Cybersecurity - CRWD, ZS, RBRK, CYBR, PANW, S, NET

Michael Frazis

30 min read

Sarah: Mike, thanks for doing this. The cybersecurity sector is in an incredibly interesting place right now. We've got the biggest M&A wave in the history of the industry, AI reshaping both the threat landscape and the defense stack, and a broad tech selloff pulling down some of the best names in software. I think there's a lot to unpack.

Mike: Agreed. And I think the starting point has to be the macro picture, because it frames everything else. Gartner is projecting worldwide security spending hitting $240 billion in 2026, up about 12.5% from $213 billion in 2025. Cybersecurity budgets are growing roughly 50% faster than general software spending. That's the tailwind. But here's the nuance — Forrester flagged that budget growth actually slowed to around 4% in 2025, the weakest expansion in five years. So we had an optimization year. The question is whether 2026 re-accelerates.

Sarah: I think it clearly does. The drivers are structural, not cyclical. You've got AI-powered attacks surging — AI-driven phishing is up over 1,200%, deepfake fraud incidents tripled in a single year. Polymorphic malware now accounts for 76% of malware samples. Then layer on the regulatory wave: NIS2 enforcement in Europe, DORA hitting financial services since January 2025, the SEC disclosure rules driving board-level accountability, CMMC 2.0 reshaping defense procurement. CIOs consistently rank cybersecurity as the most defensive line item in their budget — the last thing that gets cut.

Mike: I don't disagree with the secular thesis. My concern is more about where the dollars flow and who actually captures the economics. Microsoft is generating roughly $37 billion in cybersecurity revenue now, growing double digits. They've got 860,000 security customers. The E5 bundle is a wrecking ball for pure-play vendors. The hyperscalers are building end-to-end security ecosystems — Google just spent $32 billion on Wiz, for crying out loud.

Sarah: Which is exactly why the best pure-play vendors need durable competitive moats. And I'd argue several of them have exactly that. Let's get into the names. I want to start with CrowdStrike.

CrowdStrike: The Platform Juggernaut

Mike: CrowdStrike is trading around $380 to $416 as of today — it's been volatile, down over 7% intraday on AI disruption fears — which puts it at roughly a $105 billion market cap. On a forward revenue basis, you're paying about 17 to 18 times next-twelve-month revenue and close to 85 to 95 times forward earnings on a non-GAAP basis. By any traditional metric, this is an expensive stock.

Sarah: But the business is extraordinary. Q3 fiscal 2026 — which they reported in early December — showed $1.23 billion in revenue, up 22% year-over-year, with ARR hitting $4.92 billion, growing 23%. But here's the number that matters most: net new ARR of $265 million, up a staggering 73% year-over-year. That's a record Q3 for them. The business is re-accelerating after the outage.

Mike: Let's talk about the outage, because I think it's actually one of the most instructive things about CrowdStrike's moat. On July 19, 2024, a faulty content update crashed 8.5 million Windows systems globally. Estimated $10 billion in economic damage. Delta is suing them for over $500 million. The stock cratered 24% in two days. And what happened? Gross retention held at 97%. Net new ARR dipped temporarily and then came roaring back — $194 million in Q1, $221 million in Q2, $265 million in Q3. Customers simply could not leave.

Sarah: That's the moat in action. CrowdStrike's Falcon platform is deeply embedded across endpoints, cloud workloads, and identity systems. The switching costs are enormous. You're not just replacing an antivirus product — you're ripping out an entire security operations stack. And the platform consolidation story is accelerating: 49% of customers now use six or more modules, 34% use seven or more, 24% use eight or more. These adoption numbers tick up every single quarter.

Mike: The Falcon Flex model is a brilliant GTM innovation. It gives customers a pre-committed spending envelope with the flexibility to swap modules in and out. Flex ARR hit $1.35 billion, up over 200% year-over-year, with average deal size exceeding $1 million. Over a thousand customers on Flex, with a hundred-plus already expanding their commitments. It lowers friction to try new modules, which accelerates the platform flywheel.

Sarah: And the platform breadth is genuinely impressive now. CrowdStrike has 29 cloud modules spanning endpoint, cloud security, identity protection, Next-Gen SIEM through LogScale, data protection, IT automation, and exposure management. The combined ARR from cloud security, identity, and Next-Gen SIEM surpassed $1.3 billion. They're making a serious push into the SIEM market — Gartner just named them a Visionary in SIEM for 2025 — which is a direct challenge to Cisco-Splunk.

Mike: Let's talk about AI, because this is where the moat gets really interesting. CrowdStrike's Threat Graph is a massive data asset — trillions of security events collected across their customer base, creating a flywheel where more customers generate more data which trains better AI models which produce better threat detection which attracts more customers. Charlotte AI is their generative AI layer on top of this, and they've been rolling out increasingly sophisticated capabilities. Charlotte AI Detection Triage is doing autonomous alert assessment. Charlotte AI Agentic Response is handling incident response workflows. They launched Falcon AI Detection and Response in December — the industry's first unified platform for securing every layer of enterprise AI.

Sarah: And they're tracking 180 prompt injection techniques for securing AI agents, which is a massive emerging threat surface. The partnership with NVIDIA on Charlotte AI AgentWorks — deploying always-on AI security agents at the edge — is forward-thinking. This is genuinely differentiated. The data advantage is nearly impossible to replicate because it compounds over time.

Mike: Here's where I push back. Non-GAAP operating margin hit a record 21% in Q3, and free cash flow was $296 million — a 24% margin. That's good but not spectacular. On a GAAP basis, they're still losing money — $69 million operating loss in Q3 — because stock-based compensation remains elevated. And you're paying 17 to 18 times forward revenue for this. If growth decelerates to the high teens — which is very possible as you approach $5 billion in ARR — this multiple compresses fast.

Sarah: I think the margin trajectory is underappreciated. They're guiding to over 30% free cash flow margin by fiscal 2027. Subscription gross margins are expanding — 81% this quarter, up 100 basis points. As the business scales and SBC moderates as a percentage of revenue, GAAP profitability is on the horizon. And the $1 billion share repurchase program they authorized shows management is thinking about capital returns.

Mike: Fair. My other concern is Microsoft. Defender is bundled with E5 at no incremental cost. For budget-constrained organizations, that's a powerful pull. And Microsoft is investing heavily in its security stack.

Sarah: It's a real competitive factor, but the evidence suggests enterprises use CrowdStrike alongside Microsoft, not instead of it. CrowdStrike's dedicated focus and superior detection rates justify the standalone spend for enterprises that take security seriously. The biggest CISOs I talk to view Microsoft security as table stakes — necessary but not sufficient.

ZScaler: The Zero Trust Pure Play

Mike: Let's pivot to ZScaler. Stock is around $180, down nearly 47% from its 52-week high of $337. Market cap roughly $29 billion, trading at about 8.4 times forward revenue on their guided fiscal 2026 number of $3.28 to $3.30 billion. Forward P/E around 47 times on non-GAAP.

Sarah: ZScaler is one of the most compelling setups in software right now, in my view. Their Q1 fiscal 2026 results in November were outstanding. Revenue of $788 million, up 26%, beating estimates by $15 million. ARR hit $3.2 billion, also up 26%. RPO surged 35% to $5.9 billion. And the free cash flow margin was an astonishing 52% in the quarter. When you add the 26% revenue growth to that 52% FCF margin, you get a Rule of 78 — one of the highest in all of software.

Mike: The 52% FCF margin is seasonally elevated — Q1 is always their strongest cash collection quarter. Full-year guidance is 20% to 26.5% FCF margin, which is still very strong but more normalized. The non-GAAP operating margin was 22%, expanding nicely. But on a GAAP basis, they're still in the red at negative 5%, again because of heavy stock-based compensation.

Sarah: That's the one persistent criticism, and it's valid. But let's talk about the competitive positioning because it's genuinely unique. ZScaler is the only pure-play, cloud-native Zero Trust platform operating at scale. They process over 500 billion transactions per day across 150-plus data centers. The architecture is fundamentally different from legacy network security — it's a proxy-based model where every connection is inspected and brokered. You can't retrofit a firewall into this. It's a complete architectural paradigm shift.

Mike: They're the Gartner Magic Quadrant Leader for Security Service Edge, which is the segment they essentially defined. Eight thousand customers, including 45% of the Fortune 500 and over 120 U.S. federal customers with FedRAMP certification. The competitive dynamics here are interesting — their main rivals are Palo Alto's Prisma Access and Netskope, with Cloudflare and Cisco's Meraki/Umbrella also in the mix.

Sarah: And against each of those, ZScaler has a differentiated positioning. Palo Alto's Prisma SASE evolved from hardware-centric roots — it's a good product, but it wasn't born cloud-native. Netskope is a legitimate competitor, also cloud-native, but ZScaler has significantly greater scale and enterprise penetration. Cloudflare's Zero Trust offering is growing fast but is positioned more as a developer-friendly, performance-plus-security play rather than a pure enterprise security platform. And Cisco's SASE appeals mostly to existing Cisco networking customers.

Mike: What excites me about ZScaler's setup right now — and I'm not usually the one getting excited — is the AI security angle. Their AI Security ARR exceeded $400 million, and they hit that target three quarters early, with growth exceeding 80% year-over-year. They expect to surpass $500 million by the end of fiscal 2026. AI Guard — their product that sits inline between enterprise applications and LLMs to inspect prompts and responses — is securing over 90 billion AI/ML transactions per month. That's a massive, proprietary data stream.

Sarah: The acquisitions are smart too. They picked up SPLX for AI security lifecycle protection — shift-left asset discovery, automated red teaming, AI governance — and Red Canary for managed detection and response with agentic AI workflows. Combined cost was about $692 million, which is material but manageable given the $3.3 billion cash position. And in January they hired a dedicated EVP of Agentic AI Security Engineering, signaling this is a top strategic priority.

Mike: The data moat is real. ZScaler's Zero Trust Exchange generates 20-plus petabytes of data from 500 trillion daily signals. That's the training set for their AI models. More enterprise traffic through the platform means better AI detection, means more value for customers, means more traffic. Classic flywheel.

Sarah: The Z Flex contract model is also worth noting. It's similar to CrowdStrike's Falcon Flex — pre-agreed pricing with flexible deployment. Z Flex contributed over $65 million in TCV in its first quarter, and contracts are extending to four to five years, up from the historical three-year average. That's increasing customer lifetime value and providing better revenue visibility.

Mike: At 8.4 times forward revenue and 47 times forward earnings, with 26% revenue growth and a 52% Rule of 78, I think ZScaler looks like one of the more reasonably valued high-quality names in the group right now. The stock being down 47% from highs creates an interesting entry point. Analyst consensus has an average price target around $318.

Sarah: I agree completely. If I had to pick one cybersecurity stock to own for the next three years, ZScaler would be in the running. The combination of cloud-native architecture, massive data advantage, AI monetization, and expanding TAM from $36 billion in SSE to over $100 billion across users, workloads, and IoT devices is a powerful setup.

Rubrik: The Cyber Resilience Disruptor

Mike: Let's move to Rubrik. This is one of the more polarizing names. Stock is around $54, down 47% from its all-time high near $103 reached last June. Market cap roughly $10.4 billion. They IPO'd in April 2024 at $32 per share, so at least early investors are still in the green, but anyone who bought near the highs is hurting.

Sarah: The financial momentum tells a very different story from the stock price. Q3 fiscal 2026 was a breakthrough quarter. Revenue of $350 million, up 48% year-over-year. Subscription revenue grew 52%. Subscription ARR hit $1.35 billion, up 34%. And for the first time ever, Rubrik posted positive non-GAAP operating income — $10 million, translating to $0.10 EPS against a consensus estimate of negative $0.17. That's a 159% earnings surprise. Free cash flow was $77 million, up almost 400% year-over-year.

Mike: The margin progression is actually remarkable. Non-GAAP gross margin expanded 360 basis points to 82.8%. Subscription ARR contribution margin improved from negative 3.3% to positive 10.3% — a 1,360 basis point swing year-over-year. They guided full-year fiscal 2026 revenue of $1.28 billion and free cash flow of $194 to $202 million. This is a company hitting profitability escape velocity.

Sarah: What makes Rubrik structurally interesting is the market positioning. They're not a backup company — they're a cybersecurity company that happens to protect data. The core insight is that in a world of ransomware and destructive attacks, your last line of defense is your ability to recover your data. Rubrik built a Zero Trust Data Security architecture — air-gapped, immutable backups in a proprietary format that can't be deleted, modified, or encrypted by attackers. That's fundamentally different from legacy backup vendors like Commvault or Veeam who treat backup as an infrastructure problem rather than a security problem.

Mike: The competitive landscape is shifting fast here. Cohesity merged with Veritas's data protection business in December 2024 at a combined $7 billion valuation, creating the largest data protection software provider with about 19% market share, $1.5 billion in ARR, and $1.7 billion in revenue. They're targeting a fall 2026 IPO that could rival Rubrik's valuation. So the competition is consolidating.

Sarah: But Rubrik's growth rate tells you who's winning. Rubrik is growing subscription ARR at 34% versus Cohesity-Veritas at mid-teens. Cloud ARR specifically is growing 53% to $1.17 billion. And Rubrik is expanding the platform aggressively. They launched Identity Resilience in April 2025, securing Active Directory, Entra ID, and Okta environments — and it achieved roughly $20 million in subscription ARR within three quarters, with 40% of identity customers being entirely new to Rubrik. That's TAM expansion in action.

Mike: The AI strategy is ambitious and potentially underappreciated. They acquired Predibase — an AI model fine-tuning platform founded by Google and Uber AI alumni — for somewhere between $100 and $500 million. The thesis is that Rubrik sits on a unique data asset. Every enterprise's backup data is essentially a complete, longitudinal data lake of all their structured and unstructured information. If you can securely enable enterprises to use that data for AI training and retrieval, that's a massive new use case. Rubrik Annapurna, their product for this, integrates with Google Agentspace.

Sarah: And the Rubrik Agent Cloud — announced in 2025 — monitors, audits, and governs AI agent actions with real-time guardrails and an "Agent Rewind" feature to undo unwanted agentic actions. CEO Bipul Sinha is positioning the company at the intersection of data protection, cyber resilience, and enterprise AI acceleration. If they can execute on that vision, the TAM expands dramatically beyond traditional backup.

Mike: At 7 to 8 times forward revenue with 48% reported revenue growth and rapidly improving profitability, Rubrik actually looks reasonably valued relative to growth. The analyst consensus target is around $113, which implies massive upside from current levels. The 47% drawdown from highs creates an interesting setup if you believe in the long-term story.

Sarah: The risks are real, though. They still have $1.1 billion in convertible debt from June 2025. GAAP losses are narrowing but still significant — about $82.5 million per quarter in stock-based compensation. And there's going to be noise around fiscal 2027 revenue growth as material rights revenue declines, though normalized growth should remain strong. But on a risk-reward basis, I think Rubrik is one of the most compelling stories in cybersecurity.

CyberArk: The Identity Leader Gets Acquired

Mike: CyberArk is in a unique position right now because it's being acquired by Palo Alto Networks for approximately $25 billion. The deal was announced in July 2025 — CyberArk shareholders get $45 in cash plus 2.2005 shares of PANW per CyberArk share. The stock is trading around $393 to $407, which implies some deal-risk discount to the implied acquisition value. Shareholders approved in November 2025, and they're still waiting on EU, UK, and Israeli regulatory clearances.

Sarah: Before we get into the deal dynamics, let's appreciate what CyberArk built, because it tells you a lot about why PANW paid $25 billion. CyberArk is the undisputed leader in Privileged Access Management — the original and dominant player in securing admin credentials, root accounts, service accounts, and privileged identities. They've expanded far beyond PAM into a comprehensive Identity Security Platform covering workforce identity, developer access, and crucially, machine identities through the $1.54 billion Venafi acquisition in October 2024.

Mike: The Q4 2025 results — which they reported literally yesterday, February 4 — were solid. Revenue of $372.7 million, up 19%. Subscription ARR of $1.27 billion, up 30%, now representing 88% of total ARR. Record net new ARR of $99 million. Non-GAAP operating margin of 20%. Adjusted free cash flow margin of 34% in the quarter. Full-year 2025 revenue was $1.36 billion, up 36%, with adjusted free cash flow of $318 million.

Sarah: The Venafi deal was strategically brilliant. Machine identities outnumber human identities by 45 to 1 in large enterprises, and that ratio is exploding with cloud, IoT, microservices, and now AI agents. Venafi provides certificate lifecycle management, enterprise PKI, workload identity management, and code signing. As certificate lifecycles shorten from 398 to 90 days and quantum readiness increases complexity, machine identity security becomes critical infrastructure.

Mike: And the Zilla Security acquisition in February 2025 added modern Identity Governance and Administration, filling the gap between CyberArk's PAM strength and SailPoint's IGA strength. So by the time PANW acquires them, CyberArk covers privileged access, machine identity, workforce identity, and identity governance — the full identity lifecycle.

Sarah: The strategic logic of the PANW acquisition makes enormous sense. Identity is the new perimeter — 80% of breaches involve compromised credentials. By adding CyberArk as a platform pillar alongside network security and cloud security, PANW creates arguably the most comprehensive integrated security platform in the industry. And the emerging category of securing agentic AI identities — autonomous AI agents that need privileged access to systems and data — is a massive opportunity that both CyberArk and PANW identified as a key rationale for the deal.

Mike: For investors, CYBR is essentially a merger arbitrage play at this point. You're getting $45 in cash plus 2.2 shares of PANW. With PANW trading around $167, the implied deal value is roughly $45 plus $367, or about $412 per share. CYBR at $400 means you're capturing a 3% spread for what's probably a few months of closing risk. The FTC completed its initial review back in September 2025, and EU and UK approvals are pending. This should close in the first half of calendar 2026.

Sarah: The bigger investment question is whether PANW itself is compelling after absorbing both CyberArk at $25 billion and Chronosphere at $3.35 billion. That's nearly $30 billion in acquisitions to integrate.

Palo Alto Networks: The Platform Emperor

Mike: Let's dig into PANW then. Stock at around $167, market cap roughly $116 billion. Forward P/E about 43 times, forward revenue multiple around 11 times. They report Q2 fiscal 2026 on February 17, so that's coming up fast.

Sarah: The Q1 results in November were strong. Revenue of $2.47 billion, up 16%. NGS ARR — Next-Generation Security ARR, which is their key KPI — hit $5.85 billion, growing 29%. RPO of $15.5 billion, up 24%. Non-GAAP operating margin above 30% for the second consecutive quarter. Adjusted free cash flow of $1.7 billion in the quarter. They have over $10 billion in cash.

Mike: The platformization strategy is what defines PANW's thesis. Nikesh Arora has bet the company on convincing enterprises to consolidate their entire security stack onto the Palo Alto platform — network security through firewalls and SASE, cloud security through Prisma, and security operations through Cortex XSIAM. The numbers suggest it's working: customers with over $5 million in NGS ARR grew 54% year-over-year to 169, and those above $10 million grew 49% to 55. Platform customers have about a 120% net retention rate with low single-digit churn.

Sarah: Cortex XSIAM is the AI-driven SIEM replacement — positioned as the answer to legacy Splunk. It's the fastest-growing product in company history, with 30% growth in Cortex XDR deals over $1 million. AI ARR reached about $545 million, up 2.5 times year-over-year. They also launched Prisma AIRS for AI security and Agentyx AI agents for automating security workflows. And they're developing quantum-safe VPN and encryption modules.

Mike: The concern I have is execution risk. PANW is trying to integrate CyberArk ($25 billion), Chronosphere ($3.35 billion), and run the organic business simultaneously. That's 14 acquisitions since 2019. At some point, you risk organizational indigestion. And the "free-to-fee" platformization approach — offering deep discounts or free trials to drive consolidation — compressed margins in the short term and caused a 14% stock drop last year when investors questioned the strategy.

Sarah: Those are fair concerns. But the financial model is proving out. Non-GAAP operating margins are above 30%. Free cash flow margins are guided to 38 to 39% for fiscal 2026 with a target of 40-plus percent by fiscal 2028. They raised the long-term NGS ARR target to $20 billion by fiscal 2030, which implies a roughly 28% CAGR from today's $5.85 billion. If they execute on that, the stock is cheap at current levels.

Mike: Among the large-cap cybersecurity names, PANW and Fortinet are the only ones that are GAAP profitable. PANW at 43 times forward earnings is expensive but not absurd for a $10 billion revenue company growing mid-teens with 30-plus percent operating margins. The CyberArk acquisition adds identity as a core platform pillar and immediately creates the most comprehensive security offering in the market.

Fortinet: The Profitability Machine

Sarah: Speaking of GAAP profitability, Fortinet literally just reported today — Q4 2025 and full-year results are fresh off the wire. Let me give you the numbers: Q4 revenue of $1.91 billion, up 15%. Billings of $2.37 billion, up 18%, above the high end of guidance. Non-GAAP operating margin of 37%. Full-year revenue of $6.80 billion, up 14%, with non-GAAP operating margin of 35%. Full-year free cash flow of $2.21 billion. They exceeded the Rule of 45 for the sixth consecutive year.

Mike: Those margins are best-in-class. The stock is around $81, market cap roughly $60 billion, trading at about 27 times forward earnings and 8 times forward revenue. They guided fiscal 2026 revenue of $7.5 to $7.7 billion — 10 to 13% growth — with non-GAAP EPS of $2.94 to $3.00, which came in above the $2.79 consensus. The board also authorized another $1 billion in share repurchases, bringing total authorization to $10.25 billion.

Sarah: Fortinet is the anchor tenant of the firewall market with 55% unit market share. The interesting evolution is the SASE transition. Unified SASE billings grew 40% in Q4, and FortiSASE billings were growing over 100% earlier in 2025. They're leveraging the massive installed base of FortiGate firewalls — tens of thousands of customers — and upselling them into FortiSASE for cloud-delivered security. It's a hardware-to-software conversion playbook.

Mike: And unlike ZScaler's cloud-native approach, Fortinet offers sovereign SASE deployments — on-premises or private cloud — which matters for regulated industries and government customers. They were named Google's inaugural Unified Security partner for FortiSASE and FortiGate NGFW. The AI strategy includes integrated solutions with NVIDIA BlueField-3 DPUs for AI data center security.

Sarah: My concern with Fortinet is the growth rate. At 10 to 13% guided revenue growth, they're the slowest grower among the pure-play cybersecurity companies we're discussing. The hardware exposure is a double-edged sword — it drives the margins and the installed base, but hardware revenue can be lumpy and cyclical. J.P. Morgan flagged DDR4 memory cost surges driven by AI demand as a potential margin headwind for firewall hardware.

Mike: That's the classic Fortinet debate. You're getting best-in-class margins, a massive $10 billion capital return program, and a stock down 31% from its highs. The forward P/E of 27 is actually reasonable for a company with these margins. But you're paying a fair price for modest growth. If you're a growth investor, this doesn't move the needle. If you're a quality compounder, it's interesting.

Sarah: I think the SASE conversion cycle is the key catalyst. If Fortinet can accelerate that transition and grow the software mix faster, you get both margin expansion and multiple re-rating. The firewall refresh cycle is also a tailwind — enterprises are upgrading to next-gen firewalls with built-in AI capabilities. Gartner recognized them as a Customers' Choice for Security Service Edge for the third consecutive year.

SentinelOne: The Underdog Story

Mike: Now let's talk about the cheapest name in cybersecurity. SentinelOne is trading at $13.54, down 46% from its 52-week high and near its 52-week low of $12.70. Market cap of about $4.6 billion, but with $874 million in cash, the enterprise value is only about $3.7 billion. That gives you an EV-to-forward-revenue of roughly 3.4 times on their guided fiscal 2026 revenue of just over $1 billion. That's incredibly cheap for a 23% grower in cybersecurity.

Sarah: Q3 fiscal 2026 was actually a strong quarter. Revenue of $259 million, up 23%, with ARR surpassing the $1 billion milestone at $1.055 billion. The profitability inflection is the real story — non-GAAP operating margin hit 7%, a 1,200 basis point improvement from negative 5% a year ago. Non-GAAP EPS came in at $0.07 versus a consensus of negative $0.17. They're on track for their first full year of operating profitability in fiscal 2026.

Mike: The Purple AI attach rate hitting 40% is impressive — triple-digit growth. Non-endpoint bookings are now about 50% of their quarterly total, which means they're diversifying beyond endpoint into data lake, AI, and cloud security. The Singularity Data Lake, built on the Scalyr acquisition, is foundational to their SIEM and XDR strategy. They've been acquiring smartly too — Observo AI for real-time data pipeline management and Prompt Security for generative AI security.

Sarah: The obvious comparison is CrowdStrike. SentinelOne has about one-fifth the ARR, but they're growing faster and positioned themselves as "AI-native" from day one. They explicitly benefited from CrowdStrike displacement opportunities after the July 2024 outage. And at 3.4 times forward revenue versus CrowdStrike's 20 times, the valuation gap is enormous. CrowdStrike trades at roughly five times SentinelOne's multiple.

Mike: But there are legitimate reasons for the discount. Growth is decelerating — from 32% in fiscal 2025 to 23% now, with Q4 guidance of only 20%. The CFO departed in January 2026, which is never a good sign. GAAP operating margin is still deeply negative at minus 28%. And CrowdStrike's platform breadth — 29 modules, $4.92 billion in ARR, 97% gross retention — is simply in a different league.

Sarah: I'll push back a little. At $3.7 billion enterprise value for a company with $1 billion in ARR that's approaching profitability, you're essentially getting the entire endpoint security business for free and paying almost nothing for the optionality of the data lake, AI, and cloud security expansion. If SentinelOne can sustain 20-plus percent growth and continue expanding margins, this stock re-rates significantly. An activist investor or an acquirer could see enormous value here.

Mike: The M&A angle is real. In a sector where Google is paying $32 billion for Wiz and PANW is paying $25 billion for CyberArk, a $3.7 billion enterprise value for SentinelOne looks like a potential takeout candidate. But you can't build an investment thesis around M&A speculation. On fundamentals, the growth deceleration and management transition are real headwinds.

Cloudflare: The Premium Crossover

Sarah: Cloudflare is the other name that straddles cybersecurity and broader infrastructure. Stock around $167, market cap roughly $58 billion, trading at about 24 times forward revenue. That makes it the most expensive stock in our coverage on an EV-to-revenue basis — even pricier than CrowdStrike.

Mike: And yet the growth metrics justify some of the premium. Q3 revenue was $562 million, up nearly 31% year-over-year, beating consensus by $17 million. Dollar-based net retention rate was 119%, up 5 percentage points sequentially. Large customers above $100K grew 23% to over 4,000, and million-dollar customers jumped 47% to 173. They're targeting a $3 billion annualized revenue run rate by Q4 2026 and $5 billion by fiscal 2028.

Sarah: Cloudflare's positioning is unique because they're not just a security company. They describe themselves as a "connectivity cloud" — security, performance, and network services on a single global platform. Their security products include WAF, DDoS protection, bot management, Zero Trust, SASE, email security, CASB, and DLP. But they also have an edge computing platform with Workers, an AI inference platform with Workers AI, a CDN, DNS, and a developer ecosystem. That multi-surface value proposition is why enterprises are consolidating spend onto Cloudflare.

Mike: The AI angle is significant. Eighty percent of major AI companies are Cloudflare customers. They've got AI Gateway for managing AI model traffic and Workers AI for inference at the edge. They're positioning for the agentic AI internet — setting protocols, guardrails, and business rules for autonomous agents. Matthew Prince has talked about Cloudflare becoming the infrastructure layer that enables the agentic web.

Sarah: On the security side, they compete directly with ZScaler in Zero Trust and SASE. The difference is that Cloudflare brings the network — they've got one of the largest global networks with data centers in over 300 cities. When you combine security with network performance, the value proposition for enterprises is compelling. Sales productivity improved for seven consecutive quarters, and partner bookings doubled year-over-year.

Mike: The valuation gives me pause. At 24 times forward revenue and 149 times forward earnings, you need a lot of things to go right. Non-GAAP operating margin is only about 15% — much lower than CrowdStrike or ZScaler. GAAP is still negative. For the premium you're paying, I'd want to see faster margin expansion. That said, they report Q4 on February 10, so we'll get fresh data soon.

Sarah: I think Cloudflare is more of a long-term compounder than a near-term value play. If you believe in the convergence of security, networking, and AI infrastructure — and that Cloudflare's global edge platform positions them uniquely at that intersection — then the premium is justified by the optionality. But you need a multi-year time horizon and conviction in the vision.

Varonis and Qualys: Value Traps or Hidden Gems?

Mike: Let's quickly cover the smaller names. Varonis reported Q4 results on February 3 and the stock got hammered. It's at about $22.50, down roughly 65% from its 52-week high of $63.90. Market cap of only $2.65 billion, EV about $2.8 billion. The EV-to-forward-revenue multiple is about 3.8 times on their guided 2026 revenue of $722 to $730 million.

Sarah: The numbers weren't terrible — Q4 revenue of $173 million, up 9%, beat estimates. EPS of $0.08 beat the $0.03 consensus. But the story is messy. They're in the middle of a SaaS transition, sunsetting self-hosted software by end of 2026 — two years ahead of schedule. SaaS ARR of $638 million is growing 32% excluding conversions, which is healthy. But the self-hosted wind-down is creating near-term headwinds to revenue and margin, and the company is guiding to $30 to $50 million in headwinds to ARR contribution margin and free cash flow from the end-of-life process.

Mike: Worse, there are securities fraud class-action lawsuits filed for the February to October 2025 class period. That's always a yellow flag. Multiple analysts are cutting price targets. The stock is trading at barely 3.8 times revenue despite having a genuinely interesting data security posture management business and the Altru acquisition for AI governance.

Sarah: I think Varonis is a classic "show me" story. The underlying SaaS business is growing nicely, and data security posture management is a secular growth market, especially as AI proliferates and enterprises need to classify and secure more data. But you need the transition to complete before the financial picture clarifies. This is probably a second-half 2026 story at the earliest. The $1.1 billion cash position provides a cushion.

Mike: Qualys is the opposite profile — it's the most profitable company in cybersecurity. Also reported today. Q4 revenue of $175 million, up 10%. GAAP net income of $53 million — yes, GAAP profitable. Adjusted EBITDA margin of 47%. ROE of 37%. Forward P/E of only about 18 times. Market cap of roughly $4.7 billion.

Sarah: The problem is growth. At 10% revenue growth and guiding 7 to 8% for 2026, Qualys is the slowest grower in our coverage. Billings growth is averaging about 8% over the last four quarters. They're the pioneer in cloud-based vulnerability management, serving the majority of the Fortune 100, and they're expanding into Enterprise TruRisk Management with agentic AI for automated remediation. But in a market that's growing 12%, Qualys is losing share.

Mike: At 18 times earnings with a 47% EBITDA margin and massive free cash flow generation, Qualys might appeal to value investors. The $200 million share buyback authorization helps. But I worry about it being a value trap — cheapest for a reason, in a market that rewards growth.

Sarah: The competitive dynamics are real. Tenable is growing faster with broader OT and exposure management capabilities. Rapid7 has a stronger MDR offering. And the bigger platforms — PANW's Cortex, CrowdStrike's Falcon Exposure Management — are encroaching on vulnerability management as a feature rather than a standalone product.

The Google-Wiz Deal and What It Means

Mike: We have to talk about the elephant in the room. Google is about to close the $32 billion all-cash acquisition of Wiz — the largest cybersecurity deal in history. The DOJ cleared it in November. The European Commission's Phase I decision deadline is February 10. Reports suggest Phase I clearance is likely, meaning no in-depth investigation. The deal should close in Q1 2026.

Sarah: This deal is transformative for the sector. Wiz is the leading Cloud-Native Application Protection Platform — agentless security across AWS, Azure, and GCP. Google goes from being a third-place cloud infrastructure provider to potentially a first-place security provider when you combine Wiz with Mandiant's threat intelligence and existing Google security tools. The $3.2 billion reverse breakup fee tells you how seriously Google takes this.

Mike: The implications for the independent security vendors are profound. If security becomes a core cloud infrastructure feature rather than a standalone product, that threatens the economics of companies like CrowdStrike's cloud security module, Palo Alto's Prisma Cloud, and to a lesser extent ZScaler's workload protection. EU advocacy groups flagged the risk of "soft degradation" — Google prioritizing Wiz features for GCP over AWS and Azure customers.

Sarah: I think the fears are somewhat overblown. Wiz has explicitly committed to remaining multi-cloud, and most enterprises use multiple clouds. But it does signal that security is now the primary battleground for cloud market share. Microsoft and AWS will likely respond with their own security acquisitions or investments. This is net positive for cybersecurity spending overall but creates concentration risk.

Mike: The deal also removes a potential IPO candidate from the public markets. Wiz was one of the fastest-growing software companies in history — founded in 2020 and worth $32 billion by 2025. Investors who wanted exposure to cloud-native security now have to look at the public companies.

Sector-Wide M&A: A Record Year

Sarah: The Wiz deal is the headliner, but the M&A activity goes far beyond that. In 2025, SecurityWeek cataloged over 420 M&A deals with total disclosed value exceeding $84 billion. Eight deals exceeded a billion dollars. Strategic acquirers accounted for 92% of capital deployed — the highest on record.

Mike: Let me run through the mega-deals. Google-Wiz at $32 billion. Cisco-Splunk at $28 billion closed in March 2024. PANW-CyberArk at $25 billion. ServiceNow-Armis at $7.75 billion — fascinating to see a workflow company buying into cybersecurity. Thoma Bravo took Darktrace private for $5.3 billion. Turn/River Capital took SolarWinds private for $4.4 billion. PANW also acquired Chronosphere for $3.35 billion. Francisco Partners is taking Jamf private for $2.2 billion. Veeam acquired Securiti AI for $1.7 billion. Sophos bought Secureworks for $859 million. And Mitsubishi Electric bought Nozomi Networks for $1 billion — the largest OT security deal ever.

Sarah: Thoma Bravo deserves special mention. They now have $184 billion-plus in assets under management, a cybersecurity portfolio with $6.5 billion in combined revenue and roughly $58 billion in enterprise value. Their holdings include Darktrace, Sophos, Proofpoint, SailPoint, Ping Identity, ConnectWise, and LogRhythm. They're the most influential private equity player in cybersecurity by a wide margin.

Mike: The consolidation trend is being driven by platform economics. A 2024 Gartner survey found enterprises running an average of 45 cybersecurity tools, and IBM found organizations juggling 83 solutions from 29 vendors. Sixty-two percent of companies are actively consolidating suppliers, with another 36% planning to do so within three years. By 2028, Gartner expects 45% of organizations will use fewer than 15 cybersecurity tools, up from just 13% in 2023.

Sarah: That's the platform consolidation thesis in a single data point. The winners are PANW, CrowdStrike, and Fortinet on the platform side, with ZScaler dominating the Zero Trust corridor. The losers are point-product vendors that lack breadth. This is why the best-of-breed names — SentinelOne, Varonis, Qualys — trade at substantial discounts to the platform plays.

The AI Arms Race in Cybersecurity

Mike: Let's synthesize the AI discussion across all these names because it's the most important long-term factor. Every company we've discussed is investing heavily in AI, but the capabilities and defensibility vary enormously.

Sarah: I'd tier them into three categories. The AI leaders — companies with genuine data moats and AI-native architectures — are CrowdStrike, ZScaler, and Palo Alto. CrowdStrike's Threat Graph processes trillions of events and trains Charlotte AI. ZScaler's Zero Trust Exchange generates 500 trillion daily signals powering AI Guard and AI Security, which already has $400 million in ARR. PANW's Cortex XSIAM has $545 million in AI ARR growing 150% year-over-year.

Mike: The AI innovators — companies doing interesting things with AI but with smaller data advantages — include SentinelOne with Purple AI at 40% attach rate, Rubrik with Annapurna and the Predibase acquisition for AI data access, and Cloudflare with Workers AI and AI Gateway serving 80% of major AI companies.

Sarah: And the AI followers — companies incorporating AI features but without fundamentally differentiated AI capabilities — would be Fortinet with FortiAI, Varonis with Copilot, Qualys with their agentic AI risk fabric, and CyberArk with AI-powered identity controls. These are valuable features but don't create the same kind of compounding data advantage.

Mike: The key insight is that AI-centric cybersecurity companies are commanding valuation multiples up to 40% higher than legacy vendors. AI-focused cybersecurity startups accounted for over 50% of all VC deal activity in Q4 2025. The market is decisively pricing in an AI premium.

Sarah: And it's justified. McKinsey estimates that AI is expanding a $2 trillion total addressable market for cybersecurity providers. AI creates new attack surfaces — securing AI workloads, protecting against AI-powered attacks, governing AI agent behavior — while simultaneously enabling vendors to build better products. The generative AI cybersecurity market alone is projected to reach $40 billion by 2030, growing at 33% CAGR.

Mike: The wildcard is whether the hyperscalers — Microsoft, Google, Amazon — use their own AI capabilities to commoditize standalone security. Microsoft has massive AI infrastructure with Azure OpenAI and Copilot for Security. Google now has Wiz plus Mandiant plus Gemini. If they can embed security as a native cloud feature powered by their own foundation models, that's an existential threat to the pure plays.

Sarah: I hear that argument, and I don't dismiss it entirely. But the history of enterprise security shows that "good enough" built-in security from platform vendors has never eliminated the market for dedicated, best-of-breed security. Enterprises want defense in depth. And the compliance and regulatory requirements increasingly mandate independent security controls. DORA, NIS2, SEC rules — these are driving spending to dedicated security vendors, not away from them.

The Portfolio Allocation Debate

Mike: Let's bring this home with an investment framework. If I'm building a cybersecurity portfolio today — February 5, 2026 — how do I think about allocation?

Sarah: I'd split the universe into three tiers. Core holdings with highest conviction: CrowdStrike and ZScaler. Both have durable platform moats, massive data advantages, AI leadership, and clear paths to expanding profitability. CrowdStrike is the better business today — bigger, more diversified, higher retention. ZScaler is arguably the better value today — down 47% from highs, 8.4 times forward revenue, with the Rule of 78 economics.

Mike: I'd add Palo Alto to the core tier. The platform breadth is unmatched, margins are already best-in-class, and the CyberArk acquisition fills the identity gap. At 43 times forward earnings and 11 times revenue, it's the most reasonable valuation among the three platform leaders.

Sarah: Fair. Growth position with higher risk-reward: Rubrik. At 7 to 8 times forward revenue with 48% reported growth and just reaching profitability, the setup after a 47% drawdown is very attractive. The data security and cyber resilience market is secularly growing, and the AI optionality with Annapurna and Agent Cloud is largely unpriced.

Mike: Value or contrarian position: SentinelOne at 3.4 times forward revenue. It's genuinely cheap, approaching profitability, and has an interesting Purple AI product. But the growth deceleration and CFO departure are real headwinds. You need patience here.

Sarah: Yield and stability: Fortinet. Best-in-class margins, the only pure-play cybersecurity company with a massive capital return program, and the SASE conversion cycle provides an identifiable growth catalyst. At 27 times earnings, it's the cheapest of the high-quality names.

Mike: And the avoid or underweight category for me includes Varonis — too messy with the SaaS transition, lawsuits, and margin compression — and Qualys, which I worry is a value trap with decelerating growth below the market rate.

Sarah: Cloudflare is the wild card. If you view it as a cybersecurity investment, it's the most expensive at 24 times revenue. If you view it as a next-generation internet infrastructure play with security, AI, and edge computing optionality, the multiple is more justifiable. I'd call it a hold for existing positions and a watch for new ones until the valuation compresses or the growth re-accelerates above 30%.

Final Thoughts

Mike: Let me close with the broader perspective. Cybersecurity is one of the few areas of technology spending that is genuinely non-discretionary and structurally growing. Cybercrime costs are projected at $10.5 trillion globally in 2025. The 4.8 million worker talent gap means enterprises have to invest in automation and AI-powered security tools. Regulatory requirements are creating spending floors. And AI is both creating new threats and enabling new defenses, expanding the total addressable market.

Sarah: The 2025 M&A wave consolidated the competitive landscape around a handful of platform winners. CrowdStrike, Palo Alto, ZScaler, Fortinet, and arguably Cloudflare are the survivors and consolidators. Everyone else is either being acquired, going private, or fighting for relevance as a best-of-breed vendor in a platform world.

Mike: The current drawdown in cybersecurity stocks — many names are down 30 to 50% from their highs amid the broader tech selloff — creates what I'd call a generational entry point for long-term investors. These businesses are not broken. The secular tailwinds are as strong as they've ever been. You're getting world-class software franchises at meaningfully lower multiples than they traded at a year ago.

Sarah: I'll end on this: the companies that will compound the most over the next five years are the ones with the deepest data moats, the most sophisticated AI capabilities, and the broadest platform reach. CrowdStrike's Threat Graph, ZScaler's Zero Trust Exchange, PANW's Cortex, and Rubrik's enterprise data lake are all examples of proprietary data assets that compound in value with every new customer. That's the moat that matters most in AI-era cybersecurity. The stocks may be volatile quarter to quarter, but the underlying businesses are building something extraordinary.

Prices and financial data referenced throughout this discussion reflect market conditions as of February 5, 2026, including same-day earnings reports from Fortinet and Qualys. Note: CrowdStrike shares fell over 7% intraday on February 5 following the release of new AI models from Anthropic and OpenAI, which sparked concerns about AI disruption of traditional software business models. This selloff also impacted the broader cybersecurity software sector.

Earnings Reports and Investor Relations

Industry Research and Market Data

M&A and Deal Coverage

  • Google-Wiz $32B Acquisition: DOJ clearance Nov 2025; EU Phase I decision Feb 10, 2026
  • PANW-CyberArk $25B Acquisition: Shareholders approved Nov 2025; regulatory clearance pending
  • PANW-Chronosphere $3.35B Acquisition: Closed Jan 29, 2026
  • SecurityWeek M&A Tracker (2025): https://www.securityweek.com

Stock Data (Intraday, February 5, 2026)

  • CrowdStrike (CRWD): ~$380–416, market cap ~$105B (52-week range: $298–$567)
  • ZScaler (ZS): ~$180, market cap ~$30B (52-week range: $165–$337)
  • Rubrik (RBRK): ~$54, market cap ~$10.4B (52-week range: $47–$103)
  • CyberArk (CYBR): ~$393–407, market cap ~$21B (52-week range: $289–$526)
  • Palo Alto Networks (PANW): ~$167, market cap ~$116B (52-week range: $144–$224)
  • Fortinet (FTNT): ~$81, market cap ~$60B (52-week range: $62–$115)
  • SentinelOne (S): ~$13.54, market cap ~$4.6B (52-week range: $13–$25)
  • Cloudflare (NET): ~$166, market cap ~$58B (52-week range: $89–$260)
  • Varonis (VRNS): ~$22.50, market cap ~$2.7B (52-week range: $20–$64)
  • Qualys (QLYS): ~$128, market cap ~$4.7B (52-week range: $109–$180)

Stock prices sourced from Yahoo Finance, Robinhood, TradingView, and Investing.com. Prices are approximate intraday values as of February 5, 2026 and may not reflect closing prices.

Upcoming Earnings Catalysts

  • Cloudflare Q4 2025: February 10, 2026
  • Palo Alto Networks Q2 FY2026: February 17, 2026
  • ZScaler Q2 FY2026: February 19, 2026
  • CrowdStrike Q4 FY2026: March 3, 2026
  • Rubrik Q4 FY2026: March 12, 2026
  • SentinelOne Q4 FY2026: March 17, 2026

Share

    Read more