Table of Contents
- 1 Investment thesis
- 2 Qualitative
- 3 Mission and Narrative
- 4 The Problem
- 5 The Solution
- 6 How does CrowdStrike differ from legacy solutions?
- 7 Breaking down some of the tech speak
- 8 The Product
- 9 Why make the switch?
- 10 CrowdStrike’s Moat
- 11 Business Model
- 12 Customer Base & Geographical Considerations
- 13 Runway, Risks, and Reviews
- 14 Runway (Growth Potential)
- 15 Competitive Landscape
- 16 Partners
- 17 Risks
- 18 Reviews
- 19 Qualitative Summary
- 20 Quantitative
- 21 Financial Overview
- 22 Q2 2020 Update
- 23 Valuation
- 24 Quantitative Summary
- 25 Synthesis
- 26 Conclusion
CrowdStrike (CRWD) is a best-in-class, disruptive cybersecurity solution that will reward shareholders for years to come. They are leading the transformation of an outdated paradigm for cybersecurity solutions. CRWD’s highly desirable products and continued revenue hypergrowth all in the face of a major economic crisis have demonstrated their value as mission-critical. Although carrying an apparently high valuation, it is in line with other high-growth peers despite CRWD’s revenue growing much more rapidly. I believe that their persistent, demonstrated growth will continue, including a forecasted revenue CAGR of 64% from 2020-2023. This leaves significant potential upside for its stock price in the coming years (likely 2-3x or more), and will reward patient shareholders.
Mission and Narrative
CrowdStrike was founded in 2011 by George Kurtz and Dmitri Alperovitch “to reinvent security for the cloud era.” They describe their product as “the first multi-tenant, cloud native, intelligent security solution capable of protecting workloads across on-premise, virtualized, and cloud-based environments running on a variety of endpoints such as laptops, desktops, servers, virtual machines, and Internet of Things, or IoT, devices.” What does this really mean?
Names like McAfee and Norton by Symantec probably ring a bell for many of us. These are the elders of the cybersecurity community. Many of us have had their antivirus programs to protect against malware and remote cyberattacks. Back in the America Online (NYSE:AOL) era, technology was less developed. We had dial-up modems and 3.5” floppy disks. Cybercrime was also much less evolved and pervasive.
However, the AOL era is long gone. We are now constantly connected to the internet. Whether it be by smartphone, tablet, laptop, desktop, car, or even refrigerator, our connectivity has evolved and so have the sophistication and volume of cyberattacks. CrowdStrike released their 2020 Threat Hunting Report just this month and noted that there were “more hands-on-keyboard intrusions than were seen throughout all of 2019”.
Co-founder George Kurtz previously created a cybersecurity company known as Foundstone. Ultimately, it was acquired by McAfee after which he became their CTO and GM of their enterprise division. As CEO of CrowdStrike, he has an impressive 95% employee approval rating on Glassdoor and 90/100 rating on Comparably.
Before CrowdStrike’s inception, its future founders were working in cybersecurity and were dissatisfied with the available solutions. Specifically, they noticed that having on-site, physical hardware for cybersecurity required a high cost and expensive maintenance and operation. They also realized that clients installed multiple software products (sometimes from different companies) to handle their cybersecurity demands. That, in turn, led to unnecessary complexity and bloating. Furthermore, the primary mechanism of threat detection and removal was a reactive solution called signature-based, meaning that it could only be effective after an attack and thus provided subpar results.
In the CrowdStrike Q2 2020 earnings call, CEO George Kurtz remarked that in the first half of 2020 they stopped more potential breaches than in all of 2019. He noted that as COVID-19 has propagated a work-from-home (NYSEARCA:WFH) culture that is increasingly digitized, CrowdStrike has seen a rapid increase in intrusions and eCrime this year . These attacks are costly, and can put unprepared companies out of business. IBM (IBM) reported in 2019 that the cost of a data breach in the US was a colossal $8.19M dollars (a 130% increase in 14 years).
Furthermore, The Radware Global Application & Network Security Report for 2019-2020 stated that companies with revenues greater than $1B reported an average cost of a staggering $1.7M per cyberattack, and companies with revenues less than $1B suffered a $480,000 loss per attack.
The Wall Street Journal chimed in that companies with less than $10M in annual revenue are less likely to be prepared to deal with cyberattacks or to have cyber insurance. Many of these smaller companies may have to close down in response to cybercrime (at staggering estimates between 10-60% in my research). However, if laggards in the cybersecurity space could catch up to the level of the leaders, they could reduce the cost of attacks by 72%. That could add up to a whopping savings of $6M per year on average (according to The 2020 Accenture Cybersecurity Report). In short, cybersecurity is becoming increasingly more important as the cost of adopting effective countermeasures may be dwarfed by the financial damage of cyberattacks.
Prudent C-suite executives, then, will be working to adopt successful cybersecurity infrastructure. And data suggest that the legacy providers (long-standing solutions that may not have changed much over the course of time) are likely inadequate for many.
CrowdStrike hopes to fill this gap through their comprehensive “First Cloud-Native SaaS Endpoint Security Platform”. For clarity, SaaS refers to software-as-a-service in which a software product is made available to clients over the internet.
In essence, CrowdStrike created two focal points: first, a massive cloud-based platform that is powered by huge amounts of data coming in from all of their clients. Second, this data is processed by a proprietary offering driven by artificial intelligence (NYSE:AI) along with local and cloud machine learning (ML) models, all guided by experienced cybersecurity professionals on the CrowdStrike team. These two focal points are named Falcon Platform and Threat Graph, respectively.
Threat Graph is essentially a ML/AI-driven super-network that CrowdStrike calls “the brains behind the Falcon endpoint protection platform.” Ingeniously, it crowdsources threat detection by acquiring data from all of its clients in real-time. Then, it analyzes the data and rapidly rolls out appropriate countermeasures all across the globe. These countermeasures may even be preemptive, meaning that they prevent an attack before its execution.
Say that a hypothetical bank in the middle east was a client of CrowdStrike, and was being targeted by cybercriminals. Threat Graph would help facilitate early detection and potentially even prevent the cyberattack. Then, it would rapidly roll out these countermeasures across the cloud to other clients all over the world, conferring a high level of protection to them all despite the majority of these clients never experiencing the threat directly. This hits at the heart of one of the traditional weaknesses of cybersecurity: data silos isolated from one another, requiring active management for response and updates.
In addition, CrowdStrike has FedRAMP approval which expands their market to public sector customers (such as governmental entities in the US). Falcon for data centers allows on-premises (on-prem) protection for those clients that still maintain some of their own on-site cybersecurity.
How does CrowdStrike differ from legacy solutions?
Legacy providers have historically focused on what are called Indicators of Compromise ((IOCs)). IOCs relate to unique characteristics of a breach such as a specific malware signature. Identification of IOCs allows for a reactive approach once an attack has occurred. Obviously, this retrospective damage mitigation is not the most optimal solution. In contrast to IOCs, Indicators of Attack ((IOAs)) are focused on detecting the intent of the attacker’s actions (such as executing code or moving stealthily around the network). IOA-oriented solutions promote proactive measures. A personal mantra of mine is “anticipate to eliminate.” The CrowdStrike solution does just that. By prospectively identifying potential problems via identification of IOAs solutions can be devised and implemented before some or even all of the damage is done. CrowdStrike uses Threat Graph to execute on this game plan.
Source: CrowdStrike Investor Relations
Breaking down some of the tech speak
I am not a cybersecurity expert. In fact, I’m far from it. However, as a physician part of my daily job is explaining complex medical and scientific ideas to lay people without a background in medicine. Similarly, as an analyst my work should convey important, high-level data about various companies and technologies in a way that most people can understand (including myself). An important part of that process starts with establishing a shared vocabulary. For example, instead of telling the reader that CrowdStrike focuses on Next Generation Endpoint Protection, I will focus on explaining what that really means.
First, we need to define endpoint. Simply put, an endpoint is a device that communicates with a network. For example, you are probably reading this analysis on an endpoint (such as a desktop computer or smartphone). Your endpoint communicates across a network (e.g., WiFi or cellular service). Each endpoint, then, presents a security vulnerability. Likewise, the network itself can be a security risk. These two components (endpoint and network) are two major categories of cybersecurity. According to International Data Corporation (IDC), 70% of successful breaches originate from endpoints.
Imagine for a moment that you run a major corporation. You have thousands of employees operating tens of thousands of endpoint devices, including their work computers and even mobile devices that may be personally owned but contain work-related data. It only takes one point-of-failure to allow cybercriminals to sink in their claws. You determine your company needs a comprehensive solution for endpoint protection. That is where CrowdStrike comes in.
CrowdStrike defines Next Generation Endpoint Protection (NYSEARCA:EPP) as having three essential elements.
Next-Generation Antivirus (NGA)
Endpoint Detection and Response (NYSE:EDR)
Managed Hunting (also known as Managed Detection & Response (MDR))
Going into any depth of these elements is beyond the scope of this analysis. However, I will outline a brief primer for the convenience of the reader.
NGA focuses on virus protection. CrowdStrike posits that rather than the old, reactive approach of relying entirely on IOCs, NGA should focus on IOAs (the proactive method). This is part of what makes it “next-generation.”
EDR involves continuous monitoring of endpoint devices and uses analysis to detect threats. IDC disclosed that 65% of successful attacks go unidentified for days to months and an even greater percentage require at least that amount of time to eliminate the threat. These “silent failures” are so-named because attackers may remain embedded in a system without an alarm being raised. To abrogate these silent failures, CrowdStrike implements their modern EDR solution. They liken it to a surveillance camera that allows them to comb through “large volumes of data to find malicious patterns of activity that may not have been detected otherwise”. By deploying their EDR entirely through the cloud, they eliminate pressure on their clients. Some of these pressures include the financial need for on-prem solutions driven by hardware costs, and the need for increased IT security staffing. Furthermore, CrowdStrike removes their client’s data from a local silo and effectively integrates their systems with a worldwide network curated by CrowdStrike.
Finally, Managed Hunting addresses that attackers are human beings that can creatively adapt. Therefore, countermeasures should include human beings to level the playing field. Via Falcon OverWatch, CrowdStrike brings a team of security experts to the aid of their clients 24/7.
As comprehensive as this sounds, CrowdStrike’s solutions actually go well beyond these three components of Next Generation EPP. Some of their other offerings focus on firewall management, USB device control, cloud workload protection, and others. Diligent readers may wish to peruse the previously-linked CrowdStrike 2020 Threat Hunting Report for a basic overview of other modules (starting at page 43).
CrowdStrike’s flagship offering is the Falcon Platform that we have previously discussed. It is a single agent that is lightweight and low-friction (meaning that it is not resource-intensive and is easy to install and use). It has a modular design that allows for customization of services provided. To that end, CrowdStrike has dozens of patents approved or pending.
Source: CrowdStrike Investor Relations
The Falcon Platform is complemented by the Threat Graph system. Greater as a whole than a sum of the parts, this symbiotic union has created a new cybersecurity paradigm wherein threat detection and analysis at one location can be used to quickly benefit all of the other locations in the CrowdStrike umbrella.
Why make the switch?
Switching costs refer to the costs that businesses incur when they change a part of their operations. For example, if a business abandons its older, on-site cybersecurity system, they will have to spend money to obtain a new security infrastructure. Logically, one of two reasons may preface this move: either the current services provided are inadequate, or the prospective services offer something additional. CrowdStrike claims that Threat Graph is 13% the cost of a typical on-prem solution, generating a hefty 7.5x cost reduction.
Source: CrowdStrike Threat Graph Data Sheet
Legacy solutions are typically slower to install, bulkier (they take up more space), require multiple installations/programs, and may not benefit from access to the cloud or AI. Customers say that speed of deployment and time to value are critical factors in their purchasing decisions. CrowdStrike solutions address these concerns directly. For example, they do not require rebooting the system which alleviates a major stressor that formerly could suspend extensive services and/or networks for a period of time. Furthermore, on-prem solutions involve costly hardware, software updates and monitoring, as well as additional cybersecurity employees and associated overhead.
By making the switch to an external, cloud-based provider like CrowdStrike, businesses can position themselves in a way that reduces their financial and personnel burdens. Perhaps even more importantly, they may save money in the long-term by reducing the number of successful cyberattacks and data breaches.
Prudent investors (and company executives) should always be able to identify the competitive moat of their company. The moat is what keeps competition at bay and promotes continued success and prosperity. In the case of CrowdStrike, their moat is quite impressive. Although on the surface “just another” cybersecurity product would not seem to have something particularly defensible about it, CrowdStrike defies that logic. For starters, their proprietary AI/ML models evolve with the amount of data they consume and analyze. As a first-mover in the space, CrowdStrike already has a deluge of useful data including over 3 trillion events captured per each week by Threat Graph. Each day that ticks by, CrowdStrike’s moat grows a bit wider as it becomes more apt at identifying and squelching cyberattacks across the globe. Gartner is a trusted third-party that analyzes the world of technology. They publish what they call a “Magic Quadrant” for leaders in various realms of technology. In 2019, CrowdStrike was #1 in their Completeness of Vision and #2 in their Ability to Execute.
Furthermore, CrowdStrike was the highest-rated vendor in Gartner Peer Insights Customer’s Choice for EDR for two years in a row. Gartner also painted a rosy picture in their prose. “Organizations looking for a modern, cloud-native EDR-focused EPP solution with a range of managed services will find CrowdStrike very compelling.” They described CrowdStrike as “…one of the fastest growing and most innovative vendors in this research. It is rapidly taking market share in 176 countries, including numerous very large organizations with more than 100,000 seats.” These words are especially powerful coming from Gartner as they are very highly respected and are not prone to hyperbole.
Forrester is another respected entity that provides valuable third-party research. In their Q1 2020 Forrester Wave: Enterprise Detection and Response Report, they included CrowdStrike among the three “leaders of the pack” alongside Microsoft (MSFT) and Trend Micro (OTCPK:TMICY). They even proclaimed that “CrowdStrike continues to lead on strategy and execution” and “clients rave about the detection capabilities CrowdStrike offers.”
CrowdStrike’s primary business model is subscription-based and is typically offered in one-year intervals. However, this is an oversimplification. They also provide four levels of turnkey protection in Falcon Pro, Enterprise, Premium, and Complete.
In addition, they offer metered billing including cloud modules that may be priced per-endpoint and per-module. By doing so, they allow for custom expansion and contraction of services as needed by clients. Importantly, each additional module that clients adopt adds to CrowdStrike’s bottom line. The more that existing clients expand their array of CrowdStrike services, the more profit CrowdStrike obtains.
CrowdStrike focuses on a low-friction go-to-market (GTM) strategy that minimizes barriers to entry for their product. Readers may recognize this type of strategy as being highly successful in the recent past in the case of Zoom (ZM). CrowdStrike executes on this strategy with 15-day free trials and in-app trials of their products which are quick and easy to implement for users. They also provide access to their expanding ecosystem through the CrowdStrike Store, the first platform-as-a-service ((PaaS)) for the endpoint. This marketplace includes custom services and application programming interfaces ((APIs)).
CrowdStrike’s sales model consists of both direct sales teams and channel partners that target large enterprises, high-velocity mid-market and small and medium businesses (BATS:SMB). They also tackle strategic verticals and global markets. Simply stated, they pursue relationships with businesses of all sizes while strategically focusing on specific sectors as well as expanding internationally.
Customer Base & Geographical Considerations
CrowdStrike has an impressive and growing list of clients. As of January 31, 2020 they counted among these 49 of the Fortune 100, 11 of the top 20 banks, and 40 of the top global 100 companies. It can be presumed that many of these may have been competitive displacements (customers that abandoned their prior providers to switch to CrowdStrike).
Source: CrowdStrike Investor Relations
CrowdStrike ended Q2 with 7,230 customers, accounting for a remarkable 91% growth year-over-year ((YoY)). They have a well-diversified customer base with particularly successful adoption by large enterprises.
Geographically, 29% of CrowdStrike’s revenue comes from outside the US and that proportion has been growing. Of note, they have expanding footprints in EMEA (14% of revenue) and APAC (9%).
Runway, Risks, and Reviews
Runway (Growth Potential)
Cybersecurity is a burgeoning yet nascent market worldwide. AustCyber projects that global cybersec expenditures will grow to $270B by 2026, up from $145B in 2018. The vast majority of this budget is expected to go toward externally-managed security services (e.g., CrowdStrike).
Imagine for a moment that you run a company that wants to reduce overhead and increase efficiency. Like your peers, you are pursuing digital transformation (NYSE:DX) over the coming years. You can either keep your outdated model of cybersecurity that requires substantial costs in hardware, maintenance, and additional personnel and is likely less effective than leading options; or you can outsource the majority of your cybersec to a specialized, cloud-based company that connects you to a worldwide network of AI-driven protection. Over time, I would imagine most executives would pick the latter option. And data seem to support that thesis.
Gartner has predicted a growth rate of only 2.4% for information security and risk management technology this year, which is well below their pre-COVID estimate. However, this is still growth. They also convey that mission-critical deployments will take precedence in this environment, and cybersecurity has proven to be mission-critical. Headwinds have not curtailed CrowdStrike’s velocity. In fact, as COVID has accelerated DX, the author believes that over time CRWD may stand to see greater revenue growth than would have been expected prior to COVID. Microsoft CEO Satya Nadella announced in April, “We’ve seen two years’ worth of digital transformation in two months.”
Investor Relations at CrowdStrike report that their estimated Total Addressable Market (NYSE:TAM) will be $31.9B in 2022. Weighing this with their current revenue, their market penetration is incredibly low. In other words, there is massive growth potential for CRWD, even if they take a fraction of the total market.
There are additional tailwinds to account for. Gartner introduced their 2019 Magic Quadrant for EPPs by telling readers that “By 2025, cloud-delivered EPP solutions will grow from 20% of new deals to 95%.” They might as well have put up a big, neon arrow that said “This way to CrowdStrike.”
As shown in the Gartner Magic Quadrant figure above, CrowdStrike has no shortage of competitors. The author of the hhhypergrowth blog (highly worth a read) breaks these down into three neat compartments.
These compartments are EPP, EDR, and MDR (all three of these are defined above).
I have put the CrowdStrike competitors into a Venn Diagram below for the readers’ convenience.
Source: Created by author with data courtesy of hhhypergrowth
Although there is definite fragmentation of the cybersecurity space which allows for niches and multiple winners, CrowdStrike stands out among its peers. Some of its competitors have irons in many fires (such as Microsoft, Blackberry (BB), and VMware (VMW)). One could argue that they could use their other strengths as leverage. Yet, oftentimes the pure play wins (think Zoom, Roku, etc.). By devoting themselves singularly toward their vision of stopping breaches, CrowdStrike maintains clear vision and drive. Their customers agree. IDC reported that CrowdStrike nearly doubled its market share in 2018-2019 while conversely the top three vendors saw their market share decline.
While investigating the competitive landscape, I would be remiss to overlook symbiotic arrangements. CrowdStrike has strategically partnered with ZScaler (ZS) and Okta (OKTA), among others. The former is focused on network protection and the latter on identity authentication. As such, they are not generally seen as direct competitors to CRWD. CrowdStrike CEO George Kurtz commented during the Q2 earnings call that despite having no shared economics, he wanted the “best outcome for customers” by “putting best of breed platforms together.” Also during that call, he posited that “…to secure the hybrid workforce in today’s threat landscape, the two most important aspects of security are providing visibility and protection to workloads and implementing a zero trust architecture, which endpoint security is an important foundational element.” Zero Trust (ZT) refers to an IT security model that requires stringent identity verification for users and devices attempting to access resources on a network. ZT has been a growing theme in CrowdStrike’s publications and presentations in recent history. These partnerships were partially forged to advance that theme. It is unclear whether the recent acquisition of Preempt Security by CrowdStrike will impact these specific relationships or others in any meaningful way, but it does appear to accelerate CrowdStrike’s ZT undertaking (Preempt focuses on Zero Trust and conditional access technology).
CrowdStrike has also formed accretive partnerships with public cloud behemoths Amazon (AMZN) and Google (GOOGL). Their partnership with Amazon Web Services (AWS) makes CrowdStrike products available on the Amazon marketplace which adds substantially to Annual Recurring Revenue (NYSE:ARR) and reduces the length of their sales cycle. Additionally, they are integrated into Amazon security services such as GuardDuty and SecurityHub. The Falcon Platform also protects Google Cloud Platform (NYSE:GCP) workloads. The major cloud vendor not on this list is Microsoft with Azure, likely due to their competing cybersecurity products.
As with any investment, a stake in CrowdStrike is not without risk.
Among these are:
CRWD could lose their edge as a leader provider of Security-as-a-Service ((SECaaS)). This could happen if they lose their innovative edge or are surpassed by other providers. This could directly lead to reduction in market share and subsequently revenue. To avoid this, they will need to continue to focus on providing a superior product and novel, innovative solutions. I believe CrowdStrike has the verve to soundly defeat this risk.
Less expensive options may become more attractive. CrowdStrike is not known as the cheapest of its peers. One might argue that skimping on price for something as important as cybersecurity would be short-sighted, but it still requires consideration. Current data suggest that this risk is not playing out as a concern for customers.
If uncertainty in the economy leads to a marked slowing in DX, it may follow that there is reduced spending in cybersecurity. This has yet to be proven, however (as I will outline in the Quantitative section, below).
A high-profile failure for a well-known client could be deleterious and highly visible. This could cause slowing in new customer recruitment and accrual of customers from competitors while inciting a potential efflux of existing customers. Given the comprehensive solution CrowdStrike provides along with its expert oversight and real-time AI guidance, I expect CRWD to continue to perform at a very high level. Meanwhile, their list of marquee clients continues to flourish.
Users are highly satisfied with CrowdStrike’s offerings. Gartner’s Peer Insights has reviews for the EPP, EDR, and MDR offerings separately, with an additional set for security consulting. In EPP, CrowdStrike is rated #1 with a score of 4.9/5 and a whopping 98% of customers recommending their product. This rating is well above most of their major competitors. Similarly, they are #1 in EDR (tied with SentinelOne) with a similar gap between these two and the rest of the pack. Their MDR and security consulting reviews are less valid as there were only 14 total reviews between the two categories, as opposed to hundreds of reviews each for EPP and EDR.
I had difficulty locating an up-to-date Net Promoter Score (NPS) for the company, but in mid-2019 TechCrunch reported an NPS in the 80s. Glassdoor employee ratings for the company are difficult to interpret, as one listing has them rated at 3.9/5 and another has them at 4.8/5. Regardless, they are resoundingly positive. Employee NPS ((eNPS)) is currently a 71/100 at Comparably (but drawing from a small sample size of seven).
CrowdStrike is a founder-led, highly-innovative disruptor of the rapidly-growing cybersecurity space. They provide mission-critical services to a diverse customer base and are highly regarded by customers and employees. Respected independent analysts in the tech space also hold CRWD in overwhelmingly positive regard. CrowdStrike offers a low-friction GTM model with ease of expansion through adoption of additional modules that appeals to decision-makers in their target customer base. They have claimed only a small portion of a huge and growing TAM, a testament to a long runway for potential continued hypergrowth. In a nutshell, they are a leading player in a robustly-growing subsector (software & security services) embedded in a leading sector (technology).
Notes: Values are non-GAAP unless otherwise specified. If some of the below measures seem alien to the reader, they are commonly used in the SaaS space both to analyze individual companies as well as to compare/contrast with others.
CrowdStrike’s impressive narrative is hardly the end of their prodigious story. As I will demonstrate, their financial information paints an equally stellar picture of their present (and likely future).
CRWD is one of the fastest growing public SaaS companies. For starters, they boast one of the leading revenue growth rates.
Source: Created by the author using data provided by Daloopa (an AI-driven financial modeling service)
Amazingly, they have had consistent >80% revenue growth for as far back as my dataset covers. This places them in the top decile of their cohort and in a continued state of hypergrowth. Also impressively, their growth persistence (a measure of how quickly the growth rate changes over time) has remained quite high, indicating that CRWD is hardly decelerating despite their growing size and the effects of COVID-19.
CrowdStrike has an impressive non-GAAP subscription gross margin (NYSE:GM) of 78% up from 76% a year prior and already well-within their long-term goal range of 75-80%.
Source: CrowdStrike Investor Relations
GM has been creeping slowly up quarter after quarter, which is an excellent trend. Furthermore, CrowdStrike’s dollar-based net retention rate (DBNRR) has been over 120% for ten consecutive quarters. This metric helps tell us that even if they picked up zero new customers, they would continue to generate revenue through increased spend by existing clients while accounting for churn (customers that cancel their subscriptions). As a complementary piece of data, the adoption of additional modules by existing clients has been steadily increasing over time (which adds to their bottom line).
Source: CrowdStrike Investor Relations
Another important area to assess is sales and marketing ((S&M)) efficiency. One metric that helps us do that is Customer Acquisition Cost (NASDAQ:CAC) Payback Period. Despite being a mouthful, the concept is simple. Measured in months, CAC Payback Period shows how long it takes for revenues generated by a new customer to cover the cost the company initially paid to acquire them as a client: the lower, the better.
As the reader can see, CAC Payback period has been decreasing over time, meaning that CrowdStrike’s S&M is becoming more efficient. As a comparator, this value also places them in the top quartile of all B2B SaaS companies.
CrowdStrike has been free cash flow (NYSE:FCF) positive for the past four quarters. This has been accompanied by a steadily improving operating margin that moved into positive territory in the past two quarters (with a long-term goal of 20+%). Similarly, their earnings per share (NYSEARCA:EPS) have moved into the black:
Source: Created by author with data from CrowdStrike
Q2 2020 Update
That Q2 was a banner quarter for CrowdStrike would be an understatement. Despite economic turmoil induced by COVID-19 and the subsequent response, CrowdStrike’s leadership saw a “favorable competitive environment and strong secular tailwinds.” In the author’s opinion, that may even be putting it lightly. CRWD solidly beat consensus analyst estimates, and they raised their full year FY21 guidance by a hefty 7%. Based on statements made by the CEO and CFO during the quarterly earnings call combined with their track record, it may be assumed that these estimates are even still a bit conservative and are likely to be exceeded in the coming quarters.
Some of the other highlights of the quarter included:
ARR reached a new record of $104M in the quarter, up 77% YoY and driven by “new logo additions and strong expansion business with low contraction and churn consistent with prior quarters” according to CFO Burt Podbere
CRWD closed their second-largest deal in company history (my guess would be Zoom) which contributed “low eight figures” to their ARR
Landing a deal with a major airline, demonstrating their mission criticality to even a highly-pressured sector
A record for net new subscribers of 969, up 91% YoY
A Magic Number of 1.3, the highest in company history (another measure of S&M efficiency)
Non-GAAP operating income of $7.8M vs operating loss of ($23.1M) a year prior
Positive FCF of $32.4M vs a negative ($29.2M) YoY
Cash and cash equivalents of $1.1B
S&M grew in absolute value, but was down 13% YoY as a % of revenue (41%← 54%); their stated long-term goal is 30-35%
Research & Development ((R&D)) also grew in absolute value, but was down 4% YoY as a % of revenue (21% ← 25%); long-term goal is 15-20%
CRWD projected positive operating cash and FCF for the latter half of the year.
The CEO and CFO emphasized their focus on growing their business aggressively while watching their unit economics closely
CrowdStrike is a hypergrowth company that is focused on expansion, innovation, and market penetration over the near-term. Therefore, using Price-to-Earnings is not generally a helpful measure, as growing profits are expected to come later in the S-curve. I prefer to use Enterprise Value (NYSE:EV) to sales (i.e., revenue). According to prolific SaaS-blogger and VC Jamin Ball: as of September 25, 2020, the high-growth SaaS cohort (defined as >30% projected NTM growth) had a median of 29.5x, which is very close to CrowdStrike’s current value of 29.2x.
However, these valuations may not be should not be taken at surface value for several reasons. Valuations can change quickly, especially with hypergrowth companies. And CrowdStrike’s revenue growth rate is much higher than all of its comparable companies. When revenue is consistently growing at a rapid velocity (i.e., hypergrowth), the dividend of the EV/S equation skyrockets which markedly reduces the ratio in an instant. For example, consensus estimates project CrowdStrike will grow revenue at 36% in 2021. This presumption implies growth velocity will be cut starkly in half from the company’s forecast for growth in the current fiscal year. The author does not think this presumption is likely to come to pass. Based both on historical data and forward-looking projections, I expect CRWD will command a revenue CAGR of close to 64% between now and 2023. If this occurs (all else kept the same), at that time its current multiple would be below 10x. That suggests that the stock price has the potential to double or even triple in that time frame should CrowdStrike’s growth abide (which I think it will). In other words, the current valuation should not scare the reader away from a market leader like CrowdStrike. Eventually, I believe they will grow into their valuation as leaders tend to do.
CrowdStrike shows financial strength in all right places. From robust top-line growth to red-letter S&M efficiency they continue to excel, in some cases eclipsing their prior records. They are moving steadily toward continued profitability, and have realistic yet encouraging long-term goals. Their focus on rapid expansion to capitalize on DX while still paying attention to unit economics reveals that they are not just innovative disruptors, but also savvy entrepreneurs. Despite a relatively high valuation, readers should not get too caught up in the trees and miss the forest. Many of the highest-returning stocks of all-time trod a path paved with countless exclamations as to how overvalued they were every step of the way.
CrowdStrike is a founder-led disruptor in a burgeoning space. The need for cybersecurity and related services is growing rapidly as the digital transformation marches on. Cybercrime is costly for businesses and is becoming costlier, even forcing many into bankruptcy. Data show that by adopting superior cyberdefenses, companies can create a stalwart scaffold on which they can continue to thrive without the fear of undue financial ruin.
CrowdStrike facilitates this metamorphosis by furnishing an innovative and disruptive solution to a longstanding problem that has changed over time. Meanwhile, existing solutions have failed to keep pace. CrowdStrike provides the evolving Falcon Platform that leverages cutting-edge technology, something many of their competitors lack as a shortcoming. Their proprietary Threat Graph is “the brains behind the Falcon endpoint protection platform” that leverages global crowdsourcing and ML/AI to not only react but to anticipate and eliminate future maleficence. Operating largely at the endpoint, they target a pivotal area of cybersecurity that is projected to steadily grow.
CrowdStrike offers a low-friction, single agent with capacity for modular expansion. Clients can scale their spend and tailor a solution to their specific needs. Accretive partnerships with major cloud vendors and complementary security providers add tangibly to CRWD’s growth. Free trials and fast, lightweight implementation reduce barriers to client entry. Part of the beauty of CrowdStrike’s security solution is in this simplicity.
Yet, despite appearing simple on the surface, CrowdStrike’s contribution is not easily reproducible. Their moat consists of a market-leading platform that leverages invaluable, abundant security data. The more Threat Graph absorbs, the stronger the AI grows. Existing clients should continue to see excellent ROI into the future while simultaneously finding they no longer need to devote as much time and labor-intensive care to their prior solutions. Gartner and Forrester both assert that CrowdStrike is a leader in its space. Albeit subtly, they imbue their readers with optimism for the company’s future. Customers likewise rave about the company. Employees demonstrate affection for their employer, including a high affinity for the CEO.
Risks to the investment thesis for CrowdStrike hinge mostly on their ability to continue to deliver high-level innovation and execution in cybersecurity in a world where DX is moving forward. Although COVID-19 has been the harbinger of economic uncertainty, CrowdStrike has yet to display signs of being hamstrung, and in fact has continued its propulsion forward.
Riding that train of thought, CrowdStrike stands out in its financials as one of the titans in the public SaaS space. They have produced consistent top-line growth bolstered by accelerated customer acquisition, excellent GMs, perpetual high retention, and momentous sales efficiency. Furthermore, they have consistently moved toward profitability, crossing to positive net income, operating margin, and FCF in the past couple quarters. Even with this progress in mind, it should be recalled that their near-term goal is to aggressively invest in their business as they reiterated in their Q2 earnings call. They believe that delaying shorter-term profits to achieve a monumental long-term outcome is a compelling trade-off. In a massive, broadening TAM with low market penetration, I believe this is a smart strategic move. And CrowdStrike is successfully executing this strategy already. They continue to demonstrate rapid, organic growth driven by both customers new to the market as well as via competitive dislocations. As a consequence, CrowdStrike’s market share continues to expand while the majority of its competitors lose ground.
Despite the global economic slowdown due to COVID-19, CrowdStrike stands unblemished as they lead a rally forward into the future of DX. They blew out consensus estimates and revised full-year estimates upward. Furthermore, they posted new records for subscribers and sales efficiency, and landed their second-biggest deal of all time, definitively establishing that they are a mission-critical company. Sure, CrowdStrike sits on a relatively high valuation, but why would such an excellent company come cheap?
CrowdStrike is a pack-leading, founder-led disruptor poised for continued hypergrowth. They continue to claim increasing market share within a burgeoning microtrend in cybersecurity, and provide an excellent product/market fit. CrowdStrike has taken the cybersecurity world by storm, revolutionizing endpoint security while pushing forth boundaries for proactive measures (such as IOA and behavior-based modeling). Their Falcon Platform and Threat Graph deliver a potent one-two punch to would-be cybercriminals by leveraging technology that uses AI and grows in efficacy as it gathers more data from a worldwide network of clients. This framework is buttressed by dozens of patents which illustrate CrowdStrike’s innovative success, expand their moat, and make them incredibly attractive to prospective buyers. Despite many companies experiencing strong headwinds in Q2 2020, CrowdStrike barely felt a breeze. In fact, their long-term bullish thesis likely grew stronger. They demonstrated remarkable financial data including several new company records and cemented themselves as mission-critical. I firmly believe that CrowdStrike will continue to impress in a compelling way over the next few years, leading to returns that far outpace the market. Their runway is long and the conditions are right. Crowd “Strike” may be a misnomer, as they seem more like a Home Run.
Disclosure: I am/we are long CRWD, ZM, ROKU, OKTA. I wrote this article myself, and it expresses my own opinions. I am not receiving compensation for it (other than from Seeking Alpha). I have no business relationship with any company whose stock is mentioned in this article.
Editor’s Note: This article discusses one or more securities that do not trade on a major U.S. exchange. Please be aware of the risks associated with these stocks.