CRWD down again

Crowd’s subscription revenue the last three fiscal years has been:

$38 million
$93 million
$213 million

That’s growth of 144% and 137%, albeit coming off small numbers.

Last quarter alone Subscription Revenue was $98 million, up from $49 million, and that quarterly revenue was 46% of what they took in all last year. It was 91% of total revenue.

Do those figures look like commoditization to anyone? How fast are their competitors’ revenue growing? Or shrinking?

However, while sticking with my position, I’m not adding more. I’ll wait for news. Makes me uncertain when a stock drops like this. I won’t sell, and won’t buy, but I’ll hold the substantial position I have.

Best,

Saul

36 Likes

Interesting discussion. The lower valuation has me interested a little. Here is what CRWD S1 lists as its TAM:

Corporate endpoint (IDC estimates to be $7.6B in 2019 and $8.7B by 2021).
Threat intelligence (IDC estimates to be $1.6B in 2019 and $2.0B by 2021).
Security and vulnerability management (IDC estimates to be $8.4B in 2019 and $10.4B by 2021).
IT Service Management Software (IDC estimates to be $2.6B in 2019 and $3.1B by 2021).
Managed security services (IDC estimates to be $24.8B in 2019 but CrowdStrike thinks that they can touch ~$4.4B of that and $5.1B of it by 2021).
Overall, the company thinks their global TAM is $24.6B in 2019 and is expected to reach $29.2B by 2021.

So, the analyst is saying CRWD should slow down a lot once it gets to 10% of the first item, say $1B. That is still ~3x the TTM rev. So, the analyst could be correct despite the growing customer count. However, the current P/S of 35+ assumes that CRWD has a much bigger TAM. So, the question that I have is:

Has CRWD talked a lot about wins in adjacent markets - seems items 2-5 above. Are they only talking about #1?

10 Likes

Short interest has doubled in the past 2 months and is up to 11% of float

Neither of those stats dissuades me, as they ignore the current financial numbers. FWIW, my loaned out CRWD shares were returned last week. So less a concern … relative to another holding for which the loan interest rate now exceeds 40%).

Don’t sweat the shorts. At most, they are momentary plays and have little long term effect.

🆁🅶🅱
There’s battle lines being drawn …Nobody’s right if everybody’s wrong

3 Likes

11% is really nothing to be worried about.

I’d be more worried that the lead bookrunner put a sell rating on it.

1 Like

Tinker,
I can’t really answer your question, but one observation about the technology. I know of no other company in the security arena (with the possible exception of ZS) where the value of the service increase for every customer with each new customer that comes on board. An endpoint threat detected at any CRWD customer immediately becomes actionable intelligence for every customer. More customers equates to more information; hence, more intelligence.

Try and identify another endpoint security product with that attribute. If there’s another one, I don’t know what it is.

8 Likes

Endpoint security is a very difficult field. Quite finicky, we see boom and busts here regularly. One rises to the cream only to see the next rise to the top. And so it goes. Large amount of competition.

One that’s slipping under the radar that hasn’t seen a lot of discussion but may well bubble up is SentinelOne.

https://www.sentinelone.com/

This is another approach that will likely be equally disruptive. Fully Autonomous Endpoint Protection. Using the latest in machine learning and AI to deploy a very lightweight and inexpensive agent to autonomously do the detecting and remediation without the need for user input.

I haven’t done a deep dive on SentinelOne, but initial look is quite positive. Very high marks from Gartner reviews for one, slightly edging out Crowd. And growing at a pretty good clip:

Perhaps this strong relationship between effectiveness and price is contributing to SentinelOne’s growth. As Weingarten explained, “We are growing bookings at 300%. 70% of them are complete rip and replace from McAfee and Symantec. Pandora replaced Symantec with SentinelOne. We win 70% of the time we compete in a proof of concept. We expect a displacement book of $100 million in 2019.”

https://www.forbes.com/sites/petercohan/2018/04/30/sentinelo…

Something to look further into. We have Elastic announcement with Endgame tomorrow webcast. If they don’t talk about how Elastic’s unsupervised machine learning will play a huge part in the Endgame agent integration, I will be surprised.

But I think SentinelOne is something to look into, to see how it plays in the mix up occurring in Endpoint.

Darth

11 Likes

Darth… been on my radar for a while when looking for other potentials and was told by an executive at TGIF that they guarantee up to $1mill on any cyber attack. Is this true or normal in the endpoint protection field?

Crowdstrike Falcon also uses ai and ml. It looks to me like Sentinel 1 and Crowdstrike are almost neck and neck but when you look at Crowdstrike nobody is mentioning Sentinel 1. When you look at Sentinel 1 they are comparing it to Crowdstrike.

https://www.gartner.com/reviews/market/endpoint-protection-p…

Andy

3 Likes

Here is Gartner from August 2019.

https://www.crowdstrike.com/blog/crowdstrike-named-a-leader-…

I know Sentinel had a problem with execution and management. They say they have solved the problem and maybe they will catch up to Crowdstrike but at this time Crowdstrike is the clear leader.

Andy

9 Likes

Darth,
Very interesting. As I’m still in China, my access is severely inhibited. Can’t get to any usable search engine. Even posting to the TMF board often takes multiple tries in order for the message to actually post. Lot’s of sites blocked, or just time out even if they are supposed to be available.

Keep posting about what you learn. This is a fascinating domain. I was feeling pretty secure about CRWD investment, but now, with what you’ve posted, maybe a reexamination in light of competitive threats is in order. I just don’t know.

2 Likes

Here is Gartner from August 2019.

Thanks Andy, Very interesting grid. SentinelOne and Carbon Black are miles behind Crowdstrike, and PaloAlto is miles behind them.

Thanks to you, and to Gartner😀

Saul

6 Likes

Yeah if you look at an older one (2018 or 2017) Crowd and SentinelOne(S1) are neck and neck in the “visionary” section.

Then Crowd rose straight up in the 2019, clearly finding legs to execute, while S1 stayed stationary. Maybe it’s S1 “sales and execution” problems?

Just as likely it’s the market deciding.

Evidence of a powerful platform competitor, but may not be having an impact on Crowd yet. There’s a lot of legacy lunch to eat before they start in on each other’s turf.

In Gartner reviews they have the same rating on about the same number of reviews. The reviews say a lot of the same things.

That Forbes article I posted was from 2018, will look to see if we can find more recent info on S1 growth. Was quite extraordinary when it was written.

I know Endgame seemingly hit a growth wall from since last year. If S1 has hit a similar growth wall, it serves as further proof of what that growth wall is.

That is CrowdStrike.

Darth

8 Likes

A recent article on a recent funding round for SentinelOne.

The article is behind a pay wall but the subtitle says it all.

The Mountain View company said it now has more than 2,500 customers and its annual recurring revenue jumped 217 percent in the past year.

https://www.bizjournals.com/sanjose/news/2019/06/05/sentinel…

That’s from Jun 5, 2019.

No growth wall from Sentinel.

Darth

3 Likes

Try and identify another endpoint security product with that attribute. If there’s another one, I don’t know what it is.

Well, I would think that pretty much every respectable end point security company regularly detects new exploits, updates their rules, and sends updates to the users. CRWD may be more instantaneous, but I think the basic pattern is pretty much universal.

1 Like

brittlerock,

Try and identify another endpoint security product with that attribute.

FireEye?

TJ

“I can’t really answer your question, but one observation about the technology. I know of no other company in the security arena (with the possible exception of ZS) where the value of the service increase for every customer with each new customer that comes on board. An endpoint threat detected at any CRWD customer immediately becomes actionable intelligence for every customer. More customers equates to more information; hence, more intelligence.”

FireEye, Palo Alto, Microsoft, Google, ZScaler… anyone doing research of forensics has this dynamic. If you want to see how well it works out for stock performance, consider that FireEye has the premier incidence response offering (Mandiant) and intelligence (iSight) and see look at their market cap over time. Every infosec company with telemetry streams and reverse engineering teams has this dynamic, which is most of them.

3 Likes

Tinker,
After re-reading this thread I’m not sure you question about branching into the said TAM is happening.

The answer for me…is yes per their last CC CRWD is selling all of its cloud modules on its platform (different TAMs) to more and more of their customers (47% of customers have 4 or more cloud modules of the 7 that exist now, this taken from the CC 4th Quarter 2019. And per Bert’s write up ‘CRWD is like Zs in that it’s invented its own category’ - that, it’s platform, sounds disruptive and is what is allowing them to address these TAMs unlike anyone else.

Jason

2 Likes

Fireeye? News to me if they provide endpoint (not saying they don’t, I haven’t looked at them in maybe 2 years. I just don’t know). Last I looked, they had some pretty neat data center security products that not only looked for malware signatures but also used AI (or whatever) to seek anomalous, suspect behavior. The Target breach was actually detected by FireEye, but the CIO had left the company and the CEO didn’t think finding a replacement was a priority. The IT guys watched the flags go up, but didn’t have anyone to get guidance from before it was too late.

In case you didn’t know a detected security breach is not always acted upon immediately. They often watch it and get law enforcement involved before they do anything. They often want to know who’s involved and where it’s coming from before shutting it down.

1 Like

Yes, I think you’ve pretty well defined the standard procedure as well as one of the primary reasons Crowdstrike is way out ahead of the pack. The lag time between detection, informing and updating is a window big enough for a Mack truck. An enormous amount of damage can be done in that period of time. Think ransomware, thousands of devices can be infected during that lag time. With Croudstrike even the original target might be cleansed before the machine is shut down, but even if not, that’s as far as the infection spreads.

3 Likes

that story of the Target breach is an indication that many companies do not take security breaches very seriously. If only customers are involved there is no direct penalty to the corporation. Maybe eventual litigation but the pay out here may take years. Even telling customers about the breach promptly is not common.People are getting desensitized to their information being spread out to crooks. Security does not add to revenue so is put into second tier when it comes to CEO attention. I think we need EU style legislation with progressively steeper fines for leaks because the consumer (ie voter) is not being protected.

Target deserves a bigger punishment than they likely will get.

2 Likes