The CrowdStrike IPO
For those readers not from Texas, one of the greatest delicacies on our planet is the Crawdad. It is sometimes called a mud bug, or a freshwater lobster. It is quite small, the meat is quite sweet and made in an etouffee it is one of the great food experiences one can enjoy. You can, however, simply boil them and toss them on a piece of newspaper, peel and eat. And that is the way you will get them if you go to the Spring, TX crawdad festival which has become a major event with well-known C&M stars and 60,000 attendees. Far different than when I lived in Houston but times change.
This spring, a company called CrowdStrike, with a symbol of CRWD is preparing to go public. The symbol doesn’t mean the firm has anything to do with the Crawdad crustacean and indeed CrowdStrike is a company focused in the cybersecurity space. Will investors party around its shares? Probably, for reasons that I discuss in this article. The valuation in terms of the expected IPO price is about double the level at which the company was valued when it last sold equity in June 2018 and yet the valuation will seem modest given the size of the opportunity and the growth rate of the company. Overall, it appears as though the initial market cap will be around $6 billion, or $30/share. Given my expectations of forward revenues, I would expect the shares to have a rather substantial IPO pop with valuations of $40/share or more quite possible.
The capitalization reflects a rather typical class A/Class B arrangement with the VC’s and the CEO retaining control. I personally do not find the control arrangement particularly attractive, but these days no one else seems to mind.
The pricing of the IPO has most recently been raised to as much as $30/share up about 30% from the initially suggested pricing. Overall, the company will have about 200 million shares outstanding and that will take its valuation to about $6 billion at the putative issue price. I expect that even that valuation will be eclipsed as the shares start to trade on Wednesday. I have tried to forecast where I imagine the shares might be valued, although obviously getting the starting valuation right is more guesswork than analysis. At the least, I expect the company to be valued at 15X my expectation of forward revenues of $500 million (note I am using 12 months forward from the quarter that started May 1). The company’s closest comp is Zscaler (ZS), which these days is trading at 22X EV/S, although ZS is showing positive free cash generation, and this company is still some quarters away from that kind of performance.
The company was able to more than double revenues last year with the user count also more than doubling. The company has more than doubled its ARR through the end of Fiscal 2019 (January 31, 2019). The company grew by 22% sequentially in its last reported quarter and it sequential dollar growth has been accelerating-it grew revenues by $10 million in the October quarter and $14 million in the January quarter when revenues reached $80 million. That was actually 21% sequential growth which was “tempered” by an anomalous level of services billings. Perhaps of more significance, even ARR is showing accelerating growth and that metric rose by $13 million to $59 million last quarter which compares to an $8 million growth in ARR in the prior quarter. 28% sequential quarter growth in ARR is really quite extraordinary and I am not sure if I have seen a metric of that magnitude in an S-1-or if I have I simply do not recall it. Even Zoom only had a 17.5% sequential quarter ARR growth, although to be fair Zoom is noticeably larger. It is possible that there was some seasonality that positively affected that number, although it is hard to tell from the S-1 data.
Unfortunately, the company hasn’t reported the results of its April 30th ending quarter, but based on the cadence of growth in the recent past, I imagine the 12 month forward revenue estimates for the company through 4/30/20 will reach to about $530-$550 million in revenues. That would represent overall growth of about 80% from an estimated base of $95 million in revenue for the quarter that ended April 30th.
One of the metrics that has become common to use by analysts looking at IPO’s is something called a CAC (Customer Acquisition Cost) ratio. There is no magic number that investors want to relative to the CAC. This ratio, which is key to future profitability for a company such as this, has risen steadily while the payback on the sales and marketing spend continues to steadily fall. At the moment, the company recovers a dollar of sales and marketing expense in 14 months while a year ago it took 24 months to recover the incremental spend on sales and marketing.
The company is seeing substantial signs of success in its platform offering. In quantitative terms, the company enjoyed a dollar based net expansion rate through January of 147%. This compared to a 127% rate in the October quarter. This is mainly a function of the rising percentage of subscription customers with 4 or more products. That metric reached 47% last quarter compared to 30% a year ago and it is the combination of more products per customer and a viral spread of the technology within an enterprise that has driven the dollar based net expansion rate to such substantial levels.
I think that these quantitative factors broadly support expectations for quarterly revenue to show growth at or near 20% for at least the 4 quarters. That would bring revenues to the above mentioned forecast range of $530-$550 million and with those revenues, and the current planned market cap. of $6 billion, the EV/S would be about 11X. Of course that will not happen. The shares are almost certainly going to trade at a far greater valuation, in my opinion. The closest comp is Zscaler. At the moment, after reporting a strong quarter, ZS shares are trading at a valuation of 22X. ZS is a more mature business than CRWD and it is starting to generate free cash, but nonetheless, the upside for CRWD shares from a valuation that produces a market cap of $6 billion, is quite substantial and I imagine much of that will be realized in the first day of trading
What does CRWD sell and why is it growing so fast?
CrowdStrike is a cyber security vendor. As most readers know, cyber security vendors are essentially a dime a dozen and it is hard to distinguish one from the other with the exception of companies like Splunk (SPLK) which use analysis to determine vulnerability and breaches, and Zscaler which has a technology very different than the common firewalls. So, what makes CRWD different?
For one thing, it’s a company whose solution is aimed at the endpoint. In other words, the solution is one designed to replace the familiar anti-virus protection that has been available for decades from Symantec (SYMC) and from McAfee. It is basically a new technology for solving an age old problem, and users at enterprises are apparently enthusiastic at replacing the solutions that have been around for years.
There are two major components that make up the CrowdStrike solution. One of these is what is called a light-weight agent which occupies less than 35 MB of storage space and supports all of the significant desktop operating systems including Windows, Mac and Linux. The other piece of technology is a proprietary database called Threat Graph. The CrowdStrike platform processes data from endpoints, and then uses data from the entire user base and AI and behavioral patters to locate and remediate breaches before they spread. In some ways, what they are doing is similar to what is being done by a Splunk security solution-although in this case the security is being provided to the endpoints and not a server level.
The company now has 10 cloud modules that operate on its Falcon platform and this kind of product segmentation has enabled the company to substantially upsell its base. At this point, 47% of its users have purchased 4 modules, and I believe this is why the dollar based net expansion rate has shown such a strong positive trend.
The company calls its major products Falcon. It offer Prevent, which is an anti-virus solution that defends against malware and fileless attacks and is the core of the company offering. It also offers Insight, which is a product that detects and responds to threats and provides notifications of issues to administrators in real-time. Falcon Device Control offers administrators with visibility and granular control of devices that connect to the network via USB ports.
The company has something it calls OverWatch, a threat hunting solution manned by CrowdStrike professionals who are experts in using the Threat Graph to determine vulnerabilities. The company offers several other solutions including a managed security service offering and FalconX a threat intelligence solution which essentially uses AI to determine vulnerabilities.
The company has just recently announced a mobile solution which given the contours of user preferences can be expected to be a major revenue driver, both directly and as a part of an enterprise solution.
While this company launched its first threat intelligence product in the summer of 2012, it already has been installed at 44 of the Fortune 100 and 9 of the top 20 banks. Contract lengths are typically 1 year. Management claims that the use of its solution would have prevented the damage caused by the WannaCry attack of 2017 which would up costing victims $4-$8 billion. The S-1 talks about 40% of the detections last year coming from the leveraging of legitimate tools that are built into modern OS which are never written to the endpoint which makes their detection very difficult when using traditional tools.
CrowdStrike recently launched a partnership with Dell (DELL) which enables Dell customers to add the Falcon Platform as part of a transaction when they purchase Dell hardware. The company has another program with 180 customers who have agreed to be references for CrowdStrike.
The company has 14 patents and 48 applications pending. I can’t tell if that constitutes a real moat-but I do believe its technology to be proprietary in whole or part. Overall, I think the story is an excellent one, and one that will resonate with investors who are familiar with the limitations of the legacy providers such as McAfee and Symantec. I like the fact that the company has a services component that helps deepen customer engagement and is an powerful adjunct to the basic selling motion of this company.
CrowdStrke’s selling motion and its competitors
Obviously anti-virus, or end-point protection is a huge market, although one that is not growing rapidly at this point. In any event, the Corporate Endpoint market is said by IDC to be in the $8-9 billion range while security and vulnerability management is forecast to grow from $8.4 billion to $10.4 billion over the next 2 years. In addition to the product TAM, the service management and managed services TAM is in the range of $6 billion currently with growth to $8 billion forecast by 2021. Overall, the company suggests its TAM is currently $25 billion and will reach $29 billion by 2021. This is larger than the TAM that Zscaler derived when it went public, although it seems likely that Zscaler’s market has been growing somewhat faster. The issue for this company isn’t the size of the market but its ability to displace incumbents as there is not a huge amount of greenfield opportunity to be had.
At this point, the main competitors for CrowdStrike are McAfee and Symantec. Another major competitor is Cylance which was bought by Blackberry (BB) a year ago. Cylance has a technology that is similar to, but not quite the same as that offered by CrowdStrike. It is quite a bit smaller compared to CrowdStrike but it had a similar growth pattern with revenues growing at 90% at the time it was acquired from a level of around $130 million. Carbon Black (CBLK) had had a much rockier road with revenue growth in the mid to high teens percent, and still a long way from profitability.
I do not want to try to evaluate who has “better” technology-I haven’t either the tools or expertise to do so. The reviews that I have read are highly favorable when evaluating both Cylance and CrowdStrike. CrowdStrike is considered to have “the best” ease of use and is very easy to install and users love the human support that they can buy. Cylance now belongs to Blackberry and that appears to be a negative based on some anecdotal checks.
But I do think that marketplace momentum is a crucial factor in the IT space, and CrowdStrike has it as can readily be determined by looking at its recent results, and its competitors do not. In any event, the real opportunity is not based on who has better functionality amongst the vendors of modern tools, but the opportunity that exists to replace more expensive and less function legacy products.
One of the principle selling features/benefits of CrowdStrike is its Threat Graph data base. Threat Graph processes more than one trillion endpoint events per week and its algorithms make 91 million indications of attack threat decisions per minute. I believe those to be unrivaled metric by competition, and make the use of CrowdStrike very compelling for enterprises looking for the highest probability of stopping attacks before they cripple the performance of a business. In this case, size is a principle competitive advantage, and one that will not be easy to replicate.
The company has a typical enterprise sales strategy, with a direct salesforce working with channel partners. One metric often used by analysts is looking at how much it has cost an IPO business to achieve its revenue level. In the case of CrowdStrike, that metric is one of the most impressive I have seen. Overall, the company has consumed less than $300 million of cash to establish an ARR run rate of just less than $400 million. Simply put, I would suggest that means that demand for CrowdStrike’s service is quite a bit stronger than that of the typical IPO-and indeed is likely to be one of the reasons why the company will reach profitability and cash generation sooner than many other new issue companies.
Some thoughts about profitability, ownership and valuation
CrowdStrike is showing substantial leverage at scale, although given the payback on its sales and marketing investment, one is given to wonder if the leverage is being a bit more strongly applied than might be optimal. In the company’s latest reported quarter, the company reduced its GAAP loss to $31 million from $42 million the prior quarter. That is still a GAAP loss of 35%, but it compares with losses in the 60%-70% range in the preceding quarters and as much as 97% in the quarter ended 1/31/18. At the moment, stock based comp expense is quite small, running about $3 million/quarter but when the company goes public that ratio will show a noticeable increase.
Overall, gross margins have been flat at around 66%. This level of gross margin has been constrained to a degree by the service content of the business which has a gross margin of around 37%. Product gross margins at 70% will likely grow noticeably with higher volume.
All of the opex ratios fell quite substantially last quarter, and indeed despite the strong level of bookings, the sequential growth in sales and marketing expense was just a bit more than 6% while research and development actually declined sequentially and general and administrative costs were flat. The overall ratio of opex last quarter was 105%, down from 129% the preceding quarter. There was nothing unusual about the decline in expense ratios, although there had been some one time costs associated with stock based comp recorded in the prior quarter.
The company is very close to cash flow neutrality, mainly because the level of reported losses is being offset by the growth in deferred revenue. Last year, deferred revenue increased by more than $130 million, or by 82% to $290 million. Although unlike most other IPO's the company provides quarterly ARR data, it would be helpful to see the quarterly progression of the deferred revenue build, but that is not disclosed in the S-1. Given the cadence of the other operating metrics discussed above and the subscription nature of this business, I would expect the company to start generating cash flow at some point in this current fiscal year with free cash flow generation to follow soon thereafter.
The major VC’s involved in funding CrowdStrike have been Accel, Capital G and Warburg Pincus. CapitalG is an affiliate of Google (GOOG). Google is a minor customer of CrowdStrike, accounting for 0.5% of revenues in the last fiscal year. It is not unreasonable to believe that Google would have been a customer regardless of its shareholding. Overall, the VC’s listed above have owned about 61% of the shares prior to the offering, and the company’s founder, George Kurtz owns another 10.5% of the shares.
The company’s co-founder, George Kurtz also founded an early cybersecurity company called Foundstone which was ultimately acquired by McAfee. Mr. Kurtz ultimately was the Chief Technology Officer of McAfee and GM of its Enterprise unit. He is a well known commentator on the cybersecurity space. The other senior executives have appropriate backgrounds, although not quite at the same level as that of Mr. Kurtz.
Should readers own these shares? Well obviously that is a function of where they wind up trading. But despite what some might say, I would expect the shares to wind up valued at a minimum of $7.5 billion ($37.50), and potentially more than that. I think based on the values of comps, and the size of this opportunity and its current growth rate, any price less than $40/share would be a reasonable entry point.
Disclosure: I/we have no positions in any stocks mentioned, and no plans to initiate any positions within the next 72 hours. I wrote this article myself, and it expresses my own opinions. I am not receiving compensation for it (other than from Seeking Alpha). I have no business relationship with any company whose stock is mentioned in this article.