Crowdstrike S-1 Analysis — Rising Above the Crowd

Crowdstrike S-1 Analysis — Rising Above the Crowd

This week Crowdstrike, which helps prevent security breaches, filed a $100M S-1, with the amount as a placeholder. It is the first American cybersecurity company to file in 2019 and second overall after Israeli Tufin. Crowdstrike offers cloud-delivered endpoint protection for anti-virus and threat monitoring. In 2016, the Democratic National Committee hired Crowdstrike to investigate its Russia-linked hack. At the end of the last fiscal year, Crowdstrike had 2.5K subscription customers generating $313M in Annual Recurring Revenue (ARR). Founded in August 2011, Crowdstrike has ~1.5K employees and is headquartered in Sunnyvale, CA.

Similar to Fastly’s recent S-1 that defined its service as an “edge cloud,” Crowdstrike believes it is creating a new category called the “security cloud.” They argue an effective modern solution should be a data-driven, automated, and open cloud-based platform that process events in real-time and benefits from network effects.

Crowdstrike’s Falcon platform protects endpoints. The platform has two parts: 1) a lightweight agent and 2) a cloud-based, dynamic graph database called Threat Graph. The lightweight agent collects information and streams data to the cloud. It does local endpoint prevention and detection. The Threat Graph processes, correlates, and analyzes endpoint-related events in real time and maintains an index of these events. It continuously analyzes malicious activity by applying graph analytics and AI.

Crowdstrike has 10 cloud modules across three categories: 1) endpoint security, 2) security and IT operations, and 3) threat intelligence. Within endpoint security is next-generation antivirus, endpoint detection and response (EDR), and device control. These modules help defend against malware and malware-free attacks, provide visibly into endpoint activity, and insight into USB peripheral devices. Security and IT operations modules include IT hygiene, scan-less vulnerability management, turnkey response and remediation, and threat hunting. Finally, the threat intelligence category offers threat research, a malware search engine, and a malware analysis tool for suspicious files.

The business contends that its platform has a data moat given the breadth of the customer base and exhibits network affects. Crowdstrike stated that the more data it has to train its AI models the higher efficacy the solution. Additionally, as one threat is identified in a customer, all benefit.

Crowdstrike addresses multiple markets including corporate endpoint security, threat intelligence, security and vulnerability management, IT service management software, and managed security services. In aggregate Crowdstrikes’s Total Addressable Market (TAM) represents $24.6B in 2019 and is expected to grow to $29.2B in 2021, a 9% CAGR.

There are numerous competitors across antivirus, endpoint security, and network security. Direct antivirus competitors include McAfee and Symantec. Endpoint security alternatives include Cylance and Carbon Black. In network security, Crowdstrike duels Palo Alto Networks and FireEye.

Crowdstrike is growing very fast. It achieved $250M in revenue in FY19 compared to $119M in FY18, 110% YoY growth. As a comparison, Carbon Black, a competitor, reached $162M in revenue growing 39% YoY when it IPOed last year. In FY19 Crowdstrike’s subscription revenue represented 88% of revenue while the other 12% was professional services.

Leave a Comment