 From theCUBE Studios in Palo Alto in Boston, bringing you data-driven insights from theCUBE and ETR. This is Breaking Analysis with Dave Vellante. It's been an interesting month in the cybersecurity space. The sector has been somewhat less affected by budget tightening these past 20 foreign months. And at the same time, it's benefited from AI tailwinds. But in the past several weeks, we've seen some separation in key high-flying cybersecurity names, specifically, Palo Alto shocked the street with a $600 million Billings shortfall forecast last month and sounded the alarm that there were cracks in its consolidation strategy. This dragged down other consolidation players in sympathy, namely CrowdStrike and Zscaler. But our research shows that the dynamics facing these companies is quite different. But particularly know CrowdStrike's earnings print highlights the company's impressive momentum while recent negativity around Zscaler is a bit of a headscratcher for us, which we'll try to explain. Hello and welcome to this week's theCUBE Research Insights powered by ETR. In this Breaking Analysis, we take a more narrow look at the information security space and dig deeper into the continued success of CrowdStrike. With recent survey data from ETR, we continue to advance our premise that platforms beat products and we identify several levers that are powering CrowdStrike's path to $5 billion by fiscal year of 26 and to $10 billion by the end of the decade. Now, if you take a look at the stock market, we've seen some really interesting trends. In the last four months, there's been some divergence, but since early 2022 and into most of 2023, CrowdStrike, Zscaler and Palo Alto Networks, three high flyers and three consolidators all exhibited pretty quality performance trading in similar patterns. So they were pretty closely aligned. As well, through the second half of 2023, they significantly outperformed the NASDAQ, as you can see here in the orange line. In fact, on February 15th, the week before Palo Alto's earnings, CrowdStrike was trading at 157% above its March 8th, 2022 level. Zscaler was up 120% and Palo Alto up 95% while the NASDAQ was only up 37%. Now, what we saw was Palo Alto surprised the street to the downside, they hit their quarter, but their forecast had some concern. So on February 21st, after the close, Palo Alto announced its earnings and while it beat investors who normally used to Palo Alto's consistent and predictable performance, heard about a delayed or perhaps lost government contract that took down fiscal year 24 buildings guidance by 600 million at both ends of the guide range. This is directly gonna hit the income statement and not surprisingly took the stock down, took down more than 100 points. Now you can see in my tweet the day after the earnings print, I corrected my initial take to reflect this is part of the guide and not the current order. Thunderdome is the Defense Information System Agency or DEESA's Zero Trust Network Architecture Project. Palo Alto had reallocated significant resources to that project given the likely event that it would get the deal. But as we've seen with other large government contracts like JETI, remember that things can change quickly. So we wanted to understand what the spending data was telling us and this chart from ETR shows net score or spending momentum on the vertical axis and pervasion or account penetration in more than 1700 respondent accounts. This is just the cybersecurity sector and we've cherry picked some of our favorite names and several of them that compete with CrowdStrike and Palo Alto Networks. Now, what's interesting is that if you look at the basket of cybersecurity stocks such as those in the bug ETF, you'll actually see that unlike CrowdStrike, the C-scaler and Palo Alto are three consolidators, the group is actually traded much more closely with the NASDAQ and it fell behind after the Palo Alto earnings announcement. And as you can see by the squiggly lines in this chart, the entire group, including our three consolidators, have been pushed down on the vertical axis since January, 2022, which is the beginning of this time series. Now, remember anything above 40% on the vertical axis is considered highly elevated. And so you can see everyone was pushed down. The one exception is of course Microsoft, which continues to be ubiquitous and is seen as the good enough security companies with many people who say good enough is not good enough in cybersecurity. And the recent recent announcement of the Russian hacks inside of Microsoft and getting to source code underscore that good enough may not be good enough, but we'll save that detail for another day. The point is in looking at this data, we thought, well, maybe the combination of AI sucking up all the budget and can the continued macro headwinds are gonna have an impact on the entire sector and particularly these other two companies besides just Palo Alto that we've been following quite closely, these consolidators. But so we wanted to keep digging and spending fatigue was the watchword. It sent the shock into the system. So the big topic on the Palo Alto call, one of them anyway, and subsequent discussions at various financial conferences were comments made by Palo Alto's CEO, Nikeshia Roro. He said, the part that is new, so he talked about how demand drivers were great. So despite the many demand drivers that we're seeing we're beginning to notice customers are facing spending fatigue in cybersecurity. That was on 220 after the close. Now we have some other data that we're showing here that tells the story in a bit more detail from the customer side of things. It's a CISO at a mid-sized services company coming out of an ETR round table. This individual said, the pain points that I've had with Palo Alto have always been once they figure out what to sell you they try to figure out how to sell you more. Okay, well that's fair. And what you buy from Palo Alto two or three years works great, it's fine. And then all of a sudden now you gotta spend more to get kind of where you were get back to that baseline. And they've done that over and over again and I think people are quite honestly just tired of that. This individual said this on 216 four days before Palo Alto announced. So kind of interesting confirmation just prior to the earnings print. Now the other tidbit from the Palo Alto earnings was that as part of that spending fatigue Palo Alto was having trouble converting customers consolidating them to its platform. And the problem they cited is that customers they have existing licenses for legacy point products that maybe haven't expired or they're not willing to take a risk on digesting all the modules in a consolidation play at once. So Palo began offering free trials to bridge customers as these licenses expired and it gave more time for customers to absorb the budget hit. Now associated with this consolidation is waning across IT. So what does it mean for cyber? Of course, free trials they're not a new tactic from Palo Alto or others but it is a recently new dynamic that Palo Alto was facing consolidation headwinds. So we look deeper into the data and put together this chart. Try to understand, look if a consolidation is waning what does it mean for stocks? This chart shows the percentage of more than 300 customers in an ETR survey they're actively cutting budget and that said consolidating redundant vendors was the primary means of cutting costs. Now this isn't specific to cybersecurity it's across the entire portfolio. So it hits our heads but note the steep decline from 36% of customers just one year ago, January down to 12% in January 2024. And you can see in my tweet I said this doesn't necessarily mean CrowdStrike and Zscaler are gonna be hit in a similar way that Palo Alto was because their history is much different than that of Palo Alto. Palo Alto was a company started essentially as a hardware company it pivoted in software. It entered many, it had a pivot to the cloud it had troubles doing that more so than those other two and it really has entered many new markets by stitching together a number of acquisitions. You know, very successfully by the way but definitely a heavier transformation challenge than CrowdStrike and Zscaler. Those two companies are also very acquisitive as I said had a much less complicated path to the cloud because of the proximity to the cloud in terms of when they were launched. Much simpler time than did Palo Alto which really struggled and we've reported on that several years ago it struggled with its cloud transformation earlier this decade and then as we expected they figured it out but nonetheless it was a heavier lift. Now we saw that Zscaler they beat they raised but the stock got hit. So this was something we were watching closely waiting for Zscaler and CrowdStrike to announce earnings Zscaler announced you can see here and Silicon Eagles Zscaler announced earnings on the last day of February the 29th leap year and despite a strong print the stock has been under pressure. Why is that? Well, analysts are essentially citing concerns about billing being below the high end of the range. Guidance that is back loaded was another concern and difficult comparisons in the back half. As well Zscaler is really the only pure play vendor in the Sassy space. Sassy stands for secure access service edge as a capability that converges network and security as a service. It's got SD win in there. It's got cloud native security functions. Think gateway security, think brokers, firewall as a service all part of a comprehensive zero trust network access framework and Zscaler signaled that it's going to spend aggressively on go to market to secure a moat as a pure play in the field. Now personally we like that move because it's going to pay dividends in our view down the road. Wall Street is cutting estimates and as a result of these added expenses and so they're taking their price targets down and that's why the stock is getting hit. At least we assume so. That's the explanation that makes most sense to us but again we always like it when a company like Zscaler has conviction. You can see the future and invest in whether it's R&D or go to market or base. We like that because it'll pay dividends in the long run. We think that's a great use of capital and a good capital allocation. Okay, so we got Palo Alto was the big shock. Zscaler announced earnings. I said it was a bit of a head scratcher but kind of squinted through and can explain it. Then CrowdStrike happens. The analyst community was eagerly anticipating CrowdStrike's earnings and wow, did they get a gift? 3.44 billion in ARR, that's 34% growth, better operating margins, free cash flow margins improved and an impressive 66 in the rule of 40 calculation i.e. free cash flow margin plus growth. And so what you're seeing here is a real true platform expansion, true platform expansion that CrowdStrike is demonstrating. And the real metric that's getting people excited that underscores this for CrowdStrike is expansion beyond the core endpoint. People think of CrowdStrike as an endpoint security company. That's how it started. Next generation endpoint security and antivirus going beyond antivirus. Remember George Kurtz came from that warrant. And so he had this vision of a new way to stop the breach that's kind of their mission. Anyway, 25% of its $850 million Q4 ending ARR, which by the way, that was more than double over the previous year. More than 25% came from or 25% came from modules outside of endpoints, specifically cloud, identity and next gen set. And the goal is that by the end of the decade, the non endpoint parts of CrowdStrike's business will comprise half of a $10 billion ARR. That would put CrowdStrike on a path to become a next great software company much in the same way that we've seen in the ascendancy of service now and even before that Salesforce. So this is the power of a platform. CrowdStrike CFO said that new customers are averaging almost five modules. I think it was 4.9 modules when they come onto the platform. And the number of customers deploying five, six, seven and eight or more modules is growing consistently. CrowdStrike gave a number of metrics on that. So there seemed to be hitting on all cylinders. George Kurtz, the CEO of CrowdStrike, he's very fond of saying that these three businesses aligned cloud, identity and next gen SIM are each in and of themselves IPO-able, which is very impressive. Of course, George Kurtz, he ceases the moment here. If you know George Kurtz and I've gotten to know him a bit over the last few years, he doesn't miss a chance to cross the finish line first. Here's what he said on the earnings call. Well, what organizations inevitably realize is that vendor lock-in leads to deployment difficulties, skyrocketing costs and subpar security. The outcome is shelf wear and sunk costs. ELA and bundling addiction become the only way to coax customers into purchasing non-integrated point products. If the organization is trapped in these fragmented pseudo platforms and riddled with bolt-on point products, those are the ones that are suffering from fatigue, essentially implying not us as a really a mic drop moment for George Kurtz on the earnings call. Now, the other little tidbit that we pulled out of that call, which came up a couple of times, was the Dell deal starting to produce results. And this is something that we've been reporting on for a while. Late last December, we touched on it. We picked it up last year at CrowdStrike's Falcon conference. CrowdStrike said that its Dell partnership has produced $50 million of total deal value to date. Now, that's not a lot, but this is in its early days. Dell is standardizing on CrowdStrike's Falcon platform to build its MDR service, specifically targeted at small and mid-sized customers. MDR has managed detection and response. Now, there's a neat capability in the ETR data that lets us investigate overlap between accounts. So in this case, overlap in Dell accounts with CrowdStrike. So what this chart shows is 314 Dell accounts out of those 1,700. And you can see we've selected the client products. And because this deal was done between Daniel Bernard, who's CrowdStrike's chief business officer and Sam Bird, who's Dell's president of CSG, the client group, EC group. So the chart shows net score or spending momentum on the vertical axis and CrowdStrike's overlap in those 314 accounts on the horizontal plane. And this is only SMB accounts, which is what this deal is targeted toward. And you can see we plotted the trajectory, those squiggly lines over the past two years for each or several of the companies, or this one company in this case. And it tells an interesting story. Now specifically, CrowdStrike back in 2022 had 30 Dell SMB accounts, or a 15% overlap in the data set with a very robust net score of 67%, really, really high. And remember anything over 40% is considered highly elevated. But two things happened over the course of two years. First, CrowdStrike, look at it, the net score in these accounts plummeted and it bottomed late last year. Maybe SMBs found it too complicated to deploy and manage their own CrowdStrike instances, or maybe they felt the price was too high, but clearly something needed to change and these two companies got together last year. And the second change is CrowdStrike's penetration went from, despite the decelerating spending momentum, went from 30 Dell SMB accounts to 73, with a 23% overlap up from 15%. So the net score, while CrowdStrike's net score in Dell SMB accounts went from 67% two years ago, or 11 points above the CrowdStrike survey average, dropped to 38%, which is 10 points below CrowdStrike's average. So the performance over the last couple of years has not been stellar in that SMB space, but the fact that CrowdStrike's talking about this partnership gaining momentum tells us the company took action to solve whatever problem it was facing and is now in a much stronger position to compete in that SMB space. Dell is definitely a bellwether and a winner in the SMB marketplace, so we see significant upside there. So let's talk about, let's close out by talking about why CrowdStrike is thriving and look at some of the critical success factors that are powering the outstanding execution of this company. First of all, they're a true platform company. We've said many, many times, platforms beat products. And if their platform comprises a single lightweight agent, same agent for all the models, they've also got agent lists. So they've got a unified data model. It's a unified data platform for years. They've used knowledge graphs, which apply very nicely in security. And so that's rippling through to their AI piece of their business. So that is something that a lot of companies, AI wash, we don't believe CrowdStrike is one of them. They've been in the AI space forever. We reported on that a couple of quarters ago showing their AI journey. We think it's legit. Companies founder-led and very much mission-driven. We've talked about the importance of founder-led companies before. You think about Dell technologies. You think about Oracle. These are mission-driven companies. Of course, CrowdStrike's mission is to stop the breach. They are cloud native. They really pivoted very heavily to the cloud at a point where that was not a heavy lift. Of course, Zscaler is all about cloud. They never had to pivot, but CrowdStrike made those investments early on because they saw the opportunity in cloud. And we see significant upside, as we said in SMB, with the Dell relationship is important because SMBs need help. They generally clearly don't have the resources that large organizations have to combat cybercrime. So CrowdStrike saw this clear opportunity to bring security to the cloud. We haven't talked much about AI, but CrowdStrike is a true AI practitioner as we alluded to a minute ago. As are many other cyber firms, by the way. Cyber is really about a data problem, and AI is all about taking advantage of data, but CrowdStrike has real AI chops in our opinion. It has begun, announced, it's begun shipping. It's Charlotte Gen AI product, which is gonna license on a per endpoint basis, which could be a nice boost to the company's income statement. And we believe the more important piece of this is we think that Gen AI capabilities like Charlotte are gonna transform the security analyst experience and dramatically simplify the many of the manual and really error-prone processes that occur today for the security operations analyst. To CrowdStrike, they are executing on a true platform play better than any firm in the cyber space in our opinion. Its main competitor is Microsoft, and by all accounts that company has an inferior offering to CrowdStrike, that said, again, some customers tell us they're priced out of CrowdStrike and they're forced to go with good enough. But as we saw again today from the news on the Russian hack of Microsoft's platform, good enough may not be good enough in this space. But as cyber more than any of the market, the ROI is much less a function of the CapEx and OpEx costs. Well, those are vital to any ROI calculation. The value of cybersecurity is a reduction in risk and the reduction in corollary expected loss of revenue, expense costs to recover, and of course, reputation. With cyber threats continuing to escalate and the probability of breach near 100%, reducing the impact of a breach by either stopping the breach again, CrowdStrike stated mission or responding as fast as possible because times are compressing and the adversaries are getting faster, they're using AI, they're getting better, but these are the key drivers of ROI and generally organizations are gonna find it's worth every penny. Okay, that's it for now. Thanks to Alex Meyerson and Ken Schiffman who are on production and in our podcasts. Kristen Martin and Cheryl Knight helped get the word out. Social media and in our newsletters and Rob Hoff is our editor-in-chief at siliconangle.com. Remember, all these episodes are available as podcasts wherever you listen, you're gonna do a search breaking analysis podcast. I publish each week on thecuberesearch.com and siliconangle.com. You can email me at david.valante at siliconangle.com or DM me at divalante or comment on our LinkedIn posts and please do check out etr.ai for the best survey data in the enterprise tech business that continue to add more granularity, more features, more companies. This is Dave Vellante for theCUBE research insights powered by ETR. Thanks for watching everybody and we'll see you next time on breaking analysis.