Cloud Security Earnings Quality: DDOG vs CRWD vs NET vs ZS vs ESTC
Five cloud security platforms, five different approaches to shareholder value. Elastic (7/10) stands out with neutral accounting and sustainable SBC. CrowdStrike (4/10) raises red flags with 22.9% SBC/revenue and multi-front July 19 litigation. Our 5-pass filing intelligence reveals what standard screeners miss.
Cloud Security Earnings Quality: DDOG vs CRWD vs NET vs ZS vs ESTC
Last Updated: December 30, 2025 Data Currency: Q3 2025 / FY26 10-Q filings. DDOG | CRWD | NET | ZS | ESTC
TL;DR: Five cloud security and observability platforms show stark differences in earnings quality. Elastic (7/10) stands alone with neutral accounting and sustainable SBC. Zscaler (7/10) pairs aggressive capitalization with excellent SBC discipline. Datadog (6/10) has AI tailwinds but SBC growth outpacing revenue. Cloudflare (4/10) faces 19.6% SBC burden plus OFAC sanctions risk. CrowdStrike (4/10) ranks last with 22.9% SBC and multi-front July 19 litigation. Four of five platforms have "aggressive" accounting practices.
Cloud Security Earnings Quality Rankings (Q3 2025 / FY26)
| Rank | Company | Quality Score | SBC/Rev | Accounting | Hidden Risk |
|---|---|---|---|---|---|
| 1 | ESTC | 7/10 | N/A | Neutral | MODERATE |
| 2 | ZS | 7/10 | 6.7% | Aggressive | LOW |
| 3 | DDOG | 6/10 | 6.4% | Aggressive | LOW |
| 4 | NET | 4/10 | 19.6% | Aggressive | MODERATE |
| 5 | CRWD | 4/10 | 22.9% | Aggressive | MODERATE |
Source: MetricDuck 5-pass filing intelligence extraction
Analyze these platforms: MetricDuck extracts hidden liabilities, accounting quality, and risk factors from SEC filings that standard screeners miss. View DDOG Filing Intelligence | View CRWD Filing Intelligence | View NET Filing Intelligence | View ZS Filing Intelligence | View ESTC Filing Intelligence
What is Earnings Quality and Why Does It Matter?
Earnings quality measures how reliably a company's reported profits reflect its true economic performance. High-quality earnings are backed by cash flow, use conservative accounting, and provide transparent disclosure. Low-quality earnings may look good on paper but don't convert to shareholder value.
Earnings Quality Score Interpretation:
| Rating | Score | What It Means |
|---|---|---|
| Excellent | 9-10 | Conservative accounting, earnings fully backed by cash |
| Good | 7-8 | Neutral practices, reliable earnings |
| Warning | 5-6 | Some aggressive elements, needs scrutiny |
| Red Flag | 1-4 | Aggressive accounting, significant quality concerns |
For cloud security investors, earnings quality determines whether the growth you see in headlines translates to real value creation. A company reporting 30% revenue growth with 23% SBC/revenue is not creating the same shareholder value as one with sustainable compensation practices.
The cloud security and observability market has consolidated significantly—Cisco's $28 billion acquisition of Splunk in March 2024 being the most notable example. For the remaining independent platforms, understanding earnings quality helps distinguish sustainable business models from those potentially masking challenges through aggressive accounting.
Elastic: The Quality Standout (7/10)
Elastic stands apart as the only company in this peer group with "neutral" accounting practices and no red flags identified by our filing intelligence extraction.
Key Findings
| Metric | Value | Assessment |
|---|---|---|
| Earnings Quality Score | 7/10 | Good - Reliable |
| Accounting Aggressiveness | Neutral | No concerns |
| Red Flags Identified | 0 | Clean |
| Material Weakness | None | Clean |
SBC Analysis
Elastic demonstrates the most disciplined approach to stock-based compensation:
- SBC Sustainability: Sustainable
- Capitalization Policy: Neutral
- Major Acquisitions: Developed technology ($6.5M), Goodwill ($33.6M)—modest scale
What Sets Elastic Apart: Elastic is the only platform in this peer group rated "neutral" on accounting aggressiveness. No SBC red flags were identified, and capitalization practices align with conservative standards.
Hidden Liabilities
Elastic's main exposure comes from securities litigation:
From Our Pass 3 Extraction:
Elastic faces alleged securities litigation filed against the Company and its executive officers, alleging materially false and misleading statements about business and financial results.
The class period has been extended, with an active motion to dismiss pending.
Off-Balance Sheet Exposure: $2.9 million (letters of credit) + undeterminable indemnification provisions
Overall Risk Level: MODERATE
Why Elastic Leads on Quality
- Only neutral accounting — No aggressive practices identified
- Sustainable SBC — No concerning compensation patterns
- Modest acquisitions — Goodwill risk limited
- Transparent disclosure — No disclosure concerns flagged
- Low hidden liability exposure — Securities litigation is main risk
Zscaler: Strong Quality, Aggressive Capitalization (7/10)
Zscaler ties for the best earnings quality score but gets there differently than Elastic—sustainable SBC offsets aggressive capitalization policies.
Key Findings
| Metric | Value | Assessment |
|---|---|---|
| Earnings Quality Score | 7/10 | Good - Reliable |
| Accounting Aggressiveness | Aggressive | Capitalization concerns |
| Red Flags Identified | 2 | See below |
| Material Weakness | None | Clean |
Red Flags
From Our Pass 2 Extraction:
- Significant capitalization of internal-use software — $349.2 million capitalized
- SBC at 6.66% of revenue — Moderate dilution but sustainable trend
Hosting equipment totals $579.5 million in capitalized assets.
SBC Analysis
Zscaler maintains disciplined stock-based compensation:
- SBC Expense (Latest Quarter): $188.6 million
- SBC/Revenue: 6.66%
- Assessment: Sustainable
- Free Cash Flow: $925 million
The Zscaler Balance: Despite aggressive capitalization, Zscaler generates $925 million in free cash flow with only 6.66% SBC/revenue. The cash generation validates the underlying business quality even with capitalization concerns.
Hidden Liabilities
Zscaler has the cleanest hidden liability profile:
| Metric | Value |
|---|---|
| Overall Risk Level | LOW |
| Contingent Liabilities | Standard litigation matters only |
| Purchase Obligations | Non-cancelable (cloud, equipment, consulting) |
| Material Off-Balance Exposure | None disclosed |
Datadog: Growth at the Cost of Capital (6/10)
Datadog occupies the middle tier—strong growth metrics and AI tailwinds mask a concerning trajectory where SBC growth outpaces revenue growth.
Key Findings
| Metric | Value | Assessment |
|---|---|---|
| Earnings Quality Score | 6/10 | Warning Zone |
| Accounting Aggressiveness | Aggressive | Multiple concerns |
| Red Flags Identified | 5 | See below |
| Material Weakness | None | Clean |
Five Red Flags
From Our Pass 2 Extraction:
- Significant increase in capitalized software development costs — Now at $289.5 million
- Aggressive capitalization of deferred contract costs — Amortized over four years, now $173.1 million (up from $142.7M)
- High stock-based compensation relative to revenue — 6.36% of revenue
- Growing deferred contract costs — 21% increase
- Substantial increase in goodwill from acquisitions — Up 47% to $530 million
SBC Analysis
Datadog's SBC trend raises sustainability questions:
| Metric | Value | Concern Level |
|---|---|---|
| SBC Expense (Q3 2025) | $204.3 million | |
| SBC/Revenue | 6.36% | Moderate |
| SBC Growth YoY | 39.4% | HIGH |
| Revenue Growth YoY | 28% | |
| SBC vs Revenue Gap | +11.4pp | Unsustainable |
The Profitability Paradox: Datadog's SBC is growing 39.4% while revenue grows 28%. At this trajectory, SBC will consume an increasingly larger share of revenue, eroding the profitability investors expect from high-growth software companies.
Unique Finding: AI Tailwinds
From Our Pass 4 Extraction:
"AI-native cohort represented approximately 8% of year-over-year revenue growth for the quarter ended September 30, 2025." — Datadog 10-Q, Q3 2025
This unique disclosure shows AI workload monitoring driving meaningful new business—a differentiated data point not found in peer filings.
Hidden Liabilities
Datadog has the cleanest hidden liability profile alongside Zscaler:
| Metric | Value |
|---|---|
| Overall Risk Level | LOW |
| Total Off-Balance Exposure | $0 |
| Material Findings | Standard indemnification only |
ROIC Trajectory: Concerning
| Period | ROIC | Trend |
|---|---|---|
| Q3 2025 | -0.9% | ⚠️ |
| Q2 2025 | -0.4% | |
| Q1 2025 | 0.8% | |
| Q4 2024 | 1.7% | |
| Q3 2024 | 2.8% |
ROIC turned negative in 2025 despite 28% revenue growth—capital efficiency is declining.
Cloudflare: Network at Any Cost (4/10)
Cloudflare shows the second-lowest earnings quality in this peer group, driven by extreme SBC burden and self-disclosed sanctions risk.
Key Findings
| Metric | Value | Assessment |
|---|---|---|
| Earnings Quality Score | 4/10 | Red Flag Zone |
| Accounting Aggressiveness | Aggressive | Multiple concerns |
| Red Flags Identified | 2 | SBC + Capitalization |
| Material Weakness | None | Clean |
Red Flags
From Our Pass 2 Extraction:
- High SBC as % of revenue (19.56%) — Nearly one-fifth of revenue goes to stock compensation
- Aggressive capitalization policy — $672.9M in servers, $126.9M in capitalized software
SBC Analysis: Extreme Dilution
Cloudflare's SBC burden is among the highest in enterprise software:
| Metric | Value | Assessment |
|---|---|---|
| SBC Expense (Q3 2025) | $109.9 million | |
| SBC/Revenue | 19.56% | Concerning |
| SBC Growth YoY | 24.54% | |
| Unvested Liability | $936.2 million | Future dilution |
| Sustainability | Concerning | Red flag |
The Dilution Problem: At 19.56% SBC/revenue, Cloudflare shareholders give up nearly 20 cents of every revenue dollar to stock compensation. The $936 million in unvested liability represents future dilution already committed.
Hidden Regulatory Risk: OFAC Sanctions
From Our Pass 3 Extraction: HIGH Severity
Cloudflare self-disclosed potential violations of U.S. economic sanctions and export control laws to OFAC and the Bureau of Industry and Security.
"The Company may have inadvertently allowed its network and associated products to be accessed or used by some customers in apparent violation of U.S. economic sanctions laws, including by users in embargoed or sanctioned countries." — Cloudflare 10-Q, Q3 2025
Critical Findings:
- Self-disclosure to OFAC and Bureau of Industry and Security
- Potential for "substantial fines and penalties"
- Reputational harm risk
- Status: Under review
Overall Risk Level: MODERATE (regulatory exposure elevates risk)
Financial Performance Context
| Metric | Value |
|---|---|
| Revenue | $562 million |
| Net Income | $(1) million |
| Gross Margin | 70% |
| Operating Margin | (10)% |
| Free Cash Flow | $82 million |
Despite negative operating margin, Cloudflare generates positive free cash flow—but the extreme SBC dilution erodes shareholder value.
CrowdStrike: July 19 Hangover (4/10)
CrowdStrike ranks last on earnings quality, facing the highest SBC burden in the peer group plus multi-front litigation from the July 19 Incident.
Key Findings
| Metric | Value | Assessment |
|---|---|---|
| Earnings Quality Score | 4/10 | Red Flag Zone |
| Accounting Aggressiveness | Aggressive | Multiple concerns |
| Red Flags Identified | 2 | SBC + Capitalization |
| Material Weakness | None | Clean |
Red Flags
From Our Pass 2 Extraction:
- High Stock-Based Compensation relative to revenue — 22.9% of revenue, highest in peer group
- Capitalization of internal-use software and website development costs — $352.4 million
Combined with ongoing litigation, these factors drive the lowest quality score.
SBC Analysis: Highest in Peer Group
CrowdStrike's SBC is the most extreme among cloud security peers:
| Metric | Value | Peer Rank |
|---|---|---|
| SBC Expense (Q3 2025) | $283.0 million | |
| SBC/Revenue | 22.9% | #5 (Worst) |
| SBC Prior Period | $208.9 million | |
| Unvested Liability | $1,900 million | Highest |
| Sustainability | Concerning | Red flag |
The SBC Crisis: CrowdStrike's 22.9% SBC/revenue ratio means nearly a quarter of every revenue dollar goes to stock compensation. The $1.9 billion unvested liability represents massive future dilution already committed to employees.
Hidden Liabilities: Multi-Front Legal Exposure
From Our Pass 3 Extraction:
July 19 Incident Litigation:
"Legal proceedings related to the July 19 Incident, including putative class action lawsuits and derivative lawsuits alleging violations of federal securities laws and negligence." — CrowdStrike 10-Q, FY26
Delta Airlines Lawsuit:
"A complaint filed by Delta Airlines alleging computer trespass, breach of contract, fraud, and deceptive business practices related to the July 19 Incident."
Regulatory Inquiries:
"Requests for information from the U.S. Department of Justice and SEC regarding revenue recognition, ARR reporting, and the July 19 Incident."
Critical Findings:
- Class action lawsuits (securities violations, negligence)
- Delta Airlines direct litigation (computer trespass, fraud)
- DOJ and SEC inquiries into revenue recognition
- $2.57 billion in non-cancelable purchase obligations
- Revolving credit facility matures January 2026
Total Off-Balance Exposure: $2.69 billion (Purchase Obligations $2.57B + Unfunded Loan Commitments $121.3M)
Overall Risk Level: MODERATE (litigation exposure is significant)
Covenant Compliance
Despite the challenges, CrowdStrike maintains covenant compliance:
| Covenant | Requirement | Status |
|---|---|---|
| Interest Coverage | Min 3.00:1.00 | Compliant |
| Total Leverage | Max 5.50:1.00 (stepping down) | Compliant |
Investment Implications
Summary Comparison
| Factor | ESTC | ZS | DDOG | NET | CRWD |
|---|---|---|---|---|---|
| Earnings Quality | 7/10 (Best) | 7/10 | 6/10 | 4/10 | 4/10 (Worst) |
| Accounting Risk | Low | Medium | Medium | High | High |
| SBC/Revenue | N/A | 6.7% | 6.4% | 19.6% | 22.9% |
| SBC Sustainability | Sustainable | Sustainable | Elevated | Concerning | Concerning |
| Hidden Liability Risk | Moderate | Low | Low | Moderate | Moderate-High |
| Overall Verdict | Conservative | Balanced | Caution | Aggressive | Aggressive |
SBC Sustainability Ranking (Best to Worst)
- ESTC — Sustainable, no SBC concerns
- ZS — Sustainable, 6.66%
- DDOG — Elevated, 6.36% but 39% growth is concerning
- NET — Concerning, 19.56%
- CRWD — Concerning, 22.9%
Hidden Liability Risk Ranking (Lowest to Highest)
- DDOG — LOW, minimal exposure
- ZS — LOW, standard commitments
- ESTC — MODERATE, securities litigation
- NET — MODERATE, OFAC sanctions risk
- CRWD — MODERATE-HIGH, multi-front legal + $2.7B commitments
Key Takeaways
-
Elastic represents the quality benchmark — The only platform with neutral accounting, no SBC red flags, and sustainable practices. Securities litigation is the main exposure to monitor.
-
Zscaler offers the best risk-adjusted quality — Despite aggressive capitalization, the $925M FCF and sustainable SBC at 6.66% validate underlying business strength. Low hidden liability exposure.
-
Datadog's AI tailwinds face profitability headwinds — The AI-native cohort driving 8% of growth is unique, but 39.4% SBC growth outpacing 28% revenue growth is unsustainable. ROIC turning negative is a warning sign.
-
Cloudflare's network dominance comes at shareholder cost — The 19.56% SBC/revenue and OFAC sanctions self-disclosure create dual concerns. The $936M unvested liability represents future dilution.
-
CrowdStrike faces the most uncertainty — The July 19 Incident created multi-front legal exposure that could persist for years. At 22.9% SBC/revenue plus $2.57B in commitments, capital efficiency is severely challenged.
Deep dive into these platforms: MetricDuck's 5-pass filing intelligence extracts hidden liabilities, accounting quality signals, and risk factors that don't appear in financial screeners.
Analyze ESTC | Analyze ZS | Analyze DDOG | Analyze NET | Analyze CRWD
Methodology
Primary Sources:
- Datadog Q3 2025 10-Q (SEC EDGAR, filed November 7, 2025)
- CrowdStrike Q3 FY26 10-Q (SEC EDGAR, filed December 2025)
- Cloudflare Q3 2025 10-Q (SEC EDGAR, filed November 2025)
- Zscaler Q1 FY26 10-Q (SEC EDGAR, filed December 2025)
- Elastic Q2 FY26 10-Q (SEC EDGAR, filed December 2025)
Data Extraction:
- Pass 2 (Accounting Quality): Earnings quality scores, red flags, SBC analysis, capitalization policies
- Pass 3 (Hidden Liabilities): Contingent exposures, litigation, regulatory matters, off-balance sheet items
- Pass 4 (Risk Landscape): Overall risk assessment, competitive position, unique disclosures
Earnings Quality Framework: Our 5-pass filing intelligence extraction analyzes SEC filings across multiple dimensions:
- Revenue recognition and accounting aggressiveness
- Stock-based compensation sustainability
- Capitalization policies and goodwill risk
- Hidden liabilities and off-balance sheet exposure
- Cash conversion and earnings reliability
Limitations:
- Analysis based on quarterly filings only; annual 10-K may provide additional context
- Forward-looking statements in filings are management estimates subject to change
- Market conditions, competitive dynamics, and regulatory environment may evolve
- Earnings quality scores are model-generated assessments based on SEC filings, not guarantees
- Fiscal year-ends vary (some companies report calendar quarters, others fiscal quarters)
Disclaimer
This analysis is for informational purposes only and does not constitute investment advice. The information is based on SEC filings and our proprietary filing intelligence extraction. Readers should conduct their own research and consult with financial advisors before making investment decisions. Past performance is not indicative of future results. MetricDuck is not a registered investment advisor.
Explore More Earnings Quality Analysis
This article is part of our comprehensive Earnings Quality Hub, which covers cash flow verification, accounting red flags, and quality screening frameworks.
Related earnings quality research:
- Earnings Quality: The Complete Framework — 3-metric framework, sector thresholds, and red flag checklist
- Cash Flow Quality Framework — 3-metric verification system
- Enterprise AI Earnings Quality: PLTR vs SNOW — 5-pass filing intelligence comparison
- Stock-Based Compensation Analysis — Which tech giants dilute shareholders most
MetricDuck Research
SEC filing analysis and XBRL data extraction