CrowdStrike Stock: Analyzing the Recent Sell-Off and Future Prospects

CrowdStrike's Sell-Off Offers A Strong Buying Opportunity (NASDAQ:CRWD)

I anticipate some headwinds at the top-line in q2'25; however, I do anticipate this just to elongate the sales cycle and expect CRWD to reach management's eFY25 revenue guidance. CrowdStrike (NASDAQ:CRWD) recently fell victim to the biggest risk of a SaaS company, an error in a regularly pushed update that led to 8.5mm Windows machines going blue screen. Though this incident has likely put a nasty taste in the investor community's mouths, leading to a massive -23% drop in share price, I believe this decline is substantially overblown and should not be taken as a major operational risk. As such, this may lead to some customer attrition as Elon Musk almost immediately tweeted that he has deleted CrowdStrike from all systems; however, this completely undermines the technical advantages and capabilities of the Falcon platform and its competitive advantage over other cybersecurity platforms. I believe any headwinds posed by this error will be temporary, may shed some light in eq2'25 earnings, and inevitably be overlooked as a minor blip in time. I reiterate my STRONG BUY rating for CRWD with a price target of $387.73 at 18.75x eFY26 price/sales. Do bear in mind that my price target has declined from my pre-q1'25 target of $475/share. Be sure to read my previous coverage of CrowdStrike here: CrowdStrike Avoids Fatigue With Its Single-Platform Offering (Q1 Earnings Preview) CrowdStrike Will Have Their AI Moment The Elephant In The Room I'll begin with the operational error experienced on July 19, 2024, an error that took down computer systems around the globe before jumping into an update to company operations. I believe most of CrowdStrike's sell-off is extremely overblown and is not justified by the company's exceptional performance. Thinking this through, customers cannot just turn off their CrowdStrike platform, as Elon Musk had alluded to. Customers cannot just instantaneously switch platforms without taking into consideration integration feasibility and costs. Bearing in mind that CrowdStrike's single-platform solution covers cloud and on-prem systems and networks, migrating to a competitor such as Palo Alto Networks (PANW) is feasible, but will likely be costly as a customer will need to purchase multiple platforms to receive the same hybrid-environment type coverage. In addition to this, cybersecurity staff and users would need to train on the new systems, which may lead to further challenges for an enterprise. Given that more enterprises are testing GenAI features across their nodes, CrowdStrike's AI-native platform will likely continue to be the go-to solution for securing LLMs, whether in the public or private cloud. This incident reminds me of the SolarWinds (SWI) incident that occurred in 2020. SolarWinds is one of the leading legacy network monitoring software products used across IT departments to monitor network traffic and performance. SolarWinds's system was breached by hackers who implemented a backdoor malware into a pushed update that impacted 30,000 organizations which utilized SolarWinds Orion. The key difference between the two incidents is that SolarWinds's was a security breach and CrowdStrike's was faulty code. According to IDC, this isn't the first time that a faulty update has been issued by a software vendor. A similar incident occurred in 2010 through a McAfee update that caused a reboot loop and loss of network access on Windows XP SP3 systems. In 2021, a software update issued by Fastly caused a major internet outage. As described by the note issued by IDC on the CrowdStrike incident: With respect to the silent update, this may lead to some administrative changes to how CrowdStrike updates customers' systems. I suspect that customers may begin manually updating systems, if possible, to avoid future incidents. I would like to note that this does come at a cost. This could lead to incidents similar to the Equifax (EFX) breach in 2017, which was the result of a software team not pushing an update on their Apache Struts web-application software, which led to a massive data leak that exposed the personal data of 143mm people. Though I'd like to say there is one simple solution to the matter, no measure is perfect and the least we can presume is that no customer data has been leaked as a result of CrowdStrike's incident. Sell-off May Have Been Driven By Retail Investors Looking at ownership flows as reported by MarketBeat, I suspect that much of the sell-off is retail-driven and that the price decline will not likely be sustained. Though the chart presented below does not likely provide the institutional buying/selling post-incident, I believe the chart provides some good insight into the institutional investors' sentiment towards the stock. It does appear that there is some attrition between institutional investors; however, there are some opportunistic buyers building their positions into the sell-off. Given this factor, the sell-off should provide investors' a good opportunity to average their cost basis. CrowdStrike Financials & Operations Looking past the incident, I anticipate some customer attrition as this event brought forth a platform that is oftentimes behind the scenes in terms of operations. Because of this, I believe the firm will experience a slight shortfall to eq2'25 guidance of $958.3-961.2mm in revenue. I expect CrowdStrike to quickly move past this event as time goes on and be able to achieve their eFY25 guidance target of 30-31% top-line growth to reach $3,976.3mm-4010.7mm in revenue. My presumption is that the sales process may be elongated in the near-term as potential customers may become hesitant in migrating to the single-platform solution for cybersecurity; however, I don't anticipate this to last beyond eq2'25 as CrowdStrike's Falcon platform offers complete ease of integration across all systems, whether on-prem or in a cloud-based environment. My rationale behind CrowdStrike's sustained growth trajectory is the adoption of AI in the enterprise. Throughout q1'25, CrowdStrike expanded their partnerships with Google Cloud Platform (GOOG)(GOOGL) and Amazon AWS (AMZN) to enhance their cloud security presence. With Google Cloud, Mandiant-managed defense MDR customers will be migrating to the Falcon platform. With Amazon, AWS is unifying its endpoint detection and response protection on the Falcon platform and will utilize CrowdStrike's nextgen SIEM, LogScale. In partnership with Nvidia (NVDA), CrowdStrike will be collaborating with Nvidia to deliver Nvidia's AI computing services on CrowdStrike's Falcon XDR platform. I anticipate this partnership will be one of the driving factors for the hyperscalers to remain with CrowdStrike, as this partnership will accelerate the time to detect and remediate incidents from hours and days down to minutes and seconds. At the enterprise level, I anticipate customers to continue to utilize CrowdStrike's single-platform solution to integrate cybersecurity operations into a single solution. IDC reported that for every $1 invested in a Falcon XDR Platform, customers saved $6. The report suggests that the platform identifies 96% more potential threats and allows for a 66% improvement in time to investigate threats. As a result of the recent incident, I am lowering my revenue target for eq2'25 to $951mm, just under management's guidance of $958.3-961.2mm. Despite this downward adjustment, I do anticipate CrowdStrike to reach their guided revenue range for eFY25. My rationale behind this is that the sales cycle for customer acquisition may push into eq3'25 as these potential customers await further developments of the incident. This will lead to 30/31/31% growth for eq2/3/4 for the firm to achieve $4,010mm in revenue for eFY25. I do not anticipate any major adjustments to margins to occur as a result, as I anticipate this to be a short-term headwind and not result in a long-term trend. Bull/Bear Case For CrowdStrike Bull Case CrowdStrike remains the leading single-platform cybersecurity solution on the market and has achieved substantial top-line growth and margin accretion. CrowdStrike has also maintained an elevated level of their "Rule of" at 65% for q1'25, which is calculated by adding FCF margin and revenue growth. CrowdStrike ended q1'25 with a cumulative ARR of $3.65b, up 33% from the previous year. The firm's proven 1:6 cost savings abilities should be extremely appealing to CIOs and CISOs during a time of flat IT spend. Bear Case Customer attrition may be worse than expected as a result of the incident, despite this not being a one-off event, as history would tell. This can lead to competing cybersecurity platforms to poach CrowdStrike customers while the incident remains fresh. Investors may become hesitant in investing in the name and may wait until eq2'25 to flow back into a position. This may lead to CRWD shares becoming a "show me" story, in which the firm will need to prove its growth in the coming quarter before investors gain interest in the stock again. The relatively high valuation may lead investors to further sell shares in an anticipation of a deeper sell-off. Valuation & Shareholder Value I do believe the sell-off may continue in the near-term as investors remain shaken up by the uncertainty of the cybersecurity company. Aside from the near-term price attrition, I do anticipate this to be a short-term event and will be resolved throughout the quarter and potentially into eq2'25 earnings. From a tactical perspective, shares may continue their sell-off in the near-term as investors find a floor for price stability. This could be in the range of $175-232/share. I believe any major drops in the share price will pose a good buying opportunity for investors to average into a position. This may very well be one of those opportunities where investors will see blood in the water before clear skies. From a valuation perspective, I will maintain my STRONG BUY recommendation for CRWD shares, with a now lowered price target of $387/share at 18.75x eFY26 price/sales. Much of the valuation difference comes from investors' sentiment towards the company, as this may lead to some additional uncertainty going into earnings. In terms of short-term price trajectory, CRWD shares may experience a continued drawdown as investors find new grounding in the stock; however, I anticipate this to only be temporary and believe this will only create a buying opportunity for those that have missed out on early investment in the cybersecurity name. CRWD shares remain at their elevated premium above peers. I believe that this high valuation is justified given the firm's strong growth and operational excellence. Though I remain bullish on the name, I do expect some continued downside potential as investors find a price floor. I believe any major moves down pose as good buying opportunities to averaging into a position. Michael Del Monte is a buy-side equity analyst with over 5 years of industry experience. Prior to working in the investment management industry, Michael spent over a decade in professional services working in industries that range from O&G, OFS, Midstream, Industrials, Information Technology, EPC Services, and consumer discretionary.Michael takes a macro-value-oriented approach to investment analysis and prides himself in being able to make investment recommendations based on cross-industry analysis. Analyst's Disclosure: I/we have a beneficial long position in the shares of CRWD either through stock ownership, options, or other derivatives. I wrote this article myself, and it expresses my own opinions. I am not receiving compensation for it (other than from Seeking Alpha). I have no business relationship with any company whose stock is mentioned in this article. Seeking Alpha's Disclosure: Past performance is no guarantee of future results. No recommendation or advice is being given as to whether any investment is suitable for a particular investor. Any views or opinions expressed above may not reflect those of Seeking Alpha as a whole. Seeking Alpha is not a licensed securities dealer, broker or US investment adviser or investment bank. Our analysts are third party authors that include both professional investors and individual investors who may not be licensed or certified by any institute or regulatory body.

CrowdStrike Stock: Be Strategically Greedy When Others Are Fearful (NASDAQ:CRWD)

Legal issues, delayed deals, and reputational damage pose risks. PANW may capitalize on CRWD's vulnerability, yet CRWD presents a contrarian value opportunity. I last covered CrowdStrike (NASDAQ:CRWD) in June; the recent black swan event of CRWD releasing a faulty sensor configuration update for its falcon platform, causing the "Blue Screen of Death" and affecting approximately 8.5M devices, has been brutal for CRWD customers and shareholders in the near term. However, as a contrarian investor, I can't help but consider this an opportunity, even if it has exposed my previous theses on the company to losses. As a result of this black swan event, CRWD has dropped 30% in price since my June analysis and 19% since my March analysis. Prior to the event, my March analysis was substantially profitable. However, I reiterate the closing statement from my June analysis: The important point here is to have CRWD in a diversified portfolio that isn't only subject to high-growth, richly valued stocks, which would make returns highly prone to volatility over long time periods. As many are well aware, on July 19, 2024, CRWD inadvertently caused approximately 8.5M systems to crash as a result of an update it rolled out. Core industries affected include: Management quickly identified the issue and deployed a fix within hours, but experts have warned that a full recovery could take weeks due to the extensive manual work required. Other than the immediate stock price decline, there are further concerns that are compounding with investors. For example, analysts at Guggenheim Securities have indicated that the outage is likely to delay deal signings and potentially cause losses in competitive deals. Furthermore, there is a chance of legal battles ensuing as affected customers seek compensation for the disruptions caused -- such legal issues could compound deeper financial issues. In other words, the chances of long-tail negative effects from this black swan event are significant enough to warrant concern. However, in my opinion, the company will heal, and I think a ~30% decrease in price due to the event more than covers the periodic negative sentiment as a result of these issues. My stance is that this crisis is not fatal, and CRWD remains a Buy based on general operational excellence. Furthermore, people make mistakes, as do companies, and one mistake at this level does not discredit the greatness a company has proved over the course of its life and can still produce in its future. Rebuilding customer trust will be a significant challenge, but CRWD's response to the crisis outlines care, transparent communication, and a high standard of resilience, in my opinion. The company's Falcon platform is widely regarded as one of the best in the industry -- furthermore, the cybersecurity market remains strong amid high levels of digital adoption and advanced technology tools like AI, automation, and robotics ecosystems being developed and deployed. I think if management takes the lessons of this event in its stride, it could even strengthen the company further over the long term, causing it to fortify its operations to protect against such black swan events in the future. In my last thesis on CRWD, I outlined a 2034 price target of approximately $1,700 if the company can achieve a 20% CAGR in revenues and hit a PS ratio of 20 in 2034: In my opinion, due to delayed deal signings, increased costs for damage control and legal expenses, reputational damage and customer attrition, and competitive displacement from the crisis, it is conceivable that its 10Y revenue CAGR could reduce as low as 15% as a result. Furthermore, it is not unlikely that the PS ratio will experience a contraction toward 17.5 over the period based on the long-tail effects of the crisis, as outlined in my operational analysis, compounded over many years. CRWD's current revenue per share is $13.68, so my updated 2034 revenue per share target is $55.34. Therefore, my 2034 price target, which accounts for the lower sentiment and operational capabilities of CRWD as a result of the outage, is approximately $970, indicating a 14% CAGR from the present stock price of $263.50. This is not as large as the 16% CAGR from my last analysis of CRWD, but 14% is still impressive, and it represents that long-term alpha is likely if investing at the present valuation, in my opinion. It is worth remembering that this updated price target is quite conservative, as it significantly prices in large long-tail negative effects of the outage, and it supposes that the event will have lasting reputational damage on the company. In reality, this view may be too pessimistic, in my opinion, as people are quick to forgive, especially if CRWD develops robust operational models moving forward, which provide genuine added layers of security to its offerings that prevent such incidents like this from ever happening again. That being said, what may happen is that CRWD loses some competitive advantage as a result of it having to direct finances toward the management of the legal, operational, reputational, and structural issues that have resulted from the crisis. While CRWD is arguably well-prepared for such a setback, being one of the largest cybersecurity firms in the world, it still presents a vulnerability that smaller companies, like SentinelOne (S) and Zscaler (ZS), may be able to capitalize on. In the near term, there is also the risk that investors expose themselves to downside momentum as a result of analysts publishing many downward fundamental and price estimate revisions. Here are some of the current reports to indicate the Wall Street consensus: I think the reality of this situation is that for investors who bought at pre-crisis levels, the chance of long-term alpha has now significantly reduced. As an example, if investors bought CRWD at the time of my last thesis (the price was $380), the 10Y price CAGR would be roughly 9.8% if my conservative, risk-adjusted 2034 price target of $970 comes to fruition. Of course, this could easily be beaten, but I think what this current event has presented is a situation where many previously rightly optimistic investors will likely only achieve market-level returns over the next 5-10 years. This is the price we pay for being investors in individual stocks -- some of them are exposed to black swan events and other negative catalysts that reduce returns that otherwise would likely have delivered substantial alpha. However, if CRWD was held in a diversified portfolio, these negative effects would be much less pronounced, and one could either decide to sell and reallocate or hold for a few years for market-level returns before potentially moving on to greener pastures. Still, at the present price and valuation post-crisis, CRWD is undoubtedly a Buy, in my opinion. As the long-tail risks of the outage are likely now priced into CRWD stock, in my opinion, this does not mean that CRWD will not face other operational hazards or broader technology market downturns in the future. If CRWD were to face another crisis like this, unfortunately, it would likely significantly reduce the chances of long-term alpha being achieved. As a result, I think it makes little sense to hold CRWD above 3% or so in portfolios due to the risk that the stock currently carries, as well as the fact that the alpha from the investment already does not look that substantial if investing at the present valuation. A 14% CAGR, while strong, is not excellent, and arguably much higher price CAGRs can be found in smaller or mid-sized companies that have much more attractive valuation multiples. Palo Alto Networks (PANW) is likely to gain significant market share over CRWD as a result of the crisis. PANW already had the larger market cap, and now I believe it will see CRWD's vulnerability as an opportunity to capitalize and consolidate its moat. PANW has notably launched a strategy to consolidate cybersecurity platforms, which includes offering free incentives and encouraging customers to consolidate their protection on PANW's security systems. As PANW is already executing a consolidation strategy, this weakness in CRWD is likely to open new customer acquisitions for PANW, potentially significantly reducing CRWD's position in the market periodically. Furthermore, PANW is actively acquiring companies to broaden its cybersecurity portfolio. That being said, as far as investment cases go, I do not see as much value in PANW as CRWD right now, as CRWD is in an exceptional stock position for contrarian value investors to capitalize on; the same cannot be said for PANW, which I actually consider moderately overvalued at this time. Depending on one's investment strategy, contrarian value investing can be highly lucrative. The thing is, while the potential for alpha remains for CRWD after the recent operational crisis, such alpha is both not that substantial and also highly prone to risk from further company missteps. As a result, CRWD is definitely not a Strong Buy at this time, but I think it is fair and reasonable to reiterate my Buy rating for new investors who may be considering allocating at the present valuation post-crisis. Unfortunately, for investors who allocated prior to the black swan event, long-term alpha is now unlikely, in my opinion. That being said, my estimates are conservative, and management may be able to refortify its position quicker than the market's negative sentiment and my risk analysis would suggest.

CrowdStrike Is Likely To Face Repercussions In The Short Term (NASDAQ:CRWD)

Despite the recent decline, CRWD stock does not appear undervalued, leading to a "Hold" rating for CrowdStrike. Introduction On Friday, July 19th, I turned on my computer to start working, only to realize that my data vendor's website was down. It sometimes happens, so I didn't think about it too much. I only realized an hour after I read the CrowdStrike (NASDAQ:CRWD) and Microsoft (MSFT) news that this may be related to the global outage. Although it seems incredible that one faulty update can cause a global IT blackout, this is exactly what happened. As the responsible entity behind this, CrowdStrike investors immediately punished the company, and the stock was down 15% within the day. Like most investors, this caught my attention, and I started researching the company. My initial reaction was similar to others: the stock is down, let's buy. I have been researching CrowdStrike and the cybersecurity industry since then. I think CrowdStrike is an exceptional business. It is a technological pioneer. However, good technology doesn't always guarantee good outcomes. Cybersecurity is a trust business. Customers do not necessarily want to know how the technology works, they want to know their systems are secure. I fear this trust may weaken as a result of this minor mistake. The stock may be fairly valued, but I expect short-term headwinds that are likely to pressure the stock. Therefore, the stock receives a "Hold" rating. It is best to stay away for now. This article will briefly touch on what the business is doing, discuss long-term drivers, describe what caused the global outage, and conclude with the valuation section. Understanding The Business CrowdStrike is a technological pioneer in the cybersecurity space. As the company highlights, it has built the first cloud-native cybersecurity platform with artificial intelligence at its core. More importantly, the company has been focusing on AI long before it became popular. This cybersecurity platform is called CrowdStrike Falcon. The AI models powering the platform "learn" as the company accesses more data, improving the model and helping it stop breaches. It provides automated protection through lightweight agents installed on each endpoint and cloud workload. The company likens securing the cloud to securing a room. I believe this helps understand the components of the platform a lot. There are four main components: Cloud Security Posture Management (CSPM): Ensures that the room (cloud or environment) is structurally sound and there are no misconfigurations. Cloud Identity Entitlement Management (CIEM): Identifies who is entering the room and determines if they are a good or a bad actor. Cloud Workload Protection (CWP): Detects and prevents bad behaviors happening in the room. Application Security Posture Management (ASPM): Ensures that the items (files) in the room (cloud) are secure. Identifies items that may be invasive. With a combination of these features, the Falcon platform stops breaches and protects the working environment. As mentioned, all these features are enhanced by artificial intelligence. These capabilities make CrowdStrike one of the best and largest cybersecurity companies. Long-Term Drivers Persist Despite strong revenue growth, CrowdStrike has historically been a negative profitability company due to high SG&A and R&D expenses. Gross profit increased rapidly alongside revenue. This success is largely due to CrowdStrike's leadership in a growing industry. The company continues to win as the industry grows, and growth drivers remain strong. One of the biggest drivers of industry growth is the advancing technologies such as big data, edge computing, and artificial intelligence. These technologies impact the cybersecurity space in a number of ways. Firstly, these technologies require a higher amount of data to be stored and processed. That is why we have been investing in our data center capabilities, and even in the power infrastructure that powers data centers. More data requires more security, leading to increased demand for cybersecurity services. Additionally, these technologies enable more sophisticated cyberattacks on work environments that now have a more expanded attack surface due to hybrid and remote work. This creates the need for more advanced cybersecurity solutions. That is why companies like CrowdStrike continue to invest heavily in research and development. Furthermore, there is an increasing demand for less complex and more simplified security systems. As cybersecurity platforms develop, the need to switch to a simpler interface may boost demand. It would not be wrong to assume that these growth drivers will only become stronger in the future. Given the rapid development of artificial intelligence, it may not take long before we see even more sophisticated cyberattacks and advanced cybersecurity structures, for which CrowdStrike may change more. The Global Outage Raises Concerns The growth narrative is strong and backed by significant advancements in technology. However, what happened last week may change or stall that narrative for CrowdStrike. It was a faulty update by CrowdStrike for the Falcon platform that brought down global IT systems for hours on Friday. Its impacts were felt across countries and industries. Services of banks and healthcare providers were disrupted, airplanes were grounded, some TV broadcasters went offline, and many other sectors were affected. Since Falcon uses endpoints that have deep access to operating systems to scan for threats, a faulty update can cause the system to stop working. As Microsoft is a significant customer, machines using Windows were affected by this update, causing a global crash. This may be a once-in-a-blue-moon incident. CrowdStrike will likely implement new processes to test its updates before release. However, for a company relying on growth, this small mistake will likely have repercussions. Cybersecurity is a trust business. Customers do not have to have technical expertise to understand the technology behind it. They trust the company will implement systems to prevent cyberattacks and secure the working environment. For growth, CrowdStrike needs to retain its existing customers and acquire new ones. I am sure that sales representatives from CrowdStrike are in communication with existing customers now, assuring them that issues have been resolved and will not happen again. Existing customers might be easier to convince, however, acquiring new customers might become costlier for the company. Although platforms and the technology behind them may differ, these companies offer one thing: a secure and operating system. If potential new customers were to choose between multiple offerings, I believe they would be more likely to choose a cybersecurity platform that hasn't shown any weaknesses and errors historically. Once trust and brand image are broken, they are not easy to reestablish. That is why I believe CrowdStrike's growth journey will be damaged. As a high-growth company, a slowdown in growth would hurt the stock price. Valuation For this company, we will use the multiples method to understand how the stock is priced and compare it to other public companies in the cybersecurity space. Below is a comparison of the industry median adjusted forward price-to-earnings ("P/E") and CrowdStrike stock's adjusted forward P/E. The industry consists of Zscaler (ZS), Cloudflare (NET), Palo Alto Networks (PANW), Datadog (DDOG), and Fortinet (FTNT). For the past two and a half years, CrowdStrike stock has been trading at a slight premium compared to the broader cybersecurity space. I believe this is justified, as the company seems to have superior solutions and benefits significantly from the developments in AI, both from demand and technology perspectives. Meanwhile, Seeking Alpha's valuation scores show that CrowdStrike is significantly overvalued based on several multiples. The difference between my and Seeking Alpha's calculations could stem from the different constituents of the cybersecurity universe and my specific adjustments to the financials. One thing is certain: the stock is not undervalued, despite the recent decline. Conclusion CrowdStrike pioneered the cybersecurity space by building a strong, AI-based platform to prevent breaches, and is currently one of the best and largest players in the industry. There are significant growth opportunities for the industry, and CrowdStrike is positioned well to benefit from them. However, the global IT outage incident caused by CrowdStrike is a big risk to this narrative. Cybersecurity is a business based on trust, and it may not be easy to rebuild this trust that may have been damaged last week. CrowdStrike is likely to face higher customer acquisition costs in the near future. Additionally, the stock does not appear undervalued despite the recent decline. It trades above the industry median multiples and is significantly overvalued based on Seeking Alpha's valuation scores. The stock may present a buying opportunity if CrowdStrike manages to reestablish its brand image and build trust, and if the stock price declines further. However, for now, the company gets a "Hold" rating. It is best to stay away from it at this time. The Alpha Oracle is a boutique, multi-platform investment research organization dedicated to providing actionable ideas to investors. Our mission is to offer:- Unbiased Research: Insights based on rigorous data analysis and objective observations.- A Safe Haven: Escape the noise of the financial markets with our focused and clear analyses.- Community Engagement: Join a community of like-minded investors to discuss and share ideas.- Contrarian Perspectives: Explore alternative viewpoints that challenge popular beliefs and conventional wisdom.We are aware that being right is not enough in financial markets. Therefore, ideas discussed on our platforms are not investment advice, but solely our opinion.Our website will be available soon, combining our stock analysis here on Seeking Alpha with broader theses and a weekly newsletter, a condensed summary of insights. Analyst's Disclosure: I/we have no stock, option or similar derivative position in any of the companies mentioned, and no plans to initiate any such positions within the next 72 hours. I wrote this article myself, and it expresses my own opinions. I am not receiving compensation for it (other than from Seeking Alpha). I have no business relationship with any company whose stock is mentioned in this article. Seeking Alpha's Disclosure: Past performance is no guarantee of future results. No recommendation or advice is being given as to whether any investment is suitable for a particular investor. Any views or opinions expressed above may not reflect those of Seeking Alpha as a whole. Seeking Alpha is not a licensed securities dealer, broker or US investment adviser or investment bank. Our analysts are third party authors that include both professional investors and individual investors who may not be licensed or certified by any institute or regulatory body.

SentinelOne: Untapped Potential (NYSE:S)

With the increasing demand for protection against cyberattacks, investors recognize the potential returns from high-growth cybersecurity stocks. This trend is reflected in the HACK ETF's near 60% price increase over the last five years. Companies like Palo Alto Networks, Inc. (PANW) and Zscaler, Inc. (ZS) are gaining attention from politicians and analysts alike. However, it's crucial to differentiate whether this growth is organic and sustainable or just a temporary hype bubble. Therefore, of the 24 holdings within HACK, we aimed to find a promising growth opportunity overlooked by Wall Street headlines poised for expansion. Analyzing our list, we observed an average historical revenue growth of 28% and a price-to-sales (P/S) ratio of 6.5x from 2014 to 2023. Among these companies, SentinelOne, Inc. (NYSE:S) stands out with a projected revenue growth rate of 27.15% and a current P/S multiple of roughly 9.3x. Compared to its competitors below, with lower projected revenue growth and higher P/S multiples, SentinelOne could be a compelling choice for investors. SentinelOne, an American cybersecurity company founded in 2013, is headquartered in Mountain View, California. It offers an AI-powered cybersecurity platform specializing in endpoint security. The global endpoint security market was valued at $16.22 billion in 2022 and is projected to reach $28.80 billion by 2029, growing at a CAGR of 9.56%. According to Gartner's Magic Quadrant, SentinelOne is considered a leader in endpoint security alongside CrowdStrike. Despite having similar projected revenue, gross profit margins, and technological capabilities, SentinelOne trades at a P/S multiple of 9.3x, while CrowdStrike trades at a significantly higher P/S multiple of 28.7x. (Gartner Report). We attribute this discrepancy to SentinelOne's lower brand reputation and negative net income. Therefore, this article will analyze how SentinelOne is expanding its customer base and improving retention through technological innovations on its path to profitability As the world shifts into a digital economy, digital crime has seen exponential growth. McKinsey projects that cyberattack damages could hit $10.5 trillion annually by 2025, marking a 300% increase since 2015. According to IBM, this growth is reflected in the rising average cost of data breaches, which reached $4.45 million in 2023, a 15% increase from three years prior. In response, the global cybersecurity market is expected to reach between $1.5 trillion and $2.0 trillion, about ten times the size of the current market. A Verizon Data Breach Investigations Report highlights that 70% of security breaches originate from endpoints such as servers, desktops, laptops, mobile devices, and IoT devices. Therefore, securing these endpoints against cyber threats will be a critical focus moving forward. (McKinsey Report). According to a Ponemon Institute report, 66% of small to medium-sized businesses globally experienced cyberattacks in the past year. Compared to larger firms, these businesses often need IT teams and cybersecurity measures, relying instead on single backup strategies. This vulnerability results in severe financial losses and can lead to business closure. As cybercriminals increasingly target SMBs for their vulnerabilities, the demand for cybersecurity technologies, especially turnkey products, among these businesses is set to grow. According to Europol, AI-enabled cyberattacks are projected to increase by 400% from 2023 to 2025, primarily due to a lower barrier of entry for cybercriminals, who now need 80% less technical expertise. These AI-enabled attacks are also more sophisticated and efficient. For instance, IBM reports that AI-generated phishing emails have a six times higher click-through rate than traditional phishing attempts. The introduction of AI presents significant opportunities for the cybersecurity market, enabling companies and professionals to penetrate markets that weren't previously accessible. Recent cybersecurity regulations have become more stringent across the US, with over 250 bills under consideration across at least 40 states. Federal initiatives like the US National Defense Authorization Act, Executive Order 14028, updates to the False Claims Act, and HIPAA now mandate cybersecurity measures across various sectors. These regulations are set to increase demand for cybersecurity solutions as businesses aim to meet new compliance standards. Investor sentiment toward SentinelOne has been affected by its negative bottom-line figures. However, the company has experienced impressive top-line growth since its IPO in 2019, with a 72% gross margin. This increasing revenue and expanding customer base suggest their net income may soon turn positive. SentinelOne's recent 30% YoY growth in Annual Recurring Revenue (ARR) and its strategy of spending 24% of its total operating expenses on marketing show a solid commitment to building its brand. With the growing demand for cybersecurity solutions from small and medium-sized businesses (SMBs), SentinelOne's competitive pricing model and autonomous turnkey packages make it a sound choice for businesses on a budget, lacking an IT team, and new to cybersecurity solutions. SentinelOne provides flexible deployment options, including both on-premises and cloud-based, that accommodate different organizational needs and infrastructure requirements. In contrast, CrowdStrike is fully cloud-based, promising greater scale. SentinelOne's core Singularity platform is a pivotal differentiator as an integrated, advanced, and autonomous AI-driven cybersecurity solution. The release of Purple AI in April 2023 has dramatically enhanced SentinelOne's Singularity platform capabilities. Purple AI accelerates threat-hunting by up to 80%, simplifying complex security tasks and improving threat detection. It integrates threat intelligence from Google Cloud's Mandiant, providing detailed insights into adversarial attacks and techniques, which helps in making more informed and precise threat assessments. Overall, SentinelOne's Singularity platform offers a robust and automated cybersecurity turnkey solution that reduces the need for human intervention, making it ideal for SMBs and organizations with limited IT resources. (YouTube Video). Between 2021 and 2024, SentinelOne acquired Scalyr, Attivo Networks, PingSafe, and Krebs Stamos Group for $155 million, $616.5 million, $100 million, and $13.9 million, respectively. These acquisitions significantly enhanced SentinelOne's data analytics and XDR capabilities, while also expanding its identity threat detection and response and cloud security capabilities within its integrated platform. "We're not going to chase to outgrow anybody. We're building the best technology, and we're building a very, very effective go-to-market machine when the time is right. And as I mentioned, this quarter has been an excellent indication for us to start moving away and investing back into our business. That's our focus." - CEO Tomer Weingarten. To compare SentinelOne and CrowdStrike's performance, we used an evaluation from MITRE, a non-profit independent advisor on cybersecurity. We gathered two assessments from 2018 and 2023 based on attacks from Chinese and Russian-based threat groups, respectively. MITRE reports evaluate a security vendor based on how well its software detects "tactics," which are the hacker's strategic goals. In the initial evaluation, SentinelOne performed poorly compared to CrowdStrike, with imprecise detection of specific tactics. However, by 2023, SentinelOne showed significant improvements, reflecting its technological advancements and competitive efforts. With this upward trajectory, SentinelOne is well-positioned to capture the unpenetrated total addressable market (TAM) in endpoint security and retain customers. In June 2023, SentinelOne announced a major restructuring plan to improve efficiency and cut costs, including laying off 5% of its workforce. Concerns over free cash flow and negative net income drove this decision. However, these efforts also risk losing talent, lowering investor confidence, and disrupting ongoing projects. The effectiveness of these changes will be reviewed as they are carried out and completed by 2025. Because of these restructuring efforts, CEO Tomer Weingarten projects the company will be "on track to turn the page on profitability within fiscal '25, delivering positive operating income by the end of the year". However, if SentinelOne fails to meet this target, it could delay the anticipated upside potential, indicating weaker-than-expected earnings and growth. Moreover, just like CrowdStrike, any news of SentinelOne's failure to address evolving cyber threats or technical issues could cause its stock to slip below historical support levels, harming its reputation and client trust. With increasing competition in cybersecurity, our stance will turn bearish if SentinelOne fails to maintain its historical performance in third-party evaluations or grow its annual recurring revenue and customer base, indicating that its "growth at all costs" strategy has stalled. We valued SentinelOne (S) using revenue projections from Seeking Alpha and the average forward P/S multiple of 14.55x from peers (Palo Alto, Fortinet, Zscaler, CrowdStrike). This approach estimates a market cap of $11.8 billion. With 313 million shares outstanding, the target share price is $37.81, suggesting an 85.89% upside from the July 12th price of $20.56. SentinelOne stands out as a compelling choice, trading at a lower price-to-sales ratio and with a higher revenue growth rate than its competitors. Despite negative net income and lower brand recognition challenges, the company is achieving double-digit solid revenue growth through effective marketing strategies and acquisitions, positioning itself in a "growth at all cost" stage. As cybersecurity demand grows, SentinelOne's autonomous, comprehensive, and affordable packages are well-suited to meet the needs of small to medium-sized businesses. For investors, SentinelOne offers the potential for significant long-term returns.