CrowdStrike Holdings Fundamental Analysis
Disclaimer: This article by The Globetrotting Investor is general in nature. We aim to bring you long-term focused analysis driven by fundamental data, hence, providing you commentary based on historical data and analyst forecasts only using an unbiased methodology. This is not a buy/ sell recommendation, and it is solely for educational purposes. Please do your research before investing. Note that our analysis may not factor in the latest price-sensitive company announcements or qualitative material. Please read the full disclaimer here.
CrowdStrike Holdings
Last Updated: 24 Jul 2024
NASDAQ: CRWD
GICS Sector: Technology
Sub-Industry: Software - Infrastructure
Table of Contents
You can download a summary of CrowdStrike Holdings' fundamental analysis in PDF here.
Management
CEO: George Kurtz
Tenure: 12.7 years
George R. Kurtz, a seasoned cybersecurity veteran with over three decades of experience, stands at the helm of CrowdStrike as its CEO and co-founder. Before this, he held pivotal executive roles at McAfee, including the CEO and CTO positions. Kurtz’s entrepreneurial spirit is evident in his co-founding of Foundstone, a security firm successfully acquired by McAfee. A respected industry authority, he has penned bestselling cybersecurity books and graced the stages of prominent industry conferences.
Kurtz’s academic foundation rests on a Bachelor of Science in Accounting from Seton Hall University. His professional certifications as a Certified Information Systems Security Professional, Certified Information Systems Auditor, and Certified Public Accountant underscore his deep technical expertise.
Under Kurtz’s leadership, CrowdStrike has forged a strategic partnership with Dell to deliver comprehensive Managed Detection and Response services. The company has also earned recognition as a Leader in the 2023 Gartner Magic Quadrant for Endpoint Protection Platforms. Demonstrating a forward-thinking approach, Kurtz has initiated a collaboration with AWS to explore the potential of generative AI applications.
Let us now analyze the CEO’s compensation.
CrowdStrike Holdings CEO Compensation Analysis. Source: Simply Wall St
The total compensation refers to the sum of all forms of payments and benefits received by the CEO per year. This can include salary, bonus, stock options, and other perks.
The graph above shows that the CEO’s compensation has been consistent with the company's performance over the past year, which can generally be a positive indication.
When a CEO's pay reflects the company's success, it suggests their interests are aligned with shareholders. If the company thrives, the CEO benefits too. This incentivizes the CEO to make decisions that boost the company's long-term value.
Looking broadly at CrowdStrike Holdings’ management team, it has an average tenure of 10.9 years. It is considered experienced.
Business Overview
CrowdStrike, founded in 2011, redefined cybersecurity for the cloud era. The company recognised traditional security systems’ limitations and developed the AI-native CrowdStrike Falcon XDR platform. This cloud-based platform leverages artificial intelligence to analyze vast amounts of security and enterprise data, delivering modular solutions through a single agent.
Designed to consolidate cybersecurity, the Falcon platform integrates data from various enterprise sources, enabling AI-driven threat detection and prevention. By replacing legacy systems, it offers a unified approach that enhances capabilities while reducing complexity and costs. CrowdStrike believes this model has created a new category, the Security Cloud, which transforms the cybersecurity industry akin to the cloud revolutionizing other sectors.
CrowdStrike’s Falcon platform leverages cloud technology and AI to deliver automated protection and advanced threat intelligence. It safeguards endpoints, cloud workloads, identities, and data across various environments. The platform’s 27 cloud modules, accessible through a SaaS subscription, cater to multiple security markets.
For instance, the Falcon Prevent module provides antivirus protection, safeguarding endpoints from various threats, including malware and ransomware. It offers rapid deployment and immediate protection.
The Falcon Insight XDR module focuses on detection and response. It leverages AI to analyze vast data, identifying and responding to threats in real-time. Meanwhile, Falcon Cloud Security offers comprehensive protection for cloud workloads, including cloud security posture management and cloud infrastructure entitlement management. It provides visibility and control over cloud resources, helping organizations mitigate risks.
CrowdStrike Falcon platform. Source: CrowdStrike
Falcon’s core components are a lightweight agent and graph technology. The agent deploys quickly, providing protection without performance impacts. It collects data for the Security Cloud, enhancing AI algorithms and enabling real-time threat prevention. CrowdStrike’s graph technology correlates vast amounts of data, forming the Threat Graph, Intel Graph, and Asset Graph. These graphs provide insights for threat hunting, investigation, and risk management.
Threat Graph: This graph utilizes AI and behavioral pattern-matching to analyze trillions of cybersecurity events, identifying and linking suspicious activity to prevent threats in real-time across CrowdStrike's global customer base. It also provides increased visibility for proactive threat hunting and timely threat detection and remediation.
Intel Graph: This graph analyzes and connects data and threat intelligence to visualize the connections between adversaries and attacks. It helps prioritize investigations and gain a deep understanding of the threat landscape. The latest intelligence on adversaries, tactics, techniques, and procedures is delivered seamlessly within the CrowdStrike Falcon platform and mapped to the MITRE ATT&CK® framework.
Asset Graph: This graph dynamically monitors and tracks the complex interactions among assets, providing a single holistic view of the risks those assets pose.
CrowdStrike operates as one operating and reportable segment but has two main revenue streams: Subscription revenue and professional services revenue
The company's Falcon Platform technology solutions are subscription SaaS offerings and fees are based on subscribed solutions and the number of endpoints purchased. Professional services, including incident response, surge forensic and malware analysis, and attribution analysis, are available through time and material and fixed-fee agreements.
CrowdStrike Holdings Reportable Segment Revenue for the fiscal year ended 31 Jan 2024. Source: Gurufocus
CrowdStrike Holdings Revenue Geographic Breakdown for the fiscal year ended 31 Jan 2024. Source: Gurufocus
Trends, Competition, and Strategy Overview
The Evolving Threat Landscape
The cybersecurity landscape has dramatically shifted. Adversaries, empowered by state-backed resources, organized crime, and readily available tools like generative AI, unleash increasingly sophisticated attacks on industries from technology and finance to healthcare and government.
These attacks typically begin with a foothold on endpoints, escalating to credential theft, lateral movement, and ultimately, data encryption, destruction, or exfiltration.
The modern workplace, characterized by remote work, cloud adoption, and a proliferation of connected devices, exponentially expands the attack surface. The COVID-19 pandemic accelerated this trend, forcing organizations to adapt to a distributed workforce rapidly. Compounding this issue is a severe shortage of skilled cybersecurity professionals, leaving organizations vulnerable to overwhelming attacks.
In this complex environment, organizations seek to streamline their security operations. They desire fewer, more efficient products that deliver immediate value and reduce costs. Traditional security solutions, however, often hinder rather than help.
On-premise products struggle with data integration and analysis, while cloud-extended versions inherit these limitations. Fragmented platforms, built through acquisitions, create complexities that slow response times. Furthermore, signature-based security is ineffective against evolving threats, easily bypassed with minor modifications.
Malware-centric approaches also fall short as adversaries increasingly employ non-malware techniques like credential theft and social engineering. Even application whitelisting, designed to restrict executable processes, is vulnerable to fileless attacks exploiting legitimate applications.
A Tailored Security Solution
CrowdStrike's Falcon platform offers a cloud-native approach to security, addressing the evolving threat landscape. This platform leverages a unique combination of crowdsourced data, advanced AI, and a single lightweight agent to deliver comprehensive protection.
By aggregating vast amounts of security data into its Security Cloud, CrowdStrike continuously refines its AI models, resulting in high detection rates and low false positives. This crowdsourced intelligence benefits all customers. The platform's architecture, built around three core graph databases, provides context-rich insights into threats, adversaries, and assets, enabling swift and informed decision-making.
Unlike traditional, siloed security solutions, CrowdStrike offers a unified platform encompassing endpoint detection and response, extended detection and response, identity threat protection, threat intelligence, and more. This consolidation simplifies security operations, reduces costs, and improves performance by eliminating the need for multiple agents. The Falcon platform's single intelligent agent streamlines deployment across various endpoints, minimizing user disruption.
CrowdStrike prioritizes speed and efficiency. Its cloud-native architecture allows for rapid deployment and scaling, eliminating lengthy implementation processes. Furthermore, the platform's real-time ability to activate new modules accelerates response times.
Recognizing the challenges posed by sophisticated, malware-less attacks, CrowdStrike combines automation with human expertise. Falcon Complete provides managed security services, while Falcon OverWatch offers dedicated threat hunting. This hybrid approach leverages the strengths of both humans and machines to counter advanced threats. By automating routine tasks, CrowdStrike empowers security teams to focus on high-value activities.
CrowdStrike's Go-to-Market Strategy
CrowdStrike primarily distributes its Falcon platform through a direct sales force supported by a network of channel partners. The company employs a land-and-expand strategy, focusing on customer acquisition and expansion.
CrowdStrike aims to expand its customer base with the Falcon platform, growing through free trials and channel partnerships. Existing customers drive further growth, deploying more endpoints and cross-selling cloud modules within organizations. The platform's ability to add new modules without additional agents facilitates this expansion. The company's high net retention rate underscores the success of this strategy.
Leveraging its cloud-native architecture, CrowdStrike enters new markets by rapidly developing and deploying new cloud modules. For instance, Falcon Discover extends beyond security into areas like asset management and cost optimization.
CrowdStrike has expanded its customer base beyond large enterprises to include smaller organizations with its inside sales team and Falcon Complete solution. The company actively pursues the U.S. public sector, securing key contracts and achieving widespread adoption among state governments. CrowdStrike is investing in expanding its global operations, including increasing headcount and data center presence, to fuel international growth.
CrowdStrike Holdings Economic Moat
There are many ways to identify CrowdStrike Holdings’s economic moat, but I focus on these 5 sources. The rating is purely subjective and is based on my in-depth understanding of the company.
CrowdStrike Holdings Economic Moat
Economic Moat: Wide
CrowdStrike boasts a wide economic moat primarily due to significant customer switching costs inherent in its endpoint security platform. Endpoint security is a crucial part of modern IT security. CrowdStrike's strong net retention and customer growth show its market leadership and platform value.
CrowdStrike's main product, the cloud-based Falcon platform, offers over 20 modules with services, including threat intelligence, response, and endpoint and cloud workload security. Its per-agent pricing model allows for rapid scaling and upselling. Falcon automates threat detection, freeing up IT security teams to focus on strategic security initiatives.
Switching to a different vendor creates a ripple effect of enterprise pain points. When a company decides to switch from CrowdStrike's Falcon platform to a different vendor, it faces several challenges. Security-related data loss during a vendor switch can be catastrophic, as companies rely on historical data to identify patterns and potential threats, potentially leaving them vulnerable to future attacks.
Moreover, project execution for switching vendors is complex and time-consuming, requiring careful planning, testing, and migration, which can disrupt normal IT operations. Operational disruptions during the switch can further leave a company vulnerable, creating security gaps that attackers can exploit.
These factors translate into substantial switching costs for CrowdStrike's customers. The more pervasive a vendor's solutions, the higher the switching costs. Enterprises prioritize performance over price when selecting vendors, focusing on features aligned with their specific needs.
A network effect in which a product or service becomes more valuable as more people use it complements CrowdStrike's high switching costs.
Cybersecurity is fundamentally a data-driven challenge, requiring AI-powered solutions to address the overwhelming volume of threats. In CrowdStrike's case, the more data its platform collects from a larger customer base, the better it can detect threats. Its AI platform leverages trillions of daily signals, providing a vast dataset to refine its offerings. By uncovering threats and sharing insights across its customer base, CrowdStrike reinforces its platform's value proposition.
This network effect, symbolized by the company's name, creates a virtuous cycle of data accumulation, threat detection improvement, customer acquisition, and increased switching costs.
CrowdStrike Holdings Performance
Has CrowdStrike Holdings’ revenue consistently grown year over year for the past five years? Yes.
Is the net income consistently increasing year over year for the past five years? CrowdStrike’s net income only turned positive in the fiscal year of 2024.
Has the cash flow from operating activities shown consistent year-over-year growth for the past five years? Yes.
Has the free cash flow remained positive for the past five years? Yes.
Is the gross margin % consistent or growing over the past five years? It has increased from 70.6% in 2020 to 75.3% in 2024.
Has the EPS shown growth over the past five years? CrowdStrike’s net income only turned positive in the fiscal year 2024, so EPS was only positive in 2024.
Annual Recurring Revenue (ARR) is a financial metric used to measure the recurring revenue a company expects to generate from its existing customer base over the next 12 months. It is a crucial indicator of a company's financial health and growth potential, especially for subscription-based businesses.
A high ARR indicates a strong customer base that consistently renews subscriptions and potentially expands their usage of the company's products or services.
CrowdStrike’s ARR surged 34% year-over-year to $3.4 billion by January 31, 2024. This represents a net new ARR of $875.5 million for fiscal 2024. In the previous year, ARR climbed 48% to $2.6 billion, with $828.4 million in net new ARR.
Total revenue skyrocketed 36% to $814.3 million in fiscal 2024, with subscriptions contributing 94%. Subscription revenue itself leapt 36% to $758.9 million due to new customer acquisitions and expanded sales to existing clients. Professional services revenue also grew by 43% to $55.4 million, primarily driven by increased service hours.
Total cost of revenue climbed 26% to $154.5 million in fiscal 2024, with subscription costs rising 23% to $119.1 million. This increase stems from factors including a 34% headcount surge, data center equipment depreciation, internal-use software amortization, overhead costs, stock-based compensation, software licenses, and employee benefits.
Professional services costs jumped 40% to $35.4 million, primarily due to a 27% headcount increase, consulting expenses, stock-based compensation, and overhead costs.
CrowdStrike Holdings Revenue, Net Income, Operating Cash Flow, and FCF (USD Million)
Has free cash flow per share increased over the last five years? Yes, it has increased.
CrowdStrike Holdings FCF per Share
Management Effectiveness
Has CrowdStrike Holdings’ ROE stayed within or above the 12%-15% range year over year for the past five years? No, it turned positive only in 2024.
CrowdStrike Holdings Return on Equity
A company having a ROE lower than the industry average is generally not a good sign for investors.
ROE measures a company's profitability relative to its shareholders' equity. A lower ROE than its peers may indicate that the company struggles to generate profits efficiently. This could be due to factors such as lower profit margins, higher operating expenses, or underutilization of assets.
Has the ROIC stayed within or above the 12%-15% range year over year for the past five years? No, it has been negative for the past five years.
CrowdStrike Holdings Return on Invested Capital vs Weighted Average Cost of Capital
When a company’s ROIC is lower than the WACC, it is not generating enough profit from its investments to cover the cost of that capital. It is essentially losing money on its investments. This is a sign of inefficiency and could indicate the company is destroying shareholder value.
The trendline for the number of shares outstanding is increasing, which would not please an investor.
CrowdStrike Holdings Shares Outstanding (Million Shares)
CrowdStrike Holdings Financial Health
CrowdStrike Holdings Financial Health (USD Million)
Current Ratio: 1.8 (pass my requirement of >1.0, but <3.0)
I use the current ratio instead of the quick ratio to analyze the company’s liquidity. This is because I want a general overview of its financial health.
The trend of its current ratio has been decreasing over the past five years, but it is still at a healthy level. However, if the trend continues, it could indicate the company is struggling financially and may have difficulty covering its operating expenses.
CrowdStrike Holdings’ current ratio over the past five years against its five-year median.
CrowdStrike Holdings’ current ratio is better than its industry average of 1.7, which is above the industry median.
Debt-to-EBITDA: 2.2 (pass my requirement of <3.0)
This ratio measures a company's ability to pay off its debt with its operating income. A higher ratio may indicate higher financial risk, while a lower ratio suggests more manageable debt levels relative to earnings.
I use the debt-to-EBITDA ratio instead of the net debt-to-EBITDA ratio because I want a straightforward view of the company's gross leverage, focusing on the total debt burden without accounting for cash reserves.
Debt-to-EBITDA can present a more conservative view of a company's financial risk by not considering cash. It is useful for me to understand the worst-case scenario regarding the company's ability to service its debt. Also, it helps that every company has different cash management strategies.
CrowdStrike Holdings’ debt-to-EBITDA ratio only turned positive in 2024 as its EBITDA improved. When compared to its industry, its debt-to-EBITDA ratio is worse, as it is above the industry median of 1.1.
Debt Servicing Ratio: 2.0% (pass my requirement of <30.0%)
CrowdStrike Holdings’ short-term assets exceed its short-term liabilities. Its short-term assets also exceed its long-term liabilities.
CrowdStrike Holdings Stock Performance
The stock graph below shows the cumulative total return to our stockholders between 12 Jun 2019 and 31 Jan 2024, compared to the Standard & Poor’s 500 Index, Standard & Poor Information Technology Index, and the Nasdaq 100 Index.
All values assume a $100 initial investment, and data for the Standard & Poor’s 500 Index, Standard & Poor Information Technology Index, and the Nasdaq 100 Index assume dividend reinvestment.
Stock Performance. Source: CrowdStrike Holdings 10K
CrowdStrike Holdings Intrinsic Valuation
Estimated intrinsic value: USD $134.90
Value is calculated using the discounted cash flow method (considering their cash and debt) and scenario planning.
Average free cash flow used: USD $850M
Projected growth rate: 13% - 20%
Beta: 1.0
Discount rate: 8.0%
Ideal margin of safety: 30% (Uncertainty: Mid)
Price range after the margin of safety: <USD $95.00
Date of calculation: 23 Jul 2024
CrowdStrike Holdings Valuation
I use the past 5 years' free cash flow and apply a weighted average, giving more focus on the recent years. I then round the average to the nearest tens. In some instances, I use a more realistic number to represent the free cash flow.
The total debt and cash and short-term investments are the last quarter figures that are rounded to the nearest tens. In some instances, I use more realistic numbers to represent them.
CrowdStrike Holdings Intrinsic Valuation
CrowdStrike Holdings Relative Valuation
CrowdStrike Holdings Price-Earnings Ratio vs its Peers
It is not meaningful to track CrowdStrike Holdings' price-earnings ratio for the past 5 years, as its earnings only turned positive in 2024.
Additional Resources
I recommend reading The Five Rules for Successful Stock Investing as it greatly helps in my stock analysis. If you want a complete collection of recommended books, please visit here.
My Concerns
CrowdStrike’s success hinges on its ability to outpace a rapidly evolving cybersecurity landscape. Failure to innovate and adapt will erode its market position. Sustained growth demands anticipating and countering emerging threats. The Falcon platform must continually evolve to maintain its edge.
While significant research and development is crucial, turning these investments into successful products requires flawless execution, market acceptance, and effective sales strategies. Any missteps can undermine competitiveness and financial performance.
CrowdStrike operates in a fiercely competitive market. Established rivals and new entrants battle for market share. Failing to adapt to changing customer demands, industry standards, and increasingly sophisticated threats can cripple the business. Competitive advantages stem from product capabilities, talent, partnerships, and marketing prowess. However, competitors often possess greater resources, established brands, and larger customer bases.
AI is reshaping the industry. Competitors who harness AI effectively may gain a significant competitive edge. Strategic partnerships and acquisitions can also accelerate rivals’ abilities to offer comprehensive solutions. These pressures could lead to price wars, declining sales, and reduced market share. Even with robust demand for cloud-based security, competitors might leverage their established products to hinder CrowdStrike's market penetration.
As a leading security provider, CrowdStrike is a prime target for cyberattacks. A successful breach can devastate its reputation and finances. While the company invests heavily in security, the evolving threat landscape and human error create ongoing vulnerabilities. A data breach could damage customer relationships and hinder future growth. Although CrowdStrike maintains insurance, there's no guarantee of adequate protection against substantial claims.
CrowdStrike presents an intriguing investment opportunity characterized by a wide economic moat, improving performance, and a robust balance sheet. The company’s ability to innovate and capitalize on the escalating cybersecurity threat landscape is promising. However, investing in CrowdStrike carries significant uncertainty, as the technology sector is highly dynamic. To mitigate risk, a prudent investor should seek an ideal margin of safety of approximately 30%, allowing for potential fluctuations in the company's valuation and market conditions.
Please help us report any inaccurate information here. Thank you.