With better-than-expected fiscal third-quarter results, CrowdStrike Holdings (NASDAQ:CRWD) confirmed the strength of its business model. Thanks to its subscription-based cloud offering, the cybersecurity vendor almost doubled its revenue compared to last year, and operating leverage materialized. However, this stellar performance comes with a lofty valuation that may not be sustainable.

Strong growth ahead

CrowdStrike's solutions address the drawbacks of legacy on-premises endpoint security products in terms of rigidity. From a single light agent installed on their endpoints, customers unlock different modules depending on their security needs. Given its flexible and easy-to-deploy security platform, CrowdStrike is poised to keep on increasing its revenue in a cloud security market that is forecasted to grow annually by 25.5% over the next several years, according to a study.

As a result, the company's third-quarter revenue reached $125.1 million, up 88% year over year. Also, management raised again its fiscal full-year guidance, with expected revenue now in the range of $465.2 million to $468 million compared to the previous range of $445.4 million to $451.8 million.

With this business model, the company benefits from attractive operating leverage. The increasing deployment of CrowdStrike's solution involves higher costs to host its cloud-based platform. But with scale, these costs should represent a decreasing percentage of revenue.

As an illustration, the company's gross margin increased from 66% a year ago to 70% during the last quarter. And some other costs such as research and development are amortized over a higher revenue base. CrowdStrike is still generating losses under generally accepted accounting principles (GAAP), but its margins are improving along with its revenue growth. During the last quarter, its costs of revenue and operating costs increased by only 68% and 47%, respectively, compared to its higher revenue growth of 88%. 

A man uses his finger to "unlock" a digital padlock that's connected to other digital icons representing shared cloud resources.

Image source: Getty Images.

Lofty valuation 

Despite these impressive results in a growing cloud cybersecurity market, investors should still keep a close eye on the company's valuation.

CrowdStrike's enterprise value-to-sales ratio above 24 indicates that the market expects a stellar performance over the next several years. You can also judge the company's high valuation by considering its market capitalization of $10.8 billion in the context of expected losses and revenue below $470 million during its fiscal year 2020, ending in Jan. 2020.

Even if CrowdStrike delivered exceptional performance so far, its revenue growth is decelerating because of its increasing revenue base. After several quarters of triple-digit revenue growth, the company's fiscal second-quarter growth decreased to 94%, and management forecasts 70.5% of revenue growth during the next quarter, based on the midpoint of guidance.

Also, CrowdStrike's advantage as a native cloud-based endpoint protection business may wane. For instance, legacy antivirus vendor Symantec now proposes its "Endpoint Protection Cloud" offering. Many other cybersecurity competitors, such as Cisco Systems and Palo Alto Networks, have developed similar solutions.

In addition, CrowdStrike still spent 55% of its revenue as sales and marketing expenses during the last quarter to fuel its growth. This expense decreased from 70% a year ago, but it's still high, and reducing these expenses may have a negative impact on the company's revenue growth.

Not for prudent investors

Given the company's solid execution in its strong, multiyear, double-digit growth market, CrowdStrike will most likely keep generating solid revenue growth over the next several years. But investors should also pay attention to the company's lofty valuation. In the medium term, a weak quarter could have a negative effect on the stock price, and in the longer term, the company will still have to deliver stellar results and become profitable in the context of intensifying competition to justify its current valuation.

Thus, since the valuation doesn't seem to price any risk, prudent investors should avoid this high-growth cybersecurity stock.