Year end 2025 Cyber security update!

Posted this on the premium boards a couple days ago……

It is time once again for my scintillating cyber security industry update. I am once again looking at PANW, S, CRWD, ZS and lately NET. I have decided to include Cloudflare (NET) because they keep promoting their cybersecurity services and it seems to be a significant and growing aspect of the company business. And I will admit that I also wanted to include them because I have been a long time stockholder with a fairly large position and love the companies long time growth path. If someone wants to argue that it is misplaced in this list, I will listen (but may not take it out anyway! ha ha).
As usual, I will center on the Cloud Cyber Security space as this is the most exciting in terms of growth and future potential and is the easiest to compare across the companies. Also, because PANW has a large traditional firewalled business, I have separated that out for this post’s purposes (as I have always done). Clearly this assumption and how to account for it is open to debate and disagreement, but I just do the best I can. So be it. I will also add now that because NET doesn’t report annualized ARR I have estimated it by taking the latest quarter’s revenues and multiplying by 4. Not perfectly accurate but the best I can do and allows us to compare the size of the businesses.

I will also point out that there are even more interesting companies that I could include but because I don’t want to make this too confusing nor compare apples to oranges, so I am not including Fortinet, Okta or others that it could be argued should be included. If the interest is there I can (or someone can offer to augment this with a follow on post!)

In the past I have kind of side stepped how to value the firewalled version of PANW versus Crowdstrike but with the run up in CRWD and PANW’s lessor performance the comparison has been kind of striking so I will attempt again at a quick comparison by subtraction as you shall see, but that comes later….

With that out of the way, I first will repeat the last four quarter’s comparison of a couple of key aspects, cloud ARR (Annual Recurring Revenue) and said growth rate. The first is important to show overall size of the cloud portion of the business and the second to show how it is growing. Then I will share the most recent quarter’s results.

Q4 2024 results

Company ARR ($M) % increase(yr/yr)
S………….…….920………………27%
PANW……… 4,800………….….37%
CRWD……….4,240………..……24%
ZS ………..….2,590………….….23%

Q1 2025

Company ARR ($M) % increase(yr/yr)
S………….…….948………………24%
PANW…….… 5,100………….….34%
CRWD……….4,440………..……22%
ZS ………..….2,900………….….23%

NET………….….1916……………..27% reported as revenue x4 (ARR not reported)

Q2 ‘2025

Company ARR ($M) % increase(yr/yr)
S………….……1,000………..……24%
PANW…….… 5,600………….….32%
CRWD……….4,660………..……20%
ZS ………..….3,015……….….….22%

NET………….….……2048……..28% reported as revenue x4 (ARR not reported)

And finally the most recent quarter for each:

Q3 ‘2025

Company ARR ($M) % increase(yr/yr)
S………….…….1,055……………..23%
PANW……… 5,900………….….29%
CRWD……….4,920………….….23%
ZS …………….3,204…………..…26%

NET………….….2248……………..31% reported as revenuex4 (ARR not reported)

Q4 ‘2025

Company ARR ($M) % increase(yr/yr)
S………….…….1,120……………..22%
PANW……… 6,300………….….33%
CRWD……….5,250……….…….24%
ZS …………….3,360….……….…25%

NET…………….2460…………..34% reported as revenue x4

Almost identical to last quarters commentary, is the total consistency of the industry. The growth rates are high but interestingly this quarter it looks like the slow descent in ARR growth is bottoming out and even starting to rise for some with S and ZS almost flat (1% decline) and CRWD, ZS, and PANW actually rising. PANW is still in the leadand actually grew a decent amount more than the others except NET who also showed a nice increase to stay ahead of PANW. Looking at PANW specifically the last 4 quarters year over year growth rates were: 37 34 32 and 29% before this quarter’s 33%. As a share holder, you have to like the nice rebound. Still not included in this quarter is any inclusion of CYBR results in PANW’s numbers. The actual closing is estimated to be in Q1-Q2 ‘26 timeframe. This should add more growth to their platform as CYBR grew faster than the rest of the industry at 45% yr over yr ARR and $1.34 B, which is not an insignificant 20% of PANWs present size).

So I still like PANW, great growth, very nice earnings and free cash flow with margins in the high 30% range and growing every year. But for the first time in a while, the results of the competitors are getting more interesting. CRWD stated last quarter that their growth rates were growing. I saw earlier estimates of 40% and they reported the comment of “Net new ARR grows 47% year over year”. I don’t know how to take this as clearly this didn’t happen to ARR overall, it did grow. And now that they have completely lapped the disaster of system shutdowns a year ago summer, so it appears they have come out of that very well due to excellent CEO handling of the issues. It will be interesting to see how the next quarter or two show up.

And since I have added NET to this summary, a couple of sentences on their results. As I said, I like them and they are one of my bigger positions overall due mostly to their stock price appreciation but as you can see, they are a good sized company, estimated ARR at almost $2.5Bmand growing at a substantial and growing rate! To be fair, cybersecurity is only one leg of a 3 legged stool of the companies products but it is all around cloud internet services so I am (rightly or wrongly) thinking it is a reasonable comparison and getting better as the cloud cybersecurity continues to grow. An interesting stock if you are not familiar.

Finally, I will update my comparison in market cap between CRWD and PANW. As of today’s prices CRWD has a market cap of $112 B and PANW’s market cap is $135 B. So you are paying a 21% premium for PANW, but PANW’s ARR is 38% greater so essentially the ARR portion of the companies are equivalent (at best) and that is before you add back in the very profitable fire walled business. It seems like this is still very undervalued in comparison.

So I am very comfortable having bigger position in PANW than CRWD. It will be interesting to see how CYBR adds to their story and also how CRWD’s announced increased ARR adds to theirs. It is also hard to ignore NET’s continued growth.

But truthfully, in the end, this industry is a little bit of an embarrassment of riches. All of these companies are doing great and seems to have a bright future because it is hard for me to imagine a world where this doesn’t continue to grow in importance over time. And if you look at the last 4 quarters for all of them, the growth is really amazingly consistent.

Me, I own shares in both CRWD, PANW and NET and don’t plan on selling them anytime soon.

What are your thoughts?
Randy
PANW Tickerguide and long PANW, CRWD and NET

I’m surprised you didn’t address the AI elephant in the room. Even if you think it’ll have little to no effect, I believe it has to be evaluated and discussed.

I think there are 4 ways AI is disrupting software products:

1. For SaaS products sold by the seat, customers will use AI Agents to run the SaaS products. Not necessarily replacing all human use, but in many cases fewer total seats will be necessary. That reduces licensing fees to the providers. Yes, some providers already have a consumption-based model (Snowflake, DataDog), and some are starting a transition to a “hybrid” seat-consumption model (ServiceNow), but transitions take time and aren’t necessarily smooth, and some SaaS companies will struggle getting off the per seat licensing model.

2. What we saw 20 years ago was the rise of SaaS to disrupt on-premise Enterprise software. This disruption didn’t put SAP, for instance, out of business, but almost all of the growth in that market went Salesforce and similar SaaS companies. My prediction is that AI will do to Salesforce what Cloud Computing did to SAP. We will see startups in every SaaS space that are “AI Native,” meaning their implementation uses and is based on AI from the get-go, rather than something added on as a new feature. SAP certainly went to the cloud, yet despite being the entreched 800-lb legacy gorilla, Salesforce still won.

3. Some light users of SaaS as well as some sophisticated tech-savvy companies will decide to implement their own replacements using AI development. Yeah, Coca-Cola isn’t going to write their own human resources or security stack, but just as we’ve seen the Frontier AI companies (OpenAI, Anthropic, Google, Meta, xAI) release products that are not directly in their line of work, such as Anthropic’s legal tool for reviewing contracts, I’m here predicting that on of these companies (probably OpenAI) will release something for website monitoring/observability, since that is something near and dear to their survival and they spend a ton of money each month on it. They certainly have the data, and there are already standards for code instrumentation that AI could insert.

EDIT: I forgot to include another example. This video claims “Snowflake fired Salesforce,” :
“They bragged how they’re saving $5million by vibe codeing their own CRM internally, and they are doubling down on this by offering it to clients of theirs and showing them how to do it, too.”
That said, the transcript of the Snowflake ER Call doesn’t mention Salesforce, nor replacing what they were previously using, and only says “millions,” not “5 million.” From the call:

we have built agent capabilities that help our sellers prioritize accounts, automate research, and generate personalized outreach, projected to recoup the equivalent of 90 full-time engineers of productivity this year. Our finance team is working on automating travel and expenses analysis, proactively curbing out-of-policy behavior—an initiative that is expected to drive millions in annual savings. And we are seeing this transformation within our customers as well.

So, that aligns, but doesn’t explicity support the claims in the video. Nevertheless, it’s apparent Snowflake is using its own AI coding tool to create at least some the CRM services it needs.

4. Some services will have their TAMs decimated because AI doesn’t make the same mistakes humans do. Tools to catch human coding mistakes, for instance, now need to shift over to catching and fixing AI coding mistakes. Depending on the area, this may or may not be easy.

So, now which of these, if any apply to our security companies?

I’m not in-depth security company knowledgeable, but I think the above framework is a good start for evaluation. The one thing I feel sure about is that the numbers alone for the past two years provides little assurance about the years to come.

Thanks Randy for the usual coverage.

It’s interesting you bring Cloudflare into the equation. I also consider them now a cybersecurity player given that:

1. The company is positioning itself as the security layer for the “Agentic Internet,” with high-value contracts (like a recent 3-year, $22.8M deal) highlighting AI capability as a key deciding factor for customers.

2. Cloudflare holds >80% share of the global DDoS and bot protection software market, representing a massive portion of its security-related income.

3. Cloudflare is a considered “Visionary” in the Secure Access Service Edge (SASE) market, with its Zero Trust suite driving significant enterprise adoption

However I have never seen them associate any kind of revenue breakout to their cybersecurity line of business although in their earnings presentation Zero Trust makes up about 25% of their TAM but then DDOS, Threat Intelligence and email security and intrusion protection is distributed across other segments (Network services and application services). I would be reluctant to attribute all of their revenues to cybersecurity.

As previously mentioned, whilst ARR (and New ARR) is the key metric; RPO is also highly instructive. Some of the acceleration we are seeing and some areas of differentiation can be found in the RPO metrics. Cloudflare grew RPO 48% in their last quarter for instance.

You mentioned inorganic revenue boosts - I don’t actually find that helpful to look at anticipating Palo Alto’s ARR growth uptick coming from its acquisition of Cyberark or anything else unless one can look at a like for like basis. BTW the latest CyberArk ARR growth rate plummeted right before acquisition so that looks a little concerning there. (ARR dropped from 45% growth the previous Q to 23% in the latest).

Smorg - turning to your points, whilst we are all looking at how Agentic AI is going to disrupt software, this is partly a build or buy question as well as priority point. I personally don’t see companies building their own cyber security platforms - quite the reverse they often buy several in a belt and braces approach as cybersecurity is massive threat and a priority they cannot take risks with.

Whilst I do not necessarily think Agentic AI represents a disruptive threat to cyber security specifically, I do think some cybersecurity players are better placed to take advantage of the opportunity that the Agentic AI threat vector or demand vector represents. In particular, Cloudflare is one - we are seeing that already but so is Rubrik and to a degree AI/Cloud native SentinelOne.

Ant

OK, but what about the other 3 potential AI disruption scenarios? Namely:

1. Reduced per-seat usage.
2. Agentic management of security platforms
3. Startups entering the security space with AI Native solutions displacing legacy providers

I would think the different legacy providers today are exposed in different amounts to these risks. For instance, Cloudflare has its Workers product running Agentic workflows today. Crowdstrike recently implemented a “Falcon Flex” pricing program to enable customers to shift payments across the different modules Crowdstrike offers, which strikes me as a response to a changing security needs market.

I’m not saying these are bad investments, just that change is coming. Whether that change is 6 months or 6 years away I don’t think anyone really knows yet, and whether legacy security companies will adapt in time or not is also a question. They may.

Hi everyone,

I have not posted on this board for a short five years or so, but as an investor in all companies mentioned, I wanted to share some thoughts on the recent expansion of the partnership between SentinelOne and Cloudflare announced yesterday (March 16, 2026). I see this as a significant move that shifts the landscape for the five companies mentioned in this thread.

The core of this deal is the integration of NET’s Logpush telemetry directly into S’s Singularity AI SIEM. By combining NET’s network edge data with S’s endpoint protection and “Agentic AI,” they’ve created a more automated, unified security layer.

Key benefits:

• Real-time Zero Trust:
  • NET can now use S’s device health signals to make instant access decisions
• Automated Response:
  • The system can now automatically neutralize threats as they move from the web into the internal network.
• Validation:
  • NET officially replaced a legacy provider with S in a seven-figure deal.

How might this partnership impact competition?

It seems that this partnership specifically targets the “closed-garden” approaches of larger rivals.

1. S & NET: These two are now tightly coupled. By offering a “best-of-breed” integrated stack, they are making it harder for customers to feel they need a single-vendor platform. NET is seeing ARR growth (estimated at 34% recently), and S is leveraging this to hit its $1.2B FY2027 revenue targets.
2. CRWD: This is a direct shot at CRWD’s Falcon platform. While CRWD remains a leader, the S/NET alliance provides a modular alternative for enterprises that don’t want to be locked into the CRWD’s ecosystem.
3. PANW: PANW has been leading with its “platformization” strategy. The S/NET partnership mimics a unified platform without the vendor lock-in, challenging PANW’s high-margin firewall and cloud security dominance.
4. ZS: As a leader in Zero Trust and SSE, Z now faces stiffer competition. The deep integration between NET’s network and S’s endpoints creates a seamless Zero Trust architecture that directly competes with Z’s core value proposition.

Overall, the industry is showing consistent growth, but this S/NET alliance is a clever strategic move to consolidate market share against the “Big Three” (PANW, CRWD, ZS).

Hi Assiduous - well spotted (and welcome back to the board)…

Sailpoint also announced a partnership extension with AWS this week…

SailPoint, Inc. (Nasdaq: SAIL), a leader in enterprise identity security, and Amazon Web Services (AWS) today announced a new multi-year strategic collaboration agreement (SCA). This agreement builds on their initial long-standing relationship and establishes SailPoint as a preferred identity governance solution for agentic AI builds on AWS. As part of this collaboration, the two companies intend to expand on their existing SailPoint Agent Identity Security partnership and develop a unified governance layer to manage all identities, human and non-human, that interact with AWS services…

Hi Smorgasbord - honestly these 3 points don’t worry me or not yet.

1. Most of the companies have already transitioned to consumption and flex based models (addressed in an earlier quarterly review thread)
2. No-one is going to leave agents to manage their security, the inverse - they will need layers of security to manage Agents. Of course will platforms use Agentic AI - yes but again to their benefit not threat
3. Not seeing that yet and it’s also why I am still interested in SentinelOne as it is AI native to a degree. We will see but again, security is too important to leave to either home brew or start up players. Either the platforms will buy them (as PANW is doing) or customers will continue to adopt belt and braces to be safe and buy multiple solutions to play safe.

I might be completely wrong on this but that’s how I am seeing things.
Ant

Hello all, and I love the many and detailed responses in a very short period of time.

In terms of AI. Heck that’s a concern for everyone although my simplistic mind thinks that cyber security is one thing you don’t want to try to do on your own. It seems definitely true that you may benefit from AI making your tools more effective though. It seemed to me that the cyber security companies were getting hit for AI concerns when if anything, the growth of data centers and AI may be a wind at their back.

But honestly, I am going to pull a “Saul” here and say, I am not an expert in this field at all. It seems like many people here know more than me so I just keep trying to follow the numbers and make sure the growth and cash flows are increasing over time. And so far they are!

Thanks for all the input. The varied opinions are what makes these boards so great.

Randy

PS: although I will say it does surprise me that I seldom see anybody on here say they own PANW in this group when from both a growth, free cash flow and value perspective they seem to be the best of the bunch….

Fully agree. #3 SentinelOne was supposed to be an AI native replacement, but they’re still struggling to compete with PANW/CRWD/MSFT despite an (according to some) superior product.

Why would a new start-up suddenly be able to take significant market share? I am not seeing it. As if the incumbents can’t use AI to enhance its security products.