👋 Public Comps Customers 👋

This week was headlined by Salesforce's acquisition of Slack, B2B SaaS multiples returning to highs, and blowout earnings from Crowdstrike, ZScaler, Elastic, and Zoom. This week, we break down CRWD's Q3FY21 earnings.

Check out last week's breakdown of Anaplan's (PLAN) Q3FY21 earnings.

1️⃣ SaaS Stock Prices vs. Benchmarks 📊

Change since bear market start (2/19/2020):

  • ZM: +294.5%
  • Top 10 SaaS: +129.0%
  • Bessemer Cloud Index (EMCLOUD): +64.3%
  • B2B SaaS: +44.6%
  • S&P 500: +9.2%

Change in the past week:

  • ZM: -13.1%
  • Top 10 SaaS: +2.5%
  • Bessemer Cloud Index (EMCLOUD): +2.1%
  • B2B SaaS: +1.1%
  • S&P 500: +1.7%

Market update 📈: Top 10 SaaS was boosted by Salesforce's $27.7B acquisition of Slack, their largest-ever deal to date.

Stocks reached further into record territory, with all of the major indexes touching new intraday highs by Friday. Energy shares rebounded after OPEC and other major oil producers reached an agreement to ease output cuts more gradually next year than previously planned, while the utilities sector lagged. DJIA ended November with its best monthly performance since 1987, while the small-cap Russell 2000 Index registered its best monthly gain since its inception in 1978.

2️⃣ Median B2B SaaS EV/NTM Revenue Valuation Multiples 🔥

High Growth SaaS: 27.7x

All B2B SaaS: 13.6x

As frothy as best-in-class SaaS multiples have been, fintech/payments multiples have been even higher (Afterpay trades at ~60x revs); and I think there's an argument that infrastructure software multiples are low. A few reasons:

  1. Non-asymptotic growth trajectory: some enterprise software are constrained by sales cycles, number of seats per company, and implementation solutions. Infrastructure companies have unconstrained market sizes and aren't incentivized to slow down for any reason. These markets are both horizontal and global, and thus, feel (and scale) like internet businesses. Modern infrastructure platforms are designed to support and deliver value to users from day 1.
  2. Overcoming regulatory hurdles unlock tremendous company growth to increase TAM: infrastructure (APIs) are the new pipes to enable developers and information to new networks, markets and regulation/compliance are the barriers. Becoming compliant is a major checkpoint for companies because it enables new use cases, unlocks new customers to effectively increase TAM. For software, this can be companies getting FedRAMP certification or HIPAA compliance.
  3. There can be few winners - The end users of these platforms can be entire industries, and there's a stickiness/network effect for just one. For data aggregators (like Plaid) this can be seen in integrations into long tail of banks/credit unions. For buy-now-pay-later companies, it’s having sticky relationships with merchants & consumers and coveted real estate at checkout. For payment processors, it’s both bank integrations & sticky merchant relationships. Few companies will achieve these pivotal relationships and thus, the barriers to entry will result in only a handful of scaled players that are each important standalone platforms. For infrastructure/APIs this is gaining the critical mass of developers using it.

3️⃣ SaaS Earnings - Crowdstrike (CRWD) 💸

For a more detailed write up with our thesis, see our Crowdstrike Q2FY21 Earnings Teardown.

Earnings Call Highlights:

  • Revenue: CRWD set a new record for net new ARR generated and ending the quarter with over $900 million in ARR; Total revenue grew 86% y/y to reach $232.5 million.
  • Revenue mix: Subscription revenue grew 87% y/y to reach $213.5 million. Professional services revenue was $18.9 million, setting a new record and representing 74% year-over-year growth delivering strong 87% subscription revenue growth and setting a new record for professional services revenue;
  • Customers: CRWD added a record 1,186 net new subscription customers; total of 8,416 customers with ACV $108k.
  • Gross margins: non-GAAP gross margin improved to a record 76%, up from 72% a year ago. Non-GAAP subscription gross margin increased to 78% and compared with 76% in Q3FY20 as Falcon overwatch spend likely represented a lower chunk of the COGS mix.
  • Product: CRWD introduced three new modules (now 16 total) and driving strong module adoption among customers; acquiring Preempt Security, which expands CrowdStrike's Zero Trust capabilities and incorporates critical identity behavior data and analysis to help customers fortify their defenses and prevent identity-based attacks and insider threats.

Takeaways:

1. Cloud is the clear winner in security, on-prem is getting displaced

  • Crowdstrike continues to widen the gap between their product and on-prem vendors: Management noted that customers recognize that Threat Graph is unique to CrowdStrike and differentiates us from others in the market.
  • Greater data repository creates a better product: All of the data Crowdstrike collects is stored in the Threat Graph. This is very different from other vendors, including upstarts, that silo their data, limiting their ability to scale in the customers' environment. Any vendor with an on-prem solution is currently unable to replicate Threat Graph capabilities, which allows Crowdstrike to deepen our competitive moat.
  • As more business is conducted virtually and more workloads move to the cloud, protecting those workloads is a priority for CIOs. However, heavy performance training agents built on legacy technology are often left behind because they can't keep up with the speed, agility, and scalability required in the cloud.
  • This gives Crowdstrike a structural advantage: industry-leading cloud-native platform provides for a fundamental business model advantage as Crowdstrike is able to capture the data once and monetize it many times. Importantly, customers are able to quickly try and adopt new Falcon modules without deploying any new infrastructure or agents, making the process frictionless. In Q3, Crowdstrike continued to see rapid module adoption as a percentage of all subscription customers with four or more modules increased to 61%, and those with five or more modules increased to 44%.
  • Crowdstrike best understands customer pain-points from legacy providers and its frictionless adoption truly separates itself from competitors: Management noted how McAfee and SentinelOne had to be removed from the environment of a new customer they added this quarter where it cannot be deployed because of performance and/or interoperability problems. Unlike competitors, CrowdStrike was able to deploy to thousands of endpoints and servers in just three days without a reboot.

2. "Land and expand" strategy should see continued growth

  • Once again, Crowdstrike reported a net dollar retention greater than 120%.
  • Rapid pace of execution: In the last nine months alone, close to 3,000 net new subscription customers have chosen Falcon. In Q3, CRWD announced three new modules, including Falcon Horizon for proactive management of cloud security posture, Falcon X Recon for increased situational awareness of dark web threats, and Falcon Forensics, which automates the analysis for incident response investigations. The Falcon platform now encompasses 16 modules.
  • Redefining metrics to measure success: with 16 modules now, this is the first quarter that Crowdstrike has published the % of customers using 6+ modules. we reached a new milestone with 22% of our subscription customers having adopted six or more modules.
  • Great emphasis on efficient growth (I love that management reports their magic number!): "Scaling our business efficiently remains a top priority, which is why we intensely focus on our unit economics, including Magic Number. In Q3, we ended with a Magic Number of 1.4, which is a new record. We attribute this to our frictionless go-to-market engine, including our digital lead generation and self-service e-commerce capabilities."
  • Declining ACVs: Interestingly, average contract value has been slightly declining for Crowdstrike the past 4 quarters, despite showing healthy upsell and cross sell across the board. Customer acquisition has been incredible this past year, implying that Crowdstrike has many customers early-on with potential to upsell in the future.

3. Software markets continue to be underestimated and great management is capable of increasing their own TAM

  • Effective at increasing their own TAM: CRWD believes their addressable market will reach $32.4 billion in calendar-year 2021, compared to the estimated $24.6 billion market in 2019, at IPO. In Q3, CRWD took their platform to the next level by building extensibility points in the platform for policy, detections, workflow, user experience, and third-party integrations. This enables each product group within CrowdStrike to accelerate the development of new modules. The same extensibility points are also being made available to our CrowdStrike store partners further reducing the investment they need to build a store app. This leverages their opportunity as the market expands.
  • Management pointed out that today's cloud workloads are massively under-protected, and this could represent a 10 times market opportunity in 2023 compared to IDC's estimate of the cloud security market in 2020. CrowdStrike Falcon was built in the cloud, for the cloud, and a core differentiator of the Falcon architecture is that we offer one platform for all workloads. From March through October of 2020, we have seen more than 14 times growth in protection for containers, and greater than 20% of all the servers we protect across our entire fleet of customers are in the public cloud.
  • Crowdstrike is positioned to capture growth in growing trends of hybrid/multi-cloud infrastructure: with Falcon Discover for cloud and containers, they now have much-needed visibility into their AWS workloads and are leveraging our proactive incident response services.
  • Strategic and effective M&A: With the recent acquisition of Preempt Security, CrowdStrike is leading the charge in delivering an end-to-end Zero Trust solution. Combining workload security with identity protection is foundational for establishing true Zero Trust environments.
  • Partnership with Okta: last quarter, Crowdstrike joined forces with Okta to help customers adopt a modern, identity-centric Zero Trust security ecosystem. This quarter, Okta is now a CrowdStrike customer and excited by this opportunity to deepen our relationship.

Valuation post Q3 earnings:

Updated price targets using 50% weight on EV/ARR and 50% weight on LT P/FCF.

Price target on CRWD after Q3FY21. IRR looks okay but not compelling.

Crowdstrike vs. top 10 SaaS:

Public Comps top 10 SaaS dashboard

4️⃣ Product Update 🚨

We're excited to announce some new features to our platform!

  • Graph labels & net new ARR included in the ARR graph on company pages:
net new ARR (shown in pink) for Zoom
  • Stock Charts:
Company page with the historical stock chart for Snowflake

Consensus beats:

Consensus revenue estimate and consensus beat %, shown on each company's financials.
Consensus revenue beats plotted for most recent quarter (can be toggled on the dashboard)

Stay safe everyone,

Albert Wang, Public Comps Team

albert@publiccomps.com

Like these weekly dashboards? These are for Publiccomps.com customers only but you can have your friends subscribe to the newsletter here where we send out investment memos, market maps and analysis on the broader SaaS market.

Views expressed in theses emails are ours and ours alone and don't represent that of our previous or current employers. Public Comps provides financial and industry information regarding public software companies as part of our weekly dashboard, our blog, and emails. Such information is for general informational purposes only and should not be construed as investment advice or other professional advice.

Full disclosure: I own CRWD, TWLO, SHOP, LVGO, FB, MSFT, FSLY, DDOG, ESTC, SMAR, PLAN, ZM and BILL.