CrowdStrike: Cybersecurity for the Cloud Era
- Jagannath Kshtriya
- Sep 5, 2024
- 4 min read
In a world where cyber threats are growing more sophisticated by the day, businesses need cutting-edge solutions to protect their data and operations. Enter CrowdStrike, a cloud-native cybersecurity provider that is redefining how companies safeguard their digital assets.
Section 1: Background and History
CrowdStrike was founded in 2011 by George Kurtz, the former CTO of McAfee. The company reinvented cybersecurity for the cloud era by creating a platform that actively predicts threats rather than blocking attacks that have already occurred. CrowdStrike became notable in 2014 after helping Sony identify North Korean hackers and in 2016 for aiding the DNC in detecting Russian interference.
Section 1.1: Founder
George Kurtz is the President, CEO, and board member since 2011. He previously held executive roles at McAfee, including EVP and CTO, after McAfee acquired Foundstone, a security firm he founded in 1999. Kurtz has also been Chairman of the CrowdStrike Foundation, promoting cybersecurity and AI talent, since 2017. He served on Hewlett Packard Enterprise's board from 2019 to 2023.
Section 1.2: Lawsuit
On July 19, 2024, a content update on a Falcon sensor caused crashes on some Windows systems (“Channel File 291 Incident”). Many industries, including airlines, airports, banks, hotels, manufacturing, stock markets, broadcasting, gas stations, retail stores, and government services were affected. The worldwide damage has been estimated at $10 billion.
The incident has negatively impacted the company's operations by delaying sales opportunities and extending sales cycles. While customer churn has been low so far, it may increase over time due to longer contract terms. To retain customers, the company is offering discounts, additional services, flexible payment terms, and extended subscriptions, which may lead to reduced upsell revenue and increased subscription term contractions.
Section 1.3: Acquisitions
CrowdStrike most recently acquired Flow Security, a cloud data security platform in March 2024 for $200 million.
Other acquisitions are available here.
Section 2: Business Model
CrowdStrike operates as a cloud-native cybersecurity vendor, specializing in endpoint security. The company provides a lightweight software agent that is installed on each device, which monitors interactions between apps and collects data on device behavior. This data is then analyzed using machine learning to detect and respond to threats dynamically. This approach provides a security solution that goes beyond just identifying known threats — it actively learns and adapts to new attack methods.
CrowdStrike created a new category called “Security Cloud”, which analyzes trillions of cybersecurity events weekly with indicators of attack, threat intelligence, and enterprise data (including data from across endpoints, workloads, identities, DevOps, IT assets, and configurations) to detect and prevent threats in real time.
CrowdStrike has 29,000 subscription customers worldwide and 9,000+ full time employees.
Section 2.1: Technology
The Falcon platform is fully cloud-based, collecting and analyzing crowdsourced data from all customers to provide easy-to-use security for endpoints, no matter where they are located. The Falcon agent is installed on each endpoint or cloud workload, using AI and machine learning to detect and block both known and unknown threats. It works autonomously, protecting and collecting data even when offline, and reconnects to the cloud once the connection is restored. The agent uses a mix of system-level modules to capture detailed events in real time.
Threat Graph, a graph database, continuously monitors for malicious activity by combining AI with behavior pattern matching, allowing it to detect complex attacks that might otherwise go unnoticed.
Section 3: Market Size/Opportunity
The total addressable market (TAM) is $100 billion in 2024 and expected to reach $225 billion by 2028 at a CAGR of 22.5%. With high demand driven by the increasing number of cyber threats, an almost unlimited growth horizon, strong pricing power, and a massive total addressable market (TAM), the industry presents an investment opportunity.
Section 3.1: Competition
CrowdStrike's primary competitors include Microsoft, SentinelOne, and legacy security vendors like Symantec (now owned by Broadcom), McAfee (now Trellix), and Trend Micro. Microsoft poses a significant threat due to its integration of endpoint security within its broader software ecosystem.
Section 4: Revenue
CrowdStrike's most recent Annual Recurring Revenue (ARR) is approximately $3.86 billion, reflecting a year-over-year growth of 32% as of July 31, 2024
The company generates revenue through two main streams:
Subscription (95% of revenue): sale of subscription to the CrowdStrike Falcon Platform, which includes various modules for endpoint security, threat intelligence, identify protection, and cloud security.
Professional Services (5% of revenue): includes fees for incident response, services and consulting, which help customers implement CrowdStrike’s products.
Over 68% of the revenues are earned in the United States, 15%+ in Europe, Middle East and Africa, 10%+ in Asia Pacific, and the other countries make up the remaining 6%+.
Section 4.1: KPIs
CrowdStrike's net retention rate is 125% and gross retention rate is above 90%.
Note: A net retention rate above 120% is considered strong for a SaaS company
Section 5: Fundraising
CrowdStrike Holdings, Inc. (ticker symbol: CRWD) went public on June 12, 2019. The company was listed on the NASDAQ stock exchange through an initial public offering (IPO) at an initial price of $34 per share, or $6.7 billion.
As of September 2024, the company is worth $258 per share, or $63 billion.
Section 6: Ownership
Institutional investors like Vanguard, BlackRock, and T. Rowe Price together own about 70% of the class A shares.
George Kurtz holds 55% of Class B shares, giving him 20% of the voting power. Accel and its affiliates own 40% of Class B shares, providing them with 14% of the voting power.
Note: Each class B share has 10:1 voting power to class A
Section 7: Competitive Advantage
CrowdStrike's competitive advantage lies in its innovative approach to endpoint security, integrating machine learning and cloud-native technology, and its strong go-to-market strategy through channel partnerships. Its open model, which allows third-party integrations, provides it with a broader market reach and adaptability compared to competitors who adopt a more closed approach.
Comments