CrowdStrike: Materially Overvalued Even After Correction (NASDAQ:CRWD)

CrowdStrike (NASDAQ:CRWD) is a global cybersecurity leader: it provides “cloud-delivered protection of endpoints, cloud workloads, identity and data”.

Revenue growth has been stunning over the past five years:

Investors have been richly rewarded in terms of share price growth, at least until about a year ago:

Since 11/1/2021, CrowdStrike shares are down by about 33%, versus the NASDAQ composite, which is down by 20%.

Eager cybersecurity investors are asking: after this retrenchment, could CrowdStrike shares finally represent good value?

Here are my reasons for believing that these shares are still very far from good value at current levels.

1. CrowdStrike’s Main Competitor Was Acquired At A Much Lower Revenue Multiple

CrowdStrike has not yet succeeded in generating material profits on a GAAP basis. The company has made an operating loss every year, and also made an operating loss in Q1 this year (the financial year ending in January 2023):

Because the company does not yet generate profits, investors need to use cash flow and/or revenues to guide their understanding of the company’s valuation.

At the Q1 results, the company guided that total revenue for the current financial year will be in the range of $2.19 billion – $2.205 billion.

Annualized recurring revenue (ARR) as of the Q1 results was $1.92 billion, so the company is close to meeting guidance with the ARR it has already achieved.

It’s clear that the company is currently generating almost $2 billion on an annualised basis, and expects to generate c. $2.2 billion in total revenues for FY January 2023.

The CrowdStrike enterprise value is currently around $44 billion, which means that the enterprise value to sales multiple is a staggering 20x.

We don’t need to study this number in isolation, because CrowdStrike’s main competitor was acquired in October 2019. The competitor in question is Carbon Black, and it was acquired by VMWare (VMW).

VMWare is a large cloud computing service provider, that is itself in the process of being acquired by Broadcom (AVGO).

As a large ($13 billion turnover) cloud computing specialist, VMWare provides a wide range of cloud-related services. This gives it both a strong understanding of cloud-based security, and the ability to generate synergies from ownership of a cloud-based security platform.

Therefore, the acquisition of Carbon Black by VMWare demonstrated the revenue multiple that an informed corporate buyer with the ability to generate valuable synergies was willing to pay.

VMWare’s Senior Vice President Tom Corn described the deal as a “very thoughtful exercise that happened over several years together”, not something that happened because either the buyer or the seller was desperate to make it happen.

So, what was the deal valuation?

In Q1 2019, Carbon Black reported 24% growth in ARR to $226m. Within that figure, its “cloud-based subscription contracts” were growing at a rate of 71% per annum.

Total revenue was $58.6m, which annualises to $234m. This was a few months before the acquisition by VMWare was announced, and six months before the acquisition completed.

VMWare paid $26 per share, implying an enterprise value of $2.1 billion. This gives an enterprise value to sales multiple of only around 9x, an enormous discount to the multiple CrowdStrike is trading at.

If Carbon Black was worth 9x sales to a buyer who had plans to create synergies from the purchase (by combining it with a much larger product portfolio), it suggests to me that we need to treat CrowdStrike’s 20x standalone valuation with a great deal of caution.

2. Plenty Of Competition And I Can Find Few Barriers To Entry

Carbon Black and CrowdStrike are both seen as market leaders, although CrowdStrike does generate slightly higher ratings from customers (see the Gartner graphic below).

This YouTube comparison helpfully demonstrates the user interface of each product, as of mid-2020. Each product offers a user-friendly interface, although I slightly prefer the simple menu layout of Carbon Black (this is just a matter of taste).

In addition to Carbon Black, there is also competition from SentinelOne (S) which floated last year, and from many smaller competitors.

This is how the three major platforms (Carbon Black, CrowdStrike’s Falcon, and SentinelOne’s Singularity) stack up on gartner.com:

As you can see, Carbon Black comes away with a slightly lower rating. 87% of reviewers would be willing to recommend Carbon Black, versus 97% and 96% for CrowdStrike’s Falcon and for SentinelOne, respectively.

But Carbon Black has been described by some users as cheaper than CrowdStrike, so that might help to mitigate the slightly lower reviews for corporate decision-makers.

Also note that SentinelOne have given detailed arguments for their superiority to CrowdStrike. They claim to be faster, to outperform CrowdStrike on 3rd-party tests, and to be cheaper because their alerts do not require interpretation by professionals.

CrowdStrike, in contrast, emphasises its “Falcon Complete” product, which involves professional oversight and management of security threats, and is a combination of both software and human resources. Falcon Complete, in other words, is a form of managed IT services, rather than a pure software product.

While every customer will have their own view on which product and which company is superior in the cybersecurity space, I don’t think it’s easy to prove that any one of them has a clear-cut advantage over all of the others.

And from a big-picture view, I don’t see any network effects in this market. If Customer A is using CrowdStrike, does it care whether or not Company B is using it?

I also find few barriers to entry. CrowdStrike has achieved rapid revenue growth over the past six years, but so has SentinelOne over the past three years (with a competing product).

What is to stop new entrants joining the market, with new competing products, in the years ahead?

Summary

CrowdStrike’s shares look to be egregiously overvalued. The company operates in a competitive market and faces strong competition from rival cybersecurity platforms. The company’s failure to show any GAAP profits to date helps to demonstrate the competitive nature of the sector.

The takeover multiple for Carbon Black must be considered, given the similarities between the two cybersecurity platforms.

According to consensus market forecasts, CrowdStrike’s revenue growth is forecast to reduce to 36% in FY January 2024, and then to 31% in FY January 2025.

If CrowdStrike can somehow generate miraculous growth that is materially higher than these forecasts, then I believe it could justify its current valuation. But that would be truly miraculous: the safer bet is to avoid these shares until valuation reflects reality.