SPECIAL NOTE REGARDING FORWARD-LOOKING STATEMENTS
This Annual Report on Form 10-K contains forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. All statements contained in this Annual Report on Form 10-K other than statements of historical fact, including statements regarding our future operating results and financial position, our business strategy and plans and our objectives for future operations, are forward-looking statements. The words “believe,” “may,” “will,” “potentially,” “estimate,” “continue,” “anticipate,” “intend,” “could,” “would,” “project,” “plan,” “expect” and similar expressions that convey uncertainty of future events or outcomes are intended to identify forward-looking statements.
These forward-looking statements include, but are not limited to, statements concerning the following:
◦our future financial performance, including our expectations regarding our revenue, cost of revenue, gross profit or gross margin, operating expenses (including changes in sales and marketing, research and development, and general and administrative expenses), and our ability to achieve, and maintain, future profitability;
◦market acceptance of our cloud platform;
◦the effects of increased competition in our markets and our ability to compete effectively;
◦our ability to maintain the security and availability of our cloud platform;
◦our ability to maintain and expand our customer base, including by attracting new customers;
◦our ability to develop new solutions, or enhancements to our existing solutions, and bring them to market in a timely manner;
◦anticipated trends, growth rates and challenges in our business and in the markets in which we operate;
◦our business plan and our ability to effectively manage our growth and associated investments;
◦beliefs and objectives for future operations;
◦our relationships with third parties, including channel partners and technology alliance partners;
◦our ability to maintain, protect and enhance our intellectual property rights;
◦our ability to successfully defend litigation brought against us;
◦our ability to successfully expand in our existing markets and into new markets;
◦sufficiency of cash to meet cash needs for at least the next 12 months;
◦our ability to expand internationally;
◦our ability to comply with laws and regulations that currently apply or become applicable to our business both in the United States and internationally;
◦our ability to implement, maintain, and improve our internal control over financial reporting;
◦the attraction and retention of qualified employees and key personnel.
These statements are based on our current plans, estimates and projections in light of information currently available to us. These forward-looking statements may be affected by risks, uncertainties and other factors discussed elsewhere in this Annual Report on Form 10-K, including under “Risk Factors.” Furthermore, new risks and uncertainties emerge from time to time, and it is impossible for us to predict all risks and uncertainties or how they may affect us. If any of these risks or uncertainties occurs, our business, revenue and financial results could be harmed, and the trading price of our Class A common stock could decline. Forward-looking statements made in this Annual Report on Form 10-K speak only as of the date on which such statements are made, and we undertake no obligation to update them in light of new information or future events, except as required by law.
We intend to announce material information to the public through the CrowdStrike Investor Relations website ir.crowdstrike.com, SEC filings, press releases, public conference calls, and public webcasts. We use these channels, as well as social media and our blog, to communicate with our investors, customers, and the public about our company, our offerings, and other issues. It is possible that the information we post on social media and our blog could be deemed to be material information. As such, we encourage investors, the media, and others to follow the channels listed above, including the social media channels listed on our investor relations website, and to review the information disclosed through such channels. Any updates to the list of disclosure channels through which we will announce information will be posted on the investor relations page on our website.
PART I
Item 1. Business
Overview
We founded CrowdStrike in 2011 to reinvent security for the cloud era. When we started the company, cyberattackers had a decided, asymmetric advantage over existing security products. We turned the tables on the adversaries by taking a fundamentally new approach that leverages the network effects of crowdsourced data applied to modern technologies such as AI, cloud computing, and graph databases. Realizing that the nature of cybersecurity problems had changed but the solutions had not, we built our CrowdStrike Falcon platform to detect threats and stop breaches.
We believe we are defining a new category called the Security Cloud, with the power to transform the security industry much the same way the cloud has transformed the CRM, HR, and service management industries. With our Falcon platform, we created the first multi-tenant, cloud native, intelligent security solution capable of protecting workloads across on-premise, virtualized, and cloud-based environments running on a variety of endpoints such as laptops, desktops, servers, virtual machines, and IoT devices. We deliver comprehensive breach protection even against today’s most sophisticated attacks on the endpoint, where the most valuable corporate data resides. Our Falcon platform is composed of two tightly integrated proprietary technologies: our easily deployed intelligent lightweight agent and our cloud-based, dynamic graph database called Threat Graph. Our solution benefits from crowdsourcing and economies of scale, which we believe enables our AI algorithms to be uniquely effective. We call this cloud-scale AI. Our single lightweight agent is installed on each endpoint and provides local detection and prevention capabilities while also intelligently collecting and streaming high fidelity data to our platform for real-time decision-making. Our Threat Graph processes, correlates, and analyzes this data in the cloud using a combination of AI and behavioral pattern-matching techniques. By analyzing and correlating information across our massive, crowdsourced dataset, we are able to deploy our AI algorithms at cloud-scale and build a more intelligent, effective solution to detect threats and stop breaches that on-premise or single instance cloud products cannot match. Today, we offer 11 cloud modules on our Falcon platform via a SaaS subscription-based model that spans multiple large security markets, including endpoint security, security and IT operations (including vulnerability management), and threat intelligence.
Organizations everywhere are becoming more distributed as they adopt the cloud, increase workforce mobility, and grow their number of connected devices. They are adding more workloads to a myriad of different endpoints beyond the traditional security perimeter, exposing an increasingly broad attack surface to adversaries. In addition, the sophistication of cyberattacks has increased, often coming from nation-states, well-funded criminal organizations, and hackers using advanced, easily obtained methods of attack. On a number of occasions, adversaries have launched devastating, destructive attacks that have caused significant business disruption and billions of dollars in cumulative losses. The architectural limitations of legacy security products, coupled with a dynamic and intensifying threat landscape, are creating the need for a fundamentally new approach to security.
Our unique approach starts with our single intelligent lightweight agent that enables frictionless deployment of our platform at scale. Our customers can rapidly adopt our technology across any type of workload running on a variety of endpoints. Our lightweight agent offloads computationally intensive tasks to the cloud, while retaining local detection and prevention capabilities that are necessary on the endpoint. The agent is nonintrusive to the end user and continues to protect the endpoint and track activity even when offline. The agent recommences transmitting data to our Falcon platform when the connection to the cloud has been reestablished. By utilizing a single agent, customers are able to leverage all the capabilities of our platform without burdening the endpoint with multiple agents.
Our lightweight agent intelligently streams high fidelity endpoint data to the cloud where Threat Graph provides a simple, flexible, and scalable way to model highly interconnected data sets. Threat Graph processes, correlates, and analyzes over three trillion endpoint-related events per week in real time and maintains an index of these events for future use. Threat Graph continuously looks for malicious activity by applying graph analytics and AI algorithms to the data streamed from the endpoints. Our multi-tenant architecture allows us to collect a broad array of high fidelity data about both potential attacks and benign behavioral patterns across our entire customer base, continuously enhancing our AI algorithms. This significantly increases the efficacy of our solution to stop breaches while reducing false positives.
We founded our company on the principle that the future of security would be driven by AI and that a cloud-native architecture would enable the collection of high fidelity data and scalability necessary for an effective solution. We call this cloud-scale AI. From the beginning, our strategy was focused on collecting data at scale, centrally storing such data in a singular model, and training our algorithms on these vast amounts of high fidelity data, which we believe is a fundamental differentiator from our competitors. Our cloud-scale AI means that the more data that is fed into our Falcon platform, the more intelligent Threat Graph becomes and the more our customers benefit, creating a powerful network effect that increases the overall value we provide. AI is revolutionizing many technology fields, including security solutions. To be truly effective, algorithms that enable AI depend on the quality and volume of data that trains them and the selection of the right differentiating features from that data. Our proprietary algorithms in Threat Graph identify events that may or may not be directly related, but together could indicate a threat that could otherwise remain undetected. Our cloud-scale algorithms make over 134 million indicator of attack decisions per minute. We are uniquely effective because we have more high fidelity data to train our AI models and more security expertise to guide our feature selection—all resulting in industry-leading efficacy and low false positives. Our rich set of continuously collected high fidelity endpoint data feeding our algorithms also enables us to use an active learning approach, where the models are continuously updated to fill in gaps identified in initial models and their performance is validated with this data prior to production use.
By leveraging a multi-tenant, cloud native solution, the data we analyze to stop breaches is both larger and more meaningful than the data from on-premise or single instance private cloud products. If Threat Graph discovers something in one customer environment, all customers benefit automatically and in real time. Taken together, our platform enables intelligent, dynamic automation at scale to detect threats and stop breaches.
We designed our Falcon platform with an open, interoperable, and highly extensible architecture. Because of our single data model, we only need to collect high fidelity endpoint data once from our agent, which we can use repeatedly for multiple use cases. Therefore, we can rapidly innovate, build, and deploy highly integrated modules to access additional market opportunities. We launched CrowdStrike Store, the first open cloud-based application platform for endpoint security and the industry’s first unified security cloud ecosystem of trusted third-party applications. We also built a rich set of APIs that allows us to ingest third-party data into our Falcon platform and allows our customers to expand the functionality of their existing security systems by writing their own programs and accessing the data on our platform.