The Endpoint Security market is a land grab game, as demonstrated by CrowdStrike’s incredible IPO

Yesterday, CrowdStrike rallied more than 70% on its first day of a publicly traded company, closing the day at a whopping $11.5 Billion market cap.

The successful IPO can be attributed to an impressive ARR growth rate of 121% (growing from $141M ARR end of FY2018 to $312M ARR end of FY2019), best in class SaaS metrics such as 147% net negative churn and 98% gross annual churn, and investors’ strong appetite for the booming cybersecurity space.

But there is another interesting lesson for the cybersecurity industry that can be learned from CrowdStrike’s S-1 prospectus: The endpoint security market has become a real estate play.

The winning strategy in a Monopoly board game is to buy every property you step on. Very similarly, land grab has become the best strategy for endpoint protection vendors — get your agent deployed on as many endpoints as possible and then push new products into the endpoints you own. It’s always better for a CISO to buy the next endpoint security product from the same vendor that is already deployed on the endpoint than to take the risk and headache of deploying another one.

This is even more true as many of the endpoint security products have converged over time. The traditional endpoint protection (EPP) capabilities such as malware and exploit prevention (think anti-virus) were later supplemented by Endpoint Detection and Response (EDR) capabilities like monitoring, investigation and exploration tools. Now both categories are getting converged into a unified modern Endpoint Protection solution.

This land grab strategy is what made CrowdStrike so successful. The company started with an EDR product in 2012 and leveraged the initial momentum to keep building and selling new products to its customer base. CrowdStrike currently offers no less than 10 different products through their platform that provide diverse functionality in three distinct markets: endpoint security, security and IT operations, and threat intelligence. The company was smart to realize this early and spend enormous amounts on sales and marketing to get deployed on as many endpoints as possible, while also investing significant amounts in R&D to keep building new modules which can be upsold to their customers. This strategy is clearly working as almost half of CrowdStrike’s customers use 4 or more of their products and this numbers continues to rise quarter-over-quarter. This strategy is also exhibited in the company’s impressive 140%+ net negative churn.

The result of this land grab strategy is a blood bath in the endpoint protection market with legacy players such as Symantec and McAfee trying to hold on to their existing customers (and likely buying EDR and EPP startups very soon). And with the newer vendors raising hundreds of millions of dollars to keep competing in this game. “Startups” such as Carbon Black ($415M raised), Tanium ($780M raised), CyberReason ($180M raised) and SentinelOne ($230M raised) must outspend competition in order to stay ahead.

CrowdStrike raising an additional $612M in one of the largest ever cybersecurity IPOs means that this fierce competition for the endpoint real estate is likely only going to intensify over time.