Key Morningstar Metrics for CrowdStrike
- Fair Value Estimate: $300
- Morningstar Rating: 2 stars
- Morningstar Economic Moat Rating: Wide
- Morningstar Uncertainty Rating: High
What We Thought of CrowdStrike’s Earnings
Why it matters: Despite the near-term headwinds caused by the July 19 IT outage, CrowdStrike’s CRWD growth engine continues to hum along. While we model some incident-inspired weakness in the firm’s upselling motion in the near term, we remain optimistic about the firm’s long-term growth opportunity.
- CrowdStrike’s annual recurring revenue was $4.018 billion, up 27% year over year. While management called out some weakness due to the July 19 incident, the robust ARR growth adds credence to our view that the outage’s impact would be incremental, not transformational.
- To retain customers after July 19, CrowdStrike has leveraged its Flex program, which offers customers better pricing if they purchase multiple modules. We like this strategy because it allows the firm to entrench itself into its customers' infrastructure, increasing its switching costs.
The bottom line: After we model in CrowdStrike’s strong quarter and updated guidance, which were in line with our expectations, we maintain our $300 fair value estimate for the narrow-moat firm and currently view shares as marginally overvalued.
- While the firm’s profitability was affected by increased costs stemming from the July 19 incident, we project margins to recover in the coming quarters. In the longer term, we believe the firm has room to expand, with substantial operating leverage built into its software business model.
- Following a strong third quarter, management raised its fiscal 2025 sales outlook to $3.927 billion, up from the $3.896 billion guided to last quarter, both at the midpoint of guidance. We expect the firm to beat this target, and are modeling fiscal 2025 sales at $3.939 billion.
How Falcon Flex Fits in to CrowdStrike’s Strategy
We continue to like CrowdStrike’s move to diversify its topline beyond endpoint security. We estimate that ARR from the firm’s security operations, cloud, and identity security offerings now constitutes around 30% of its overall ARR, up from 25% at the end of fiscal 2024.
With the endpoint security market maturing, we believe CrowdStrike’s investments in these three growth areas will serve it well as it seeks to grow its top line and share of the overall security market. At the same time, however, we expect the firm’s upsell motion, particularly as it relates to these newer solutions, to remain suppressed as it deals with the fallout of the July 19 incident.
Much like last quarter, management provided a balanced commentary on the impacts associated with the July 19 incident. While sales cycles increased 15% year over year with enterprise accounts, likely due to increased scrutiny at the board level, management assuaged investor concerns about a material uptick in churn following the July 19 outage. Management’s commentary aligns with our own conversations with operators and management teams at other cybersecurity firms.
Regarding customer churn, CrowdStrike’s gross retention rate declined less than half a percentage point sequentially, coming in above 97% in the third quarter. Again, such a minor uptick in churn, especially considering the scale of the July 19 outage, is evidence of Falcon’s stickiness. As we look ahead, we believe the Falcon Flex program, which incentivizes multimodule purchases, will increase customer switching costs, enabling CrowdStrike to maintain its best-in-class gross retention metrics.
We believe using Falcon Flex to alleviate customer concerns about CrowdStrike is a smart business decision. Not only does it placate angry customers, but the program also enables CrowdStrike to deepen its penetration within an average customer’s security infrastructure. The firm closed more than 150 Falcon Flex transactions in the third quarter, representing more than $600 million in total deal value. According to the firm, the average customer using Falcon Flex uses more than nine CrowdStrike modules, which we estimate to be materially higher than non-Flex customers.
Similar to Palo Alto’s platformization drive, which the wide-moat firm announced in February 2024, we believe increased use of Falcon Flex can help CrowdStrike consolidate more security spending on its platform, at the expense of smaller-point solution-focused security vendors that it displaces.
Aided by Falcon Flex and a general trend toward vendor consolidation in the security space, we saw an uptick in multimodule customers of CrowdStrike’s Falcon platform. The firm’s customers that use more than five, six, and seven modules constituted 66%, 47%, and 31% of its overall customer base in the third quarter, up from 63%, 42%, and 27% a year ago, respectively.
The author or authors do not own shares in any securities mentioned in this article. Find out about Morningstar's editorial policies.
