CrowdStrike - Thesis Tracking FY2024, Premium Quality Premium Prices
CrowdStrike continues winning large deals and market shares vs. OS vendors, platforms and point-based solutions. Why?
I am Trung. I deep-dive into market leaders. I follow up on their performance with my Thesis Tracker updates, and when the right price comes, I buy them for the Sleep Well Portfolio, which I am building for my 4-year-old daughter to redeem in 2037. I disclose my reasoning for all BUY and SELL (ideally never) transactions (1st, 2nd, 3rd, 4th). Access all content here.
*Special thanks to
, a cybersecurity thought leader, for taking the time to chat with me about the industry post-earning. If you want to learn about the industry, check out his Cybersecurity & SaaS Bootcamp here. We plan to dive into CrowdStrike’s expansion strategy in the future.Crowdstrike (CRWD) is the leading cloud-native security platform. Its core offering protects endpoints (devices connecting to an IT network), a $20B market opportunity. With its unified data and application architecture, it has rapidly expanded to identity, cloud workloads, and observability, a $100B+ total market opportunity ($200B in CY2028). Since its IPO in 2019, CrowdStrike has grown revenue by 64% CAGR to $3B and free cash flow per share by 140% CAGR to nearly $1B, soon surpassing Palo Alto (PANW) and Fortinet (FTNT) as the largest pure cybersecurity plays. Within endpoints, it has overtaken Microsoft to become the leader (Gartner, 2023). For more details, please read my previous review, first note in 2020, and deep-dive in 2021 (pre-sleep well framework).
It reported exceptional FY24 results, validating CrowdStrike's substantial and widening competitive moat of having the most effective (performance and ROI) single lightweight agent and breath-taking platformization execution (high module adoption, fast deployment, low total cost of ownership).
The future need for CrowdStrike / cybersecurity solutions is only growing higher.
Attacks are faster than ever. What took adversaries hours has shrunk to minutes in seconds, attack speeds will only accelerate. Second, the cloud is increasingly under attack. We tracked a 75% increase in cloud intrusion attempts. The cloud is today's battleground for cyberattacks. And third, generative AI is an adversary force multiplier. Gen AI puts advanced cybercrime tradecraft in the hands of attackers of all skill levels.
I’ll briefly review the financials and then focus on why Crowdstrike keeps on winning market share (green).
FY2024 results - breaking record
CrowdStrike delivered a record FY2024:
ARR (annual recurring revenue) of $3,440M with net new Q4 ARR of $282M continues the acceleration trend and is growing 27% YoY.
GAAP operating margin was 3.5%, non-GAAP was 22%, and YoY was up 10%.
Free cash flow reached 33% of revenue, a free cash flow Rule of 66 (33% growth + 33% margin).
Module adoptions grew to 64%, 43%, and 27% for 5+, 6+, and 7+ modules, respectively.
New security segments reached over $850M ARR, 25% of total ARR, and grew impressively, showing exceptional integration capability.
Cloud Security suite reached $400M in ARR, growing over 90% YoY.
Identity Security suite reached $300M in ARR, growing over 100% YoY.
Log Management suite reached $150M in ARR, growing 170% YoY.
Winning deals and market shares
The recent performance of industry-leading players validates CrowdStrike’s winning position against:
OS vendors: Microsoft (MSFT)
Hardware platforms: Palo Alto (PANW), Fortinet (FTNT), Cisco (CSCO)
Copycats: Sentinel One (S)
Specific solutions: Splunk, Elastics - next-gen Security Information Event Management (SIEM)
While Palo Alto, the leader, blamed difficult macro conditions and ‘spending fatigue,’ CrowdStrike was winning record deal volumes.
In Q4, we closed more than 250 deals greater than $1 million in deal value, more than 490 deals greater than $500,000 in deal value and more than 1,900 deals greater than $100,000 in deal value. Deal counts grew by more than 30% year-over-year across all deal segments. Second, record platform adoption. Deals with 8 or more modules more than doubled year-over-year.
I always enjoy CrowdStrike’s conference calls because George Kutz, the founder and CEO, is a straight shooter; he says things as they are, a little aggressive for my taste, but his words are well backed up by execution and facts.
So, I want to let his words explain why CrowdStrike is winning.
Enjoy!
Vs. operating system vendors - Microsoft
OS vendors use their market position to create a monoculture of dependence and risk, and in many cases, serve as the breach originator.
Our recent 7-figure win in a Fortune 1000 company highlights how our platform consolidates at scale. Falcon replaced an OS security vendor, a legacy AV vendor and a next-gen vendor. We eliminated multiple Microsoft consoles and multiple agents to a single console, single agent and single platform of Falcon.
Vs. other platforms - Palo Alto / Fortinet / Cisco
Even worse, multi-platform hardware vendors evangelized their stitched together patchwork of point products, masquerading as thinly veiled piecemeal platforms. And what organizations inevitably realize is that vendor lock-in leads to deployment difficulties, skyrocketing cost and subpar cybersecurity. The outcome is shelfware and sunk costs. ELA and bundling addiction become the only way to coax customers into purchasing nonintegrated point products. It's the organization trapped in these fragmented pseudo platforms riddled with bolt-on point products that are the ones suffering from fatigue.
Free is never free. Customers understand the difference between product pricing and the total lifetime cost of operating inferior technology.
A global financial services giant replaced their Palo Alto Prisma Cloud products in a large 7-figure deal. The Palo Alto Cloud Security products required separate management consoles and separate agents because cloud security is on a separate Palo Alto platform altogether. CrowdStrike was able to deliver an expected 70% time reduction in management as well as more than $5 million in annual staffing cost savings. The patchwork of multiproduct, multi-agent multi-console separate platform technologies resulted in visibility gaps, asynchronous alerts and overall fatigue managing cloud security.
Vs. copycats - Sentinel One
Disjointed point feature copycat products clutter the market, attempting to Band-Aid symptoms instead of curing the illness.
Vs. others - Splunk, Elastic
Following M&A consolidation in the legacy SIEM market, and mounting dissatisfaction with a slew of withering SIEMs, the market is hungry for better technology, lower TCO and instant time to value. In large-scale next-gen SIEM, all CrowdStrike data is already resident, saving the expense and time of data transfer. We closed a 7-figure multiyear next-gen SIEM deal with a large European manufacturer displacing Splunk and Elastic and beating out Azure's Sentinel.
LogScale next-gen SIEM was significantly faster than Azure Sentinel with a substantially lower total cost of operation, which helped drive this win.
Our next-gen SIEM is quickly emerging as the go-to Splunk alternative for all businesses.
An 8-figure multiyear win in a Fortune 100 business […] purchased EDR, Next-Gen AV, Identity, biointegrity monitoring and vulnerability management, reducing the number of agents on their devices by approximately 50%. What used to require 5 installs is now done with 1.
Other vendors attempt to offer identity protection through nonintegrated, afterthought features or simply lack identity protection altogether. Our identity threat detection and response module remains the market's only single-agent solution that stops lateral movement, protects credentials and secures where identities are actually born, active directory.
Then George Kurtz explained why customers were excited to move to CrowdStrike
In stark juxtaposition, what CrowdStrike customers tell us is that when you build the right single data-centric AI platform, deliver the right frictionless native solutions and architect the right go-to-market, organizations purchase because they need more, receive more and understand how cybersecurity transformation saves them time and money.
Leaving stitched together point products and powerpoint platforms behind, CrowdStrike customers realize the benefits of superior outcomes and lower TCO [total cost of ownership]. A recent IDC report echoes this, showcasing $6 of return for every dollar invested in the Falcon platform. That is ROI.
The slide above shows who CrowdStrike is displacing in different categories.