Between July and August I had been buying stock in Crowdstrike. I was considering re-entry with the recent pullback in the stock. However a deeper dive into Crowdstrike motivated me to close out my entire position for about a 40% gain. What changed for me between July and now? Mostly it was valuation, but partly it’s a better insight into the business and the challenges ahead of Crowdstrike.

Let’s start with what Crowdstrike is doing right. They are growing. As of July 31, 2020 Crowdstrike had 7,230 subscribers. Up from 3,789 subscribers at the end of Q2 2019. This implies YOY growth of 91%. Annual recurring revenue is up to 790M up from 423M last year. An 87% YOY growth. This in spite of sales expenses only increasing 46%. Total revenue for the last quarter was 184M, up from 97M the prior year. A change of 89%.

All of these numbers are staggering and rightly so. The company also boasts a net revenue retention rate of over 100%. This implies spending growth among existing customers, as satisfied customers add on new modules for security. So far, everything from a growth and revenue side is as good as can be hoped for.

Consistently the user satisfaction with Crowdstrike is high. Gartner peer insights has them at 4.9 stars satisfaction (5.0 is a perfect score). Crowdstrike also offers a breach warranty and even has a dedicated reddit page with engineers and sales reps actively posting responses to questions from posters. In my research I found that the company is doing a fantastic job of engaging with it’s customers and meeting their needs.

The interface is routinely praised, and one of the big advantages that Crowdstrike boasts over legacy software is their platform which provides great visibility. The cloud based structure of Crowdstrike also makes it a very agile system which doesn’t excessively impact system resources. All of these things are certainly positive factors which initially drew me into Crowdstrike. What’s changed since my initial buy in? Two things — Valuation and Evaluation.

The Valuation Problem

Crowdstrike is currently selling at 40x sales. This is simply an unsustainable valuation. Now some would argue that the growth rates imply that the valuation will come down naturally as a result of growth. This is true. However a deeper look at the numbers make me believe that some seasonality will occur in the next two quarters. The basis for this belief is a comparison of subscriber growth last year and this year. Last year by Q2, Crowdstrike had added over 1817 subscriptions. By year end the total add was 2915 subscriptions. That means in the 2nd half of the year the new subscriptions were under 1100. I see no reason to believe that a similar slowdown won’t occur this year. After all the pandemic shutdown likely pulled some growth forwards. How will the market react to a slow down in subscriber growth versus the 1st half? I’m skeptical that they will be merciful for seasonality at the current valuation. Crowdstrike is currently priced to perfection. However the platform is not perfect. Far from it in fact. This leads me to…

The Evaluation Problem

Crowdstrike’s website refers to ratings from numerous independent organizations including AV Comparatives, SE Labs and MRG Effitas. When I went to these sites to research how Crowdstrike performed in tests, I was actually disappointed with the results. Across the board, Crowdstrike consistently underperformed in real world simulated security tests (it’s worth noting that they consistently outperform in resource impact tests). This picture from AV Comparatives was jarring:

To summarize over the past 2 years, Crowdstrike’s Real World Protection test results have consistently decreased. This means they are being compromised by the tests more and more frequently. This could be attributed to a number of factors. It’s possible that the things the Falcon Platform (Crowdstrike’s Endpoint Platform) is missing are things that it doesn’t consider to be a significant security threat, while the tests are dinging them for these perceived misses. However it’s also possible that this underperformance is in part due to the design of the Falcon Platform.

The Falcon Platform is a next generation, machine learning, AI based platform. While this does present certain advantages, it also has certain key disadvantages. The nature of Machine Learning requires data points for the machine to learn. It works best in environments with significant amounts of historical data and the ability to back test. Based on these learnings and incoming data it learns from it’s success and also from it’s failures. However cybersecurity is a constantly changing landscape. New viruses, ransomwares and malwares are constantly being developed. Could it be that the Machine Learning is not keeping up with the changes? If so this could be problematic. Again, I can’t say this definitively but the data doesn’t look like the system is improving.

The decision to sell

My decision to close my position was weighted probably 40% in the evaluation and 60% in the valuation. If the valuation was at 15x sales, I’d definitely live with the peaks and valleys of improving the machine learning algorithms, because the reality is that it’s still highly rated by all of the above platforms. Conversely if the protection scores were consistently above 98%, I would have accepted the price to perfection valuation. Because in many aspects this is a great, scalable enterprise product. However neither of these situations is the present reality.

That being said, I’m definitely not writing Crowdstrike off. I’ll be watching the scores (like a Falcon…err hawk) to see if the platform does in fact learn and make improvements. I’ll also be watching the valuation to see if a pull back happens in the next 6 months. I’m also watching it’s Glassdoor scores as the employee satisfaction metrics I follow were lower than I would like to see. Especially in the ultra competitive tech field where employee retention is critical.

I may leave some money on the table with this decision, but ultimately it boils down to risk/reward. I feel that Crowdstrike has more risk priced in than reward in the near term. For someone taking a 3-5 year approach they may view it differently, but I’m looking at the 1-3 year approach. I just feel there will be an opportunity to get in at a valuation that I find to be more suitable to my risk profile.

I also am considering other avenues to play security as a hybrid with companies like VMWare, Broadcom (Symantec) or Elastic which have more revenue streams in addition to their security offerings. In particular I’m excited to research Elastic which has shown fantastic results in both the security tests, impact scores and in Gartner Peer to Peer reviews.