Cyber security superstar

Crowdstrike Holdings/ CRWD Buy @ $135  MV: $28.8bn  Next figures: 5 December No of times recommended: 9  Price when first recommended: $92 Lowest recommended price: $51

I am becoming increasingly convinced that Crowdstrike is one of the world’s most exciting growth companies. Unfortunately, try as I may, I cannot really get my head around what they do and how they do it. I can only persuade you of the excellence of this business in a tangential way.

First of all let us look at what they say they are doing. They are saying that they are disrupting the global cyber security industry by replacing legacy solutions with a true built for the cloud solution.

“We believe we are defining a new category called the Security Cloud, with the power to transform the security industry much the same way the cloud has transformed the CRM [customer relationship management], HR [human resources], and service management industries.”

They also say they are very good at what they do. They say their primary mission is to prevent security breaches and in a 2017 video I watched about their platform and how it works they claimed that the proof was in the pudding. Companies and organisations using their software had zero breaches. Judging by their continued strong growth there is no reason to suppose anything has changed.

The 2019 IPO document explains what they do:

“With our Falcon platform, we created the first multi-tenant, cloud native, intelligent security solution capable of protecting workloads across on-premise, virtualised, and cloud-based environments running on a variety of endpoints such as laptops, desktops, servers, virtual machines, and Internet of Things, or IoT, devices. Our Falcon platform is composed of two tightly integrated proprietary technologies: our easily deployed intelligent lightweight agent and our cloud-based, dynamic graph database called Threat Graph. Our solution benefits from crowdsourcing and economies of scale, which we believe enables our AI algorithms to be uniquely effective. Today, we offer 10 cloud modules on our Falcon platform via a SaaS subscription-based model that spans multiple large security markets, including endpoint security, security and IT operations (including vulnerability management), and threat intelligence.”

One of the commercial advantages of their strategy is that as well as adding more customers at a rapid rate each customer can be sold more modules. In the latest quarterly report for Q2 2021 (their year end is 31 January) they not only grew the number of customers year on year by 91pc but of those customers 57pc took four more modules and 39pc took five or more. The longer term growth is staggering. The company was only founded in 2011 but since 31 January 2018 the number of customers has grown from 1,242 to 7,230 – that is in two and a half years. Since 31 January 2017 annual recurring revenue, the most important metric measuring the health of their business, has grown from $59m to $791m.

This is a statistic they point to as a powerful vindication of the power of their threat protection platform. They believe they must be doing something right to be growing so fast. And just look at some of their key customers.

One of their greatest supporters is Amazon Web Services (AWS), the market leader in enabling cloud deployments. This is why they like Crowdstrike.

“CrowdStrike brings cloud delivered endpoint protection to your AWS deployments for EC2, on premises workstations and servers, ensuring a consistent and controlled security posture. Falcon is cloud native scaling to secure any EC2 instance with no hit to performance and no requirement to reboot. It provides protection against all advanced attacks that bypass traditional perimeter and signature-based approaches. Security and operations teams enjoy automated real-time protection, visibility and control, from one console, to assess and manage the security of their environment: AWS, virtual and on-premises.”

Amazon EC2 stands at the heart of the global cloud. “Amazon Elastic Compute Cloud is a part of Amazon.com‘s cloud-computing platform, Amazon Web Services, that allows users to rent virtual computers on which to run their own computer applications.”

As well as providing end point security Crowdstrike provides security in the cloud. This is what Crowdstrike said in their latest release, dated 2 September 2020.

“Organisations around the world are shedding outdated systems and accelerating their move to modern cloud-native technologies to meet the demands of today’s threat landscape and future-proof their security architecture. Additionally, as organisations rapidly adapt to the new distributed workforce paradigm and move more workloads to the cloud, it has become clear that the endpoint is the new security perimeter, and the inadequacies of the complex brittle patchwork of legacy solutions continues to be exposed. From the many conversations Mike Carpenter, CrowdStrike’s president of global sales and field operations and I (CEO, George Kurtz) have had with CIOs [chief information officers] during our 100 by 100 international virtual customer tour, we consistently heard a few themes from both customers and prospects. First, even as we face a challenging macroeconomic backdrop, cybersecurity is mission-critical and more important now than ever as the threat environment escalates and the attack surface continues to grow.”

They explain what is happening to the threat environment in a world where working from home is becoming the norm.

“So far in the first half of 2020, we have seen a 154pc increase in distinct and sophisticated intrusions, stopped 41,000 potential breaches, which is more than all of last year, and we have seen a sharp increase in e-crime with 27 different industry verticals falling victim to criminally motivated intrusions, which is more than double in the same period last year. Additionally, many of the security leaders we spoke with believe that experiencing a breach now while their business is under extreme stress due to the impact of COVID, would be far more detrimental to their business versus last year. Second, to secure the hybrid workforce in today’s threat landscape, the two most important aspects of security are providing visibility and protection to workloads and implementing a zero trust architecture, which endpoint security is an important foundational element.”

Another powerful vindication of Crowdstrike is a massive customer win in the latest quarter, their second biggest customer ever worth low eight figures.

“Our technology superiority in protecting cloud workloads led to one of our marquee customer wins this quarter. With a rapid transition to working and socialising from home, Zoom experienced a surge in popularity and became a target for bad actors looking to exploit its success. Their Linux environments in AWS and Oracle Cloud were growing very rapidly to accommodate the increased demand for their SaaS offering. Seeking a strategic partner with a mature product and proven track record in protecting large-scale Linux deployments for other cloud leaders, Zoom called on CrowdStrike to help protect their critical cloud and Linux workloads.”

One of my favourite stocks and arguably the fastest growing software business in the world today, Zoom Video Communications, has teamed up with what may well be the world’s fastest growing cyber security business – two superstars and massive disrupters going into business together.

Crowdstrike has just had a bumper quarter but listen to what CFO, Burt Podbere, had to say about prospects “as we think about our momentum in the pipeline that I indicated even on our earnings call, which is really, really strong going into Q3 [the current quarter ending 31 October]”.

And this is what he said about the customer opportunity. “We’re really happy with the 7000 customers. But when you think about the number of customers just on Symantec alone, pick a number 100,000 that are B2B [business to business], 150,000 B2B. Great. They said they’re going to protect 1500 of those. And so that gives us this whole bolus of opportunity I call it greenfield even though it’s not technically greenfield. But it’s greenfield for us because those companies are now up for grabs, right? And those customers are up for grabs and we’re going to go after them and we’ve seen some of the impact on our numbers to date. And that’s something that’s going to go on for years. So we’re really excited about that.”

Symentec is a rival, whose enterprise security has been acquired by infrastructure giant, Broadcom, which is apparently going to focus on 1,500 enterprise scale customers leaving a large number of smaller businesses with their security needs up for grabs.

I hope I have said enough to give you the flavour of what makes Crowdstrike such an exciting business. The company was founded and is led by 49 year old, George Kurtz, who was formerly chief technology officer of McAfee, a computer security business. It has a compelling business offering, is disrupting a large and growing market and its total addressable market is both large and rapidly becoming larger.

As so often with really exciting businesses the shares are not cheap but then with growth at anything like this rate they never will be.

There is still a fair amount of selling in world stock markets and the threat of the coronavirus remains very much present although my feeling increasingly is that lockdown is not the way to deal with it. What is the strategy? Lockdown followed by easing followed by rising cases followed by renewed lockdown ad infinitum until we have a vaccine. It sounds like a cunning plan by Baldrick to destroy the British economy in a slow death by a thousand cuts.

Fortunately, both economies and stock markets have a long track record of rising above useless governments and the diktats of the so-called experts. The present situation will most likely provide another example. We may even learn from it that better government is less government and that endless heavy handed interventions by bureaucrats, who lack any special insight into the problems with which they are trying to deal, just makes things worse.

Why on earth should we suppose that Mr Busybody in Whitehall knows any more about what to do than the average householder?

The biggest thing happening in the world is an accelerating technological revolution. As long as that remains the case well chosen portfolios should continue to ride the setbacks and do well. Now is a good time to either do nothing or make selective purchases of shares in exciting companies.

Crowdstrike is an excellent example of a business which is doing well because it has come up with a better way of doing things, a better mousetrap if you like.