CrowdStrike (CRWD) Earnings Review

In case you missed it from this earnings season:

Table of Contents

a. CrowdStrike 101

CrowdStrike is a cloud-native endpoint cybersecurity company. It competes directly with SentinelOne, Microsoft Defender and Palo Alto. Its bread-and-butter is called endpoint detection and response (EDR), which replaces legacy anti-virus (AV). Beyond EDR, it offers applications in cloud security, log management, forensics, identity, data protection and more — rounding out its “Falcon Platform.” Falcon’s edge is in its ability to digest near-endless amounts of data to automate and uplift breach protection. CrowdStrike uses its large and diverse dataset to constantly improve Falcon’s efficacy and use cases… all with a single console and single agent to ensure superior interoperability. It can recycle this same data over and over again to efficiently develop new products for a single interface.

Important Endpoint Security Acronyms:

  • Endpoint detection and response (EDR) provides end-to-end visibility, constant monitoring and full protection of endpoints (like an iPhone). It unveils, prioritizes and responds to threats.

  • Managed detection and response (MDR) encompasses CrowdStrike’s team of threat hunters to augment EDR with human touch when needed.

  • Extended detection and response (XDR) is EDR with 3rd-party, non-endpoint data sources infused. The incremental data sharpens breach protection and extends it beyond the endpoint.

Important Log Management Ideas & Acronyms:

CrowdStrike’s security data lake is a vital complement to every single product it offers. It uses log scale to ingest, logarithmically organize and store data. Broader data ingestion means better breach protection, as Falcon’s products are fmore properly trained on larger sets of relevant insight. This allows for ingestion with more scale and faster time to value… while customers enjoy lower costs as well.

  • As an important aside, log scale is a key ingredient for Falcon XDR. It is instrumental in XDR being able to onboard needed data sources in a scalable and efficient manner.

  • Security Information and Event Management (SIEM) aggregates security logs/data to help organizations uncover and remediate threats faster. Log scale is closely related to SIEM, as log scale is what actually collects data from various sources to be utilized here.

Important Cloud Security Acronyms (alphabet soup, I know):

  • Cloud Security & Posture Management (CSPM) tells you about your vulnerabilities and misconfigurations.

  • Cloud Infrastructure Entitlement Management (CIEM) tells you who is entering a software environment. It tells you if these entrants are allowed and exactly what they can do.

  • Cloud Workload Protection (CWP) is a preventative measure to observe if anything bad is being done by entrants. This sounds the alarm bell while preventing and remediating cloud infrastructure attacks. It’s closely related to CSPM and CIEM.

  • Application Security Posture Management (ASPM) locates and facilitates the safe control of cloud apps.

  • Cloud Native Application Protection Platform (CNAPP) is the overall suite tying all of these cloud products together.

In the realm of GenAI, Charlotte AI is CrowdStrike’s security copilot. It levels up the capabilities of security analysts by actively detecting anomalies, orchestrating remediation and fixing issues in an automated fashion. It’s a force multiplier for efficiency gains in a world where most companies are starved for more security resources and talent. All of this pushes beginner-level security analysts to much higher levels of capability.

Falcon Flex:

Falcon Flex is CrowdStrike’s selling program to bolster customer “flex”ibility over product purchases. It allows clients to pay for only the modules they need as they need them. There are no preset commitments and no mandated usage; they can run through credits at their leisure. This will be the firm’s main go-to-market strategy going forward, as it has shown to lower cross-selling friction, raise deal size and create stickier customers.

Security Operations Center:

CrowdStrike’s wonderfully broad product suite gives it a fantastic opportunity to cross-sell more solutions and become the main security operator for its clients. This positioning is often called the “Security Operations Center” (SOC), where a client’s asset hygiene and protection happen under a main, interoperable, digital roof. Flex making product uptake more seamless is helping, alongside impactful product innovation across endpoint, cloud, identity, exposure management and data. Charlotte AI is also an “SOC’s best friend,” with impactful layers of incremental, actionable automation.

  • SOC-level adoption means more vendor consolidation and higher retention.

b. July 2024 Outage Reminder

Last July, a software update error led to a global outage caused by the company. That fostered considerable blowback against CRWD and the creation of its “Customer Commitment Packages” (CCPs). CCPs offer temporary contractual concessions to customers, such as discounting, extended free trials, comped modules and free professional services help. It’s their apology. CrowdStrike wanted customers to choose more products over extended free trials. Why? Their best-in-class customer service scores and product efficacy (as measured by 3rd parties) make them exceedingly confident in free modules turning into more paid adoption when CCPs expire later this year. 

That process has already begun to play out as hoped. Clients are predominantly opting into Falcon modules and positioning the company for easy up-selling as we move towards FY Q3 & Q4 2026. This is when the company will finish working through existing CCPs; it ended new CCP issuance last quarter. 

A lot of the CCP success can be seen within Falcon Flex, which is the mechanism CrowdStrike offered CCPs through. Customers seem to be loving this means of buying, as most of them are comfortably ahead of consumption plans in their given contracts. That should mean more usage-based revenue and larger deals in the future.

c. Key Points

Subscribe to our premium content to read the rest.

Become a paying subscriber to get access to this post and a boatload of other subscriber-only content. Read the stock market newsletter read by Fortune 500 CEOs.

Already a paying subscriber? Sign In.

Reply

or to participate.