James Henderson

Charting a path to $10B through cyber consolidation

In a chaotic market bursting at the seams with competitors, achieving share of voice can be a challenge – cutting through the noise is no easy task in cyber security.

Vendors to the left, vendors to the right… customers perennially stuck in the middle.

Hence a new wave of enterprise cynicism upon realisation that after all this time – and investment – fancy acronyms and point products don’t actually prevent breaches.

“Stop breaches,” declared Daniel Bernard, Chief Business Officer at CrowdStrike. “That’s the mission.”

Daniel Bernard (CrowdStrike)

While simplistic in delivery and self-evident in meaning, Bernard struck a nerve in his assessment of a crowded cyber space.

A couple of years ago, Chief Information Security Officers (CISOs) would evaluate as many new technologies as possible – acquiring a stack of point products in the process. Each new category would create an additional 20-30 vendor solutions, which would then be assessed, purchased and deployed.

“That was what cyber security was all about,” Bernard recalled. “But that’s why we now have an enterprise with more than 70 different cyber security products from a market housing anywhere between 3,500-4,000 vendors.”

Exacerbated by a venture capital (VC) market hell-bent on blindly dumping cash into cyber start-ups, a “false sense” of security – pardon the pun – has emerged across the industry.

“That was chapter one,” Bernard said. “Chapter two is now a market clearing point with businesses assessing ‘nice-to-have’ vs. ‘need-to-have’ technology? Buying products for the sake of buying products is no longer acceptable.”

As a result, cyber consolidation strategies are kicking into gear across the enterprise.

“How do I rationalise? I bought all these products so why am I still getting breached?,” Bernard questioned.

According to Gartner, that journey started some time ago with 75% of organisations pursuing security vendor consolidation in 2022, up from 29% in 2020.

This significant shift in market dynamics is dovetailing into CrowdStrike’s well-stated ambition of reaching $10 billion in annual recurring revenue (ARR) within the next 5-7 years.

“We’re not here to talk about how we’re going to hit our number for the quarter, the month or the week,” Bernard added. “We’re playing the long game which is the big game that will shape the next 5-7 years.”

Addressing the CrowdStrike APJ Partner Symposium 2024 in Bangkok, Bernard was unequivocal – and at times even unapologetic – in approach.

“This is the opportunity of a generation,” he stated.

The vendor is a third of the way towards achieving this highly-publicised goal.

Recent FY24 earnings paint a promising picture with the company reporting $3.44 billion revenue in USD, all accounted for as ARR at a year-over-year growth rate of 34%. Net new ARR growth came in at a record-breaking $282 million, up 27% from the previous 12 months.

Under the stewardship of George Kurtz as co-founder and CEO, the business – which closed an initial public offering (IPO) in June 2019 – is currently operating ahead of Wall Street expectations as the shift to subscription revenue gathers pace.

“If we can reach our goal faster than 5-7 years, then we will,” Bernard added.

“This all directly traces itself to the product and the technology. That’s what creates the opportunity and that’s what brings about the consolidation, the disruption and the dislocation of other vendors – plus the creation of new categories.”

In outlining a path to $10 billion, Bernard cited five key areas of focus:

  1. Solutions
  2. Segments
  3. Geographies
  4. Expansion
  5. Partners

Power of the platform

In housing one of the market’s best-performing cyber security stocks over the past year – rising at around 164% – CrowdStrike has “solidified its place on top of the cyber security mountain”.

While that’s the view of The Motley Fool, Bernard was quick to endorse such sentiment and illustrate the benefits of a platform approach to cyber security – chiefly in the form of Falcon.

“Falcon has quickly become the source of truth in cyber security, a platform of record,” Bernard stated.

The over-arching ambition is to position Falcon as the “definitive platform” in the security space, capable of commanding the cyber equivalence – in terms of market stature and dominance – to Salesforce in customer relationship management (CRM) and Workday in human resources (HR).

“Every vendor has a PowerPoint platform that works for pitching, fundraising and acquiring but very few have a common platform to stop breaches,” he claimed.

George Kurtz (CrowdStrike)

Falcon houses 28 modules with deals containing eight or more modules more than doubling year-over-year during FY24. Specifically, module adoption rates were 64%, 43% and 27% for five or more, six or more, and seven or more modules, respectively, as of January 2024.

Customers are also standardising on CrowdStrike for cloud security, identity protection and LogScale next-generation SIEM (security information and event management) solutions. Collectively, this represented more than $850 million in ARR during the past 12 months.

“George likes to talk about each one as IPO companies,” Bernard added. “If we wanted to, we could IPO any of these businesses which are all part of the platform.”

Specific to next-gen SIEM, Bernard said the opportunity for growth is “now” in response to a market “frustrated” with legacy technologies and “concerned” by recent mergers and acquisition (M&A) activity, chiefly the acquisition of Splunk by Cisco.

“The pain is there and the cost of legacy SIEM is too high,” he said. “Customers aren’t living under rocks, they listen to earnings calls and they follow the market. They’re hungry for something better and yes, that includes ripping out and replacing Splunk.”

Competitive displacement strategies aside, what gives Bernard the confidence that CrowdStrike can hit such audacious numbers?

“It’s all in the total addressable markets that we service,” he explained.

Referencing a $100 billion market opportunity overall – and rising – Bernard divided the industry into the key segments of:

  • Endpoint Security: $19 billion
  • Security and IT Operations: $18 billion
  • Managed Services: $17 billion
  • Observability: $12 billion
  • Cloud Security: $12 billion
  • Identity Protection: $9 billion
  • Threat Intelligence: $6 billion
  • Data Protection: $4 billion
  • Cyber Security GenAI: $3 billion

“If you run some quick maths you don’t have to be Einstein to figure out that we don’t even need 10% market share in each segment,” Bernard calculated. “But it’s going to increase to $225 billion so we’ll actually require a much smaller fraction in terms of percentage.”

Total addressable market (TAM) in cyber security

Only when a company reaches $100 million in ARR can they declare a product to be “market fit”, added Bernard.

“That’s a very important milestone but the journey from $100 million to $1 billion in ARR is when a lot of companies either fall apart or tap out,” he observed. “It just doesn’t work and in looking at the market, perhaps only a 100 vendors even have ARR north of $50 million.”

The “magic of subscription” is the need to “earn your keep” on a daily basis, adopting a software-as-a-service (SaaS) mindset to cyber security. Yes, firewall refresh cycles occur every 3-5 years but for Bernard, refresh cycles occur daily in the world of subscription.

“The pressure is on to demonstrate value and innovate every day,” he cautioned. “We always want to be looking up towards the next mountain to climb. That’s why we’re very transparent about our $10 billion goal.”

Making sense of market competition

In the company’s most recent investor presentation – spanning fourth quarter and full-year financial results for FY24 – more than 35 vendors were cited as competition across seven industry segments:

  • Endpoint
  • Cloud
  • Identity
  • SIEM
  • Threat Intelligence
  • Data Protection
  • Exposure Management

Housing a mix of established and emerging vendors, notable industry rivals include Microsoft, Palo Alto Networks, SentinelOne, Splunk and Trellix, as well as Sophos, Trend Micro, Symantec / Broadcom, Sumo Logic and Tenable among many others.

For Bernard, competition is best categorised by vendor type rather than specific company name:

  • Legacy vendors: Using antiquated approaches and protecting businesses through “Swiss cheese” anti-virus (AV) techniques. Advocates of “placebo cyber security”.
  • Copycat vendors: Imitators of new features at cheaper price points.
  • Lock-in vendors: A new class of competition with hardware and software heritage, locking organisations behind a firewall and a “Rubik’s Cube” of updates and features.
  • Monopoly vendors: Operating system vendors that give away the house for free in a bid to persuade companies to use everything in their technology stack.

“If I had a dollar for every time I heard another vendor uses the word ‘stitch’ to describe a cyber security offering,” Bernard challenged.

“You hear that narrative on so many different earnings calls but we don’t use that word at CrowdStrike, we’re not stitchers or quilters – we build and integrate capabilities correctly to have native functionality.”

In that context, Bernard said the new cyber battleground is centred around ‘platform vs. platformisation’… in short, the singular vs. the plural.

“This has emerged during the past few weeks and our view is that if you use the word, ‘platformisation’ then you’ve already failed,” he claimed.

Bernard acknowledged that such an approach takes time to achieve however, citing the example of how the business created a new market category in the form of Identity Threat Protection (ITP).

“Most of our partners run Active Directory risk reviews every single day,” he added. “We acquired Humio and took a solid year and a half to integrate the functions together before we brought it to market.”

Falcon LogScale was billed as the “next evolution” of Humio, which was acquired in March 2021. The aim is to help build a single agent, single console and single platform framework to avoid any form of product “stitching”. The business also acquired Flow Security in March 2024, a cloud data runtime security solution.

“Think of this as a single platform vs. many agents and many consoles,” Bernard explained.

Despite competing in a market crammed with “1000s of security vendors” – all vying for share of voice and wallet – Bernard observed a significant round of consolidation among emerging players.

“It’s already occurring,” he said. “Most of these security vendors have a small revenue base and we find that customers talk with their wallets.”

For those on the downward spiral, Bernard said the most effective course of action is to “just hold onto the VC dollars”.

But the funding environment in 2024 differs significantly to 2021 or 2020, even 2017 at pre-pandemic levels. Today, investment is dependent on ARR – “otherwise you don’t get the dollars”.

“A clearing period is naturally happening because most vendors don’t have a true foothold in the market,” Bernard outlined. “Customers need more capabilities but they don’t need 70 vendors.”

Overview of competitive landscape for CrowdStrike

Always get to science

In looking ahead to FY25, Bernard’s bullish outlook was anchored in the belief that regardless of the market – whether Philippines, Mexico or Germany – a platform approach allows science selling at scale.

Citing the vendor’s 28 modules as a case in point, Bernard said the majority of platform components offer copy and paste opportunities for commercial growth.

“For example, selling EDR is a science,” he explained. “It’s like baking a cake and providing you follow steps one through five, you’ll win the deal. It’s a recipe in the sense that Coca-Cola tastes the same all over the world – we can replicate that through our platform.”

Such a formulaic sales motion is designed to not only reduce complexity at the end-user level but to create market rhythm with a partner ecosystem heavily compensated on accelerated sales growth.

“Partners have numbers to hit and they hit them,” Bernard added. “That’s everything from the top of the funnel and bringing in enough leads to turning opportunities into proofs of value, technology evaluations and eventually, deal closes. That’s the science part of our business.”

Alternatively however, the art side of the equation requires “deeper technological capabilities” which is best suited for global system integrators (GSIs). Notably, Deloitte recently solidified its commitment to CrowdStrike by integrating Falcon as one of its primary tools for Cyber Incident Readiness, Response, and Recovery (CIR3) services globally.

“We rely on the guidance and feedback of GSIs who are very deep in customer environments,” Bernard said.

“They are able to predict demand before it’s even there because they understand the products and are engaged at a much more strategic level with the customer vs. a transactional approach.”

In those scenarios, CrowdStrike works hand-in-hand with GSIs who are usually managing customer environments from a much broader perspective than just cyber security.

“It’s difficult to offer a percentage split between both sales motions but the goal is to always get to science,” Bernard qualified.

“Some partners are now selling next-gen SIEM for the first time. You saw the numbers, we’ve done more than $150 million of next-gen SIEM in ARR so that’s still a new category.

“We want our partners engaged so once Asia hits $150 million ARR on its own, then that’ll start to convert into a science. It naturally happens over time.”

Advancing through ecosystem partnerships

Alluding to the age-old proverb – “if you want to go fast, go alone but if you want to go far, go together” – Bernard outlined the importance of the ecosystem in achieving corporate objectives.

But the approach is different given this is most certainly a sprint and not a marathon.

“If you want to go far and go fast, then go with the crowd,” he shared. “We’re all-in on our partners because they’re such a critical part of our business. The definition of CrowdStrike is the crowd working together to strike against the adversary.

“Think of the great innovations in the past – all are based on people working together, whether that was putting people on the moon or building the first computer.”

In showcasing company financials and ambitions, Bernard stressed the importance of transparency in ensuring partners come on the CrowdStrike journey. This isn’t a case of one message to Wall Street and a different message to the ecosystem.

“Our goals are your goals,” he stressed. “And that extends to the goals of your customers as well.

“The message we tell partners is the message that we tell Morgan Stanley or BlackRock. It’s not one story for partners and a different story for investors.”

Even scheduling the APJ Partner Symposium closer to the company’s global sales kick-off was a deliberate move designed to improve alignment between internal sellers and external partners.

“Partners impact our reputation and brand in more ways than one,” Bernard added. “What partners say in market and to analysts significantly impacts our stock price – our growth doesn’t happen in a vacuum.”

Charting the stock price of CrowdStrike during the past 12 months

In addition to industry advocacy, Bernard said partners are now responsible for sourcing over 65% of new logos for CrowdStrike, up from 50% in a sizeable demonstration of ecosystem power. This is a channel trained to hunt not merely fulfil.

“None of this is by accident – when we have a plan and work together, we get results,” he stressed. “It’s generally not rocket science.”

Such a simplistic go-to-market strategy is shaped by Accelerate, a new partner program built to help partners “land and expand” with Falcon as the primary vehicle for growth.

The program is open to all partner types including value-added resellers (VARs), managed service providers (MSPs), managed security service providers (MSSPs) and system integrators (SIs), as well as distributors, telecommunication providers, independent software vendors (ISVs), insurers and cloud marketplaces.

“Partners must focus on selling the platform, not the product,” Bernard outlined. “Don’t sell us short and think that CrowdStrike equals EDR – look at our platform today and it’s evident that EDR is now a small piece of the puzzle.

“There’s so many capabilities in our 28 modules and so many different journeys that partners can take customers on.”

This approach will be rewarded through initiatives like CrowdCard, where individual sales and solution engineering professionals earn cash-back rewards on a branded CrowdStrike debit card. Rewards aim to incentivise new customer transactions as well as platform expansion across strategic solution areas – reward payments are delivered within days.

Meanwhile, “attractive margins, discount tiers and back-end rebates” are also available to support the building of focused and profitable CrowdStrike practices.

“We have a saying internally… are you living by a calendar or a watch?” Bernard said.

The approach to starting a cloud security campaign in market was outlined as an example:

  • The calendar approach is… ‘let’s set up a meeting in the second quarter after the holidays and travel, when everyone is free’.
  • The watch approach is… ‘let’s set up a meeting in a couple of hours. Let’s go’.

“We don’t like the calendar approach, we like the watch approach,” he advised. “This is important for our culture because even though we’re now about 8,500 employees, we want to keep the urgency of a start-up.”


Inform your opinion with executive guidance, in-depth analysis and business commentary.