP operating expenses have also begun to stabilize as they contributed to 61% of revenue in Q1,FY24, as opposed to 60% in the prior year, despite a large net increase. Again, I believe this will continue to improve as the company scales its brand, which should enable sales and marketing costs to be managed more efficiently.

Its operating loss improved from a $23.9 million loss in Q1,FY23 to negative $19.5 million as of Q1, FY24. Surprisingly, the business reached break even on an earnings per share [EPS] basis, which beat analyst forecasts by $0.10.

Overall, the business has a robust balance sheet with $2.93 billion in cash, cash equivalents, and short-term investments. Its total debt is $794.4 million, of which the vast majority is long-term debt.

Valuation and Forecasts

In order to value CrowdStrike, I have plugged its latest financial data into my discounted cash flow model. I’ve increased my prior estimate of 33% growth for “next year” or the next four quarters to 35%. This is based on an extrapolation of the mid-range of managements guidance. I also expect the business to receive tailwinds from the growth of its new AI products (Charlotte AI) and industry fear regarding AI threats which should make the psychological adoption threshold by decision-makers, more urgent, shortening sales cycles.

In years 2 to 5, I have revised up my growth rate forecast by 3% to 43% per year. I expect this to be driven by a recovery in the macroeconomic environment, as well as continued growth in its core business. Driven by industry trends such as cybersecurity tech stack consolidation, cloud security and of course AI.

In terms of margins, I have kept my long-term forecast at 23% (the average for the software industry) over the next 10 years. I have set my model up to gradually scale to this figure, with an 11.72% margin expected by year 5.

Given these factors, I get a fair value of $189 per share. The stock is trading at $151 per share at the time of writing, and thus is ~20% undervalued.

The company also trades at a price-to-sales (P/S) ratio equal to 14.5x, which is 54% cheaper than its 5-year average.

Risks

Competition/Public Breach

There are many companies in the cybersecurity industry that are following similar tactics to CrowdStrike. Prime examples include SentinelOne (S) and Check Point (CHKP) which is offering a similar consolidation strategy. Then of course we have the elephant in the room, Microsoft, which has the firepower to continue to improve its system. A positive is I believe CrowdStrike has the strongest messaging and clear value proposition. Another risk for the business is a public breach of one of its prime customers, which could damage the firm’s brand. In addition, the company offers a “Breach Prevention Warranty” which can pay users up to $1 million in the case of a breach. I previously spoke to a former penetration tester and founder of a cybersecurity company (non-competitor), who had an exit from his last business. In his opinion, this warranty was a “risk” to the business. The only silver lining is, if we look at this as a simple insurance policy, it is all about how effective the underwriting is. The policy was also launched in 2018 and so far I have not recalled any major issues (comment below if you are aware of some). Competitor Sophos (OTCPK:SPHHF) also launched a similar $1 million warranty in 2022.

Final Thoughts

CrowdStrike is a tremendous company that is poised to benefit from continued growth in the cybersecurity industry and vendor consolidation. I cannot fault the business with regard to its upsell/cross strategy and its roots in the AI industry, which in my opinion means it has a head start against competitors. I have given the company bold growth targets, but these are achievable given prior growth rates. As my valuation model and forecasts indicates the stock is undervalued intrinsically, I will deem it to be a “buy” for the long term.