CrowdStrike (NASDAQ:CRWD) differentiated itself from the software and cybersecurity space by producing a strong set of results to start the new fiscal year.
Not only did CrowdStrike continue to drive consolidation on its platform, its demand remains strong, and it reached a record pipeline for the second quarter, all while delivering profitability to new heights.
FY1Q25 review
Net new ARR grew 22% in the first quarter to $212 million, while ending ARR grew 33% from the prior year, coming in at $3.65 billion, 55 basis points ahead of expectations.
This indicated strong demand across the platform and win rates that was consistent with the prior quarter. In addition, CrowdStrike has built a record pipeline for the second quarter as the Falcon platform continues to drive consolidation.
First quarter overview (CrowdStrike)
The number of deals with eight or more modules grew 95% from the prior year.
Subscription customers with five, six and seven or more modules grew to 65%, 44% and 28% of subscription customers respectively
The number of deals involving its emerging cloud, identity and next-generation SIEM modules more than doubled from the prior year.
Consolidation in the platform (CrowdStrike)
Revenue grew 33% to $921 million in the first quarter, 2% ahead of consensus expectations.
Record gross margins were achieved in the first quarter, which grew 26 basis points from the prior year to 78%, as a result of investments in data center and workload optimization, along with a consistent pricing environment.
Growth profile (CrowdStrike)
Operating expenses came in at $523 million, and as planned, the company increased the pace of hiring, growing headcount by 15% in the quarter. This investment in hiring will enable CrowdStrike to achieve its goal of scaling to $10 billion ARR.
CrowdStrike continues to bring in the highest caliber talent in cybersecurity, which is very evident by its acceptance rate for hiring.
Out of more than 687,000 job applications to CrowdStrike, only a low single digit thousands of these are hired, implying a less than 0.5% acceptance rate.
Operating income grew 72% to $199 million, 4% ahead of consensus expectations, with operating margin improving to 22%, up from 17% in the prior year.
Lastly, EPS came in at $0.93 per share, growing 63% from the prior year, 4% ahead of consensus expectations, and once again, the company delivered GAAP profitability.
Profitability profile (CrowdStrike)
Free cash flow generation was strong, as free cash flows grew 42% from the prior year to reach $322 million, which was 3% ahead of consensus expectations.
As a result, CrowdStrike is operating at a Rule of 68 based on a free cash flow basis.
Outlook
While CrowdStrike has seen consistently strong win rates, a record pipeline and larger platform deal sizes, management is mindful that the macro environment remains challenging.
As such, management continues to maintain a consistent and prudent approach when guiding for the fiscal year 2025 and next quarter.
Management assumes net new ARR for the second quarter is at least double digits, up from the low teens earlier.
This is one of the stronger guides within cybersecurity, which speaks to confidence in net new ARR, given the strong pipeline and win rates the company has been consistently achieving.
Management expects revenue to come in between $958.3 million and $961.2 million in the next quarter, growing 31% from the prior year, 1% ahead of consensus expectations.
In addition, income from operations is expected to come in between $208.3 million and $210.5 million, 2% ahead of consensus expectations, while EPS is expected to come in between $0.98 and $0.99, 9% ahead of consensus expectations
CrowdStrike is raising its full fiscal year 2025 guidance.
Revenues are expected to come in between $3,976.3 million and $4,010.7 million, growing 30% to 31% from the prior year. Revenue was raised about 1% based on the midpoint of the guidance.
Income from operations is expected to come in between $890.1 million and $916.5 million, while EPS is expected to come in between $3.93 and $4.03.
Income from operations was raised about 2% based on the midpoint of the guidance, while EPS was raised about 3% based on the midpoint of the guidance.
Free cash flow margin guidance for fiscal year 2025 is maintained at the earlier 31% to 33% of revenues.
Guidance (CrowdStrike)
Consolidation and competition
I think we are starting to see CrowdStrike as one of the few beneficiaries of the platform consolidation trend.
This comes as customers are not just looking at the depth of security offerings, but also the cost involved.
From the cost perspective, CrowdStrike shared that for each $1 invested into Falcon solutions, its customers saved $6 in cost savings, based on a recent IDC report.
The launch of the Falcon Flex subscription model enables customers to eliminate procurement and legal cycles, purchase and use what they need
CrowdStrike even said this, in somewhat an offense to Palo Alto Networks (PANW), which is giving away free products in the near-term to encourage more customers to adopt more products on its platform:
When a platform delivers real value, you don’t have to give it away.
Management shared that Falcon Flex has brought in more than $500 million in deal value and helped with consolidation on the Falcon platform.
In addition, IDC’s analysis found that Falcon Flex has already brought in more than $3 billion in cost savings compared to what would have been spent on other products.
Apart from the cost savings, consolidating on the CrowdStrike platform also brings depth in the security as other competitors have been experiencing breaches.
After a major Microsoft (MSFT) breach, CrowdStrike found that many of the companies that are burdened by the Microsoft E5 licensing required a better security coverage.
With that, CrowdStrike launched Falcon for Defender, which is meant for current users of Microsoft Defender to use Falcon to improve their security by incorporating CrowdStrike’s industry leading OverWatch threat hunting services and mission-critical reporting.
This is a rather interesting development, and it showcases how strong CrowdStrike’s value proposition can be to help reduce the risk of solely using Microsoft products so as to stop breaches.
There was a Fortune 100 healthcare company that was using Microsoft that experienced a breach, resulting in this customer signing a seven-figure deal with CrowdStrike, adopting not just Falcon Complete, Identity, Falcon cloud security, next-generation SIEM and Charlotte AI.
By onboarding CrowdStrike, this company was able to stop the adversary and consolidate its multiple products, it also led to a 75% reduction in agent footprint (since CrowdStrike only has a single agent) and 700% improvement in mean time to detect and respond to threats from more than four hours to just minutes.
Another large Middle Eastern power and utilities provider moved to the Falcon platform after many incidents from its regional point product endpoint vendor, resulting in a seven-figure deal.
The simple value proposition here is that every one of these incidents would have been prevented if CrowdStrike was used instead. This resulted in the company standardizing the Falcon platform, across endpoint, identity, cloud, and next-gen SIEM. This resulted in a consolidation from five security vendors down to just one.
Fast-growing emerging businesses
CrowdStrike’s fast-growing cloud security, identity protection and next-generation SIEM businesses continued to do well in the first quarter.
Cloud security is one area in which CrowdStrike is winning in.
With growing adoption and utilization of the cloud, and especially so in the recent few quarters as a result of demand for AI, demand for cloud security has likewise grown.
CrowdStrike will likely be a leader in cloud security as this market grows rapidly in the next few years.
In fact, in the first quarter, CrowdStrike announced that it entered a strategic collaboration with Nvidia for the company to deliver its AI computing services on CrowdStrike’s Falcon platform.
In fact, Nvidia’s CEO validated CrowdStrike’s capabilities, stating that “pairing Nvidia accelerated computing and generative AI with CrowdStrike cybersecurity can give enterprises unprecedented visibility into threats to help them better protect their businesses”.
Apart from the validation from Nvidia, there are multiple other concrete evidence showing that CrowdStrike’s cloud security stands out from the competition.
Firstly, out of the largest companies in the Fortune 100, CrowdStrike’s Falcon has been chosen by 62 of them to be their preferred cloud security provider.
Secondly, hyperscalers are probably one of the most important customers when it comes to cloud security, and in the quarter, Amazon’s (AMZN) AWS grew its adoption of the Falcon platform and standardized on the Falcon cloud security, resulting in a huge eight-figure deal for CrowdStrike. In signing this deal, CrowdStrike replaced and consolidated multiple point cloud products.
Lastly, the competitive cloud security offering that Falcon cloud security brings is the main reason why the offering has grown so rapidly in the last few quarters and surpassed many other cloud security vendors along the way. CrowdStrike is differentiated because it is the only cloud security offering in the market that covers extensively, not just the code or application, but also the infrastructure. CrowdStrike’s acquisition of Flow also brought into the platform the only runtime data security posture management that secures both data at rest and in motion in the industry.
Another area in which CrowdStrike is winning in is its next-generation SIEM business.
Customers have commented that CrowdStrike’s next-generation SIEM is its biggest industry changing innovation.
The differentiator for CrowdStrike in the market is that more than 80% of the data going into SIEMs today comes from CrowdStrike
Unlike competitors that tend to be closed and complicated to the data that is ingested, CrowdStrike’s next-generation SIEM welcomes data from all sources. In fact, CrowdStrike makes it easy to ingest data from third part sources and all the data resides in the platform, thereby not requiring any transportation cost, storage cost or configuration.
One significant customer win in the first quarter was a displacement of Splunk in a global 2000 manufacturing conglomerate, representing an eight-figure deal. This migration resulted in cost savings, and faster alert response times for the customer.
There was less of a focus on the identity protection in the first quarter, but I think CrowdStrike’s identity protection module, which is the only single agent solution in the market, continues to differentiate itself from the competition and win deals at a high rate.
One significant deal in the quarter was a seven-figure deal with a large healthcare provider, which includes deployment to more than 100k devices. This customer was previously stuck with a contract with Broadcom (AVGO), but after migrating to CrowdStrike’s identity protection module, the customer saw 85% better meantime to respond to identity-based attacks.
New budding growth drivers
While cloud security, identity and next-generation SIEM remains hyper growth businesses, CrowdStrike is not stopping there and continues to innovate and look to disrupt new markets and bring about even more consolidation.
The first area where CrowdStrike is focusing on is data protection. While CrowdStrike has only made Falcon data protection generally available only for a little more than a quarter, it has already sold the data protection to several hundred customers, of which many of them are Fortune 1000 companies.
With data becoming important for companies moving into AI, CrowdStrike’s move into the space will bring another multibillion market opportunity to the company.
The second area is Falcon for IT, where customers are looking to deploy Falcon to help them with enterprise search, patching, deployment, device health, among others. After launching Falcon for IT a little more than a quarter ago, the company has already accumulated a pipeline that is in the eight figures.
Lastly, Charlotte AI is expected to make cybersecurity more conversational and bring productivity gains. While it remains early days, the company has seen close rates of close to 90% for Charlotte AI.
It remains very early days for these new solutions, but I am sure that these will gradually become more meaningful drivers of growth in the longer term and help CrowdStrike to differentiate itself as a platform consolidator.
Valuation
I have revised my CrowdStrike forecasts marginally for the upward revisions for the fiscal year 2025 financials.
The financials assume a 24% revenue CAGR and 35% EPS CAGR over the next five years.
Summary of my 5-year financial forecasts for CrowdStrike (Author generated)
My intrinsic value for CrowdStrike goes up to $356, assuming 55x 2028 P/E multiple and 10% discount rate for the discounted cash flow model.
I would enter CrowdStrike at $285 or better, based on a 20% discount to its intrinsic value, but at the same time, given the high-quality growth and profitability, CrowdStrike will rarely ever trade at a discount to its intrinsic value, and so if you are thinking of entering into CrowdStrike, entering at intrinsic value is good as well.
The 1-year and 3-year price targets both go up to $394 and $526, which implies 75x 2025 and 65x 2027 P/E respectively.
Conclusion
CrowdStrike executed well this quarter when the overall industry showed softness.
It does seem that the company is benefiting from the platform consolidation as a result of a strong value proposition from not just a cost savings perspective, but also from the depth of the security offerings, which offer better performance outcomes.
There are clearly no lack of growth drivers for the company in the near-term, from multiple different markets and all at differing growth trajectories and maturities.
All in all, CrowdStrike remains one of the highest conviction ideas in the portfolio in my view.
Read the full article here
