Crowdstrike IPO & S-1 Teardown

Crowdstrike is going public this Wednesday, June 12th. We wanted to provide a high-level summary of what Crowdstrike does in straight-forward terms and benchmark Crowdstrike against other Public Software companies.

Summary of Crowdstrike

📝Description (ELI5): Similar to how Salesforce transformed the CRM market by leveraging the cloud, Crowdstrike thinks of themselves as creating a new category called Security Cloud. CrowdStrike's product Falcon is a SaaS based platform for next-generation endpoint protection that detects, prevents, and responds to attacks. The company's cloud-based and AI approach is in contrast to on-prem endpoint security solutions or primarily rules-based and signature-based anti-virus companies like Symantec and McAfee.

Crowdstrike's Falcon is a single lightweight agent that installs on the customer's endpoint that feeds data into Crowdstrike's cloud-based database called Threat Graph. By leveraging the cloud, Falcon is able to continually collect, process, and analyze threats across all customer's endpoints in real-time. As there's more data that's fed into Falcon, there is more data to train Crowdstrike's AI models with, increasing the overall efficacy of Falcon.

With Falcon, Crowdstrike sells 10 cloud modules including endpoint security, security & IT operations,and threat intelligence. See the Falcon Platform graphic below:

TL;DR The point of Crowdstrike is to protect customers from breaches

🙏🏼 ROI of Product: Customers choose to use Crowdstrike because

1) Ease of adoption by only having to install a light weight agent versus other vendors require 2 GB+ which provides for a terrible and slow user experience. Company claims a customer recently deployed Falcon to over 100,000 endpoints globally in <24 hours.

2) Superior efficacy rates in detecting threats and preventing breaches

3) Reduced total cost of ownership by consolidating security products into a single platform

4) Allow already busy security organizations to automate previously manual tasks so that teams can focus on their most important objectives.

💵Business Model: Typically 1 year subscription to Falcon platform and cloud modules priced per-endpoint and per-module. Average annual contract value is ~$124,000.

🏢Customers: Impressive enterprise customer list including 2,516 subscription customers worldwide like AWS, HSBC, Hyatt, ADP and 44 of the Fortune 100, 37 of the top 100 global companies, and nine of the top 20 major banks.

🤑Go-To-Market: Crowdstrike started off primarily selling to enterprises with a combination of top down sales (field sales + inside sales) and working with channel partners. However, starting in December 2017, Crowdstrike started to offer a low-touch/low-sales solution in the form of a 15-day free trial access to their next-generation anti-virus module and also making it easy to download Crowdstrike from AWS's marketplace. The goal is to expand outside of just enterprises and to also capture the small and medium business market which is a growth opportunity for the company.

💰Market: Crowdstrike currently has cloud modules in the corporate endpoint security, threat intelligence, security & vulnerability management, IT systems and service management, and an offering in the managed security service market. The company claims the global opportunity across these markets is estimated to be $24.6 billion in 2019 and is expected to reach $29.2 billion in 2021. Clearly, the market for Crowdstrike is quite large.

💪Competition: Crowdstrike lists the following lists of competitors in their S-1. Note, Cybereason, SentinelOne are also strong competitors in the endpoint security market.

• Legacy antivirus product providers: McAfee, Inc. and Symantec Corporation, who offer a broad range of approaches and solutions with traditional antivirus and signature-based protection.
• Alternative endpoint security providers: BlackBerry Cylance and Carbon Black, Inc., who offer point products based on malware-only or application whitelisting techniques; and
• Network security vendors: Palo Alto Networks, Inc. and FireEye, Inc., who are supplementing their core perimeter-based offerings with endpoint security solutions.

Analyzing Crowdstrike's Metrics

1. 🔥 Revenue Scale + Growth: Crowdstrike is #1 Fastest Growing Public SaaS Company at 108% YoY revenue growth. We benchmark against the top quartile SaaS companies in terms of revenue growth. Note that Zoom is now #2 at 103% but there's a 20%+ drop off until the next company Twilio which is growing quickly at 81% (revenue growth juiced in part by the Sendgrid acquisition). *

2. 👍Room to Grow vs Competitors: Among the competitors Crowdstrike calls out in its S-1, Crowdstrike is growing the fastest by a wide margin and it seems that there's still quite a lot of room to grow.*

For example, in the traditional anti-virus market, Symantec is actually shrinking year-over-year at $4.7b revenue and -2% growth; McAfee is at roughly $2.5b revenue growing in the mid single digits % and just laid off 200 employees in January 2019 according to The Information. The notable exception is Cylance* which was growing 90% and roughly $100m revenue but was then acquired by Blackberry.

With a ~$25b global opportunity in the various security segments that Crowdstrike addresses, there's a lot of room for Crowdstrike to grow and continue to replace legacy solutions like McAfee and Symantec which are $B+ revenue behemoths.

3. 📈Strong Expansion within customers and retention: Crowdstrike has best-in-class net dollar retention at 140% which is #2 among our top SaaS companies. What this means is that , say , the January '18 cohort of customers that signed up paid $10m initially. 12 months later, the same cohort will be spending $14.7m! This is one of the most attractive traits of enterprise SaaS companies. Crowdstrike's high net dollar retention is driven by

1) High gross dollar retention (98%) which suggests customers very rarely churn or downsell — not surprising given the mission-critical nature of Crowdstrike's security platform.

2) Crowdstrike's strong upsell of existing customers via strategy of acquiring a customer with one module and customers purchasing additional modules over time: 47% of subscription customers have adopted four or more cloud modules as of January 31, 2019 (up 17%+ from 30% in January 31, 2018)!

4. ⏳ Acquiring customers relatively efficiently: What's impressive is despite being the #1 SaaS company by growth rate, Crowdstrike is able to do so relatively sales efficiently with a blended of 15 months* (see our caveat for how we calculate the payback period) versus a median of 22. The low payback period may be a reflection of Crowdstrike's new GTM strategy of having a low-touch/low-sales free trial option for customers starting in December 2017 which should be a lower cost channel of acquiring customers.

5. 💸Negative Free Cash Flow % Margin: Unlike Zoom, Crowdstrike is not profitable and has -25% Free Cash Flow margins (lowest among SaaS companies with the exception of Slack) and burned $65m in FCF in fiscal year ending January 2019. However, what's encouraging is that

1) Free Cash Flow % in 2019 is -25% but down from -49% in 2018 and -123% in 2017

2) Crowdstrike has $191m of cash on its balance sheet—not accounting for the $600m cash+ the company plans to raise in its upcoming IPO. The cash post IPO should provide financial cushion for a business that's lowering its FCF burn every year.

💰 Valuation Expectation: Lastly, given how fast Crowdstrike is growing, public market investors will likely value the business on a forward revenue basis. The Median EV/Forward (NTM) Revenue Run Rate for our top quartile SaaS company is ~13x. Crowdstrike's $321m Run Rate would imply a forward revenue run rate of $615m Run Rate ($321m * (1+108%*85%)) which would imply an enterprise value of $8.1b. It wouldn't be surprising if Crowdstrike does trade for the close to ~20x+ Forward Run Rate Revenue that Zoom is trading for given the 100%+ YoY growth; however, Crowdstrike is not yet close to profitable and public market investors may discount their growth as a result.

Caveats

1. We use Revenue Run Rate (Quarterly Revenue * 4) which includes subscription, license, and services. Not all public SaaS companies report ARR so Revenue Run Rate was the best apples to apples comparison we could get.
2. In our competitor list, we use revenue instead of ARR or Revenue Run Rate because McAfee is private and we could only find revenue numbers from scanning various articles online. The numbers aren't great apple to apple comparisons because they refer to revenue at different points in time.
3. For Forward Revenue Run Rate, we calculate the current year-over-year growth and multiply it by 85% given the predictable growth decay of Public SaaS companies
4. Disclosure: my previous investment firm, Insight Venture Partners, was an investor in Cylance prior to the Blackberry acquisition
5. We calculate payback period by taking Implied Net New ARR of the most recent quarter (Current Quarter Revenue - Last Quarter Revenue)
6. To better understand the "why" behind the metrics, please look at "Top 5 SaaS Metrics VCs Look At for Series A/B/C" which somewhat generalizes for growth public SaaS companies.