 From theCUBE Studios in Palo Alto in Boston, bringing you data-driven insights from theCUBE and ETR. This is Breaking Analysis with Dave Vellante. In just over 10 years, CrowdStrike has become a leading independent security firm with more than $2 billion in annual recurring revenue, nearly 60% ARR growth, an approximate $40 billion market capitalization, very high retention rates, low churn, and a path to five billion in revenue by mid-decade. The company has joined Palo Alto Networks as a gold standard pure play cybersecurity firm. It has achieved this lofty status with an architecture that goes beyond a point product. With outstanding go-to-market and financial execution, some sharp acquisitions in an ever-increasing total available market. Hello and welcome to this week's Wikibon Cube Insights powered by ETR. In this Breaking Analysis and ahead of Falcon, CrowdStrike's user conference, we take a deeper look into CrowdStrike, its performance, its platform, and survey data from our partner ETR. The general consensus is that spending on cyber is non-discretionary and is held up better than other technology sectors. While this is generally true as this data shows, it's nuanced. Let's explore this a bit. First, this is a year-to-date chart of the stock performance of CrowdStrike relative to Palo Alto, the bug ETF, which is a cyber index, the NASDAQ and Sentinel-1, a relatively new entrant to the IPO public markets. Now, as you can see, the security sector as evidenced by the orange line that cyber ETF is holding up better than the overall NASDAQ, which is off 28% year-to-date. Palo Alto has held up incredibly well. It's the best being off only around 4% year-to-date, whereas CrowdStrike is off in the double digits this year, but up, as we talked about in one of our last breaking analyses on cyber, up from its lows this past May. Now, CrowdStrike had a very nice beat and raise on August 30th, but the stock didn't respond well initially. We asked Breaking Analysis contributor Chip Simington for his technical take and he stated that CrowdStrike has bounced around for the last three months in its current range. He said that cyber stocks have held up better than the rest of the market, as we're showing, and now might be a good time to take a shot, but he is cautious. FedEx had a warning today of a global recession, and that's obvious case for concern. You know, maybe some of these quality cyber stocks like Palo Alto and CrowdStrike and Zscaler will outperform in a recession, but that play is not for the faint of heart. In fact, it's feeling like a longer, more drawn out tech lash than many had hoped. Perhaps as much as 12 to 18 months of bouncing around with sellers still in control is generally the sentiment from Simington. So in terms of cyber spending being non-discretionary, we'd say it's less discretionary than other IT sectors, but the CISO still does not have an open wallet as we've reported before. We've seen that spending momentum has decelerated in all sectors throughout the year. This is an across the board trend. Now, independent of the stock price, George Kurtz, CEO of CrowdStrike, he's running a marathon, not a sprint. And this company is running at a nice pace despite tough macro headwinds. The company has free cash flow positive and is in the black on a non-gap operating profit basis, and yet it's growing ARR at nearly 60%. Frank Slutman uses the term inherent profitability, meaning that the company could drive more profits if it wanted to dial down expenses, especially in go-to-market costs. But that would be a mistake for a company like CrowdStrike in our opinion. While it has an impressive nearly 20,000 customers, there are hundreds of thousands of customers that CrowdStrike could penetrate. So like Snowflake and Slutman, Kurtz is not taking his foot off the gas. Now, the fundamental strength of CrowdStrike in its secret sauce is its architecture and platform in our view. So let's take a deeper look. CrowdStrike believes that the unstoppable breach is a myth. Now, CSOs don't agree with that because they assume they're going to get breached, but that's CrowdStrike's point of view. So lofty vision. CrowdStrike's mission is to consolidate the patchwork of solutions by introducing modules that go beyond point products. CrowdStrike has more than 20 modules, I think 22, that span a range of capabilities as shown in this table. Now, there are a few critical aspects of the CrowdStrike architecture that Bear mentioning. First is the lightweight agent. That is fundamental. You know, we're used to thinking that agentless is good and agent is bad, but in this case, a powerful but small, slim and easy to install, but unobtrusive agent has its advantages because it supports multiple CrowdStrike modules. The second point is CrowdStrike from the beginning has been dogmatic about getting all the telemetry data into the cloud. It sort of shunned doing bespoke on-prem so that all the data could be analyzed. So the more agents that CrowdStrike installs around the world, the more data it has access to and the better its intelligence. Few companies have access to more data. Perhaps Microsoft, given its scale and size, is an exception in that endpoint space. CrowdStrike has developed a purpose-built threat graph and analytics platform that allows it to quickly ingest in near real-time key telemetry data and detect not only known malware, that's pretty straightforward, pretty much anybody can do that, but using machine intelligence, it can also detect unknown malware and other potentially malicious behavior using indicators of attack, IOC or IOAs. Humio is shown here as a company that CrowdStrike bought for around 400 million in early 2021. It's the company's Splunk Killer and will serve as an observability platform. It's really starting to take off. That's a great market for them to go after. CrowdStrike, to try to put it into sort of a summary, uses a three-pronged approach. First is its next-generation anti-virus, meaning it's SaaS-based solution that can do fast lookups to telemetry data and that data lives in the cloud. So, and this leverages CrowdStrike's proprietary threat graph. Now the second is endpoint detection and response. CrowdStrike sends all endpoint activity to the cloud and can process the data in real-time. CrowdStrike EDR allows you to search data history and its partners with threat intelligent platforms who push the data into CrowdStrike, CrowdStrike, the CrowdStrike cloud. This increases CrowdStrike's observation space. It also has containment capabilities in EDR to fence off compromise system. Now the third leg of this tool is CrowdStrike's world-class managed hunting approach. Like many firms, CrowdStrike has a crack team of experts that is looking at the data, but CrowdStrike's advantage is the amount of data, that observation space that we just talked about in near real-time capabilities of the architecture, thanks to that proprietary database that they've developed. All this is built in the cloud and so it enables global scale and of course agility. Now let's dig into some of the survey data and take a look at what ETR respondents are saying about the spending momentum for CrowdStrike in context with its peers. Here's a very recent data set, the October preliminary data from the October data set in ETR's survey. Eric Bradley shared with us ETR's head of strategy and he runs the round tables, he's a frequent breaking analysis contributor. This is an XY graph with net score or spending momentum on the vertical axis and the overlap or pervasiveness in the survey on the horizontal axis. That dotted red line at 40% indicates an elevated level of spending velocity. Anything above that, we consider really impressive. Note the CrowdStrike progression since the pandemic started. The two notable points are one, that CrowdStrike has remained consistently above that 40% mark and two, it has made notable progress to the right. You can see that sort of squiggly line, consistently increasing its share with one little anomaly there in the early days over a two-year period. The other call out here is Microsoft in the upper right, we circled Microsoft as usual, Microsoft messes up the data because it's such a dominant player and as referenced earlier has a massive scale and very quality telemetry from its endpoints. Unlike AWS, Microsoft is a direct competitor of CrowdStrike's. Nonetheless, the sector remains very strong with lots of players. Cyber is a large and expanding TAM with too many point tools that CrowdStrike is well positioned to consolidate in our view. Now, here's a more narrow view of that same XY graph. What it does is it takes out Microsoft to kind of normalize the data a bit and it compares a number of firms that specialize in endpoint along with CrowdStrike, such as Taneum, which also has a lightweight agent by the way, and appears to be doing pretty well. Sentinel-1 did a relatively recent IPO, took off, stock hasn't done as well since as you saw earlier, Carbon Black, which VMware bought for around $2 billion in silence, which is the BlackBerry Pivot. Now we've also, for context, included Palo Alto and Cisco because they are major players with a big presence in security and they've got solutions that compete with CrowdStrike. But you can see how CrowdStrike looms large with a higher net score than these others. The Palo Alto is very impressive as is Cisco, steady. But Palo Alto also, sorry, CrowdStrike also has a very steady posture and it's kind of looming on that X-axis. Let's now take a look at XDR, Extended Detection and Response. XDR is kind of this bit of a buzzword, but CrowdStrike seems to be taking the mantle and trying to sort of own the category and define it in our view. It's a natural evolution of endpoint detection and response EDR. In a recent ETR roundtable hosted by our colleague, Eric Bradley, the sentiment among several CIOs is that existing SIM security information and event management platforms are inadequate and some see XDR as a replacement for or at least a strong compliment to SIM. CIOs want a single view of their data. Haven't heard of that before. They want help prioritizing potentially high impact breaches and they want to automate the low level stuff because the problem is sometimes too much information becomes information overload and you can't prioritize. So they want to consolidate platforms. They want better consistency. They have too many dashboards, too many stovepipes. They have difficulty scaling and they have inconsistent telemetry data. As one CISO said, it's a call out here. If the regulatory requirement isn't there, I absolutely would get rid of my SIM. So CrowdStrike we feel is in a good position to continue to gain share and disrupt this space. And that's what Dave Nicholson and I will be looking for next week when theCUBE is at Falcon. CrowdStrike's user conference. We'll be there for two days at the Aria in Vegas. In addition to CrowdStrike CEO, we'll hear from government cyber experts. We always hear that at security conferences. And the CEO of Mandiant. Google just the other day closed its $5 billion plus acquisition of Mandiant which is a threat intelligent expert, intelligence expert and MSSP. I'm going to hear a lot about MSSP's by the way. CrowdStrike is a growing MSSP base. We think that's a really interesting sector because many companies don't have a sock. As many as 50% of companies in the United States don't have a security operation center. So they need help. That's where MSSP's come in. At the conference, there'll be a real focus on the Falcon platform. And we expect CrowdStrike to educate the audience on its multiple modules and how to take advantage of the capabilities beyond endpoint. And we'll also be watching for the ecosystem conversations. We saw this at Reinforce, for example, where CrowdStrike and Okta were presenting together to show how these companies' products complement each other in the marketplace. Sometimes it gets confusing when you hear that CrowdStrike has an identity product. Okta, of course, is the identity specialist. So we'll be helping extract that signal from the noise because a generational company must have a strong ecosystem. CrowdStrike's is evolving and our belief is that it has some work to do to create a stronger partner flywheel. We're eager to dig into that next week. So if you're at the event, please do stop by theCUBE. Say hello to Dave Nicholson and myself. Okay, we're going to leave it there today. Many thanks to Chip Simington and Eric Bradley for their input and contributions to today's episode. Thanks to Alex Meyerson, who does production. He also manages our podcast. Ken Schiffman as well in our Boston studios. Kristen Martin and Cheryl Knight helped get the word out on social media and in our newsletters. And Rob Hoef is our editor-in-chief over at SiliconANGLE.com. He does some wonderful editing and really appreciate that. Remember, all these episodes are available as podcasts, wherever you listen, just search Breaking Analysis Podcast. I publish each week on Wikibon.com and SiliconANGLE.com and you can email me at david.volante at SiliconANGLE.com or DM me at dvolante or comment on our LinkedIn posts. And please do check out etr.ai for the best survey data in the enterprise tech business. This is Dave Volante for theCUBE Insights, powered by ETR. Thanks for watching and we'll see you next time on Breaking Analysis.