CrowdStrike's Service Outage: A Buying Opportunity or a Warning Sign?

CrowdStrike: Time To Buy (The Competition) (NASDAQ:CRWD)

CrowdStrike (NASDAQ:CRWD) was responsible for a major IT outage on Friday, and the stock plummeted over 10%. While the stock may find support at these levels, the damage to its reputation and possible legal costs ahead pose significant headwinds. Meanwhile, this will be a big benefit to CRWD's competitors. I think Palo Alto (PANW) stands out as a good investment at this time. Palo Alto has a larger TAM and will soon reap the benefits from its transition to platform revenues. In my opinion, expectations right now are potentially overestimating CRWD's revenues and earnings and underestimating those of Palo Alto. CrowdStrike Outage And Consequences Computer systems around the world shut down on Friday after a faulty update affected the company's Falcon Sensor product, which is used by numerous Fortune 500 companies around the world. While this may seem like a run-of-the-mill problem that can sometimes happen, we can't underestimate the severity of the issue. Due to CrowdStrike's large market presence, this has been labelled as the largest IT outage in history. The outage didn't just affect Microsoft computers, which saw the "blue screen of death" take over their devices, but it also shut down TV broadcasts and grounded planes. Following the event, CRWD shares fell over 10%. Why exactly? What is going through the minds of investors? CrowdStrike is a cybersecurity company that is precisely supposed to prevent security breaches so that its clients' systems can continue to function. While CrowdStrike's security was not actually compromised, its mistake did cause systems around the world to shut down, which arguably leads to the same outcome. The damage to the company's reputation is something clear at this point, and the loss of trust has already taken its toll. Notably, Elon Musk said that CrowdStrike had been "deleted from all our systems." But on top of this, investors may also be worried about incoming lawsuits that will affect the company's bottom line. There is a risk of large potential liability claims from customers that were affected by the outages. "While this incident calls into question CrowdStrike's software engineering practices, it also underscores growing vulnerabilities in global cloud infrastructure from increasing points of failure. Source: Raj Joshi, a senior VP at Moody's Ratings However, as CrowdStrike's stock plummeted by over 10%, other cybersecurity stocks rallied. There's an obvious winner here, and I think investors should be looking to add some Palo Alto Networks But first, let's talk about cybersecurity. This is a sector I have covered extensively over the last few months. In fact, I wrote about Palo Alto and CrowdStrike in my Investing group. According to IBM, average data breaches cost organizations $4.45 million in 2024, marking a 15.3% increase over the last three years. According to CrowdStrike's estimates, with AI coming into the fold, they believe the TAM for cyber to reach $225 billion by 2028. It's quite clear that cybersecurity is going to become a huge market as more and more data moves into the cloud and we rely more heavily on AI applications. What may not be so clear after last week's events, is who will benefit the most. In this section, we will analyze how PANW compares to CRWD. We will look first at their product offerings, then their growth and profitability, and finally, their respective valuations. While both companies are in the cybersecurity space, there are some substantial differences in what they offer. Palo Alto made its name through firewall technology. Palo Alto has always been a pioneer in this segment, incorporating malware detection and other services into their product line. Through the years, the company has also expanded into cloud security and endpoint defence. Essentially, its offerings can be broken down into three platforms. While Palo Alto takes a more holistic approach to security, CrowdStrike is more of a pure-play SaaS, focusing on endpoint security. In other words, it offers a security programme that can be easily deployed into multiple devices. CrowdStrike is definitely the leader in end-point security, while Palo Alto has a strong position there, but is a market leader in firewall security. To this extent, while PANW has more robust forms of revenue, CRWD has definitely focused on a segment which is growing much more rapidly, which is reflected in the company's growth. Data source: Seeking Alpha While both stocks keep growing at a fast pace, there's no denying that CRWD has the better growth numbers, though PANW boasts better profitability. Crowdstrike has grown over 48% in the last three years, dwarfing PANW's 25%. Growth moving forward is also expected to be higher from CRWD at 31.15%. While both companies have almost identical Gross Profit margins, PANW does much better in EBITDA. Now, taking into account the growth and profitability, let's look at the discrepancies in valuation: Data source: Seeking Alpha Both of these companies are very richly valued, given the fact that they are market leaders in a fast-growing industry. CrowdStrike is without a doubt the more expensive of the two, with a PE of 88 and a Price/Cash flow of almost 60. However, this might be justified if we look at the PEG Non-GAAP (FWD), which is actually lower than Palo Alto's. Clearly, CRWD commands a premium valuation due to the higher expectations baked in. Interestingly, when I first reviewed PANW after its post-earnings sell-off both had PEGs of around 2. Overall, it does seem like PANW offers a more reasonable valuation, even if the PEG is higher. This metric relies on forward estimates, which are now always correct. CrowdStrike is a market leader in end-point security. For this, it commands a rich valuation, and the company has managed to grow at a pretty fast pace. The global endpoint security market size was valued at USD 13.60 billion in 2023. The market is projected to grow from USD 14.86 billion in 2024 to USD 30.29 billion by 2032, exhibiting a CAGR of 9.3% during the forecast period. Source: Fortunebusinessinsights Endpoint security is still a growing market, but it is also a crowded one. According to the company's own data, it now controls just over 17% of the total market, just ahead of Microsoft (MSFT) which has a 16.4% market share. My concern here, given the competitive pressure and overall market growth rate in this segment, is that the revenue estimate may be too optimistic. The stock is still expected to maintain over 20% CAGR, which is quite optimistic. Expectations around CRWD are high, and if the company misses, its valuation will suffer even after this sell-off. From a technical perspective, this could be an inflection point, but it's still a falling knife. We have broken below the 200 EMA, and are now approaching the 50% retracement of a wave 3 at $258. At this point, there are no clear signals of reversal, even though the RSI is way oversold. I'd recommend waiting for the dust to settle here before jumping in. Meanwhile, Palo Alto seems like a much better buy here. The company now stands a chance to take market share from CRWD. Plus, it has a lot more markets to tackle. Currently available commercial solutions do not fully meet customer demands in terms of automation, pricing, services, and other capabilities -- which this article will explore in further detail. As a result, the gap today between the $150 billion vended market and a fully addressable market is huge. At approximately 10 percent penetration of security solutions today, the total opportunity amounts to a staggering $1.5 trillion to $2.0 trillion addressable market Now, PANW did see its stock fall after its latest earnings due to a slowdown in government revenues. This will affect the next two quarters, but will eventually normalize in my opinion. The White House said has already said that its cybersecurity budget for 2024 would be close to $12.7 billion, a 13.6% increase. Meanwhile, PANW is also undergoing a transformation towards subscriptions: Short-term pain, which will eventually lead to long-term gain. In this regard, I see PANW as the opposite of CRWD, with a higher likelihood that future revenues and earnings will surpass expectations. On the technical side, PANW definitely has the right momentum going. After selling off post-earnings, it formed a convincing double bottom with a bullish RSI divergence. Since then, the stock has rallied back above its key EMAs, with the 20 crossing over the 50. The price has now found support at the 50 EMA. Buying PANW here definitely offers a decent entry point with not as much risk. And it is also worth noting that Nancy Pelosi herself, undoubtedly one of the best investors out there, bought shares in PANW back in February. While I liked both stocks when I first wrote about them, the latest developments with CrowdStrike pose a significant threat to the company. Elon Musk has abandoned ship, and I'm sure a lot of other CEOs may be thinking about doing this too. The cybersecurity market is very competitive. CRWD not only competes with Palo Alto, but also with many other companies and products, most notably those offered by Microsoft. Combined with the fact that CRWD is still very richly valued, I think a company like PANW, which stands to benefit from this, offers a better risk/reward investment. With that said, I am definitely very interested in adding CRWD at the right time and price.

SentinelOne: Likely Best Positioned To Benefit From The CrowdStrike Incident (NYSE:S)

Investors may consider SentinelOne and other competitors as potential investment options in light of CrowdStrike's struggles. The cybersecurity industry will continue to grow quickly and outperform the market in the coming years. Investors looking to buy into the industry today should look at CrowdStrike (CRWD) competitors such as SentinelOne (NYSE:S), in part because their offerings could see increased demand due to fallout from the recent CrowdStrike outage. Author's Note: I wrote an investment thesis for CrowdStrike in 2021, and it's been a great performer since then. If you're not familiar with CrowdStrike and its competitors in endpoint protection, I recommend reading that article first. This article can be considered a revision of that thesis. On Friday morning, CrowdStrike was on the front page of every major newspaper, but not for a good reason. They released a software update that caused a major technology outage, grounding flights and causing hospitals, banks, governments, and other businesses to report various issues. It's worth noting that the outage only impacted Microsoft (MSFT) devices. It's difficult to think of another technology outage of this scale in recent history, even outside of cybersecurity. However, CrowdStrike certainly isn't the first cybersecurity company to disappoint its customers. In my view, this incident has some similarities to an incident reported by fellow cybersecurity company Okta (OKTA) in March of 2022. Back then, Okta announced that approximately 2.5% of its customers had their private data stolen from Okta's database by hackers. This damaged Okta's brand as a trusted cybersecurity company; a result that naturally follows whenever a cybersecurity company gets breached, especially if they don't quickly mitigate the issue and notify their customers. In contrast, CrowdStrike has claimed that Friday's mostly-resolved incident was simply a bug they released by mistake, not a cybersecurity breach. However, the Washington Post reported that some independent cybersecurity experts were unconvinced that it was accidental. Either way, it's inevitable that such a major incident will have a negative impact on CrowdStrike's brand. Even if it was an accident, it makes CrowdStrike's quality control processes and internal controls look unacceptable. After both aforementioned incidents, investors reacted quickly. Okta's stock fell by around 6% the morning after its breach was announced, while CrowdStrike stock dropped by 11% on Friday. The long-term impact on CrowdStrike's stock is unknown, but a history lesson from Okta doesn't bode well. The following chart compares Okta's performance since it was breached to its peers' performance: Source: Seeking Alpha At first glance, Okta's 62% revenue growth since its breach looks respectable. However, Okta was once regarded as a high-growth darling. Its growth prior to the breach was comparable to fast-growing peers like Zscaler, while its growth afterwards has been more comparable to that of mature cybersecurity companies like Palo Alto Networks. This shift in expectations was reflected in the stock price; Okta's stock has fallen by 44% since its breach, due in part to multiple compression. During this same time period, the S&P rose by 21% and many cybersecurity peers did even better. Of course, there were many factors at play during this time period besides the breach. CrowdStrike and most other cybersecurity companies have always scored well on the Rule of 40, and have been profitable in recent quarters. On the other hand, Okta has never been profitable regardless of how fast it's been growing. Additionally, Okta exists in a niche subsector of cybersecurity which may naturally experience different levels of demand than other subsectors. While many factors certainly contributed to Okta's slowing growth and general underperformance, it's reasonable to speculate based on the timing that their breach - and the resulting damage to their brand - was one factor. It's far from a foregone conclusion that CrowdStrike will suffer a similar fate, but it's not out of the question. While the cybersecurity industry has been consolidating, it's still fiercely competitive, and there's no doubt that the sales teams of CrowdStrike's competitors will use this incident to their advantage. CrowdStrike made its name in endpoint protection, a cybersecurity niche focused on protecting individual devices like computers and tablets. According to the analyst firm Gartner, CrowdStrike was best-in-class in 2023: While CrowdStrike may be number one, many companies are classified as leaders, including Microsoft, Trend Micro (OTCPK:TMICY), SentinelOne, and Palo Alto Networks. In this competitive landscape, these competitors could benefit from CrowdStrike's mis-steps. In my view, the recent incident was a black swan event; the chance of CrowdStrike causing another similar incident in the future is quite low. However, that could be a difficult case to make to upset customers whose businesses were severely impacted. It's very possible that some of CrowdStrike's existing customers will switch to competitors out of frustration, and it could also be a lot easier for competitors to win new customers in the near term. Perhaps the most extreme reaction to the CrowdStrike incident would be to short the company's stock. The fallout from this incident could include slowing revenue growth and legal issues, so it's certainly not out of the question that CrowdStrike stock could continue to fall. However, the cybersecurity industry overall has grown rapidly over the years and will likely continue to do so going forward. Even if CrowdStrike begins to underperform peers as a result of this incident, that doesn't mean its stock will go down. Overall, I'd much rather be long cybersecurity than short cybersecurity, regardless of the company (and shorting stocks is very risky in general, regardless of industry). On the other extreme, one could look at the double-digit dip in CrowdStrike's stock after the incident as a buying opportunity. Eventually, this incident will be old news, and from a financial standpoint, it's possible that CrowdStrike will continue to thrive as if nothing happened. While I think this is a reasonably likely outcome, CrowdStrike's stock is priced as if this is a guarantee. Even after the 10% dip on Friday, CrowdStrike is still the most expensive stock in the cybersecurity industry. Source: Seeking Alpha CrowdStrike is currently far pricier than competitors, a valuation which was arguably justified in light of its market leadership and best-in-class combination of growth and profitability. However, I believe that the recent incident adds significant risk to CrowdStrike and warrants a larger re-rating. At this point, it's still possible that CrowdStrike will follow in Okta's footsteps and see its growth slow to be more in line with more mature competitors. Even without factoring in the recent incident, CrowdStrike was at risk of slowing growth due to the law of large numbers. This is because, at over $3 billion in sales over the past year, CrowdStrike is already a large company. It's very rare for a company of this size to grow revenue at 30%+ per year for very long. Once growth slows - whether due to the incident or general maturation - it will be difficult for CrowdStrike stock to outperform from its current valuation. Based on these risks, I consider CrowdStrike a hold at current prices. SentinelOne stands out as the most asymmetric - and perhaps best - investment opportunity in cybersecurity for those who deem CrowdStrike unappealing at this point. This is for three reasons. First, SentinelOne's business is most similar to CrowdStrike's, given its focus on endpoint protection. The other competitors listed in the prior section are large and diversified, meaning that only a small portion of their businesses are positioned to directly benefit from CrowdStrike's struggles. (It should be noted that SentinelOne technically offers extended detection and response, which is similar to endpoint protection but includes additional surfaces such as cloud. Regardless of the terminology, their offerings are similar to CrowdStrike's.) Second, SentinelOne's stock has been trading flat for over a year despite improving financials. Aside from its consistently best-in-class revenue growth (which is admittedly a low bar given that the company has only 1/5th of CrowdStrike's revenue), the company just posted its first quarter with positive free cash flow per share. Its -45% profit margin is still abysmal, but margins have been consistently moving in the right direction. Even in the worst case, if SentinelOne can't scale to be a viable business on its own, it could still be a great acquisition for a larger cybersecurity company. Lastly, recent macro trends are tailwinds for SentinelOne. The company has long been touting the benefits of integrating artificial intelligence with cybersecurity, and recently any company that simply mentions AI has seen its stock price increase. Whether this is rational or not is a question for another article, but it's not something that SentinelOne investors should complain about, given that the stock has yet to see an "AI bump" of its own. Similarly, while it's hard to spin SentinelOne's lack of profitability as a positive, it will be less of a negative in an environment with falling interest rates. In particular, in this environment, it doesn't make sense to me that a company like SentinelOne - growing quickly with a solid balance sheet - has a lower P/S ratio than most of its slower growing competitors. Of course, there's no doubt that SentinelOne is a risky investment given that it's relatively new to public markets, has been unsuccessful in them so far, suffers from a severe lack of profitability, and has been out-grown by CrowdStrike since it was founded. These risks kept me on the sidelines until the CrowdStrike outage. But I'm betting that the outage will be a catalyst for SentinelOne to improve its growth rates and, eventually, its margins and stock price. Investors who deem SentinelOne too risky can look at Palo Alto Networks instead. This company has been making big moves in endpoint protection recently, which could prove timely given CrowdStrike's issues. It's now a leader in the Gartner magic quadrant, when it wasn't even included in the quadrant two years ago. Outside of endpoint protection, Palo Alto Networks is a blue chip cybersecurity company which has diverse and comprehensive offerings. This means that, unlike SentinelOne, it's positioned to continue succeeding whether or not there's more fallout from CrowdStrike. After all, it's an established company which has been successful for longer than CrowdStrike or SentinelOne have existed. The main reason I have a slight preference for SentinelOne over Palo Alto Networks is simply valuation. Palo Alto Networks' valuation is reasonable, but its P/S ratio is a bit high relative to its historical average (although the same can be said for the market overall). Meanwhile, its revenue growth has been stable for years, but is currently on the lower end of its historical range. Of course, it's worth mentioning the other leaders in Gartner's magic quadrant as well, namely Trend Micro and Microsoft. However, these companies are not growing very quickly relative to the overall cybersecurity industry. And Microsoft is far from a pure play on cybersecurity. While I've long recommended Microsoft stock and will continue to do so, I wouldn't consider it a cybersecurity investment. A look at a past incident impacting cybersecurity companies revealed that investors should be careful about "buying the dip" and dismissing the recent CrowdStrike outage. While it's very possible that CrowdStrike will continue to be a successful business and investment, competitors like SentinelOne look more appealing at this point. They'll directly benefit from CrowdStrike's mis-steps, and their stock is currently at a more attractive valuation.

CrowdStrike: Buy The Outage (Rating Upgrade) (NASDAQ:CRWD)

The outage may present a unique buying opportunity for risk-tolerant investors due to oversold conditions and strong financials. CrowdStrike (NASDAQ:CRWD) made negative news headlines on Friday as an outage impacted critical computer systems around the world, leading to impaired functionality of airlines, banks and payment systems. The outage also created wide-spread problems for customers using Microsoft products which resulted in an 11% price drop for shares of CrowdStrike. Although I have been cautious about the cybersecurity company since October 2023 -- given the company's high valuation multiplier -- I believe the sell-off creates a unique opportunity for risk-tolerant investors to buy shares of CrowdStrike on the drop! Shares of CrowdStrike have soared in the last year on generally improving sentiment towards cybersecurity/software/Cloud businesses and strong growth at the cybersecurity firm. In my last work on CrowdStrike, I argued that the cybersecurity was trading at a rich valuation multiplier -- Priced For Perfection -- which resulted in a hold rating. However, shares continued to surge, and are currently up 64% since my hold recommendation. I believe the most recent correction offers a new engagement opportunity for investors as shares are oversold technically and CrowdStrike should be able to recover from the outage-related sell-off in due time. According to CrowdStrike's statement on Friday, published on the company's website, the cybersecurity company stated that "the outage was caused by a defect found in a Falcon content update for Windows hosts" and CrowdStrike also clarified specifically that the outage was not the result of a cyberattack. The outage has caused widespread problems for Windows users, negatively affected reservation and payment systems and triggered dislocations in other areas as well. While the outage made for some negative publicity in the short term, I believe investors can take advantage of this fear-driven sell-off. CrowdStrike's core value proposition is to protect customers from cybersecurity threats and to detect risks (cyberattacks) early. Since the most recent outage was driven by a malfunctioning update for its Falcon cybersecurity platform, the company should not suffer any long-lasting reputational damage from the outage and I don't see any negative implications for CrowdStrike's core cybersecurity business. In fact, I would argue that investors will soon refocus their attention on the company's fast-growing cybersecurity core business which is seeing unabated momentum. In the first fiscal quarter of FY 2025, CrowdStrike generated 34% year over year subscription growth as more customers signed on the cybersecurity platform and took up the company's SaaS offer. Subscription revenues were responsible for a massive 95% revenue share in the most recent quarter and they will therefore remain key to the company's overall top line growth. CrowdStrike also hit record annual recurring revenues (on a quarter-end basis) of $3.6B. Going forward, this revenue growth rate could get sustained by the expansion in the AI native cybersecurity market. Obviously, artificial intelligence has huge applications in the software/cybersecurity market and AI could help software companies the defense of computer networks and result in speedier detection of cybersecurity risks. CrowdStrike estimates that the addressable market for AI native cybersecurity platforms will grow from $100B in 2024 to $225B in 2028, representing an annual growth rate of 22.5%. CrowdStrike is not only growing its subscription business at double-digit rates, but the cybersecurity company is also already widely profitable, in terms of operating income, net income and especially free cash flow. CrowdStrike generated $323M in free cash flow in the first fiscal quarter, showing a year over year growth rate of 42%. The free cash flow trend especially is very encouraging and reflects a highly profitable SaaS core business. CrowdStrike generated a free cash flow margin of a massive 35% in the last quarter, showing a year over year expansion of 2 PP. CrowdStrike is a fast-growing cybersecurity/Cloud stock and therefore highly valued, even after the 11% price crash on Friday. Currently, shares of CrowdStrike are trading at a price-to-revenue ratio of 14.7X and the valuation ratio is converging on the company's longer term P/E ratio of 13.8X. Rival firms in the Cloud business include Zscaler (ZS), Datadog (DDOG) and Cloudflare (NET), all which have lower P/S ratios. However, CrowdStrike is one of the faster growing cybersecurity/Cloud companies in the market and the negative publicity following the global outage of IT systems is creating an engagement opportunity, in my opinion: CrowdStrike's revenues are projected to grow 26% next year compared to 22% for Zscaler, 23% for DataDog and 27% for Cloudflare. Cloud and cybersecurity stocks tend to be highly valued given the immense market opportunity, the upside related to deploying AI, and the sector's strong top line growth. I believe CrowdStrike could revalue to a 18-19X P/S ratio once the dust settles (return to its pre-outage valuation factor), given how quickly the cybersecurity company is growing its annual recurring revenue base and how much free cash flow CRWD generates. An 18-19X P/S ratio implies a fair value range of $374-394 for shares of CrowdStrike. There is a considerable risk, however, that the after-effects of the outage will suppress CrowdStrike's valuation factor in the short term, however. According to the RSI, shares of CrowdStrike have an RSI value of 24.60 and are therefore currently deeply oversold (which is indicated by a value below 30), showing that investors are overreacting to the outage news. In the short term, there is obviously a great amount of reputational risk that comes on the heels of negative headlines. However, in the longer term, the outage may have created a unique engagement opportunity for investors, in my opinion, as CrowdStrike's core subscription business is growing quickly and the company is widely profitable. What would change my mind about CrowdStrike is if the cybersecurity platform were to lose a lot of customers as a result of this outage or saw a decline in its top line/free cash flow growth. While the outage was clearly a negative event for CrowdStrike, I don't believe the company will suffer long-lasting reputational damage, chiefly because the outage was not the result of a cyberattack. CrowdStrike's core business remains in good shape and the company is enormously free cash flow-profitable. I have also changed my tune on the company's valuation as I believe the AI native security market opportunity is very attractive and CrowdStrike is delivering consistent results in its subscription business. I am up-grading shares of CrowdStrike to buy because I believe investors are overreacting to the outage news and because CrowdStrike's financial trends all point upward. While CrowdStrike's shares are not cheap, the massively negative news coverage creates a new engagement opportunity for long term investors!

Is CrowdStrike's Big Blunder a Buying Opportunity? | The Motley Fool

CrowdStrike just became a household name in the worst possible way. CrowdStrike's (CRWD -11.10%) stock price plunged 11% on Friday, July 19, after an update to its cloud-based cybersecurity platform sparked a global IT outage across banks, airports, hospitals, retailers, other businesses, and government agencies. ATMs stopped working, flights were delayed, and crucial healthcare services went offline. CrowdStrike CEO George Kurtz said the incident was caused by a "defect found in a single content update for Windows hosts" and that a fix had already "been deployed." Microsoft (MSFT -0.74%), which was initially blamed for the outage because it only occurred on Windows systems, said it was working with CrowdStrike to resolve those issues. CrowdStrike certainly made a massive mistake and the market's reaction is understandable. But others are wondering if this news-driven pullback represents a good buying opportunity. Are they right? In the past, most cybersecurity companies installed on-site appliances to run their services. But that hardware was expensive, sucked up power, took up a lot of space, and required constant maintenance. CrowdStrike addressed those issues with Falcon, a cloud-native endpoint security platform that didn't require any on-site appliances. As a cloud-based platform, Falcon was easier to install, scale, and update than appliance-based platforms. It also enabled CrowdStrike to lock clients into sticky recurring subscriptions and cross-sell more cloud-based modules to grow its revenue per customer. Those strengths have enabled CrowdStrike to grow like a weed since its initial public offering (IPO) in 2019. From fiscal 2019 to fiscal 2024 (which ended this January), its revenue rose at a compound annual growth rate (CAGR) of 65%, from $250 million to $3.06 billion. CrowdStrike now serves 298 of the Fortune 500 companies and 538 of the Fortune 1000 companies. However, that widespread adoption explains why CrowdStrike's flawed update caused so much damage in such a short time. Over the past year, as macro headwinds forced many companies to rein in their spending, CrowdStrike's growth in both ending annual recurring revenue (ARR) and total revenue decelerated. But its net new ARR growth rose by double-digit percentages year over year again over the past three quarters -- which meant it was still gaining new customers in a challenging market. Data source: CrowdStrike. YOY = year over year. Note: Ending ARR is the sum of preexisting ARR with net new ARR. CrowdStrike attributed that robust growth to its market-share gains, new government contracts, and the rollout of more generative artificial intelligence (AI) features for Falcon. By the end of the first quarter of fiscal 2025, 44% of its customers had adopted at least six of its modules, up from 43% in the fourth quarter and 40% a year earlier. During the first-quarter conference call, Kurtz notably took a jab at Palo Alto Networks' (PANW 2.16%) new platformization strategy (which is currently driven by free trials and deferred revenue deals) -- saying "when a platform delivers real value, you don't have to give it away." Unfortunately, CrowdStrike's recent software blunder might just drive some companies to try out Palo Alto's more diversified mix of on-site and cloud-based services instead. At the time, CrowdStrike expected its revenue to grow 30%-31% in fiscal 2025. It also planned to continue its five-quarter streak of profitability based on generally accepted accounting principles (GAAP). But given those estimates (which will likely be reduced) and its current enterprise value of $67.5 billion, it still looks expensive at 17 times this year's sales. The big question now is how much this fiasco will throttle CrowdStrike's long-term growth. Bulls will argue that the company's leadership of the cloud-native cybersecurity space, its sticky cloud-based ecosystem, and the high costs of switching to another platform will prevent it from losing too many customers in the aftermath of the IT outage. However, Kurtz admitted it would take "some time" before the problem update was rolled back and all of the affected systems were fully restored. CrowdStrike could also be hit by plenty of lawsuits after this debacle, and Tesla's CEO Elon Musk said his company had already "deleted CrowdStrike" from all of its systems. The incident also made CrowdStrike, which hadn't been widely recognized outside of tech and business circles, a household name in the worst possible way. Warren Buffett once said it "takes 20 years to build a reputation and five minutes to ruin it" -- and the damage to CrowdStrike's brand could certainly erode its defenses against its eager competitors. Microsoft has been quietly expanding its own cloud-based cybersecurity platform over the past few years, with big investments and acquisitions. This embarrassing incident could drive Microsoft to accelerate the development of those internal services, in order to curb its dependence on CrowdStrike and other third-party cybersecurity platforms. I own shares of CrowdStrike, but I think it would need to pull back even further before it's considered a bargain. It's still up more than 90% over the past 12 months and isn't cheap -- and we can't yet gauge the long-term impact of this disastrous outage.

Is CrowdStrike's Big Blunder a Buying Opportunity?

CrowdStrike's (NASDAQ: CRWD) stock price plunged 11% on Friday, July 19, after an update to its cloud-based cybersecurity platform sparked a global IT outage across banks, airports, hospitals, retailers, other businesses, and government agencies. ATMs stopped working, flights were delayed, and crucial healthcare services went offline. CrowdStrike CEO George Kurtz said the incident was caused by a "defect found in a single content update for Windows hosts" and that a fix had already "been deployed." Microsoft (NASDAQ: MSFT), which was initially blamed for the outage because it only occurred on Windows systems, said it was working with CrowdStrike to resolve those issues. CrowdStrike certainly made a massive mistake and the market's reaction is understandable. But others are wondering if this news-driven pullback represents a good buying opportunity. Are they right? Image source: Getty Images. Why did CrowdStrike's outage cause so much damage? In the past, most cybersecurity companies installed on-site appliances to run their services. But that hardware was expensive, sucked up power, took up a lot of space, and required constant maintenance. CrowdStrike addressed those issues with Falcon, a cloud-native endpoint security platform that didn't require any on-site appliances. As a cloud-based platform, Falcon was easier to install, scale, and update than appliance-based platforms. It also enabled CrowdStrike to lock clients into sticky recurring subscriptions and cross-sell more cloud-based modules to grow its revenue per customer. Those strengths have enabled CrowdStrike to grow like a weed since its initial public offering (IPO) in 2019. From fiscal 2019 to fiscal 2024 (which ended this January), its revenue rose at a compound annual growth rate (CAGR) of 65%, from $250 million to $3.06 billion. CrowdStrike now serves 298 of the Fortune 500 companies and 538 of the Fortune 1000 companies. However, that widespread adoption explains why CrowdStrike's flawed update caused so much damage in such a short time. How fast was CrowdStrike growing? Over the past year, as macro headwinds forced many companies to rein in their spending, CrowdStrike's growth in both ending annual recurring revenue (ARR) and total revenue decelerated. But its net new ARR growth rose by double-digit percentages year over year again over the past three quarters -- which meant it was still gaining new customers in a challenging market. Data source: CrowdStrike. YOY = year over year. Note: Ending ARR is the sum of preexisting ARR with net new ARR. CrowdStrike attributed that robust growth to its market-share gains, new government contracts, and the rollout of more generative artificial intelligence (AI) features for Falcon. By the end of the first quarter of fiscal 2025, 44% of its customers had adopted at least six of its modules, up from 43% in the fourth quarter and 40% a year earlier. During the first-quarter conference call, Kurtz notably took a jab at Palo Alto Networks' (NASDAQ: PANW) new platformization strategy (which is currently driven by free trials and deferred revenue deals) -- saying "when a platform delivers real value, you don't have to give it away." Unfortunately, CrowdStrike's recent software blunder might just drive some companies to try out Palo Alto's more diversified mix of on-site and cloud-based services instead. At the time, CrowdStrike expected its revenue to grow 30%-31% in fiscal 2025. It also planned to continue its five-quarter streak of profitability based on generally accepted accounting principles (GAAP). But given those estimates (which will likely be reduced) and its current enterprise value of $67.5 billion, it still looks expensive at 17 times this year's sales. Will this outage impact CrowdStrike's long-term growth? The big question now is how much this fiasco will throttle CrowdStrike's long-term growth. Bulls will argue that the company's leadership of the cloud-native cybersecurity space, its sticky cloud-based ecosystem, and the high costs of switching to another platform will prevent it from losing too many customers in the aftermath of the IT outage. However, Kurtz admitted it would take "some time" before the problem update was rolled back and all of the affected systems were fully restored. CrowdStrike could also be hit by plenty of lawsuits after this debacle, and Tesla's CEO Elon Musk said his company had already "deleted CrowdStrike" from all of its systems. The incident also made CrowdStrike, which hadn't been widely recognized outside of tech and business circles, a household name in the worst possible way. Warren Buffett once said it "takes 20 years to build a reputation and five minutes to ruin it" -- and the damage to CrowdStrike's brand could certainly erode its defenses against its eager competitors. Microsoft has been quietly expanding its own cloud-based cybersecurity platform over the past few years, with big investments and acquisitions. This embarrassing incident could drive Microsoft to accelerate the development of those internal services, in order to curb its dependence on CrowdStrike and other third-party cybersecurity platforms. So is CrowdStrike's pullback a buying opportunity? I own shares of CrowdStrike, but I think it would need to pull back even further before it's considered a bargain. It's still up more than 90% over the past 12 months and isn't cheap -- and we can't yet gauge the long-term impact of this disastrous outage. Should you invest $1,000 in CrowdStrike right now? Before you buy stock in CrowdStrike, consider this: The Motley Fool Stock Advisor analyst team just identified what they believe are the 10 best stocks for investors to buy now... and CrowdStrike wasn't one of them. The 10 stocks that made the cut could produce monster returns in the coming years. Consider when Nvidia made this list on April 15, 2005... if you invested $1,000 at the time of our recommendation, you'd have $722,626!* Stock Advisor provides investors with an easy-to-follow blueprint for success, including guidance on building a portfolio, regular updates from analysts, and two new stock picks each month. The Stock Advisor service has more than quadrupled the return of S&P 500 since 2002*. Leo Sun has positions in CrowdStrike and Palo Alto Networks. The Motley Fool has positions in and recommends CrowdStrike, Microsoft, Palo Alto Networks, and Tesla. The Motley Fool has a disclosure policy. The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.

After the Biggest IT Outage in History, Is CrowdStrike a Stock to Avoid...or a Bad-News Buy?

CrowdStrike Holdings (NASDAQ: CRWD) made headlines around the world on Friday -- but not for a reason the company or its shareholders were happy about. A faulty software update by the cybersecurity specialist led to an IT outage that impacted customers around the world, from airlines to banks to hospitals, causing business for many of them to screech to a halt. Experts are calling this the largest IT outage in history, and though CrowdStrike rushed into action and deployed a fix, problems persisted across systems. The company repaired the software bug, but affected computers require manual reboots -- a process that could take some time. Investors responded by selling CrowdStrike stock, driving it 11% lower in Friday's trading session. Now, the question is, following this major upset for CrowdStrike customers worldwide, is the stock one to avoid...or is it a bad-news buy? Let's find out. First, let's take a quick look at CrowdStrike's business and at exactly what happened over the past few days. CrowdStrike stands out in the world of cybersecurity because its platform is entirely cloud-based and driven by artificial intelligence (AI). The Falcon platform collects data from across a company, and this information is used to train CrowdStrike's AI to protect that customer from threats. Customers can select from among 28 security modules or use them all in one Falcon platform. As of the end of the first quarter, 62 of the Fortune 100 companies were using CrowdStrike as their choice of cybersecurity provider. The company recently said deals involving modules such as Falcon Next-Gen SIEM more than doubled year over year, and it's been signing some of its biggest contracts ever. Fast-forward to the early morning hours of July 19. CrowdStrike launched a sensor configuration update to Microsoft Windows systems -- something that's done regularly across the Falcon platform. This time, though, the update sparked a logic error. The result was a system crash, leading to the blue screens seen by customers around the world. CrowdStrike quickly fixed the software error, but as mentioned above, the need for manual reboots means it will take time for all systems to return to normal operations. The impact has been broad-based -- from canceled flights and surgeries to TV channels being unable to broadcast. Potential impact on CrowdStrike Now, let's consider the potential impact on CrowdStrike. First, here's a very important point: The troubles weren't linked to a cyberattack. They were simply the result of a faulty software update. This is key because it doesn't call into question CrowdStrike's ability to do its job of protecting companies from such attacks. And though this software bug created chaos, unfortunately these sorts of events do happen from time to time -- and have happened to other companies. Of course, the outage is still likely to have some financial impact on CrowdStrike, but it's too early to determine exactly how much. A look at the company's terms and conditions shows it limits its liability to "fees paid" by the customer -- which could greatly reduce potential damages. But this is just a small part of the picture. CrowdStrike may have negotiated other terms with certain clients, and the company still could face the threat of lawsuits or the loss of contracts. Your investment strategy So, what does all of this mean for you as an investor right now? Is CrowdStrike a stock to avoid or a bad-news buy? This depends on your investment strategy. If you're a cautious investor, before picking up shares, you may want to at least wait until CrowdStrike's next earnings report to learn more about potential financial impact on the company. If you can tolerate some risk, though, now is a great time to scoop up shares of this cybersecurity giant. As mentioned above, technical glitches do happen -- and this one doesn't have anything to do with CrowdStrike's ability to protect its customers from cyberattacks. The fact that this software bug did shut down so much business shows just how big CrowdStrike has become, extending across companies and industries around the world. Could CrowdStrike lose some customers after this event? It's certainly possible, though customers do realize that software bugs are risks -- regardless of your security provider. Finally, it's important to take a look both at CrowdStrike's solid earnings growth, and at two key metrics -- free cash flow and return on invested capital: CRWD Net Income (Annual) data by YCharts. All of these figures are extremely positive; they show that CrowdStrike is making wise investments and benefiting from them. Even if CrowdStrike faces some financial headwinds in the aftermath of the big outage, the company has what it takes to handle the challenges, and should prevail over the long term. All of this means that, yes, CrowdStrike could be in for a rough patch in the weeks and months to come, but the recent problem shouldn't dismantle the strengths the company has built over time. And this means that, for investors able to handle some risk, CrowdStrike today is a bad-news buy -- not a stock to avoid. Should you invest $1,000 in CrowdStrike right now? Before you buy stock in CrowdStrike, consider this: The Motley Fool Stock Advisor analyst team just identified what they believe are the 10 best stocks for investors to buy now... and CrowdStrike wasn't one of them. The 10 stocks that made the cut could produce monster returns in the coming years. Consider when Nvidia made this list on April 15, 2005... if you invested $1,000 at the time of our recommendation, you'd have $722,626!* Stock Advisor provides investors with an easy-to-follow blueprint for success, including guidance on building a portfolio, regular updates from analysts, and two new stock picks each month. The Stock Advisor service has more than quadrupled the return of S&P 500 since 2002*. Adria Cimino has no position in any of the stocks mentioned. The Motley Fool has positions in and recommends CrowdStrike and Microsoft. The Motley Fool recommends the following options: long January 2026 $395 calls on Microsoft and short January 2026 $405 calls on Microsoft. The Motley Fool has a disclosure policy. The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.

After the Biggest IT Outage in History, Is CrowdStrike a Stock to Avoid...or a Bad-News Buy? | The Motley Fool

CrowdStrike Holdings (CRWD -11.10%) made headlines around the world on Friday -- but not for a reason the company or its shareholders were happy about. A faulty software update by the cybersecurity specialist led to an IT outage that impacted customers around the world, from airlines to banks to hospitals, causing business for many of them to screech to a halt. Experts are calling this the largest IT outage in history, and though CrowdStrike rushed into action and deployed a fix, problems persisted across systems. The company repaired the software bug, but affected computers require manual reboots -- a process that could take some time. Investors responded by selling CrowdStrike stock, driving it 11% lower in Friday's trading session. Now, the question is, following this major upset for CrowdStrike customers worldwide, is the stock one to avoid...or is it a bad-news buy? Let's find out. First, let's take a quick look at CrowdStrike's business and at exactly what happened over the past few days. CrowdStrike stands out in the world of cybersecurity because its platform is entirely cloud-based and driven by artificial intelligence (AI). The Falcon platform collects data from across a company, and this information is used to train CrowdStrike's AI to protect that customer from threats. Customers can select from among 28 security modules or use them all in one Falcon platform. As of the end of the first quarter, 62 of the Fortune 100 companies were using CrowdStrike as their choice of cybersecurity provider. The company recently said deals involving modules such as Falcon Next-Gen SIEM more than doubled year over year, and it's been signing some of its biggest contracts ever. Fast-forward to the early morning hours of July 19. CrowdStrike launched a sensor configuration update to Microsoft Windows systems -- something that's done regularly across the Falcon platform. This time, though, the update sparked a logic error. The result was a system crash, leading to the blue screens seen by customers around the world. CrowdStrike quickly fixed the software error, but as mentioned above, the need for manual reboots means it will take time for all systems to return to normal operations. The impact has been broad-based -- from canceled flights and surgeries to TV channels being unable to broadcast. Now, let's consider the potential impact on CrowdStrike. First, here's a very important point: The troubles weren't linked to a cyberattack. They were simply the result of a faulty software update. This is key because it doesn't call into question CrowdStrike's ability to do its job of protecting companies from such attacks. And though this software bug created chaos, unfortunately these sorts of events do happen from time to time -- and have happened to other companies. Of course, the outage is still likely to have some financial impact on CrowdStrike, but it's too early to determine exactly how much. A look at the company's terms and conditions shows it limits its liability to "fees paid" by the customer -- which could greatly reduce potential damages. But this is just a small part of the picture. CrowdStrike may have negotiated other terms with certain clients, and the company still could face the threat of lawsuits or the loss of contracts. So, what does all of this mean for you as an investor right now? Is CrowdStrike a stock to avoid or a bad-news buy? This depends on your investment strategy. If you're a cautious investor, before picking up shares, you may want to at least wait until CrowdStrike's next earnings report to learn more about potential financial impact on the company. If you can tolerate some risk, though, now is a great time to scoop up shares of this cybersecurity giant. As mentioned above, technical glitches do happen -- and this one doesn't have anything to do with CrowdStrike's ability to protect its customers from cyberattacks. The fact that this software bug did shut down so much business shows just how big CrowdStrike has become, extending across companies and industries around the world. Could CrowdStrike lose some customers after this event? It's certainly possible, though customers do realize that software bugs are risks -- regardless of your security provider. Finally, it's important to take a look both at CrowdStrike's solid earnings growth, and at two key metrics -- free cash flow and return on invested capital: All of these figures are extremely positive; they show that CrowdStrike is making wise investments and benefiting from them. Even if CrowdStrike faces some financial headwinds in the aftermath of the big outage, the company has what it takes to handle the challenges, and should prevail over the long term. All of this means that, yes, CrowdStrike could be in for a rough patch in the weeks and months to come, but the recent problem shouldn't dismantle the strengths the company has built over time. And this means that, for investors able to handle some risk, CrowdStrike today is a bad-news buy -- not a stock to avoid.