Crowdstrike Q321 recap

So much to admire here. Fantastic continued execution. Operational leverage kicking in strong. Continued tailwinds from work-from-home and a well publicized massive breach. More customers pouring in. In tandem with Okta, provides a vital piece to Zero Trust and SASE solutions. Pivoting to their threat graph into new directions (behavioral analytics in Zero Trust, cloud workload protection).

Amazing that no one else saw it for the first 6 months when the stock was in the doldrums, but I was not deterred. Simply stellar execution over its nearly 2 years as a public company.



CC transcript:…
Number trends:…

Revenue  232.5M +86% ^^
- Sub Rev 213.5M  +87%
- Pro Svcs 18.9M +74%
ARR 907.4M +81%
Gross Profit 170.9M +94.8% ^^ !!!!
Adj Gross Margin 76% +400bps 
- Adj Sub GM 78% +200bps
Adj Op Inc 18.9M (vs -16.5M) 
... margin 8.1% (vs -13.2%) +2130bps !!!!
Adj Inc 18.6M (vs -13.4M) swung pos
Opex 195.1M +54.5% !!
CFFO 88.5M  +129%
... margin 38.1% (vs 30.9%) +720bps, +1050bps seq
FCF 76.1M +987%
... margin 32.7% (vs 5.6%) +2710bps !!!!, +2879bps seq !!!!
Cash 1.06B
Custs 8416 +85% !!!!, +16.4% seq
$NER >120%

  • acquired Preempt Zero Trust auth

  • cust count includes 64 from Preempt, adj organic cust growth was +83.6%

  • custs with 4+ modules 61%, +4pp seq

  • custs with 5+ modules 44%, +5pp seq

  • custs with 6+ modules 22%

  • US 72%, EMEA 14%, APAC 9%, Other 5%

  • new modules (now 16) & capabilities

  • Falcon Horizon for cloud security posture
  • Falcon Forensics for automation of incident response
  • Falcon X Recon for dark web threat awareness
  • Falcon Zero Trust Assessment (ZTA) [Preempt became part of this]
  • TAM now 32.4B in FY2021 (up from 24.6B in 2019)

  • cloud workload is very under protected, expect market opportunity to expand 10x in next 3y

  • joined forces w/ Okta to help build a Zero Trust ecosystem (and Okta became customer)

  • Threat Graph processes 4T signals per week

  • new alliance w/ EY (global strategy & services co) to give Falcon EPP to their platform’s customers

  • joined ServiceNow Graph Connector program, to integrate device data into their incident response

  • expanded support for AWS

  • virtual Fal.con conf had 6x attendees over last year

Is launch partner in new AWS Marketplace for Professional Services…

  • Cloud Security assessment (Horizon) - eval cloud systems for actionable insights into misconfigurations & identify vulnerabilities that could lead to breaches
  • IT Hygiene assessment - identifies vulnerabilities in IT env, missing patches, unprotected devices, weak settings
  • Red/blue team exercise - simulates targeted attack by ethical hackers (red) and incident response team to detect and repond (blue)


Attacks in Pandemic - 2020 Global Security Attitude Survey…

Survey results:

  • 71% more worried about ransomware

  • 56% admit have suffered ransomware attack in last 12mo

  • 27% of those who had ransomware attack paid ransom, at avg $1.1M

  • 27% believe their org will fall victim going forward

  • 87% believe nation-state attacks are more common than believed

  • 73% believe nation-state attacks are single largest threat

  • 63% say their org concerned about nation-state attacks

  • 84% have accelerated digital transformation plans due to COVID

  • 45% of those modernized security tools

  • 44% of those increased cloud rollout for remote empl

  • 79% believe COVID has had positive impact on their org’s security strategy

  • 117 hours avg time to detect intrusion

CEO on Workload protection: “Stopping the breach is no longer just about protecting endpoints. It also encompasses cloud workload security and identity protection. We have been investing and innovating in both our cloud workload and Zero Trust capabilities and we believe we will see significant growth opportunities in the years ahead. … we believe today’s cloud workloads are massively under-protected, and this could represent a 10 times market opportunity in 2023 compared to IDC’s estimate of the cloud security market in 2020. … From March through October of 2020, we have seen more than 14 times growth in protection for containers, and greater than 20% of all the servers we protect across our entire fleet of customers are in the public cloud. … We believe combining workload security with identity protection is foundational for establishing true Zero Trust environments.

This is another area where the Falcon platform can provide a clear advantage for securing today’s distributed workforce by providing enhanced protection against identity attacks and insider threats. This solves a huge problem and closes a considerable hole in security that conventional Zero Trust models can’t address. Based on IDC estimates, we believe the identity protection market will be a $2.2 billion market in 2021. CrowdStrike is a leading security provider in the market with a Zero Trust approach that combines endpoint and workload protection with identity protection, behavioral analytics, and AI.”

Ronjob response to FireEye breach:…
Anecdotal from ex-FireEye employee:…
Anecdotes from an attacked firm:…
SolarWinds thread:
Recap from Vinegar:…
SolarWinds breach terms:…

Takeaways from SolarWinds breach:…

  • identity-centric attack w/ lateral movement
  • proactively reduce attack surface w/ IT hygiene (Discover)
  • detect identity attack vectors in real-time (Preempt, now ZTA)
  • prevent lateral movement (Zero Trust)
  • automated response to identity-attacks used in breach

CRWD report on the attack:…

SolarWinds hires CRWD:…


Board post recapping all announcements:…

Adding new marketplace for threat intel.…

  • enrich strength of platform by adding in 3rd party intel
  • provides unified console to tie platforms together, use outside sources to add context & intel to Threat Graph assessment
  • provides complete visibility & richer context
  • added new type to CrowdStrike Store, launch partenres include DomainTools, OPSWAT MetaDefender, RiskIQ, and Sixgill
  • new partner app X-Ray from Perception Point, helps in containment and remediation

Zero Trust Assessment (ZTA)…

  • Continuous real-time security posture assessment across all endpoints
  • Conditional access based risk assessment, from device posture & compliance checks
  • Every endpoint gets least privileged access until accessed (Zero Trust, beyond authentication)
  • Incorporates Preempt acquisition for conditional access
  • Partnering with Okta on identity
  • Partnering with Cloudflare, Okta, Zscaler, Akamai, Google Cloud, Netskope on Zero Trust platforms

Falcon Horizon…

  • module to protect multi-cloud environs
  • finds and fix issues in security mgmt configurations
  • visibility and control over private, public, hybrid, multi-cloud enirons
  • continuous discovery over security posture, real-time monitoring of cloud configurations
  • detects misconfigurations & vulnerabilities, provides guided remediation
  • prioritizes threats, speeds up response
  • can also utilize Cloud Security Assessment hands-on service

Falcon Forensics…

  • empowers Incident Response (IR) partners to help work collaboratively to handle security incidents and conduct forensic triage
  • investigate breaches faster & in detail
  • pre-packaged dashboards for visualization & search over historical activity & intel

Falcon X Recon…

  • provides increased level of situational awareness over threat enrichment data
  • proactively collects info from the “cyber underground” -dark web and hacker marketplaces, that users can search & monitor
  • situational awareness dashboards to highlight alerts & trends
  • on-demand searching from any Falcon module
  • ease of understanding hacker posts, w/ language translation & hacker slang dictionaries

Now is FedRamp Moderate, going after High & DoD Level 4 and 5:…

Launch partner for newly announced AWS Network Firewall to protect AWS Virtual Private Clouds (VPCs):……

long CRWD