CRWD Logo
Crowdstrike (CRWD) Stock | NASDAQ: CRWD

Covered by Stratosphere

Securing The Lead

CrowdStrike Holdings Inc is a cybersecurity vendor that specializes in endpoint protection, threat intelligence and hunting, attack remediation, and offers various solutions to supplement security and network operations teams.

Its cloud-based architecture collects data across all its endpoint agents, analyzes the information within its cloud platform, and updates all of its customers' security posture.

CrowdStrike sells packaged tiers of cybersecurity protection and offers individual security modules via its online marketplace. The company was founded in 2011, went public in 2019, and is based in California.

Stratosphere Score

8

Growth

10

Valuation

3

Quality

8

Margins

6

Dividend

0

Balance Sheet

9
Adrian Iwanicki

Author

Adrian Iwanicki

Equity Analyst

Investment Thesis

  1. CrowdStrike Holdings, Inc. ("CrowdStrike") is a leading provider of AI-driven, cloud-native threat intelligence, response, computing device protection, and several other cybersecurity services for small to large enterprises. The Falcon platform, CrowdStrike's ecosystem of cybersecurity modules, aims to prevent and resolve malware breaches, as well as malware-free breaches, historically a blind spot in cybersecurity solutions.

  2. CrowdStrike's platform provides companies with a cost-effective, lean-and-mean, and single-agent solution that processes, stores, and analyzes trillions of cyber signals in real time to provide full protection across all computing devices within seconds.

  3. The Falcon platform uses machine learning, artificial intelligence ("AI"), and behavioural analysis using data aggregated from each customer on the platform to improve cyber protection in real time for all customers. As the Threat Graph - the Falcon platform's data store - processes an increasing number of signals over time across a wider customer base, the platform grows smarter, stronger, and becomes more effective in reducing false breach signals and preventing genuine breaches.

  4. Cybersecurity is a growing concern with the digitalization of the globe and distribution of our devices and networks. Demand for CrowdStrike's AI and cloud capabilities is poised to grow exponentially as cyberattacks are costing organizations trillions of dollars each year, and this number is set to grow.

  5. CrowdStrike has a massive Total Addressable Market ("TAM") of over $40 billion in 2023. Within this TAM, CrowdStrike has optionality with its data capabilities to provide expanded solutions within and outside cybersecurity given its strong balance sheet, operating leverage, highly scalable business model, and history of intelligent acquisitions to expand the Falcon ecosystem. However, this comes at a lofty premium with shares trading at many multiples of sales.

Key Company Metrics

A set of metrics we constantly keep updated to monitor the investment thesis.

Competitive Advantages

CrowdStrike's most obvious competitive advantage is the inherent network effect briefly touched upon earlier in this primer. Falcon uses AI technology to expand its database and grow "smarter" the more CrowdStrike's customers are attacked by cyber threats and as Falcon is used more across increasingly vast geographies. Each week, approximately trillions of signals are streamed to the Threat Graph and this number continues to grow.

CrowdStrike can collect high-fidelity signals and data about both potential attacks and benign behavioural patterns across the whole customer base thanks to the multi-tenant structure of the cloud. AI algorithms are updated constantly from a wide customer base, instantly protecting all other customers on CrowdStrike platforms the moment any customer experiences an attack or a breach. This network effect has a dual positive effect: (1) false positives are reduced and (2) the ever-growing amount and types of breaches are stopped. In simplest terms, the Falcon platform gets better as more customers use it and purchase more modules.

CrowdStrike uses the "land-and-expand" sales model to obtain customers and provide custom solutions from a customer’s inception. As noted earlier, customers typically expand the number of modules they are subscribed to over time, inherently increasing the switching costs from a financial standpoint. More importantly, a customer that decides to sever ties with CrowdStrike loses out on the benefits obtained from Falcon collecting, processing, and analyzing internal company data and providing increasingly improved security protection via the cloud.

Additionally, it is generally easier for companies to manage one cybersecurity platform on the cloud rather than a combination of complex on-premise and cloud agents from different providers. Companies certainly will not be hiring their own in-house cybersecurity teams either – they are both expensive and difficult to attract. CrowdStrike is the one-stop shop for cloud cybersecurity protection, making it extremely unappealing for customers to leave.

The best businesses in the world generally possess two key powers – a sticky product or service that customers love and the resulting strong financials that enable further investment to make their products and services even better. We believe CrowdStrike possesses both along with operating leverage.

Gross margins are improving substantially, and the company generates positive free cash flow amid heavy reinvestment into the business. CrowdStrike obtains this operating leverage from the low incremental platform costs of onboarding new customers, high net retention, and margin expansion through the "land-and-expand" model. CrowdStrike is also leaner than its competitors – the Threat Graph operates at approximately 13% of the standard on-premise solution cost. As revenues continue to grow, CrowdStrike can exercise its option to invest into more modules and/or target verticals and new use cases outside the cybersecurity realm.

Opportunities Ahead

  • We believe that organizations will increasingly turn to CrowdStrike's premium cybersecurity solutions run on its cloud-native Falcon platform to prevent and manage cyberattacks. By 2025, worldwide cybercrime costs are expected to top $10.5 trillion. These costs will continue to grow because of the accelerated digital adoption due to COVID-19 and the one million people who are joining the internet daily.

  • Today, CrowdStrike offers 19 different modules and the CrowdStrike Store. George Kurtz has made several references to developing new cloud modules for broader endpoint use cases. This means venturing outside the world of cybersecurity is on the table and actively explored by management. When the company first went public in June 2019, the CrowdStrike ecosystem contained 10 modules. Cybersecurity-adjacent modules, like Forensics, Identity Protection, Situational Awareness, and Log Management are a few areas CrowdStrike explored and executed as new modules since the IPO.

  • Management is focused on a few key areas to exercise optionality now and in the future:

    1. Falcon Discover can be leveraged for use cases outside of security, including application license management, AWS spend analysis, and asset inventory.

    2. The CrowdStrike Store is the first open cloud-based application platform-as-a-service for cybersecurity in the world. It allows customers to discover and try additional cloud modules from trusted partners, who build applications and post these on the CrowdStrike Store, and from CrowdStrike itself.

    3. The authorization of CrowdStrike products by several US federal agencies via the Federal Risk and Authorization Management Program ("FedRAMP") allows customers to launch the Falcon platform in AWS GovCloud as well as directly serve government agencies with an array of security tools.

    4. Growing usage of "containers" and cloud workloads in computing is driving demand for the protection of these areas as global cloud adoption accelerates and workloads are placed onto the cloud by businesses and other organizations.

  • CrowdStrike appears to make acquisition decisions for long-term value creation, integrating modules that leverage its already-robust data-driven, AI-enabled, cloud-native security platform. It is likely CrowdStrike will continue to make many unexpected acquisitions that expand product offerings in the short run and unlock tremendous value over the long run. With the company's strong balance sheet (high cash, low debt), CrowdStrike has significant room to mobilize capital to perform intelligent acquisitions and further expand its ecosystem.

Risks

We believe CrowdStrike and its ability to expand and hold onto its lead could be limited by the following forces:

  • CrowdStrike operates as a generalist player in a competitive environment with many large incumbents across various cybersecurity solutions. For example, Symantec, Microsoft, and McAfee in the antivirus market, Blackberry Cylance, VMware Carbon Black, and SentinelOne in the endpoint security market, and Palo Alto Networks and FireEye in network security pose a threat to CrowdStrike with their brand reputation, recognition, and highly rated solutions. CrowdStrike may find itself in a poor competitive position should a price war ensue or if the market becomes further saturated with additional offerings from incumbents and new entrants.

  • The "land-and-expand" sales method and flexible solution offerings could work against CrowdStrike if customers churn out of the CrowdStrike ecosystem. Customers that are not wholly immersed in the CrowdStrike ecosystem could find it easy to switch to other services all while having provided CrowdStrike with trivial revenues.

  • CrowdStrike's openness to verticals and other opportunities could result in a lack of focus on general operations and core modules. It is imperative that CrowdStrike continues to invest in its operations considering the competitive environment in which it operates while competitors also seek ways to gain market share. CrowdStrike may also experience cost increases and a reversal of some of its operating leverage if future penetrated verticals are vastly different from its core operations and separate teams are built to manage these segments.

On the valuation front, CrowdStrike faces significant risk in the short- and intermediate-term due to heightened software and cloud valuations amid accelerated COVID-19 demand for digitalization. Although CrowdStrike is growing revenues quickly, it still trades at massive multiples on forward sales estimates. There is significant downside in the case of multiple compression or increasing competition souring investor sentiment towards CrowdStrike.

Join our stock investing newsletter

Investing articles and ideas in your inbox

We won't send you spam. Unsubscribe at any time.