CrowdStrike – Partner Update – Growing Cloud Cybersecurity Platform & Competitive Positioning – 22 July 2021

CrowdStrike is a multi-faceted, USD 57bn market cap cybersecurity player that has grown substantially over the last couple of years. Can you describe the company, its solutions, its value to clients and end users and how it has been able to repeatedly add new focus areas, modules and customers? There is a lot of interest in the company and it is interesting that your firm has been working with it for over half of the company’s existence, six years.

You mentioned EDR [endpoint detection and response]. Endpoint security is at the core of what CrowdStrike does, and ease of use or deployment and product effectiveness have allowed the product and company to take off. You said CrowdStrike offers automatic updates across endpoints with no effort required by the enterprise or customer, but other companies are considering and even trying similar things. Which players are trying to compete? Are they doing it as effectively as CrowdStrike?

Does CrowdStrike’s approach to software deployment involve one piece of software or code base that is deployed as all different modules? I think it has 19 modules, increasing from 11 around this time last year, and I think you said it would probably be easier if there were fewer modules to work with. What is the best way to consider CrowdStrike’s technological approach or capabilities? Can you discuss the nature of lightweight agents at key points in a company’s IT and the Threat Graph, because those two things are the basis of the technology? What stops breaches across IT assets? Is it essentially that one piece of code?

You described the Threat Graph notion and its value. Do you think CrowdStrike’s related work is differentiated and significantly better than competitors’ efforts? Do any firms have comparable technologies and threat databases?

CrowdStrike has noted in the last month that it has ingested about six trillion data points per week. One reason it seems to have aggressively won business over the years is that business feeds the power related to the Threat Graph and the potential effectiveness of the company’s solution, so there’s a network effect and benefit. Dollars gained might be sacrificed in the near term, even though you mentioned the company’s pricing is at a premium in some contexts, but there’s also a benefit in winning more business, having more unique data points and being able to crowdsource, or in this case, “cloudsource” potential security issues. We’ve spoken a lot about EDR and I think many companies have been increasingly shifting towards XDR [extended detection and response], which goes beyond endpoints to include several aspects or modes that security would be relevant for, including e-mail, cloud or networks. How is this important for CrowdStrike?

Customer retention is key for CrowdStrike, which may also be true for similarly situated cybersecurity vendors. Land and expand is a primary growth mode and the company seems to have consistently delivered a 98% customer retention rate for the past nine quarters it has reported. How or why do you think it has had such a strong retention rate? It predominantly has one-year contracts, which is common in the SLED category and might be more prevalent beyond CrowdStrike because it has annual budget processes and such. Do you think it would be hard for a company to retain customers unless it is clearly doing something right? How has CrowdStrike managed to maintain a 98% retention rate, especially with one-year contracts?

You mentioned earlier that CrowdStrike offers solutions at a premium. Roughly how much higher is the company’s pricing than comparable solutions? Is it modest? Is it 10% or 20% more?

Less than 10% of customers took four or more CrowdStrike cloud subscriptions in Q1 FY18 vs 64% in the Q1 2021, suggesting its bundling strategy has resonated well. Can you outline how everything we have discussed leads to competitive wins and who CrowdStrike might win against? There are many competitors, such as Palo Alto, Sophos, McAfee, Eset, BlackBerry Cylance, VMware, Carbon Black, SentinelOne and FireEye. Which do you think is most formidable in the EDR and XDR categories? People seem to point to Palo Alto.

CrowdStrike seems to have extensive mindshare and momentum that allows it to retain business, even on the rare occasions that customers formally re-evaluate providers, thus its 98% retention rate. Can you discuss CrowdStrike’s growth strategy, customers and partners, given that you partner with the company? You seem to be suggesting the company wins business, offers value and delivers, such that companies want to continue working with it in a variety of ways. You also mentioned people know the name and that it is a company customers want to work with. Does CrowdStrike do anything particularly well vs other vendors, especially with partners? The company has a large, incentivised sales force that works with partners quite frequently. How would you characterise its approach vs those of others?

How has CrowdStrike performed QoQ or YoY? Has its growth been consistent, accelerated or decelerated? Did enterprise customers begin working with CrowdStrike after realising they do not want or need on-prem solutions given an increase in remote working amid the pandemic?

You seem to think CrowdStrike is performing well and there seems to have been an inflection point over the last 1-2 years. How does the company’s growth compare YoY? Would you say a key recent differentiator is clients approaching you about CrowdStrike? Has growth accelerated because of success and customers proactively approaching you about CrowdStrike?

You mentioned CrowdStrike may have too many modules and has made two acquisitions in the last nine months. Is there an area or module the company does not have now that it could or should add based on client demand or you think would make a lot of sense?

What is the biggest risk you expect for CrowdStrike?

What is your 1-3-year outlook for CrowdStrike?