Mar 23 2020 - CrowdStrike: A New Theme Emerges

CrowdStrike is well-positioned to take more market share off the expanded monetizable endpoint security market as more businesses adopt remote work.

Its strong competitive positioning will see it beating other players in key RFPs.

Its improved financials and product offerings are compelling.

I have an outperform rating in the near term.

Source: Golden Spiral

CrowdStrike (CRWD) has all it takes to lead the narrative for companies to beef up the security around their endpoint devices as they adopt a remote work operating model. This will make it largely immune to the global business growth decline in the aftermath of the COVID-19 pandemic. As a result, I expect the current growth momentum to be sustained in the near term. With shares cratering near the average revenue and EBITDA multiple of its peers, the case to hold onto shares of CrowdStrike is more compelling as the potential for the company to outperform in coming quarters remains intact.

CrowdStrike reported solid results last quarter. Revenue came in strong, and the improved margins, cash flow, and forward revenue guide were summarily priced into the stock as shares soared more than 20% after its earnings report. Management highlighted a number of favorable positive trends that will continue to favor CrowdStrike amidst COVID-19 induced worries such as its growth in the midmarket, global business expansion strategy as most countries are under lockdown, and revenue renewal and expansion rate as businesses build a moat around their liquidity.

I'll be upgrading my sentiment from a Hold to Outperform in the near term due to management's compelling commentary about CrowdStrike's strength to rewrite the narrative around the consumption of endpoint security solutions amidst the market downturn. My immediate reaction and conviction after the conference call are that any CIO struggling to solve the security conundrum that has been created - as companies provision their employees to work from home - will try to get on the phone with a CrowdStrike sales rep ASAP. Before observing any remarketing ad, I expect competitors like Zscaler (ZS), Proofpoint (PFPT), and CyberArk (CYBR) to be running tons of digital marketing campaigns targeting geolocations where knowledge workers reside in top industrial hubs as they compete for the expanded monetizable market share created by the rapid migration of companies to a remote-based operating model.

The eventual winners will be platforms that are purely cloud-based with little setup cost. CrowdStrike has prepared for this moment all its life. It is the only pure-play cybersecurity vendor that has focused intensely on public, private, and hybrid cloud security deployments for endpoints. A player like FireEye (FEYE), still relies on its hardware appliances, which require heavy human presence and involvement to manufacture, ship, sell, and deploy. Again, remember that we are trying to protect endpoints scattered all over the globe. Products like Nexpose from Rapid7 (RPD), Nessus from Tenable, (TENB) and Qualys Guard from Qualys (QLYS) will have to revamp their go-to-market branding to compete as they are largely vulnerability assessment tools.

Network security vendors like Fortinet (FTNT), Palo Alto (PANW), and Check Point (CHKP) typically want to land with a firewall and expand with their endpoint or cloud security attachment. Closing large enterprise deals in Europe and APJ will be tough to justify during this period. So their sales rep will be on the phone trying to upsell their endpoint and cloud security modules this period.

This leaves us with Blackberry/Cylance (BB) and NortonLifelock (NLOK). My initial assumption heading into the call was that NortonLifelock will hit a home run this period off the strong value proposition of its consumer cyber safety products. That's akin to the Blue Apron (APRN) of cybersecurity. People aren't going to restaurants, so they want a meal-kit to get the whole meal preparation process done themselves. Except that, individuals aren't going to be buying cyber safety solutions if their employees want to protect all devices they can use to access their work email. Also, given that Symantec (web security, cloud security) is now a part of Broadcom (AVGO), it makes sense that analysts focused on understanding Broadcom's plans for its customers during the conference call. With Broadcom's limited understanding and expertise of the average cloud security sales motion, this leaves the final battle to CrowdStrike and BlackBerry/Cylance. If you've followed BlackBerry for some quarters now, the company has been positioning Cylance into its grand IoT security platform strategy, which revolves around a lot of automotive use cases to drive QNX's average revenue per vehicle. Heading into the final RFP pitch, CrowdStrike easily wins each contract because it will be taking a gun to a knife fight with its multiple falcon modules and its new Mandiant-like incident responders all plugging into its proprietary threat graph.

So, when management says it's guiding for 50%-52% revenue growth with positive FCF by the end of the year and continued margin improvement, it isn't far-fetched. Management also highlighted its enviable cash position (2m) and additional credit facility (0m), which means if we flatten the global transmission curve by the end of next week, COVID-19 will be a net positive catalyst to CrowdStrike's revenue growth off the strengthened remote work theme.

This invalidates my previous thesis that endpoint security solutions are getting commoditized. CrowdStrike's strong momentum right now means it will continue to displace weak AV solutions, and names like Eset, Kaspersky, Trend Micro, and McAfee won't be able to hold a candle to its enviable value proposition and momentum.

The added capabilities announced at RSA makes its value proposition even more compelling. The company has now extended its capabilities across all public cloud workloads, and the Falcon X Elite team adds more value to its security platform to plug the talent shortage gap in the cybersecurity consulting space.

CrowdStrike's valuation remains slightly above the borderline of the average cybersecurity M&A deal at 11x P/S and 19x EV/EBITDA. However, if we assume the forward growth guidance will continue the strong momentum as competitors struggle to meet up, then we can expect CrowdStrike to keep outperforming in the near term.

Disclosure: I/we have no positions in any stocks mentioned, and no plans to initiate any positions within the next 72 hours. I wrote this article myself, and it expresses my own opinions. I am not receiving compensation for it (other than from Seeking Alpha). I have no business relationship with any company whose stock is mentioned in this article.