🦅 CrowdStrike: AI-Powered Security
This cybersecurity giant is on track for a $100 billion market cap
Greetings from San Francisco! 👋🏼
Over 93,000 How They Make Money subscribers turn to us weekly for business and investment insights. Glad you're here.
CrowdStrike (CRWD) surged by 25% for a hot minute on Wednesday, following a strong earnings report that surpassed expectations.
In the AI gold rush, cybersecurity is an obvious beneficiary of secular tailwinds. However, not all companies within this category are riding that big wave equally (ahem, looking at you, Palo Alto Networks).
CrowdStrike is on track to cross a $100 billion valuation (possibly overtaking Palo Alto). So, it’s the perfect opportunity to dive into this cloud security giant.
Let’s unpack the quarter and why you should care.
Today at a glance:
CrowdStrike’s Q4 FY24.
Recent development.
Key quotes from the call.
What to watch looking forward.
For a primer on cybersecurity, check out our Industry Showdown article.
⚖️ AI keeps delivering on the legal drama
Elon Musk, co-founder of OpenAI, is suing the company for allegedly straying from its original mission of developing open-source and beneficial AI for everyone. He claims OpenAI (a non-profit) keeps its models closed and prioritizes profits through partnerships like the one with Microsoft.
This isn't the only legal challenge OpenAI faces. The New York Times recently sued them over the use of copyrighted material to train AI models, raising concerns about potential copyright infringement in AI outputs.
We dive into the details of the NYT lawsuit on our YouTube Channel. Get the insights in a few minutes with our commentary and visuals.
1. CrowdStrike Q4 FY24
CrowdStrike Falcon is a cloud-native security platform that protects endpoints (devices like laptops and servers), cloud workloads, identities, and data. It works by combining several features:
🪶 Lightweight agent: A single agent is installed on all devices you want to protect. This agent is designed to be easy to deploy and manage and doesn't require constant updates or reboots.
🧠 Threat intelligence: CrowdStrike uses threat intelligence to identify and block malicious activity. This intelligence is constantly updated to keep up with the latest threats.
💻 EDR (Endpoint detection and response): Falcon can detect and respond to threats on your endpoints. This includes things like malware, ransomware, and phishing attacks.
☁️ XDR (Extended detection and response): XDR takes EDR further by collecting data from other sources, such as cloud workloads and network devices. This gives you a complete picture of what's happening on your network and helps you quickly identify and respond to threats.
Key metrics:
Let’s define a few terms:
ARR (Annual Recurring Revenue): The annualized value of all recurring customer contracts. It grew +34% year-over-year to $3.44 billion.
Net retention rate: The percentage of revenue retained from existing customers over a specific period. It was 119% in Q4 (stable in the past three quarters), which means customers spend more over time. Crowdstrike shines here compared to other cloud software companies that have seen net retention collapse in the past year. Management expects it to stay around 120% in FY25.
Gross retention rate: The percentage of customers who remain CrowdStrike customers over a specific period (maximum is 100%). It was 98% (unchanged).
Customers with > $1 million in ARR grew +33% year-over-year to 580.
Modules: Services customers subscribe to. Multi-module adoption is crucial for sustaining ARR growth.
CrowdStrike’s management often talks about its lower TCO (Total Cost of Ownership), which factors the software cost and the time and expenses saved in the process. It creates a formidable moat, driving multi-module adoption. New customers adopt nearly five modules out of the gate on average. In Q4, 27% of customers used seven modules or more.
Income statement:
Here is the bird’s-eye view of the income statement.
Revenue grew +33% year-over-year to $845 million ($5 million beat).
☁️ Subscription grew +33% Y/Y to $796 million.
💼 Professional services grew +26% Y/Y to $50 million.
Gross margin was 75% (+3pp year-over-year).
Operating margin was 4% (+13pp year-over-year).
Non-GAAP operating margin was 25% (+10pp year-over-year).
Non-GAAP EPS $0.95 ($0.13 beat).
Cash flow:
Operating cash flow was $347 million (41% margin).
Free cash flow was $283 million (33% margin).
Balance sheet:
Cash and cash equivalent: $3.5 billion.
Long-term debt: $0.7 billion.
Guidance (mid-range):
Q1 FY25 revenue +31% year-over-year to $904 million ($899 million expected).
FY25 revenue +29% year-over-year to $3.96 billion ($3.94 billion expected).
So what to make of all this?
Net new ARR is a critical metric for momentum. It was $282 million (+27% year-over-year). It was the second consecutive quarter of accelerating growth. Q4 (ending in January) is seasonally the strongest quarter.
It was a modest revenue beat, but profitability was well ahead of expectations. Focusing on ARR is only part of the story. Crowdstrike grew its adjusted operating income by 123% year-over-year to $213 million.
Multi-module adoption shows the platform strategy is working. It’s easier for existing customers to add modules to Falcon’s cloud platform, which has become a one-stop shop.
Margins improved significantly. And I’m not just talking about adjusted margins, which exclude SBC (stock-based compensation). I’m referring to the GAAP margins. The company had an operating profit for the second consecutive quarter.
SBC was $176 million or 21% of revenue (compared to 24% in Q4 FY23). It’s heading in the right direction, growing much slower than revenue. For more, check out our primer on SBC and how it impacts financial statements.
Guidance beat expectations slightly, and we can expect more upsides based on the track record of this management team. Q1 net new ARR year-over-year growth is expected to be at least double digits and accelerate throughout the year.
CrowdStrike will hire more aggressively in the first half of FY25 (based on growth momentum), temporarily hindering margin expansion.
2. Recent developments
🔎 Leadership Recognition
Gartner's Endpoint Protection Platforms Magic Quadrant: In November 2023, CrowdStrike was positioned as the highest ability to execute and furthest to the right in completeness of vision, ahead of Microsoft and every other vendor.
Forrester Wave for Cloud Workload Security: in Q1 2024, CrowdStrike was one of only two leaders (alongside Palo Alto) in the entire cloud security market, ranking highest in vision and innovation.
💰 Flow Security Acquisition
CrowdStrike will acquire Flow Security, a cloud data runtime security solution provider. This acquisition brings DSPM (Data Security Posture Management) capabilities to the CrowdStrike Falcon platform, offering:
Comprehensive data protection: Protects data at rest and in motion across cloud, on-premise, and applications.
Consolidation: Enables customers to eliminate point solutions and protect their cloud environment.
Enhanced visibility: Provides insights into data flows and identifies potential data security risks.
This move fuels CrowdStrike's unified platform for comprehensive data protection. CEO Georges Kutz explained:
“Flow stood out as the most unique technology amongst a sea of early startups by delivering the industry's first and only cloud data runtime security solution.”
Not their first rodeo: CrowdStrike has been very acquisitive over the years, a trait comparable to companies it’s trying to emulate, like Microsoft or Salesforce. This approach has contributed to multi-module adoption.
Here are a few acquisitions you should know:
Payload Security (2017): The creator of the automated malware analysis sandbox technology Hybrid Analysis. Financial details not disclosed.
Preempt Security (2020): A zero-trust and conditional access technology provider for real-time access control and threat prevention. $96 million.
SecureCircle (2021): A SaaS-based cybersecurity service that helps organizations secure data in the cloud. Financial details not disclosed.
Humio (2021): A high-performance cloud log management and observability technology provider. $400 million.
Reposify (2022): Threat detection platform for IoT devices. Financial details not disclosed.
Bionic (2023): Cloud security management platform. $350 million.
☁️ Dell Partnership
Dell and CrowdStrike are expanding their partnership to offer Dell's MDR (Managed Detection and Response) services on CrowdStrike’s Falcon XDR platform.
This collaboration aims to help customers combat increasingly complex cyber threats and bridge the cybersecurity skills gap. Customers gain access to a comprehensive and intuitive managed security solution.
This solution caters to multi-cloud and multi-vendor environments, offering flexibility and choice to clients. The focus on cost reduction and consolidation of point products could be particularly attractive to cost-conscious customers.
Since announcing the Dell partnership in 2023, over $50 million in deal value was created, illustrating that it could move the needle over time.
3. Key quotes from the earnings call
CEO George Kurtz on the Falcon platform:
“Falcon is the easiest and fastest cybersecurity technology to deploy, and our single AI native platform makes vendor consolidation instant, frictionless and natural. The feedback we receive from customers, prospects and partners alike is consistent, eagerness to deploy the Falcon platform, ease of adopting more Falcon platform modules, and excitement from continuous innovation“.
CrowdStrike can claim to be cloud-native and AI-native. It’s not just a buzzword. The platform was built on AI long before it was cool. Its AI brains, called Threat Graph, learn every time a customer suffers a breach, a process benefiting the entire ecosystem.
On AI integration:
“Our platform approach makes landing with multiple solutions at once easy and adopting increasing capabilities over time and organic experience. We collect data once and reuse it many times for today's and tomorrow's use cases. Our application of GenAI makes cybersecurity predictive and accessible for all skill levels. It's all on one platform, one agent, and one integrated workflow.”
On pricing:
“A recent IDC report echoes this, showcasing $6 of return for every dollar invested in the Falcon platform. That is ROI. Free is never free. Customers understand the difference between product pricing and the total lifetime cost of operating inferior technology. Given the Falcon platform's ROI and TCO savings, we believe we will continue to see favorable pricing dynamics."
This is a crucial soundbite and a direct jab at Palo Alto Networks (PANW).
Palo Alto, the largest pure-play cybersecurity company, took an aggressive approach by offering free products and discounted prices. The company recently dramatically lowered its guidance due to “pricing pressure” from legacy vendors.
In short, Palo Alto is trying to embrace a platform strategy, but it’s doing so by bundling and discounting single-point solutions as opposed to offering a single, lightweight agent.
On multi-module adoption:
“Our market-leading cloud security, identity protection, and next-gen SIEM solutions are in demand, because they solve painful customer problems. These businesses collectively are more than doubling year-over-year. Each are IPOable businesses and each play lead roles in Falcon platform consolidation.”
Management provided updates on three fast-growing modules:
Cloud security: $400 million in ARR (with net new ARR nearly tripling).
Identity protection: $300 million in ARR (> 100% growth Y/Y).
Logscale Next-Gen SIEM: $150 million in ARR (> 160% growth Y/Y).
On customer wins:
“A global financial services giant replaced their Palo Alto Prisma Cloud products in a large seven-figure deal. The Palo Alto cloud security products required separate management consoles and separate agents because cloud security is on a separate Palo Alto platform altogether. CrowdStrike was able to deliver an expected 70% time reduction in management as well as more than $5 million in annual staffing cost savings.”
For those counting at home, that’s the second direct jab at Palo Alto Networks.
On the go-to-market strategy:
“We announced Falcon Flex, a flexible licensing model where we enable customers to use the products they want, when they want, over the course of a multi-year subscription term.”
This approach encourages customers to go ‘all-in’ with Falcon and drives customer stickiness. AWS Marketplace surpassed $1 billion in sales, primarily delivered through SIs (System Integrators) like Accenture or Deloitte Consulting.
CFO Burt Podbere on long-term guidance:
“We continue to aggressively invest in our innovation engine and flight the company to achieve its vision of reaching $10 billion in ARR over the next five to seven years.”
With ARR at $3.44 billion today, this target implies an ARR compound annual growth rate of 17% to 24%, depending on when CrowdStrike hits $10 billion (5 or 7 years). Given that this management team consistently beats its own ARR guidance, ARR might grow north of 24% CAGR in the next five years.
As a result, CrowdStrike could achieve an ARR of $10 billion less than 17 years after being founded. I don’t think any business has ever reached this milestone this fast (Snowflake might come short), but please let me know in the comments if I’m missing one.
On the so-called spending fatigue
“While companies may be fatigued with other vendors, they have embraced CrowdStrike's platform strategy and want to buy more of the Falcon platform.”
Here’s your third jab at Palo Alto. Podbere highlighted the number of deals, multi-module adoption, and customer spending over $1 million as evidence of continued strength.
4. What to watch looking forward
A pot of gold at the end of the rainbow
CrowdStrike has repeated in its investor presentations how it wants to be the leading ‘Security Cloud’ and emulate other category-defining cloud platforms:
Workday (HR Cloud).
Salesforce (CRM Cloud).
ServiceNow (Service Management Cloud).
After two consecutive quarters of positive operating income while still growing in the mid-30s, the company is on track to deliver outstanding profitability at scale.
Public cloud software companies are overwhelmingly unprofitable businesses. However, in FY24, Salesforce (CRM) demonstrated that margins can expand quickly once the focus turns to the bottom line (see visual). And when the entire business is driven by recurring subscription revenue and highly predictable unit economics, you are looking at a finely-tuned cash flow machine.
Valuation
CrowdStrike is trading at:
Forward EV-to-revenue ratio of ~19, according to data from YCharts. Only Palantir (PLTR) and Cloudflare (NET) trade at such a high valuation. Of the three, CrowdStrike has the fastest growth profile based on guidance, so you could argue that CRWD is cheaper than the other two.
EV-to-FCF of ~82. In 2012, Salesforce had a similar profile to CrowdStrike today, with a $3 billion annual revenue run rate, growing in the mid-30s. CRM traded at 8 times revenue and 45 times free cash flow back then.
Some takeaways:
Does CrowdStrike deserve a premium relative to most cloud software companies today? Absolutely.
Does it look overextended right now relative to companies with a similar profile in the past? Also yes.
A better question might be: Will there be better entry points in the future?
💡 Just for fun: CRM stock tripled from 2012 to 2017. So, all other things equal, even if you had bought CRM at 82 times FCF in 2012, you would have still doubled your money in the following five years. So, in theory, CrowdStrike could still generate alpha in the next five years at its current valuation.
That’s it for today!
Stay healthy and invest on!
Apply to Sponsor Us
We're offering new sponsorship opportunities for B2B and B2C brands to get in front of our audience of investors and business leaders. Click here to learn more.
Get Your Business a Custom Chart
Interested in custom charts for your organization or brand? Complete the form here, and we'll get in touch.
Disclosure: I am long CRWD, a Starter Stock in the App Economy Portfolio since 2021. I share my ratings (BUY, SELL, or HOLD) with App Economy Portfolio members.
Author's Note (Bertrand here 👋🏼): The views and opinions expressed in this newsletter are solely my own and should not be considered financial advice or any other organization's views.
Seeing your success on this platform is inspiring. You put together great articles, great graphics, and the followers keep rolling in. Way to go!
Cloudflare have always intrigued me as a company having seen advertisements for their platform but not quite understanding what they did. This breakdown was great!