Crowdstrike seems to be taking another beating today, its fourth day in a row. Today’s fall is said to be due to a Citi analyst initiating coverage with a SELL rating and $43 PT citing a challenging outlook due to a crowded market place. A Goldman analysts took a similar view last week with a similar effect on the share price.
The IR site does not yet state the earnings release date yet, here’s hoping the results are well received and we get a short squeeze. I like what I see in terms of the financials so far, but I admit I have stopped nibbling on the way down now. There was something about re-evaluating your thought process when the market is voting against you in another thread yesterday
What the analyst is saying, linked to CAP discussion, is that Crowdstrike’s CAP is limited as it is selling into what is mostly a commodity market (end point security). The analyst sites that market leadership in that market generally peaks at 10% marketshare and thus CrowdStrike will be hitting a peak sooner than later.
The analyst goes on and says it is great that Crowd is moving into adjacent markets but those adjacent markets are already crowded with competitors thus it will be difficult.
As an investor then one has to ask is CrowdStrike a company that is not normal (again, as we discussed in the CAP discussion) or is CrowdStrike a company that hit it big taking on low hanging fruit but otherwise will revert to the mean?
CROWD is built from the ground up cloud (which we have seen is a real and unprecedented advantage in most markets it has been tried), and that Crowd is trying to build a Salesforce like platform.
Will Crowd revert to the mean or is its CAP such that instead of reverting to the mean as they get through the low hanging fruit that it will instead trend to the extreme as it blows through that 10% marketshare number and its platform develops a network effect leading to CrowdStrike threatening to become a dominant security platform?
I honestly have not followed it that closely. I know quite a bit, yes, but I do not know enough to answer the above question. I would appreciate it if those who do can answer the question in that context. Will Crowd just become one of the pack in a very crowded market or is there something so disruptive about Crowd’s platform and then growing networking effect the platform creates that will cause Crowd to not revert to the mean and to move to the extreme (meaning that it gains market dominance - say 25% of marketshare and growing, plus real marketshare in adjacencies, with a real moat created with the platform and the networking effect).
“Crowded” market, maybe, but so far the bigger names I don’t feel are capable of defending. The incumbents are falling apart. Symantec, Blackberry… not a chance of releasing a cloud based superior technology. Other growing cloud companies would need to offer something better or something cheaper.
Crowd has a very lightweight endpoint and an amazingly fast deployment capability. This low friction on-boarding is a serious advantage.
In the short term, any other cloud company would be marginal improvements on such and less well known and an even bigger operational/decision risk.
Longer term, the platform of Crowd should enable increasing market share and function as a moat as other solutions are developed and deployed to the endpoint.
Adoption and customer growth continues to be the story, but the long term platform development is what will drive price growth in my opinion. I also believe Crowd will be able to sell the security as a service to smaller companies that don’t want the expensive employee(s) when it could be almost completely automated and more secure than staffing and buying their own. Paired with ZS, for example, you have serious reductions in the required hardware and staff.
Crowd’s subscription revenue the last three fiscal years has been:
$38 million
$93 million
$213 million
That’s growth of 144% and 137%, albeit coming off small numbers.
Last quarter alone Subscription Revenue was $98 million, up from $49 million, and that quarterly revenue was 46% of what they took in all last year. It was 91% of total revenue.
Do those figures look like commoditization to anyone? How fast are their competitors’ revenue growing? Or shrinking?
However, while sticking with my position, I’m not adding more. I’ll wait for news. Makes me uncertain when a stock drops like this. I won’t sell, and won’t buy, but I’ll hold the substantial position I have.
Interesting discussion. The lower valuation has me interested a little. Here is what CRWD S1 lists as its TAM:
Corporate endpoint (IDC estimates to be $7.6B in 2019 and $8.7B by 2021).
Threat intelligence (IDC estimates to be $1.6B in 2019 and $2.0B by 2021).
Security and vulnerability management (IDC estimates to be $8.4B in 2019 and $10.4B by 2021).
IT Service Management Software (IDC estimates to be $2.6B in 2019 and $3.1B by 2021).
Managed security services (IDC estimates to be $24.8B in 2019 but CrowdStrike thinks that they can touch ~$4.4B of that and $5.1B of it by 2021).
Overall, the company thinks their global TAM is $24.6B in 2019 and is expected to reach $29.2B by 2021.
So, the analyst is saying CRWD should slow down a lot once it gets to 10% of the first item, say $1B. That is still ~3x the TTM rev. So, the analyst could be correct despite the growing customer count. However, the current P/S of 35+ assumes that CRWD has a much bigger TAM. So, the question that I have is:
Has CRWD talked a lot about wins in adjacent markets - seems items 2-5 above. Are they only talking about #1?
Short interest has doubled in the past 2 months and is up to 11% of float
Neither of those stats dissuades me, as they ignore the current financial numbers. FWIW, my loaned out CRWD shares were returned last week. So less a concern … relative to another holding for which the loan interest rate now exceeds 40%).
Don’t sweat the shorts. At most, they are momentary plays and have little long term effect.
🆁🅶🅱 There’s battle lines being drawn …Nobody’s right if everybody’s wrong
Tinker,
I can’t really answer your question, but one observation about the technology. I know of no other company in the security arena (with the possible exception of ZS) where the value of the service increase for every customer with each new customer that comes on board. An endpoint threat detected at any CRWD customer immediately becomes actionable intelligence for every customer. More customers equates to more information; hence, more intelligence.
Try and identify another endpoint security product with that attribute. If there’s another one, I don’t know what it is.
Endpoint security is a very difficult field. Quite finicky, we see boom and busts here regularly. One rises to the cream only to see the next rise to the top. And so it goes. Large amount of competition.
One that’s slipping under the radar that hasn’t seen a lot of discussion but may well bubble up is SentinelOne.
This is another approach that will likely be equally disruptive. Fully Autonomous Endpoint Protection. Using the latest in machine learning and AI to deploy a very lightweight and inexpensive agent to autonomously do the detecting and remediation without the need for user input.
I haven’t done a deep dive on SentinelOne, but initial look is quite positive. Very high marks from Gartner reviews for one, slightly edging out Crowd. And growing at a pretty good clip:
Perhaps this strong relationship between effectiveness and price is contributing to SentinelOne’s growth. As Weingarten explained, “We are growing bookings at 300%. 70% of them are complete rip and replace from McAfee and Symantec. Pandora replaced Symantec with SentinelOne. We win 70% of the time we compete in a proof of concept. We expect a displacement book of $100 million in 2019.”
Something to look further into. We have Elastic announcement with Endgame tomorrow webcast. If they don’t talk about how Elastic’s unsupervised machine learning will play a huge part in the Endgame agent integration, I will be surprised.
But I think SentinelOne is something to look into, to see how it plays in the mix up occurring in Endpoint.
Darth… been on my radar for a while when looking for other potentials and was told by an executive at TGIF that they guarantee up to $1mill on any cyber attack. Is this true or normal in the endpoint protection field?
Crowdstrike Falcon also uses ai and ml. It looks to me like Sentinel 1 and Crowdstrike are almost neck and neck but when you look at Crowdstrike nobody is mentioning Sentinel 1. When you look at Sentinel 1 they are comparing it to Crowdstrike.
I know Sentinel had a problem with execution and management. They say they have solved the problem and maybe they will catch up to Crowdstrike but at this time Crowdstrike is the clear leader.
Darth,
Very interesting. As I’m still in China, my access is severely inhibited. Can’t get to any usable search engine. Even posting to the TMF board often takes multiple tries in order for the message to actually post. Lot’s of sites blocked, or just time out even if they are supposed to be available.
Keep posting about what you learn. This is a fascinating domain. I was feeling pretty secure about CRWD investment, but now, with what you’ve posted, maybe a reexamination in light of competitive threats is in order. I just don’t know.
Yeah if you look at an older one (2018 or 2017) Crowd and SentinelOne(S1) are neck and neck in the “visionary” section.
Then Crowd rose straight up in the 2019, clearly finding legs to execute, while S1 stayed stationary. Maybe it’s S1 “sales and execution” problems?
Just as likely it’s the market deciding.
Evidence of a powerful platform competitor, but may not be having an impact on Crowd yet. There’s a lot of legacy lunch to eat before they start in on each other’s turf.
In Gartner reviews they have the same rating on about the same number of reviews. The reviews say a lot of the same things.
That Forbes article I posted was from 2018, will look to see if we can find more recent info on S1 growth. Was quite extraordinary when it was written.
I know Endgame seemingly hit a growth wall from since last year. If S1 has hit a similar growth wall, it serves as further proof of what that growth wall is.
Try and identify another endpoint security product with that attribute. If there’s another one, I don’t know what it is.
Well, I would think that pretty much every respectable end point security company regularly detects new exploits, updates their rules, and sends updates to the users. CRWD may be more instantaneous, but I think the basic pattern is pretty much universal.
“I can’t really answer your question, but one observation about the technology. I know of no other company in the security arena (with the possible exception of ZS) where the value of the service increase for every customer with each new customer that comes on board. An endpoint threat detected at any CRWD customer immediately becomes actionable intelligence for every customer. More customers equates to more information; hence, more intelligence.”
FireEye, Palo Alto, Microsoft, Google, ZScaler… anyone doing research of forensics has this dynamic. If you want to see how well it works out for stock performance, consider that FireEye has the premier incidence response offering (Mandiant) and intelligence (iSight) and see look at their market cap over time. Every infosec company with telemetry streams and reverse engineering teams has this dynamic, which is most of them.