[Deep Dive Analysis] CrowdStrike – with Shariah-Compliant screening

At a Glance

The SmartMamat Key Takeaway

Over the years, more public and private organizations and businesses are moving some, if not all, their operations online. This trend has been accelerated by the COVID-19 pandemic. A crowded cyberspace then presents the perfect opportunity for cybercriminals to strike.

Cybercriminals are becoming ever more creative and intelligent with their exploits, and their methods of attack are constantly evolving. Therefore, organizations need to understand the full implications of a cyber-attack and what it could mean on a financial and reputational level.

How do these organizations protect themselves from sophisticated attackers who go “beyond malware” to breach organizations, increasingly relying on exploits, zero days, and hard-to-detect methods such as credential theft and tools that are already part of the victim’s environment or operating system?

Crowdstrike’s cloud-based service protects over 14,000 customers. 

Through its interface called Crowdstrike Falcon, cybersecurity personnel can select and purchase different modules to form a customized solution. This simplifies cybersecurity as it doesn’t require a re-architecture of the existing systems, while keeping costs significantly low. 

The use of Artificial Intelligence and Machine Learning adds another dimension to cybersecurity teams and supplies them with vital threat intelligence such as the attacker’s motivations, skills and tradecraft. With this information, they can use it to their advantage to prevent, and even predict future attacks.

Led by co-founder George Kurtz, Crowdstrike has the potential to be one of the biggest cloud cybersecurity companies in the world. If the company continues to innovate and provide better solutions to counter cybersecurity threats, Crowdstrike will be a long-term market beater for us.

What Does Crowdstrike Do? 

CrowdStrike is a leading cybersecurity company that protects customers from cyber threats, and remediates when there is a breach. 

If you have actively used an anti-virus software to protect your computer, it may be easier for you to understand Crowdstrike and its products. But for the sake of complete-ness, let us go through how Crowdstrike manages enterprise cybersecurity at a high level.

Protecting a personal laptop is straightforward; the owner simply installs an anti-virus software to secure it. But what about hundreds and thousands of endpoints (an endpoint refers to your everyday devices such as computers, laptops, mobile phones, servers, and etc) in an organization? A solution that fits one personal laptop may not be suitable (and scalable) for an enterprise.

Existing solutions such as 24/7 cybersecurity centres require complex architecture, which is costly and difficult to maintain in the long run.

As cybercriminals employ more sophisticated methods, conventional solutions become outdated and may not be effective in thwarting modern online threats. Crowdstrike aims to solve this problem with its NGAV (Next Generation Anti-Virus) products that are significantly better than legacy solutions.

Ultimately, CrowdStrike’s mission is to stop breaches for SMEs and enterprises. 

The recent SolarWinds hack shook the technology industry and American government with its stealth and sheer scale of attack. The organization’s reputation was tarnished, and customers could not trust them with their sensitive data. Millions of dollars were spent on digital forensic investigations, cleaning up the mess, and nursing the company to health. 

It would be better if the management adopted the “prevention is better than cure” approach. This includes securing all systems and having strong cyber defences as early as possible.

Crowdstrike’s Falcon platform makes it easy to stop breaches through a modular and extensible solution that ensures customers can tackle new security challenges with just a few clicks, without the need to re-architect or re-engineer the solution, and thus removing friction associated with security deployments. In addition, the CrowdStrike Store is an enterprise marketplace with its native applications, and third-party applications that are fully integrated with the platform for customers to purchase.

There are over 17 modules available on the platform, of which the most essential ones are included in a bundle subscription.

Image Source: Crowdstrike website.

In addition to the subscription services, Crowdstrike also provides Incident Responses and Proactive Services; the “SWAT team” service that carries out digital forensic investigations, identify the source of attack, remediate the situation, and nurse the company back to health. This was the same team that SolarWinds engaged during the hack.

CrowdStrike acquired two companies this year. 

The first is Humio, which allows CrowdStrike to further expand its Extended Detection and Response (XDR) capabilities. 

The second is SecureCircle, which enhances Crowdstrike’s data protection and enables customers to enforce Zero Trust at the lower levels - the device level, identity level, and data level.

Is Crowdstrike a Shariah-compliant Company?

A quick check on the Zoya app tells us that Crowdstrike is a Shariah-compliant company.

For the benefit of this deep dive, we will go into greater detail.

Step 1: Is the company in a halal business?

Crowdstrike is in the cybersecurity business, and its revenue sources are mainly derived from its subscription fees and professional services.

These professional services include ‘working with clients to anticipate threats, upgrade their networks and build internal skills and expertise’, as stated on their website.

As such, it is a pretty straightforward yes.

Step 2: Does the company have good ethical practices?

Generally, Crowdstrike has maintained a good image as a company.

It has an extensive list of code of business conduct, which explicitly mentions being a supporter of diversity in their workplace, as well as the suppliers they work with.

They also prohibit the likes of substance abuse, child and forced labour, trafficking and slavery and importantly having an honest and ethical conduct among their employees.

A quick search on Glassdoor tells us that the company is well-run with a 4.3 out 5 rating, even better than some other tech giants such as Tesla (3.7) and Netflix (4.2).

And their CEO, George Kurtz is also highly regarded among his employees with an impressive 95% rating.

Step 3: [Quantitative] Interest-bearing Debt should not exceed 30% of its market cap.

Let’s look at their recent quarterly report.

By considering debts which are long-term in nature (i.e. interest bearing ones), it adds up to 739M +28M = 767M

The debt to market cap is = 767M / 45.2B = 1.7%

Hence, it is a pass.

Step 4: [Quantitative] Haram Revenue must be less than 5%

As mentioned in Step 1, Crowdstrike mainly has 2 main revenue streams - subscription and professional services.

Both are halal sources of revenue, hence this is a 100% pass.

Step 5: [Quantitative] Interest-bearing securities should not exceed 30% of its market cap.

Adding up the amount of cash, cash equivalents and deposits it has, it totalled up to $2.19B.

$2.2B /  $45.2B = 4.9%

Hence, it is a pass.

Why is Crowdstrike a Good Investment?

There are many reasons why we think Crowdstrike is a good investment.

Crowdstrike has accumulated a wealth of experience in the industry over the years, and translated it into a great product. Gartner even recognized them as a leader in the space. What this means is that - it is not easy for other competitors to simply replicate Crowdstrike’s cutting edge technology.

Crowdstrike employs a subscription revenue model. This ensures a stable Annual Recurring Revenue (ARR) and serves as a strong pull-through every quarter. In addition, the “SWAT team” service is a small part of the business, and was intentionally kept small for the same reason above.

Image Source: Crowdstrike Investor Presentation.

It is worth noting that the company’s subscription customers who have purchased four or more modules, five or more modules, and six or more modules increased to 68%, 55%, and 32%, respectively as of Oct 2021. That is a testament to the superiority of its products over their competitors.

When the COVID-19 pandemic ravaged global markets, investors were pessimistic about Crowdstrike’s chances of thriving. 

What most people didn't know was that - in times of crisis, the sales cycle shortened - security is something that everyone must have. Business leaders may look at maximum protection as a top priority, and purchase the full packages such as the Falcon Premium or Falcon Complete.

Governments across the world are also investing millions to fight the war of the 21st century - cybercrimes. In an evergreen industry where both public and private entities are focused on keeping cybercriminals at bay, the potential upside for Crowdstrike is high.

To summarize, a long runway for growth, growth at scale, sticky revenue stream with plenty of upselling and cross-selling opportunities from the existing client base are all excellent reasons to own Crowdstrike. But the bigger picture (which I discuss in the next section), is the driver for all of this. And it is perhaps a good reason to have Crowdstrike in your portfolio.

What’s Happening in the Bigger Picture? 

Cyber threats were born ever since the Internet was developed. 

However, today’s sophistication and devastating impacts of cyber attacks are growing in parallel, with our increased reliance on digital technology. And this has renewed the public’s interest in cybersecurity.

The COVID-19 pandemic has accelerated a particular trend in cyber attacks - ransomware with data extortion tactics. 

In a survey conducted by Crowdstrike, 56% of respondents have had their organization suffer from a ransomware attack. 27% of these respondents paid the ransom, and the average cost of a ransom paid was US$1.1M. These industries saw the most ransomware attacks - Industrials and Engineering, Manufacturing, Technology, Retail and Healthcare.

Organizations cannot protect what they cannot see. Visibility and speed is critical for cybersecurity teams to block attackers who have the capability and intent to steal data and disrupt operations.

The use of Artificial Intelligence and Machine Learning adds another dimension to cybersecurity teams and supplies them with vital threat intelligence such as the attacker’s motivations, skills and tradecraft. With this information, they can use it to their advantage to prevent, and even predict future attacks.

The two features shared above are available in Crowdstrike’s products. They make up the Protect and Detect core functions in NIST Cybersecurity Framework; a set of cybersecurity standards and regulations. In our opinion, this places Crowdstrike in a good position to help organizations meet those standards, and capture a sizeable piece of the market.

Management and Vision 

CrowdStrike was co-founded by George Kurtz (CEO), Dmitri Alperovitch (former CTO), and Gregg Marston (CFO, retired) in 2011

Kurtz started his career at PWC and Ernst and Young before starting his own company, Foundstone in October 1999 as the founder and CEO. He led the company from concept to $28M run-rate when it was acquired by McAfee in October 2004 for nearly $90M, and has been working in executive roles since then.

In 2011, Kurtz assembled a world-class team that later became CrowdStrike. He then wrote the original business plan and raised one of the largest series "A" rounds in the security industry. To date, he owns a little under 6% stake in the company.

Crowdstrike’s board are made up of seasoned professionals in the technology and cybersecurity space including Shawn Henry, who was the Executive Assistant Director for FBI’s Criminal, Cyber, Response and Services Branch (he served in wide range of operational and leadership roles in FBI Field Offices and FBI Headquarters during his 24 year FBI career), and Amol Kulkarni who held multiple executive engineering roles at Microsoft.

George Kurtz has over two decades of experience in cybersecurity. With a wealth of knowledge and expertise of the industry, Crowdstrike is poised to be a leader in this space for years to come.

What are the Key Risks? 

There is no lack of competition in the cybersecurity space, which includes companies like SentinelOne, Fortinet, Palo Alto Networks and ServiceNow.

As the space evolves rapidly, Crowdstrike cannot rest on their laurels.

They have to continuously prove themselves to be the industry leader by keeping up with the latest threats and protecting their customers from them.

Hence, some of the things that we need to closely monitor are their retention rates with their customers, and even more so for their own key talents.

Another risk we foresee is their execution.

Crowdstrike may fall victim to their own success, considering their revenue has grown phenomenally at 102%, on average, for the past 5 years.

Image Source: ycharts.com.

From the chart above, their Year-on-Year (YoY) growth rate has also been on a steady decline trend (2017-2018 125% vs 2020-2021 82%), which we have to monitor closely in the coming months.

The stock price also does not come cheap.

Their Price-to-Sales (PS) multiple is higher than the average among their competitors, which is around 36. PS average is 29.

Image Source: ycharts.com.

If they make any missteps in their execution, the valuation could easily pull back to the mean.

Thoughts About Valuation 

At the point of writing, Crowdstrike is currently trading at 35.9 Price-to-Sales (PS) ratio.

Below is the comparison with their closest competitors.

Obviously Crowdstrike is not the cheapest, but it is understandably so.

They’re the fastest growing company among their competitors, with analysts forecasting them to grow more than 40% annual earnings (i.e. profits) for the next 3 years.

With analysts estimating around $2.59B by Jan 2024, we do believe achieving a $100M market valuation is within reach by then.

When it comes to an entry price, this is more of a science than an art. As long as the company fundamentals do not change, it is best to enter whenever there is a correction or a pullback.

From a technical analysis, there are a few key support areas.

Image Source: tradingview.com.

At the point of writing, the price has just closed at $197 and broke the $200 support area.

It has dropped close to 33% from it's all-time high of $293.

The next key support area for potential entry price would be between $153 to $177.

Image Source: tradingview.com.

This area has been tested numerous times - Aug’20, Oct’20, Mar-21 and May-21, so it has been holding up quite well.

What Should We Be Watching?

Investors should keep an eye on its top-line growth and also the willingness of existing customers to add more modules over time. 

1. Subscription Revenue Growth and Total Customers

94% of Crowdstrike’s revenue is subscription revenue, meaning it is recurring and highly predictable.

Subscription revenue grew 67% YoY to $1.5 billion and Crowdstrike’s subscription customers increased 75% YoY to 14,687.

Image Source: Crowdstrike Investor Presentation.

Image Source: Crowdstrike Investor Presentation.

These are incredible numbers, hence we need to observe these closely if the company is able to sustain this rapid growth in the coming years.

2. # of Modules and FCF Margin

68% of customers have 4+ modules, 55% have 5+ modules, and 32% have 6+ modules.

Free cash flow increased 62% year-over-year to $124 million and FCF margin is now 30% of revenue. 

CrowdStrike’s R&D starts at the most-demanding customers, so it’s very little incremental cost to add new customers. 

3. Dollar-Based Net Expansion Rate (DBNER) 

This quantifies the amount existing customers are spending this year as compared to last year. 

DBNER continues to exceed the 120% benchmark at 124.8%, which simply means that sales to its existing customers from a 1-year prior cohort has grown 24.8% over last year’s sales. In other words, their existing customers are spending more and that indicates their customers are pleased with its services. 

Crowdstrike has been executing well on their “land and expand” strategy and this is something we should continue to monitor over time.

Image Source: Crowdstrike Investor Presentation.

Interested in learning even more about Crowdstrike? 

For more information about the company’s financial and operational results, we highly suggest reading the company’s Investor Relations.