Author: Ben Tewey

Published: 1/2/21

Author’s Preface

Admittedly, this was a challenging company to analyze due to the complexities of the business; so much so that at times during my research I questioned whether or not CrowdStrike, or SaaS companies as an industry altogether, fell in my sphere of competence. Researching Crowdstrike ($CRWD) and trying to understand its business was fundamentally different than any of the other companies I have analyzed due to my lack of personal interaction with the products offered by the company. However, because I am the stubborn, naive, and young investor that I am, alongside the undeniable opportunities for growth provided in the SaaS space- I, nevertheless, researched and dedicated late nights to understanding the business. In this research I learned a good deal about myself as an investor and would like to remind our readers to respect their sphere of competence and only invest in business he or she fully understands.

The Business 

Crowdstrike ($CRWD) is a Software as a Service (SaaS) cybersecurity firm that provides cloud-delivered endpoint (laptop, smartphone, desktop, servers, etc.) and cloud workload protection. The company uses artificial intelligence and the CrowdStrike Falcon® platform to protect its customers against cyberattacks on endpoints. Crowdstrike has a wide array of segments and products within each segment that build upon the base Falcon platform including:

  1. Cloud modules
  2. Endpoint security
    • Falcon prevent, Falcon Insight, Falcon Device Control, Falcon Firewall Management
  3. Security and IT Operations
    • Falcon Overwatch, Falcon Discover, Falcon Spotlight
  4. Threat intelligence
    • Falcon X, Falcon Search Engine, Falcon Sandbox
  5. Technology
    • Cloud Native Architecture, Falcon Agent, Threat Graph, High fidelity data and smart filtering, Management Interface, APIs and Integrations
  6. Data Center operations
  7. Professional services 

For more information on what each segment or product does click here. Each of these segments are intertwined amongst one another creating an endpoint cybersecurity ecosystem: a one stop shop to protect a businesses endpoints so to speak. In 2011, Crowdstrike created the first multi-tenant (a single form of software serves multiple customers, the software is not individualized for each specific customer) , cloud native (no hardware necessary), open, intelligent (self teaching) security solution capable of protecting workloads across all environments whether that be on-premise, virtualized, or cloud-based running on a variety of endpoints such as laptops, desktops, servers, virtual machines, and IoT devices. 

Crowdstrike makes money through two segments: subscriptions and professional services. The subscription based model accounts for 92% of their revenue. A business model that we, here at VestRule, adore due to the built in revenue recurrence. Crowdstrike makes money through a company subscribing to one of four options: Falcon Pro: $8.99 per endpoint per month, Falcon Enterprise: $15.99 per endpoint per month, Falcon Premium: $18.99 per endpoint per month, Falcon Complete: cost tailored to customer. With each rising level there are added modules made available; this acts as a built-in incentive for companies to move up subscription levels as they mature and grow. As one can infer: the more customers Crowdstrike attracts, the more revenue they receive. The more endpoints the customer has or more cloud modules they pay for, the more revenue Crowdstrike rakes in. They have certainly covered the “more customers” base and therefore the other 2 streams follow as a result. The image below is from Crowdstrike’s Q3 investor presentation and shows Crowdstrike’s subscription customers since fiscal year 2017.

Furthermore, 61% of these subscription customers have 4 or more cloud modules, this has steadily grown from 44% in FY19 and 52% in FY20. The chart below is again from the Q3 investor presentation and highlights the annual recurring revenue per quarter since, the core driver of Crowdstrike’s revenue. Q1 fiscal year 2018.  Obviously, we expect both of these trends, customer base and therefore growth of ARR to continue to rapidly grow. 

We do observe an interesting trend in the ARR which points to a seasonality of the metric and Crowdstrike, “expect[s] these seasonal variations to become more pronounced in future periods, with net new ARR generation being greater in the second half of the year, particularly in the fourth quarter, as compared to the first half of the year. In addition, we also experience seasonality in our operating margin, with a lower margin in the first half of our fiscal year due to a step up in costs for payroll taxes, new hires, and annual sales and marketing events. This also impacts the timing of operating cash flow and free cash flow.” The management attributes this trend to the annual budget process of their customers. 

There was a downtrend in customer retention and expansion from Q4 FY19 to Q4 FY20, but in the three quarters since the company has held above a 120% net retention rate, the benchmark for leaders in the industry, which indicates once a customer is with Crowdstrike they continue spending money on their platform. I do not see this as a point to fret over.  

VestRule Growth Thesis 

  1. Need to replace legacy endpoint security 
  2. Embrace customers of all size
  3. Overseas expansion
  4. TAM growing from 32B to 38B by 2023
  5. Recent Attacks on SolarWinds opens new customers
  6. Move to Cloud Security in the long term

We see a growing need for companies to replace legacy endpoint security products with Crowdstrike’s cloud based model due to a secular shift to digitalisation which has created a need for cybersecurity- we expect this trend to continue. We would like to see Crowdstrike embrace and expand to customers of all sizes. In the past, they have, generally, tailored their business to larger corporations and government organizations, however, we believe that an expansion to helping smaller businesses can drive future growth. We also see an opportunity in the international customer base which currently occupies only 20% of the total customers, however this revenue grew by 116% YoY due to new customer acquisition. Addition of new cloud modules would grow incentive to move up in subscription level and cover a wider range of customers which would revenue. In the short term, through the recent attacks on SolarWinds, we believe that Crowdstrike is well positioned to pick up a portion of these customers. Far off in the future we believe there is an opportunity for Crowdstrike to penetrate the cloud security field which we believe to be as lucrative as the endpoint security field, currently Crowdstrike is partnered with ZScaler ($ZS) to protect customers’ data in the cloud. If Crowdstrike is able to move into the cloud security field alongside their current stranglehold on endpoint security and create a security ecosystem we at VestRule see this as a lucrative move. 

Competitive Moat 

  1. Moat in Technology
    • AI learning
    • Single agent 
    • Greater ability to crowdsource data and therefore train their AI faster than competitors
    • Takes time and a lot of capital to switch away from Crowdstrike’s services
  2. Effects of the moat 
    • Always improving because the AI is constantly getting new data and becoming smarter
    • Single agent leads to less hassle on the customer’s side. 

Crowdstrike is the leader in endpoint security, one of the three spheres of cybersecurity. Endpoint security companies, like Crowstrike, protect laptops, servers, desktops, and mobile phones. Web based security companies, such as CloudFlare ($NET), protect and encrypt individual data from Internet Service Providers, lastly cloud based security companies such as ZScaler ($ZS) protect data in the cloud. 

We believe that Crowdstrike is a “category killer” in the endpoint security space and well positioned for growth over the next five years through the fact they have a distinct advantage over other endpoint security firms for two main reasons: leveraging AI learning and their single agent capability. This may sound fancy, but in reality it is quite simple: Crowdstrike’s Threat Graph is their artificial intelligence and the mechanism that actually stops the attacks. After the Falcon platform identifies an attack, the Threat Graph stops it, the data collected from the Falcon platform is then sent to Threat Graph which learns how to identify and stop that attack again in the future. The key here is the AI learning: the more attack Threat Graph faces the smarter and more impenetrable it becomes. Another advantageous nuance in the Crowdstrike ecosystem is that when one customer experiences an attack, the data from that attack is used to benefit all customers automatically and in real time. The second distinct advantage that we believe Crowdstrike has is its single agent. Many of Crowdstrike competitors’, which they call legacy vendors (a shot that we LOVE from Crowdstike’s management) agents were designed to be single purpose, which means that when new technology comes along they often deploy multiple agents to the endpoint as they layer additional point product capabilities on top of their initial offering. This legacy approach burdens endpoints by consuming additional storage space, memory, and processor capacity, degrading the end user experience. All of Crowdstrike’s cloud modules are powered by a single intelligent agent, allowing customers to consolidate and remove numerous agents from their infrastructure and restore endpoint performance. Because they collect data once from our agent and use it across multiple use cases, the Falcon platform can offer a wide range of functionality without burdening the endpoint. In short, Crowdstrike only needs to be installed once and does not require constant updating, instead it updates automatically from the cloud. This allows certain, previously manual, tasks to be automated which frees up personnel at Crowdstrike’s customers. 

Leadership and Management

George Kurtz, President, CEO, and co-founder,  leads the management team at Crowdstrike. It is often a positive sign when the CEO is also a co-founder of a company as it means that a large portion of his net worth is in the company as well as indicates a passion, dedication, and ability to execute. This is due to the fact that George Kurtz, or any other founder that has grown their business into a large company, started with an idea and was able to follow through and execute from very little. Prior to starting Crowdstrike Kurtz worked in the security space for 26 years- another positive that his personal experience and presumed expertise. Kurtz was the founder and CEO of Foundstone (Built it into a worldwide security products and services company specializing in incident response.) and joined McAfee when it acquired Foundstone in 2004. It is also encouraging that Kurtz worked at McAfee, a competitor in the field, which tells us that he will have a competitive advantage over McAfee as he knows how they operate (of course the opposite can be true as well). 

Burt Podbere, the CFO, has also acted as the CFO for both OpenDNS and Net Optics and has been with Crowdstrike since 2015. OpenDNS and Net Optics are both software/internet companies so Burt has decades of experience dealing with finance in a company like Crowdstrike. He has worked in a slew of other financial positions for software companies. 

Colin Black, the COO, has served as the CIO at Crowdstrike, Cymer Inc. and Kratos Defense and Security Solutions, Inc. He has a BS in Electronics Engineering from the University of Glasgow and was a former customer of Crowdstrike. 

Shawn Henry is the President of Crowdstrike Services and CSO and, “joined CrowdStrike in 2012 after retiring from the FBI, where he oversaw half of the FBI’s investigative operations, including all FBI criminal and cyber investigations worldwide, international operations, and the FBI’s critical incident response to major investigations and disasters. He also oversaw computer crime investigations spanning the globe and received the Presidential Rank Award for Meritorious Executive for his leadership in enhancing the FBI’s cyber capabilities.” In our eyes, he’s pretty good to say the least. He has a B.B.A. from Hofstra, M.S.in Criminal Justice Administration from  Virginia Commonwealth University and is a Graduate from Homeland Security Executive Leadership Program of the Naval Postgraduate School. 

Michael Carpenter is the President of Global Sales and field operations and was the former President of Global Sales and Field Operations for Tanium Inc. and the former President of Americas Sales for Intel Security Group. Amol Kulkrani was the SVP and VP of Engineering at CrowdStrike before moving to Chief Product and Engineering Officer. He was the Principal Engineering Manager and other executive engineering roles at Microsoft. He has a bachelors in engineering from College of Engineering, Pune a masters in Tech in Energy Systems Engineering from the Indian Institute of Technology, Bombay and a Ph.D. in Electrical Engineering from the University of Washington

Financial Statement Deep Dive

Balance Sheet

  • Current ratio 1.9
  • Total assets up 25% since Jan. 
  • Total liabilities up 41% since Jan. 
  • Shareholder equity up 9%
  • Debt to equity ratio is .0.06x which is manageable

As of October 31st, 2020 Crowdstrike had 1,340,796$ in current assets and 1,749,509$ in total assets this is up from 1,171,636$ current assets and 1,404,906$ total assets as of January 31st, 2020. A 14% and 25% growth respectively. Current liabilities are 702,039$ and total liabilities are 934,724$. This is up from 493,096$ and 662,299$ as of January 31st. These represent a 42% and 41% growth in current liabilities and total liabilities. The pace at which liabilities are growing is concerning, it is certainly not encouraging to seem them outpace the growth in assets. However, the current ratio as of October 31st, 2020 is 1.9:1, a very strong ratio by all accounts, but is down from 2.37:1 in January. This shrinking ratio is simply due to investment in the business to stimulate growth and is still at a very healthy level. Shareholder equity has also increased from January’s 742,607$ to October’s 814,785$. The astronomical growth in goodwill and intangible assets this year is inflating the total assets, which is not something we really value here at VestRule. It will be important to keep an eye on growth of liabilities and see if management can deliver on shareholder’s equity growth. 

*all numbers in thousands

Income Statement

  • Revenue rapidly increasing over the last 7 quarters
  • Operating expense up 50% from the same time last year
  • Net Loss is down 34% from last year
  • Net income margin: -10% (up from -28% in same Q last year)
  • 76% gross margin. Solid.

Revenue has been increasing steadily for the last 7 quarters since Q1 FY20 and is expected to continue through the next 3  (this is as far as analysts have projected out.)Over the last 4 quarters revenue has grown at an average of 14%. YoY subscription revenue has almost doubled, same as in the case of professional services as well. In the same time sales and marketing have almost doubled, which we see as a good thing as it is an investment in grabbing a larger market share. Total operating expenses are up 50% in the 9 months ended October 31st compared to the same period last year, sales and marketing as well as research and development are also up YoY. The real positives here are in the net loss: down 34% from last year indicating the company is working toward profitability rather quickly and net income margins which have been steadily trending in the right direction for the last 6 quarters. 

*all numbers in thousands

Cash Flow Cash Statement 

As mentioned net loss shrunk 36% to -73,627 in 9 months ended October 31st, 2020. Net cash provided by operations was up 700% from 33,836$ to 242,103$. That is remarkable. Free cash flow was 76,000 for the quarter which is a great sign.This is significantly up from the 7,000 in the quarter the year prior. I don’t see any abnormalities in the cash flow statement, it looks healthy.

*all numbers in thousands

Valuation

It is hard to justify that Crowdstrike is worth its current market cap of 45 billion. Crowdstrike does pass the rule of 40,a popular metric for potential growth in SaaS companies, but in our eyes, Crowdstrike is due for a pull back, a large one at that. None of its fundamentals, although heading in the right direction, support its current valuation. We consider adding to our position if the company falls down to below 145$ a share. I believe in the long term prospects of Crowdstrike, but do not like it at the current valuation.

Risks and the Negatives

  • Remediation cost could stress capital 
  • Far from profitable 
  • Risk of hack due to nature of business
  • Fundamentals do not justify any price over 145$
  • Takes money to makes money- they are going to have to take on debt

Crowdistrike has a 1,000,000$ remediation insurance meaning that if there is a successful attack Crowdstrike will repay that customer. This does cause some concern due to limited capital the company has due to its youth. Crowdstrike has experienced rapid growth in recent periods, and if they do not manage to continue this future growth the business and results of operations will be adversely affected. Crowdstrike is working to sustainable profitability, but it seems that they are far from this mark as they operate at a net income margin of -10%. The limited operating history makes future prediction difficult, as well as rapid evolution in the field it may be hard for Crowdstrike to remain at the top in their crowded and competitive field. It also must be mentioned that as a cybersecurity provider, Crowdstrike has been, and expects to continue to be, a target of cyberattacks. If one of these attacks proves to be successful their reputation may be damaged, much like was the case with SolarWinds ($SWI). Also, due to the fact that they are a cybersecurity company it is very rarely the case that Crowdstrike receives positive news for preventing an attack as they stop millions of attacks a day, but if an attack does prove to compromise a customer negative publicity is almost inevitable. In order to attract new customers, Crowdstrike must heavily spend on sales and marketing which will take up a large portion of revenue. Lastly, SaaS companies in general are very difficult to value as they are barely profitable or oftentimes operating at a loss and much of their share price is based on investor sentiment for future growth, if this sentiment were to change the stock price could dive quickly. 

Competitors 

The market for endpoint security is intensely competitive and characterized by rapid changes in technology, customer requirements, and industry standards and by frequent new product and service offerings and improvements. In addition to this, because the field is so young, there are numerous new companies that have tried/will try to compete. Conditions in this industry could change rapidly and significantly as a result of technological advancements, partnerships, or acquisitions by competitors or continuing market consolidation. With the introduction of new technologies and market entrants, we expect the competitive environment to remain intense. Some competitors include the following by general category: 

• Legacy antivirus product providers, such as McAfee, LLC., Broadcom Inc.’s Symantec Enterprise division, and Microsoft Corporation, who offer a broad range of approaches and solutions with traditional antivirus and signature-based protection; 

• Alternative endpoint security providers, such as BlackBerry Cylance and VMware Carbon Black

• Network security vendors, such as Palo Alto Networks, Inc. and FireEye, Inc., who are supplementing their core perimeter-based offerings with endpoint security solutions. 

Final Thoughts: 

Crowdstrike has an undeniable growth opportunity, but in no way can justify its 45 billion dollar price tag at the moment. We would like to see its valuation come down. However, we acknowledge it is incredibly difficult to value these high growth SaaS companies as much of the value comes from investor sentiment. It is much more fun analyzing a company that has been around for longer and has a longer track record as it makes the business less speculative and more predictable. I wonder how permanent the Covid boost is and if customers may transfer away from Crowdstrike due to lack of necessity after the pandemic. 

Disclaimer and Disclosure 

I own shares of Crowdstrike. I am not a financial advisor. These articles are for educational purposes only. Investing of any kind involves risk. Your investments are solely your responsibility and we do not provide personalized investment advice. It is crucial that you conduct your own research. I am merely sharing my opinion with no guarantee of gains or losses on investments. Please consult your financial or tax professional prior to making an investment.

Bibliography

Crowdstrike Investor Relations

Crowdstrike 2020 10k Report 

Crowdstrike Investor Presentation 

Crowdstrike Executive Team 

Q3 FY21 10Q