Security/Digital Transformation

Several times during the CRWD Call, I heard repeated, what is the most salient fact and my personal investment thesis for this company:
‘Security Transformation has to happen prior to Digital Transformation, and the moving of anything to the Cloud. Every phone/laptop, traditional end point, spins up multiple cloud instances, each of which each must be protected.
And-
CRWD is a layer of protection in the cloud under each instance and/or container so that App Developers don’t have to include security into their development architectures.

Then I read the Today’s addition to SSI,by Peter Offringa, discussing the Etsy group that 5 years ago formed the newly acquired security company just purchased by FSLY. And tell me if I’m wrong; but, Peter is explaining below here that FSLY is speeding up the EdgeCloud adoption with this Secure@edge integration.

SSI-
The plan is to integrate the application security capabilities from both companies together into a single new product offering called Secure@Edge. This will complement the Compute@Edge platform, but also be a key component within it. Secure@Edge will be built on top of the Compute@Edge platform, using the same development tooling as any other edge compute application. This architecture approach reinforces the notion that Compute@Edge is a platform for building applications. It also encourages dogfooding of the serverless platform for Fastly’s own engineering teams. This approach is similar to the strategy employed by Cloudflare in building the Teams product on top of Workers.
Building Secure@Edge into Compute@Edge also ensures that the application security capabilities are available to new edge compute applications by default. These wouldn’t need a separate layer in front of the application runtime to provide WAF or DDOS protection, which isn’t feasible at the edge. This is a powerful combination and completely changes the previous web application deployment paradigm, which used a layered approach to application security. The result for customers will be lower operational costs, simpler maintenance and more effective response. Release cycles will be faster, as they won’t need to be coordinated with application security configuration changes and will automatically integrate with existing CI/CD pipelines. The Signal Sciences’ platform includes more than 30 integrations into the most common DevOps and security tools – such as Slack, Jira, PagerDuty, Datadog, Splunk, and Cisco Threat Response.

Me here: this last part about Signal Sciences/Secure@edge ability to function as a platform is particularly interesting and might be reason for me to add some more to my 10% position in FSLY.

Jason

Thanks, Jason. I read the same article today as well.

I have spent hours reading articles, however, coming from a non-technical background, I’m still confused as to the offerings:

1. ZS and NET seem to offer the same security product
2. FSLY acquiring Signal Sciences offers another
3. CRWD is yet another

How do these differ and overlap? Would a company use (or need) several of these systems, or are they all competing with each other?

Muji (and others with way more knowledgeable than myself), can you please shed some light?

Gratefully,
Evie

Hi Evie,
The point I was trying to make with the above post was to try and get my head around the magnitude of the attack surface needing protection and where CRWD and FSLY are positioning their service to provide protection. I didn’t even mention IoT because it makes my head hurt.

I posted it because I find value in trying to get my head around big numbers (the TAM of these companies are huge and growing, which makes this difficult). Getting an accurate sense of TAM helps to see where on the S-curve of adoption of the products are. Captaniccs is the best person I know to explain this essential part of investing. I believe he would say we are at the bottom of the hockey stick in each of these companies.

There are entire threads of posts here trying to describe the answer to your question. Most here would say, “follow the numbers and if the numbers are good they must be doing something right. Margins, for example, are a great measure of the competitions ability to threaten the companies products in which we are investing (if there were more competition the margins wound thin). Revenue Growth is another.

I don’t think I have any great ability to state the matter of how to separate the various tech that provide security simply. With my limited ability I over simplify; but, this is how I see it:

Zs and NET protect information in transit, when moving from one point to another.

Fastly’s Secure@edge and CRWD are providing a layer positioned at the source where they, for lack of a better word, filter information for potential security issues.

OKTA measures Identity of the person whose attempting entry.

Having written the above you can likely see the benefit of just watching the numbers closely

Getting an accurate sense of TAM helps to see where on the S-curve of adoption of the products are. Captaniccs is the best person I know to explain this essential part of investing. I believe he would say we are at the bottom of the hockey stick in each of these companies.

Thanks for the kind words and, yes, being on the leading edge of the various technologies and the expanding adoption of the internet, most of it is “at the bottom of the hockey stick.” But please remember that the “S” curve is more about the technology than about individual company stock price. In the same technology there are winners and losers as in the case of teleconferencing: Zoom, WebEx, Skype, Teams, etc. You have to find “the” leader.

I don’t think I have any great ability to state the matter of how to separate the various tech that provide security simply. With my limited ability I over simplify; but, this is how I see it:

Zs and NET protect information in transit, when moving from one point to another.

Fastly’s Secure@edge and CRWD are providing a layer positioned at the source where they, for lack of a better word, filter information for potential security issues.

OKTA measures Identity of the person whose attempting entry.

You are highlighting the reason I don’t like to invest in security. There is no leader in such a fragmented technology. There is no “General Security Corp.” that covers it all. And unlike most other technologies in security there is an army of smart and effective adversaries looking for holes to exploit. Every time you write a piece of code you create potential bugs and security risks that are often only found after the product ships and hackers discover them.

Put another way, there are easier technologies to figure out for investing purposes. Find the clear mission statement: Zoom - teleconferencing, Livongo - reduce the cost of healthcare, Fastly - best in class CDN, Apple - best human interface, DocuSign - document management. There is no best in class security, it’s too complicated.

Denny Schlesinger

You are highlighting the reason I don’t like to invest in security. There is no leader in such a fragmented technology. There is no “General Security Corp.” that covers it all. And unlike most other technologies in security there is an army of smart and effective adversaries looking for holes to exploit. Every time you write a piece of code you create potential bugs and security risks that are often only found after the product ships and hackers discover them.

I would agree with that except this time it really is different. You see Crowdstrike is disrupting all the other companies by going cloud first. PanW is trying to turn their ship around but it is very hard to turn something around. They are trying to still keep the old security apparatus and move to the cloud. The cloud is where everything needs to go but they won’t disrupt their old business. Same with Cisco etc. The only one that seems to be doing a decent job is Microsoft. So, even though they are an old titan I would keep my eye on them.

What makes Crowdstrike unique in End Point Protection (EPP) security is that they have chosen to take this sector by blitzscaling. Most of the companies that we all are investing in are doing blitzscaling so that is not unique. But companies that are in sectors that do blitzscaling either win most or lose all. If other companies in the sector are not blitzscaling they will lose. So usually if one company is blitzscaling than the others will too. Crowdstrike seems to be heading to win most. Every person/company they put on their platform increase the power of their product. That is why I believe in Crowdstrike and as long as the numbers are great they keep proving me right.

Andy

for those like me not familiar with term “blitzscaling” there is a nice piece on it at
https://hbr.org/2016/04/blitzscaling

We’re in a networked age. And I don’t mean only the internet. Globalization is a form of network. It adds networks of transport, commerce, payment, and information flows around the world. In such an environment, you have to move faster, because competition from anywhere on the globe may beat you to scale.
Software has a natural affinity with blitzscaling, because the marginal costs of serving any size market are virtually zero. The more that software becomes integral to all industries, the faster things will move.

for those like me not familiar with term “blitzscaling” there is a nice piece on it at

Here is another article on it that explains the basics. Also Hoffman has a book out on the strategy.

https://www.strategy-business.com/article/The-Blitzscaling-B…

Andy

One significant advantage that somebody like CRWD has over upstart competitors is data - data they constantly collect and data they have collected. The same way Tesla has advantage in self driving thanks to the millions of trips they collected data for, somebody like CRWD has big advantage in identifying any potential threats and quickly resolving them thanks its large data warehouse and large flow of data they constantly monitor for all their customers around the world. Cloud amps that power by making the data collection instant and its analysis and threat resolution much easier and faster as well. That’s the main reason I invest in CRWD. Cloud gave them an edge over legacy companies like Symantec but scale and historical data now gives them edge over upstarts.