CrowdStrike (CRWD -0.55%) has been off to the races this year. Rebounding from its post-IPO reality check over the autumn of 2019, shares are up over 120% -- driven by a near-doubling of revenue in that span of time. Homing in on $800 million in annual sales, the cloud-based endpoint security "upstart" seems to be growing beyond that categorization.
For longtime cybersecurity industry investors, a promising new security software vendor growing at triple-digit percentage rates rings familiar -- but happy endings aren't a given. A couple of items may ultimately write CrowdStrike's story differently, though.
Endpoints are all the rage right now
Thanks to the rapid expansion of cloud computing, endpoint security -- the protection of devices like laptops, smartphones, and other connected devices located outside a traditional office -- has been a high-growth segment of cybersecurity in recent years. However, citing a study by researcher IDC, CrowdStrike said its revenue grew at an annual rate of 99% in 2018 and 2019, and its market share of the endpoint security industry nearly doubled too. Its top three rivals in the space lost market share.
CrowdStrike can attribute its success at others' expense to a number of reasons. Its service was born in the cloud, which makes it particularly adept at handling a workforce that is increasingly moving away from the office. It has a flexible subscription-based model that allows its customers to easily deploy and expand coverage as needed. And its AI-based security learns and adapts, improving its efficacy at stopping breaches as the number of customers utilizing the platform grows. It also helps that the endpoint security specialist is flush with cash after its IPO last year, with cash and equivalents totaling about $1 billion and zero debt at the end of April 2020.
Due to COVID-19 and the ensuing lockdowns to halt its spread, the global workforce is becoming even more dispersed -- and as a result more vulnerable, as many are using personal devices from a personal internet service at home while remotely accessing company data. As a result, CrowdStrike issued a full-fiscal year 2021 (the year ending Jan. 31, 2021) revenue outlook of $767 million at the midpoint of its guidance, good for a 58% increase over last year.
A familiar story with a different outcome?
According to data compiled by research tool Noonum, CrowdStrike is mopping up market share from the likes of BlackBerry (via its acquisition of Cylance), VMware (via its acquisition of Carbon Black), and Broadcom (from its takeover of Symantec's enterprise security segment). It faces a big challenger in the form of Palo Alto Networks, as that company has purchased its way into the cloud-based endpoint security industry as well.
But as CrowdStrike itself has demonstrated, the real risk in the cybersecurity software market is an ever-evolving cyber criminal. And as security needs quickly pivot, incumbent leaders in the space can quickly lose ground to newer and more agile peers. FireEye (MNDT) always comes to mind. After a very promising start as a publicly traded stock (it grew revenue 163% in 2014), the company's trajectory quickly lost steam. The advent of the cloud has favored upstarts since then, keeping FireEye's stock stuck in neutral for years. A similar story has been told for other legacy security firms.
Since it's trading for over 37 times trailing 12-month revenue and over 23 times expected one-year forward revenue, investors are betting CrowdStrike's journey will be different -- even though it is showing early signs of slowing but nonetheless still enviable rates of growth. To justify the steep premium, CrowdStrike will likely need to expand its reach beyond its endpoint bread-and-butter over time. But as a cloud-native outfit with plenty of liquidity, the company is well-positioned to do so if and when it chooses.
One legacy security firm success story is telling. Fortinet (FTNT -0.31%), which got its start selling firewalls (traditionally, a device used to protect a network operating within a defined piece of real estate), has been an enduring growth story for two decades, and its stock has consistently moved higher since it went public in 2009. The key? It has remained debt-free, maintained positive free cash flow (revenue less cash operating and capital expenses), and used its profitable operations to get an early jump on developing services for emerging needs. CrowdStrike has all the makings for a similar journey: No debt, ample cash, and it just turned the corner on positive free cash generation ($116 million over the last 12 months).
As a CrowdStrike shareholder and follower of the company since its public debut last year, I remain optimistic about its long-term prospects if it can leverage its early success in cloud-based endpoint security into new realms of the industry. It's not a given that a notoriously fast-moving and competitive cybersecurity landscape will spell disaster for this firm.
However, given the high price tag, there's the possibility for another big pullback in share price if sales growth loses some steam, so I advise to keep initial purchases very small (the company is about 1% of my portfolio value). Put simply, give yourself plenty of room to purchase more of what is sure to be a volatile stock price -- given the long-term positive outlook remains unchanged.