CrowdStrike Could Be The Next Big Cybersecurity Winner

Cybersecurity has become a sprawling, complex, and - most importantly - mission critical concern for businesses large and small.

Not so long ago, things were much simpler.

Most companies used to operate with a "walled garden" approach to IT security. There was the company network, run on company-owned servers and storage, and connected by company-owned switches and routers (the "garden"). Any traffic coming into or out of the network was protected by hardware and software firewalls (the "wall").

Today, that approach just isn't enough.

Now, for example, instead of accessing company-run deployments of Microsoft Outlook, or Workday's HR suite, employees use cloud deployments of these tools, hitting Microsoft or Workday servers directly. Cloud has taken over everything in the business day, from communications, to project management, to HR, and beyond.

What's more, many employees today frequently don't work from behind the company network. They want and need to access work systems from their laptops and smartphones, anywhere in the world, using various external internet connections. The "walled garden" approach completely breaks down.

In this model, security needs to be brought to the endpoints - the laptops, smartphones, virtual machines, etc.

And that's where CrowdStrike (CRWD) comes in. Let's take a look at this innovative solution.

The Falcon Protection Model

CrowdStrike calls its endpoint security model the "Falcon Platform". There are 2 parts to it.

The first piece is the Agent. This is a small, almost invisible program that runs in the background on endpoint devices. All network traffic is filtered through it.

The second - and critical - piece is the Threat Graph. Threat Graph lives in CrowdStrike's cloud. All installed Agents communicate with the Threat Graph to constantly update and share exploit and other data.

This model is extremely powerful. Consider a simple case: a new virus. Before CrowdStrike, viruses could do a LOT of damage. It could take security vendors a few days to publish updated protection tables, and another day or two for customers to install them. That's several days where the virus could wreck havoc, using infected servers to rapidly spread itself throughout the world. The 2004 Mydoom virus cost over $50 billion worldwide!

With the Falcon model, a new threat can be quickly identified through the first infected Agent and communicated to the Threat Graph. CrowdStrike can then quickly develop a protection scheme, then immediately distribute it to ALL Agents, protecting the entire community within hours.

That's where CrowdStrike gets its name. It essentially offers "crowd-sourced" security protection.

This was necessarily a simplistic description of the platform, but it gives you the gist of the value proposition. Check out CrowdStrike's detailed Falcon description for a lot more info.

Rapidly Rising and Recurring Revenues

Customers pay CrowdStrike subscription-based revenues to utilize different Threat Graph modules. For example, the base package (Falcon Pro) costs $9 per endpoint per month, offering anti-virus protection. Higher levels of the subscription add other features like device control (i.e. disabling software installs, etc.), firewalls (blocking certain sites, etc.), and even automated incident response. Obviously, customers pay more for those.

This is an excellent, fully recurring revenue model. CrowdStrike has high visibility into its baseline revenues for any given quarter or year. That's exactly what we want to see.

Then there is the growth potential. CrowdStrike has an eye-popping 3 year average revenue growth rate of 80%! The firm is still delivering over 50% in more recent quarters.

Cybersecurity is a big market. The endpoint security segment alone is expected to reach $25 billion by 2028, against a current revenue run rate of $2.2 billion. That's 90% of the market left to pursue.

CrowdStrike will continue its growth in several ways. The firm is adding new customers at a rapid rate, over 50% year-over-year at present. Overseas clients are particularly under-penetrated, with only about 25% of sales originating outside of the U.S.

The company can also expand within its existing base. Current customers can continue to add new modules - 40% still use just 4 or fewer of its 11 total. Every new endpoint to protect adds to the subscription cost. As customers grow their businesses, they will need to pay more to protect it.

I also expect CrowdStrike to develop new modules to expand the utility of its platform and grow revenue potential.

Finally, there looks to be price elasticity here, meaning the firm should be able to push through moderate price increases at relatively consistent intervals.

All of this represents what we want - ORGANIC and RECURRING revenue growth. Let's keep an eye on this - hopefully management doesn't blow it by making a huge acquisition.

Mission Critical, Networked, and Sticky

There is no shortage of competition for CrowdStrike. Endpoint security is a competitive space, from legacy vendors like McAfee, Symantec, and Microsoft, to newer cloud-driven solutions like SentinelOne.

So how does CrowdStrike compete - and win - against this competition?

First of all, through being a best-in-class solution. The company has won numerous awards, but to boil it down to two impressive accomplishments, consider this: CrowdStrike has been named "Best Security Company" by SC Awards 4 times, and earns a coveted "Leader" rating from Gartner's Magic Quadrant. Falcon is a highly respected solution.

While that's great, what about durability? Technical leadership alone is an unreliable advantage.

Let's start with the NETWORK EFFECT. CrowdStrike has managed to turn updated cybersecurity information into a networked business. Most traditional antivirus and malware protection relies on regular downloads of updated malware tables. CrowdStrike generates this info in real-time from its installed base and protects its endpoints immediately. This means as it adds more customers, it can identify more threats and offer more rapid protection. Once at scale, it will be difficult for a competitor to gain enough endpoints to match this kind of threat detection and protection.

While less prevalent, there are also HIGH SWITCHING COSTS. Endpoint security is a sensitive and important function for large enterprises. Once CrowdStrike's platform is adopted, installed, and proven successful, naturally conservative IT departments will be loathe to take the risk of switching away from it.

This is illustrated in net retention rates of over 120%, which show that not only are customers not switching away, they are actually adding endpoints and modules every year. This, in turn, grows the network effect! It is a nice flywheel of competitive protections.

Management and Financials

Founder-led businesses are my absolute favorite. Founders more often have the long-term health of their business in mind when making decisions, instead of quarter-to-quarter results. They also understand the importance of maintaining a consistent company culture.

CrowdStrike fits the bill. It is led by George Kurtz, who founded the company in 2012 and still sits as CEO today. Kurtz has led CrowdStrike through its venture capital phase and into a very successful public company. At just 51 years old, he still has a long road ahead to lead the firm into its next phase of growth.

And what a job he has done! Unlike most early-stage public companies growing at 50% annually, CrowdStrike boasts enviable financial metrics. It is already generating robust 35%+ free cash flow margins. Cash return on invested capital is as good as it gets, at over 50%. The balance sheet is a rock, with over $1.7 billion in net cash. While it is still early (CrowdStrike IPO'd in 2019), share dilution has fallen below 5% per year, which is encouraging this early in the game.

I like everything about the company's management and financial results. Top notch.

Risks

Let's wrap up with a look at the primary risks to be aware of.

The first one has dogged the cybersecurity industry through its history: rapid technological disruption. CrowdStrike itself is a prime example of this, upending the traditional endpoint protection scheme with a SaaS-based model. There are a lot of well-funded, successful firms in this space that could innovate CrowdStrike into obsoleteness, over time.

The second big risk is valuation. Even after a big selloff in 2022, the stock is still valued at over 18 times sales. That assumes a lot of growth in the future. If CrowdStrike suffers a faster-than-expected growth slowdown, investors could get burned.

Conclusion

Certainly, CrowdStrike fits the bill as a "green dot" stock. The company definitely makes the cut for our Watch List. Check out the CRWD stock page for our thoughts on valuation and what a good price to buy is (members).