CrowdStrike Holdings, or CrowdStrike, filed for a $100M IPO with Goldman Sachs leading the offering. The $100M dollar amount is a placeholder and it’s likely they will raise significantly more. The company plans to trade on the Nasdaq under the symbol “CRWD”. CrowdStrike is a leading cybersecurity company with a mission to protect their customers from breaches. With their Falcon platform, the company says they have created the first cloud-native security solution that can protect workloads across any environment, and is underpinned by two main pillars 1) an intelligent lightweight agent and 2) their cloud-based graph database called Threat Graph. CrowdStrike believes they have created a new category called the “Security Cloud”, with the aim to transform the security industry much like what has happened to other industries like HR, CRM, etc. The company calls out the tectonic shift to the cloud, workforce mobility, growth in connected devices (which in many cases are outside the traditional security perimeter), along with the continuous sophistication of adversaries attacking this ever increasing digital surface area as trends demanding a new, cloud-first approach to cybersecurity, such as their Falcon Platform. CrowdStrike has grown rapidly to date and has 2,516 subscription customers globally (as of Jan-19) which include some of the world’s largest companies. The company was founded in 2011 and launched its first endpoint security product in 2013. CrowdStrike is based in Sunnyvale, California and has 1,455 full-time employees.
Below is a list of company milestones from the S-1:
CrowdStrike’s Falcon platform is a security solution capable of protecting workloads irrespective of environment and works across a variety of endpoints such as laptops, desktops, servers, virtual machines, and IoT devices. The two main pillars are a lightweight endpoint agent, which occupies less than 35 megabytes of storage space and supports Windows, Mac and Linux operating systems, and a database called Threat Graph. CrowdStrike processes data from endpoints, which they crowdsource from their entire customer base, and use AI and behavior pattern-matching to stop breaches. In early 2017 the company moved away from a single offering into 10 cloud modules, all subscription-based. CrowdStrike has been successful in upselling modules and as of Jan-2019, 47% of subscription customers have bought 4+ modules. Unfortunately, there is no breakout of revenue or ARR by product but I suspect that most of their revenue is from the endpoint security products. Below are descriptions of the categories and cloud modules:
Security and IT Operations
CrowdStrike also recently launched the CrowdStrike Store, which is the first open platform as a service, or PaaS, for cybersecurity. This allows customers to purchase additional products from CrowdStrike partners and utilize the same CrowdStrike agent. Lastly, the company announced CrowdStrike Falcon for Mobile, which is their EDR solution for mobile devices that will be available later this year.
Summary Metrics and GTM (Go-to-Market)
CrowdStrike has significant scale and is growing incredibly quickly. And while their operating losses are in the red, they’re gaining operating leverage. The company did $249.8M of total revenue in FY’19, up 110% YoY. Almost 90% of their revenue is subscription-based and ended FY’19 at $312.7M of ending ARR, up 121% YoY. With that said, the company still has large losses — non-GAAP operating loss was $(115.8)M in FY’19, a (46)% margin, although that is up from a (100)% non-GAAP operating margin in FY’18. CrowdStrike ended FY’19 with 2,516 subscription customers, up 103% YoY and their implied ACV (annual contract value) was $124.3K in FY’19 (ARR/customers). Their dollar-based net retention rate was very strong in FY’19 at 147%, up from 119% in FY’18. Dollar-based gross retention was 98% in FY’19. Below are other relevant stats from their S-1:
CrowdStrike primarily sells through a direct sales team that leverages a network of channel partners. The direct sales team is segmented by inside and field sales reps based on the number of customer endpoints. More recently the company launched a free trial of the Falcon Prevent module (next-gen antivirus) available directly from the CrowdStrike website or through the AWS Marketplace. CrowdStrike got their start by just focusing on large enterprises but now sells to any size of company from hundreds of thousands of endpoints to as little as 3. They generally price by endpoint and by module. Unlike most SaaS companies, professional services provide strong lead generation for CrowdStrike — they offer Incident Response Services to companies and disclose that among companies that first became a customer after February 1st, 2017, for each $1.00 spent by those customers on their services engagement, it generated $2.97 in ARR.
The cybersecurity market is growing rapidly, and the cloud-based market is growing even faster. And while CrowdStrike believes their market initially began as a replacement market for the legacy AV market, it has expanded to include markets even outside of traditional cybersecurity like IT service management. CrowdStrike believes they serve the following markets;
Overall, the company thinks their global TAM is $24.6B in 2019 and is expected to reach $29.2B by 2021. For some comparison, Zscaler, another cloud-based cybersecurity company that went public in early 2018 believed their TAM to be $17.7B.
CrowdStrike is selling into a hard-fought market and says they compete in 3 segments. Incumbents in the antivirus market, which CrowdStrike considers more legacy players with their signature-based approaches, which include McAfee and Symantec. Other modern endpoint security providers such as Cylance (which was acquired by Blackberry in 2018 for $1.4B), Carbon Black which went public in 2018, and Cybereason. CrowdStrike also thinks they compete with network security vendors such as Palo Alto Networks and FireEye which are supplementing their core perimeter-based offerings with endpoint security solutions.
CrowdStrike and one of their main competitors, Cylance, have a close history. CrowdStrike’s CEO, George Kurtz, was the CEO and co-founder of Foundstone which was acquired by McAfee in 2004. Stuart McClure, who was the CEO/founder of Cylance, was also a founder and CTO at Foundstone. Both left McAfee to build successful very companies.
Investors and Ownership
According to Pitchbook, CrowdStrike has raised $481.2M to date from investors including General Atlantic, Warburg Pincus, Accel, CapitalG (Google Capital), IVP, March Capital Partners, Telstra Ventures and others. 5%+ pre-offering institutional investor shareholders include Warburg Pincus (30.3%), Accel (20.3%) and CapitalG (11.2%). George Kurtz, CrowdStrike’s co-founder, President, and CEO, is at a 10.5% pre-offering stake. Their last round, which was a $200M series E led by General Atlantic, IVP, and Accel in June-2018 was at a $3.15B pre-money valuation, according to Pitchbook.
Financials and Other Metrics Outputs
CrowdStrike is losing a lot of money but is gaining operating leverage — ending ARR grew from $141.3M in FY’18 with a (100)% non-GAAP operating margin to $312.7M in FY’19 with a (46)% non-GAAP operating margin. Their dollar-based net retention rate was quite high in FY’19 at almost 150% and it’s clear their strategy of upselling cloud modules is working. Moreover, their sales efficiency has improved over the past 4 quarters. Their implied months to pay back, which is the inverse of a CAC ratio (net new ARR * gross margin/sales and marketing spend of the prior quarter), has gone from 24 months in Apr-18 to 14 months in the most recent quarter. The median months to pay back in their disclosure period was 16.5. The company does not release customer counts by quarter. CrowdStrike has $191.7M of cash and marketable securities on their balance sheet and raised $481.2M, implying they have burned through almost $300M of cash to get to $312.7M of ARR, which is very impressive. Outputs of other metrics are below.
Historical P&L & Metrics (000's)
Quarterly Subscription Revenue ($M)
Ending ARR ($M)
Unlike almost all other SaaS companies, CrowdStrike actually releases ARR as a metric in their S-1. The company added $59M of net new ARR over the past quarter and $171.3M over the past year.
Dollar-Based Gross and Net Retention Rates
The number of CrowdStrike customers that purchase multiple cloud modules is rising and so are their gross and net retention dollar rates.
Subscription Customers with 4 or More Cloud Module Subscriptions
CrowdStrike’s platform strategy is working — as you can see below almost half of their total subscription customers have 4+ of their products and the number continues to rise quarter-over-quarter.
Quarterly GAAP Gross Margins
Quarterly non-GAAP Operating Expenses as a % of Revenue
CrowdStrike’s expenses as a percent of revenue are coming down.
Quarterly GAAP and Non-GAAP Operating Margins
While operating margins are increasing.
Revenue Mix Percentage
Sales Efficiency and Payback Periods
As mentioned previously, CrowdStrike’s sales efficiency has been improving over the past 4 quarters. CrowdStrike doesn’t release customer counts by quarter, but the below output plots their implied months to payback using the inverse of a CAC ratio (net new ARR * gross margin/sales and marketing spend of the prior quarter). The magic number is defined as just net new ARR/sales and marketing spend of the prior quarter. Both metrics are improving and the months to pay back are decreasing.
Cash Flows ($M)
Quarterly P&L / Metrics (000's)
CrowdStrike, like other high-growth software businesses with losses, will be valued on a multiple of forward revenue. The output below uses NTM (next-twelve-months) revenue as a proxy based on an illustrative range of growth rates with FY’19 as the base (companies don’t release projections in S-1's). The output also includes an ARR multiple range. Given CrowdStrike’s triple-digit year-over-year revenue growth, it’s likely they can grow 70–90% in FY’20. Given the multiples that similar, high-growth software companies are trading at today; Zoom, PagerDuty, Zscaler, Okta, MongoDB, Elastic, Coupa and others trading at 20–30x+ NTM revenue (as of 19-May-2019), I suspect CrowdStrike will trade well above their last reported private valuation of $3.15B. Carbon Black, which operates in CrowdStrike’s market, trades at ~5x NTM revenue but estimates have them growing at only ~15% over the next twelve months.
CrowdStrike is growing ARR in the triple digits and operating in a massive security market where the trends are moving in their favor — legacy antivirus solutions are becoming less effective, the traditional security perimeter is less relevant, the attack surface area is increasing along with the sophistication and the sheer number of breaches. Enterprises of all sizes need a cloud-first security platform that utilizes AI and can protect any workload, regardless of environment. Moreover, while CrowdStrike still has heavy losses, they have strong net dollar retention and sales efficiency. It’s clear they’re getting leverage in their business model — CrowdStrike should be investing to gain market share. There’s also a great story for them to move outside of security and deeper into IT operations where they have already launched a few products. Some public market investors will likely be nervous about the high losses, but CrowdStrike is in a great position to capitalize — they should have a very successful IPO.
Lastly, CrowdStrike’s CEO, George Kurtz, might be the only software CEO that drives race cars. See the disclosure in the S-1 below:
“As part of our sales and marketing activities, we sponsor a CrowdStrike-branded professional racing car, which our President and Chief Executive Officer drives in some races at no incremental cost to us and in lieu of us hiring a professional driver. As we do not pay any amounts to our President and Chief Executive Officer under these arrangements, it is not reflected in the above table.”
To sign up to receive these post by email, click here.