Income Via Growth: A Post-Pandemic Cybersecurity Winner

cybersecurity.jpg

From time to time, we like to share highly attractive “income-via-growth” opportunities, and this is one of those times. This article is about a stock that pays zero dividend, but can provide a lot of spending cash to investors through long-term price appreciation. We believe it’s a good idea to sprinkle a few of these types of stocks into your portfolio, but if you are looking strictly for high dividend stocks, this article is not for you.

This article is about a technology company that provides endpoint security as a service through its subscription-based business model. The endpoint security market has been steadily growing as cloud computing is becoming the new norm for organizational workflows. The company is enjoying significant tailwinds in the post COVID-19 world as an increasing number of global organizations are adopting work from home policies. Not surprisingly, the stock has rallied in the recent months. In this report, we analyze the company’s business model, its market opportunity, the impacts of COVID-19, competitive position, valuation, risks, and finally conclude whether an investment in the company’s stock offers an attractive balance between risks and rewards.

Overview: CrowdStrike (CRWD)

CrowdStrike is a cybersecurity technology company that provides endpoint detection and response (EDR) solutions to its customers. Co-founded in 2011 by George Kurtz (CEO), Dmitri Alperovitch (former CTO), and Gregg Marston (former CFO), CrowdStrike raised $26 million through first round funding in 2012 led by Accel Partners and finally went public in 2019 at a market valuation of $6.6 billion. The company launched its first threat intelligence module in 2012 and has over the years expanded its portfolio to a suite of 11 different modules. CrowdStrike has been involved in investigations of several high-profile cyberattacks which include hacking of Sony Pictures in 2014, the DNC email leak in 2016, hacking of technology and pharmaceutical companies in 2015.

CrowdStrike provides its services through a subscription-based business model. Customers typically enter into 1-year subscription contracts which are generally priced on a per endpoint and per module basis. The company follows a land and expand sales strategy where target customers are offered a free trial of falcon platform. Once customers experience the benefits of CrowdStrike’s SaaS solutions they upgrade to paid subscriptions and overtime add more endpoints and purchase additional modules. The company’s solution initially catered to larger enterprises but over the years it has onboarded even smaller organizations with fewer endpoints. CrowdStrike had 6,261 customers as of Q1 2020 which included government organizations, 49 of the Fortune 100 companies, 40 of the top 100 global companies, and 11 of the top 20 major banks. Geographically, United States is the largest market for CrowdStrike and contributes 74% of total revenue.

CrowdStrike generates revenue from 2 sources:

Subscription revenue: This segment primarily consists of subscription fees charged to customers for using CrowdStrike’s Falcon platform and cloud modules. Customers are billed upfront for the entire subscription period and revenue is recognized on a pro-rata basis over the tenure of contract. Subscription revenue generates a gross profit margin of 74%.

Professional services revenue: The company also offers incident response and related services to customers that have experienced a cyber-attack or want to understand the robustness of their security systems. These services generate one-time revenue. Professional services are considered as a lead generator for new subscriptions. As of FY 2020, for every dollar spent by customers in professional services, CrowdStrike generated $3.73 of annual recurring revenue as subscription fees. Gross profit margin generated from professional service revenue is 35%.

1.png

AI-powered self-improving technology consistently adds value to the platform

CrowdStrike delivers its services through its Falcon platform. Falcon is a cloud-based framework that protects workloads functioning across variety of endpoints from external breaches by leveraging artificial intelligence and machine learning capabilities. Endpoints refer to end-user devices such as laptops, desktops, servers, virtual machines, and internet of things that serve as points of access to an enterprise network. Adversaries can gain access to the entire corporate network from a single endpoint and can encrypt, destroy, or steal sensitive data. As such, endpoint security is becoming increasingly important in today’s highly complex and interconnected networks.

CrowdStrike provides endpoint security through its 2 part tightly integrated proprietary technology toolbox which consists of a deployable agent and dynamic threat graph. CrowdStrike installs its lightweight agent on every endpoint it covers which blocks both malware and malware-free attacks at the end-point level, while also capturing and transferring endpoint data to the cloud-based Falcon platform for decision-making and analysis.

Threat graph is the brain behind the entire CrowdStrike prevention platform. It consists of a database that records, analyzes, and correlates data collected from endpoints by agents using artificial intelligence and pattern matching techniques. Threat graph continuously applies AI algorithms and graph analytics on the data flowing from agents to detect any suspicious activity or breaches at the endpoints. CrowdStrike maintains a single threat database for all customers, therefore if malicious activity is detected at any of its customer networks, it can deliver the required response for the entire network benefiting its entire customer base.

2.png

The “Artificial Intelligence” (“AI”) driven approach is the most important feature of the Falcon platform as it provides self-learning capabilities. The more data that is fed into the Falcon platform, the more intelligent and efficient threat graph becomes in detecting malicious activities, thereby adding value to the entire customer network. The Falcon platform captures 2 trillion events per week, makes 2.3 million decisions per second, and prevents 30,000 breaches per year. Another advantage of the 2-part falcon platform is its scalability. The entire processing workload is executed at the cloud-based threat graph level, therefore, there is no need for any physical hardware at end points. Customers can easily add as many endpoints as they require when their business scales. They can access the Falcon platform through the company’s suite of integrated cloud-based modules which include a wide range of solutions that span multiple security markets including endpoint security, vulnerability management, and threat intelligence.

“With 11 modules and 11 app store partners, CrowdStrike offers unparalleled opportunities for customers to consolidate agents and reduce cost. CrowdStrike routinely helps customers save money with some customers citing a 3x return on their CrowdStrike investment in as little as 3 months. We believe this is a compelling value proposition in any economic environment.” – George Kurtz, CEO and Cofounder in Q1 2021 earnings call.

Large and growing addressable market

As cloud-based workflow becomes increasingly prevalent across global organizations, so is the need for protecting proprietary data stored on cloud platforms and interconnected endpoints from intrusions and attacks. With the advancement of technology, cyber breaches have become more common, complex, and costly. As per SecurityIntelligence, the average cost of a data breach increased to $3.92 million in 2019. As per a 2018 Cisco white paper, the number of networked fixed and mobile devices is estimated to increase from 18 billion in 2017 to 28.5 billion by 2022. Every device that connects to the network is an endpoint and is a pathway for attackers to gain access to the overall network. As such, there is a continuous need for organizations to consistently monitor and protect all the endpoints on their network from any breach. The market for EDR solutions is still in its early stages. CrowdStrike reported a total addressable market of $26.9 billion in 2020 and as per the company, it is expected to reach $31.9 billion by 2022 growing at a CAGR of 9%.

3.png

Significant tailwinds in the post pandemic world

More recently, CrowdStrike is enjoying significant tailwinds from the work-from-home economy and has emerged as a post-pandemic winner. With stay at home orders or recommendations, a large part of the global workforce is reporting to work from remote locations. CrowdStrike saw a drastic jump in customers and installation of agents at user endpoints as organizations moved their entire workflow to cloud platforms and put systems in place to protect their assets while the users operate in an uncontrolled environment. As per the recent survey conducted by stollznow for CrowdStrike, it was found that 74% of the respondents believed that enhancement of cybersecurity is now their top priority. 65% expect organizational technology budgets to increase in the future. Fueled by the recent surge in demand, the company raised its revenue guidance for FY 21 from $729 million to $767 million at midpoint. CrowdStrike also expects to incur lower operating loss as compared to what was guided earlier.

“On our 100-by-100, I was speaking with a CIO, and I said, tell me a little bit about your digital transformation program. And he said, well, we had a 2-year roadmap. And in one day, at the end of March, we executed on that. That just gives you an idea of how fast things have been accelerated. So we see that as a long-term secular trend and tailwind that we’re able to benefit from.” – George Kurtz, CEO and Cofounder in Q1 2021 earnings call.

Overcoming competition through superior product offering

The endpoint security services market is highly competitive. CrowdStrike competes with several endpoint security solutions vendors that use distinctive technologies or platforms to deliver their services. Its competitors include legacy antivirus providers such as McAfee, Broadcom and Symantec that offer traditional antivirus and signature-based protection. Competitors also include malware-only or application whitelisting techniques provider Blackberry Cylance and VMware Carbon Black, as well as network security providers such as Palo Alto Networks and FireEye. Although the space is extremely crowded, we believe CrowdStrike’s technology is more advanced than its peers in its core area which will help CrowdStrike keep competition at bay for now. The same is reflected in user ratings on several software and services review websites. We accessed independent user reviews from Gartner.com and found that CrowdStrike’s ratings were at top of the pack.

4.png

CrowdStrike was also named a leader in the Gartner magic quadrant for endpoint protection platforms in 2019 and was rated the most superior for “completeness in vision”.

5.png

CrowdStrike’s Falcon platform is emerging as a market leader in endpoint security and is consistently gaining market share from legacy vendors. As per recent IDC report released in July, CrowdStrike almost doubled its market share in 2019, whereas top 3 vendors in the corporate endpoint security segment experienced a decline in their market shares.

“We continue to displace Symantec customers. Again, for a lot of the reasons that we have talked about in the past, people are looking for platforms and they are looking for technologies that actually work and stop breaches. Ransomware has been a huge driver and signature-based AV is really not capable of dealing with sophisticated ransomware, right. So, people are looking to get off that.” - George Kurtz, CEO, and Co-Founder in Q1 2021 earnings call.

Although CrowdStrike is the first mover in the cloud-based endpoint security space, the competition is intensifying as other SaaS vendors have proposed new offerings which include cloud-based security solutions. For instance, Qualys, which is a vulnerability management software provider is planning to add EDR and SIEM tools to its portfolio by 2021. However, please note that the expertise and threat database developed by CrowdStrike over the years through investment in AI and machine learning would be difficult to match by new entrants in the near to medium term.

Robust fundamentals and predictable subscription-based revenue model

The superiority of CrowdStrike’s service offerings is evident in its financial trends. In Q1 FY 21, the company reported subscription revenue of $162 million, which represents a strong growth of 89% on a YoY basis. In fact, the revenue from subscription fees has grown at a CAGR of 126% between FY 17 and FY 20. Subscription revenue now constitutes 91% of the total revenue generated by CrowdStrike. A larger share of recurring subscription revenue adds to better visibility and predictability of future cash flows. Also, Annual Recurring Revenue (ARR) reached $686 million in Q1 FY 21 registering an increase of 88% on a YoY basis.

6.png

The strong top-line growth is primarily driven by increase in customer count as well as consistent upselling within its existing customer base. The number of customers has increased by almost five folds from just 1,262 in 2018 to 6,261 in Q1 FY 21. In fact, in the last 12 months, CrowdStrike has added 3,202 new clients. Besides, it has consistently maintained a high net retention ratio of over 120% which suggests that CrowdStrike has been successful in upselling its modules and endpoints to existing customers. Share of customers that have subscribed to more than four modules has increased from just 9% in FY 18 to more than 55% in Q1 FY 21. Given the secular shift to cloud computing as well as the tailwinds from the work from home economy, we believe that the company would be able to continue its strong momentum in the near to medium term.

7.png

Steadily moving towards profitability through economies of scale

On the profitability front, CrowdStrike generates high gross profit margins of near 75%, however, as is the case with many high-growth technology companies, CrowdStrike still incurs operating losses as it invests in scaling its business. The company reported a Non-GAAP operating profit for the first time in Q1 FY21. The operating margin improved by 24 percentage points in Q1 FY 21 as compared to the same period last year. This was primarily because of improved leverage on operating expenses as the company saw strong topline growth. Please note that Non-GAAP profits exclude share-based expenses which increased from $4 million in Q1 FY20 to $24 million in Q1 FY21. CrowdStrike is expected to continue improving its operating profitability in the coming years as it scales up its business. The company has a long-term target of 20% operating margin.

8.png

Strong financial position with enough liquidity

CrowdStrike became free cash flow positive in FY 20. In Q1 FY 21, the company reported an FCF of $87 million, which is a significant improvement from (-) $16 million reported in Q1 FY20. FCF margins also increased from -17% last year to +49%. Apart from improving operating leverage, this massive improvement was also because of large inflows of deferred revenue from new customers that entered into long term subscription contracts. CrowdStrike ended the recent quarter with $1 billion of available liquidity in the form of cash which also includes amount raised through its IPO last year. With no debt on its balance sheet and positive free cash flow, we believe that the available liquidity provides enough firepower to fund growth capital needs of the company.

Premium valuation justified given massive long-term growth opportunities

CrowdStrike’s stock price has rallied multifold from the lows it experienced in March. It is currently trading at a price to sales multiple of 39 times which is considerably higher than its endpoint security peers. While the current valuation is indeed at a premium, we believe that the premium is justified keeping in mind its superior product, robust fundamentals, predictable subscription-based revenue model and a large addressable market.

CrowdStrike Share Price:

9.png

Risks

CrowdStrike operates in the highly competitive and dynamic Cybersecurity market which is seeing innovation and disruption in multiple areas. If the company’s is unable to keep up with changing trends it may result in slowing growth momentum.

Conclusion

If you are seeking purely dividend-stocks, CrowdStrike is not for you. However, if you are open to some portfolio diversification (and potentially a lot of long-term income via growth), you might consider nibbling at a few shares now. We appreciate that the shares have already rallied hard, and some investors may prefer to wait for a pullback before purchasing more. However, that pullback may never come, and the shares continue to have a ton of room for growth considering the large total addressable market. If you are clever, you might consider selling out-of-the-money income-generating put options on this one because that’l allow you to generate some upfront income now, and it will also give you a chance to own the shares at a lower price (if the share price falls to your strike price before the options contract expires).

Overall, CrowdStrike is an emerging leader in the cloud-based endpoint security services market. The company has delivered impressive growth in recent quarters and has immense growth potential because of the secular shift towards cloud computing and rising cyber security budgets. Despite the premium, we believe that CrowdStrike has upside for investors who are willing to take a longer-term approach to investing.