Crowdstrike — The Cream of the Crowd
Due to the pandemic, we have seen a rapid shift to digital transformation, accelerating the adoption of cloud technologies across industries. Coupled with the proliferation of mobile devices and Internet of Things (IoT), this secular trend has increased the opportunities for targeted attacks with a wider range of managed and unmanaged endpoints and identities.
We’re not even halfway into 2021, but it has got to be one of the most eventful years in memory for U.S and Federal cyber-security. Over the past year, there has been high profile hacks, massive security breaches, cyber espionage and ransomware attacks. Recent cyber-security incidents such as SolarWinds, Microsoft Exchange, and the Colonial Pipeline was a wake up call to many — that there’s insufficient cyber-security defenses and that cyber-criminals are using increasingly sophisticated methods and coordination in their attacks.
In this article, I share my views on why Crowdstrike is the top dog in the Endpoint Protection (EPP) & Endpoint Detection and Response (EDR) space, how they stand to gain from this environment and why they’ll continue to provide market-beating returns into the foreseeable future.
1. INDEX
In this deep-dive we will talk about the following:
- Introduction to Crowdstrike
- How it all started
- Business Model (how do they make money?)
- Key metrics
- Management quality and culture
- Strategic Partnerships
- Financials
- Competition
- Humio, Preempt & TAM
- Valuation
- Risks
- Final Words
Please feel free to jump around, i.e. if you’re familiar with the company you can start straight from Management quality and culture.
1. Introduction to Crowdstrike
CrowdStrike is a leading cybersecurity company protecting customers from all cyber threats by leveraging its Security Cloud to stop breaches (their mission statement). With its Falcon platform, the company believes they are defining a new category called the Security Cloud, similar to how the cloud has transformed companies like Salesforce and ServiceNow.
Falcon is a SaaS based, cloud native platform for next-generation endpoint protection that detects, prevents, and responds to attacks. Examples of endpoints are desktops, laptops, servers, cloud workloads, mobile and IoT devices.
Endpoint Protection (EPP) : Protecting the endpoint device and its data
Endpoint Detection and Response (EDR): Monitoring of those endpoints, recording the information in a central database where further analysis, detection, investigation, reporting, and alerting take place.
Product
Falcon platform supports 19 cloud modules via a SaaS subscription-based model that spans multiple large markets, including corporate workload security, security and vulnerability management, managed security services, IT operations management, threat intelligence services, identity protection and log management. It had only 10 cloud modules when they first IPO-ed in 2019, which shows us the pace at which the company is innovating.
Crowdstrike’s single data model and open cloud architecture enable them and third-party partners to rapidly innovate, build, and deploy new cloud modules to provide their customers with additional functionalities across a myriad of use cases. The platform is designed to be rapidly deployable, easy to use, and extensible. The Falcon platform transforms how organizations combat threats from slow, manual and reactionary to fast, automated, and predictive.
Falcon platform vs On-premises software
For years now, Cloud based software has been eating up the market share of on-premises software. You would probably have used antivirus software like Symantec/McAfee to protect your computers against malware and cyber attacks before. Those products are like the dinosaurs, also known as legacy providers (traditional on-premises software). So what makes the Falcon platform superior to on-premises software like Symantec and McAfee?
The Falcon platform uses 2 different approaches to endpoint protection, while on-premises software only use 1.
On-premises uses the more traditional IOC tracking (signature based), while Falcon uses both approaches to protect the endpoints.
- Indicators of Compromise (traditional), commonly known as IOCs, are the evidence that indicates that the security of the network has been breached. This is a reactive approach.
- Indicators of Attack (AI/ML), commonly known as IOAs, is the focus on the intent of what the attacker is trying to accomplish. This is a proactive approach.
To give an example, imagine if you were an officer at the airport helping passengers stamp their passport in the departure terminal. There is a picture of a new wanted man who just got into your list of people to look out for. In the picture, he is wearing a blue shirt, short haired and wears a spectacles. Though we try to track and observe these unique characteristics, what happens when the wanted man comes to you, but is wearing a different colored shirt, a wig, and not wearing any spectacles? The result? The wanted man gets past you and is able to escape to another country. This is because you were relying on indicators that reflected an outdated profile (IOCs).
However, if the team had used the IOAs approach, they would be looking at characteristics of a wanted man trying to get out of the country. Possible characteristics would be a person behaving suspiciously around the counter, having his eyes on the cameras, and fidgeting constantly. This shows signs that the person, even though disguised, are showing indicators that he might be trying to escape the country. In this case, you might have been able to stop the wanted man’s attempt to escape.
Isn’t this clear how the Falcon platform is superior to legacy providers? There are also several elements that makes Falcon a best of breed platform.
What makes the platform unique?
a. Single Intelligent Agent
Crowdstrike uses an intelligent lightweight agent which can be installed on Windows, Mac and Linux systems. What exactly is an agent? An agent is the piece of software that sits on the endpoints being protected and gives Crowdstrike a view into what is going on in the device (like a CCTV), helps to capture data which is then analyzed centrally, and has the ability to intervene from afar whenever there’s problems. This runs on the background without the user noticing, and continues to protect the device and track activity even when offline.
Falcon provides multiple functionalities using only a single agent. Because it’s lightweight, it takes about 5s to deploy, occupies less than 35MB of storage space and requires no reboot(!). Compared to the Falcon platform, legacy providers uses agents which are designed for a single functionality, hence they often need to deploy multiple agents to the endpoint. This results in agent bloat, a situation where the layered agents consume too much storage space, memory space and processor capacity which affects the end user experience, causing lag. We live in a time where every single second counts, so imagine how frustrating it would be to actually have your device lag because of the antivirus software running.
b. Cloud based architecture
Being a cloud-native platform, this means rapid time to value. Once a customer deploys the lightweight agent on their endpoints, the Falcon platform can activate additional cloud modules in real time. Having a cloud based architecture also means that it’s highly scalable. This allows Crowdstrike to buy as much data as they want and scale their needs as they grow.
On the contrary, on-premise solutions take time to install, configure, deploy and maintain. This hence results in lengthy implementation periods and poor customer experience. Remember restarting your computer just to let the new updates take effect? It is also more costly to buy and maintain IT infrastructures like servers and hire more personnel in an on-premise environment.
c. Proprietary Distributed Threat Graph
The Falcon platform uses their cloud based graph database called Threat Graph. Falcon uses an AI/ML based approach over threat detection. As more data and events are fed into the Falcon platform, there is more data to train their AI models with, which makes the entire platform smarter, creating a powerful network effect.
This means that if Customer A suffers from a potential breach, this data is fed immediately into the Threat Graph, and it will be automatically shared across the rest of the customers in real time. Threat Graph can then learn and identify warning signs once and rapidly deliver protection to every customer in our community. (!) This allows all customers of Crowdstrike to benefit from contributing to the Threat Graph.
“We handle about 4 trillion events per week, so in a day we handle more events into our cloud, than Twitter has the number of tweets in an entire year. “ — CEO George Kurtz
4 trillion real-time events are captured per week by the Threat Graph!!! This means that with each passing day, Crowdstrike’s competitive advantages grows stronger as its platform becomes more effective in identifying cyberattacks.
In addition, Crowdstrike has their elite internal teams of security experts who constantly analyzes the threat database, and this helps to improve the productivity of the customers’ security teams.
Achievements
Being such a high quality platform has also made Crowdstrike highly recognized in the industry:
- Highest score for lean forward organizations in Gartner’s Critical Capabilities for Endpoint Protection Platforms report
- Leader in Gartner Magic Quadrant for Endpoint Protection Platforms (only company to not only maintain its Leader position but obtain furthest position in Completeness of Vision, more on this later)
- Leader in endpoint security software-as-a-service in the Forrester Wave Q2 2021 report. Highest scores possible within 17 criteria in the report
- Leader in both the Forrester Wave Q1 2021 Managed Detection and Response and External Threat Intelligence Services reports
- Best cloud computing security solution and best managed security service at the 2021 SC Awards
- 100% detection coverage in all 20 steps of the MITRE ATT&CK evaluations
- 100% protection rate in the AV-Comparatives business real-world protection test and highest AAA rating in Q1 enterprise endpoint protection evaluation from independent testing organization, SE Labs
All of these achievements just shows the efficacy of the Falcon platform.
So…why make the switch?
Companies usually incur switching costs when they try to deploy a new software across their operations. If a company abandons the older, on-premise software for the next-gen AV provider like Crowdstrike, they’ll have abandon some/all of the IT infrastructure they have bought previously.
However, Crowdstrike estimates that from Day 1 of deployment, the platform delivers instant value, without costly consulting services and with zero maintenance overhead. Threat Graph predicts, investigates, and hunts at a 13% the cost of a typical on-premise solution!
Also, as Crowdstrike becomes the gold standard in the EPP and EDR space, they can also become a career-saver for anyone making security purchase decisions. Imagine the repercussions that happens when a data breach occurs. Would the person making the security decision want to risk buying an inferior security product?
Let’s move on to how the Falcon platform was created.
2. How it all started
The world’s greatest inventions were often born out of a need. This was the case for Crowdstrike as well.
Crowdstrike was founded by the current CEO, George Kurtz, Dmitri Alperovitch (former CTO)and Gregg Marston(former CFO, retired), back in 2011. For now, only George is still around in the company. He is an incredible leader and I will talk more about it under the Management section of my article.
George has always loved computers, even as a child. He started programming in fourth grade on a Commodore CP/M (super old computer). But when he got to college, he was determined to get a business degree. So, he majored in accounting. As a result, this led him to join Price Waterhouse (currently PwC) as an intern in 1993 post-graduation. It was during this stint that he began creating programs to help with the tedious process of data input (audit).
Someone took notice of George’s initiative and drafted him into the PwC computer security group. He was the fifth person on the team. At this time, firewall was just starting to become commercially available and George was put in charge of figuring out how to make it work. George ended up figuring all that out, building controls around it , how to hack it and ended up writing a book on it, called Hacking Exposed.
In 1999, George saw an opportunity in vulnerability assessment for large enterprises and decided to make the leap into entrepreneurship. He jumped in head-first to start his first company, Foundstone (this made him learn a valuable lesson, more on this later).
After raising $3.5M in VC funding, he began learning the ropes of running his own business. But when it came time to raise more money in 2001, it was very tough since dot com bubble just burst. So George started pitching. It was a taxing process, but eventually he found the right fit and Foundstone went on to raise their Series A and eventually acquired by McAfee in 2004.
George then spent seven more years at McAfee. Just as he was getting ready to move on, a new CEO joined and refreshed the executive team so George stuck around, as the CTO, to help him rebuild for a couple more years. It turned out to be a great experience, ultimately revealing to George how challenged the security industry really was.
At that time, most major security companies were focused on stopping malware, when they should have been thinking about stopping a breach. There’s so many types of attack other than just malware! There was also no foundational cloud platform company in security. So, he thought to himself, How do we create endpoint security from the cloud itself?
A fateful encounter in the air while he was with McAfee contributed to his trajectory towards CrowdStrike. Seeing a fellow plane passenger experiencing less than desirable UX with a McAfee security program, he thought, “There must be a better way forward.”
It was George’s frustrations with the lack of innovation at McAfee and him seeing how security programs slowed down computers that led to him and his peers starting Crowdstrike. George and his team made 25 slides to pitch his vision of Crowdstrike to PE firm Warburg Pincus, and received USD 25m seed funding. From then onwards, Crowdstrike went on a hypergrowth trajectory. Meanwhile, McAfee got acquired by Intel.
What made Crowdstrike different from legacy providers was that it focused on not just IOCs, but also IOAs in their endpoint protection and that it had 3 key elements (1) Cloud Native (2) Single, Intelligent Lightweight Agent (3) Threat Graph Database.
3. Business Model (How do they make money?)
As mentioned above, being cloud native and having a single lightweight agent is the reason why Crowdstrike is winning. Legacy providers often deploy multiple agents to add additional functionalities to the security. This ends up burdening the endpoints, slowing down the speed and affecting the end-user experience.
By being in the cloud with a single agent, Crowdstrike is able to consolidate and remove unnecessary agents from their customers’ endpoints and restore endpoint performance. Being in the cloud allows Crowdstrike to collect data once, and apply it across all their users, without burdening the endpoints. Being in the cloud allows customers to activate additional modules (functionalities) in real time.
Crowdstrike also has a 15-day free trial period for customers to try out additional modules, and as all the modules are integrated to their single, lightweight agent, this removes the need to install additional security solutions and for a salesperson to do anything as any additions can be done with a click of a button so long as the customer is within the platform. This reduces friction for the customers as they are allowed to try them before purchasing additional add-ons. All of this is part of Crowdstrike’s plans to expand the number of endpoints/modules that customers take up.
Crowdstrike, like most other SaaS providers, use a Land and Expand strategy. What does that mean? It means you first try to “Land” a customer into your platform, and from there “Expand” the modules that they take up. What makes this even more attractive is that for every modules that is added by the customer, as the modules is tapping to the same data, it gives Crowdstrike close to 100% margins, which all falls to the bottom line. I will share how successful this strategy has been for Crowdstrike later on under Key metrics.
As seen above, Crowdstrike makes money depending on 3 factors,
1) No. of endpoints 2) No. of modules & 3) No. of customers.
Because it is a subscription business, it collects cash upfront from customers annually and uses the deferred revenue recognition method to account for its revenue,
i.e. Dr Cash Cr Deferred Revenue at the start of the contract, & monthly
Dr Deferred Revenue, Cr Revenue (for the accounting nerds out there)
Isn’t that a wonderful business model? This means that Crowdstrike runs at very low risk of having customers who doesn’t end up paying their bills and they get the cash flow instantly that can be used for their business operations.
That being said, other than the Subscription revenue part of their business, they also have another component called Professional services.
In Cyber-security , the value is not necessary setting up the software (it’s easy) , the strategic value is coming in to the customers in their times of need. That’s exactly what Professional services does. Professional services basically acts like a SWAT team/Triage for companies under attack. When their current security offerings fail them, that’s when the Crowdstrike team comes in. You solve the breach, gain the trust of the customers, they know your product works, and they’re willing to pay a premium for the fact that it actually works.
It’s on a ad-hoc basis , and Crowdstrike has said that many of these customers subsequently becomes a subscription customer after understanding and seeing how the Falcon works. Crowdstrike sees the professional services business primarily as an opportunity to generate leads and cross-sell subscriptions to the Falcon platform and cloud modules.
Some incredible stats from the latest earnings call
Among organizations who first became a professional services customer after February 1, 2019, the average subscription ARR derived for every $1 spent on initial incident response or proactive service engagement grew to $5.51. This is up 48%(!) when compared to $3.73 reported last year.
This means that for every $1 spent, Crowdstrike makes $5.51 in recurring revenue, talk about Returns on Investments!
According to George, he used the same model for Foundstone, the first company he founded, but faced backlash from investors who said it couldn’t work. Eventually, he proved that Professional services was an effective lead generation model (effective way to land customers), and today, many businesses are using the same strategy.
Crowdstrike’s business model is highly lucrative, with recurring subscription revenue and friction-less methods to up-sell their modules to their customers. I will further evaluate the model’s success in my next point.
4. Key Metrics
There’s a few key metrics that we can look at Crowdstrike to determine how the business is performing(similar for SaaS business):
- Annual Recurring Revenue & No. of subscription customers
One glance at the graphs tells us that the company is still on hypergrowth mode. The company’s ARR has grown at a rate of 74% y/y, and the number of customers has increased 82% y/y. We can also see that Crowdstrike are not just getting more customers, they’re getting the customers that matter. When 65% of the top 20 banks uses your services, it creates a Halo Effect around the Falcon platform. Potential customers will buy the products because the risk of the product being bad is lower given that the biggest corporations have ‘vouched’ for the platform’s efficacy.
Now, let’s go deeper.
Looking at this chart gives us a clearer picture. We can see that the ARR growth is decreasing on a quarterly basis. Does that mean the company’s growth is slowing? Not really.
Due to the law of large numbers, as a company gets bigger, the % gain for revenue will gradually become smaller, even as the absolute numbers are increasing. You can see that from Jan’19 to Apr’21, while ARR% growth dropped from 121% to 73%, the “Net New ARR” actually increased from 58.5 mil to 139.9 mil, which is a 139% increase! We can’t compare a company when it’s making $1billion in ARR to when it was making $200million in ARR, as the growth % will definitely be different!
And as for Q1, the record net new ARR, which is the measure that we look at in terms of the health business. Q1 is the toughest quarter. But for us to post a quarter that’s larger than Q4, basically delivering 2 Q4s in a row, that’s something special and so we’re proud of that.
— CFO Burt Podbere on Baird 2021 Global Consumer Conference and EC
What did the CFO mean by delivering 2 Q4s in a row? Let’s see.
You can see what the CFO meant when he said Q1 is the toughest quarter for the company. For FY20 and FY21, the sequential q/q drop has always been >10%, but in this year the drop is only 2%! This doesn’t seem like slowing growth to me at all! In fact, quite the opposite!
2. Dollar-Based Net Retention Rates (DBNRR)
Next, we look at the DBNRR for Crowdstrike. Anything above >120% will be among the top percentile in the SaaS industry. What exactly is DBNRR?
DBNRR measures the change in spending for all of the customers a year ago compared to the same group of customers today. It includes positive effects of upsells(expansions) and negative effects on customers who leave or downgrade (churns). To illustrate, if a customer orders 4 modules in Year 1, and 5 modules in Year 2, assuming each module costs the same, the DBNRR would be 125%. [(5–4)/4 ]* 100%
In first glance, you can see that DBNRR has been slowly trailing off for the past few quarters while Gross retention remains incredibly high at 98% range. If you follow the company close enough, you’ll also notice this is the first quarter that the company did not indicate the absolute DBNRR %, only indicating that it exceeded the 120% benchmark. While it may mean that the % dropped, it might not be that worrying. Here’s why.
George has mentioned in earnings call recently that they’re seeing a trend of new customers who are landing more modules from the get-go, and spending more. DBNRR measures spending on a year-year basis. If a customer orders more modules in the first year straight away, it will make sense for the DBNRR to drop.
Using the same example earlier, if a customer starts with 4 modules vs 5 modules, when they end up increasing 1 module next year, what would be the difference between the two?
4 modules = 125% [(5–4)/4 ]* 100%
5 modules = 120% [(6–5)/5 ]* 100%
You get the idea?
3. Subscription customers with multiple cloud modules & Gross Margins
This graph shows us 2 things :
- How good are they are up-selling their products to current/new costumers?
- How sticky is the platform to the customers?
When they first IPO-ed in 2019, their % of customers with 4 or more modules were 47%. It has currently grown to 64%! Also, you can see the Falcon platform like an Apple ecosystem. It just works better when you get more Apple products. iPhone+ Airpods? Why not add on a Apple Watch to sync everything together?
As mentioned above, when a customer adds modules, these additions are extremely high gross margins who flows down to the bottom line. And as seen from the chart above, we can see gross margins on an upward trend, similar to the number of modules. There’s definitely a co-relation. Hence, if Crowdstrike continues to upsell successfully, this gross margin might even hit 80+% territory.
Of course, what every SaaS investors want to see is ultimately, improving operating leverage. What exactly is operating leverage? As a SaaS company, it needs to invest in S&M, R&D and G&A in order to fund revenue growth. Having improving operating leverage means that the rate which revenue is growing > rate which the other 3 types of expenses is increasing, which is clearly shown on the graph. In the long run, we want improving operating leverage so that the company will be operating profitably (eventual goal).
Crowdstrike’s execution thus far has been flawless, as you can see from the pace they’ve improved their operating leverage.
We have looked at the business model and metrics in detail. Let’s now take a look at the people driving the company.
5. Management Quality and Culture
I focus a lot on the quality of the management before deciding to invest in a company. While many investors love to look quantitatively (numbers) before qualitatively (management), I think the focus should be the other way round. It is the qualitative factors that results in the quantitative outcome. To put it simply, without Jeff Bezos’s and his team focus on customer experience, we will not have the Amazon we see today. Without Elon Musk’s tenacity and vision, Tesla will not have the success it sees today. For Crowdstrike, it’s George Kurtz.
a)Long term oriented
I have listened to various interviews and podcasts, and believe that George is a visionary CEO that investors look for. A visionary CEO is able to look at things far out into the future, and ignore any short-term distractions that come his/her way. Even when nobody believes in them, they will push on and work towards their goal.
Ignoring short-term distractions, Seeing the big picture
Back when being a cloud-native platform wasn’t even a thing, George saw it as clear as day. There was no foundational cloud platform company in security back then. As a result, Crowdstrike saw some pushback from customers when they tried to sell their Falcon platform. It was this fear of the cloud which helped shape his founding thesis for Crowdstrike. He saw that the cloud was bigger than security, and that there was going to be a technology adoption.
In the earlier days of Crowdstrike, George went into a large Swiss Bank trying to sell his technology, which was completely new to the market. However, the Swiss Bank cited various reasons, and ultimately rejected the idea of cloud security saying that they’re a Swiss Bank, and cloud is not the way for them. George then confidently said he’ll come back and sign the bank 2 years later, which he eventually did. Today, the Swiss Bank remains a large customer.
From this, he shared the lesson that one should never fall into the trap of satisfying the customer for a short term revenue. Had he allowed the Swiss Bank to dictate how he was going to provide his services (through on premise) , we might not have the cloud native platform we see in Crowdstrike today. George had a high resolve that simply could not be shaken.
Forming his own Board
From his prior experiences as a CEO of Foundstone, George didn’t have the flexibility to be picky with his investors. This resulted in George selling Foundstone earlier than he was ready to. The VCs wanted to cash out in 2004 after suffering big losses due to the dotcom bubble crash (Foundstone being one of the only few that was successful).
For Crowdstrike, George handpicked the investors. “I wanted to make sure I wouldn’t be pushed into a sale too early again,” he says. He did this by surrounding himself with people he could trust and who understood the vision.
As of latest filings, George holds 7.2% of totals shares outstanding and has 33% of the voting powers assigned to him.
What attracted him to CrowdStrike was more than the chance to continue his passion for innovating and disrupting the industry. It was the prospect of working with CrowdStrike founder and CEO George Kurtz. “George could create a board that would propel the company into rare air,” CFO Burt Podbere in an interview
Anti-dilution
In Jan 2021, Crowdstrike reported that they will be raising $750mil in interest-only notes, 3% interest, payable is 2029. This means that these notes are not convertible to shares. Convertible notes tend to offer lower interest rates for the issuers.
When asked on an interview why didn’t Crowdstrike raise more money given the low interest rates environment, George’s answer was simple.
We already have a $750 million extra credit facility with the bank that’s untapped, and we’re already generating free cash flow on our business. We didn’t want to fall in the convertible trap, and create dilution to our current shareholders. We also want to maintain our AAA rating. When people look at Crowdstrike, we want them to think “Wow that’s really well run.”
In Feb 2021, it was then announced that Crowdstrike was acquiring Humio (more on this later), with $352 million in cash and $40million in stock options.
In both scenarios, when raising cash and acquiring Humio, Crowdstrike choose to use cash instead of shares to fund their growth. And take note, this is the period when Crowdstrike was near its all time high (~$220), so it would have made a lot of sense for them to issue shares at a premium.
Can’t you see how deliberate Crowdstrike’s business decisions are? They could have chosen the easy route of diluting current share holders, but instead they did not want to issue more shares to reduce current shareholder’s stake. This is what I like to see in a company, treating its shares as very precious and not diluting the shareholders with every chance they get. It also shows the management is very long term oriented.
b) Glassdoor ratings
A quick search on Glassdoor/Comparably shows that close to 80% recommends others to work in Crowdstrike, and that 98%(!) of the employees approves of the CEO:
One reason why I focus on employee reviews is that it shows how the company treats its employees, and whether there’s any internal problems within the firm that just can’t be seen by looking at the stock prices. Simply put, a company will not be able to create long-term value by treating their employees poorly. Happy employees tend to treat your customers better. Do a Google search for any of the FAANG stocks, and I’m pretty confident any of them will have pretty good Glassdoor reviews. The company will only be able to achieve optimal results provided that their employees are motivated as well.
In an interview conducted, George mentions that he’s looking for people with a combination of hunger, grit and book smarts. His go-to question in an interview is “What drives you more, the will to win or the hatred to lose?” From his past experiences, he knows that it is usually the people who hates to lose who are the most driven people. He also mentions that an incredibly talented candidate may not get the job, because what he’s looking for is a team player and someone with strong cultural fit.
With the criteria that Crowdstrike look for in potential candidates, it’s no surprise that the company is the success it is today.
c) Extreme Confidence
How does the management show that they’re extremely confident in their product? They do it by by pinpointing their competitors’ shortcomings every earnings call. While I tend to not like it when the management are so frank, I think given the competitiveness of the industry they’re in, and the severity of a security breach, Crowdstrike needs to let companies know who is the best in their business.
Target Corporation was looking to rapidly move away from Symantec and transition to a single-agent cloud solution that could be deployed in days, not months or years… Falcon was deployed across their environment in less than 10 days, allowing them to immediately take advantage of the platform and drive ROI. — Q3 2021 Earnings Call
With all these commentary, Crowdstrike shows that their product is better than what their competitors have, and aim to attract potential clients to themselves.
McAfee and SentinelOne had to be removed from their environment where it cannot be deployed because of performance and interoperability problems. Unlike our competitors, CrowdStrike was able to deploy to thousands of endpoints and servers in just three days without a reboot. — Q4 2021 Earnings Call
Of course, Crowdstrike does not forget to compare what makes them different from the crowd. In their website, they actually have a segment explaining why their products are superior. SentinelOne obviously sees Crowdstrike as their biggest competitor, they too have a comparison of their platform against Crowdstrike. While they provided 3 reasons why they’re better, Crowdstrike gave 10 over reasons to show they’re a superior platform. More on this later.
I’m not too sure how many companies out there are so confident in their offerings that they’ll list down their direct competitors and show their web visitors what makes their products superior. This is definitely a show of confidence on Crowdstrike and their products.
Of course, Crowdstrike has the rights to boast. As mentioned above, they’re winning awards left, right and center. Falcon, the platform has also been put to the test and achieved the following:
- 100% detection coverage in all 20 steps of the MITRE ATT&CK evaluations
- 100% protection rate in the AV-Comparatives business real-world protection test
- AAA rating in the Q1 enterprise endpoint protection evaluation from independent testing organization, SE Labs
Crowdstrike wastes no time in calling out their competitors again:
A crucial part of our commitment is to continually test our solution, validate its capabilities, and find opportunities to improve. It’s unfortunate that some vendors decline to compete in these public tests, including so-called next-gen players. This lack of scrutiny is a significant disservice to all customers who would benefit from greater transparency. — George Kurtz, CEO on Q1 2022 Earnings
d) On the ground CEO
George isn’t like any other CEOs. He understands how important it is that you understand the technology as well as the problem you’re trying to solve for the customer. He is very on the ground. He conducts what he calls “100 in 100” customer tours, where he meets with 100 customers and prospects in 100 days, to understand what organizations are looking for.
“When I talk to them, I want them to know they are taken care of. But also, what will help retain them? What else do they need? Is there a service we are capable of that we’re not offering them? What I heard was that the traditional firewall was disappearing and that what mattered to customers was Endpoint and Identity.” — George Kurtz, CEO Crowdstrike
He understands that organizations are looking for a modern, identity- and workloads-centric Zero Trust security strategy to lay the foundation for their security transformation. That was also what lead to Crowdstrike’s acquisition of Preempt (more on this later).
George can also be often seen on the ground with his employees, testing out and developing new modules. As an investor, what you want is a CEO who understands what’s going on at the ground level, and seeks to solve his customers’ pain points.
Let’s now look at the strong partnerships that CRWD has set up for its business to prosper.
6. Strategic Partnerships(AWS, GCP, ZS, EY & more)
Crowdstrike has entered in several partnerships in the past few years. Starting with Netskope, Zscaler, Okta & Proofpoint, EY and also big cloud platforms like Amazon Web Services (AWS) and Google Cloud Platform (GCP)
So how does their partnership work? From their 10-K,
“The Company uses channel partners to complement direct sales and marketing efforts. The partners place an order with the Company after negotiating the order directly with an end customer.
The Company’s contract is with the partner and payment to the Company is not contingent on the receipt of payment from the end customer. The Company recognizes the contractual amount charged to the partners as revenue ratably over the term of the arrangement once access to the Company’s solution has been provided to the end customer.”
Partnerships with players like AWS and integrating the Falcon modules within AWS marketplace allows AWS clients who have built their work on AWS platform to easily subscribe to Crowdstrike’s solutions. This move gives Crowdstrike access to 1million over potential customers, saving Crowdstrike money and time from acquiring new customers. The CFO mentioned recently in a conference that they’re able to close deals 80% faster, because of time saved on going back and forth negotiation. You can see it like a food franchise, with one store you can only do so much. But with multiple franchisee, the sales opportunities are endless.
Well, it means that when we go to market in their marketplaces, a customer comes in, we’ll pay their reps, they’ll get credits. They have the — think about it as a Starbucks card where you come in and they can draw down on credits they have on the usage of their other products. And they can use those credits to purchase our solutions. So that makes it easy. — CFO Burt Podbere on a recent Baird conference
Channel partners like these brings in a lot of revenue, about 75% of the revenues are brought in by Channel Partners in the latest quarter. This is why Crowdstrike strives to make it a win-win situation for both of them. Burt also mentions that one executive staff is tagged to every partner, and they’re responsible for checking up with the partners every quarter to ensure that the relationship is still going down the right path. This shows how much they value the partnerships.
So when we think about EY, we’re really excited because they’re just so embedded in large enterprises. They’re so trusted. And to have our technology as part of their solution worldwide is really a great win for us, and them and the customer.— Earnings call, on Ernst & Young partnership
There’s many other partners, but I just want to mention the one with Zscaler.
Zscaler is another cloud-based security provider just like Crowdstrike. They have integrated their services together, to provide joint customers with double protection.
However, their offerings are aimed at different things. Crowdstrike’s Falcon is used to protect endpoints (phones,computers, cloud workload), while Zscaler are used to protect the network (the flow of information from your computer to another). Basically, Zscaler has a network of 100+ data centres where customers’ traffic are all routed through them (acts like a VPN). Hence, there’s synergy in this partnership.
It’s customers are looking for a next-gen endpoint workload technology platform like CrowdStrike combined with next-gen network technology, and they’re looking to replace their legacy Palo Alto Networks (PANW) — CEO George Kurtz in Q1 2022 earnings
Palo Alto Networks is another cybersecurity player that is more of a security platform play. They do both EPP(CRWD) and Network protection (ZS), so CRWD and ZS are combining forces to take PANW out.
Zscaler also recently became a customer of Crowdstrike and more technology integrations are going through. Crowdstrike also commented that one of the large wins for the quarter were due to their tech alliance with ZS.
To understand security related stuff on a deeper level, you can read up muji’s writeups in the following links; his writeups does an excellent job at explaining tech to a non-tech person like me, and I’m deeply grateful for his work.
- Flavors of Security : https://hhhypergrowth.com/flavors-of-security/
- What is Zero Trust? : https://hhhypergrowth.com/what-is-zero-trust/
Crowdstrike Racing (Mercedez)
Did you know that George Kurtz is a competitive racer as well?
I seldom hear people mention this, but the CEO is a competitive racer! Definitely shows the competitive side of him. Every year, Crowdstrike invites C-suites to a half day cyber-security summit to talk about the latest cyber- security threats. George mentions that some of these C-suites are given the chance to drive behind Mario Andretti (personal connections) on the back of an Indie car, and that has “generated an amazing amount of business” for Crowdstrike. Talk about being opportunistic! Their partnership with Mercedez also shows how they want to work with the best in the industry.
Next, let’s dive quickly into the company’s financials!
7. Financials
I will keep this portion brief, only picking items that I think are important to highlight, since most of the important points has been mentioned in Key metrics section already.
Revenue
Based on this table comparison above, you can see Crowdstrike’s phenomenal execution for the past 8 quarters. Every single metric is going in the right direction, revenue increasing, operating expenses as % of revenue dropping, Operating margin turning from negative to positive (!) Crowdstrike’s figures are very rare in the SaaS space, which makes them a very high quality company.
Take note that revenue figures are a by-product of the ARR, as mentioned above on the deferred revenue recognition concept. Take note that the figures used to calculate is also Non-GAAP, to remove the non-cash expenses and irregularity of one-off expenses.
For me, revenue is actually one of the important numbers I look at in any companies. Why? A company’s revenue results are just like elections; just that customers are using their money to vote for the best product out there. It’s not just a matter of increasing revenue on a annual basis, y/y, but when you see that a company is increasing its revenue on a SEQUENTIAL basis, it definitely shows something — There’s a market for their products and their customers love it. Also, as much as a company can cut costs, in order to grow bottom line (profits), the top line (revenue) needs to grow first.
Some investors I know track the sales mix, which I don’t really care about. Subscription revenue are recurring in nature, high margin business for CRWD. Professional services are what attracts other companies using competitors’ products to come to the Falcon platform. Either way, it’s a win-win situation for the company.
Free Cash Flow Margins
Cash flow statements only look at cash related items, so it takes off items like depreciation expenses.
Free cash flow is a number from the cash flow statements. A company increasing revenue might not necessarily be increasing cash flow, as revenue might be recorded first, but cash only booked in later. Free cash flow are essentially the cash flow from operating activities less any Capital expenditures as a percentage of revenue. Free cash flows are money that can be used to redistribute to the shareholders (either as dividends or reinvestments into the business).
I also care about the company’s free cash flow margins. As seen above, Crowdstrike’s FCF margins were 38.6% for this quarter!!! They’re literally a cash cow at the moment.
Target Operating Model
One of the key things that the Crowdstrike’s management track very carefully is whether they’re on the path to their target operating model. It shows us what the management team the margins are going to look like in the long run. We can see that to be honest, the company has already hit the margins they’re expecting in this latest quarter (less S&M as % of revenue), which is only 4% off.
This target operating model, wasn’t the first version that the management created. This is what CFO, Burt Podbere mentioned in the BOA conference:
Second piece, of course, is optimizing our public and private cloud usage, right, and turning the dials to make that really effective and cost effective for us as well as effective in terms of usage and our ability to use it. And I felt so confident that we’re going to continue our expansion of gross margin. I raised the long-term target — market target for gross margin in April to 77% to 82% plus,from 75% to 80% plus.
The company is so confident in its long terms prospects that it actually raised its gross margins from by 2%, from 80% to 82%!!!
Debt
For the debt position of CRWD, it’s extremely healthy at the moment. They’re holding a $1.7B cash position after 2 recent acquisitions, and the only debt in the books are the recent $750M debt offering, which is due 2029.
The liabilities portion of the Balance sheet is very misleading for CRWD, as a bulk of the liabilities $1.5B, are actually unearned revenue, which are figures that will eventually be converted to revenue once the company perform its services on a monthly basis.
Net operating Losses
One thing that wasn’t in the Financial statements which I felt was worth noting is that CRWD, because of losses in the past, has around $1.88B(from various regions) worth of net operating losses carry forward. Currently, CRWD does not pay any taxes because it’s still “loss-making” on paper.
This means that eventually, when they record an income, they have this $1.88B worth of losses that can be used to net off against the taxes they need to be paid. These are like “deferred revenue” for CRWD as well!
This is actually a huge deal, and it also explains why “loss-making” companies like Amazon pays little to no taxes in the past.
Next, moving on to who competes with Crowdstrike in the Endpoint security space.
8. Competition
To look at competition, we can take a look at the Magic Quadrant for EPP that Gartner has done up. This Magic Quadrant assesses the innovations that allow organizations to protect their enterprise endpoints from attacks and breaches. The companies are ranked based on their completeness of vision, and their ability to execute.
If we were to compare the two Magic Quadrants in separate years together, we can see that Crowdstrike has made a leap jump in terms of ranking. In 2017, they were even under SentinelOne, a competitor about to IPO in the coming weeks. Fast forward to 2021, Crowdstrike has became the leader for EPP alongside Microsoft. It just shows us how much Crowdstrike has evolved as a platform over the past 3 years to become the leading platform today. What has not changed is that the market is still extremely competitive, with many players fighting for market share.
Most of the Pros for Crowdstrike were already mentioned by me above.
One of the Cons indicated by Gartner is pricing. “CrowdStrike Falcon deployments often require extra cost options to provide the full range of capabilities, and this increases overall cost when compared to more inclusive competing solutions. Also, for multiyear contracts, CrowdStrike insists on upfront payment. This is reflected in lower scoring for pricing in this Magic Quadrant”, to me, this indicates Crowdstrike’s pricing power more than anything. If customers are willing to pay a premium for their services and pay upfront, there must be a reason why.
I tried very hard to find a more updated version of the market share, but failed to do so. If there’s anyone who has a source, do let me know!
Based on this table above, we can see that there has clearly been a power shift between the legacy vendors and Crowdstrike. More notably, Crowdstrike’s growth from 2018–2019 towers over all of their competitors, which implies they must be doing something right. While legacy vendors are still holding a large chunk of the pie (40+%), I believe it will not be for long.
Companies like Cisco, VMware, Tanium, BlackBerry, and Palo Alto Networks each increased their revenue near or above two times the market’s growth rate(8.8%) in the corporate segment.
The best part is, Crowdstrike CEO in their earnings call mentioned that IDC released an updated worldwide market share stat from endpoint security, and Crowdstrike was ranked №1, ahead of Microsoft and other legacy vendors. He also mentioned that Crowdstrike is still in the early innings of grabbing market share from legacy vendors, which means we can continue to see sustained revenue growth from Crowdstrike in the coming quarters.
But there’s a lot of companies out there, big and small, and we still think we’ve got a lot of runway and still continue the migration of share from Symantec and McAfee to CrowdStrike.
What else is a better way to show that you’re doing something right other than your competitors complimenting you in their earnings call? Credits to Kris from Potential MultiBaggers for this info!
Don’t forget in each of those areas, we are dealing with extremely competitive situation. In the case of XDR, we deal with dedicated salespeople in CrowdStrike. They outflank us 8–1 on the number of salespeople. So we have to look hard at how much investment we want to make on the sales side.
-Palo Alto Networks CEO
You can see how much Palo Alto CEO sees Crowdstrike as a threat based off this comment above, and I think the reason why Crowdstrike has so many salesperson might be attributed to their partnerships as well.
Sentinel One (IPO as ticker S)
I just wanted to spend some time touching on SentinelOne, who’s going to IPO in a few weeks time. I believe both CRWD and S sees each other as key rivals, given how they mention each other so much in earnings call and website.
In SentinelOne’s S-1 (IPO form), while explaining their offerings, mentioned this: “higher accuracy than possible from any single human or even a crowd”, definitely hates CRWD on the same level.
I spent some time reading through their S-1, but can’t really differentiate the difference between what they and CRWD offers, but pretty sure CRWD has more data given more customers and being around for longer. However, thanks to Jamin (he does incredibly useful SaaS comparisons!) who posted the comparison, I have some things I can comment on.
SentinelOne’s metrics is very similar to when CRWD just IPO-ed. SentinelOne IPOed 2 years after CRWD, so their revenue is naturally lower. They both had >100% YoY growth when they IPO-ed.
However, 1 metric stood out the most to me : their operating margins is -134% compared to -55% when CRWD IPOed. What does -134% margins mean? It means that for every $100 revenue you take in, you’re spending $234 to get that revenue! Seems like a absolute disaster. -134% is a far comparison from -55%. This means you’re losing $134 in Year 1.
The worst part is, this will only get worst as their revenue growth continues. With 56% of GM, it means their cost of revenue would be $44, which translates to OPEX being $190 ($234-$44). Even if there is a slight operating leverage (improving margins), they will still be losing more money in absolute numbers, as their revenue get bigger, their OPEX will increase in tandem as well, perhaps at a slower rate.
Example:
Year 2: Revenue grows to $200.
GM improves to 60%, meaning cost of revenue is $80.
Operating expenses increases only 80% (showing operating leverage), we get OPEX of $342. Adding the cost of revenue, the total expenses is $422.
This means that for this year, even with improving margins, the losses actually widens to $222, compared to $134 from previous year.
The issue here is there’s no alternative for SentinelOne, as this is an extremely competitive market where you need to spend big in order to get customers, and sometimes you might have to lower your prices to attract more customers → affect pricing power. And you know what happens when a company runs out of cash, they run to the investors for money again or issue more debt. Of course, these losses eventually get better, but it’ll probably take a few years. Therefore, at the moment I do not think SentinelOne is a worthy competitor.
To remain relevant, Crowdstrike has also acquired some companies in the past year.
9.Humio & Preempt & TAM
Preempt
In 2020, Crowdstrike announced plans to acquire Preempt. A leader in Zero Trust identity hygiene and security. Preempt delivers a modern approach to securing identity with their patented Conditional Access technology, helping customers preempt security threats in real-time based on identity, behavior and risk. This acquisition is very timely given the recently executive order by the U.S government to get companies to work towards ZTA (Zero Trust architecture.)
What exactly is Zero Trust? Imagine this. In the past, Zero Trust model is just like a locked front door. Once you get in through the front door, you’ll be able to access every other rooms in the house. This means that once a hacker gets through the first layer of defense, they’re free to do whatever they can. With Zero Trust, it means that you’re required to have credentials to enter or do anything in the house. Want to enter a room? Show that your’re authorized. Want to on the computer? Show that you’re authorized.
What does Preempt actually do? Preempt goes into an organization and collects identities and credentials information from companies like OKTA, Microsoft, etc. They can then use this to create a profile so that when they see an employee opening a folder that he doesn’t usually access, they’ll block the access, then force a re-authentication via multi-factor authentication, just to ensure that the employee is really who he is. It also works if the employee appears to have too much access privilege and are accessing something that their profile wouldn’t need to. Preempt claims that “80% of all breaches involve compromised credentials.”
The hybrid work environments that we’re in makes this acquisition particularly vital, given that workers are working from different locations and will often need to access employee-restricted data. With this acquisition, CrowdStrike plans to offer customers enhanced Zero Trust security capabilities and strengthen the CrowdStrike Falcon® platform with conditional access technology. The addition of Preempt’s technology to the CrowdStrike Falcon platform will help customers achieve end-to-end visibility and enforcement on identity data. To me, the best part is Preempt can be integrated seamlessly into the Falcon’s single agent and start preventing insider threats very quickly. You collect the data once and use it many times.
Humio
In 2021, Crowdstrike announced plans to acquire Humio, a leading provider of high-performance cloud log management and observability technology.
We founded Humio with the vision of enabling engineering teams to easily collect all of their data in real time and at scale to proactively manage anomalies and recover quickly from various incidents.
We architected Humio’s platform to easily ingest massive amounts of machine and application data in true real time, enabling enterprises to monitor, analyze, investigate and search all of their data at an industry leading TCO — Humio CEO, Geeta Schmidt
Humio’s acquisition shifts Crowdstrike its EDR (Endpoint Detection Response) into XDR (eXtended Detection Response), basically an enhanced version. Humio’s platform helps Crowdstrike with their massive amount of data from their Threat Graph. All of these data is a lot of logs. Humio helps to manage these logs for their customers, and allow them to solve more security/ non-security use cases in real time. Essentially, it helps their customers keep more data, with less cost and also allow query searches faster. It also allows for customizable dashboards that gives customers greater actionable insights, in real time.
This, of course, expands Crowdstrike’s Total Addressable Market (TAM). Is Crowdstrike entering into the log management space as well, where Datadog is in? To be honest, I’m not sure whether there’s any difference with the two companies’ offerings so I’ll not comment on that.
Talking about TAM, believes their current TAM for 2021 is $36.5B, which will grow at a CAGR of 9% to $43.6B in 2023. By 2025, Crowdstrike believes their TAM will be $106B! One can only believe that they’ve already planned the future areas that they’re expanding into.
For Crowdstrike to expand its TAM by that much, they’re probably going need to move into other security markets other than EPP and EDR. Perhaps venture into providing consumer security offering? As of now, Crowdstrike only serves enterprise customers. Crowdstrike can also look to penetrate more into international markets, with revenues from international markets only at 27% currently.
Given the past 2 acquisitions, it’ll be interesting to see where Crowdstrike will be moving into next.
Let’s move on to valuation.
10. Valuation
Crowdstrike’s shareholders has been rewarded extremely well since its IPO. If you had invested $10k in Jul’19, this amount would be $40k currently. Rightfully so, given all the quarters they have since they IPO-ed have beaten analysts estimates.
SaaS companies has grown popular in the last 3 years, due to the attractive business model of recurring revenue and high margins per incremental adds of customers.
As a result, most of the SaaS companies trade at a premium valuation. Given that Crowdstrike is an extremely high quality company, this is the case for them as well.
If we based the valuation on EV/NTM Revenue, Crowdstrike is the 6th most expensive SaaS companies out there. However, what if we were to value it based on EV / FCF or Gross Profits?
If we were to use EV/FCF, we can see that Crowdstrike immediately becomes the cheapest relative to those who were originally cheaper in terms of valuation. Using revenue in this example is unfair, reason being a company that generates high FCF (>30%), cannot be seen in the same way as a company who is FCF negative or has low FCF margins.
This is also the same for Gross margins. Similarly if we were to use EV/GP, we can see that Crowdstrike becomes the 9th most expensive, instead of 6th.
I also tried to compare Crowdstrike to the big Cloud native platforms that they envisioned themselves to be when they first started (CRM,NOW,WDAY). It’s probably a good gauge to see how CRWD will be trading at few years down the road.
If we were to see this chart, it may seem that Crowdstrike is valued extremely high, even on a EV/FCF basis. However, we shouldn’t be comparing them this way. Crowdstrike is still in hypergrowth mode, which means we’ll probably still them growing at high 50s-70s% for the next 3 years. Meanwhile, mature companies like Workday, Salesforce and Servicenow are growing at 15%, 25% and 30% respectively. This means Crowdstrike’s growth rate is at least twice or thrice the growth of other companies. Assuming EV remains around the same, but FCF increases in the subsequent years, we can see Crowdstrike’s valuation will very quickly close up the gap to the other 3 companies. If we were to compare it this way, Crowdstrike suddenly don’t seem as expensive as they are now.
IDC estimates that revenue for Cloud IT spend will grow from $106.4B in 2020 to $217.7B in 2023. However, Cloud security spend is only ~1% in both periods. IDC believes that an organization should spend 5–10% of its IT budget on security, especially given the recent high-profile breaches. Crowdstrike estimates that this spend might be up to 5.7%, which makes the cloud security opportunity 10X bigger than what was spent in 2020 for cloud security. Crowdstrike is well position to take advantage of this increase in spending as well.
However, one thing that I’d like to caveat is that valuations are very subjective and high growth SaaS stocks are not suitable for everyone. Given their premium valuations, it’s very common to see them fall 20% from their highs and if you’re going to lose sleep over that, you should not be buying into this. Inflation scares put pressures on SaaS companies as well, but it’s something out of our control. If you still think this is a good company to own, you should scale in slowly, with only small % added currently. Given that the current share price close to 52 weeks high, the risk/reward ratio might not be that good. You can then add in bigger positions with every draw-downs.
For disclosure purposes, I own $CRWD, and all these are not investment advice nor am I a registered investment adviser. So please conduct your own due diligence before purchasing any $CRWD shares.
11. Risks
So what are the risks to owning this company? There is a few.
a) It’s Hawk-eyed by Wallstreet analysts
Given that it is a high growth company with premium valuations, this company is definitely tracked very closely by Wallstreet analysts. Example below:
“You saw no seasonality from Q4 to Q1, which I think is the first time at least the last three years where net new ARR has not declined sequentially, clearly indicating a significant change in the spending environment” — Analyst on earnings call
If Crowdstrike were to post any steep deceleration in earnings, we can expect these analysts to pick it up as well, and the valuations will definitely take a hit.
With such premium valuations, Crowdstrike is EXPECTED to do well, it’s like the all-rounder student in class with all As, when he does well it’s normal. But when there’s sluggish performance, everyone notices. Wallstreet is merciless.
Given COVID19 has definitely ramped up some security spending (not really stated) , comparisons to next year’s numbers will definitely be harder, so everyone will be watching whether Crowdstrike can still perform as well. This is also one of the reasons I believe Zoom’s share price has dropped so much from its highs, investors are looking ahead and comps are incredibly difficult, even though they have so far shown that they’re doing well even after COVID19, but the growth is definitely slower than during COVID period.
b) Any incidents of breaches is an easy 20% off share price
Trust Takes Years To Build, Seconds To Break And Forever To Repair — Dhar Mann
Crowdstrike operates in a very sensitive industry where any breaches is likely to cause millions-billions in damages. Recent SOLARWINDS hack may cost up to $100billion to recover, with so many affected parties involved. This can mean the end of smaller enterprises who has leaked confidential data of their clients. When Solarwinds hack was announced, the share price of Solarwinds plummeted 36% instantly.
Therefore, even though Crowdstrike was the one that Solarwinds brought in to remediate the breaches, it is possible that Crowdstrike may one day be exposed to such a breach. When that happens, nobody remembers the awards Crowdstrike has received in the past, only the trust that they have lost from their customers.
This scenario is easily an 20–30% crash from its share price.
c) No desirable acquisition targets
There will be a time where Crowdstrike will be unable to continue to add additional modules at the same pace they’re doing now, and this will slow down the revenue growth of Crowdstrike. As mentioned above, to continue expanding its TAM, Crowdstrike will need to expand into other segments or acquire more companies.
Just as how SentinelOne was overtaken by Crowdstrike from 2017 to 2021 in the Gartner Magic Quadrant, CRWD can lose their edge as the innovative provider for EPP and EDR services. As a result, they will lose their market share to other more innovative providers who offer more advanced solutions.
An issue about acquisition is that it may not always be so easy for Crowdstrike to find complementary/synergistic acquisitions. Crowdstrike would need to find companies to acquire only in situations where their products are superior/synergistic, and that the ROI in the long run exceeds the Cost of acquiring the companies.
If Crowdstrike is unable to find desirable targets, this may directly impact the revenue growth of the company, leading to a fall in valuations.
12. Final words
I still firmly believe that Crowdstrike has a shot at becoming the company with the biggest pie of the endpoint security platforms in the next few years. They have a few things going for them:
a) Lower customer acquisition costs: Free trial allows customers to add on free modules on their own with no cost, drastically reducing the hurdle rate required to acquire customers/ increase module add-ons. Crowdstrike’s partnerships has also helped in expanding the sales opportunities outside of just their own sales force.
b) FedRAMP certification/AWS GovCloud: Recent executive order will accelerate spending in endpoint protection. The federal government seems to be serious this time round in wanting to halt these malicious cyber threats. It took Crowdstrike 4 years(!) to get this certification, and these certifications allow Crowdstrike to service government organisations. Crowdstrike’s management seem very positive in their ability to get more contracts.
c) Security is mission critical
Unsurprisingly, endpoint security remains as a top priority for security spending, in a survey conducted by MS with CIOs in 2020. Security spending is mission critical. Even in times of economy slowdown, there might be reduced expenditure in other areas like R&D but cyber attacks are relentless, hence companies will have to continue putting money into cyber security solutions.
d)Increase in Cloud security spending.
Several companies like Facebook and Standard Chartered are allowing permanent flexible working, and Apple employees are raising objections at the idea of heading back office. Even with the vaccine rolled out, we’re not going to go back working the same way. With digital transformation accelerated(IoT devices growth), and the Work-From-Anywhere trend rising, the need for endpoint security is only going to be amplified.
Cloud workload security are still in its infancy, and more companies will be forced to shift their workload into the clouds as they see the benefits. Crowdstrike’s management is excited about this opportunity, and believe they’re well positioned for it.
d) Shift from Legacy providers to next gen-AV will only continue
As mentioned above, the transfer of market share from the legacy providers to Crowdstrike has just started and will continue as Crowdstrike remains as the superior solution.
If you’ve read till this point, thank you! I’ll appreciate any feedback on how I can improve for further articles. I’ve also written an article on Peloton, which can be found here.
