SentinelOne Action Forum

Crowdstrike Holding: The hawk that can no longer fly?

small quarterly comparison of CrowdStrike Holdings, Inc.

CrowdStrike Holdings, Inc. is considered one of the pioneers in the field of cyber security. The company specializes in cloud-based security solutions that help organizations effectively defend against modern cyber threats. With its advanced endpoint protection platform that uses AI and sophisticated algorithms to detect and defend against threats in real time, CrowdStrike has made a name for itself as a leader in innovation.

Historical development

Founded in 2011 by George Kurtz, the company has $CRWD (+0,55 %) has experienced impressive growth since its beginnings. Before going public in 2019, the company increased its recurring revenue 35-fold - clear evidence of the success of its business strategy. This growth trajectory has continued in recent years: in 2023, CrowdStrike reported a 41% increase in its customer base, which now includes over half of the Fortune 500 companies.

Business model

CrowdStrike's business model is primarily based on a subscription approach, which generates around 92% of its revenue. With its Software-as-a-Service (SaaS) offering, the company ensures a stable share of recurring revenue. In addition, CrowdStrike also offers professional services, although these only account for a small proportion of revenue.

Core competencies

CrowdStrike's key strengths include:

- Data analytics and AI: Processing over 5 trillion signals per week, CrowdStrike uses advanced data analytics to efficiently identify and defend against threats.

- High customer retention: With a customer retention rate of over 98%, customer trust and satisfaction is reflected in the platform.

- Scalability and network effects: CrowdStrike's ability to process huge amounts of data and continuously learn from it gives the company a clear competitive advantage that sets it apart from new market entrants.

Future prospects and strategic initiatives

With ambitious targets for the coming years, CrowdStrike is aiming to achieve an annual recurring revenue (ARR) of USD 5 billion by the end of the 2026 financial year. To achieve this goal, the company plans to further optimize its quality standards and expand customer communication in order to strengthen customer loyalty and minimize churn.

In an increasingly competitive market environment, in which heavyweights such as Microsoft and Alphabet are also intensifying their cyber security solutions, CrowdStrike is relying on its innovative strength and ability to react quickly to new threats. In the future, the company would also like to optimize its margins and further increase its operational efficiency in order to maintain its market position in the long term.

Current performance of the CrowdStrike share

Over the course of the year, CrowdStrike shares have gained an impressive 86%, which is primarily due to the high level of acceptance and distribution of the platform. Since the IPO on June 12, 2019, the share has even achieved remarkable growth of 372 %. Nevertheless, the share reached higher values in the past before plummeting significantly following an incident on July 19. This raises the question of what happens next and how CrowdStrike is positioned compared to its competitors.

The incident on July 19

July 19 presented CrowdStrike and its CEO with one of the biggest challenges in the company's history. On this day, a configuration update was uploaded to the platform that paralyzed numerous customer systems. The company's own security mechanisms had classified the update as unknown and shut down the systems as a result. Whether this should be seen as proof of CrowdStrike's incompetence or as proof of the software's functionality remains controversial. In any case, shareholders reacted with concern: the share price fell by 42%. The main reason for this was uncertainty about the consequences of this incident.

The consequences of the incident

According to the CEO, the July 19 event had a significant impact on the last two weeks of the quarter. While CrowdStrike quickly mobilized teams to support customers and continued to close contracts, including significant nine-figure expansion contracts, the CFO added that it is too early to assess the exact legal exposure in terms of potential legal consequences. However, customer contracts contain limitations of liability and CrowdStrike has insurance policies in place to mitigate the potential impact of certain claims. Despite the challenges, CrowdStrike remains strongly committed to customer retention and is well positioned to invest in the business for the long term.

The question remains as to how the company will recover from the incident in the long term. Despite some deterred customers, trust appears to be largely intact, supported by discounts and the quality of the product. In addition, CrowdStrike has responded quickly to the problem, investing significant resources and launching customer loyalty programs to restore trust. Conclusion: There is currently nothing to suggest that the incident poses an existential problem for the company.

The current figures

The latest business figures, which are not yet included in the images, continue to show solid growth:

- Revenue: revenue increased to US$963.9 million, up 32% year-on-year and 4.6% quarter-on-quarter, despite the significant impact of the incident.

- Gross profit: Gross profit was USD 726.471 million, up 4.4% quarter-on-quarter.

- Net Income: Net income amounted to USD 46.690 million, an increase of 9% quarter-on-quarter.

These figures are fundamentally positive, but leave open the question of whether there are still challenges in customer retention. The long-term development remains to be seen, but the company's reactions and measures suggest that CrowdStrike is well on the way to regaining the trust of its customers and continuing to grow.

(Image 4&6)

Concerns and challenges for CrowdStrike

Despite the solid performance, there are some key challenges that CrowdStrike needs to address:

- Customer Commitment Packages and margin pressure: the introduction of customer loyalty programs, which essentially act as discount promotions, could put pressure on margins and profits in the short term. Even if these measures do not play a decisive role in the long term, the risk of a temporary decline in profitability remains.

- Strong competition: Competition in the cyber security market is intense and many competitors also offer attractive products. CrowdStrike must therefore emphasize even more clearly why its solutions are superior and what unique advantages they offer. Differentiation from the competition will be crucial in order to secure and expand market share.

- Legal risks and lawsuits: Despite existing safeguards and limitations of liability, potential legal disputes pose a significant challenge. Particularly in the USA, where lawsuits are often used strategically, there is a risk of high financial claims that could place a considerable burden on CrowdStrike.

Comparison with the competition

Compared to the competition, CrowdStrike must continue to prove its innovation leadership and the added value of its platform. While competitors are also active in the areas of cloud security and AI-supported solutions, CrowdStrike's success depends on how well it manages to defend its position as market leader and strengthen customer loyalty at the same time.

(the rest)

$S (+0,39 %)
$PANW (+1,75 %)
$DARK
$FTNT (+17,41 %)
$OKTA (+0,69 %)

Which cybersecurity companies do you think will dominate in 5 years?

$CRWD (+0,55 %)
$FTNT (+17,41 %)
$PANW (+1,75 %)
$S (+0,39 %)
$ZS (-0,19 %)
$MSFT (+0,15 %)
$GOOGL (-0,6 %)
$CSCO (+0,48 %) .....

How large companies fit into the ecosystem:

How some of the largest security companies in the world fit into the ecosystem. All of these companies offer products across the security ecosystem and strive to provide security platforms on which customers can consolidate.

$PANW (+1,75 %) - Palo Alto Networks

Palo Alto is the largest pure-play cybersecurity company in the world, both by market capitalization and revenue. Their core product is network firewalls (hardware and software); they have significantly expanded their portfolio through an aggressive acquisition strategy. Their goal is to be the consolidator for cybersecurity, and they continue to show progress towards that goal.

Palo Alto has four main solution areas: Strata (Network), Prisma (Cloud, Access), Cortex (Endpoint, SecOps) and Unit 42 (Managed Services). The only area in which they do not compete is Identity. They have achieved a turnover of 7.5 billion dollars in the last 12 months.

$FTNT (+17,41 %) - Fortinet:

Fortinet is the second largest pure-play cybersecurity company by revenue. Like Palo Alto, their core product is the firewall (both hardware and software). Fortinet is still primarily a network security company (60-70% of revenue) and is focused on providing a strong SASE (Secure access service edge) product for growth. Apart from that, they have an extensive portfolio of security products including cloud security, app security, data security and managed services. Fortinet has achieved a turnover of 5.3 billion dollars in the last 12 months.

$CRWD (+0,55 %) - Crowdstrike:

Crowdstrike's core product is endpoint security; they are another example of being able to expand to a platform. In endpoint security, they are one of the two market leaders (Microsoft is the other). In cloud and software security, they have a unified platform for posture management, workload protection and app protection. They offer a data protection suite as well as services for security operations. They do not offer Identity & Access Management, but they do offer identity security that protects other IAM (Identity & Access Management) products.

Their product is based on a unified data layer. CEO George Kurtz explained that the

true value comes from centralizing data, using AI/ML to detect threats and anomalies, and responding to those threats. This value can be continually delivered through new products that give us the overall roadmap for how CrowdStrike expands in the future. CrowdStrike has generated $2.8 billion in revenue in the last 12 months.

$MSFT (+0,15 %) - Microsoft:

In January 2021, Microsoft surpassed 10 billion dollars in security revenue. Just two years later, Microsoft announced that they had surpassed 20 billion dollars in revenue from Microsoft security.

Microsoft has 6 main segments of its cybersecurity portfolio: Microsoft Defender, Microsoft Sentinel, Microsoft Entra, Microsoft InTune, Microsoft Priva and Microsoft Purview. Defender (Cloud, Apps, Endpoint, IoT) is Microsoft's security product across all solution areas. Sentinel is a SIEM/SOAR solution. (SOAR = Security Orchestration, Automation, and Response) (SIEM = Security Information and Event Management) Entra is Microsoft's IAM solution (market leader by market share). InTune is a unified endpoint management tool. Priva covers data protection and compliance. Finally, Purview is a data governance tool.

$CSCO (+0,48 %) - Cisco Systems:

Cisco has an impressive collection of security products; with the acquisition of Splunk, it became one of the largest security companies in the world. In FY2023, Cisco generated ~$4 billion in security revenue, while Splunk had $3.7 billion in ARR at the end of the same quarter. Together, this puts Cisco in the same revenue range as Palo Alto.

Cisco's core security strength comes from its massive networking business. They have also expanded into cloud, endpoint and SASE. Splunk brings a strong SecOps presence with SIEM, SOAR and analytics. It will be interesting to see what synergies Cisco can further create between the two companies.

$GOOGL (-0,6 %) - Google:

One of Google's main goals is to be the go-to cloud for security, and they have done an impressive job building their portfolio. They offer network security with load balancing, cloud firewalls and secure web proxies. GCP (Google Cloud Platform) offers several services for data protection (building on their strength as a data company). They also focus on securing DevOps with several SecDevOps tools.

In 2022, Google completed the acquisition of Mandiant for $5.4 billion, which strengthened GCP's managed services offering (in addition to other products). Combined with their data governance, observability and SIEM/SOAR solution, it makes GCP a formidable player in the security space. It will be interesting to see what revenue figures management reveals for security in the future.