KanawatTH
KanawatTH
Sometimes, it is not necessarily superior products which determine how a company performs financially, especially in terms of cash generation and profitability. For this purpose, CrowdStrike (NASDAQ:CRWD) has been named as a leader for three consecutive years in the Gartner Magic Quadrant (pictured below) for its Endpoint protection security products.
Gartner (www.crowdstrike.com)
Gartner (www.crowdstrike.com)
Instead, as this thesis will show, it is rather Palo Alto Networks (NASDAQ:PANW) which, by the way, is not even a leader, but is located much further away in the Visionaries quadrant which is a better choice. Of course, being a technologically better product is critical in cybersecurity in order to ensure that threats are detected and resolved promptly, but, using a comparative approach, the aim of this publication is to show that in the current economic environment characterized by high inflation and liquidity concerns, there are other dynamics at play.
I start by comparing CrowdStrike’s Endpoint security with Palo Alto’s broader product range.
First, Endpoint is about protecting your workstation, mobile, or laptop from the breach to detecting, discovering, and remediation. In this case, CrowdStrike’s Falcon platform provides complete visibility and the company has delivered the highest detection coverage out of the 16 vendors evaluated and is also a leader in ransomware prevention with the best EDR or Endpoint detection and response.
CrowdStrike Falcon Platform (seekingalpha.com)
CrowdStrike Falcon Platform (seekingalpha.com)
Now, Palo Alto’s Cortex XDR (Extended Detection and Response) also offers similar functionality, but, on top, the company integrates network, endpoint, cloud, and third-party data to stop sophisticated attacks. In this respect, investors will note that Palo Alto lays particular emphasis on “integration” as it has expanded from being a mere network device and security provider some 20 years back with its Strata firewalls to now boasting a broad portfolio of products.
These include cloud security with Prisma for mobile phone or branch location users, while Cortex (pictured below) delivers a security operations center (SOC) where a team of qualified engineers monitors and addresses threats on a 24/7 basis. Moreover, with Prisma, there is IAM or Identity and Access Management whereby employees who log in to the network and the task they perform are monitored with a view of ensuring authorized access.
Palo Alto’s Product Portfolio (www.paloaltonetworks.com)
Palo Alto’s Product Portfolio (www.paloaltonetworks.com)
Also, in the age of ChatGPT’s AI, the company’s IT protection devices also incorporate ML machine learning in order to be proactive and detect the latest threat through continuous learning by surfing through the network’s traffic.
This amounts to end-to-end capability, and, as a result, Palo Alto is able to benefit from something called “vendor consolidation”, whereby instead of choosing individual vendors for every type of solution like a firewall, endpoint protection for mobile and IoT devices, or application security, customers can opt for a single one. On top, the company can also rely on its decade-old of experience as an IT networking provider.
Detailing further, during times of high inflation when cost savings takes all its importance, with cybersecurity remaining essential, it is better to have experts who can do a bit of everything instead of hiring individual consultants for each area of expertise. Again, if your engineers already manage the client’s corporate network, you (meaning Palo Alto) are in a better position to propose solutions adapted to their specific needs.
At this stage, it makes sense to analyze the financial aspect of how a broad portfolio competes against product leadership.
Here, according to a report by Canalys covering sales by the top cybersecurity plays during the fourth quarter of 2022, the top three vendors were Palo Alto, Fortinet (FTNT), and Cisco (CSCO). The research firm further estimates that Palo Alto has won the top spot with a 7.9% market share in front of Fortinet’s 6.8%.
Exploring further, Palo Alto garnered $5.5 billion of sales in 2022 compared to $2.24 billion for CrowdStrike whose growth rate has been much better or 257% during the last three years as pictured below. In contrast, Palo Alto has grown at a much lower pace of 90% but which is still considerable given its higher scale.
On the other hand, as shown in the orange chart above, Palo Alto has enjoyed a 685% rise in FCF (free cash flow) during the same period, which is simply phenomenal considering that it has grown mostly inorganically and spent over $4 billion on 17 acquisitions. Now, given the level of integration needed to merge different companies together with the various functionalities using the platform approach, the company’s gross profit margin of 69.77% as pictured below, which is only a few percentage points behind CrowdStrike denotes a high level of optimization.
Metrics Comparison Table (www.seekingalpha.com)
Metrics Comparison Table (www.seekingalpha.com)
To be fair, CrowdStrike has also been able to generate a high level of revenue growth of 54.4% or more than double its peer which shows that it has been able to significantly increase penetration of its Endpoint protection in the cybersecurity market. However, its negative net income margin shows that it is spending heavily on SG&A (sales general and administrative) expenses or 54.51% of its revenues during FY-2022 which ended in January 2023.
For Palo Alto, this value was less or 45.11% during its last fiscal year and, with more cross-selling opportunities across its broad portfolio and larger customer base, it certainly has more leeway to optimize marketing costs in 2023.
Stressing again on the cash metric, cracks have started to appear on the liquidity front with banks being under considerable stress as a result of unrealized losses due to the devaluation of long-dated treasuries as part of their overall assets, caused by rising interest rates. Thus, one of the most important factors to consider is FCF where Palo Alto has beefed up its annual figures from $52.7 million in fiscal 2013 to $1.366 billion for FY-2022 which ended in July last year.
This means that the smaller companies which it has acquired to bolster its product offerings have been largely cash accretive. Conversely, these acquisitions have resulted in a higher debt-to-equity ratio of 542%, but, still, when the long-term debt is divided by total capital, it comes to only 5.85% as pictured above, signifying that the company is not over-leveraged.
Also, with levered FCF margins of nearly 35%, Palo Alto generates a high level of cash from operations after subtracting for Capex utilized, thereby leaving room for additional capital to be deployed for acquisitions.
PANW Profitability Grade (seekingalpha.com)
PANW Profitability Grade (seekingalpha.com)
Now, with slightly less FCF margins of 32.5%, CrowdStrike still generates a high level of cash but is not profitable, at least based on GAAP net income margin. This profitability factor is a key metric to consider as the cost of doing business remains high, pressured by wage inflation.
CRWD Profitability (seekingalpha.com)
CRWD Profitability (seekingalpha.com)
Regarding the liquidity issue I touched upon earlier, there are fears that this may lead to a recession as there may be a reduction in lending in addition to borrowing costs rising exponentially since early 2022 due to higher interest rates.
Now, a protracted slowdown is normally synonymous with corporate budgets getting tightened up. However, again referring to Canalys, the cybersecurity industry should be spared from the wider slowdown and will continue to generate sales, especially for the top players. To justify their position, the research firm adds that spending on technology and systems related to cybersecurity rose by nearly 16% in 2022 compared to 2021. This is in sharp contrast with global IT spending which contracted by 0.2% in 2022, according to Gartner.
The same cautious optimism was echoed by Palo Alto’s CEO speaking during Morgan Stanley Technology, Media & Telecom Conference on March 7. While admitting that there has been “some pricing pressure” Mr. Nikesh Arora went on to say that there was “no demand reduction in the market”, and that he feels comfortable that there was “no big slowdown”.
As for CrowdStrike’s CEO, speaking during the same conference, he also stated that while “people are still fighting their projects”, they are “still executing on them”. Moreover, Mr. George Kurtz admits that there are still “headwinds in the environment, but he thinks they are “getting in front of the deals”.
In these circumstances, both companies should increment sales in 2023 despite deteriorating economic conditions, also helped by geopolitical tensions remaining high as foreign state actors look to damage the IT infrastructures of America and its allies by perpetrating cybercriminal activities.
Now, for valuation purposes, I have reproduced the rating summary for both companies which shows that they are both overvalued as per the red valuation grades.
Rating Comparison (seekingalpha.com)
Rating Comparison (seekingalpha.com)
However, in a market where cyclical and consumer discretionary names may suffer due to rising recession risks, tech, which relies on cheap credit to drive its higher growth appears as a beacon of hope, as the Federal Reserve will have to be careful when adjusting rates during the next FOMC meeting, or the level of stress in the financial sector may just escalate.
This is the reason that I have a buy rating for Palo Alto, and after being down by 7.64% for the last year, the stock could climb again to the $206.2 level. On the other hand, despite the company being more than 40% down in the last year and analysts having Buys and Strong Buy ratings, I have a hold rating on CrowdStrike. One of the reasons is that with the task of fighting inflation becoming harder through monetary policy as the Fed now has to also focus on financial stability, it should find it more difficult to attain sustained profitability in the same way as Palo Alto which has a wide product portfolio to drive cross-selling.
Finally, CrowdStrike is the pioneer Endpoint protection delivered through the cloud, and it also has software products for centralized firewall management and for providing visibility into corporations’ cloud infrastructure. Thus, this is a company to put on your watchlist.
This article was written by
Analyst’s Disclosure: I/we have no stock, option or similar derivative position in any of the companies mentioned, and no plans to initiate any such positions within the next 72 hours. I wrote this article myself, and it expresses my own opinions. I am not receiving compensation for it (other than from Seeking Alpha). I have no business relationship with any company whose stock is mentioned in this article.
This is an investment thesis and is intended for informational purposes. Investors are kindly requested to do additional research before investing.
Seeking Alpha’s Disclosure: Past performance is no guarantee of future results. No recommendation or advice is being given as to whether any investment is suitable for a particular investor. Any views or opinions expressed above may not reflect those of Seeking Alpha as a whole. Seeking Alpha is not a licensed securities dealer, broker or US investment adviser or investment bank. Our analysts are third party authors that include both professional investors and individual investors who may not be licensed or certified by any institute or regulatory body.