Crowdstrike Thoughts, Version 2

Crowdstrike Thoughts, Version 2

This will be short and sweet: This was obviously a blow-out quarter! And this is a blow-out company! It’s my highest confidence position and my largest.

In thinking about this I realize that I was being too flip, and was assuming that everyone was at the same place that I was with Crowdstrike. Here is some more information:

Crowdstrike is a security company built entirely on the cloud and that started out securing endpoints, but now is expanding into many other aspects of security, and seems to be heading towards being the dominant security company. A key advantage it has is its AI. When it detects an attempt at an intrusion ins one of its customer clients it instantly flags and stops that intrusion in that customer, but at the same time stops that intrusion from occuring in each and every one of its customers pretty much instantly. That’s a Wow! feature.

I read about FireEye’s security breach a couple of days ago. I looked at a five year graph and see that FireEye’s stock price is almost exactly still where it was five years ago. It’s never gone much above and never much below. Same market cap. And I wonder why any responsible company would still rely on a static old-line security company like FireEye, when there are companies like Crowdstrike around.

At any rate, here are some results from their recent quarter:

Total revenue was up 86%

Subscription revenue was up 87%

Annual Recurring Revenue (ARR) was up 81% and is more than four times this quarter’s subscription revenue.

Adj Subscription Gross Margin was 78%, up from 76%, and an all-time high.

Adj operating income was $19 million, up from a LOSS of $17 million.

Adj net income was $19 million, up from a loss of $13 million.

Adj EPS was 8 cents, up from a loss of 7 cents yoy.

Op cash flow was $89 million, up from $39 million.

Free cash flow was $76 million, up from $7 million !!!

Cash was $1.06 billion.

Recent Highlights
Added 1,186 new subscription customers in the quarter, including 64 from the acquisition of Preempt Security, for 8,416 total subscription customers, who were up 85% yoy.

The percent of customers that have adopted four, five, or six more modules, were up to 61%, 44%, and 22%, respectively.

Acquired Preempt, a leading provider of Zero Trust and conditional access technology for real-time access control and threat prevention.

Announced multiple new modules and capabilities, including Falcon Horizon, Falcon Forensics, Falcon X Recon, and Falcon Zero Trust Assessment (ZTA).

Announced an alliance with EY to transform cyber risk management capabilities. The new alliance will help enterprises identify, prevent and respond to cyber threats.

Joined the ServiceNow Service Graph Connector Program.

Expanded support for Amazon Web Services.

Conference Call

Our virtual user conference had 6x the customers and prospects attending compared with our in-person event last year.

Our ability to rapidly introduce new modules, and drive adoption among both new and existing customers, is core to our competitive moat. Let me expand on this point in more detail. The very nature of our cloud native architecture powered by Threat Graph enables our ability to innovate and bring new modules to market that customers actually adopt.
Threat Graph is unique to CrowdStrike and differentiates us from others in the market. All the data we collect is stored in one place, the Threat Graph. This is very different from other vendors, including upstarts that silo their data, limiting their ability to scale in the customer’s environment. To be clear, a vendor with an on-prem solution is unable to replicate our Threat Graph capabilities, which allows us to deepen our competitive moat.
Our massive data lake within Threat Graph grows and gets smarter by the minute, which also differentiates our managed detection services, providing visibility across all our customers. Threat Graph processes over 4 trillion high fidelity signals per week. Additionally, with the recent acquisition of Preempt Security, we will have access to a new set of user behaviors to drive new use cases such as preventing insider threats. Preempt has had a fantastic reception. It’s been a home run.
With one data store, the data can be analyzed almost instantaneously across our entire customer base providing real-time protection and community immunity and better training data for our AI algorithms. While others in the market like to claim like-for-like features on slides, customers know the difference and as a result CrowdStrike is rapidly expanding its leadership. In the last nine months alone, close to 3,000 net new subscription customers have chosen Falcon.
We announced three new modules, including Falcon Horizon for proactive management of cloud security posture, Falcon X Recon for increased situational awareness of dark web threats, and Falcon Forensics, which automates the analysis for incident response investigations. Falcon now has 16 modules. Customers are able to quickly try and adopt new Falcon modules without deploying any new infrastructure or agents, making the process frictionless.

Last quarter, we joined forces with Okta to help customers adopt a modern, identity-centric Zero Trust security ecosystem. This quarter, we are thrilled to announce that Okta is now a CrowdStrike customer as well, and we are excited by this opportunity to deepen our relationship. Target was another new customer.

About 72% of revenue was derived from U.S. customers, 14% from Europe, Middle East, and Africa markets, 9% from Asia Pacific, and 5% from other markets.

Adj operating expenses were 68% of revenue improved from 85% of revenue last year, although we continued investing aggressively in our business.

Operating margin improved 21 points yoy to reach +8.1%.

I think we have a huge, huge runway ahead of us and we think we’re ahead of the curve and we think we’re ahead of everybody else in what we can offer, and it’s still early days and we just see a tremendous amount of opportunity.

It’s across the board, it’s not just enterprise, it’s not just mid-market, it’s not just SMB, it is across all of them because the technology works and we’re saving companies lots of money and delivering lots of value.

The majority of the deals are all partner-led. As a channel first company, just about all the deals go through the channel in some fashion. So when we think about EY, we’re really excited because they’re just so embedded in large enterprises, they are so trusted and to have our technology as part of the solution worldwide is really a great win for us and them and the customer.

Crowdstrike is participating in the launch of Professional Services in AWS Marketplace. AWS customers can purchase cloud and IT hygiene readiness assessments and pen testing exercises from CrowdStrike Services in AWS Marketplace that will enhance the security of their cloud initiatives and improve the state of their IT environment in support of their digital transformation.

Saul: Maybe this helps explain why I said that: This was obviously a blow-out quarter! And this is a blow-out company! It’s my highest confidence position and my largest.

I hope that this was better,


Let's work a little harder on the numbers
    21Q4Guide  21Q3 21Q2 21Q1  20Q4  20Q3  20Q2  20Q1
Rev 248       232.5 199  178.1 152.1 125.1 108.1 96.1
YoY 63%-74%    86%  84%   85%   89%  88%   94%   103%
QoQ 7%-14%     17%  12%   17%   22%  16%   13%    19%
(beat)         8.9% 5.8% 7.2%  10.9% 5.9%  4.3%(Ave 7.2%)

So their Q4 guidance medium is 248m, reflecting 63% YoY and 7% QoQ, 
quite a little bit of slowdown. According to their conservative nature, 
if we bake in their average 7% beat of guidance, the rev will be 265m, 
reflecting 74% YoY, not as good as previous quarters, but still 14% 
sequentially, not bad on that one. 
What really pleased me this quarter is the 32% FCF margin. 
They finally entered what I call "the money printing" club. 
Let's see what's gonna happen next quarter.

I read about FireEye’s security breach a couple of days ago. I looked at a five year graph and see that FireEye’s stock price is almost exactly still where it was five years ago. It’s never gone much above and never much below. Same market cap. And I wonder why any responsible company would still rely on a static old-line security company like FireEye, when there are companies like Crowdstrike around.

I have a little insight on FireEye since I worked there 7 years as a QA Director (before I retired in 2019). In 2016 I told the CEO Kevin Mandia in a small meeting that we must begin a move to the cloud immediately. I believe he was a bit taken back by my assertiveness as we were an appliance company at the time. The cloud initiative proceeded without me (sigh…) but was embroiled in politics and IMHO people assigned, dropped the ball a couple times. I am being as polite as I can be as I liked all the folks including CEO Kevin Mandia.

I disagree with your ‘reasons’ that FEYE is a static old line company. For years it has had cloud services and has a very good AI engine in the cloud and in the endpoint. This notion of machine learning across all the security incidents of all customers in the world is nothing new. FEYE has been doing this since 2012. FEYE has very good security detection as confirmed with many outside 3rd party assessments. I have made only a modest investment in CRWD because I have struggled to understand the CRWD success formula (maybe I am too close). But for sure it is real as the results speak for themselves. I believe what CRWD has achieved is due to their initial platform being developed on the cloud (and not ported into the cloud like FEYE has tried for endpoint management). The FEYE strategy was to create a platform in the cloud, but it failed on execution pure and simple. Now that CRWD’s platform is there in the cloud, it has effectively expanded its product offering by the Columbus method, landing and conquering. And its marketing has been most effective eating Symantec’s lunch as they have declined to “a static old school security company”. FEYE has a cloud presence now but is behind the 8 ball compared to CRWD. I would not count FEYE out, but they have probably too much ground to catch up to ever become a threat to CRWD.

In regards to the FEYE security breech, how embarrassing even if it was a nation state actor attack. This can only severely hurt FEYE’s reputation. From the press release I read, the attack appears was against a division of the company that it acquired in 2019, Verodin, Inc. The Verodin focus was on red team, blue team customer training exercises.

One lesson here is that our country should never underestimate the capabilities of the adversarial nation states to execute an effective cyber attack when needed. There is a daily cyber war underway and few people realize it potency. I lived it, it is real. There is always a new trick that can bring a computer down whether you are new school or not.