News of the Week (September 18-22)

News of the Week (September 18-22)

19 min read

Today’s Article is Powered by my Favorite Brians Over at Long Term Mindset:

1. CrowdStrike (CRWD) -- Investor Briefing/Fal.Con 2023

Subscribe now

This event was packed full of new financial targets and product enhancements. This is the 30,000 foot view condensed & summarized (as briefly as I could).

a. Winning

Platform Approach Working:

Founder/CEO George Kurtz subtly ripped on the competition like he often does. He lamented on point solutions marketing themselves as true platforms. CrowdStrike is the true platform play. While it has made smaller acquisitions in the past, it did not “stitch together” disparate point solutions and try and emulate a full platform like other competitors.

By building all of these use cases as one platform and interface, CrowdStrike not only delivers lower cost, but better efficacy. Data sets from log management, cloud security, identity protection, threat hunting, incident response etc. are all rich with valuable insight. CrowdStrike’s Falcon Threat Graph can ingest all of this data and leverage it in a cohesive fashion. It sees this capability as unmatched in its space. Knowing where vulnerabilities are means directing threat hunters to remediate more expeditiously. “Better together” examples like that are endless and require CrowdStrike’s complete platform approach.

New MITRE ATT&CK (3rd party research firm) research confirmed this reality yet again. CrowdStrike received 100% protection, visibility and analytic detection scores.

Long Term Guide (that definitely isn’t a guide):

Kurtz and CFO Burt Podbere offered long term performance targets. They told us the numbers aren’t guidance, but regardless, I consider it guidance. What else could it be? They set the goal of reaching $10 billion in annual recurring revenue in 5-7 years which represents 19%-28% demand compounding over the period. A few notes on this. CrowdStrike has a perfect track record of only offering targets that it can easily surpass. I’d put money on (and I have) CrowdStrike getting there in 5 years. If history is any indication, under 5 years is a lot more likely than 6 or 7.

CrowdStrike has a $40 billion market cap today. Let’s do some simple modeling. Assume that its FCF margin disappoints from here (virtually no leverage), it reaches its ARR target in 5 years and its FCF multiple contracts from 34x to 27x. I think these are pessimistic assumptions. That would leave us with about $3.2 billion in end of period cash flow and an $87 billion market cap. $87 billion represents a 5 year compounded return of 17% or 16% at current dilution (which will slow). That’ll work. I don’t see 34x FCF for a company like this one as aggressive, but I assumed it would contract from here to be overly conservative. It’s one of one in terms of scale, growth and cash flow generation. That commands a premium.

Furthermore, the margin assumptions I’m using are too pessimistic. CrowdStrike just raised its FCF margin target from 31% to 36%. 36% would push the annual return to 20% over the next 5 years (19% with current pace of dilution).

Subscribe now

More Financial Flexing:

There were more impressive target margin raises as well. It raised its operating margin target from 21% to 30% while raising its subscription gross margin target from 79.5% to 83.5%. These will be reached within 3-5 years (so probably 3 years). A 400 basic point (bps) raise to gross margin targets is not normal… neither is a 900 bps raise to EBIT margin targets. Special company in my shareholder view.

Finally, it committed to GAAP net income profitability for this fiscal year and going forward. That should mean it’s a matter of quarters before it enters the S&P 500.

400 Bps of Gross Margin Leverage Sources:

  • It’s quickly shifting to lower cost public cloud regions.
  • Obsessively driving down hosting costs per endpoint wherever possible. That’s 50% of input costs and there’s a “lot of optimization to do here” per Podbere. I love Burt.
  • Economies of scale.
  • Use AI to build more automation into its own workflows.

More Financial Nuggets:

  • CrowdStrike sees its total addressable market (TAM) more than doubling over the next 5 years from $100 billion to $225 billion.
  • Its current client expansion opportunity is $16.7 billion vs. $9 billion just 2 quarters ago as it rapidly adds compelling new products.
  • 160 CrowdStrike partners now have $10 million+ in CrowdStrike-based business.
  • CrowdStrike client discounts are entirely stable. It’s not pricing more aggressively to keep winning new business.

b. Product & M&A Announcements

Charlotte AI (its Generative AI product):

CrowdStrike, as telegraphed, will take the Microsoft approach to generative AI by directly monetizing Charlotte AI. It will charge $20 per endpoint annually for access to this tool. Considering Charlotte AI shrinks hours of work into minutes by automating analyst tasks, this should find traction. Individual clients protect millions of endpoints with Falcon to give an idea of how material this could become. This is easily a $20 million ARR up-sell opportunity for some of its larger customers. Kurtz walked us through some Charlotte AI demos which felt like stepping into the future. If you watch anything from Fal.Con, watch his keynote.

Table-Setting:

CrowdStrike’s 3 key growth vectors (along with endpoint) will be Security Information and Event Management (SIEM) (log management), Cloud Security and Identity Security. It made interesting announcements within all three. Starting with SIEM:

Raptor Release (for Better SIEM/Log Management):

Log management means fetching, organizing, storing and leveraging all relevant data sources for a company to utilize. It’s an “observability” tool encompassing a company’s entire asset base.

CrowdStrike’s Raptor natively integrates SIEM with the rest of the Falcon platform. It removes manual dependencies and creates newfound flexibility to innovate even faster. Kurtz walked us through a key SIEM pain-point: When data is aggregated through competition, it routinely loses needed context as it can’t directly communicate with a firm’s security suite. With Falcon, that headache disappears. By conjoining these two data and product siloes, CrowdStrike improves efficacy and lowers cost… like it does everywhere else. The index free nature of Falcon log management means searching 40+ terabytes of data takes minutes vs. days with legacy players. President/CTO Adam Sentonas sees querying speeds for this product as second to none. I’m sure Datadog would disagree.

There’s more. Raptor allows for near-endless 1st and 3rd party data usage to augment log management. This mimics an extended detection and response (XDR) philosophy of using 3rd party data to enhance detection. Data telemetry is a powerful, powerful thing.

Log management overall is a $16 billion market opportunity for CrowdStrike. It sees the segment growing from $100 million in annual recurring revenue (ARR) today to at least $1 billion by calendar 2028. That represents a 58% revenue compounded annual growth rate (CAGR).

Identity Security:

There wasn’t much new here but there’s an important reminder needed. When CrowdStrike says it will compete in identity security, it does not mean it’s encroaching on Okta’s Identity Broker/Access Control niche. Instead, CrowdStrike’s aim is to prevent identity malpractice. It uses a zero-trust architecture here to ensure a bad actor cannot breach the most vulnerable part of a company’s infrastructure and then freely, horizontally move through the rest of it. There is continuous identity verification and constant flagging of off-pattern activity to point out where breaches are occurring.

CrowdStrike sees this as a $17 billion market with it reaching at least $1.25 billion in revenue over the next 5 years. This represents a revenue CAGR of 38%. Over time, it thinks this segment will be as large as its bread-and-butter modern endpoint detection and response (EDR) product. That will take a while.

Acquiring Bionic to Expand the Cloud Security Suite:

Subscribe now

CrowdStrike, as rumored, will acquire Bionic. Bionic is a trailblazer in App Security Posture Management (ASPM). It offers serverless scanning within ecosystems like Microsoft Azure and AWS.

There’s an annoying number of acronyms within cloud security that need to be covered here to understand what Bionic adds to the company. Kurtz gave us a wonderful, easy to understand purpose of each:

  • Cloud Security and Posture Management (CSPM): Tells you about your vulnerabilities and misconfigurations.
  • Cloud infrastructure entitlement management (CIEM): Tells you who is entering your software environment. It tells you if these entrants are allowed and exactly what they’re allowed to do.
  • Cloud Workload Protection (CWP): Preventative measure to observe if anything bad is being done by entrants. This sounds the alarm bells while preventing and remediating cloud infrastructure attacks. It’s closely related to CSPM and CIEM.
  • Cloud Native Application Protection Platform (CNAPP) is the overall suite tying all of these cloud products together.

Bionic’s ASPM gives companies a “complete inventory of what’s actually in their software infrastructure.” It gives them a birds-eye-view of apps in use, how they’re configured, how they’re deployed and if that’s ok. It then ranks these vulnerabilities at the app level to tell companies what to focus on first. This eliminates harmless vulnerabilities from alerts and cuts down on irksome false positives by up to 80%. Bionic extends CrowdStrike CNAPP to “deliver comprehensive risk visibility and protection across the entire cloud estate.” By expanding its service to the overarching app level, this gives companies a “complete picture of cloud risk.” It makes (per CrowdStrike), Falcon the first and only to provide end-to-end cloud security from initial source code writing all the way to deployment. CrowdStrike Chief Product Officer Raj Rajamani sees Bionic as the “final filter for every CSPM.”

Perhaps the most compelling part of Bionic is its unique view of a firm’s full Information Technology (IT) environment. A better view of an asset base doesn’t just help with security hygiene but with observing productivity, understanding the need for software/data and the ability to query information right from Falcon. Falcon for IT should be another compelling growth area in the years to come with another $10 billion in TAM to go after.