Fall Quarter 2025 Cyber security update

Posted on the premium boards yesterday…Hope everyone has a great and relaxing Holidays….

Merry Christmas and I finally have some time to put together my quarterly update on cyber security stocks. I am once again looking at PANW, S, CRWD, and ZS. I am also adding NET to the list with a shortened coverage but hopefully will be bringing them up to speed for this update. I have decided to include Cloudflare (NET) because they keep promoting their cybersecurity services and it seems to be a significant and growing aspect of the company business. And I will admit that I also wanted to include them because I have been a long time stockholder with a fairly large position and love the companies long time growth path. If someone wants to argue that it is misplaced in this list, I will listen (but may not take it out anyway! ha ha).
As usual, I will center on the Cloud Cyber Security space as this is the most exciting in terms of growth and future potential and is the easiest to compare across the companies. Also, because PANW has a large traditional firewalled business, that is separated out for this post’s purposes (as I have always done). Clearly this assumption and how to account for it is open to debate and disagreement, but I just do the best I can. So be it.

I will also point out that there are even more interesting companies that I could include but because I don’t want to make this too confusing nor compare apples to oranges, so I am not including Fortinet, Okta or others that it could be argued should be included. If the interest is there I can (or someone can offer to augment this with a follow on post!)

In the past I have kind of side stepped how to value the firewalled version of PANW versus Crowdstrike but with the run up in CRWD and PANW’s lessor performance the comparison has been kind of striking so I will attempt again at a quick comparison by subtraction as you shall see, but that comes later….

With that out of the way, I first will repeat the last four quarter’s comparison of a couple of key aspects, cloud ARR (Annual Recurring Revenue) and said growth rate. The first is important to show overall size of the cloud portion of the business and the second to show how it is growing. Then I will share the most recent quarters results.

Q3 2024 results

Company ARR ($M) % increase(yr/yr)
S………….…….860………………29%
PANW……… 4,500………….….40%
CRWD……….4,020………………27%
ZS …………….2,512………….….26%

Q4 2024 results

Company ARR ($M) % increase(yr/yr)
S………….…….920………………27%
PANW……… 4,800………….….37%
CRWD……….4,240………..……24%
ZS ………..….2,590………….….23%

Q1 2025

Company ARR ($M) % increase(yr/yr)
S………….…….948………………24%
PANW…….… 5,100………….….34%
CRWD……….4,440………..……22%
ZS ………..….2,900………….….23%

NET………….….479……………..27% reported as revenue (ARR not reported)

Q2 ‘2025

Company ARR ($M) % increase(yr/yr)
S………….……1,000………..……24%
PANW…….… 5,600………….….32%
CRWD……….4,660………..……20%
ZS ………..….3,015……….….….22%

NET………….….512……………..28% reported as revenue (ARR not reported)

And finally the most recent quarter for each:

Q3 ‘2025

Company ARR ($M) % increase(yr/yr)
S………….…….1,055……………..23%
PANW……… 5,900………….….29%
CRWD……….4,920…………….23%
ZS …………….3,204………….…26%

NET………….….562……………..31% reported as revenue (ARR not reported)

Almost identical to last quarters commentary, is the total consistency of the industry. The growth rates are high but interestingly this quarter it looks like the slow descent in ARR growth is bottoming out and even starting to rise for some with S and PANW continuing with the slow drop and CRWD and ZS actually rising slightly. PANW is still in the lead but ZS is closing the gap and CRWD promising more growth going forward. Looking at PANW specifically the last 5 quarters year over year growth rates were: 40 37 34 32 and 29%. Amazingly consistent(and yes still slowly dropping). Still not included in this quarter is the inclusion of CYBR results in PANW’s numbers. The actual closing is estimated to be in Q1-Q2 ‘26 timeframe. This should add more growth to their platform as they grew faster than the rest of the industry at 45% yr over yr ARR and $1.34 B, which is not an insignificant 20% of PANWs present size).

So I still like PANW, great growth, very nice earnings and free cash flow with margins in the high 30% range and growing every year. But for the first time in a while, the results of the competitors are getting more interesting. CRWD stated last quarter that their growth rates were growing. I saw earlier estimates of 40%. While clearly this didn’t happen to ARR, it did grow and now that they have lapped the disaster of system shutdowns a year ago summer, so it appears they have come out of that very well due to excellent CEO handling of the issues. It will be interesting to see how the next quarter or two show up.

I did get a comment on my last quarterly summary that the acquisitions by S and others will cause issues with direct comparisons. I agree, but it becomes difficult to account for this accurately without talking about market size of the companies which adds a whole new complexity to the story. I may have to leave this to the reader as the teachers liked to say in college.

And since I have added NET to this summary, a couple of sentences on their results. As I said, I like them and they are one of my bigger positions overall due mostly to their stock price appreciation but as you can see, they are a good sized company, estimated ARR over $2B and growing at a substantial and growing rate! To be fair, cybersecurity is only one leg of a 3 legged stool of the companies products but it is all around cloud internet services so I am (rightly or wrongly) thinking it is a reasonable comparison and getting better as the cloud cybersecurity continues to grow. An interesting stock if you are not familiar.

Finally, I will update my comparison in market cap between CRWD and PANW. As of today’s prices CRWD has a market cap of $120 B and PANW’s market cap is $131 B. So you are paying only a 10% premium for PANW, but PANW’s ARR is still 20% greater and it’s growth is 20+% greater as well so the cloud cyber security portion should be worth more and that is before you add back in the very profitable fire walled business. It seems like this is still very undervalued in comparison.

So I am very comfortable having bigger position in PANW than CRWD. It will be interesting to see how CYBR adds to their story and also how CRWD’s announced increased ARR adds to theirs. It is also hard to ignore NET’s continued growth.

But truthfully, in the end, this industry is a little bit of an embarrassment of riches. All of these companies are doing great and seems to have a bright future because it is hard for me to imagine a world where this doesn’t continue to grow in importance over time. And if you look at the last 4 quarters for all of them, the growth is really amazingly consistent.

Me, I own shares in both CRWD, PANW and NET and don’t plan on selling them anytime soon.

What are your thoughts?
Randy
PANW Tickerguide and long PANW, CRWD and NET

I own hands-off positions in CRWD, NET, RBRK and ZS, and a tiny bit of PANW, but just started a small position in a newer IPO, Netscope (NTSK) whose main competitors are ZS and CSCO. NTSK is a SASE company with 33% revenue growth and 34% ARR growth, 118% NRR, and strategic partnerships with MSFT. Gartner ranks them first in Essential SSE, SaaS Enablement and Privagte Application Access. NTSK beat ZS in 5 out of 6 use cases. They are facing tough competition and not close to profitability yet, but they seem to have the most upside potential, being at only a $7 billion market cap.

Thanks for the update Randy - I agree that the steady as she goes story is now getting a whole lot more complicated and both the understanding and comparison of the existing players in view as well as the entire cyber security market definition needs a broader and deeper perspective.

I don’t work in the cyber security industry and although I have been an investor in the space for over 20 years, there are plenty of folks on this board with far superior credentials that could add a ton more value than I am going to be able to.

Market Definition - Overall Forces At Play

Broader Perspective:-
Historically, understanding the industry was relatively simple. You had the original now legacy players (think Checkpoint, Cisco, McAfee etc), you had the next generation players that were a mix of hardware & software and built out of on prem/network based deployment (Palo Alto, Fortinet etc) and finally you had emerging cloud native players (ZScaler, Sentinel One etc).

Additionally and certainly thanks to the Palo Alto’s self interest to propagate the narrative, you had platform based players (e.g. Palo Alto) vs best of breed point solution players (e.g. CyberArk). As the “platformisation” story took hold then whether it be the constant folding in of additional platform elements (Palo Alto) or build out from a genuine single platform origin (Crowdstrike or Sentinel One), the name of the game became creating additional modules, building out the platform and increasing the TAM.

Whether it be through genuine adjacencies however or whether it be due to too myopic a viewpoint this is getting potentially disrupted or at least a whole lot more complicated.

First in terms of adjacencies - clearly certain markets are absolutely connected to and are either critical to or fundamentally rely on cyber security, for instance… data and the data cloud, cloud infrastructure, cloud based applications and AI agents.

Whilst some of these adjacencies have been targeted by the existing cyber security players, (e.g. Crowdstrike and infra/applications, Rubrik and data, CyberArk and agentic AI identity), it has made cyber security now a target market for outside players extending into cyber security as critical needs and use cases converge. Hence - Cloudflare now offering cyber security solutions as Randy identifies, but also a number of other players in the infrastructure or DevSecOps space (e.g. Datadog etc).

Second in terms of the myopic platform definition; whilst the existing players can argue over how genuine their platform vision, approach and execution is, this is starting to miss the bigger picture. Palo Alto or Crowdstrike might argue who has the most modules and best platform offering but it ignoring some giant platforms out that are either just as established or maybe even dwarf them.

To start with the hyperscalers with their IaaS and PaaS, have been operating platforms forever and are getting more and more aggressive in the cyber security space not to mention Microsoft with its pre-existing cyber security software presence. On top of that you have platforms in adjacent markets of similar or greater scale - Datadog in observability, Salesforce and ServiceNow with their SaaS platforms, Cloudflare in cloud/edge infrastructure etc all of which are moving into data and cyber security with substantial pre-existing enterprise platforms at scale and representing potential disruptive threats to the cyber security pure play operators.

Deeper Perspective:-

As though needing to consider new players and market adjacencies wasn’t enough, there are a number of fundamental shifts happening within the existing market that makes for a Business As Usual view of existing player ARR comparisons no longer sufficient in reflecting what is taking place.

Firstly, as the players build out the portfolio of solutions to their platforms, there is the need to watch the attach rates of new modules and their uptake together with adoption of whole new layers (e.g. AI security). As cloud based players move from their origin state to a broader portfolio and reach a certain scale the expand becomes as critical as the land.

Secondly, players are needing to identify and address new threat vectors and shifts in market forces or risk missing massive TAM enhancing opportunities (e.g. data streaming, AI agent identity etc)

Thirdly, these market opportunities potentially require a shift in revenue models including shifting to consumption based approaches, (e.g. AI Agentic AI security vs seat/endpoint device based security) and with that adoption of larger/longer consumption based flexible contracting frameworks)

Fourthly there is the uptick in M&A taking place. Some of these acquisitions are bringing in revenues that juice revenue and growth numbers as like for like comparisons are made more complicated (e.g. CyberArk for Palo Alto); others are more capability building and represent new sources of growth but might still allow for like for like YoY comparisons (e.g. the last 2 SentinelOne acquisitions - Observo AI and Prompt Security).

Lastly, then you get into all the fun stuff comparing ARR growth rates vs other leading indicators such as RPO/Billings etc. For this to be handled appropriately, one needs to understand the underlying business model and what is best/most reflective.

Understanding the Existing Players

Well we know that all the players under comparison are building out modules and commenting on attach rates. Some have introduced AI layers that are complimentary to and penetrating existing and new clients deployment e.g. Purple at SentinelOne.

On the flexible consumption/contracting model front, certainly Crowdstrike and SentinelOne have introduced new flexible longer/larger enterprise contracting frameworks (e.g. SentinelOne’s Flex).

Clearly there have been plenty of acquisitions announced that are already impacting like for like YoY + sequential growth comparisons - ZScaler had Avalor and Red Canary which showed up in the reaccelerating in the latest numbers, SentinelOne acquired smaller players with immaterial revenues and then we have Palo Alto taking out CyberArk.

We also have a clutch of focused players e.g. Rubrik and SailPoint as well as new IPOs like Netscope to line up and consider. Some of these are ploughing furrows in high growth emerging spaces (e.g. Rubrik), some are offering competing platform level solutions (e.g. Netskope in SASE).

Overall Takeaway
To be honest all of these complexities do not deter me from investing in Cyber Security but does mean that to make the best investing decisions I would need to keep a closer eye on and understand the space more than I did previously.

Ant

I am trying to rebalance and move some money back into SaaS stocks for 2026. SaaS stocks have been a 2025 laggard with all the AI boom stocks taking the limelight and momentum investors. NET has been the exception and ZS has not recovered from the recent Q4 pullback. I still believe that the AI is an arms race and not a bubble. But I would like to be more distributed with my 2026 bets. This means I have had to sell ‘a little’ of my AI hardware stocks; NBIS and NVDA.

I have bought RBRK and NTSK.

RBRK - Rubrik, the leading provider of cloud data backup for companies, is growing revenues by about 54%. Right now is killing it with little competition from the big boys. This is because RBRK is in a niche segment of cybersecurity, at least for awhile. It’s stock price has been unremarkable +15% over the last 12 months, and it’s non-GAAP gross margins have grown from 75% to 81%. The stock shot up to ~$90 after a great ER report a couple weeks ago and now has fallen to under ~$80. I’ll be buying some more and will be watching in the next ER to see if their non-GAAP net losses have improved proportionally with the revenue increases.

NTSK - Netskope has evolved from CASB to SSE to SASE over the past few years through acquisitions and aggressive development. This was necessary to have their platform stay relevant against top competitors NET, PANW, and ZS. NTSK continues to be a top leader per Gardner Magic Quadrant. NTSK is a mini ZS growing ARR at a slightly faster pace than NET and ZS. NTSK started out as a just a Cloud Access Security Broker (CASB), a middle-man service between enterprise users and the enterprise servers that they use on a day-to-day basis. This location in the middle allowed enterprises to gain visibility into SaaS app usage patterns. The 2026 catalyst to NTSK (and NET and ZS) should be the explosion in agentic AI app traffic that needs securing. All boats should float in this segment. I see NTSK being smaller but growing faster than ZS. Dunno about NET as it is so formidable at the network edge. NET is always just too expensive, blablabla but may be a better safer bet. NTSK had its first public ER a couple weeks ago after an October IPO. The stock shot up to ~$22 and now has fallen to under ~$19. I’ll be buying some more and will be watching in the next ER to see if their non-GAAP net losses have improved proportionally with the revenue increases. I do not think Wall Street has taken notice of this stock yet. BTW Muji has a nice deep dive NTSK review on his web site.

-zane