CRWD 11.25.25

I cover software and chemicals. I was looking at this Japanese cybersecurity company called Trend Micro. They sell endpoint cybersecurity software similar to CrowdStrike. In that process, I got familiar with the landscape, particularly endpoint security, as well as the overall cybersecurity space. Then I got to know CrowdStrike quite well from that research.

My overarching view is that, compared to other security types that I look at, cybersecurity is of lower quality. It draws a lot of investors in because the market grows quickly, but these businesses are just not as sticky. For a few other reasons we can get into, they're just not as high quality. The space is seeing increasing competition. It's going from best-of-breed to best platform, and that hurts CrowdStrike as well. If you look at the endpoint space, there are many case studies of endpoint companies falling out of favor.

If you look at the valuation, it's super high on current metrics. Even if we go out to 2029, it trades at 12x revenue. So, it’s still a super high multiple pricing imperfection. There are many flaws in cybersecurity compared to other software types, particularly in a competitive environment.

If you look at a bunch of case studies from other endpoint software companies, such as Trellix, Sophos, Symantec, and Trend Micro, they were all cases before cloud-native. Just as CrowdStrike was coming online as the cloud-native company using technology like telemetry, these guys couldn't make that shift quickly. That speaks to the fact that, in cybersecurity, the threat environment is constantly evolving, so you have to innovate.

That’s not the case in other types of enterprise software. Think about ERP software. It's very much so that the incumbent has the advantage. Once you get in there and you're used to it, you're super sticky. We can see cases where they actually fall behind on tech, but because of their incumbent advantage, they're able to stick around. That would be like Oracle. Its mainframe software is so sticky, you just couldn’t lift it out.

Exactly. That constant threat and need to innovate put a lot of pressure on these guys. That's one problem. The second problem is that these businesses are just not as sticky. It's deceiving when we see CrowdStrike report 97-98% gross retention. That's right in line with Workday's best-in-class, but the gross retention number is just a guide to stickiness. We need to understand how it interconnects.

It's not that hard to switch providers, especially now that they're cloud-native. You just flip this on. You can compare that to an ERP transition, which can take 5 to 7 years, cost hundreds of millions of dollars, be the C-suite's biggest headache, and really take a company down. The combination of a rapidly changing environment and a lack of stickiness is really dangerous, making it not very high-quality.

I was less about CrowdStrike not being innovative and more about how you'd prefer to be in a space if you're the incumbent and the winner, where you don't really need to innovate and can't be switched out. But to your question, I agree that they're viewed as quite innovative. Even the CEO will tell you that their lead has narrowed a lot. I don't have the specific quote in front of me, but he's like, "Yes, our lead is way shorter than it once was when we were going against legacy software companies."

As I look forward to the rise of new competitors that are super large, well-capitalized, spend a lot on R&D, and have strong brands, that edge will continue to erode. You have Palo Alto and Microsoft in there. If you add up the entire space, they're spending 10% of total R&D on cybersecurity among players with endpoint offerings.

What's interesting is that if we look at other cases of endpoint companies, they have gross retention of around 85%. It speaks to the fact that CrowdStrike can report really high gross retention numbers today, but that doesn't mean that the product is so sticky that it couldn't unravel if they fall out of favor. Part of the reason why it's so high is that they wrap it with this managed services offering. You're not just getting a software product, but an outsourced IT team as well. That's why both SentinelOne and CrowdStrike have high gross retention. But we have multiple case studies of endpoint companies that, once they fall out of favor, get down to the mid-80s. That's when you care about gross retention for downside protection when your position is falling. They don't get that Oracle advantage of, "They're sticky, they fall out of favor, but they're going to stay in and buy some time to get the product up."

It's hard to time. The way I think about software overall is that we pay reasonably high multiples, but they're very good businesses. They get a lot of credit for being good because they grow quickly, and they have high margins. Sure, that's appreciated, but as a value investor, I can still buy them because of that downside protection.

Like Workday, if growth slows, they can get taken out by PE and be run for cash. Their fair value in that downside scenario might be a 7x revenue multiple. But that model only works if you're super sticky, and Crowd is misleadingly sticky. It looks sticky, but it's not.

That’s a good point. They're definitely not going to nickel-and-dime on cyber, because that could blow up the company. I agree the C-suite really cares. They're going to spend extra money. I just would rather buy something where they don't have to be cutting-edge on technology in a very competitive space, but rather where their existing position gives them such an advantage that they could fall so far behind and yet still not be switched out.

I’d say both. I look at it against other enterprise software companies, just thinking of what you’re paying and what you’re getting. I also like Workday, so I compare it against Workday.

It hasn't been something that I've looked at a lot. I'd like to hear your thoughts on it. I’d rather bet on a continuation than something new happening in the future. That's just my preference.

I was just looking at it. What's crazy is even if it did 20% growth through calendar year 2029, it would still be 12x sales, which is still okay. Let's say revenue has to at least double, and then it would come down to 6x sales. If it doubles in 5 years, that's 15%.

So roughly, let's say it grows at 20% through calendar year 2029, then 15% for the 5 years after that, and finally, you get this thing at 6x revenue. We'll give them credit, and they can run at a 35% margin. It's crazy to bet on 10 years of 20% growth, then 17% revenue CAGR for the next decade.

Right. The base rate is best.

Yeah, it sounds interesting. My most important focus isn’t losing money, so I'm less concerned about an incremental tailwind than I’d be about being more sure that there was no way I could have a permanent loss of capital. I’d rather have Workday and be super confident that the business won't unravel due to a technology change.

This is a good example. Workday also has an opportunity to do some agents, and it could add to top-line growth. But if you think about ERP software, as we talk to different management teams, many would say the general ledger, messing with the books, is the last area they’d look to deploy agents. I actually view that as a bigger positive because it means there's a lower chance their opportunity could erode. Whereas someone else could say, "Oh, they can't use agents as much; therefore, they don't have as much of a growth tailwind, and therefore, it's not exciting." I’d actually prefer less change if we're investing in the incumbent. That parallel goes to CrowdStrike as well. Sure, it could add to top-line growth, but the counterpoint is that it makes the future very uncertain, and we have to know what the future will do because of the valuation.

Right. Even if this were the same price as Workday, it would be growing faster, so the multiple would come down. But let's put it like this. If CrowdStrike grows at 20% for 5 years, Workday at 10%, and then, at that point, let's assume we had the opportunity to buy them both at the same multiple based on 5-year revenue. Let's even say they run at the same margin for simplicity. I’d prefer Workday at that price than CrowdStrike, because the cybersecurity business, for those reasons I laid out, is way lower quality. All that to say, even if we could get this at a much lower price, a lot of cybersecurity, particularly endpoint, is of much lower quality than other software.

Exactly.

We did some calls. It was mixed. As we moved to cloud-native, it became easier to switch providers. At one point, what made endpoint software an attractive market for 15 years was that there were three incumbents: Symantec, Trend Micro, and McAfee.

What made it such a stable market was that, if you had a corporation with 3,000 employees in the building, at one point, the IT guy needed to go around installing software on every single laptop. It was a pain, and that was with updates and switching, too. And then, one of the significant benefits of CrowdStrike was its virtual deployment. While it allowed them to gain share, they did so in a market that was now less attractive because they were competing against someone who could be installed virtually.

My understanding was that telemetry was CrowdStrike using data from all of their customers. As the customer base increased, new customers would benefit from all the existing data. It could create a compounding advantage, but not if you switch, as you would lose that data advantage.

I understand why a larger provider might benefit, since they have access to more data and their models are improving. They have access to more threat data. Is that your point about the telemetry advantage?

Right, I agree. It definitely strengthens the platform. That's why at one point, CrowdStrike had an insane lead. That was right when they came out, because they were competing against people who weren't using telemetry, so CrowdStrike was the best. IT guys still view it as better, but unfortunately, now everyone else is using telemetry too, so it's less of an edge.