I had started putting this together mostly for myself but we were on vacation so instead I went and did vacation things. I noticed bits and pieces of this have been posted already but I think some of this is new. I won’t go over much of the numbers since that has already been covered.
crowdstrike technology and business model
I invested in crwd at the IPO for the growth and as I have learned more I’m more optomistic about the company because of their base technology which is substantially different than other endpoint solutions that I am aware of. They are a true native cloud based data collection and action agent that can be generalized to many different scenarios. Endpoint protection and response is what they have started with. You can think of crowdstrike’s lightweight agent as half, and their “threat graph” as the other half. Lets cover the agent first.
The agent is able to do two main things. Scan a computer at a very detailed level and upload that data. The other half of the agent is that it is able to ACT on the computer. The agent gets instructions and its intelligence from the Threat graph which is the second part.
The “Threat Graph” gathers all the data from all the endpoints and decides what is a problem and what isn’t. Their database can analyze and correlate over 1 trillion events a week in real time. The cool part about this is if some malware is detected on 1 computer in Singapore then all endpoints covered by crowdstrike are instantly protected. The power of their system is just down right incredible.
The other cool part is once they have the data from an endpoint it can be used not only for next gen antivirus but also for configuration management, IT operations (both are new modules being developed) and anything else someone can think of such as APM , performance management, etc etc. Crowdstrike’s core technology is incredibly versatile and they are leveraging it by offering 3rd party applications developers access to it. Salesforce has done something similar, (crowdstrike has said they want to be the salesforce of security) but honestly crowdstrike’s technology should allow them to expand beyond just security. If an app on their platform does well then they can just buy it and incorporate it into the core product just like salesforce has done.
Crowdstrike grew their Threat Graph on 3rd party cloud providers which was relatively expensive and the reason their subscription gross margin last year was 62%. CRWD is in the process of moving to colocation data centers and away from cloud providers which has resulted in their gross margin increasing to 72% this quarter. Their long term gross margin target is 75-80%.
Business and Selected Financials
Others covered this. I just wanted to point out a few things.
They didn’t post a dollar based net retention rate. In their s-1 they were humming along at a DNRR of about 120% and then jumped to 147%. The scuttlebut on the street is that amazon massively increased their spend with CRWD which caused that quarters DNRR to jump to 147% In the CC their CEO said that large orders can cause fluctuations quarter to quarter. My guess is the DNRR is less than 147% this quarter but as they said above 120%.
Part of crwd’s upsell is to sell additional modules to endpoint customers. These modules are essential free from a margin standpoint as CRWD has already collected the data and spent the computation power analyzing it so each additional module increases their gross margins. Last year 47% of people had 4 modules or more. This quarter the number is higher but they didn’t give it. My guess is barely higher to functional equivalent.
CRWD points out ARR (annual recurring revenue) as a key metric. They calculate it as if everyone with a contract renewed their contract at their previous rate. Personally I think it is kind of a crummy “key metric” because it doesn’t take into account churn or upsell. I’d rather they gave us DNRR every quarter …and my wish upon wish is if they would give us churn. ARR grew 114%.
One of the more incredible numbers is 543 new customers so from 2500 to 3kish. They now cover 400k endpoints!!!
Operating leverage improved alot, opex 93% of revenue compared to 126% of revenue, up from 62 to 72%. CFFO was positive 1.4 million
About 10% of CRWD’s revenue is professional revenue for things like incident response and proactive services. Gross margin is about 50% but each dollar spent in professional services brings in 3 dollars of ARR from new customers
Shares outstanding of 205 million
“’…you are guiding way higher than we thought. If I put $103 million or $104 million in revenues, I don’t get minus $0.23, I get deeper loss. So, that means your margin assumptions are better than what we’re expecting. Can you elaborate on gross and OpEx – gross margin and OpEx assumptions for next quarter? Thanks.”
Answer was basically a run around where they hemmed and hawed about being prudent. I.e. maybe sandbagging a bit.
“are you seeing Windows 10 adoption as an opportunity as customers reevaluate endpoint security, and are you seeing more interest for Microsoft Defender APT?”
anytime you have a transition between Windows 7 and Windows 10, an operating system change, there’s always an opportunity for us to get built into the overall going damages……So, in a heterogeneous environment, companies want coverage not only for Microsoft 10 but they also want it for Linux and Mac and other devices.
My take: an enterprise can use crowdstrike and protect EVERYTHING…or use microsoft defender for their windows machines and something else for other things…If I were an enterprise I’d go with one product.
Question about modules and uptake
majority of our new customers are buying more than one, more than two of our modules, actually, the majority are buying three …….So, for us, as we think about bringing more modules to the marketplace, we would expect that to grow
Question about competition and disruption.
Salesforce Siebel analogy that you just can’t take something that started on-premise and try to jam it into a cloud and call it cloud native. So, in our mind it’s a difficult thing to do…….And, more importantly, anyone coming into the space would really have a low margins and has to go through a painful process of margin migration upwards. “
Question about customer adds
hat we’re seeing, again, is the recognition in the marketplace, whether it’s analyst recognition, whether it’s the single agent cloud architecture, the adoption of new cloud module, the adoption of workloads where customers are looking for something that’s simple, give you time to value and just works. I think, we’ve done a good job in the free trials. We continue to see a lot of momentum where customers are coming in and very easily and quickly seeing the value of our technology that we can convert that with a very robust inside sales team. So, we see a lot of momentum in that space. And I think it’s just a recognition that traditional legacy players are not really capable of dealing with advanced threats.
Question about “fossilized vendor solutions “ and symantec (lol poor symantec, getting hosed by crowdstrike in the endpoint market and zscaler in the network security market…plus they couldn’t even sell themselves to broadcom)
Well, any of the legacy vendors we continue to take share from, and again, I think, it’s a recognition of customers that are trying to transition to a true cloud architecture.
Question about splunk and threat graph
This broad relationship is really just for presentation purposes. So, the graph database, the collection everything is all our technology. And threat hunters tend to like to hunting back and search around. So, we use Splunk, which you’re very familiar with as a presentation layer. And that’s the extent of it. So, it’s not really used for anything other than that.
Excellent quarter with lots of promise. Revenue growth was amazing, operational leverage increase was great. I wish they hadn’t played coy with DNRR and module adoption. I thought the conference call was really good but I must admit to being a little wary of management since they only showed us numbers that were borderline amazing. I’m sure DNRR dropped from last quarters 147%, I’d much rather they tell us that than hide it.
Crowdstrike is expensive, I bought my initial position at an EV/S of 43 at a price of 57.5. They popped up as high as an EV/S of 61 and now after this earnings release they are sitting at an EV/S of 55. If they grow their revenue 90% this year (guiding for 75%) they will be sitting at an EV/S around 29 not counting dilution. I’ll take that as I think crowdstrike can get near 90% growth and they will probably be improving their operational leverage quite a bit in that time. CRWD has a couple of large markets that they can grow into. I think they will be much larger in the future. Would I buy now? Probably, but I have a pretty solid position. I’d definitely buy if the market pulls back.