This week, we deep dive another stock in our 2021 model portfolio, CrowdStrike. It seems that hacking is constantly in the news with disturbing reports of spyware infiltrating our devices and ransomware attacks against government agencies, corporations, and public services. CrowdStrike aims to protect these systems from hackers with an advanced cybersecurity platform powered by artificial intelligence and modern security foundations.
- According to Gartner, the worldwide cybersecurity market is predicted to reach $150B this year. While this is a huge market, it is dwarfed by the estimated $6T of economic damage to be caused by cybercrime in 2021, and this figure is expected to grow 15% per year to reach $10.5T by 2025. Roughly 60% of small to midsize businesses that suffer a cyberattack go out of business within six months. Enterprise CTOs will be under pressure to invest in stronger preventative measures to avoid disruptions and the cost of responding to breaches.
- CrowdStrike is a leading provider of endpoint security. Endpoints include personal computers, servers, mobiles, tablets and IoT devices, all potentially vulnerable to hackers attempting to access corporate and government systems, either to steal valuable information, or to lock companies out of their own data in a ransomware attack. There were an estimated 31B connected devices in 2020 and this is expected to grow to 75B by 2025. With the trend of remote working driven by the pandemic set to become the norm, the threat of cybercrime is increasingly prevalent.
- CrowdStrike was founded in 2011 by former McAfee executives, George Kurtz and Dimitri Alperovitch. Its Falcon platform is a cloud-native cybersecurity platform, designed and built for the cloud to provide modern endpoint protection and threat intelligence. This SaaS business model allows them to scale quickly and cost-effectively with near-limitless capacity.
- The power of CrowdStrike’s platform comes from their ‘Threat Graph’ breach prevention engine. It collects data from the entire CrowdStrike customer base and uses artificial intelligence, behavioural analytics, and human experts to predict where the next major threat will appear. It has, in effect, crowdsourced threat detection and prevention with a powerful network effect where each additional customer makes the platform stronger and more effective for all customers, increasing its value to both existing and prospective customers.
- CrowdStrike’s services are packaged into modules, and customers can just pay for the modules they require to get started, adding others as their businesses grow and their requirements increase. This ‘land and expand’ growth strategy has resulted in a DBNER of over 120% for several years running, as existing customers spend more each year. The number of customers using four or more modules has grown from 27% in FY2018 to 61% in FY2021, with 44% of customers using five or more modules and 22% using six or more.
- As of 30 Apr 2021, they have 11,420 subscription customers, an increase of 83% from the same period last year, which itself was 104% higher than the year before that. CrowdStrike has a partner program called CrowdStrike Elevate, where they work with other leading cybersecurity companies to combat cybercrime. Partners include Amazon Web Services (AWS), IBM, Google Cloud, Ernst Young, and many players in the cybersecurity space. CrowdStrike is the recommended endpoint protection for AWS and the Amazon Marketplace has been instrumental in the adoption of CrowdStrike by small to midsize businesses.
- Cybersecurity is an inherently risky business, and breaches can damage a company’s reputation and customer perception. As a sign of confidence in their platform and capabilities, CrowdStrike offers a warranty with their Falcon Complete subscription to cover $1M of incident response expenses for breaches suffered by a customer under their watch.
- They recently acquired Humio, who say they can “log everything and answer anything in real-time”. The stated purpose of the acquisition was to further their extended detection and response (XDR) capability, but it also expands their total addressable market by another $4.9B as it steps into the area of observability and log management, an area served by companies such as Datadog and Splunk.
- Total revenue for FY2021 was $874M, an 82% increase over the previous year. The total revenue for this year (FY2022) is expected to be between $1.35B and $1.37B, representing a 55% YoY increase at the midpoint. The company has been growing quickly for a number of years with a total revenue CAGR from FY2017 to FY2021 of 102%. Growth rates are slowing as the company gains market share but remains high, with a 70% YoY increase reported in the latest quarter. The gross margin has been improving quickly, rising from 57% in FY2018 to 77% in the latest quarter. With a market cap of $60B and a P/S ratio of just under 60, the company has a valuation to reflect its high rate of growth.
If you enjoyed this episode, please subscribe to the Telescope Investing podcast at anchor.fm, or on your podcast platform of choice
Transcript
Albert: Hi, this is Albert.
Luke: And this is Luke.
Albert: Today is Monday the 26th of July.
Luke: Welcome to the Telescope Investing podcast.
Intro
Albert: This week on the podcast, we’re going to do a deep dive into CrowdStrike, one of the few companies in our 2021 model portfolio that we have not covered in detail yet. The other two are Disney and Intuitive Surgical. I’m not sure we need to do Disney because I think everybody knows about that one.
Luke: Albert, it’s always good to deep dive everything. We always figure out something new about a company. We should definitely do that at some point just around out all 15.
Albert: Okay, Luke, whatever you say, but they are a very big company with a lot of businesses to cover.
Luke: Yeah, I saw a brilliant diagram on Twitter last year which was like a map of Disney’s holdings, and this thing was ludicrous. It was like looking at the geography of the US.
Albert: I believe the map was in the shape of Mickey Mouse as well.
Luke: That’s right, yeah. But today it’s CrowdStrike and as you say, this is a core holding, one of our model portfolio picks and you and I also have a stake. I did check on our allocations. I noticed you’ve only got 2% of your portfolio allocated today. I sneakily had a second nibble about three or four months ago. I’m now up to 4% stake, but you know what? A couple of our investing friends have even more than that. One of our buddies has got 7% of his portfolio in CrowdStrike. He must be pretty happy. They’ve done pretty well. I think we should use today’s deep dive to challenge your 2%, Albert. See if we can convince you to increase to four as well.
Albert: We’ll see, but I only started investing in CrowdStrike say, about seven or eight months ago, so I’m kind of building out my position. I don’t like buying huge allocations of a stock in one go. I like to build up over time as I build conviction in that stock.
Luke: Exactly and there’s nothing like doing a Telescope Investing deep dive to build that conviction.
Albert: Well, you mentioned that CrowdStrike has been a very solid performer in the model portfolio. Well, it’s up around 34% since we picked it in January, about double the S&P over the same period.
Luke: Yeah, no surprise. When we get to the financials, I think it’ll become clear why they’re increasing so rapidly.
Philip Morris
Albert: But before we get to CrowdStrike, remember a few months ago we had an episode called What We Don’t Invest In, and we kind of mentioned that tobacco has been the best-performing investment over the last century. And I saw some news recently that tobacco firm, Phillip Morris, called for a ban on cigarettes within a decade and CEO, Jacek Olczak, says the product should be treated like petrol cars, which are being outlawed in 2030. Well, it’s very nice of him to give himself a timeline to get out of the business, but I don’t really see the business angle in this. What is the benefit for Phillip Morris to have a ban on cigarettes?
Luke: Yeah, it’s a real poacher turned gamekeeper type situation, right? I get the impression they’re now starting to pivot into products to get people off of cigarettes and to help with various conditions that are caused by smoking.
Albert: That doesn’t sound quite right to me. It sounds a bit like those pharma companies that sold the opioid drugs and the treatment for opioid addiction.
Luke: Yeah, absolutely and I stand by our comments in episode 30. I would not go near this sector with a barge pole. And it is interesting, I suppose, that if the direction of travel for cigarettes is to become illegal, at the same time, marijuana is slowly getting legalized across the US and in many European countries. I wonder if those two products do switch positions at some point.
Albert: Yeah, I have a funny suspicion that Phillip Morris has products to take the place of cigarettes should they be outlawed, things like vaping and, as you say, marijuana.
Luke: Yeah well, it’s a messy industry. Not one I’d be interested in investing in. But let’s turn the conversation to a sector we are both excited about, cybersecurity.
CrowdStrike
Albert: Yeah, so CrowdStrike is a cybersecurity company that is focused on endpoint security. So what is endpoint security? We can think of the antivirus software on your personal computer as one small part of that, but endpoints also include servers, mobiles, tablets, and IoT devices. Basically, anything that could be used to access information on a computer network.
Luke: And CrowdStrike’s mission statement sums up their approach to this market. They say, “Our mission is to stop breaches and our purpose is a promise to provide safety and security to some of the world’s largest, most influential companies, and by extension the billions of people around the world who use their services.”
Albert: CrowdStrike was founded in 2011 by George Kurtz, Dimitri Alperovitch, and Gregg Marston. Kurtz and Alperovitch were former McAfee executives, and when they were there, they believed that the approach taken by McAfee at the time was unsuitable to protect the evolving technology landscape, so they left and they started CrowdStrike.
Luke: And that was a good split up, right? They’re now trading at a far higher valuation than McAfee are. CrowdStrike today has a market cap of $60 billion, whereas McAfee is a lowly 12 billion.
Albert: A large part of that is due to their stock multiple. CrowdStrike is quite highly valued with a price-to-sales ratio of around 60, whereas McAfee has a price-to-sales of three.
Luke: There’s a good reason for that though, and we’ll pick it up in the financials.
Albert: And just to close out this section, CrowdStrike IPOd in June 2019, just two years ago at a valuation of $6.7 billion, which was considered quite high at the time. But when shares started trading, they jumped 87% above its IPO price and today, the shares are just over four times that opening price.
Tailwinds
Luke: Rapid growth indeed, but definitely with the promise of more to come. We like to think about tailwinds at Telescope Investing. What are the key forces in society that are going to support the company and help them continue their growth trajectory? Well, the biggest one in this sector is just the increasing volume and cost of cyber-attacks. There’ve been so many big news stories in the last few years.
Albert: Yeah, probably too many to mention all of them, but we’ll just mention a few of the more recent ones or at least the most prominent ones. Just last week, news broke about the Pegasus spyware that was used to spy on thousands of people around the world.
Luke: And smaller companies are not immune too. Garmin had a ransomware attack. It took them out of business for months. And even a few years ago, MyFitnessPal had a data breach and lost millions of customers’ records.
Albert: I’m sure that was really annoying for Garmin users, but probably not that critical, at least not to the wider economy.
Luke: It annoyed my wife. She doesn’t take a step out of bed without some sort of device tracking her steps.
Albert: A more damaging cyber-attack that happened recently was the Colonial Pipeline ransomware attack that happened early this year in April.
Luke: Yeah, hackers gained entry into Colonial Pipeline’s networks through a VPN account. And it seems that one of their employees had reused his password for another service, and that information was posted on the dark web. And then hackers using a credential-stuffing attack managed to get access to this employee’s account with Colonial.
Albert: And, JBS, a meat processing company, also suffered a ransomware attack. And I believe in most of these cases, the ransom was actually paid. In the case of Colonial Pipeline, the ransom was paid in Bitcoin and most of it has been recovered by the US government.
Luke: Yeah, these ransomware attacks can be horrendous. Hey, my mum listens to this podcast and she’s going to be scratching her head and asking what a ransomware attack is. Let’s just explain it very briefly. If you manage to have your computer systems accessed by an attacker, they’ll basically, install some software that encrypts all of your data and it can’t be decrypted. They’ve got the decryption key. It’s literally mathematically impossible for you to get access to your data without the hacker’s help. And so they demand a ransom, as you say, Albert, using typically cryptocurrency, Bitcoin, and if you don’t pay, you don’t get the decryption key, and if you wait to, they chuck it away.
And unfortunately, these attacks are pretty indiscriminate. Even the Irish Health Service was snared a couple of months ago. That’s an interesting one though. The Conti ransomware group who did that were apparently demanding $20 million to restore services. However, it seems they had a bit of a crisis of conscience and unexpectedly gifted the health service the recovery software at no cost. I guess they realized they were putting patient lives at risk and that wasn’t their business.
Albert: Well, it’s funny that you mention business. Even though ransomware is a criminal enterprise, it’s kind of run like a business. The hackers themselves are incentivized to unlock systems once the ransom is paid because they want victims to know that paying the ransom is an effective way to get your systems back. And I was doing some reading on this over the weekend and did you know there’s a term for phishing targeted at senior executives, such as CEOs and CFOs, called whaling?
Luke: Yeah, I guess that blubber is expensive meat. And so typically the attacker is posing as maybe the CFO or another senior executive and then using that to try and persuade another executive to make a big mistake.
Albert: And unfortunately, a lot of people are not very good with their passwords. They often use the same one on many sites and often give it away. You sent me a clip from the Jimmy Kimmel show interviewing people on the street asking them what their password was, and a lot of them just told people on camera.
Luke: It’s pretty funny. Yeah, and, you know, it’s not just big businesses. Everyone is potentially open to being hacked and ransomware attacks. You can take basic precautions yourself but honestly, when’s the last time you checked the firmware on your router? Alb, when did you last update your router?
Albert: I can’t remember, Luke, but I do update my computers quite often though.
Luke: And your phones and your microwave?
Albert: Microwave, no, because I don’t have one, but phones, yes.
Luke: I bet there’s some massively out-of-date device somewhere in your house connected to your wifi network.
Albert: I do have to ask why would your microwave need to be connected to the internet?
Luke: To download recipes, surely. What kind of dark-age kitchen do you have?
Albert: Right.
Luke: But, you know, cybersecurity is no joking matter. We recently did a risk review at a charity I sit on the board of, and I’ve just added cybersecurity to our list of risks. I’ve actually recommended we take a look at today’s company CrowdStrike for protecting our data.
Albert: And I read a stat recently that unfortunately, about 60% of small and medium-sized businesses that suffer a cyber attack go out of business within six months. So instead of paying these ransoms and having potential disruptions to the businesses, companies are now spending more on cybersecurity to make their IT systems harder to break into.
Luke: And, you know, the tailwind isn’t just the increasing number and cost of attacks, it’s the increasing number of devices that are connected to the internet. With internet of things (IoT) becoming prevalent, the number of endpoints is just increasing exponentially year-over-year. There were 31 billion IoT devices in 2020 and that’s expected to grow to 75 billion by 2025.
Albert: And again, the pandemic also had an effect. Remote working increased the number of employees accessing their company’s systems from mobile devices, pushing companies to improve their IT infrastructure including cybersecurity. And there’s a good chance that remote work or the [work-from-] anywhere economy – I think they’re here to stay
Leadership
Luke: Well, let’s turn our lenses to leadership and have a look at the co-founder and CEO, George Kurtz. So as you said, George is ex-McAfee and he’s got nearly three decades of experience in the security space.
Albert: He joined McAfee because he founded a company called Foundstone, and Foundstone was sold to McAfee in 2004 and Kurtz stayed on to eventually become their Chief Technology Officer. As we mentioned earlier, Kurtz and a fellow colleague from McAfee, Dmitri Alperovitch, left and created CrowdStrike. Dimitri was the VP of Threat Research at McAfee and then he became CTO at CrowdStrike, but he has since moved on to launch a nonprofit focused on cybersecurity. And the third co-founder, Greg Maston, he was the CFO for CrowdStrike. Well, he retired in 2015.
Luke: We like to look at insider ownership. The big insider here is George himself, the remaining co-founder. It looks like he’s got just over 6% ownership in the company today, which is a decent level of insider ownership, and definitely shows that his interests are aligned with shareholders.
Albert: But it’s worth noting that although he has 6% of the company shares, he has nearly 20% of the voting power because he has a large holding of class B shares, which have higher voting rights.
Luke: And in this case, that pleases me. George is a technology expert, really understands the sector, and runs the company with a huge personal holding. So that’s great actually. If he’s got such a controlling interest in the shares, he’s going to make good decisions for the company and for himself.
Albert: Yeah, and the company’s been growing very quickly in terms of number of employees. As of the last quarter, they have almost 3,400 employees, which is an increase of 47% from last year. And looking at their Glassdoor ratings, they’re pretty high. They have an overall rating of 4.3 out of five and the CEO has a CEO approval rating of 98%.
Luke: Yeah, it’s good to see one of these founder-led companies, and that was a key success criteria for a multibagger identified by Chris Mayer in his book that we reviewed last year.
Albert: I do like companies that are led by founders who are passionate about their businesses. We have quite a few founder-led companies in our model portfolio.
Total addressable market
Luke: But let’s look at the total addressable market for cybersecurity and there’s some really interesting numbers that we’ve dug out here. Worldwide spending on information security and risk management technology is forecasted to reach $150 billion this year according to Gartner, but the cost of cybercrime is far higher. That’s estimated to be $6 trillion and expected to grow to 10 trillion by 2025.
Albert: That’s a huge market, Luke, and I believe that market is larger than the global trade of all major illegal drugs.
Luke: Yeah, it’s crazy. No surprise that criminals are moving into this sector, pivoting their business models to take advantage of companies’ under-investment in cybersecurity.
Products and services
Albert: Let’s have a closer look at what CrowdStrike actually offer. CrowdStrike is a cloud-native cybersecurity platform, meaning it was designed and built for the cloud. This is quite important because you don’t need the multimillion-dollar upfront cost to build that infrastructure. And because the software runs on the cloud, they essentially have limitless scale and capacity.
Luke: Their software-as-a-service business model makes them hugely scalable and it means they can operate this typical land-and-expand growth strategy where they target developers, often with a free trial, and then they grow within a company from there.
Albert: I believe customers are allowed to try out CrowdStrike for free for 15 days before they have to sign on. And it’s actually incredibly easy to deploy CrowdStrike within an organization, and many customers have been able to start using CrowdStrike across all the devices within a few days.
Luke: CrowdStrike’s security platform is called Falcon. Its logo is a falcon.
Albert: Yeah, I quite like their logo. And CrowdStrike packages their services into modules, and customers can pay for the modules they need. And as their businesses expand, they can add modules as their requirements increase. This is the typical land-and-expand growth strategy.
Luke: You noted that 61% of customers have four or more modules currently.
Albert: Yeah, that was in the last year and that number has been increasing quickly over the last few years.
Luke: The real power of CrowdStrike’s solution though comes from what they call their Threat Graph breach prevention engine.
Albert: The Threat Graph works by monitoring the entire customer base and then using artificial intelligence, behavioural analytics, and human experts to predict where the next big threat will be. And this is where CrowdStrike gets its name as it’s basically crowdsourcing threat detection. And as you can imagine, this has massive network effects.
Luke: Yeah, I mean, just to get a sense of the scale of the Threat Graph, in [the] second quarter 2020, it captured 3 trillion high-fidelity signals per week, and fast forward that to the end of last year, they were capturing 5 trillion per week – massive increase. You can really see how attacks by cybercriminals are increasing.
Albert: And another part of their business is their professional services where you can hire them to research and handle a breach or investigate your current security posture. And this has proven to be an effective way to increase subscription rates, and I believe last year, every dollar earned through these services was converted into $5 of subscription revenue.
Luke: Yeah, well hey, you know, you hire a consultant and if they can sell you some recurring revenue at the same time, even better.
Albert: What are you trying to say, Luke, don’t hire a consultant?
Luke: When if you are, make sure you’re hiring an expert like CrowdStrike.
Brand
Luke: Let’s talk about their brand and reputation.
Albert: Yeah, they run an annual cybersecurity conference called Fal.con. That’s very clever. I suspect the person who came up with that name gave themselves a big slap in the back.
Luke: Do you think attendees get dressed up as birds of prey when they go to Fal.con?
Albert: Well, at this conference, they say it brings together the best business and technology minds to fight against today’s sophisticated attackers and stop breaches, and last year was their fourth one. The guest speakers included Eric Yuan, the founder and CEO of Zoom Video, Stewart Butterfield, the CEO of Slack, and also for some reason, Lewis Hamilton, the Formula One driver. I’m not sure why he was there.
Luke: But it does turn out that the Mercedes AMG Formula One team is a CrowdStrike customer. I guess that F1 data, all of their analytics on performance, is super valuable and they need the best protection to look after it.
Albert: If you say so, Luke. I have no idea about F1.
Luke: Yeah, it occurs to me, I guess, these criminal enterprises must be sending their own people to the Fal.con conference as well.
Albert: I assume they have security at Fal.con and they don’t let anyone in. As you say, an incentivized criminal would learn about CrowdStrike and how to break it.
Luke: Yeah, CrowdStrike’s engagement with their developer community is really key to their success, I think. And it’s a common theme amongst many fast-growing technology businesses. Twilio do the same thing with their Signal conference. Cloudflare have the Connect conference. DocuSign, Okta, Zoom, they all do this.
Albert: Falcon is also approved by the US government. They have a product called Falcon for GovCloud, which is a FedRAMP-approved cloud offering. And FedRAMP stands for federal risk and authorization management program, which is a US government-wide program for cloud security.
Luke: Yeah, this was really big news for them quite recently, with Joe Biden signing an executive order to prioritize cybersecurity for government agencies.
Albert: However, cybersecurity itself is an inherently risky sector, and security breaches in cybersecurity companies can seriously damage customer perception and the company’s reputation. And this initially happened to FireEye when it suffered a cyber attack in December last year and its share price dropped around 15% on the day the news dropped. However, it turned out in probing their own breach, they discovered an even bigger attack across many companies based around the SolarWinds hack. And interestingly, about a week later, their stock jumped up around 60% because FireEye was one of the first to discover it and it gave them credibility.
Luke: And it brought cybersecurity back into the public consciousness. A bit like when Fastly went down a few months ago, took out half the internet, but everyone suddenly realized how important those capabilities were.
Albert: Actually, CrowdStrike are so confident in their platform that they offer a warranty with their Falcon Complete subscription level that covers up to $1 million in expenses should any systems be breached when using their security product.
Luke: Yeah, there’s nothing like putting your money where your mouth is and say to their customers, if you suffer a loss, we’ve got your back.
Albert: So it just mentioned that they have a subscription level called the Falcon Complete. There are actually a number of subscription levels. There are four starting with Falcon Pro, which offers a base level of endpoint protection and threat intelligence, all the way up to Falcon Complete, which is an all-in-one package with a dedicated team of experts available 24 hours, seven days a week for 365 days a year. It must be harsh working in that team.
Luke: Well, this model is working because they’ve got nearly 11 and a half thousand subscription customers, up from 6,000 just this time last year, and over half of Fortune 100 companies are customers of CrowdStrike’s.
Albert: And one important way that CrowdStrike has been able to grow its customer count is that CrowdStrike is the recommended endpoint protection platform for AWS, Amazon’s cloud infrastructure. And just to illustrate how much of an effect this has had, in Q4 last year annual recurring revenue transacted through AWS marketplace grew 600% year-over-year and transaction volume grew over 300%. Not many channels can deliver that kind of growth.
Luke: Another area where they got a bit of a push was their alliance with Ernst & Young, the consulting company, and they announced that CrowdStrike Falcon was one of their preferred cybersecurity technology platforms.
Albert: Kurtz started his career in accounting and he actually used to work for Ernst & Young.
Luke: I imagine that’s the benefit of still playing golf with his ex-colleagues.
Network effects
Luke: Should we talk about network effects because these are super powerful with the Threat Graph.
Albert: Yeah, the more clients that CrowdStrike has, the stronger and more effective Falcon becomes. And I think this network effect is really important for customer retention because in the same way you can uninstall your McAfee antivirus and install Symantec’s one, endpoint protection is relatively easy to replace on the devices themselves. However, the benefit of having this Threat Graph and having all the endpoints working together to improve protection for every endpoint is less easily replaced.
Luke: Yeah, they have a partner program they call CrowdStrike Elevate and they’ve got a ton of big names as partners. You mentioned Amazon’s AWS but they also partner with IBM, Google Cloud, Splunk, ServiceNow, Okta, Illumio.
Albert: And one company, in particular, they partner with is Zscaler, which is another cybersecurity company but the Zscaler focuses on the protection of network traffic, whereas CrowdStrike focus on protecting the endpoints.
Luke: You know, I’m sure you’re saying that wrong. They’re an American company. It’s got to be Zee-Scaler, right?
Albert: Well, I’m from the UK, Luke, so I say Zed-Scaler and that’s correct. And this collaboration may mean that CrowdStrike is not planning on expanding into protecting the network any time soon, and as a shareholder of both CrowdStrike and Zscaler, I was quite happy to hear this because I see them as complementary services covering different facets of cybersecurity, and I think it’s better for them to collaborate and grow stronger together than for them to compete directly against each other, especially during their high-growth phases.
Luke: Yeah, I buy that. I think Zscaler is a decent addition to your portfolio. Might be something I look at in the future myself.
Optionality
Albert: And we mentioned earlier that CrowdStrike packages their services into modules, and this may be an area for optionality for them, where they can increase the number of modules and move into different facets of cybersecurity. And they’ve been increasing the number of modules very quickly over the last few years. In 2017, they only had three modules, but looking at their website today, they have about 16 modules now.
Luke: And that’s really worked for them with that land-and-expand model and the growing number of capabilities. DBNRR, dollar-based net retention, has been over 120% for the last couple of years.
Albert: And they launched something called the CrowdStrike Store in October last year, which they say is an enterprise marketplace where you can discover, try, buy, and deploy trusted partner applications to extend your investment in the CrowdStrike Falcon platform. And these are modules created by CrowdStrike and also by their technology partners.
Luke: And they’re not just growing by developing new capabilities, they’re also growing by acquisition. Quite recently, they announced the acquisition of a company called Humio, who are experts in log management, adding another $5 billion to their total addressable market.
Albert: CrowdStrike has stated that this acquisition was made to improve the extended detection and response capability, or in short XDR, which is more about automating threat detection and prevention and could be the next phase for cybersecurity. But the core capability of Humio is to log everything and answer everything in real-time, which does sound like they’re treading on the observability space, which is a space occupied by companies such as Datadog and Splunk.
Competitors
Luke: Yeah, that’s a good segue into competitors generally, because as CrowdStrike increase their capabilities, they’re starting to compete on more and more fronts with other companies, as you say, companies like Datadog and Splunk. But with a market as big as the one for cybersecurity, you can expect many players. There’s big tech with companies like Microsoft and Cisco, and also established security companies. You mentioned McAfee and Symantec, the kind of software you have on your desktop.
Albert: But there are many more, Luke, and we’ll look at the Gartner Magic Quadrant for endpoint protection platforms, and the latest one was released in May of this year, and CrowdStrike is far ahead of most of its competitors in the leader quadrant. And the leader contract is the one at the top right-hand corner, the one with higher completeness of vision and higher ability to execute. And the closest competitor in that quadrant is actually Microsoft, and they have an enterprise-level endpoint security [product] called Microsoft Defender for Endpoint.
They’re slightly behind on completeness of vision but slightly ahead in their ability to execute. And that’s not surprising considering that Microsoft is 36 times the size of CrowdStrike in terms of market cap. But of course, Microsoft operates many more businesses.
Luke: There’s quite an interesting competitor in that leader quadrant that you spotted, a company called SentinelOne. They’re a recent IPO. They only started trading a few weeks ago at the end of June under the ticket S. They’re really interesting – market cap of $12 billion with that recent IPO. If you thought CrowdStrike had a high valuation with a price-to-sales of 60, SentinelOne amps it up again. They’re currently trading at over 120.
Albert: I like the name of SentinelOne’s platform, Singularity, and the differentiator for SentinelOne [is that] it uses AI to automate threat detection and prevention and cuts down the number of cases that need to be investigated by human security teams. This may be one to look at in the future, Luke.
Luke: Yeah, for sure. If you’re building a bit of a portfolio in the cybersecurity space, you could probably do worse than to consider SentinelOne. They’re a bit too big already to be a hyper-growth contender, but still might be worth taking a look at on a future episode.
Financials
Albert: Yeah, they’re growing very quickly, but CrowdStrike themselves are no slouch. Looking at their financials, let me just summarize their financials by giving you two numbers. Their total revenue compound annual growth from 2017 to 2021 was 102%. And the compound annual growth rate for their annual recurring revenue in that same period was 107%. They’re basically doubling each year.
Luke: Yeah, those are crazy numbers, and this is where we get to the high valuation. If your price-to-sales ratio is 60 but you’re doubling your sales every year, it’s not going to take you too many years for that number to come way down.
Albert: But it’s worth noting that the growth rates for revenue and annual recurring revenue are slowing but they remain quite high. In the last quarter, the growth rate for their revenue was 70% year-over-year, whereas for annual recurring revenue, it was 74% higher than the same period last year.
Luke: I mentioned it earlier, their net dollar retention rate has been over 120% for years and years now. They’re continually increasing the amount of money spent by each customer with them.
Albert: And it was good to see that their gross margins are improving year-over-year. In the last quarter, they had a GAAP gross margin of 77% and this compares to 74% in fiscal year 2020, 68% the year before that, and 57% in 2018.
Luke: Yeah, that’s a powerful story, isn’t it? Of that continually increasing margin. It just shows as they’re increasing their revenue, their costs aren’t increasing at the same rate.
It’s also good to know that they still have a great international opportunity ahead of them. As of the end of last year, CrowdStrike were getting 74% of their revenues in the US, but their platform is being used by organizations across 176 countries. That really indicates the substantial growth possible in the rest of [the] world.
Albert: So they had their last earnings report at the beginning of June but they actually released their end-of-year numbers back in February, and the total revenue for last year was $874 million, which is up 82% year-over-year. But for this year, they are guiding for a total revenue of between 1.35 and $1.37 billion, representing a 55% year-on-year increase at the midpoint.
Luke: And the most important part of that revenue picture is the recurring revenue as a result of their SaaS business model. And in the most recent year, they increased that to over a billion dollars of recurring revenue annually.
Key takeaways
Luke: Well, should we bring it round to key takeaways? And I really want to ask you that question about your own CrowdStrike holding.
Albert: Sure, Luke. Yeah, it seems that CrowdStrike is the top dog in this massive and growing market. They still have a relatively small market share with lots of room to grow and they’re growing quickly. And with cybercrime expected to cost companies $6 trillion this year, I think CTOs of a lot of enterprise companies will be under pressure to invest in stronger preventative measures.
Luke: You know, the market loves this company and so do we, but quality comes at a high price with that price-to-sales ratio of 60. That valuation might be eye-watering today but, as we said, if they can keep growing revenues at 70% annually, they’ll quickly grow into the valuation.
Albert: So you wanted to ask me what I was going to do? Well, let me start by asking you first. What are you going to do with your CrowdStrike investment?
Luke: I think I’m pretty good with my 4% right now. I like to buy in thirds, so to get to a full position, there’s probably another 2% to purchase. Maybe by year-end, but I’m also going to take a look at SentinelIOne based on your research.
Albert: Yeah, I really like CrowdStrike and after doing this deep dive this week, it really strengthened my conviction in their business. And as you said, I have a 2% holding. I have to at least match your 4% so I’m planning on doing that, but I don’t like buying large allocations in one go, so I’ll slowly build this out. And maybe it will grow to 4% by itself.
Luke: Yeah, hope so. That’d be a good result for me in the game if I can stay ahead of you because then my 4% would have become 8%.
Albert: Yeah, you know, Luke, I’m not sure our maths is completely correct there, but suffice to say that if I do well, you will do even better.
Luke: There you go, that’s the kind of story I like.
Cybersecurity basics
Luke: We’re coming to the end of a long episode, but I think we should round this out with a quick reminder of some of the cybersecurity basics that we should all exercise to protect our own data.
Albert: Yeah, I don’t know where you pulled this from but I think it’s a good list, so I’ll start off by saying the first thing you should do is to keep your software on your computers and your mobile phones up to date.
Luke: Make sure you’re using antivirus protection and your firewall. There are great free versions available from Microsoft.
Albert: Use strong passwords and if possible, different passwords for different accounts, and maybe use a password management tool. The one I use is called 1Password.
Luke: Wherever you can, enable two-factor or multifactor authentication, and ideally, try and avoid using SMS.
Albert: And I know two-factor authentication is a pain to use, but remember if it’s a pain for you, it’s more of a pain for the hacker.
Luke: Back up your data regularly, ideally to an offline device. If you do get hit with a ransomware attack, at least you’ve got something to fall back on.
Albert: And don’t use a public wi-fi without a VPN if possible, especially if you’re accessing sensitive accounts, such as bank accounts, and personal data.
Luke: So there’s a ton of other things you can do to protect yourself, but there’s some of the basics. Individuals like you and I don’t need an enterprise-scale solution like CrowdStrike, but some of these basics can make us much safer online.
Wrap
Albert: Well, that’s all for this week. Thanks for listening.
Luke: It has a future topic you’d like us to cover, you can message us on Twitter. I’m @LukeTelescope.
Albert: And I’m @AlbertTelescope, or you can email us at feedback@telescopeinvesting.com.
Luke: If you enjoyed today’s episode, you can find more content at our website, telescopeinvesting.com, where you can leave us a comment or a review.
Albert: And if this is your first time tuning in, perhaps consider subscribing to the website so that you’re the first to hear about new articles and episodes as they drop.
Luke: Thanks, Albert.
Albert: Thanks, Luke.
Happy Birthday to Telescope Investing 🙂 Thank you for the podcast it is very informative and I love the 1 pager highlight !
Thank you walruspiggy! Glad you like the one-pagers. They help us understand a company better and hope our readers find them useful too.