CrowdStrike (CRWD) – Investor Conferences – December 8, 2023
We got another classic CrowdStrike shot at the competition from CFO Burt Podbere this week. Keep in mind that these come frequently from this team. The shots are irrelevant unless backed by great results and market share gains. In CrowdStrike’s case, that’s the reality. Microsoft’s legacy tech was called “inferior” with upgrades greatly lagging the pace of adversary sophistication improvements. To be fair, he praised their powerful bundling capabilities, but didn’t praise anything else.
Burt called out a “crisis of trust taking hold” through frequent breaches caused by Microsoft Defender vulnerabilities. He cited the Outlook hack from July and how, months later, the State Department explicitly said it was Microsoft’s fault. This is not an anomaly, but is instead becoming a cliche. Microsoft does many things extraordinarily well. Endpoint security is just not one of them. It relies on its powerful bundle to cling to market share.
Burt called Microsoft’s pricing “gotcha pricing.” By this, he means they’re baiting and switching customers by offering free licensing, but all-but-mandatory up-sells making its service anything but free.
As a quick review, Burt was asked how gross margin is improving so sharply. He reminded us of the previous investments in infrastructure that are now leading to leverage. But there’s another key theme here: The platform. It offers a single, light-weight agent on one console. This allows it to constantly recycle data and insight to build new products. It also allows it to onboard these new products for clients wildly easily. The result is virtually zero incremental cost for CrowdStrike after it sells module #1 to a client. It has 26 others to sell. This is why long-term gross margin targets just continue to rise.
More on Competition and Generative AI
Burt explicitly called out Copilot pricing from Microsoft. Charlotte AI, CrowdStrike’s GenAI offering, will undercut Copilot. As an aside, capabilities here will get a large upgrade early next year. Charlotte AI will soon be able to conversationally tell clients what to build or how to improve computing hygiene. It will then do it for them when prompted. Falcon Foundry, its no code developer app building tool, meshes perfectly with this. Together, the two products will allow CrowdStrike to enable more custom use cases without building from scratch or incurring more cost. This should make Falcon even stickier than it already is with its sky-high 98% gross retention rate.
Interestingly, Charlotte AI will also recommend needed modules for customers to make up-selling more intuitive and seamless. Based on the smaller volume nature of small client deals, discounting rates are lower and margins are higher.
At $20 per endpoint per year, this will meaningfully contribute to net new ARR growth next year. It will take longer to materially contribute to total ARR.
This will be a large unlock for smaller client growth. Why? It will up-level beginner security analysts to experts and diminish the need to employ large teams here. Falcon Complete, its fully managed offering, helps a lot with SMBs too. It gives small clients access to its world-class security team at a fraction of the cost of employing their own.
Demand is “definitely still there” for CrowdStrike, but budgets “are still tight.” They’re taking longer to close, but deal sizes are also getting bigger as CrowdStrike becomes a more powerful vendor consolidator.
CrowdStrike sees the MAJORITY of net new ARR coming from its cloud business eventually. It’s just 10% of its total business today and rapidly growing. It sees cloud infrastructure and app security as the two most promising growth vectors and so the two focus areas.
CrowdStrike continues to hammer home the message of offering an agent-based and agentless solution as a real source of differentiation. Agent-based means the product is installed directly into cloud workloads. Agentless doesn’t require any installation work, but just utilizes existing infrastructure. Agent-based automates relevant data collection (so does agentless) to provide broader security and observability over cloud environments and faster uncovering of issues.
It also introduces tech layers and complexity into an environment. Agentless creates no additional overhead and is easier and cheaper to use. Visibility lags compared to agent-based, although CrowdStrike would argue visibility levels are still stellar. Different companies have different levels of need. So? It offers both. Agent-based is considered the more mature technology with agentless growing faster.
Burt talked about no other vendor doing both under one architecture and system. CrowdStrike does. Others have tried to partner to stitch these two offerings together. That approach hasn’t been successful in his mind.
2025 Investment Priorities
- LogScale and Security Information and Event Management (SIEM). It plans to accelerate hiring in areas like this one as some key players have been acquired this year. The index-free nature of its logging technology allows for far faster data querying at far larger scale and far lower cost vs. legacy competition. Log management and SIEM are ripe for disruption. It’s already well on its way to being that disruptor.
- Cisco buying Splunk is creating a lot of customer and talent churn that CrowdStrike is successfully leveraging to accelerate its own growth.
- CrowdStrike doesn’t charge for 1st party data logging, only 3rd party. This is yet another reason why the Humio Log Management acquisition was so key here and for extended detection and response (XDR). XDR is basically EDR, but with ample 3rd party data sources aggregated to uplift protection.
- Identity Security. Again, not as a competitor to Okta or Ping which are identity managers/brokers. Instead, CrowdStrike aims to secure the managed identities.
- Data Loss Prevention (DLP) investments.