Operator:

Thank you for standing by and welcome to CrowdStrike's Fourth Quarter and Fiscal Year 2024 Earnings Conference Call. At this time, all participants are in a listen-only mode. After the speaker presentation, there will be a question-and-answer session. [Operator Instructions] I would now like to hand the call over to Maria Riley, Vice President of Investor Relations. Please go ahead.

George Kurtz:

Thank you, Maria. And thank you all for joining us today. CrowdStrike delivered an exceptional fourth quarter that far exceeded our expectations. It was another quarter of records. Record net new ARR of $282 million, continuing our acceleration trend, growing 27% year-over-year. Record operating margin of 25%, up 10 percentage points year-over-year. Record free cash flow reaching 33% of revenue and a free cash flow Rule of 66. Record GAAP profitability and record cloud identity and next-gen SIEM ending ARR of greater than $850 million together, more than doubling year-over-year. These results illustrate CrowdStrike's substantial and widening competitive moat, exceptional business acceleration, and validated market leadership. Building on my founding vision, CrowdStrike is the only single platform, single agent technology in cybersecurity that solves use cases well beyond endpoint protection. Falcon is the easiest and fastest cybersecurity technology to deploy, and our single AI native platform makes vendor consolidation instant, frictionless and natural. The feedback we receive from customers, prospects and partners alike is consistent, eagerness to deploy the Falcon platform, ease of adopting more Falcon platform modules, and excitement from continuous innovation with new Falcon capabilities delivered weekly. Leaving stitched together point products and PowerPoint platforms behind, CrowdStrike customers realize the benefits of superior outcomes and lower TCO. A recent IDC report echoes this, showcasing $6 of return for every dollar invested in the Falcon platform. That is ROI. Free is never free. Customers understand the difference between product pricing and the total lifetime cost of operating inferior technology. Given the Falcon platform's ROI and TCO savings, we believe we will continue to see favorable pricing dynamics. I'm thrilled with our performance, which is a testament to the execution and passion from the very best team in cybersecurity. Unified by our focused mission, we stop breaches. My gratitude to all CrowdStriker’s on a job well done. Our execution and discipline across the business, coupled with overwhelmingly positive market feedback, gives me strong conviction in our fiscal year 2025 momentum, which Burt will cover in more detail. The current macro environment remains stable and consistent with prior quarters. We expect continued deal scrutiny throughout this coming year. We remain focused on operational excellence, while delivering market-leading growth at scale, assisting organizations of all sizes to consolidate and improve their cybersecurity. In contrast to the macroeconomic backdrop, the state of the threat landscape has never been more elevated. In CrowdStrike's recent 2024 Global Threat Report, we unpack the harsh realities of cyber today. Key findings include

Operator:

[Operator Instructions] Our first question comes from the line of Saket Kalia of Barclays. Your question please, Saket.

George Kurtz:

Thanks, Saket.

George Kurtz:

Thanks, Saket. Obviously, a key part of our success has been that all of the modules [indiscernible] are platform, which is really key driver. And when I started the company, it was really about creating this data platform that allowed us to ingest data at scale and then create multiple use cases. And really what you're seeing is many, many years of hard work that allow us to solve use cases beyond just core endpoint protection. So when we think about cloud security, customers are really looking to rationalize the alphabet soup of cloud products that are out there. And they're looking not only for posture management, but runtime protection. And they want it all integrated into a data platform. So I think given what we've done and some of the acquisitions including now Flow, we are obviously well positioned in that area and a lot of interest from our customers, and we've seen a lot of success. When we think about the SEIM market, and maybe more importantly, the legacy SEIM market, customers are just frustrated with the existing technologies, the cost structure around those. And what they're looking for really is a data platform like CrowdStrike and now LogScale’s natively integrated into the product. It's a better way to give them the outcome they want, which is faster results, better overall outcomes, and a lower TCO. So I think it's this data concept that we've been talking about for many years that everyone now is starting to see the fruits of our labor and how we can solve use cases well beyond just endpoint protection. Bert?

Saket Kalia:

Great. Thank you.

Brian Essex:

Great. Good afternoon. Thank you for the question -- for taking the question and great to see the strong results from the team. George, you're articulating a few thoughts on consolidation pricing in your prepared remarks, but wanted to ask a little more directly and maybe follow up to Saket's question. Both for you and Bert, one of the other vendors in this space has talked about a strategy of platformization. So maybe with that in context, how does this impact your go-to-market and pricing?

Burt Podbere:

Yeah, I think, George, look, at the end of the day, we sell on value. And we've never been a company that's done deep discounting. We've never been a company that has increased our prices to get more ARRs. That's not us. And at the end of the day, for us, we're here to help customers get the greatest amount of outcomes at the lowest TCO period. And to George's point, free is not free, and good is not good enough.

Operator:

Thank you. Our next question comes from the line of Rob Owens of Piper Sandler. Please go ahead, Rob.

George Kurtz:

Hey, Rob. So I think it's a couple of things. One is, for sure it's about the platform. But second, Q4 is historically we've seen a lot more of the multi-year deals. We also see more renewals in Q4 as well. But billings in general, remember it's a noisy metric right? It's heavily influenced by duration and timing of deals within the given quarter. But having said that, at the end of the day, we do manage the business to ARR. And that's the one that we focus in on. Billings for us is just an aftermath. You're right. It was a strong billing quarter, but that's not really how we run the business.

Joel Fishbein:

Thank you, and congrats on the great execution as well. George, just a follow-up for you on the data market or the DLP market, and congrats on the acquisition of Flow. Just curious how that will be integrated. You didn't really mention how big that is for you guys, but obviously a very big market that is right for disruption and maybe talk about the competitive dynamics of that market as well.

Operator:

Thank you. Our next question comes from the line of Andrew Nowinski of Wells Fargo. Your question, please, Andrew.

Burt Podbere:

Yeah. So I think that we're very excited about both the partnerships, both Dell and Pax8. They represent additional routes to market, but it's still early days on both of them, as George had mentioned. But they're one of many routes to market. We do believe that they're going to bring deals to us. And we're excited to have them on board as partners.

Tal Liani:

Hi, guys. So we had discussions this kind of past few weeks about the pricing environment of the XDR market and the ability to offset this with add-on modules. And the question is, you touched on it, but I want to ask, do you feel the contribution of Microsoft and Cortex from Palo Alto and others, do you feel their impact on pricing of individual components of your package? And is there a story about price compression of each individual component offset by the bundle or that you just don't see the XDR pricing pressure that Paolo Alta was talking about? Thanks.

Operator:

Thank you. Our next comes from the line of Alex Henderson of Needham. Please go ahead, Alex.

George Kurtz:

Yes. Sure, I can. Thanks, Alex. It's a great . And I do remember our early conversations finally, and you're absolutely right about being the platform for cybersecurity when I started the company. So when we think about architecture, architecture does matter and really what we've created is a very data-centric architecture that allows us to get data at scale into our platform leverage our AI and then create the outcomes. It's that collect once we use many. We have a single platform. Our competitors have many other platforms as they call them. We have a single agent. Our competitors have five, six, seven, eight, depending on the competitors. So when we look at our architecture, it was really designed from the beginning to solve the problems of today and the future problems. And the result of that is ease of use, the outcome that a customer is looking for, stopping breaches and lowering the cost and future bringing what they want. I've -- in a prior life, I've been involved in companies that acquired a lot of products. And I can tell you, it is near impossible to stitch all this stuff together, particularly at the agent level unless you're very diligent about it. And I can tell you from a CrowdStrike perspective, we've been very diligent about our acquisitions, as you've seen, and thoughtful on the pricing. But also what's important to realize is that we bought products and we really haven't sold some of them for the better part of 18 months because we wanted to focus on the integration, things like identity. And now we see the fruits of our labor. So it's this focused, long-term diligent approach to our acquisitions, I think, that have helped us because we started with a very innovative cloud-native platform from the beginning.

Roger Boyd:

Great. Thanks for taking the question. And again, congrats on a really strong end of the year. I wanted to talk about Charlotte. The customers that we've spoken to that were part of that early access program pretty positive on both what the product can do today as well as the pipeline and where it could go in the future? George, you said at a couple of positive stats around automation. Any updated view on your ability to monetize the Charlotte product or the time line to monetization from here? Thanks.

Operator:

Thank you. Our next comes from the line of Matt Hedberg of RBC. Please go ahead, Matt.

Burt Podbere:

Hi, Matt. Thanks. So with respect to ARR, obviously, we don't guide to it. But we have talked about in the past where we've started the year in Q1 and build and that's kind of really all I can really comment on ARR. You can kind of infer where we're going with our guide. And -- but at the end of the day, our guide, the methodology has remained consistent, and that's how we think about it.

Burt Podbere:

Yes, That would be accurate.

Burt Podbere:

Thank you very much.

John DiFucci:

Thank you for taking my question. Listen, as everybody said, these are really impressive results, no matter how you look at it, but especially as compared to others out there. I'd like to ask another about the past is -- I know, George, you think, but the past is the past. It's great. It's great to see. But I'd like to ask another about the future. I know Charlotte AI is the sexy new product. It's everybody or AI winner are you a loser I mean. And we'll see how that develops. But given your lightweight agent and all the data you collect or even could collect. It just seems that Falcon for IT could be a whole new world for you, which might make it harder given it might perhaps be a different buyer, but certainly worth it. I guess how should we think about the development of this product going forward, given your -- I know it just was generally available, too, but I'm sure you've had early conversations with customers.

Operator:

Thank you. I would now like to turn the conference back to George Kurtz for closing remarks. Sir?

Operator:

This concludes today's conference call. Thank you for participating. You may now disconnect.

Operator:

Thank you for standing by, and welcome to CrowdStrike Holdings Third Quarter Fiscal Year 2024 Earnings Conference Call. At this time, all participants are in a listen-only mode. After the speakers' presentation, there will be a question-and-answer session. [Operator Instructions] I would now like to hand the call over to VP of Investor Relations, Maria Riley. Please go ahead.

George Kurtz:

Thank you, Maria, and thank you all for joining us today. I would like to begin my remarks today by expressing gratitude to our customers, who proudly trust CrowdStrike as their cyber security platform consolidator for the AI era; gratitude to our partners who win with CrowdStrike, taking our joint customers on Falcon Platform transformation journeys from device to cloud, to identity, to data and beyond; and to our team for their passion and dedication to our mission, stopping breaches, finding adversaries, and delivering the very best cyber security outcomes. Moving onto Q3. Despite a challenging macro environment and geopolitical tension, I am extremely proud of the resilience of our business and that we delivered a record Q3. CrowdStrike surpassed the $3 billion ARR milestone with an ending ARR of $3.15 billion, growing 35% year-over-year. CrowdStrike is the fastest and only pure-play cyber security software vendor in history to achieve this milestone. In Q3, we delivered double-digit net new ARR acceleration at scale, powered by customer demand for the depth and breadth of CrowdStrike's AI native XDR platform, terrific execution exemplified by rising win rate against our competitors, and acceleration in our cloud security and identity businesses, as well as a record quarter in our LogScale Next-gen SIEM business. Our standout top-line performance came in tandem with P&L discipline as our profitability soared to record heights. Q3 was indeed a quarter of records. Let me share several of our financial highlights. Record net new ARR of $223 million, representing a 13% year-over-year growth from acceleration in new and expansion business; record non-GAAP subscription gross margin; record GAAP and non-GAAP operating profitability; record free cash flow of $239 million, representing 30% free cash flow margin and achieving free cash flow Rule of 66, up from 63 last quarter. Burt will share more color on our financials and platform adoption stats, following my remarks. This was a standout quarter and places us well on the path to $10 billion in ARR that we outlined in our latest investor briefing. The market continues to validate CrowdStrike's widening leadership position. While others scaled back R&D, we are increasing our investments as innovation is the lifeblood of our company. We continue to make meaningful investments in go-to-market and profitable growth. To this end, we received multiple industry awards and accolades over the course of this quarter. Across industry analyst firms, CrowdStrike is consistently top-rated. In Q3, CrowdStrike was awarded a perfect 100% across protection, visibility and analytics detections in MITRE's latest ATT&CK testing in industry-first; recognized as Gartner Customers' Choice and one of the highest-rated in their latest Peer Insights Voice of the Customer for EPP report; named a Leader in the Forrester Wave for Endpoint Security; and positioned as a leader in the IDC Vulnerability Management MarketScape. Our leadership position is translating into record demand for our Exposure Management solution in its first quarter on the market. Our market presence in open platform approach to XDR is a uniting force in cyber security. In Q3, we hosted Fal.Con, our flagship customer and ecosystem event with more than 4,000 attendees and 70 sponsors. This was fast followed by our Fal.Con On the Road series, where we have already hosted Fal.Con Tokyo and Fal.Con Sao Paulo with thousands in attendance. The drumbeat of innovation was loud and clear with multiple releases and announcements showcasing CrowdStrike as the XDR leader, including the Falcon Platform Raptor release, which standardizes all of our customers on LogScale. This builds our platform data gravity, coupling native Falcon data with third-party data ingest, further enabling our customers to realize SIEM and XDR use cases on Falcon. Falcon for IT, a new module to unify IT and SecOps. From hygiene to patching, Falcon for IT lets customers consolidate multiple use cases and replace legacy products with our single-agent architecture. Our new Falcon data protection module that liberates customers from legacy DLP products with modern frictionless data security, which prevents data exfiltration. Falcon Foundry, a no-code application development solution, enabling both customers and technology partners to build directly on Falcon. Foundry epitomizes the true definition of a platform offering limitless apps. We announced the acquisition of Bionic, bringing application security posture management to the Falcon Cloud Security Suite. Falcon Cloud Security is the industry's most comprehensive and innovative cloud security offering, with integrated agent and agentless CSPM, CIEM, CWP, and now, ASPM. We released the beta and pricing for Charlotte AI, our AI-powered [stock] (ph) analyst, which was incredibly well received. CrowdStrike's generative AI leveraging multiple foundational models can turn hours of work into minutes, while democratizing cybersecurity, unlocking value, and adoption across the entire breadth of the Falcon platform. Enthusiasm for Falcon for IT, our automation and hygiene module for IT teams, is exciting to witness because it is something so intuitive that our customers want. Like data protection, Falcon for IT saw a clear and long-neglected pain point, where customers are forced to rely on multiple legacy products that have long outstayed their welcome. Customers are eager to consolidate their agent estate while reducing cost and complexity. Falcon for IT illustrates the power of CrowdStrike's single-platform approach. We have the real estate and data foundation to solve ever-evolving use cases, delighting our customers, while disrupting vendors that have failed to evolve. The resounding takeaway from my customer engagements at Fal.Con and throughout the quarter is that CrowdStrike is the right choice for CISOs, CIOs, executive teams and Boards. Here's why? Our build-by-design, single-platform architecture requires no integration, no stitching, and no platformization. Our unified cloud-native platform and critical beachfront real estate within the customer estate naturally create cybersecurity data gravity, solving for today's challenges, while preparing for the unknowns of tomorrow. Organizations are looking for a trusted cybersecurity consolidator. CrowdStrike is cybersecurity's AI consolidator, liberating organizations from a litany of increasingly ineffective legacy tools, multiple agents, point products, and fragmented pseudo platforms. Illustrating this point, deals with eight or more modules increased 78% year-over-year in the quarter. This is what consolidation looks like. And third, stopping the breach matters more today than ever. Adversaries continue to evolve, moving faster and increasing their use of dark AI, turning AI into a weapon for evil. At the same time, legislative and SEC regulatory oversight pressures Boards and Executives to prioritize cybersecurity. With these three takeaways in mind, let's start by expanding on the first. Why CrowdStrike is the definitive single security platform? Multiple fragmented platforms, consoles, and data silos force customers to focus on integrating, not security outcomes. Our relentless focus on innovation and commitment to a single built-by-design platform creates cybersecurity's source of truth. Built on this platform foundation, our cloud identity and LogScale next-gen SIEM products are examples of IPO-worthy hypergrowth businesses. Let's take a look at our momentum in cloud security. Growth accelerated in the quarter and we're entering Q4 with a record pipeline. Noteworthy wins in the quarter included

Operator:

Thank you. [Operator Instructions] Our first question comes from the line of Saket Kalia of Barclays.

George Kurtz:

It does, yeah. It's a great question. So, when I look at the market today and I compare that to when I started CrowdStrike in 2011 and really talking to customers in 2012 and 2013 about replacing their legacy AV, it feels like it's the same conversation, just with a different context of replacing their legacy SIEM. What I found, and I tend to like businesses and markets where this is in play, is where the incumbents are entrenched, but have a high degree of dissatisfaction, where the technology is legacy and where the complexity is just high of patching all this stuff together. And in talking to customers, they want better, faster, cheaper, and they want something that works at cloud scale. If you look at what we've done with LogScale, it's a much more modern version of a SIEM, a next-gen SIEM. We got ahead of the curve a couple of years ago when we bought Humio, which is now LogScale, we've now integrated into our platform, and it's extended out our XDR technology and it allows us to do log and SIEM in the same platform. So, from our perspective, the feedback that we've gotten not only from customers but partners like EY, who are building practices around this, this is a massive opportunity for CrowdStrike, and now is the right time for us, given the level of dissatisfaction M&A in the environment and the customer's willingness to look for a much better solution, which also gives us data gravity in the platform.

Operator:

Thank you. Our next question, please standby, comes from the line of Joel Fishbein of Truist.

George Kurtz:

Sure. Well, we actually showed our data protection technology at Fal.Con a couple of months ago. We're actively working with some of the largest enterprises in the world to make sure that we account for all their requirements and their ability to actually move off their legacy DLP product. There's not one customer that I've talked to that says they like their DLP product, period. And in today's environment, with data in motion, particularly through cloud services, the ability to actually be able to track from endpoint through cloud where data moves, what type of data is out there, leveraging our AI to understand, is it something that should be moving in certain places is going to be incredibly important. And the way we look at it is the same way we looked at legacy AV. There's a better way to reimagine DLP into Falcon Data Protection, and we're very, very close to being able to release that as we continue to put the fine touches on what customers are looking for and what they're willing to write a check for. So stay tuned, but another massive market opportunity for us.

Rob Owens:

Great. Good afternoon. George, I guess staying on theme here with these extensible adjacencies, maybe you can touch on Falcon for IT. What early response has been since, I guess, showing it at your recent user conference and where you see the opportunity on that front?

Operator:

Thank you. Our next question comes from the line of Matthew Hedberg of RBC.

Burt Podbere:

Hey, Matt. Great question. So for us, we are always looking to maximize our growth while at the same time paying attention to the bottom-line. So that's never changed. We are absolutely going to continue to invest in innovation. We got -- we announced so much at our last Fal.Con. We've got a lot of momentum. We're going to continue to invest to continue that momentum. But also at the same time, we recognize that we want to make sure that we're a very well-run company and people are seeing the output of that certainly on this quarter and we don't plan on changing that at all for next year.

John DiFucci:

Thank you. George, it's impressive to really see the consistency of your team at scale here. But I'm just curious, how did traction continue into the end of the October quarter and then again into -- we're almost through November, relative to the October period. And the reason I'm asking this is that, we've generally heard of a fade in business activity through October across the industry, not necessarily with you, I mean, actually we didn't hear with you, but across most others. And it's actually sort of shown up in results of some of your security peers. So, I'm just wondering, maybe -- what are you seeing. What did you see into the end of the quarter? And what are you seeing at the beginning of the January period?

Operator:

Thank you. Our next question comes from the line of Tal Liani of Bank of America.

Burt Podbere:

Thanks, Tal. Good question. I'm going to start with billings. Yeah, you're correct. For us specifically, we don't manage the business to billings and we feel that ARR gives you the absolute best proxy to revenue and we felt that that's the right metric, as you know, since we went public, to give you more transparency into the health of our business. And that's the metric that really guides you on health. With respect to billings ourselves, I mean, we think about billings similar to probably most of you out there, is that billings, typically for hardware companies, use that when they don't disclose any sort of bookings metric, and that's not us, right. We think that billings has certain things that just are not as relevant as a metric like ARR. You're comparing a balance sheet item to a P&L item. For us, the P&L is going to dictate the health of the business. So for us, you know, billings obviously is going to be impacted by duration and there are many things that go into that. And remember also that when you think about on a year-on-year basis, we're still up on billings. And I think that's the one thing that you want to take away. For us, when we think about how we want to continue to be transparent, ARR really gives you that notion of where we're going and how we're doing. And I think that that's the focus. And it has been, by the way, since we went public, even as a private company, that's the one that we manage the business to, that's how we look at how to give out quotas to our reps, et cetera, et cetera. So for us, that's not going to change. And I hope that answers that question.

Adam Borg:

Awesome. Thanks so much for taking the question. Maybe just for George on CNAPP, it's obviously great to hear the traction. As we look ahead, should we still view this more of an upsell opportunity to existing customers or what needs to happen for this to be more of a tip of spear to drive net new logos? Thanks so much.

Adam Borg:

Great, can you hear me okay now?

Adam Borg:

Great. Sorry about that. Maybe just on CNAPP, it's great to see the continued traction there. And as the market matures, should we view this as more of an upsell opportunity or what needs to happen for this to be more of a tip of spear to drive net new logos?

Operator:

Thank you. Our next question comes from the line of Mike Walkley of Canaccord Genuity.

George Kurtz:

Well, we saw a very strong SMB segment. We've done a lot of work, A, starting with our partners like Pax8 and others, Dell, in that market. So meeting the customers, where they like to buy is really, really important. And then, coming up with a very innovative and easy-to-use technology designed for the SMB, our latest release of Falcon Go is literally one-click install. And the feedback that we've gotten from customers are like, "Wow, this is the easiest thing I've seen. It just works." And I think you're going to see even more broad adoption because we've made it so easy to install. You don't have to be an IT professional. And then, we've got our partner network that are building services around it. So they're able to generate dollars. We're able to sell our product through their channels where they meet the customers. And I think we've taken a very innovative and effective approach in our partnering strategy. This is something that we've really worked on over the last year, 18 months, and we're bearing the fruit of it right now.

Gray Powell:

Okay, great. Thank you for taking the question. Yeah, I was just wondering if you could repeat the commentary on the potential for a year-end budget flush. I think you said that it was not going to be a typical year. And if I remember correctly, last year, the commentary is more like there's going to be little or no budget flush. So, I guess my question is like how does this year look in comparison? Is it better, same, worse? Just sort of what's your confidence level on trends?

Operator:

Thank you. Our next question comes from the line of Jonathan Ho of William Blair.

George Kurtz:

Well, we announced our pricing at Fal.Con. That was actually well received with customers. And in terms of the overall used cases, as I've talked about in the past, really it's helping a Tier 1 SOC analyst up level themselves to be a Tier 3, right? It's really driving SOC automation, which is a big focus for us with things like Charlotte and things like Falcon Foundry, how do you drive automation into organizations to give them better outcomes. At the end of the day, they would be willing to pay for something if it's going to save them time or money or make their job easier. And what we've seen in the customers who are using Charlotte right now in its preview mode is, they're able to do things way faster than they ever could and they're able to explore and ask questions that they haven't been able to do in the past, right? It just makes it so easy to have Charlotte gather up all the information and then take an action on their behalf. So, A, the pricing has resonated well with customers. We'll see how it shakes out as we get into full swing of things. But overall, what we've put together and the fact that it isn't an independent chatbot, it's really a foundational platform service that's wired into everything that we do and allows automation through all the modules, I think is a home run for us.

Gregg Moskowitz:

Okay, thank you for taking the question. George, in your prepared remarks, you expressed a lot of excitement for Falcon for IT. But in addition to better security, better unification with IT, it also strikes me as having the potential to be a real ROI-driven sale for many customers. Do you agree with that? And if so, is that going to be an angle that you really go after from a go-to-market standpoint?

Operator:

Thank you. Our next question comes from the line of Gabriela Borges of Goldman Sachs.

George Kurtz:

Well, I'll start and then I'll let Burt jump in. I think from a priority perspective just on go-to-market and product-related. You talk about the fiscal piece, Burt. But we continue to drive innovation. Our focus has been on innovation, not integration. And I think that's shown in what we've been able to deliver in the market, how fast we've been able to come out with products. Falcon was our richest release of technology. So, we want to continue to be the innovation leader in security, and I think customers will recognize that. From a go-to-market perspective, there's a lot of work that we've done in terms of really, really making sure we've got the right hygiene across the enterprise and making sure that we can compress these, basically, time in sales cycles to get deals done when we need to and vector them in, and then also as we go down market into SMB, creating the right products for that segment and then delivering it through the right channels. So, what we have is working. So, it's going to continue to drive innovation, continue to remove friction in go-to-market motion, and continue operational excellence up and down the sales and the partner organization. Burt?

Operator:

Thank you. Our next question comes from the line of Alex Henderson of Needham.

George Kurtz:

Great. Well, when we look at the current macro environment, it is stable. But as I talked about in the Q&A and in the prepared remarks, it's still a challenging environment, it takes a lot of effort to get deals done. And again, it depends on the segments. Some segments are going to be a little bit longer in the enterprise and SMB a little bit shorter. But that being said, when we look out and we look at things like our pipeline, we have a record pipeline and we have that because I think we've got the best product suite in the industry. We've got customers that are truly understanding the platform capabilities of what we've built. They're coming to us and saying, "Hey, let's sit down and go through your roadmap and our roadmap and let's figure out what we can consolidate." So, they're coming to us with the openness of wanting to buy more and leveraging things like Falcon Flex to be able to have bigger commits at CrowdStrike, which is important. And overall, it's, as I said, still a tough environment. But I think we've got some key metrics like the pipeline that is encouraging to us. And when you look at LogScale and our cloud business and our identity business, I mean, these are absolutely bright stars across the entire platform. And again, keep in mind, we're not selling individual piece parts. People are buying the platform and that's what's driving the growth.

Eric Heath:

Great. Thanks for fitting me in here. George, I guess I'll come back to the SIEM conversation. So, appreciate the color on the synergies of using LogScale to do the analytics on top of your first-party data that you're already capturing, makes a ton of sense. But I guess, can you flush out a bit more as to why your AI engine and your proprietary endpoint data is a better approach to capture the next-gen SIEM opportunity that many seem to be targeting, including those that claim to have more first-party data sources?

Operator:

Thank you. I would now like to turn the conference back to George Kurtz for closing remarks. Sir?

Operator:

This concludes today's conference call. Thank you for participating. You may now disconnect.

Operator:

Hello, and welcome to the CrowdStrike Fiscal Second Quarter 2024 Results Conference Call. At this time, all participants are in a listen-only mode. After the speaker presentation, there will be a question-and-answer session. [Operator Instructions] Please be advised that today's conference is being recorded. It is now my pleasure to introduce Vice President of Investor Relations, Maria Riley.

George Kurtz:

Thank you, Maria, and thank you all for joining us today. I am pleased to report that in the second quarter, we exceeded our guidance across both top and bottom-line metrics, delivering strong, durable growth at scale and credible leverage and operating within our target model on every metric. Even with a challenging macro backdrop, we delivered an impressive quarter, highlighting CrowdStrike's structural competitive moat, making Falcon the definitive cybersecurity platform for the cloud era. Financial highlights for the quarter include, ending ARR of $2.9 billion, up 37% year-over-year, with record contribution from cloud security, identity protection and LogScale Next-gen SIEM, together surpassing $500 million in ARR, record non-GAAP operating margin of 21.3%, record non-GAAP net income, which grew 109% year-over-year, GAAP profitability for the second consecutive quarter, record Q2 free cash flow of $188.7 million and an over 80% year-over-year increase in deals involving eight or more Falcon platform modules. Our commitment to operational excellence and the utilization of AI within our platform and across our entire organization is driving enviable leverage in our financial results, even as we aggressively invest in fueling growth. As Burt will discuss, we are raising our revenue outlook for the year and bringing in our timeline to sustainably achieve our non-GAAP target operating model. We now expect to exit Q4 within our target non-GAAP operating margin model and to remain within our target model on an annual basis starting in FY '25. In an increasingly digital cloud-defined world, cybersecurity is becoming more important than ever. The SEC's recently enacted cybersecurity disclosure requirements substantiate the growing gravity of cybersecurity threats, elevating the category from an operational concern to an urgent Board level and CXO spend priority. At CrowdStrike, we continue to build cybersecurity’s platform of choice, offering a simple and powerful promise. We stop breaches. Heading into the second half of the year, we see increased momentum in the business, driven by record levels of new logo and upsell pipeline, record deal registrations from our market-leading partner ecosystem and record levels of customers proudly trusting CrowdStrike to be their long-term security platform consolidator of choice. We are also observing substantial changes in the competitive landscape, uniquely benefiting CrowdStrike. With the business momentum we see and competitive market dynamics, we believe our second half performance will yield double-digit net new ARR growth. Working in cybersecurity for the past 30 years, I have recognized and created tectonic shifts in this industry and we are in the midst of one right now. Organizations need better, faster and more cost-effective protection for a digital society. Organizations need seamless, not stitched together automation to break down legacy data silos. Organizations need lower TCO and more efficient ROI-driven investment. The competitive battlefield of cybersecurity today reflects these realities, separating the wheat from the chaff. Those who have platforms versus those with point products masquerading as platform stories. What was a market littered with dozens of companies is quickly consolidating to several vendors. Smaller, narrower point product companies are being left behind. These companies are quickly going the way of legacy AV, already in the hands or looking for the safe hands of strategic or private equity buyers. Point products, single feature cloud security companies are learning the hard way that platforms built by design win at scale. Today's competitive landscape solidifies CrowdStrike's leadership position and turns what were once competitors into immediate shared donors. CrowdStrike is purpose-built for this market. We have the technology innovation, mission-driven team and sizable scale to lead cybersecurity platform consolidation. Shifting from competitive market dynamics to CrowdStrike, here are the reasons I see us winning in the second half and beyond. The Falcon platform enables real consolidation with best-of-breed outcomes, and we are flighting XDR transformations across cloud security, identity protection and LogScale Next-gen SIEM. Each of these three platform solutions are high-growth, sizable businesses. Each are examples of IPO worthy companies in their own right and each are seamlessly integrated components of the Falcon platform. Let me first provide commentary on CrowdStrike as cybersecurities consolidator, and then I'll follow up with updates on our cloud, identity and Next-gen SIEM Falcon platform businesses. The Falcon platform has not only become the standard for delivering AI-powered cybersecurity, it has become the foundational cybersecurity platform for our customers. Our revolutionary cloud-native architecture consists of an AI-powered data platform and lightweight sensor form factor, which remains the easiest and fastest to deploy with no reboots. Our form factor was made for the digital anywhere enterprise, not bound by operating system or hardware-defined network perimeters. CrowdStrike has the visibility to detect and prevent attacks and the workflow integrations and automation to remediate. We have the prime enterprise real estate on devices and multi-cloud workloads to automate and consolidate cybersecurity. Customer after customer I met with at the Black Hat Security Conference wants to anchor their cybersecurity on the Falcon platform. These customers see us as their core partner in their security journey. With consolidation being a hot topic, let's talk about what security outcomes really mean. Stopping the breach. This is the most important outcome. Companies need vendors who are trusted partners that can understand, prevent and respond to threat actors to stop breaches. CrowdStrike is uniquely positioned to stop breaches with our technology, threat intelligence and services. Saving time, delivering everything in a single modern console coupled with generative AI reduces dwell time and makes cybersecurity faster and easier. Saving money with most enterprises still buying north of 60 cybersecurity point products, there's too much cybersecurity shelf wear. Individual products require learning and maintenance, building integrations and higher staffing costs. Eliminating the time managing, integrating, updating and operating superfluous tools represents real savings regarding product, people, process and cost. And finally, doing more. CrowdStrike's Falcon unlocks new capabilities for organizations such as deploying their first code to cloud security, identity protection, exposure management, attack surface reduction, next-gen SIEM and more, all in one integrated platform. The breadth of native Falcon capabilities in our prime real estate within the enterprise and SMB technology stack is our advantage and creates significant customer expansion path. Our open XDR platform, the ability to take in first-party and third-party data is quickly becoming the enterprise data destination. We see data gravity for the management of cybersecurity, but also broader observability use cases as a competitive moat for CrowdStrike. Customers gain greater value with every module they adopt, reducing agents, security gaps, complexity and cost, enabling them to transform and consolidate their security stack with the Falcon platform. Let me share several recent new customer wins that speak to this. First is a major auto manufacturer that tried but failed to consolidate their security on Microsoft E5. This company's security team quickly realized Microsoft's complexity, multiple consoles, lack of integration, miss detections and complex deployments hampered their ability to defend themselves and consolidate. This customer is now consolidating on the Falcon platform with Falcon Complete for Endpoint, Identity and Cloud. Now with a single agent, single user interface and single platform, they have complete visibility across their end points, cloud and identities and the ability to stop threats in real time. By moving from expensive Microsoft E5 to CrowdStrike, organizations can save 50% plus per user per year on Microsoft licensing costs, adding up to millions of dollars of savings. Another seven-figure consolidation win was with a leading residential construction manufacturer who took their Falcon Complete subscription to the next level. Beyond the Endpoint, this customer purchased Falcon Cloud Security, Identity Protection, LogScale and Falcon Surface, our external attack surface management offering. Falcon has become the platform of consolidation and trust for this enterprise, reducing spend with three other vendors by more than 60% and wholly eliminating multiple vendors from their stack. Consolidation is not only fueling bigger new logo lands but also increased platform adoption, especially in the areas of cloud security, identity protection and LogScale, which, in aggregate, contribute well over $0.5 billion in ending ARR. Financial services, technology, retail and manufacturing industry verticals continue to demonstrate strong demand with large deal sizes. In Q2, we closed over 80% more deals involving eight or more modules than a year ago as customers increasingly look to CrowdStrike to consolidate their security stack. Let me now discuss our momentum in the platform areas of Cloud, Identity and LogScale, Next-gen SIEM, where we are setting new records. Let's start with Cloud Security, where net new ARR growth accelerated meaningfully and reached a new record during the quarter. Ending ARR for Falcon modules deployed in a public cloud grew to $296 million, up 70% year-over-year, larger than almost every single vendor in cloud security today. Driving this inflection is our focused innovation on Falcon Cloud Security, our CNAPP suite offering, which unifies agent and agentless cloud-native security capabilities into a single offering, providing immediate time to value across all major cloud environments. Net new ARR growth for Falcon Cloud Security accelerated to 70% quarter-over-quarter. We have made it easier for customers to consume Falcon Cloud Security with a single SKU and customers are rapidly standardizing on CrowdStrike as their cloud security platform of choice. Customers are eager to move away from multiple point product vendors to Falcon's unified best-of-breed platform. We added many new capabilities to our CNAPP offering, including infrastructure as code, site scanning and attack path analysis, creating the most comprehensive CNAPP solution on the market. Combined with Falcon Surface, our external attack surface monitoring solution that we acquired last year, we now provide a complete outside-in and inside-out view of a customer's security posture. This past quarter, we executed a go-to-market emphasis on cloud security, hosting a virtual Cloud Security Summit with over 12,500 security and DevOp participants followed by cloud-focused partner and sales plays. Our integrated cloud suite, easy management and lower TCO value propositions are resonating at scale. We closed a record number of cloud customer wins in Q2, including multiple seven-figure cloud expansions with Fortune 500 customers, together in excess of $20 million in deal value. An iconic Fortune 50 retailer prioritized a full, not phased, Falcon Cloud Security purchase of $5 million in deal value, choosing CrowdStrike over a point product cloud security scanner and displacing their firewall vendor. Additionally, a major Fortune 500 manufacturer sought product superiority and a single-platform approach replacing Wiz with Falcon Cloud Security. Other cloud wins include [new wins] (ph), with financial, technology media and healthcare companies as well as public sector accounts. Finally, I want to highlight a cloud expansion with a Fortune 1000 retail brand facing increasing costs from their incumbent cloud security vendor and struggling with limited visibility over their cloud assets. This customer launched an initiative to unify their security stack and remove gaps between traditional endpoint, cloud runtime security and posture management. CrowdStrike is the only vendor that met these requirements and a unified platform and helped them drive down their overall operational costs. The cloud security market opportunity is massive and growing rapidly with the potential to reach $18 billion in calendar year 2026. Cloud exploitation by adversaries increased 95% year-over-year and the only way to stop threats at all time is with a fully-fledged agent and agentless cloud suite like Falcon. Only CrowdStrike delivers a fully integrated CNAPP solution that unifies cloud workload protection, cloud security posture management, cloud infrastructure entitlement management, threat intelligence and threat hunting in one platform across hybrid and multi-cloud environments. Our leadership in cloud security was recognized in Frost & Sullivan's recently published 2023 Frost Radar, Cloud Workload Protection Platform report based on our impressive CWPP business growth, our comprehensive cloud visibility and our unrivaled cloud detection and response services. Identity Protection also stands out with over $200 million in ending ARR, up 194% year-over-year. Identity-based attacks represented 62% of all interactive intrusions we observed in the last 12 months. CrowdStrike's Falcon Identity Protection delivers the best protection against identity attacks, recently winning the CRN Tech Innovator Award as the best solution on the market. The identity protection adoption rate for new customers grew more than 100% year-over-year and the total number of deals tied to identity increased 200%. Highlighting this in Q2 is a financial services firm that initially turned to CrowdStrike for incident response following a breach where an attacker used legitimate credentials to bypass the company's existing security products and remain undetected for a week. Following remediation by CrowdStrike incident responders, this customer consolidated on the Falcon platform, adopting Falcon Complete, Falcon Identity Complete and Falcon Cloud Security Complete, displacing and consolidating four vendors in the process, Microsoft, SentinelOne, Arctic Wolf and Sophos. Moving to LogScale. Net new ARR from LogScale Next-gen SIEM reached a new record as customers increasingly adopt a solution to sell multiple use cases. The number of customers using LogScale grew more than 3x year-over-year. LogScale ending ARR grew over 200% year-over-year and is quickly approaching the $100 million ARR milestone, which we expect to achieve in Q3. A Fortune 500 manufacturing company expanded on the Falcon platform with a nearly $4 million deal value LogScale purchase after becoming frustrated with their legacy SIEM vendor due to its increasingly prohibitive costs, complex licensing and poor forced on-prem to cloud migration experience. Given LogScale's unparalleled speed and flexibility and cost-effective licensing model, this customer is now leveraging the Falcon platform to transition away from legacy SIM, supercharging the speed of both their observability and security use cases. Falcon is a platform that brings the benefits of generative AI to life for every SOC, CISO, CXO and enterprise. We do it with proprietary threat data, and we do it with industry-leading AI expertise. Charlotte AI is the engine powering our portfolio of generative AI capabilities across the platform, utilizing CrowdStrike's high-fidelity data advantage. Charlotte AI helps Falcon users of all skill levels to do more in the platform by automating workflows, which fuels module adoption and reduces the mean time to detect and respond. The net benefit to customers from our pioneering use of AI in a single platform is faster results, better security outcomes and lower overall cost, ushering in a new era of machine speed security. We showcased Charlotte AI earlier this month at Black Hat where we're the only vendor of consequence to showcase a live, not PowerPoint, demo of generative AI in action. Public reception was fantastic, and we will release Charlotte AI pricing at Falcon. Moving to partners. 64% of new customers from large enterprises to SMBs were sourced from our partners in the quarter. Our industry-leading partner ecosystem is embracing the broader Falcon platform, building long-term differentiated businesses with CrowdStrike. CrowdStrike is AWS' largest cybersecurity go-to-market partner. And we recently won their ISV Partner of the Year Award, validating our cloud security category leadership, commitment to innovation and go-to-market success, particularly in cloud security. Finally, the initial momentum we are building through our partnership with Dell is exciting, delivering eight figures in deal value in just a few months. As we highlighted previously, our resell agreement with Dell hit the market in Q1 delivering in-quarter new deals in every major geography region. In the second quarter, we went live with attached device sales globally and rapidly achieved industry-leading device attach rates. Demand in our markets has remained resilient. And even as we continue to operate at a time of macro uncertainty and increased deal scrutiny, our win rates remain high. The momentum we are building with consolidation deals specifically tied to Cloud Security, Identity Protection, Next-gen SIEM and increased partner engagement is driving our pipeline to record levels. Additionally, Fal.Con, our annual customer conference, is our biggest selling event of the year, and this year, registration is already up 80% from last year. The Falcon ecosystem will be on full display with over 70 technology go-to-market partner sponsors in attendance. I would like to invite our investors and analysts to join us at Fal.Com. Similar to last year, in conjunction with the event, we will hold an investor briefing featuring conversations with customers and partners. This year's briefing will also include a financial discussion led by our CFO, Burt Podbere. Please note that customer sessions will not be available on the webcast, so please join us in person. And with that, I will turn the call over to Burt to discuss our financial results.

Operator:

[Operator Instructions] And our first question comes from the line of Saket Kalia with Barclays.

Burt Podbere:

Great to hear your voice, Saket.

George Kurtz:

Sure, Saket. Let me take the first part, and I will turn it over to Burt. So when we think about the back half of the year and our confidence, I think it starts with the product and the consolidation that we're seeing. Customer after customer looking to consolidate on the platform and the product portfolio has never been stronger, particularly in the areas that I talked about, Cloud, LogScale, Identity. We gave you some great numbers around that. Then you look to our partners, our industry-leading partners in our ecosystem. We continue to grow that. We've got tremendous focus on that internally with a new leader, Dell, Pax8. I mean I can go down the list of our partners and certainly AWS that I called out, all contributing to our momentum. And then the pipeline, a record pipeline as we see this. The partners and CrowdStrike are delivering a record pipeline because the products are there. So that's the way I look at it. Burt?

Operator:

Thank you. One moment please for our next question. Our next question comes from the line of Sterling Auty with MoffettNathanson.

George Kurtz:

Sure. I think you have to start with the ramp reps that we have. We did a lot of hiring last year. It takes a while to ramp rep. So we're going into the back half of the year with ramp capacity, which we're obviously excited about. And then a lot of it has to do with me being in the field and talking to customers and just what I'm hearing from them. I was recently on a call with a large Fortune 200 company. I was on with their CIO, their CTO and their CSO. And they said the reason we have all of these people together is because of the spend, which is eight figures, and two, we were so strategic. We're actually handling their observability and their security use cases. So when I look at that and I look at the product portfolio and where we are, it's just encouraging, combined with the sales ramp and the capacity we have as we go to the back half of the year.

Andrew Nowinski:

Great. Good afternoon and congrats on the quarter and I’d echo Saket's comments about profitability, that is really an amazing outlook. I wanted to just ask another question on the back half of the year guidance. The way you described everything, George, with products, consolidation, partners growing, record pipeline, ramped reps, I know the back half does look fairly aggressive, but you also have easy comps, too. So maybe why not -- what gives you caution about raising that guidance a little bit more coming off of a really good quarter and heading into with all those positive trends you have going for your business right now?

Operator:

Thank you. One moment please for our next question. And our next question comes from the line of Rob Owens with Piper Sandler.

George Kurtz:

Sure. So when you look at LogScale, its capabilities are obviously Next-gen SIEM, but also in observability, and we have many customers that use it just for that use case, and we have an opportunity to go back and sell them security. Things like managing and monitoring the Kubernetes clusters, the cloud environment, their infrastructure, I mean we have a customer who manages like the train schedules on it. So it can manage a large set of data, and it does it extremely efficiently. And what we're seeing right now is customers telling other customers about it. We have huge Fortune 25 referenceable customers in the space. And I think the success begets more success in that area. So that's why we're pretty excited about it. And you've seen the growth in that area and customers are looking for something that's better and faster and gives them an outcome that is more contemporary than what they're using today.

Keith Bachman:

Hi, many thanks for taking the question. I wanted to ask about the $500 million ARR run rate that you mentioned for LogScale and others. And, A, is that the same composition from the analyst event where you referenced it was $399 million in the January quarter. So it's up 25% in only two quarters, so pretty healthy growth there? B, any comments on how you anticipate that continuing to scale over the next couple of quarters to help realize that back half of your guidance? C, any update on the thoughts on M&A that might contribute to the growth of that emerging portfolio? Thanks very much?

George Kurtz:

Well, when we think about the current environment, I think everyone is seeing there is a shift in the competitive environment and companies that are moving around in terms of M&A activity. We think the back half of the year will be a great opportunity. We continue to evaluate many, many different candidates as we normally do. And we think the environment is getting better from an M&A perspective. And we're very diligent in how we buy things in the bar and how we look to integration because we focus on a seamless one platform approach, and we remain true to that. So back half of the year, we'll see how it goes, but certainly excited about that, and we continue to drive innovation internally and we'll look externally for good companies with good culture and good people.

Mike Walkley:

Great. Thank you. George, it's clear platform leaders are gaining wallet share as enterprises consolidate vendors. I just want to dig in a little bit more. It seems like there's even a big shift more favorable to CrowdStrike from your comments even a quarter ago, with SentinelOne and BlackBerry Cylance potentially up for sale, are you already generating strong share gain opportunities in the SMB market? Or can you just let us know how Falcon Go is trending versus your expectations?

Operator:

Thank you. One moment please for our next question. Our next question comes from the line of Gray Powell with BTIG.

George Kurtz:

Well, from buyers, what we've seen is their buying platform. They're not just buying one particular area. The way our technology works, it's single-agent architecture, a common data store and then modules and then we've been able to obviously monetize that across different areas. Protection is just one area. But when you look at cloud, you look at agentless, you look at some of the other offerings, LogScale and Identity, it's really about the platform sale, not an individual area and getting the right outcome, as I talked about in the earnings script, stopping breaches. I talked to a customer recently. They have 60 different products and controls. And we were the only one that actually detected activity in their environment and prevented a potential issue. So that's really been the focus for us. And I think when you look at even the legacy areas, it's almost, what, 50% of the market is still available from a legacy perspective, near 50%. So yeah, 48%. I think when you look at that, still a big opportunity in legacy displacements as well as the platform areas that we called out are just massive TAM opportunities. And as I mentioned in the script, they could each be an IPO-able business on a stand-alone basis as big as they are.

Brian Essex:

Yeah. Good afternoon. Thank you for taking the question. Maybe just for Burt. I wanted to understand how you're balancing spending both on a GAAP and non-GAAP perspective. It looks like operating expenses on a non-GAAP basis actually declined sequentially, but stock-based comps spiked up. Would love to know how the hiring environment is playing into that and how you think about managing that going forward? And any impact that might have toward achieving your cash flow targets? Thank you.

Operator:

Thank you. One moment please for our next question. Our next question comes from the line of Jonathan Ho with William Blair.

Burt Podbere:

Yeah, Jonathan, great to hear your voice. Yeah. We're really pleased with what we've seen with respect to customers adopting across the board, five, six, seven, eight modules. So for us, when you talk about the DBNR, remember, it's a noisy metric, and it can fluctuate quarter-to-quarter, and we've talked about that repeatedly. Some quarters have bigger [lands] (ph) and some have bigger expense. But I think at the end of the day, for us, what we're seeing is that we've got a lot of headroom in both new local opportunities. George talked about the available market from our legacy provider 48%, but we also have an ever-growing customer base. And as we continue to delight our customers, they're going to continue to buy more for us, and it goes along with the consolidation theme that we've been talking about here. So it really plays into our favor. The great news is that in addition to strong expansions, net new ARR contribution from new logos remains high, even higher than we were expecting so far for the year.

Gregg Moskowitz:

Okay. Thank you for taking the question. George, obviously, it's extremely early as it remains -- as it relates rather to the arc of generative AI. But you did mention in your prepared remarks that you plan to release Charlotte AI pricing at Fal.Con. Presumably, that means there will be some form of discrete monetization for Charlotte. We haven't really seen that though from other cybersecurity vendors as yet. So when it comes to your data and the application of your AI tech, maybe just help us understand kind of why you think you'll be able to not just deliver incremental value to your customers but monetize it as well? Thanks.

Operator:

Thank you. One moment please for our next question. And our next question comes from the line of Gabriela Borges with Goldman Sachs.

Burt Podbere:

Hey, Gabriela. So first, I think we talked about why we were giving guidance the way we did. We did talk about the 10% headwinds for the first half, we came in better than that. We talked about coming in flat to slightly up for the second half over last year. And I think at the end of the day, we're still in a tough macro. We believe all the things that George talked about, we're very adamant that we feel that we're going to be able to achieve those things. Having said that, you have to remember that still, as I said earlier on this call, deals are taking longer to close, there's more scrutiny on the P&Ls and so we have to overcome those things to be able to really overcome what -- anything that we would put out there. And for us, I think that we have a great opportunity to do so. And it's so long as we continue to stay the course, invest where we need to invest, take a prudent approach, I think we're going to be in good shape.

Operator:

Thank you. One moment please for our next question. Our next question comes from the line of Patrick Colville with Scotiabank.

Burt Podbere:

Yeah. So first, on the emerging products, we thought it would be better to give you full numbers on our businesses that are meaningful, that are taking flight. So we won't be going back to anything that we used to call emerging products. With respect to our target model for FY '25 and hitting those targets, the last one that we were talking about was certainly the operating margin. We said we were going to be between the 20% and 22% plus, and we actually hit that one. That was the last one of several that we gave out from subscription gross margin to F&M to G&A to R&D. We also gave out free cash. And for the year, we're still talking about that 30% to 32% plus.

Yi Fu Lee:

Congrats on the strong set of results. This is Yi in for Jonathan Ruykhaver. Just one question around CNAPP. Obviously, CrowdStrike is building CNAPP around endpoint. I was wondering if maybe, George, you could share any benefits of doing this versus other vendors that building it off, like, let's say, a Zero Trust Exchange? That is from us.

Operator:

Thank you. One moment please. Our next question comes from the line of Trevor Walsh with JMP Securities.

George Kurtz:

Well, the current state is the reality, which is that's what we're doing today. So we're taking all that rich telemetry from the CNAPP offering, agent, agentless and even the exposure management that all from an XDR perspective, is coming back into the Falcon platform and is available to any of the algorithms to identify and prevent any sort of malicious activity. It's also available from a compliance perspective to help customers manage their compliance and risk. It's available from an asset graph perspective, which gives customers an idea of what's actually in their environment. And then from a cloud detection response perspective, we actually have some of our managed services that are able to help cloud customers, which at this point, is sort of an epidemic of issues in cloud environments, the way the adversaries are operating. So we're really pioneering that space and putting it all together. And there is a reason why we're one of the largest cloud security by revenue vendors in the market today.

Peter Levine:

Great. Thanks, guys, for taking my questions. George, maybe just to piggyback off of that other AI question. Every vendor is telling us their AI is proprietary. The outcomes are proprietary to their data. So maybe explain to us like really where the competitive moat comes from? When we hear Microsoft talk about or at least push all their products, their customers going copilot, Palo, Zscaler are all talking about kind of the same outcomes. But maybe put a finer point on why you think what your moat is around Charlotte AI?

Operator:

Thank you. I'll now hand the call back over to CEO, George Kurtz for any closing remarks.

Operator:

Ladies and gentlemen, this concludes today's conference call. Thank you for participating, and you may now disconnect.

Operator:

Good day and thank you for standing by. Welcome to the CrowdStrike Fiscal First Quarter 2024 Results Conference Call. At this time, all participants are in a listen-only mode. After the speakers' presentation, there will be a question-and-answer session. [Operator Instructions] Please be advised that today’s conference is being recorded. I would now like to hand the conference over to your speaker today, Maria Riley, Vice-President of Investor Relations.

George Kurtz:

Thank you, Maria, and thank you all for joining us. Our continued execution despite a challenging macro-environment translated to strong growth and exceptional margins, which drove record non-GAAP profitability, record free cash flow, and GAAP profitability for the first time in company history. We exceeded our guidance across both top and bottom-line metrics, increased gross margin, cost discipline, and moderated headcount growth contributed to our strong bottom-line results. Reaching GAAP profitability so early in our life as a public company provides insight into the strength of the model we have built and what we can achieve over time. Burt will cover the financial results in more detail. I will focus my comments on why we believe CrowdStrike has a clear and sustainable advantage as three mega-trends continue to unfold, AI, consolidation and cloud. Let's start with AI. Since inception, CrowdStrike has been and will continue to be at the forefront of leveraging AI to drive better customer outcomes and efficiencies within our own business. In addition to industry-leading detection and rapid remediation for customers, utilizing AI has benefited our business by lowering costs and yielding higher margins. One example of AI benefiting our financial model is Falcon Complete. For years, our use of AI has enabled us to rapidly scale that business to a leadership position with an exceptional product margin that exceeds our overall company gross margin. The margin profile and scale we have achieved for our managed offering would not have been possible without our innovation in AI. While others are just now jumping on the AI bandwagon, we have transformed cyber security with an AI-powered cloud business from inception. Generative AI is transforming the world and security is no exception. Large language models or LLMs are only as good as the data on which they are trained and human-annotated content mix for the best training data driving better customer outcomes, relies on having a data advantage, and the context derived from that data. While we expect that LLMs will become commoditized over time, the data on which they are trained will not. CrowdStrike is uniquely positioned to benefit from this new technology. Our dataset spans petabytes and captures trillions of new events daily from our global fleet of sensors. Combined that with our over 10 years of attack data and threat graph that has been paired with high-quality human analysis from OverWatch, complete intelligence and incident response services and you get unrivaled telemetry. Simply put, we believe CrowdStrike has a sustainable data advantage, the most powerful and unique set of correlated human and machine-generated data across all of cyber. Our data advantage creates a unique competitive moat yielding better models, better automation and better outcomes. We see the rapidly growing adoption of generative AI as a democratizing force within cyber security from both an adversarial and protection standpoint. From an adversarial perspective, we expect that the adoption of LLMs will lower the barrier of entry for malicious actors to create sophisticated cyber-attacks. Generative AI is expected to make it even easier for less advanced attackers to crack nation-state-caliber campaigns. We believe this will catalyze even greater demand for modern cyber security technologies like Falcon. From a protection standpoint, we see generative AI as a democratizing force by dramatically lowering the learning curve for practitioners transforming even a novice analyst into a power user. With all this in mind, we introduce Charlotte AI, an exciting new generative AI security analyst utilizing CrowdStrike's high fidelity data advantage. We believe Charlotte AI will power a newly minted Tier-1 analyst to yield the results of an advanced Tier-3 analyst, the net benefit to the customer, faster results, better security outcomes, and lower overall costs. Charlotte AI represents CrowdStrike's latest innovation in helping security teams worldwide contend with the cyber security skills gap, respond to threats faster and reduce operational cost. Charlotte AI will uniquely benefit from a continuous human feedback loop with our OverWatch, Falcon Complete, and Intel teams. This continuous feedback loop on human-validated content is critical. And because of this, no other vendor in cyber will be able to match CrowdStrike's approach to generative AI. Demonstrating our commitment to lead and protect the industry through this next wave of innovation, we teamed up with AWS to develop powerful new generative AI applications that help customers accelerate their cloud, security, and AI journey. Through this initiative, CrowdStrike and AWS will bring together their solutions and teams to keep customers safe across a range of AI services, while meeting stringent security requirements. CrowdStrike already has a leadership position in helping protect AI innovators. A perfect example of this is a recent expansion with a B2B generative AI research and development company. This customer leverages significant public-cloud resources to support their solutions, also aware of the dangers others have faced from adversaries compromising client environments. This customer expanded to Falcon Cloud Security Complete to support this small team with fully managed coverage, provide both cloud runtime protection and partial monitoring across their multi-cloud environment, and scale seamlessly with their growth, all without having to deploy multiple products or hire more people. Another mega-trend continuing to unfold in cyber security is consolidation. The macro backdrop has only accelerated the need for customers to reduce vendor sprawl, reduce agents, reduce costs, and protect their businesses with a best of SaaS platform. On average, enterprise customers can realize over 200% ROI with Falcon. With ROI results like this, it's no surprise companies turn to CrowdStrike to protect, power and drive efficiencies for their businesses. In Q1, net-new ARR from our million-dollar plus customers grew year-over-year even as these larger more complex deals can have longer sales cycles. We delivered $174.2 million in net-new ARR for the quarter, which exceeded our stated assumptions. Our momentum with large customers, record Q2 pipeline, and success tracking deals to close, gives us confidence in the back half of the year. In Q1, we closed over 50% more deals involving eight or more modules, compared to a year ago. We believe this speaks to increasing customer demand for consolidation using the Falcon platform. When we look at our pipeline for the remainder of the year, we expect this trend to continue, giving us confidence in our ability to deliver net-new ARR growth in the back half of the year. Over the past few months, I have personally met with many of our customers, prospects, and partners. These conversations all centered on the same topic, customers want to consolidate their security stack that Falcon and drive greater cost efficiencies while unlocking new capabilities. Let me share a few recent customer wins highlighting [indiscernible] companies you've CrowdStrike to consolidate while improving your cyber security outcomes. First, our wins with two new Fortune 100 customers. These organizations are consolidating on Falcon, a single modern XDR platform unifying their process security across their different business units. Each of these new CrowdStrike customers purchased multiple modules with one adopting nine modules displacing legacy and next-gen vendors in their environment and standardizing on CrowdStrike. One of my favorite customer win this quarter was with a regional healthcare customer brought to us by our partner, Dell. This organization was frustrated by the volume of false positives generated by their legacy security product which hampered their security teams' efficiency and have secured critical incidents. Recognizing the increased value they could gain by modernizing their security stack and consolidating on CrowdStrike, this customer adopted eight Falcon modules, including Falcon Complete, Identity Threat Protection, and LogScale in a seven-figure total value deal. In addition, our managed services teams have catapulted CrowdStrike to a leader position in the Forrester Wave for managed detection and response and the number-one market share position for the second consecutive year in Gartner's NVR for managed security service report. CrowdStrike's MDR leadership extends beyond our Managed Services and into our MDR partner ecosystem, of the top 25 MDR vendors by market share defined by Gartner, 88% have built their MDR services on top of the Falcon platform, showcases Falcon as their modern MDR platform of choice. We are proud that the Falcon platform powers so many different partners, enabling them to build their businesses on top of CrowdStrike. Our industry-leading partner ecosystem continues to expand rapidly contributing meaningfully to our growth. CrowdStrike recently entered into a strategic partnership with Pax8, the leading MSP cloud marketplace with over 30,000 MSP partners across North America, EMEA, and APJ that serve the SMB market. This partnership provides CrowdStrike a born-in-the-cloud route to market for MSP consumption and a prime opportunity to displace the legacy AV and NextGen product vendors Pax8 partners use today. MSPs are increasingly turning to the Pax8 marketplace for ease of product purchase, rapid software deployment, and fully-integrated billing to run their businesses, including cyber security. Pax8's MSP partner base will now be able to protect their end customers with the same cutting-edge XDR technology selected by the world's leading and largest enterprises. Our momentum in the public sector continues to expand. Public sector wins in the quarter included a Falcon Complete win at a top 20 US government contractor and a win with a major US federal agency. Today, we announced CrowdStrike was granted an Impact Level 5 or IL5 Provisional Authorization from the Department of Defense. IL5 certification positions us well to extend our reach into the massive defense, IT and cyber security market. The competitive environment has not changed since our deep dive in April, where we disclosed that eight out of 10 times when an enterprise customer tests, they choose CrowdStrike over Microsoft and our win rates across all competitors remained strong in the quarter. Organizations today, more than ever before, need security partners with deep expertise that can stop breaches, while driving efficiencies in their security programs. However, from Microsoft, companies experience added complexity, less coverage and higher costs. While enterprise customer with over 50,000 employees told us the upgrade cost of moving from Microsoft E3 to E5 would be at least $2.3 million more than their CrowdStrike subscription and that's just for the upgrade. With Microsoft's excessive annual cost increases, this will go to $4.7 million by year five, excluding the additional costs required to support [indiscernible] solution or increase staff to manage the extra complexity. When customers map it all out, they quickly realize that using Microsoft E5 for security is more expensive, requires more headcount, and increases their cyber risk. The cloud is the third megatrend representing a long and sustainable tailwind for our business. The cloud is rapidly emerging as the new adversary battleground. We have observed a 95% year-over-year increase in cloud service exploitation and a 288% increase in threat actors that know how to operate in cloud environments. Securing cloud assets is paramount today and will continue to grow in importance. As a leader of protecting some of the largest and most critical cloud companies, we have seen strong net-new ARR growth for module deployed in public clouds. Our Falcon cloud security offering unifies our agent and agentless cloud-native security capabilities into a single offering that's easy to deploy from build to run-time across all major cloud environments and it's driving incredible customer momentum as customers consolidate their cloud security replacing multiple cloud point products with Falcon. Tying this all together, the rapidly evolving and expanding threat environment demonstrates why it is so critical to have your endpoint, cloud identity, and data protection on one unified, modern XDR platform, Falcon. We've covered a lot today and you can see that our relentless innovation continues to widen the gap between CrowdStrike and the competition. In closing, I will reiterate a few key points. First, CrowdStrike has a clear data advantage built over the past 12 years by combining our unmatched AI and human-threat intelligence expertise. For customers, CrowdStrike's advantage meets better, faster, and more cost-effective cyber security. For our business, CrowdStrike AI excellence shines through our differentiated business model efficiencies. Second, we ushered cyber security into a new era with the introduction of Charlotte AI. Third, companies must consolidate their security stack to reduce complexity, reduce agents, and reduce costs without sacrificing coverage or security. They need to protect their cloud environments from built to runtime with a single unified platform. To achieve this, customers choose CrowdStrike. And fourth, we believe that in addition to building a winning platform, we built a robust business model capable of generating rapid growth at scale, earnings and durable free cash flow. With that, I will turn the call over to Burt to discuss our financial results.

Operator:

Thank you. [Operator Instructions] Our first question comes from Saket Kalia with Barclays. You may proceed.

George Kurtz:

Thanks, Saket.

George Kurtz:

Well, I feel good about that opportunity. And if you look at our current market leadership and -- market-leading leadership at 17.8% for modern endpoint security. It's still a very fragmented market and we continue to take share from the legacy players that are in the market. Again, when you look at different geographies, obviously, we've got heavier penetration in North America, but there's many geographies in the rest of the world that still have to be penetrated deeper, particularly in converting those legacy players. So I feel really good about it. It's a fragmented market. If you just look at the numbers and the ongoing conversion of legacy technologies into next-gen players like CrowdStrike will continue for the foreseeable future.

Sterling Auty:

Yes, thanks. Hi, guys. I wonder if you could give us a sense of what kind of impact you saw in the business from the disruption from the banking crisis in March, both on kind of ARR linearity, and maybe even billings in the quarter.

Operator:

Thank you. Our next question comes from Joel Fishbein with Truist Securities. You may proceed.

George Kurtz:

Well, we continue to see and we have seen for some period of time adversarial AI. So the use of AI, specifically by the adversary to try to deceive security systems. So that's been going on for some time. I think what we're seeing now with generative AI and LLMs is the fact that it becomes very easy for even a novice adversary to be able to have the same capabilities as a nation-state to create new exploits, new vulnerabilities to be able to deliver phished emails, et cetera. So that will be an ongoing effort. And again, we're really excited about Charlotte AI, which we announced this week. I think it's an absolute game changer for us and the company and what we're able to do to really compress the workloads for analysts and provide a lot of the intelligence that we have and our analysts have right through the Falcon platform. So we'll continue to monitor that, but that's been an ongoing activity that we've seen for some time.

George Kurtz:

Well, there is a lot of noise and when you look at XDR and what we've talked about with our use of AI in terms of really driving additional leverage in the business, it does help to automate a lot of what we do and we can now provide that level of automation in a complete offering, because XDR is still -- as an industry it is still an immature technology. I think wrapping it with a complete service really allows customers to have peace of mind, they can allow us to take in that third-party data, leverage the models that we've already built to get better outcomes, faster response, and drive down their overall operational costs.

Hamza Fodderwala:

Hey guys, good evening, and thank you for taking my question. George, I have a question for you as well. So I'm curious how you're thinking about monetizing some of the new AI services that you've released? I mean, is this something that going to drive more sort of top-of-the-funnel conversion? Do you think it's going to drive more demand for LogScale? Is there like explicit SKUs that you're offering? Just curious how you're thinking about that. I know it's pretty early days.

Operator:

Thank you. Our next question comes from Matt Hedberg with RBC. You may proceed.

Burt Podbere:

Yes. Hey, great question. So first, let's talk a little bit about the second half, obviously, the easier comps in the back half, right? So that's number one. And then, what really gives us confidence going into the second half is three things. One is pipeline. We see momentum and deal activity rapidly building for the second half. It really started in the middle of Q1 and we saw that momentum to be able to build the pipe from the second half. So that is number one. Number two, products, we were excited about LogScale, George talked about it a lot, we've given some examples. So we think that there is a great opportunity with LogScale, we're also seeing momentum in cloud. I think that's something that we're really excited about and AR power XDR now with Charlotte and George has already talked about that. And then third, our partnerships. Whether it's Dell or Pax8 or others that are coming online, we think that can be something that will move the needle for us in the second half. So the key here is cyber security remains mission critical. And I think customers want to consolidate and drive down TCO, more than ever and Falcon is designed to do exactly that. So I think that when you look at the overall module adoption and we talk about -- we closed over 50% more deals involving eight or more modules this quarter compared to a year ago, that gives -- that speaks to the power of our platform. And so all those things give us confidence about what we talked about in -- for the second half and stated assumptions remain same.

Andrew Nowinski:

Great, thank you. Thanks for taking the question, so I was wondering if you could just expand on your partnerships with Dell that you talked about last quarter, just wondering how much it contributed into the quarter, whether you have enough visibility from that partnership yet to factor that into your new guide -- your new revenue guidance for the year and if that's actually driving any traction at SMB sector? Thanks.

Operator:

Thank you. Our next question comes from Tal Liani with Bank of America. You may proceed.

George Kurtz:

Sure, I'll start out and then Burt can add anything if he needs to. So Falcon Go has been a success for us. We continued to target the SMB market. I think I called out in one of the prior earnings calls, how we organized ourselves internally. We've got a specific focus and a leader on that. We've seen a lot of success there and we'll also -- I need to call out the pairing to our success in the MSP market and partnership like Pax8 which really allows us to get those lower-cost offerings out to customers through managed service providers. So, it's a big market for us in SMB, it's a very highly fragmented market. You have some players there, but we've been successful because customers are looking for outcomes. You talked about Microsoft. Customers routinely come to us after they get hit with ransomware, after they have an issue and looking for next gen solution, it doesn't depend on signatures. So we see success there, we've got to ramp our channels up. We're working with Dell and others and managed service providers. But I feel really good about that opportunity and that will continue to grow over time.

Operator:

Thank you. Our next question comes from Shaul Eyal with TD Cowen. You may proceed.

George Kurtz:

Sure. I think I'll start with consolidation and I'll reference back to what I spoke about in the prepared remarks. Every customer that we spoke to and I spoke to many, many customers at RSA. And even throughout the quarter, it was really about consolidation. I think we've done a good job of showing a very cost-compelling model for them where they're actually paying less than [indiscernible] for the security pieces particularly CrowdStrike and they are getting better outcomes. So there are many customers that have said, we want to consolidate on CrowdStrike. We want to buy more. Obviously, these take -- these sort of bigger deals take time. They have more deal scrutiny those sort of things, but that's what we're seeing and that's I think reflected in what we saw this quarter and certainly what we've seen growing in the pipeline as customers want to do more with CrowdStrike.

John DiFucci:

Thank you. My questions for George. So this is the first quarter ever that new ARR declined for you guys whereas most other's decline started quarters ago, like several quarters ago. Tal asked about competition in the SMB market, but what about demand, we started to hear some weakness in the SMB in the mid-market and we realize that that's largely a greenfield for you. So it might be harder for you to tell, but are you seeing any changes in that market demand this quarter versus previously?

Operator:

Thank you. Our next question comes from Brian Essex with JP Morgan. You may proceed.

George Kurtz:

Thanks, Brian. Great question. So one, overall, we've had a very methodical approach in how we look at the various aspects of the model. So first, we focused on gross margin. And you can see the progress that we've made there. Second piece was focusing on non-GAAP profitability and free cash flow, free cash flow, as you know, which is 30%. And that is something that's ongoing. Third evolution is GAAP profit which we will continue to focus on and drive towards achieving sustainability. Of course, SBC is the biggest piece of that. We continued to manage SBC and we are going to be mindful balanced with retaining the best and the brightest talent that's paramount for us. We also look to dilution. Our dilution, we feel is in a good place, less than 2% this year, strive to keep it under 3% in the year that are coming. So overall, we are very pleased with hitting the GAAP profitability and believe it demonstrates the power of model and that we are disciplined in our growth and we are disciplined in how we see the market today. Everything we do is by the time, it's not a fluke. We think about it. In terms of where we can extend and how we can extend, but for us with the SBC, we really focus on making sure we are able to get the best talent and retain the best talent and attract the best talent. That's how we really think about it. And for us, we're going to look forward to when we reach sustainability, but we have other things we're going after right now including that retention and attraction.

Jonathan Ho:

Hi there, good afternoon. I just wanted to maybe ask a little bit about sort of the success that you've seen with these additional add-on modules. Can you help us understand maybe where that success is coming from, whether it's some of your newer products in areas like cloud or EASM? Or is this an instead of multi-product sales from your more existing endpoint capabilities? Thank you.

Operator:

Thank you. Our next question comes from Gregg Moskowitz with Mizuho. You may proceed.

Burt Podbere:

Hi, Greg. I'll take the first part of that question. So as you know, we called out that we expect to see in the long-term, the shift from multi-year deals to one-year deals. I think that's traditional in software. But we do not see a material shift in the trend this quarter when compared to the last quarter. So just be very, very clear on that point. Deal durations are getting shorter, but are expected and it remains within the parameters of how we've modeled out our overall business.

Operator:

Thank you. Our next question comes from Alex Henderson with Needham. You may proceed.

Burt Podbere:

Thanks, Alex. Few things to unpack there, so let's start with in terms of larger deals, again we closed over 50% more deals involving more modules this quarter, compared to a year ago. I think this really speaks to the fact that customers really want to do the consolidation play, they want to continue to leverage Falcon platform as a means to get the right outcomes at the right price. In terms of the overall environment, so first big picture in the macro, we don't see the macro improving now and for the rest of the year. So with that as a backdrop, when we think about deal durations, yeah, sure we think deal durations are going to be shorter. I think people are going to -- in terms of their size, they are going to be longer to be able to consummate. And that goes to the additional scrutiny that we're continuing to see from companies looking to do bigger deals takes more time. And so, when we think about that all perspective, we know that there's going to be deals that are going to be more difficult to close within a particular quarter. And so, we've modeled that in. I think that overall with respect to some of the other metrics that you had mentioned, I think that for one, I think that for our net-new ARR, we are going to maintain the assumptions that we stated previously. I think that's the right thing to do. With that, I'll pass it over to George to talk about that.

Operator:

Thank you. Our next question comes from Ittai Kidron with Oppenheimer. You may proceed.

Burt Podbere:

Well. For us, we're really pleased with where we're going with our margins, across the gross margin, you saw the progress that we've made there. We've talked about the continued developments for optimization, in our -- certainly in our data centers, as well as our cloud workloads. And then the progress that we're making in AI, we built into everything we do and we've been doing it for 10 years. We do anticipate to continue to see those improvements. And just out of memory -- just as to remind you Ittai, we've been doing AI from the beginning, just as we did cloud from beginning, it was -- those two were hand-in-hand and the good news there is we've got, as George had mentioned, over 10 years, all of that AI and the training on the AI and that's a massive head-start over any one of our other competitors.

Patrick Colville:

Hey, thank you so much for squeezing me in. In the prepared remarks, you mentioned that in the quarter, you saw increased deal scrutiny and longer sales cycles. Can't you just double-click on that comment? I mean was that increased deal scrutiny and longer sales cycles, was that like late in the quarter in the kind of in March-April? Or is that towards the beginning? And I guess, any more color or clarity you gave on those comments would be fascinating. Thank you.

Operator:

Thank you. Our next question comes from Jonathan Ruykhaver with Cantor Fitzgerald. You may proceed.

Burt Podbere:

Well, specifically around LogScale, you see a massive increase in terms of our compression algorithms and our ability to store data and I think one of the areas where you look at LogScale and just a simple view of it is better, faster, cheaper and that's what we've seen, we've had some big customers that are using that really as their, call it, their data like if you will. They can store lots of data on-prem or many of them in the cloud for a very cost-efficient -- in a very cost efficient manner and they still get the performance. So I think the architecture, which is a modern architecture around LogScale really does give us an advantage there. And that's been borne out by customers in their own testing.

Catharine Trebnick:

Hi, thank you for the question. Last -- at the last Analyst Day or the one before you talked about your coalition partnership, and can you talk to cyber insurance as a -- is that still a tailwind -- this tailwind -- biggest tailwind than that was last year? Is that dissipated? Thank you.

Operator:

Thank you. And this concludes the Q&A session. I'd now like to turn the call back over to George Kurtz for any closing remarks.

Operator:

Thank you. This concludes today's conference call. Thank you for participating. You may now disconnect.

Operator:

Thank you for standing by, and welcome to CrowdStrike Holdings Fourth Quarter and Fiscal Year 2023 Financial Results Conference Call. At this time, all participants are in a listen-only mode. After the speaker presentation, there will be a question-and-answer session. [Operator Instructions] I would now like to hand the call over to Maria Riley, Investor Relations. Please go ahead.

George Kurtz:

Thank you, Maria, and thank you all for joining us. CrowdStrike delivered a record fourth quarter that exceeded our expectations across the board. I will focus my comments today on a few key points. First, CrowdStrike is executing exceptionally well in a challenging macro environment. We believe this is best showcased by the fourth quarter’s record net new ARR of $222 million, record net new customers of 1,873, strong retention rates, record operating income, record free cash flow of $209 million and a rule of 81 on a free cash flow basis. Second, the dual mandate of high efficacy and low total cost of ownership faced the CrowdStrike strength as a leading consolidator. CrowdStrike’s growing market share showcases the Falcon platform’s advanced AI and technology leadership that drives better security outcomes, automation and lower TCO for customers. And third, our conviction in CrowdStrike’s expansive opportunity continues to grow. We see a massive opportunity to leverage our AI-driven collect data once, reuse many times platform to expand share across our markets. As Burt will discuss, we are continuing our thoughtful and balanced approach to investing to drive both, top line and bottom line growth. We remain steadfast in our vision to grow ending ARR to $5 billion by the end of fiscal year 2026 and to reach our target operating model sometime within fiscal year 2025. The key to our success in the fourth quarter was execution and strong market demand for the Falcon platform. We converted our pipeline into wins and built a record Q1 pipeline even as sales cycles elongated as we saw late in Q3, and we did not see the typical budget flush as organizations continue to work through macro concerns. Our competitive win rate remained high and ASPs remain consistent, and we ended the year with a best-in-class gross retention rate and a strong net retention rate. We believe our strong fourth quarter performance and record Q1 pipeline demonstrates the mission-critical nature of cybersecurity for modern businesses, the resiliency of our market and CrowdStrike’s growing leadership as the cybersecurity platform of record. I’d like to thank each and every CrowdStriker for their dedication and hard work in making the fourth quarter our best quarter to date. As a team, we should be proud of the amazing accomplishments we have achieved and excited about the opportunities ahead of us. We’ll take a moment to highlight several year-over-year milestones that CrowdStrike team delivered in FY23 that I’m most excited about. Ending ARR grew 48% to reach $2.56 billion. Net new ARR grew 22% to reach $828 million, setting a new record. Our emerging product category contributed $182 million to net new ARR, which was 22% of all net new ARR and a 97% increase. Emerging products ended ARR growing 116% to $339 million, surpassing CrowdStrike’s total ARR at the time of IPO in 2019. This included a standout year for our Identity Protection modules, which contributed over $100 million in ending ARR and over 1,000 net new identity customers. Additionally, LogScale posted over 200% ending ARR growth. From a public cloud deployment view, ending ARR surpassed the $200 million milestone to reach $224 million. And we added a record 6,694 net new customers for the fiscal year to bring us to 23,019 subscription customers, a 41% increase. CrowdStrike now serves 556 of the Global 2000, 271 of the Fortune 500 and 15 of the top 20 U.S. banks. On the bottom line, FY23 operating and net income growth well outpaced revenue growth, showcasing the leverage in our model. Non-GAAP operating income grew 81% year-over-year to reach a record $356 million. Non-GAAP diluted EPS grew 130% to reach a record $1.54. Free cash flow grew 53% to reach a record $677 million, and we achieved at least 30% free cash flow margin for the third consecutive year. Our market leadership continues to grow as customers are voting for their platform of choice with their wallets. CrowdStrike ranked first in IDC’s annual Worldwide Modern Endpoint Security Market Share report for the third consecutive year with 17.7% market share, outpacing all vendors by posting the largest increase in revenue and market share. The efficacy of the Falcon platform continues to be widely tested and recognized for delivering superior outcomes regardless of whether you are looking at MITRE, TrustRadius, G2, Frost & Sullivan, Forrester Wave, SE Labs, Gartner Peer Insights or Gartner Magic Quadrant, Falcon’s superior technology has been awarded a lead or a number one position. This was most recently highlighted by winning the 2023 SE Labs award for Best EDR and Best Product Development. This is the third consecutive time that CrowdStrike has won in the best EDR category, further reinforcing our innovation in endpoint security and putting us in the pole position to help customers enter the XDR era. Additionally, CrowdStrike was once again positioned as a leader furthest to the right for completeness of vision in Gartner’s Magic Quadrant for endpoint protection platforms for the third consecutive year. We believe this recognition highlights our long-standing track record of disruptive innovation, including our use of AI and indicators of attack to stop cyber adversaries in real time. While the use of AI has become a new topic of the day, it is not new to CrowdStrike. We were a pioneer in applying AI and cybersecurity. The Falcon platform was designed from the ground up to effectively process and correlate the massive volume of data required for effective AI and leverage it across our entire platform. From prevention through to detection and response, this enables Falcon to spot fainter signal and identify activity earlier in the kill chain. We have become experts in leveraging data science to deliver best-of-breed attack discovery and prevention for our more than 23,000 customers. This drives immense leverage across the platform and better, more efficient outcomes for our customers. There is a clear mandate from customers

Operator:

[Operator Instructions] Our first question comes from the line of Saket Kalia of Barclays.

George Kurtz:

Hey, Saket. Thanks.

George Kurtz:

Sure. Thanks, Saket. Our ASPs remain consistent. Certainly, you’ve seen what we’ve been able to do in the SMB market. And I think we’ve been very focused on that where we have run some promotions, which is where we designed the promotions to be run. But I think when you look at the competitive positioning, just as an example, in IDC’s modern endpoint security market share, as I pointed out, were 17.7%. And we gained 3.8 percentage points, which is more share gain than any other vendor, including outpacing Microsoft. And what customers are really telling us is that Microsoft’s good enough, security is not good enough. And we’ve been winning because of our coverage across multiple operating systems, the complexity of Microsoft, 6 consoles. In fact, just today alone, they had 6 signature updates. And in January, as I call them the 3 Cs, the last one is catastrophe, during our incident response engagements, the majority of the systems that are breached are using Defender. So, when you wrap all that together, we feel good about our competitive positioning. And again, from a pricing perspective, ASPs have remained consistent.

Sterling Auty:

So my question actually is on, George, what you touched on with SMB. I’m wondering if you can kind of go a layer deeper in terms of what you’re doing to drive the business there because that’s one area that we’ve seen some sluggishness out of vendors. What are you doing to drive the velocity in that business? And how much durability do you think that gives you?

Operator:

Thank you. Our next question comes from the line Joel Fishbein of Truist.

Burt Podbere:

Hi Joel. Yes, we were really pleased with being able to sell an 8-figure deal into an existing client. I think in general, we were really happy with the overall mix of our $1 million-plus deals as well as our SMB. So overall, just a really well-balanced quarter, and we’re really happy with that result.

Matt Hedberg:

George, a lot of great year-end metrics. I think the emerging product growth is particularly exciting. And identity really sticks out to us from what you said and what we’ve been hearing. Fast forward a year from now, which emerging product do you think we’ll look back at having the biggest incremental impact on fiscal ‘24 and why?

Operator:

Our next question comes from the line of Rob Owens of Piper Sandler.

George Kurtz:

Sure. When we think about how a customer can come into the CrowdStrike family, it’s certainly -- the traditional way has been on the endpoint, your core modules of AV, EDR, things of that nature. But when you look at something like surface, it’s so easy to get up and running. Just you can get a trial, you can use it, you don’t have to install anything. And we see customers coming in, in various ways. I think LogScale is another good example. Someone might have a need for a collection of data at scale and looking at the cost and expense of the current SIM and looking at this and saying, "Hey, can we give something that’s faster, better, cheaper," and they might enter that way. And then even when you think about our cloud offering, we have plenty of customers that actually come to us in the cloud first before they actually deploy us on their internal network. So, I think we’ve got enough modules and coverage and breadth in the environment, in the marketplace that customers can get to us in various ways, depending on what their needs are.

Andrew Nowinski:

Okay, great. Thank you. Great quarter and nice recovery from last quarter, despite not seeing a real change in the macro. I just had a question on the Dell partnership. So, I thought that was really interesting. And I know you said it will help you reach SMB customers all the way up to large enterprise. But, can you give us any more color around maybe how that partnership will work? And any sort of framework for how you’re thinking about it as it relates to your fiscal ‘24 guidance?

Burt Podbere:

Sure. Thanks, George. Look, the partnership is just getting started. So, we have not factored that into our guidance. As with any new alliance, it does take time to ramp, but we are excited to be reengaged with Dell.

Tal Liani:

Did you say Tal Liani?

Tal Liani:

Okay. Sorry. I didn’t hear my name. I have a few questions. So, you beat on revenues, great numbers, but gross margin was down and EBIT is kind of not above -- not much above expectations. So, is the pricing environment deteriorating? Did you have to give price concessions in order to grow faster, or is it the impact of Microsoft? Just anything about pricing and the difference between the beat on revenues and margins? Maybe, I’ll start with that.

Operator:

Our next question comes from the line of Hamza Fodderwala of Morgan Stanley.

George Kurtz:

Sure. Thanks. And when we think about AI, we really are one of the pioneers in AI from a security perspective. We started the Company leveraging big data AI to be able to identify threats that have never been seen before and prevent against those. We continue to build out our AI capabilities across all of our different modules with the massive data and telemetry that we collect every week. It’s mind-boggling. We can use that to continually train and learn. And our AI continues to get smarter as we put more data into the system. So, when we think about stopping breaches, the tip of the spear really is the endpoint, the workloads. That’s where the adversaries are targeting, and that’s where they’re focused on stealing data and encrypting it and breaking in and doing damage. And I think when you look at our technology lead in this area, we’ve proven our efficacy through various testing outlets. We continue to get incredible scores. And at the end of the day, it’s really about the brand promise of stopping breaches. And AI is a massive part of what we’re able to do to implement how we stop those breaches, and it does represent a competitive advantage and moat for us.

Brian Essex:

I guess, Burt, for you, would like to dig in a little bit in terms of the levers that you see for margin expansion. I appreciate the commentary that you had on accelerated hires in 2022, and it sounded like some moderation in 2023, but you’ve already hit free cash flow margins of about 30% on operating margins of about 15%. As we kind of model out and fine tune our models over the next few years, how should we think about the levers that you have for better operating profitability and cash flow? What should the spread between the two be? And how should we think of -- obviously, you’ve consistently been conservative. But just want to understand how you’re thinking about the spend versus growth and prioritization given the success that we’ve seen so far with the margin expansion? Thank you.

Operator:

Our next question comes from the line of Gabriela Borges of Goldman Sachs.

Burt Podbere:

Hi Gabriela, it’s great to hear your voice. So first, deals did take longer to close this quarter. We did see that and we do anticipate to see those headwinds continue throughout next year. And for us, as we think about next year, our thoughts are consistent with what we said last quarter. I’ll turn it over to George.

Operator:

Our next question comes from the line of Brian Colley of Stephens.

George Kurtz:

Yes, sure. So, we haven’t given that level of information now specific to XDR. So I can’t comment on that. But when we think about XDR, I think as an industry, it’s still in the early innings. We’re of course, one of the pioneers of EDR. We’ve extended that out into XDR with the integrations. I think we’ve got some incredible partners that we’re flowing data into the CrowdStrike platform and being able to make advanced decisions on whether something is good or bad across multiple platforms including CrowdStrike and it’s been well received so far, but still in the early innings.

Operator:

Thank you. Our next question comes from the line of Ittai Kidron of Oppenheimer.

Burt Podbere:

So look, we’re really excited about our SMB space. George talked about Daniel Bernard coming on board. We think we’ve got great products for them to come in and to expand. It’s not just limited to our enterprise, although certainly the MBR [ph] is going to be driven by our enterprise customers. For dollar based and retention, as I think about next year, I think we’re going to see slightly more net new ARR coming from expansion deals than net new ARR coming from new logos. I think that we’ve got this incredible base of 23,000 subscription customers today, and we can certainly continue to add more modules to their security stack and continue to delight them. So, that’s how we think about the splits.

Patrick Colville:

Hey. This is Patrick Colville from Scotiabank. My question is about net cash. You guys have about $2 billion of net cash on the balance sheet. We saw CRM, we saw Workday and just last week, Snowflake announced buyback programs. Do you think that’s something that you guys might consider on a go-forward basis to limit dilution in calendar 2023 and beyond?

Operator:

Our next question comes from the line of John DiFucci of Guggenheim.

George Kurtz:

Sure. So, let’s think about this on a worldwide basis. The mid-market customer in the U.S. is much different than a mid-market customer in APAC, as an example, right? So the sizing is quite different. But when you think about sort of non-enterprise customers, they still have all the same problems. These are billion-dollar companies that have one IT person -- two IT people, half a security person. And we think that’s a perfect opportunity for Falcon Complete, where we can sell them multiple modules. We’ve added now identity into Falcon Complete, end-to-end, we can service that account and basically take a lot of the burden away. In a challenging macro environment they’re getting more headcount, but they still have a great risk from a security perspective, so. And that’s the mid-market all the way down to SMB. We have very small companies that are Flacon Complete customers. So, if they can’t quite digest everything that we have, that’s okay. What they’re buying is an outcome, and our outcome is stopping the breaches, reducing complexity and lowering their overall cost. And that is resonating with customers as we consolidate in this challenging macro environment.

George Kurtz:

Great. I want to thank all of you today for your time. We certainly appreciate your interest and look forward to seeing you at our upcoming investor webinar. Thanks so much. And we’ll see you soon.

Operator:

Hello, and thank you for standing by. Welcome to CrowdStrike's Fiscal Third Quarter 2023 Results Conference Call. At this time, all participants are in a listen-only mode. After the speaker presentation, there will be a question-and-answer session. [Operator Instructions] It is now my pleasure to introduce Vice President of Investor Relations, Maria Riley.

George Kurtz:

Thank you, Maria, and thank you all for joining us. Let me start with a summary of our results. In Q3, we delivered 53% revenue growth year-over-year, 15% non-GAAP operating margin and record non-GAAP net income, all of which were ahead of our guidance. Additionally, we achieved record free cash flow of $174 million, or approximately 30% of revenue. There are many positive trends we see in our business, including strong competitive win rates, consistent ASPs, exceptional retention rates and the mission-critical nature of cybersecurity. However, I would first like to address the increased macroeconomic headwinds we saw in the quarter, which caused Q3 net new ARR to come in below our expectations. As we discussed on our last earnings call, organizations were starting to respond to macroeconomic conditions by adding extra layers of required approvals and extending the time it took to close some deals. As Q3 progressed and fears of a recession grew, this dynamic became more pronounced. In our smaller, more transactional non-enterprise accounts, we saw customers increasingly delay purchasing decisions with average days to close lengthening by approximately 11% and net new ARR contribution decreasing $15 million from Q2. This also impacted our net new logo additions in the quarter, even though our quarter-over-quarter POV win rates increased meaningfully over more complex vendors that require more headcount to manage. While sales cycles lengthen, we believe the vast majority of these deals are not lost, just delayed. In the enterprise, sales cycles or average days to close remain consistent with last quarter's modestly higher level. In Q3, these larger customers continue to prioritize their CrowdStrike investments, but some also had to manage timing issues related to OpEx budgets and cash flow amidst the rapidly evolving macro. To achieve this, some customers signed contracts that have multi-phase subscription start dates, which pushes their expense and CrowdStrike's ARR recognition into future quarters. While every quarter, we have some deals with multiphase subscription start dates, in comparison to last quarter, in Q3, we saw approximately $10 million more ARR deferred into future quarters. We expect these macro headwinds to persist through Q4. Additionally, given the increased scrutiny on budgets, we're not going to expect a typical Q4 budget flush, leading us to adjust our Q4 net new ARR expectations, as Burt will discuss in more detail. But this caution does not deter our confidence in the long-term market position of CrowdStrike or the resiliency of the cybersecurity market. We see strong inherent demand for our products, and we entered Q4 with a record pipeline. Pipeline expansion is even more important in times of an evolving macro and elongated sales cycles. We are working to stay out in front of pipeline creation. With Jennifer Johnson, our recently appointed CMO, now with the marketing helm, we are realigning our marketing initiatives and increasing our focus on ramping more top-of-funnel initiatives and brand awareness to drive pipeline to even greater heights. We also gained significant leverage from our partner ecosystem, with partner-sourced ARR growing 55% year-over-year. There were many positives in this quarter highlighted by the record number of customers contributing at least $1 million in net new ARR in the quarter. Additionally, ending ARR for the $1 million-plus cohort surpassed the $1 billion milestone in Q3 with a 67% year-over-year growth rate. These larger customers are standardizing on Falcon, consolidating vendors and prioritizing expansion projects that represent sizable cross-sell and up-sell opportunity that are moving forward even under uncertain macro conditions. Marquee brands that are new to our $1 million-plus cohort included a Global 500 manufacturer that landed with 10 modules, providing unprecedented visibility and protection to all areas of their environment and allowing them to consolidate four agents and vendors with their initial deployment of Falcon. Two Global 500 financial institutions who chose Falcon for its ability to replace multiple legacy security products and bolster their security posture through a single agent, a Global 500 consumer goods manufacturer that is now leveraging Falcon Complete for a fully managed approach to protecting its critical infrastructure and a Fortune 500 luxury brand, leveraging Falcon to protect both its traditional end points and cloud workloads. In the third quarter, we also delivered strong results in the public sector, driven by a Falcon Complete LAN with one of the largest US federal agencies now standardizing on the Falcon platform and a strong quarter for our SLED business with the US state government standardizing on CrowdStrike in the quarter, as well as wins and expansion across multiple US state and local government agencies and educational institutions. To date, 40 US state governments are CrowdStrike customers, of which 21 in the District of Columbia have standardized on Falcon. Additionally, we secured a win with one of the largest federal systems integrators that will be using Falcon to protect its internal estate, as well as integrate it into its MSSP offering. Moving to our expansion and retention performance. Our dollar-based net retention rate was well above Q3 of last year and consistent with our Q2 performance, which was at the highest level in seven quarters. Our best-in-class gross retention rates remained at record levels above 98%. We are also seeing more customers standardizing the Falcon platform and adopt more modules. Q3 subscription customers with five or more -- six or more and seven or more modules were 60%, 36% and 21%, respectively. This represents a 55%, 66% and 81% year-over-year increase in these respective module adoption cohorts. It was another record quarter for our emerging product category, which includes our Discover, Spotlight, Identity Protection and LogScale modules. Our Identity Protection solutions are the largest contributor to ARR within the emerging category, and Q3 was another record quarter. Net new ARR for Identity Protection solution grew to a new all-time high, and the attach rate on net new logos continue to grow rapidly. With close to 80% of cyber attacks leveraging identity-based tactics to compromise legitimate credentials and use techniques like lateral movement to evade detection, Identity Protection is core to stopping breaches. Our Identity Protection capabilities are a game changer and shoring up active directory as well as stopping ransomware and lateral movement. To punctuate the value of our Identity Protection capabilities, I'd like to share a recent seven-figure expansion with a leading global brand. This customer has a very capable security team that spent years building a dedicated identity and access management team and implementing a Privileged Access Management solution, or PAM. Even with these efforts, shortly after turning on Falcon's Identity Protection in the POV, we identified several misconfigurations, including dozens of domain administrator accounts that were not being managed by their PAM solution, a multitude of accounts without password expirations, thousands of users with compromised passwords and a potential attack path from unprivileged accounts to privilege launch. With Falcon Identity, this customer is shutting down routes to illegitimate access and significantly hardening their defenses. Q3 also marked another record quarter for LogScale as we secured wins across multiple verticals, including financial services, insurance, technology, retail, energy and telecommunications. Notable wins included a statewide insurance provider in the US and previously mentioned new Global 500 financial institution, where Falcon LogScale has enabled both organizations to log more data, retain it longer and reduce the cost of their existing log solutions, resulting in better security and more visibility across their environments. During the quarter, we acquired external attack surface management, EASM vendor, Reposify, to help our customers identify and eliminate risk from vulnerable and unknown assets before an attacker can exploit it. The acquisition closed in early October, and we expect to launch our external attack surface management module this quarter, which will bring us to 23 modules available across the Falcon platform. On the public cloud front, we continue to build momentum with ending ARR for modules deployed in a public cloud setting growing over 100% year-over-year. Our CNAPP solution continues to gain industry recognition, including winning Best Cloud Security and CRN's 2022 Tech Innovators Awards. Falcon Complete continues to shine with net new ARR growing close to 20% quarter-over-quarter as customers embrace our extended lineup of complete services, including Identity Complete and Cloud Complete. Additionally, we launched Falcon Complete LogScale during Q3 and already secured several wins. In a more challenging economic environment, there is appeal for a solution like Falcon Complete that allows companies to decrease headcount or hold headcount stable. The significant advantages of CrowdStrike's Falcon Complete offering were showcased in the first MITRE ATT&CK evaluation for security service providers. Out of 16 participants evaluating, the Falcon platform's integration of industry-leading technology and human expertise enable us to deliver the highest coverage. This was MITRE's first closed door test, which means the participants did not have prior knowledge of the adversary, and retesting was not allowed. We believe this evaluation demonstrates why CrowdStrike is the clear leader in EDR and XDR, whether our capabilities are delivered as a fully managed service from CrowdStrike or through our network of MSSP partners or operated independently by our customers. The Falcon platform also won SE Labs EDR ransomware detection and protection test. This well-regarded third-party testing firm involved 270 ransomware variations and deep attack tactics. Falcon achieved 100% ransomware prevention with zero false positives. Let me repeat, zero false positives, which we believe reflects our superior AI and machine learning models and the data mode advantage we derive from our unique graph technology in Threat Graph. Falcon's exceptionally low false positive rate represents a tremendous operational win for our customers as it enables them to significantly increase their speed to triage, investigate and remediate a verified alert. Based upon our business value assessment and realized analysis, we estimate that, on average, enterprise customers observed a 68% increase in operational efficiencies with the Falcon platform, equating to an offset of approximately 3.5 full-time employees. We believe today's macro pressures on businesses and the escalating threat environment make Falcon's value proposition as a consolidator more important today than at any other time in CrowdStrike's history. In order to solve agent bloating complexity within the security and IT stack, while also protecting the business from cyber adversaries and reducing operating costs, companies need to consolidate on a truly integrated platform, not acquired technologies stitched together by an invoice. CrowdStrike Falcon continues to be the gold standard and the security platform of record. While the cybersecurity market is not immune to macro pressures, it is a mission-critical technology. The adversaries don't stop. As detailed in our latest threat hunting report, OverWatch observed a nearly 50% year-over-year increase in interactive intrusion campaigns. We believe cybersecurity investments is resilient and is prioritized, especially among the world's largest organizations as represented in our $1 million-plus customer cohort and best-in-class retention rates and module adoption rates. With the escalating threat environment, expanding attack surface and accessibility of the Falcon platform, it is our belief that we are still in the early innings of CrowdStrike's growth journey. We believe the early and rapid success of our identity protection solution best demonstrates our ability to leverage our unique and vast threat intelligence to create and dominate new and legacy markets. We intend to continue our disruptive innovation, expand our technology leadership and bring new modules to market. Even with these investments, we are responding to current macro conditions and plan to balance growth with profitability and free cash flow, as Burt will discuss in more detail. We remain steadfast in our vision to grow ending ARR in $5 billion by the end of fiscal year 2026 and reach our target operating model in fiscal year 2025. With that, I will turn the call over to Burt to discuss our financial results in more detail.

Operator:

Thank you. [Operator Instructions] And our first question comes from the line of Saket Kalia with Barclays.

George Kurtz :

Yes. Thanks, Saket. So again, if you look at what we've seen and what we've commented on, the inherent demand for our products remain strong. Obviously, there's an increase in the macro headwinds. We talked about some of the smaller customers having elongated sales cycles. We saw 11% increase in days to close. And those are delayed deals, not lost deals. And on the enterprise, again, we're seeing consistent win rates. They remain high. And in fact, in the smaller customers, we've actually seen them significantly improved quarter-over-quarter. So from our standpoint, and we look at this very closely, as you might imagine, the landscape remains favorable to us. I really don't see another true consolidator like Falcon. And customers are looking for technologies that reduce costs, reduce complexities, actually work and stop breaches, and that's what we're delivering. So again, when we look at the competitive landscape, it remains favorable to us. And as we pointed out, we saw increased macro headwinds, and that's what we talked about. So I'll turn it over to Burt.

Operator:

Thank you. And our next question comes from the line of Rob Owens with Piper Sandler.

Burt Podbere:

Hey, Rob, this is Burt. Thanks for the question. So, in general, we saw the macro hit all the geos. But as we think about our split between United States and internationally, obviously, the United States is the biggest portion overall of our business. So any impact to ARR will generally be driven from that sector.

Sterling Auty:

Yes. Hi, guys. And thank you for the extra commentary on macro and next year, in particular. My question is really, how do you think about those macro headwinds manifesting themselves in terms of net dollar retention or expansion rates versus the growth rate in new customers? Is one side going to be more particularly hit versus the other as it unfolds over the next several quarters?

Operator:

Thank you. And our next question comes from the line of Joel Fishbein with Truist.

George Kurtz:

Yes. We've seen tremendous interest since the acquisition. We announced that at Fal.Con. Customers are looking to understand their exposures externally. And as they move more and more to the cloud, a lot of their exposures are really configuration and policy-driven. So it's a fantastic add for us. It fits very nicely within our platform. It ties into what we're doing on the vulnerability management and risk side. And overall, we're really excited about it. And customers are not only looking at it for themselves, but also looking at it from a third-party risk perspective and leveraging it across their supply chain in terms of making sure that their suppliers are secure and not putting customers at risk. So, so far, very positive feedback and we're excited to get the product launched and bring it to market.

Hamza Fodderwala:

Hi. Good evening. Thanks for taking my question. George, a question for you. I think it's pretty clear that, the macro is going to impact pretty much every company, security not excluded from that. I'm curious how you're thinking about balancing sort of growth and profitability from here because on the one hand, clearly, growth has been slow for CrowdStrike and for everybody else. But on the other hand you've got this big market opportunity in front of you as an emerging consolidator in cybersecurity. Do you feel like this is a time to maybe continue to invest as maybe others are going to struggle more, they don't have that free cash flow generation that you do, or do you feel like this is a time to maybe show a little bit more leverage? Just curious, how you're thinking about that?

Operator:

Thank you. And our next question comes from the line of Andrew Nowinski with Wells Fargo.

Burt Podbere:

Thanks, Andy. So when we think of the net new logos, it really corresponds to what we talked about in terms of what we saw in that SMB space. The SMB space is the one that drives the velocity of our net new logos. And as we talked about, we saw an 11% increase in our sales cycle in the SMB space. And that actually equated into $15 million in terms of deals in that space that could push out. And so when you think about 15 million in that space and what it means in terms of logos, where you can do the math, it's a pretty big number. So that's how we think about net new logos corresponding to what we saw in net new ARR from the SMB space. So from that perspective, we weren't surprised at the end of the day when we saw that what happened with respect to the increased sales cycles and the amount of money that got pushed out in the SMB space.

Maria Riley :

Jonathan, are you there? Operator, maybe we can move to the next question.

Matt Hedberg :

Great. Thanks for taking my question. George, for you. You've obviously been running -- you've been in sort of the security industry for a long time. When you see macro headwinds like this pop up, are there things that you all can do from a sales perspective to accelerate cycles, like going at customers sooner than you'd normally do? Just anything tactically that you do in times like this? And has anything changed competitively in the assets kind of the smaller side of the business that you play in?

Operator:

Thank you. And our next question comes from the line of Tal Liani with Bank of America.

George Kurtz :

Yes. Sure. I'll take the first part of that. When we think about budgets, again, all the feedback that we've seen is that budgets are not in the enterprise getting cut. There's so many mandates around security. And just as customers move to the cloud, what they are looking to do, though, is optimize that spend and consolidate. So they may not be spending as much money with a whole bunch of vendors, and they're looking to consolidate with companies like CrowdStrike. We spent a lot of time on selling the value. And when we think about this, and we talked about this in the past, Tal, is the consolidation of agents. It's a huge pain point for customers, the complexity of the cost. So all the conversations that I'm having with CEO, all the way down, has been around how do we help consolidate the cost, because they're going to spend the money, they'd rather spend it with fewer vendors, and how do they get a better outcome. And that's, I think, where CrowdStrike shines. And in some cases, that may take a little extra work, because we're upsizing some deals, and we've got to go through more approvals and go through more of the value selling. But again, that's what we're focused on. So, obviously, we'll monitor the environment and see if there's any changes. But in all the conversations that I've had, security remains still top of mind and top of budget for enterprise customers.

Operator:

Thank you. And our next question comes from the line of John DiFucci with Guggenheim.

Burt Podbere:

Thanks, John. So I'll take the second part first. So we do have commitments from those deals. They're signed deals. Just that when we think about structure, we have this phase start date with respect to the subscriptions. So that's how we think about those multiphase deals. And then, I think that, when we think about those multiphase deals and the patterns that we've seen, I think that we're going to see something consistent with what we've seen in Q3. I think that more of those larger enterprise deals, they're going to sign those deals. They're going to look at their budgets. So they're going to look at their OpEx, and they're going to say, okay, well, this makes sense if we turn it on at this point, which could be a date post the quarter end. But the deals then -- I think the most important part about your question is that, the deals are locked in, and that's what we saw in Q3, and we anticipate that in Q4.

Brad Zelnick:

Well, great. Thank you so much for fitting me in, guys. Burt, your comment saying that you expect no budget flush this Q4 is like telling a kid Santa Claus isn't coming for Christmas. And I think you guys are the only ones explicitly saying this, and I'm guessing it's because you're being more prudent and maybe more transparent than others. But I'm also wondering how much of it is pipeline versus conversion rate assumptions that inform your perspective. And I guess, maybe asked a little bit differently, how is your forecast methodology adapting to the environment and the assumptions that you're inputting into it in Q4? Thanks.

Operator:

Thank you. And our next question comes from the line of Fatima Boolani with Citi.

Burt Podbere:

Fatima, good questions. So I'll take them both. So with respect to structure, there are two things that come to mind. One is obviously on the enterprise deals and the phased subscription start dates that will obviously impact billings and cash. The second one is flexibility on when those payments become due. So we're working with our customers to meet their budgets, to meet their time lines, and we've been flexible with respect to that. And of course, that will have an impact on cash as well. But overall, I still see – because of our business model and our strong business model and consistent Visma hasn't changed. I think that we've got this great opportunity to be comfortable in terms of what I talked about on the prepared remarks. And from a cash flow standpoint, we see a path to 30% free cash flow margin next year. And I think that just goes back to the strength of the model and the fact that we've got this business that is really durable. And with respect to how I see the big picture, I think that the things that we're doing with respect to structure really talks to the partnering with respect to our customers. And that was well appreciated well back in the – when the pandemic forfeit. It's being appreciated now in a macro with the headwinds that we all have. So, we think we're still very excited about the opportunity to be able to partner with our customers. And then second, with respect to how we think about compensating our sales team and in light of our renewal business becoming larger and larger, I think that the good news there is that when you think about renewal business, the actual cost that it is to continue to generate net new ARR from an existing client is definitely lower than to go out -- with respect to going out and getting a new logo. So I think there is some leverage to that. So that's why I think that we're in a really good spot with respect to me talking about leverage for next year. But thanks for the question.

Alex Henderson:

Great. Thanks. I was hoping if we could talk a little bit about the cloud segment of the market not necessarily in terms of your rate of growth per se, but rather what you're seeing in terms of company's willingness to accelerate or decelerate their progression to the cloud workloads. And within that context, what kind of share do you think you're picking up, or are you gaining share in that -- in those workloads that are moving? Thanks.

Operator:

Thank you. And our next question comes from the line of comes from the line of Roger Boyd with UBS.

Burt Podbere :

Yes. Thanks, Roger. So to answer your -- the first part of your question, so I think the biggest driver is that OpEx. They're looking at starting those subscription dates at staggered times, what makes sense for them. They've got to align their resources on their end and making sure that they have the right folks looking at it. And I think for us, the good news is that those deals are confirmed. They are locked in. We signed the deal. Some might be deployed now, some might be later. And they will be in the RPO calculations. Thanks for the question.

Joe Gallo:

Hey, guys. Really appreciate the question. George, appreciate your comments on F 3Q and 4Q macro. Based on your conversations with customers, what is their view on 2023 cyber budgets as they start to think about them? Are they expecting near-term alleviation with a quick Band-Aid rip-off, or is this more of a long-term new normal that we might see for the next year or so?

Operator:

Thank you. And that concludes our question-and-answer session. I would now like to turn the call back over to George Kurtz for any closing remarks.

Operator:

Ladies and gentlemen, this concludes today's conference call. Thank you for participating, and you may now disconnect.

Operator:

Thank you for standing by and welcome to CrowdStrike’s Financial Fiscal Second Quarter 2023 Results Conference Call. [Operator Instructions] As a reminder, today’s program maybe recorded. And now, I’d like to introduce your host for today’s program, Maria Riley, Vice President, Investor Relations. Please go ahead.

George Kurtz:

Thank you, Maria and thank you all for joining us. The CrowdStrike team delivered a strong second quarter headlined by record net new ARR of $218 million as growth accelerated to 45% year-over-year, record net new customer additions and record non-GAAP operating profit. We achieved several additional milestones in the quarter. Ending ARR grew to $2.14 billion on a 59% year-over-year growth rate. We believe this makes us the second fastest software company reported to reach the $2 billion ARR milestone. Ending ARR for our emerging products grew to $219 million, up 129% year-over-year. This included record-setting net new ARR for both Identity Protection and Humio and we also achieved record net new ARR for modules deployed in a public cloud. Quarterly revenue exceeded $500 million for the first time. We added over 1,700 net new customers, another first for the company. Gross retention climbed to a new record for the second consecutive quarter, and dollar-based net retention reached its highest level in seven quarters. We achieved these results while also driving record non-GAAP operating profit of $87 million, a 147% increase over Q2 of last year, and growing free cash flow of 84%. As Burt will discuss in a few minutes, we are raising our revenue guidance for the year and remain committed to delivering non-GAAP operating leverage and 30% or greater free cash flow margin for the year while investing in key initiatives that will further widen the gap between CrowdStrike and the competition. Moving to our markets, the competitive environment remains favorable and our win rates remain consistent. We continue to see strong demand even as organizations responded to macroeconomic conditions. For CrowdStrike, this primarily manifested in the form of increased levels of required approvals on some deals as companies evaluated investment priorities, which can extend the time it takes to close deals. However, cybersecurity is not a discretionary line item. Cybersecurity is a priority for CIOs, CEOs and CFOs and Boards of Directors, and our value proposition resonates strongly with these stakeholders. Deals committed to close in the quarter did close in the quarter, and we entered Q3 with a record pipeline. Over the past several months, I have had many discussions with CIOs, and the message is clear. They are looking to consolidate on a platform like Falcon. They want fewer point products, fewer agents and technologies that consume fewer resources. They need to reduce complexity and simplify operations in their security and IT stack. Complexity is the enemy of security, efficiency and TCO. This business imperative is even more crucial in times when budgets are tightening, which accelerates standardization on trusted platforms that deliver immediate ROI and lower TCO such as CrowdStrike’s Falcon platform. We believe that with increased scrutiny comes increased opportunity for CrowdStrike over the long-term given the Falcon platform empowers customers to consolidate technologies and achieve better protection with less time, fewer resources and lower total cost. This differentiates us from others in the market and we believe positions us well for continued success even in the current macro environment. And we are seeing this dynamic in our business as the number one vendor by market share in both IDC’s 2021 worldwide corporate endpoint security and modern endpoint security categories. Customers are increasingly standardizing on the Falcon platform, driving module adoption, greater wallet share and larger customers, the trademark characteristics of a generational platform. Q2 subscription customers with 5 or more, 6 or more and 7 or more modules were 59%, 36% and 20%, respectively. This represents a 70%, 84% and 105% year-over-year increase in these respective module adoption cohorts. As customers adopt more modules, Falcon is increasingly embedded in their operations and workflows, which we believe leads to higher retention rates and even more opportunities for future expansion. Customer retention is also driven by advanced capabilities built into the platform such as Fusion, our customizable security automation and remediation engine. Utilization of Fusion by customers has continued to increase since its launch. And in just 1 year, approximately 35% of our customers now use Fusion workflows. In the quarter, momentum was strong among customers of all sizes from large enterprises to medium-sized businesses and smaller accounts. We believe our diversified customer base adds to our resiliency and our ability to deliver durable ARR growth over the long term. Ending ARR growth from our $1 million or more ARR customers accelerated in Q2 and continued to grow faster than our corporate average. These larger customers are standardizing on Falcon, consolidating vendors and prioritizing expansion projects that represent sizable cross-sell and up-sell opportunities that are moving forward even under uncertain macro conditions. We are also seeing increased strength in the public sector, which, in Q2, was driven by record sled performance and wins within the U.S. federal and international government agencies. To date, 20 of the 37 U.S. states that our CrowdStrike customers as well as the District of Columbia have standardized on Falcon. One noteworthy development in Q2 was with the state of New York, which is exclusively using Falcon EDR for the newly established joint security operations center. As part of the shared services initiative, New York’s cities and counties in the program will be protected by Falcon. The JSOC program is designed to house cybersecurity assets for multiple levels of government under 1 roof to protect against attacks across New York’s interconnected network and IT services. We believe this is a model program that other states will look to emulate as their communities grapple with the heightened threat environment and cybersecurity skills gap. The second quarter was also a record quarter for our e-commerce sales engine, which is a key factor in our strategy to efficiently reach and serve the small business community at scale. To further support small businesses, during the quarter, we launched our newest bundle, Falcon Go. This starter package is specifically designed as a landing point for smaller businesses with 100 endpoints or less that may be more price-sensitive and looking to transact through our e-commerce or trial program. We also serve small businesses through the MSSP channel. The Falcon platform empowers MSSPs to stop breaches for their customers, simplify operations and drive cost efficiencies. MSSPs are a rapidly growing component of our partner ecosystem, with Q2 year-over-year ending ARR increasing more than 150% and a rapidly growing customer base that is excluded from our reported logo metrics. In Q2, we added over 1,700 net new customers, bringing the total number of reported customers that rely on Falcon to protect their business to 19,686, a 51% increase year-over-year. I’m especially proud to announce one of our new customers this quarter included a leading incident response firm that purchased Falcon for their internal use. We are also pleased with our strong module performance across the Falcon platform. I’d like to highlight a few standouts in Q2. First is Falcon Complete, which has continued to gain strong momentum in the market as companies look to address the growing cybersecurity imperative and contend with the cybersecurity skill shortage. Over 1,000 customers have adopted Falcon Complete since the start of the fiscal year. By leveraging the advanced automation in the platform, Falcon Complete offers customers and partners a way to quickly and cost effectively scale and fortify their cyber defenses with gold standard expertise and technology while lowering their total cost of ownership. As we add modules to the Falcon Complete lineup, customers are standardizing on Complete. An example in Q2 is a payments company that adopted our full suite of Falcon Complete offerings, which includes managed identity and managed cloud workload protection. Next is our emerging product category that solves use cases outside of traditional endpoint protection, but are rapidly becoming core in the minds of customers. This category includes our Discover, Spotlight and Identity Protection modules as well as Humio. We delivered record net new ARR from our emerging products, propelling the ending ARR for this category to $219 million, up 129% year-over-year. Our Identity Protection lineup achieved a record quarter and quickly grew to become the largest contributor to ARR within our emerging category. In Q2, the number of customers subscribing to our Identity Protection modules grew more than 100% quarter-over-quarter driven in part by a new logo attach rate that tripled, with close to 80% of cyber attacks leveraging identity-based tactics to compromise legitimate credentials and use techniques like lateral movement to quickly evade detection. Identity Protection is core to stopping breaches. We see many parallels between this new market and the early days of the EDR market, including a massive greenfield opportunity with an estimated $3.7 billion TAM in calendar year 2022 and a sizable uplift to ASP, which can be north of 30%. With our early and growing momentum, we believe CrowdStrike is well on the way to defining and leading the identity protection category. CrowdStrike Falcon Identity Threat Protection is unique in the industry as it can detect and stop in real time identity-based attacks. And with one easy-to-deploy agent, the Falcon platform can respond to modern attacks with endpoint, identity and workload context without the multi-platform complexity and post-processing other solutions require. Humio had a record Q2 as we secured wins across multiple verticals, including financial services, health care, retail, manufacturing, transportation and professional services. Notable wins included a multinational financial services firm with ingestion requirements of up to 4 terabytes a day that adopted Humio to displace its legacy provider whose query speeds and data ingestion capabilities were inferior and an IT and security services provider in APAC that is now leveraging Humio as the engine to collect and store security and observability data from its growing customer base. Moving from a module perspective to a deployment environment view, our public cloud business delivered a record Q2 with ending ARR growth accelerating quarter-over-quarter for the second consecutive quarter to reach $174 million. Building on the cloud-native application protection platform or CNAPP capabilities we introduced last quarter, this quarter, we announced new CNAPP capabilities to extend support within AWS Fargate to Amazon’s Elastic Container Service, introduced the first AI-powered indicators of attack, comprehensive fileless attack prevention and enhanced visibility for cloud intrusions and introduced Falcon OverWatch cloud threat hunting, the first stand-alone cloud threat hunting service for threats originating, operating or persisting in cloud environments. Cloud is another evolving market where we believe we can significantly expand our share, especially as CIOs look to consolidate vendors and move away from point products. As we discussed last quarter, CrowdStrike’s cloud capabilities stand alone in the market by delivering agent-based and agentless solutions natively from the Falcon platform in a single user interface with a shared data back-end in threat graph. The combination of agent-based and agentless capabilities in the cloud enables pre-run time and run time protection whereas agentless-only solutions can only offer partial visibility and cannot provide run time security. Taking a moment to summarize and put everything we have shared with you today into context. Customers want a trusted platform that seamlessly unifies endpoint, cloud, identity and data, redefining what core cybersecurity means. CrowdStrike is leading this replatforming with Falcon, and we see no other competitor with a comparable offering. I believe the CISO of a county on the East Coast said it best, and I quote, it’s hard to remember the days when I didn’t have immediate 24/7 remediation, vulnerability reports on every device, discovery of every asset on my network and a clear understanding of every account login, but I’m never going back. I want to thank each and every CrowdStriker for your passionate focus to make us the best in the business. It is your work that earned CrowdStrike’s recognition as a winner in the Best Security Company category for the 2022 SC Awards U.S. and Falcon XDR as a winner in the Best Emerging Technology category for the SC Awards Europe 2022. Before I turn it over to Burt, I would like to invite our investors and analysts to join us at Falcon in Las Vegas in September. Similar to last year, in conjunction with the event, we will hold an investor briefing featuring conversations with customers, partners and industry experts. To join in person, please contact our IR team for the registration information. The briefing will also be webcast live on our IR website. With that, I will turn the call over to Burt to discuss our financial results in more detail.

Operator:

[Operator Instructions] And our first question comes from the line of Saket Kalia from Barclays. Your question, please.

George Kurtz:

Yes, great, Saket. Thanks for the question. It’s not displacing anything because nothing else exists. And that was one of the things that we really got ahead of with our Preempt acquisition well before anyone else in the market. And when we think about the sort of attacks that are out there, 80% of the attacks leverage compromised identities and lateral movement, which is a big part of how breaches occur. So when we think about our identity module, which is baked into our agent, single agent, it’s much differentiated from everything else that’s out there. It works with Active Directory and Azure AD. It’s been a real game changer for customers. And I continue to see customer feedback even during the proof of value stage that they have never seen this level of visibility in their identity and Active Directory infrastructure and they continue to find many, many weaknesses. So to me, it’s a real game changer and I think it can be as big as XDR and it’s going to be a core module going forward.

Maria Riley:

Operator, you can please take our next question.

Andrew Nowinski:

Congrats on another great quarter. I just wanted to ask about your new logo adds. It looks like you added four Fortune 100 customers this quarter, which I presume were larger deals, even though you said there were no outsized deals in the quarter. I’m wondering, your new logo adds in total only increased maybe mid-single digits. But I’m wondering if you’re just focusing on larger customers now or if you’re seeing more customers starting the initial deal with more modules like Preempt and Humio, etcetera, that might – whereas it might have been a smaller initial land a year or 2 ago. Thanks.

Operator:

Thank you. Our next question comes from the line of John DiFucci from Guggenheim Partners. Your question, please.

George Kurtz:

Well, I think it goes to the durability of security and the business model that we’ve built and certainly the platform play. And I think if you’re a point product, your comments will resonate. I think when you look at a true platform like CrowdStrike, the conversations that we are having, and I’ve had many of them with CIOs, Board members, CEOs over the last quarter – couple of quarters, and it really was about how do we do more with CrowdStrike, we want to consolidate. So we didn’t necessarily see them freezing. We saw them thinking about how they could spend more with CrowdStrike and reduce their overall spend in security. And as we’ve talked about before, we spend a lot of time in value selling and something we call our business value assessment where we actually compute an ROI, which typically is 150% within the first year. So that’s the kind of strategic conversations that we’re having up and down the stack. And then when you think about the macro environment, people don’t want to add heads. Falcon Complete is a game changer for them. They couldn’t do what we do for the price that we charge. I mean they need an army of internal people to try to do what we do, and it’s just not possible with the level of expertise. So we look at the macros and opportunity at CrowdStrike to further consolidate in our customer base.

Rudy Kessinger:

Hi, guys. Thanks for taking my questions. Certainly, a lot to like here given the macro backdrop. I guess if I narrow in on one – maybe one metric, the customers with 6-plus and 7-plus modules, that stepped up 1 point from Q1. But the customers – percentage of customers with 5-plus was flat at 59%. We’ve seen that figure go up 2 to 3 points a quarter for the last several years now. Anything to note there? Did you see any customers on the new logo front that maybe just given the macro, maybe took one or two fewer modules to start out? And if so, obviously, identity sounds like that attach rate is increasing nicely. But any modules in particular that saw maybe a bit more of an impact to demand than others?

Operator:

Thank you. And our next question comes from the line of Matt Hedberg from RBC. Your question, please.

Burt Podbere:

Instrument things like Kubernetes clusters when you look at the ability to flow data into something like an Elastic, they are certainly looking for alternatives. And Humio’s flexibility is the fact that it can take data from anywhere, and it can do that ingestion-free. It doesn’t need an index, and it’s very, very efficient from a cost perspective. So we continue to get pulled into security and non-security deals. We had a record Humio quarter with some great wins. We see frustration with incumbent vendors across the SIEM space as well as the observability space. And a lot of times, companies will – they’ll try to roll their own. They’ll go to open source and try to pull in different stacks. And it’s really complex. And they just love the ease of use and the flexibility that Humio provides. So we continue to be extremely bullish on Humio and its various use cases, which are security, non-security-related. And we had some great wins in both SIEM replacement, in log management as well as observability.

Rob Owens:

Sorry, my phone cut out there. Hi, guys. Thanks for taking my questions. George, I would love for you to expand around your comments on consolidation. And we’ve seen a few cycles, obviously, maybe not as many as Mr. DiFucci, who admitted to his age earlier. But that being said, why here and now given we’ve had platform plays before? And do you think this is economic, this is technical, part of the problem set? Thanks.

Operator:

Thank you. Our next question comes from the line of Alex Henderson from Needham. Your question, please.

George Kurtz:

Sure. And I think I’ll start with the latter comments you made. If you look at our gross retention, at a record, if you look at net retention, just how well we’ve done, and obviously, we will put that out at the end of the year, what it means is customers like our technology, they stay with us and they buy more from us. In a market like ours, there is always going to be companies like to compete on price because they are AV only. And I think you’ve got to look at our platform and say, well, you’ve got AV, which is differentiated, but it’s one module. And if companies are trying to compete on price there, at the end of the day, what we’re selling is prevention of breaches, right? It’s not just malware prevention, which we’ve seen a lot of companies, legacy and non-legacy, just try to focus on that. And if that’s where they started as an AV company or next-gen AV, and then it pulls other things on, it really isn’t a true platform. And I think the genius and the beauty of what we built here is probably the most scale way, using cloud architecture on the planet in terms of our ability to ingest, no reboots, you deploy it immediate time to value, and it just works. So even if there was pricing pressure in one module, which we don’t always see, I mean, obviously, there is competition out there, when we put together all of the modules, our ability to consolidate, our TCO play with a real ROI, this is very compelling for customers large and small. So again, there is always been lots of companies in our space. And I think to your point, we’ve proven that while our form factor is agent cloud, we’re doing many more things in a different way that go beyond just traditional endpoint protection.

Fatima Boolani:

Hey, good afternoon, gentlemen. Thank you for taking my question. George, maybe this one is for you. Just with respect to some of the traction and sort of the hyper growth trajectory you’re seeing with capabilities that are embedded in Falcon Complete and even OverWatch, I think one of the things that some of your competitors, your peers in the past have stumbled into is sort of the rules of engagement with the channel. And yet you disclosed doing MSSP business that was up 150% year-over-year. So I’d love to kind of get your perspective on how you’re sort of threading that needle between staying cooperative without getting too competitive and really driving triple-digit growth in modules and capabilities that otherwise on the surface would seem to sort of encroach into some of your partners’ business and franchises. Thank you.

Operator:

Thank you. Our next question comes from the line of Roger Boyd from UBS. Your question, please.

George Kurtz:

Sure. We’re absolutely excited about Horizon as well as the combination of Cloud Workload Protection, and we think it stacks up very well. And more importantly, where is the differentiation? The differentiation is in things like the ability to actually protect the workload and the infrastructure, right? So you’ve got agentless in Horizon, and you’ve got our Cloud Workload Protection, which we have tremendous capabilities there. This is what customers want. If you look at the pure plays out there, they are just covering agentless. And candidly, that’s the easiest thing to do because you just plug into APIs. We’ve got to build some workflows around it, and there is certainly some good competitors in the market. At the end of the day, it’s really the combination of an agentless on a platform that’s going to give you visibility in the cloud as well as in your hybrid data centers. And that’s what we’re seeing. We continue to add many, many capabilities. We’ve added OverWatch threat hunting for cloud. We’ve got dynamic container analysis and image assessment. So we continue to build in those areas, and we’re seeing a great reception. And I think when you look at our heritage of threat intelligence and things like indicators of attack, a lot of our competitors are just doing sort of policy misconfigurations and not really – they are not really able to understand if they are under attack or where an attack might be possible. And we’ve applied that indicator of attack knowledge from our endpoints into the cloud. So we feel really good about that. Obviously, everyone is in the early innings in the cloud journey, which is exciting because it’s a greenfield opportunity. And we feel like we have got the right products and the right go-to-market motion around it.

Joe Gallo:

Hey guys. Thanks for the question. Just a follow-up to John’s earlier question, no comment on his age, by the way. George, on those extra levels of scrutiny, any incremental context? Were they SMB or enterprise? Any geo-location specifically? And are these deals pure cyber, or are they broader with Humio and other infrastructure aspects? And then, Burt, are you including any extra conservatism in your guidance because of those? Thanks.

Burt Podbere:

Yes. Just on the guide, I mean I think we have stuck to our guns. We guide to what we see, not to what we don’t see. And we took an appropriately pragmatic view on the macro. And that’s how we looked at the guide for this year.

Ittai Kidron:

Thank you, guys. Great quarter. A couple for me. George, you haven’t talked about XDR, the XDR Alliance and how is traction moving along there. Maybe you can give us an update. And then for Burt, FX, you haven’t mentioned that at all in the quarter. Can you talk about the impact to your business on FX and how it’s impacting you globally?

Burt Podbere:

Yes. I will jump in, George, leaning on the FX question. I think there was nothing material or we would have talked about it. We primarily invoice in U.S. dollars, but we do have expenses incurred in currencies out of the U.S. But on the deal side, it goes back to what George has been talking about. It’s the platform play. It’s lowering TCO. It’s all those things that we are able to bring to bear that nobody else can.

Hamza Fodderwala:

Hey guys. Thanks for squeezing me in. Just a quick one for Burt. I was wondering if you could give more context on your comments around second half seasonality. I think normally, Q4, generally stronger. Q3, you do see a little bit of lighter seasonality, although you do have the Fed vertical really take off during that quarter. So, can you give us a sense of how the net new ARR patterns should be? Should it be similar to last year, year before that? Just any color you could give us would be really helpful.

Operator:

Thank you. Our next question comes from the line of Shaul Eyal from Cowen. Your question please.

George Kurtz:

Well, a good question, and I will reiterate again as I do I think on every call that we partnered with Ping and Okta and others, right. And our identity product is really specific to the endpoints and active directory in terms of identity threat protection and detection. So, we continue to work with them. And I think when you look at the environment today, there is just a continued demand for having a handle on identity. And we are one piece of it on the endpoints of servers and the direct restructures. And there is other players in the market that handle identity access brokering, etcetera. So, from our standpoint, we, as I reiterated, continue to see very, very strong demand with a very differentiated technology. As you pointed out, 100% quarter-over-quarter growth. New logo attach rate tripled quarter-over-quarter. And the answer is why it gets back to the architecture, the single lightweight agent, very easy for us to activate it, very easy for us to activate it at scale and trials. And a lot of times, what we will see is when there is high threat environments, customers will activate and get immediate value, and then we can convert them over into paying customers. So, again, this is, I think going to be a standout for us, a, in terms of the acquisition we did and also in terms of the integration and our ability to go to market with it.

Gregg Moskowitz:

Hi. Thank you for taking the question. Congrats on a very good ARR performance. I did want to ask about RPO, which historically has risen by double digits sequentially in Q2 period, although this quarter went up mid-single digits. Were there any changes to average duration? Is this perhaps somewhat reflective of the increased levels of approval that you noted earlier, or is there anything else that you would call out? Thanks.

Operator:

Thank you. This does conclude the question-and-answer session of today’s program. I would like to hand the program back to George Kurtz for any further remarks.

George Kurtz:

Great. Thank you. Well, I certainly want to thank all of you for your time today. We appreciate your interest and look forward to seeing you in person at our upcoming Falcon conference and our Investor Day via webcast. Thank you so much. And that concludes the call.

Operator:

Hello. Thank you for standing by, and welcome to the CrowdStrike Fiscal First Quarter 2023 Results Conference Call. At this time, all participants are in a listen-only mode. After the speakers’ presentation, there will be a question-and-answer session. [Operator Instructions] As a reminder, today’s call is being recorded. I would now like to turn the conference over to your host, Ms. Maria Riley, Vice President of Investor Relations. Please go ahead, ma’am.

George Kurtz:

Thank you, Maria, and thank you all for joining us. I will start today’s call by summarizing three key points. First, fiscal 2023 is off to a fantastic start. We believe our Q1 results exemplify that we have a winning formula that includes scale, growth, profitability and free cash flow. Second, we saw strength across the platform, including a record quarter for modules deployed in the public cloud and over 100% year-over-year ending ARR growth for our emerging product group, which includes our Discover, Spotlight, Identity Protection and Log Management modules. And third, we are seeing more and more customers standardize on the Falcon platform. The number of customers adopting 6 or more and 7 or more modules, both grew more than 100% year-over-year. We believe this underscores our wide competitive moat and our opportunity to drive long-term sustainable growth in both, our core and expansion markets. Now, let’s discuss our results in more detail. The CrowdStrike team achieved another outstanding first quarter. Building on our historic Q4, this quarter, we delivered net new ARR of $190 million, topping our expectations. We delivered ending ARR growth of 61% year-over-year to exceed $1.9 billion, record non-GAAP operating profit of $83 million and free cash flow margin of 32%. In 8 out of the last 10 quarters, we have delivered 30% or greater free cash flow margin. Our powerful combination of growth, profitability and cash flow is reflected in our continued performance well in excess of the SaaS industry’s Rule of 40 benchmark. In Q1, we achieved a Rule of 78 on a non-GAAP operating income basis and when calculated on a free cash flow basis, a Rule of 93. Given our market opportunity, platform, subscription business model and high unit economics, we believe we have the ability to continue to grow at scale, generate cash and invest in initiatives that will further widen the gap between CrowdStrike and the competition, especially at a time when companies are forced to reduce their spending and hiring plans. I’d like to thank those of you who joined our investor briefing in April, where we showcased the simplicity and the power of the Falcon platform. We also demonstrated how our differentiated single-agent architecture that does not require reboot enables a frictionless go-to-market motion with an e-commerce engine. We believe this is unique to CrowdStrike and translates to increased module adoption, deal sizes, ARR growth and sales efficiency. And in Q1, we saw the flywheel effect and strong differentiation of the Falcon platform in motion. The demand environment we see is more robust today than this time last year as cybersecurity is not discretionary. Additionally, the competitive environment has remained favorable to CrowdStrike. Our growing leadership in the market is reflected in IDC’s most recent report where CrowdStrike leapfrogged to the number one position amongst all vendors in the 2021 market share for worldwide corporate endpoint security and once again took the top spot in modern endpoint security. In Q1, we executed well across all market segments with over 1,600 subscription customers of all sizes choosing CrowdStrike for the fourth consecutive quarter. This brings the total number of customers that rely on Falcon to protect their business to 17,945, a 57% increase year-over-year. The first quarter was a record quarter for our e-commerce engine. Late in Q4, we significantly expanded our trial program, increasing the number of modules available for trial to 12, up from just 4 modules in the prior quarter. The expanded trial program provides an even larger foundation to drive velocity through our e-commerce engine and makes it even easier for companies to trial and purchase more modules on the Falcon platform, and we are very pleased with the record performance in Q1. Our ability to rapidly innovate on the Falcon platform and solve a growing number of security imperatives for our customers with a single-agent platform provides CrowdStrike strong differentiation, wide competitive moat and multiple growth engines in both our core and expansion markets. Our frictionless adoption motion drives larger deal sizes among both, large and small customers over time and has translated to increasing module adoption metrics quarter-after-quarter. In Q1, subscription customers with 4 or more, 5 or more and 6 or more modules increased to 71%, 59% and 35%, respectively. Given subscription customers with 4 or more modules surpassed the 70% milestone and is now commonplace, we are retiring this disclosure and raising the bar by introducing a new metric, customers with 7 or more modules, which reached 19% at the end of Q1. We are pleased with our strong module performance across the Falcon platform in both, our core and expansion markets. I’d like to highlight a few standouts in Q1. First is Falcon Complete, our industry-leading full turnkey managed detection and response offering that uniquely blends technology and services to stop breaches for customers of all sizes. Q1 was a record-breaking quarter for Falcon Complete with net new ARR reaching an all-time high. Falcon Complete has continued to gain momentum in the market as companies look to address the growing cybersecurity imperative and contend with the cybersecurity skills gap. By leveraging the advanced automation in the platform, Falcon Complete offers customers and partners a way to quickly and cost effectively scale, fortify their cyber defenses with gold standard expertise and technology. We believe our massive success with Falcon Complete is a testament to the increasing trust customers place in CrowdStrike every day. As one of our largest customers recently posted on LinkedIn, “CrowdStrike’s Complete team allows our team to focus on the bigger picture without sacrificing the quality and detail of Tier 1 response.” Our growing leadership in the MDR market is also recognized by market research firms. In Gartner’s recent Market Share Managed Security Services worldwide 2021 report, CrowdStrike was ranked number one by market share. As we have added modules to the Falcon platform, we have introduced new complete offerings that extend beyond core endpoint, including Complete for Cloud Workload Protection and Complete for Identity Protection. This ability to create new extended offerings within the Complete product line generates new multidimensional avenues to drive ARR growth. Moving to the public cloud. Building on top of a strong Q4, the first quarter was a record quarter with ending ARR growth for public cloud deployments accelerating quarter-over-quarter. As organizations are moving more workloads to the cloud, the adversaries are quickly following, and traditional security tools are not enough to keep pace with the ever-changing nature of cloud environments. CrowdStrike’s cloud capabilities stand alone in the market by delivering agent-based and agentless solutions delivered natively from the Falcon platform in a single user interface with a shared data back end in Threat Graph. The combination of agent-based and agentless capabilities in the cloud enables pre-runtime and runtime protection whereas agentless-only solutions can only offer partial visibility and lack remediation capabilities. Additionally, [Technical Difficulty] of the public cloud, put an even higher emphasis on the importance of a lightweight agent. The time we took at the inception of CrowdStrike to design the agent with the lightest footprint amongst all competitors and that doesn’t require a reboot makes our agent perfectly suited for cloud deployments. One of our marquee wins this quarter was a global financial software company that was looking to protect its private cloud and growing public cloud environment. In this cloud win, CrowdStrike was chosen over the competition given Falcon’s unified interface across public, hybrid and multi-cloud assets, ease-of-use, superior performance and speed of detection. In the quarter, we introduced new Cloud Native Application Protection Platform or CNAPP capabilities to accelerate threat hunting for cloud environments and workloads and reduce the meantime to respond. The new capabilities we announced provide the visibility, automation and cloud hygiene necessary to defend against today’s adversaries. Identity protection is another emerging area where we are seeing growing success in the market with the number of customers subscribing to these modules growing more than 30% quarter-over-quarter. Our identity protection solution is a game changer in the fight against ransomware and preventing lateral movement. This was demonstrated in the recent MITRE prevention evaluation in which Falcon achieved 100% prevention and our identity protection module stopped the would-be attacker before it could even gain access to the target environment, redefining what it means to stop the breach. In terms of opportunity, we see many similarities between this, new emerging market and the EDR market at its inception, with customers not knowing how much they need it until they saw it in action. To demonstrate this point, I’d like to share feedback I personally received via text from a long-standing Falcon customer. “We are doing our POC of identity protection, and it alerted us that all members of domain users errantly had permissions to reset the machine for one of our domain controllers. We fixed it immediately and identified the root cause. We never would have found this in a million years, and it could have been used to do great harm. We really are in love with this product. Thanks to you and the team for building these amazing tools for us.” And on the Humio front, we are seeing increasing momentum in the log management space with customers. Additionally, our resellers, MSSPs and technology partners are excited about building their businesses with Humio. With the recent sales enablement and quota assignment for the global CrowdStrike sales team, our pipeline of log management opportunity rapidly growing. Specifically in Q1, we secured wins with new and existing CrowdStrike customers, including a Fortune 100 industrial company, a Fortune 500 materials manufacturer and a large health services provider. Moving to the market dynamics and threat environment. We continue to see powerful tailwinds fueling our market, and we do not currently see any indication that these trends will abate anytime soon. These tailwinds include a rapidly expanding attack surface and digital supply chains as organizations embrace digital transformation and move more workloads to the cloud, the cybersecurity skills gap in a heightened threat environment. We remain in a shields-up threat environment with adversaries rapidly evolving their tactics. Ransomware is no longer enough for advanced e-criminals. They are now weaponizing the data they extract by periodically leaking it to the public in an effort to extort their victims and drive even higher paydays. Over the past few months, I spent significant time traveling to meet with customers, prospects, partners and fellow CrowdStrikers. I found it energizing and inspiring to resume in-person engagement, and I would like to share with you a few recurring themes from my conversations. First, cybersecurity is an essential technology that underpins modern business, and we see this growing as regulators sharpen their lens on cybersecurity requirements. As a result, cybersecurity is a growing priority, words of directors and initiatives to fortify an organization security posture and reduce enterprise risk are being discussed, evaluated and funded at the highest levels. Second, in order to cope with the skills gap, organizations are looking for technologies that help them achieve more with fewer human resources. CIOs and CISOs are looking for a true platform that delivers on the promise to consolidate agents, reduce complexity, simplify operations and reduce operational costs. This includes replacing legacy log management and SIEM products, and that is why they are so excited about Falcon XDR. And that brings me to my third point, trust. I heard directly from Boards, CIOs and CISOs that when it comes to cybersecurity, the importance of trust increasingly eclipses price during the buying decision. In fact, we saw this exact dynamic and a key win with a leading-edge tech innovator and S&P 500-listed company where we were competing against Microsoft. Even though this new customer is a Microsoft-first shop, we were told that the buying decision, which the Board of Directors was actively involved in, ultimately came down to who they trusted to protect them from their worst day. Before I hand it over to Burt, I will share one more recent new subscription customer win where the incumbent vendor fell short of expectations. This global business process service provider based in Europe was struggling with their Microsoft deployment as complexity and misconfiguration pitfalls were hampering their efforts to protect their heterogeneous environment. After months of continuous issues, they fell victim to a breach and turned to CrowdStrike for incident response and endpoint recovery services. During the remediation process, this customer was able to experience firsthand the value of trusted expertise and the ease and speed of deploying Falcon across their environment. This led them to adopt Falcon Complete, which was fully up and running only 24 hours after the expanded engagement was completed. Falcon Complete is highly differentiated in the market as competing offerings only notify the customer of a problem, whereas Falcon Complete with Fusion no-code security automation will proactively remediate any issues. In closing, I would like to thank each and every CrowdStriker for your passionate focus on making CrowdStrike the trusted cybersecurity company. With that, I will turn the call over to Burt to discuss our financial results in more detail.

Operator:

[Operator Instructions] Your first question is from Saket Kalia with Barclays. Please go ahead.

George Kurtz:

Hey Saket, it’s a great question. When we talk to customers, particularly legacy SIEM customers, there’s absolutely an appetite to explore something that’s different, modern, more scalable and more cost effective. And again, we’ve been big fans of Humio. We continue to get the technology integrated and expand its capabilities. And when you think about Humio, you also have to think about Falcon XDR, right, in terms of its ability to ultimately subsume SIEM. And I think XDR, in general, will do that from a category perspective. So, it’s still in the early days, but we’re excited about the customer interest, what they want, the expansions that we’ve done in the quarter, the ability to actually consume, not only security data but observability data. And we’ll continue to iterate the product and get it out through the sales force. So, overall, very excited about it.

Andrew Nowinski:

Congrats on a great quarter. I had a similar question to the last one. So, you talked a lot on the call about Falcon Complete Preempt and Humio. And I would imagine Spotlight was also fairly strong given Log4j this quarter. But I was wondering if you could maybe just rank order your top three modules that you think will drive or have the most impact on your growth in this fiscal year?

Operator:

And your next question comes from Brian Essex with Goldman Sachs. Please go ahead.

George Kurtz:

Yes. Hey Brian, it’s George. When we look at our capabilities outside North America, again, we spend a lot of time building out the sales channels, building out the partner network. And you see that multiplier effect through our partners now, which are really excited. And we continue to expand our sales capabilities there. So, when you look at where we’d like to be in terms of increasing that revenue and the split between North America and rest of world, it was a great quarter for us. So I think Burt will probably add some other comments to it, but I think it’s reflective of the fact that we’ve got a great offering and the strong demand in all geographies.

Operator:

Your next question comes from Joel Fishbein with Truist. Please go ahead.

Burt Podbere:

Yes. So, our bigger customers, those over $1 million, as we talked about on the webinar in April, each of those customers has about 7 on average, just over 7 modules. In terms of landing new, we talked about in FY22, it’s 4.7. And that’s up from 4.3 from the year before.

Matt Hedberg:

Congrats from me on the results, guys, as well. George, I know this is not necessarily a strong U.S. Fed quarter. But I think I’ll reflect back on your CISA win from last year as really a sort of a watershed type deal. Can you talk about how that rollout has been going? And how you think Federal plays out -- U.S. Fed plays out this year?

Operator:

And your next question comes from Rob Owens with Piper Sandler. Please go ahead.

George Kurtz:

Yes. So, when you think about our cloud offerings, a couple of points that I highlighted in the call is that we have both, agent and agentless. And that is the ability to actually gather cloud information at scale without an agent, understand the posture of what’s happening, understand misconfigurations and go beyond what our competitors do is we actually look for active attacks with our Indicator of Attack technology applied to it. And then you combine that with our agent and our Cloud Workload Protection. And that really is like the ultimate package. CNAPP, we talked about that in the call as well, and that has been well received. And as we pointed out in the April investor call, we’ve had many lands in just cloud organizations, particularly in big financial services companies, land in the cloud and then actually be able to cross-sell it into the internal network. So overall, we continue to iterate very rapidly, got great capabilities there, and it’s been really well received by our customers.

Maria Riley:

Let’s go to the next question and we can come back to Fatima.

Alex Henderson:

I was hoping you could talk a little bit about the implications of the VMware acquisition by Broadcom and to what extent that has a positive impact on your ability to gain share in the endpoint/XDR space, but also whether that has implications for your cloud product lines? And, has there been any impact that immediately happened after that announcement? Thanks.

Operator:

And your next question comes from Roger Boyd with UBS Securities. Please go ahead.

Burt Podbere:

Yes. So, as we’ve talked about in the April update to investors, we spent many, many years working on our e-commerce platform, and we’re starting to really see the fruits of our labor there with a magic number of 1.4 with the increase in the number of trials that we can actually run through the e-commerce platform. It’s incredibly efficient, not only to gain new customers, but also to continue to cross-sell into the customer base. And with 22 modules, it’s important to be able to prioritize what customers are looking for, for our channel partners as well as our sales team. So, we spent a lot of time and effort there. We’re seeing the fruits of it. It certainly has been a great addition to growing our SMB business as well. We take credit card sales. It’s very easy to get the product up and running and buy from us. And I think that is a unique differentiation point between us and our competition. Burt?

Operator:

And your next question comes from Mike Walkley with Canaccord Genuity. Please go ahead.

George Kurtz:

I think when customers look at the impact of ransomware and now you’ve got lock and leak where they actually are disseminating this information and extorting customers. It’s just too critical to rely on an operating system vendor or the cheapest technology that’s out there. They’re looking at the viability of their business being impacted. They’re looking at wire transfers that are going out fraudulently. I mean, you go down the list of e-crime activities, and it continues to mushroom. So customers leveraging our trial, converting them into our e-commerce platform, upselling our modules, even upselling them into Falcon Complete customers, we can take a few thousand dollar deal and turn it into a $50,000 deal, leveraging the full suite of e-commerce technology as well as our inside sales team. And that has really driven efficiency in our organization as well as it’s reflected in things like our magic number that I talked about earlier.

Joseph Gallo:

You’ve alluded to it and so far the numbers appear to indicate that cyber and your business is resilient. But George, in your convos with customers and Burt, in your guidance methodology, is the world a little less rosy than it was a quarter ago? Are you seeing any change in the velocity of deals closing or hesitation from customers? And if you could break that into by geo or deal size, that would be great. Thanks.

Burt Podbere:

Yes. And to add, I really don’t see any additional discounting coming my way. And when there is an opportunity on the table and there is discounting involved that is -- at a high level, it comes to me, and I really haven’t seen any change from the past.

Shaul Eyal:

Congrats on a strong start to this fiscal year. My question is actually on the new ARR. Maybe can you just provide us with some color? I know you don’t provide, like, the actual numbers. But what portion of new ARR came from new business and logos, and what came from the existing base? Thank you.

George Kurtz:

And when we look at things like identity, which is part of the emerging module category, identity for me is the new EDR. A few -- it wasn’t that long ago that EDR was something new for folks. And now, organizations routinely adopt it. And we see the same sort of buying pattern with identity. If you have advanced endpoint protection using AI, if you add EDR and now you add identity, that’s a winning formula. So, we see a great opportunity to continue to sell into the installed base identity, and we talked about 30% quarter-over-quarter increase in identity. And we see a long runway. So, when we think about EDR, the next iteration of that will be adding identity to it.

Maria Riley:

It looks like we lost Fatima again.

George Kurtz:

Sure. As we talked about over the course of the pandemic and prior earnings calls, we, certainly, in the beginning, saw some buying for people that were working at home. But that was short-lived. And I think on the back side, two years plus in the pandemic and coming out of it, I think if you look across the growth quarter-over-quarter, again, it’s reflective in a strong demand environment and not related to anything that’s pandemic. So, as we talked about before, digital transformation is happening, security transformation is moving to cloud. Those are all long-term sustainable trends. And after pretty much the first quarter or so of the pandemic, there’s not much to talk about in terms of corporate endpoints.

Brad Reback:

George, obviously, a lot of your high-profile, high-multiple private peers have run into some issues here. Lately, a lot of them were talking about headcount reduction. So, maybe two-part, number one, does it open up M&A opportunities for you? And number two, I know hiring was strong in the quarter, but can it get even better? Thanks.

Operator:

And your next question comes from Gray Powell with BTIG.

George Kurtz:

Yes. I’ll answer first and then I’ll turn it over to Burt. But, when we think about where we are today and the success we’ve had, I think it’s one of the areas where security is not going to go away. The threats are going to continue to get worse, and we’re going to continue to invest. And that means getting the people that we need, that means looking at module expansion, and that means looking at other opportunities, as we just talked about in the last question, potential M&A opportunities. So, for us, it’s really about continuing to hit the gas, and we’ve been successful. We’ve seen a lot of our competitors fall by the wayside over the years by being diligent by being innovative and continuing to invest and getting stronger and stronger, irrespective of the current climate. And certainly, if it gets worse, we think we’re in a great position, enterprise software, SaaS, security, long-term contracts, great cash flow. I mean, these are all hallmarks of a very well-run and great execution-type business across. Anything to add, Burt?

Operator:

Thank you. And our last question comes from Josh Tilton with Wolfe Research. Please go ahead.

George Kurtz:

Yes. We haven’t seen any change. We continue to win at a very high rate. We’ve talked about that in the past. It’s a great competitive environment for us. We continue to convert. We talked about some of the Microsoft wins. Again, what customers are looking for are solutions that solve problems, stopping breaches, deals with some of the headcount problems that they have. They just can’t find enough good people, and ultimately saves them a lot of time and money by harmonizing their security stack in one platform, which is CrowdStrike. So, it’s still a big market. Burt talked about our market share on the last response. We’re looking to aggressively grow that, and there’s opportunities for others out there. But we believe we have the best technology, the best platform, the best AI. Testing results prove it as well and more importantly, customer success, the testimonials. And the proof is in the financial results, so. And we feel confident going into the future that we’ve got the right platform.

George Kurtz:

Great. Well, I’d like to thank everyone for their time today. We feel it was a great quarter. And we look forward to chatting with everyone next quarter. Be safe, and thank you so much.

Operator:

Thank you for standing by, and welcome to the CloudStrike Fourth Quarter and Fiscal Year 2022 Results Conference Call. At this time, All participants are in a listen-only mode. After the speaker’s presentation there will be a question-and-answer session. [Operator Instructions] As a reminder today's call is being recorded. I would now like to turn the conference to your host, Ms. Maria Riley, Vice President of Investor Relations. Please go ahead, ma'am.

George Kurtz:

Thank you, Maria, and thank you all for joining us. Before we get started, I would like to acknowledge the war in Ukraine. Our deepest thoughts and support are with all of those impacted by this tragedy as we are reminded of the terrible human toll that military conflict brings. We are hoping for peace in Ukraine and the broader region. Turning to our financial results. I will start today's call by summarizing four key points. First, CrowdStrike delivered an exceptional fourth quarter that far exceeded our expectations. This quarter's results are headlined by an acceleration in net new ARR growth for the second consecutive quarter to reach $217 million. Record 19% non-GAAP operating margin and record free cash flow of $127 million or approximately $197 million when excluding the IP transfer tax payment related to the acquisition of Humio. Second, our success outside of traditional endpoint security is now punctuated by both scale and hyper growth as we surpassed the $150 million ARR milestone, while growing in excess of 100% year-over-year for our IT hygiene, vulnerability management, identity protection and log management modules collectively. Third, we exited the year with tremendous momentum for ARR derived from Falcon deployments in the public cloud, where ARR eclipsed the $100 million milestone and grew 20% quarter-on-quarter as we lead the effort to transform security for the public cloud. And fourth, as you can see from our outstanding results, our growth engine is executing on all cylinders, which includes our thriving partner ecosystem. One partner, I'd like to highlight is AWS. In fiscal 2022, ending ARR transacted through the AWS marketplace grew more than 100% year-over-year. Furthermore, CrowdStrike ended the year as one of the top ISV partners by transaction volume on the AWS Marketplace, with partner source deals growing strongly throughout the year. We believe this speaks to the success of our partnership with the world's largest public cloud provider and highlights the value we can provide to both partners and customers alike. Now, let's discuss our results in more detail. Net new ARR growth accelerated for the second quarter in a row to reach $217 million, and for the first time in company history, surpassed the $200 million milestone. Demand was driven by expansion in the core endpoint market as well as a record quarter for cloud, identity protection and Humio. Growth was also fueled by rapid customer expansion among companies of all sizes from large enterprises to small businesses. We added over 1,600 subscription customers for the third consecutive quarter, bringing the total number of customers that rely on CrowdStrike to protect their business to 16,325, a 65% increase year-over-year. Demand in the quarter was broad-based and new wins included sizable deals with multiple top global financial services organization, a record number of new Falcon Complete customers, including Fortune 500 and multinational companies across the technology, media, telecommunications, education and government sectors, among many others. Record lands for our Cloud Workload Protection module and Horizon, our agentless cloud security posture management module, including wins at a large US insurance provider, a Fortune 250 software company, and a Fortune 50 energy company. We achieved another record quarter for our identity protection modules, which significantly differentiates Falcon in the field and continue to lead to higher win rates. Key wins included a global leader in customer experience management, a global financial services company, public sector agencies and multiple wins in the Fortune 500. Q4 was also another record quarter for Humio with wins across multiple verticals such as retail, financial services, manufacturing, technology and transportation. Our success with Humio this quarter included securing a seven-figure deal with a financial services customer, whose existing log management solutions have become budget prohibitive given the exponential growth of data being captured by their dev ops team. And lastly, we are thrilled to announce that Cloudflare, a trusted CrowdStrike technology partner, on a mission to build a better Internet, became a new customer in the quarter, adopting both Falcon Complete and Horizon. We look forward to deepening our natural partnership and identifying even more opportunities to work together. Among these many fantastic recent wins, let me take a moment to share some additional details about the expansion with a Fortune 50 financial institution that I think exemplifies our technology advantage in action and why scalability and trust matter. Mid-year, this particular customer had chosen CrowdStrike to protect its traditional endpoints and displace the legacy incumbent. At approximately the same time, for relationship reasons, this organization had chosen a next-gen competitor to protect a server environment. But after six months, they were still struggling to deploy the other vendors' products in its server environment. They were plagued by forced reboots, significant memory usage and unmet product road map promises. While they struggle to get their service protected, Falcon was fully deployed across their hundreds of thousands of endpoints in a matter of weeks without requiring a reboot. Side-by-side, we showcased our differentiation on a broad scale and a real production environment. This customer was able to see the rich telemetry Falcon provided in real time and the power of our security cloud, all resulting in better efficacy. This customer terminated the other vendors contract and is now deploying Falcon to protect their services globally. This is just one of many customer stories that demonstrate the fundamental reason why we have earned our leadership with increased win rates and record displacement, efficacy, scalability, manageability, real-time versus batch mode and importantly, our ability to consolidate agents while solving a growing number of real-world business problem. Q4 was also a record quarter for our partner ecosystem. In total, for fiscal year 2022, we gained significant leverage from our partner ecosystem. During the year, partner stores ending ARR grew 83% year-over-year with our MSSP business growing more than 200%. Our architecture is fundamentally different from any other vendor we see in the market. While our technology advantages are vast, it all starts with how we design the platform from the beginning with smart filtering capabilities on the agent, which gives us the ability to dynamically adjust our aperture to stream rich telemetry to the cloud in real time. We believe these foundational architectural elements have created a high barrier to entry, while competitors operate batch mode and struggle with storing data on the endpoint. We continue to extend our technology leadership across the entire platform. As we announced yesterday, Humio sets the standard for streaming index-free data ingestion and reached a new benchmark of over 1 petabyte of data ingestion per day. CrowdStrike will continue to leverage the speed and scale of the Humio engine to extend our position in the XDR space. You have heard me say that CrowdStrike is more than just an endpoint provider. The success of our platform strategy is reflected in the hyper growth we are deriving from many of our modules as well as our strong module adoption metrics, which have consistently increased quarter-after-quarter. In Q4, subscription customers with four or more, five or more and six or more modules increased to 69%, 57% and 34%, respectively. As both new and existing customers increasingly trust Falcon to solve security challenges outside of core endpoint, we have multiple product areas contributing significantly to ARR growth. We are seeing tremendous growth from our emerging products that solve use cases outside of traditional endpoint protection. This includes our discover, spotlight, and identity protection modules as well as Humio. ARR for this group grew more than 100% over last year, contributing $157 million to FY 2022 ending ARR. These modules are significant growth drivers for our overall business with ending ARR for these modules growing 30% quarter-over-quarter and representing approximately 17% of our Q4 net new ARR collectively. Our success to date in these adjacent areas speaks to the extensibility of our platform outside of core next-gen AV and EDR, the data we collect and our ability to make meaningful inroads in accessing new TAMs. Changing from a module perspective to a deployment environment view, our public cloud business surpassed the $100 million milestone in Q4 to reach $106 million in ending ARR. This milestone encompasses our modules deployed in the public cloud, including our cloud runtime protection and CSPM modules. We have seen tremendous momentum in this business as we exit the year. Ending ARR growth for our business when viewed through a cloud deployment lens outpaced the growth of our overall business, growing 20% quarter-over-quarter and represented approximately 8% of our Q4 net new ARR. Cloud workloads are increasingly targeted by adversaries and are largely under-protected, representing a significant growth opportunity in FY 2023 and beyond. Moving to the market dynamics. There are powerful tailwinds driving our markets, and we do not currently see any indication that these trends will abate anytime soon. The adversaries are certainly not slowing down, actually quite the opposite. As we've published in our most recent global threat report, 2021 provided no rest for the weary with an 82% increase in ransomware-related data leaks. As the nation's state events of the past few weeks have demonstrated, cyberspace is center stage joining land, air, sea, and space as the fifth dimension of warfare. There are no borders in cyberspace and the cyber blast radius has no bounds, putting every organization and government at risk as attacks can extend far beyond their intended targets as we saw with NotPetya. Last year, 62% of attacks we observed were malware-less with most of these involving compromised identities. We expect that both e-criminals and nation-state adversaries alike will continue to exploit vulnerabilities across endpoints and cloud environments and ramp up tradecraft around the use of identity and stolen credentials to bypass legacy defenses. In addition to advancing adversary tactics in a heightened threat environment, organizations must contend with the ongoing security skills gap, which we have seen drive increased demand for our Falcon complete offering. To help companies combat the increasing threat of compromised identity, last week we launched Falcon Identity Threat Protection Complete, the industry's first managed identity solution and a new way to help customers scale their security teams to protect against sophisticated attacks and stop breaches. Additionally, the attack surface is expanding rapidly and the digital supply chain is ever growing as organizations embrace digital transformation and move more workloads to the cloud. We believe our TAM continues to expand, and all of these factors will lead to sustained market growth for the foreseeable future. We also continue to see a very favorable competitive environment and multi-year runway to displacing legacy endpoint vendors, which is bolstering our growth as companies look to transform their security stack. Before I hand it over to Burt, I will provide some final thoughts on the big picture of what we see unfolding. As I shared with you in my opening comments, in addition to our growing leadership in the EPP market, we now have multiple vectors driving our growth and scale that are outside what some might consider our core. We have been very deliberate and purposeful in choosing to enter markets. Enterprise risk is coalescing around three critical areas

Operator:

Thank you. [Operator Instructions] Our first question comes from Saket Kalia of Barclays. Your line is open.

George Kurtz:

Sure. Thanks, Saket. When you look at our Identity Zero Trust module, which came from the Preempt acquisition has now been integrated into the platform, which makes it seamless. It's obviously been a standout for us, because when we think about the threat environment, we've seen many of these breaches abuse identity, abuse directory services, and there's a massive compliance issue in just understanding all of these accounts where they live and who has access to privileged accounts. So, this is a highly differentiated module. Our competitors really don't have anything that's close to this. The way it works, the AI algorithms that we have built around it that we got from the Preempt team, and the expertise that we have in this area. So, it certainly is a big way for us to help differentiate the platform among many others. And it has been an absolute standout for us. And I think we've taken the time and effort to do the integration right, which is an important part of the way CrowdStrike looks at its platform.

Operator:

Thank you. Our next question comes from Sterling Auty of JPMorgan. Your line is open.

George Kurtz:

Sure. Thanks Sterling. When we look at the cloud business and I think we put some good disclosures around our penetration there. To us, it's still a greenfield opportunity. And the beauty of our platform is that we cover two very important areas; one is runtime protection; and the second one is cloud security posture management. And there are companies that have one or the other. We actually have both, and they're integrated across our Falcon control plane, which makes it very effective. We also have the ability to identify indicators of attack, which is much different than just misconfigurations. So, when you combine those together and you think about containers and Kubernetes clusters, the configuration, whether they have vulnerabilities, whether it's traditional virtualization and everything in between, we're covering a big part of the overall security stack of what people are looking for in that runtime protection visibility. So, we still feel it's in the early innings. We've got great technology in both the agent side, if you will, and some of it is agentless with cloud security posture management. But we make it very easy and effective for the DevOps teams to -- that's who we're selling to in these areas and we've gotten pretty good at it, to be able to implement this as part of the CICD pipeline.

Operator:

Thank you. Our next question comes from Andrew Nowinski of Wells Fargo. Your line is open.

George Kurtz:

Sure. So, thanks. When you think about our partner opportunities and CrowdStrike, first, we're a partner-first company. That's the way I built it. We haven't wavered from that. And there's many areas of partnering, everything from traditional resellers to managed service providers to cloud providers and hyperscalers like AWS that I talked about earlier. So, why have we been successful there? Well, we've taken the right approach to not compete with partners, to augment what they're trying to do. And what we've seen in the managed service world is that the managed service providers are looking for the best endpoint platform that they can plug in and offer other services. I think we've figured out a way to complement the services that they have in those areas, and it's been very effective. And of course, customers want our technology. So they're clamoring to these partners to work with us. So we will continue to do that. And I think we've put some great proof points out on our success in managed service, in the cloud providers as well as traditional resellers. And when we think about CISA, it's a fantastic validation for us in the Federal government. I've spent time in Washington, I was just there recently. And there's a lot of excitement about our technology finally being able to be deployed there. As you know, you have to go through a lot of different compliance and accreditations to get to sell in the Federal government and we worked through those. We continue to work through those at different levels. And it opens up a massive opportunity for us that we've seen a big pull from customers' interest in that particular vertical because of the aging technologies that they've been saddled with in the past. So more to come on that, but very excited about the opportunity today and in the future.

Joel Fishbein:

Hey, thank you and congrats on a fantastic execution. I have a quick question for George and a follow-up for Burt, if I could. George, you just GA-ed Falcon XDR module. I think there's a lot of noise in the space. Can you talk about Falcon XDR and how it's different than the other products that are out there? And why it's important going forward?

Operator:

Thank you. Our next question comes from Brent Thill of Jeffries. Your line is open.

Burt Podbere:

Hey, Joe, thanks for that. So in terms of our methodology, nothing has really changed. We guide to what we see. We do not guide to running the tables. So absolutely no change there. I think that the question about going and capturing some of the additional markets outside of core endpoint, I think we've given some good disclosures about some of our momentum. We don't see any of that momentum fading and we are excited about both core and some of our mortgage emerging products. And so when we think about it and when we look at our pipeline and we look at the opportunities in front of us, we get really excited about both opportunities. And then you drill down even a little further, and we get excited about being able to sell both those opportunities to both the largest enterprise companies in the world all the way down to some of the smallest. So that's how we think about it.

Matt Hedberg:

Great. Thanks for taking my question guys. Congrats. Lots of things to talk about here. I guess, Burt, for you, one of the things that really stood out to me was when we look at ending ARR per subscription customer, that had declined sequentially for many quarters. In Q3, it was kind of flattish, maybe up a little bit. But Q4, according to my math, it was up about 3% sequentially, really, really strong. And I think to me, that speaks to your cross-sell ability. I'm wondering, when you think about the guide for next year, what are some of the assumptions around ending ARR per subscription customer? Should that continue this kind of upward sequential trajectory at this point?

Operator:

Thank you. Our next question comes from Tal Liani of Bank of America. Your line is open.

George Kurtz:

Yes. Thanks, so George here. When we look at the competition, I think, this quarter, we put a punctuation mark on a competitive point. When you see the growth, you see the cross-sell, you see some of the modules outside of just the core. We've never seen a better competitive environment for us. We're entering the quarter with the largest pipeline. We've got lots of replacements in the legacy world, lots of replacements in the next-gen world. And truly differentiated platform with our modules, we have 22, just to be clear. And when you look at what we put together in the endpoint and workload protection visibility space, combined with identity, which is very unique to us that others don't have, combine that with data now, with SecureCircle. It's a true platform that customers are looking to buy and understand that they can consolidate agents, reduce costs and get much better outcomes. And then you combine our world-class offerings like SaaS and Complete and OverWatch on top of it, and it certainly is a winning combination. So full steam ahead from us on the competitive side, and we continue to out-innovate and build what we believe is the best platform in the industry. Burt, I'll let you take the module take rates.

Operator:

Thank you. Our next question comes from Alex Henderson of Needham. Your line is open.

Burt Podbere:

Hey, Alex, it's Burt. Thanks for your questions. I'll take the first clarification point, and then I'll pass it to George to talk about the Mandiant acquisition. So what we came out and said is that, obviously, that our pipe going into the year is the greatest pipe we've ever seen in company history. I think I'll leave it to everybody else and you on the call to kind of figure out what that means in terms of net new ARR. But generally, I think that, combine that with the momentum that we've talked about in the business, we feel really good about starting the year. And then I'll turn it over to George to -- for your second part of the question.

Operator:

Thank you. Our next question comes from Fatima Boolani of Citi. Your line is open.

Burt Podbere:

Sure, Fatima. Thank you for your question. So first, let me just start off by saying when we take a look at the guide, we take a look at, of course, what we see, not necessarily what we don't see similar on the revenue side. And then we think about the power of our model. We've got a lot of leverage in our model. Unit economics is really strong, and it's pointing to one thing, which is continue to invest aggressively, which we plan to do, and it's reflected in the guide. I think there are a few things that really shape that guide, right? One is I think that we've seen a lot of tailwinds for us. We see momentum in the business, so scale and how we think about the revenue guide really plays a big role in terms of how we think about our margin guide. But we do take into consideration things like inflation; we take into consideration what we're seeing out there in terms of talent, it is talent war that we’re seeing on a day to day basis, not only for us but for others in the space, and we've got to differentiate ourselves from others to attract folks to come and join us. And we've done a really good job so far, but pedal to the metal in terms of hiring. And then your last piece of the question with respect to travel, I think that it's going to be more than it was last year, knock wood. Obviously, it's a result on how the pandemic plays out this year. But the idea is that we do plan on more travel. We want people to get together. We want people to collaborate. We want to go and visit customers on the one hand. On the other hand, I think every CFO out there is taking a look at what was done in the past and then how they think about the future and is looking for highest and best use of travel, and I'm no exception. So I'm going to take the opportunity to make sure that we've got all the controls in place to make sure that we are doing just that, making sure that we are looking at the highest and best use dollars for travel. And I think everybody will be appreciative of that. And I think that, as a company, it just goes to continue our story about being a really, really, really well-plated company in all aspects of the business, from tech to go-to market to finance. I hope that answers your question.

Joshua Tilton:

Hey guys, thanks for taking my question. You spoke a lot in the prepared remarks about the success of the non-endpoint modules. Can you just comment on the demand environment as we enter the year, but more specifically compare and contrast the demand for endpoint modules versus the demand for the cloud security and identity modules? Where are you seeing the highest demand of those three categories? And how does that maybe compare to this time a year ago?

Operator:

Thank you. Our next question comes from Rob Owens of Piper Sandler. Your line is open.

George Kurtz:

Yes. Sure. Rob, we thought it was appropriate with some of our parts in the industry to see where we can help. And when you look at critical infrastructure and what the government is really concerned about hospitals, pipelines, things of that nature. It's super important that, they're protected. And there aren't whole bunch of enforce standards in some of these areas. And a lot of times, they're under protected for a variety of reasons. So we thought, it was the right thing to do in terms of offering our technology out there for some period of time. And we think, we're going to be able to hopefully move the needle at protection in places where it may have not has been as good. And then obviously, we'll look to see how that pans out from a business perspective. But first and foremost, we're just trying to do the right thing.

Jonathan Ruykhaver:

Yes. Hey, guys. Congrats. I'm wondering, if you could just provide some color on the free tiers, whether it be the Humio community edition. I think you've introduced that some sort capabilities as well. Just curious, how you're thinking about that sales motion. Is there an opportunity to introduce those free tiers more broadly going forward?

Operator:

Thank you. Our next question comes from Ittai Kidron of Oppenheimer. Your line is open.

George Kurtz:

All right. So, I'll take the first part. When we think about how customers land, let's take a couple of examples. So, cloud workload protection, cloud security caution management horizon. Absolutely, they can land there first before they put Falcon on any of their what we'd call traditional endpoints. And we see that all the time, same with Humio. When you think about something like identity, that becomes a driver for why they're calling us. They're looking at their existing solutions, saying, hey, we need a solution in the endpoint identity space. You guys are the only folks that have it, come in and talk to us. And then traditionally, we will land with that amongst something else, right, probably the endpoint detection or EDR. And the beauty, again, of our model is single-agent collect data one time, all the modules become available. So, once we get the agent on that system, everything else opens up to us from a module perspective. So, there's different demand drivers. And then there are specific technologies, which are just natural for us to lead with and sell and then be able to cross-sell in other place in their organization, like cloud workload protection and cloud security posture management. Burt?

Operator:

Thank you. And our last question comes from Gregg Moskowitz of Mizuho. Your line is open.

George Kurtz:

Great. Well, we still see a big runway of customers, potential customers in the Fortune 500 that aren't on Crown tracking, we've seen obviously a lot of interest there. And I think enterprise customers understand if they're looking for the best protection at scale with the manageability, CrowdStrike is the technology of choice, and we've built our gold standard reputation in that arena. So that's what I would say there. Burt, anything else to add? I know we're short on time.

Operator:

Thank you. I’m showing no further questions, I'd like to turn the call back over to Mr. Kurtz for any closing remarks.

Operator:

Thank you. Ladies and gentlemen, this does conclude today's conference. Thank you all for participating. You may now disconnect. Have a great day.

Operator:

Thank you for standing by, and welcome to the CrowdStrike Holdings, Inc. Q3 2022 Financial Results Conference Call. At this time, all participants are in a listen-only mode. After the speakers' presentation, there will be a question-and-answer session. [Operator Instructions] As a reminder, today's conference call is being recorded. I would now like to turn the conference to your host, Ms. Maria Riley, Vice President of Investor Relations. Please go ahead.

George Kurtz:

Thank you, Maria, and thank you all for joining us. I will start today's call by summarizing three key points. First, we delivered an outstanding third quarter headlined by an acceleration in net new ARR growth, strong execution across the market, from large enterprises to small businesses and expansion within the U.S. federal government. Second, we are seeing an inflection in new products with growing demand for our identity protection and Zero Trust, Humio and cloud security modules. And third, the competitive and pricing environment remains favorable to CrowdStrike. We continue to expand our lead over legacy and next-gen vendors because of our scalability, efficacy and differentiated offerings such as Falcon Complete. Now let's discuss our results and get into the topics in more detail. We delivered a robust third quarter with net new ARR growth accelerating and ending ARR growing 67% to surpass the $1.5 billion milestone. We added $170 million in net new ARR, which was ahead of our expectations and gained over 1,600 net new subscription customers for the second consecutive quarter. We proudly serve 14,687 subscription customers. In addition to accelerating net new ARR growth, we delivered record bottom line results and free cash flow reaching a new high watermark of $124 million. In the third quarter, we saw broad-based strength in multiple areas of the business and among SMB mid-market and large enterprises. Our outstanding results this quarter reflect continued strong customer adoption of our core products, growing success with our newer product initiatives, including identity protection, log management and cloud and our growing leadership in the market with a continued groundswell of customers turning to CrowdStrike as their trusted platform of record with our 21 modules. We also gained significant momentum and delivered a record quarter in the public sector, including wins with educational institutions, states and local governments and the U.S. federal government. Our performance on this front is highlighted by a large win with CISA, the Cybersecurity and Infrastructure Security Agency, to secure a significant portion of endpoints and workloads for multiple federal agencies as they operationalize the White House executive order to improve the nation's cyber resiliency. This win represents the culmination of our dedication and hard work over the course of several years on our public sector strategy and government certifications. We believe this significant win will create new opportunities and unlock additional business within the massive U.S. federal government. For additional information, please visit my new post to the CrowdStrike blog. Moving to the competitive environment. We continue to believe we have a significant technology lead with no competitor matching our scalability, performance, ease of use and commitment to customers. I could not be more excited by our opportunity, which has continued to grow. This quarter, our win rates increased across the board, and we saw a record number of wins against both legacy and next-gen vendors with SMB, mid-market and large enterprise customers. We also landed a record number of wins and displacements over a recently public next-gen vendor, SentinelOne. To be clear, we define a displacement as removing an incumbent's product and replacing it with Falcon. Let me share a recent example with one of the largest nonprofit hospital systems in the U.S. which had initially chosen the recently public next-gen vendor based on price and promised features that were never delivered. Just a few months into their multiyear contract with the other vendor, this organization realized the product fail to scale, cause major performance issues, prohibited critical processes from functioning properly and drove significant friction within the organization and its subsidiaries. That is when they turned to CrowdStrike, purchased multiple modules in a multimillion dollar ARR deal and realized immediate improvement, gaining up to 30% performance increase on their servers alone and greater efficacy without intrusive false positive. Another marquee win this quarter included Qualtrics, a leader in experience management. Customer focus and trust are key parts of Qualtrics' DNA. Therefore, it was critical for them to adopt best-of-breed security capable of fortifying their entire estate of traditional endpoints and cloud workloads without sacrificing end-user experience. Qualtrics moved off the next-gen endpoint security provider to Falcon in order to have a single solution that can be easily deployed and scaled along with their fast-growing business. We look forward to continuing our relationship with Qualtrics as their trusted security partner. We continue to see success winning new customers among our larger competitors as well. Take for example a leading health care system that was using a combination of two legacy vendors, Microsoft and Symantec when it was hit with a massive ransomware attack that disrupted their business. This organization turned to CrowdStrike's renowned incident response services team to remediate the breach. They also came to realize that while Microsoft attempts to check most of the boxes on paper and appeal to the CFO office, in reality, when every second counts, they needed CrowdStrike and standardized on Falcon Complete. With our leading technology, unmatched platform and adversary-focused approach to stopping breaches, we continue to eclipse our competitors and extend our leadership, which was once again recognized by industry analysts and third-party testing agencies, including IDC which named CrowdStrike, a leader in IDC Marketscape worldwide modern endpoint security for enterprise 2021 vendor assessment. Enterprise Management Associates, EMA granted Humio their top three award in log management and observability. Humio was recognized for its index research and its ability to ingest structured and unstructured data at real time and at scale. Last month, SE Labs recognized CrowdStrike as the best endpoint detection and response product for the second year in a row. And just this week, CrowdStrike earned the highest rating in the October 2021 Gartner Pure Insights Voice of the Customer for endpoint protection platforms. Cyber adversaries are increasingly attempting to accomplish their objectives without using malware. As we cited in our 2021 Threat Hunting report, based on recent customer data indexed by Threat Graph, 68% of detections analyzed were not malware-based. This is why companies need to employ a holistic breach provision strategy rather than overly relying on malware prevention regardless if it's legacy or next gen. This increasing trend in the adversary landscape is driving a generational shift to Zero Trust technologies, including CrowdStrike Falcon. We are seeing this trend play out in our modular adoption metrics which have continued to increase. Our module adoption rates demonstrate the flywheel effect of our platform in motion with subscription customers that have adopted four or more modules, five or more modules and six or more modules increasing to 68%, 55% and 32%, respectively, in the third quarter. We believe high adoption rates of our modules drive high retention rates and reflect our growing position as the trusted platform of record with the average number of modules per customer also increasing quarter after quarter. Our results have proven quarter after quarter that transformational differentiation built into the Falcon platform continues its technology dominance over legacy and next-gen vendors alike, delivering strong results in the field. On the cloud front, our footprint continues to grow even faster than our overall server endpoint growth with over 25% of the servers we protect now in the public cloud. CrowdStrike has redefined the approach to cloud security. With Falcon Horizon, we are selling into and enabling DevOps teams to improve decision-making and innovate faster. Falcon Horizon is API-driven and agentless, enabling customers to scan configurations and workloads across multiple cloud environments. Falcon Horizon provides continuous control plane threat detection and machine learning and indicator of attack detection as well as guided remediation for all cloud accounts, services and users across the cloud estate. During the quarter, we extended Falcon Horizon to support Google Cloud environments now supporting the three largest clouds. We also deepened our partnership with AWS with new features that work hand-in-hand with services from AWS to further protect customers from growing ransomware threats and increasingly complex cyber attacks. Moving to the partner front. As our leadership in the market increases, our partnerships grow and deepen with large name brand system integrators, VARs and MSSPs alike, building revenue streams for their businesses with Falcon. The third quarter was a breakout quarter for our MSSP ecosystem with our MSSP business growing more than 30% quarter-over-quarter and triple digits year-over-year. We also expanded our relationship with Google by joining their Work Safer program, which is designed to protect organizations, including small businesses, enterprises and public sector institutions against modern cyber attacks. Just as we usher the industry into a new era when we launched EDR and pioneered Zero Trust for the endpoint with deep visibility, we are leading the industry forward and once again, redefining security by focusing on the greatest source of enterprise risk and friction. Unlike any other competitor in the market today, our identity protection modules give customers the ability to prevent the spread of ransomware and stop lateral movement when credentials are stolen. This is a major advantage to winning deals in the field and increasing deal size. The third quarter marks the one-year anniversary of our acquisition of Preempt. And in this one quarter alone, we generated quarter included AIA Insurance, one of the largest public insurers in the Asia Pacific region; multiple major airlines; and a Fortune 100 manufacturer. CrowdStrike already natively enforces Zero Trust protection at the device layer and the identity layer. By harnessing technology from our recent acquisition of SecureCircle, we plan to take data protection to a new level by enforcing Zero Trust at the data layer. Legacy point products like DLP are aging, brittle, prone to false positives and require a high reliance on human intervention. Based on IDC estimates, we believe the market for DLP and related technologies to be approximately $3 billion in calendar year 2022. Our innovative approach to data protection will put power back into the hands of customers without changing the way users work. Moreover, after we combine SecureCircle's technology with CrowdStrike Zero Trust modules, customers will gain even more fine grain visibility and control as well as continuous risk monitoring to detect and respond to threats, whether they manifest as a device, identity or data layer. While the acquisition just closed and it will take some time to integrate into the Falcon platform, we have already received a tremendous response from customers that would like to replace their legacy DLP products from the likes of Symantec with Falcon's data protection module delivered through our single lightweight agent. CrowdStrike is the only platform in the market to connect the machine to identity and to data. It has been an unparalleled year of innovation at CrowdStrike. At this year's Falcon User Conference, we showcased our thought leadership, newest innovations and continued commitment to providing customers gold standard protection to stay ahead of adversaries today and in the future. Our new Falcon XDR module headlined the event. Falcon XDR leverages the technology we acquired from Humio and extends CrowdStrike's industry-leading endpoint detection and response capabilities to deliver real-time detection and automated response across the entire security stack. We also launched the Crowd XDR Alliance, which is a groundbreaking partnership with industry leaders including Google Cloud, Okta, ServiceNow, Zscaler, Proofpoint and Mimecast, among others. We invite you to learn more about XDR and our other new capabilities as well as here discussions with our partners, AWS and Accenture, and our customer Zoom by tuning into our Falcon Investor Briefing, which is accessible on our Investor Relations website. Turning to Humio. Q3 was a record quarter, and we see increasing momentum in the log management space that has exceeded our expectations. In addition to the seven-figure new customer land with the DevOps team of a financial services company, we mentioned on our last call, Humio wins in the third quarter included a Fortune 150 food brand, a leading European cloud-based e-commerce platform company and Mimecast, a leader in cloud-based e-mail management and security and a CrowdStrike technology partner. We are also seeing strong uptake for our recently announced Humio Community Edition, which gives users 16 gigabytes of streaming data ingestion per day with seven-day retention for free. In less than six weeks since our launch, we have already reached 100% of our six-month customer registration goal. Humio's log management platform is unmatched in speed, performance and storage ability. Humio Community Edition offers customers unprecedented access to best-in-class log management that they won't see anywhere else. We expect this program to be a strong avenue for lead generation as customers experience the power of Humio. Before closing, I would like to announce that we are promoting Jim Seidel to Chief Sales Officer, and he will be responsible for global sales. Jim has been with CrowdStrike for over eight years. And for the past five years, he has done an outstanding job leading our Americas sales team, our largest region and contributor to United States revenue, which accounts for 73% of our total revenue. During Jim's tenure, Americas revenue has grown significantly and exceeded my expectations quarter after quarter. And for the past four months, while Mike Carpenter was on leave to welcome the arrival of his child, Jim has served as acting Head of Global Sales and Field Operations. And true to form, as you can see from the results we published today, Jim delivered an exceptional third quarter on a global basis. Mike is transitioning to an advisory role until his departure from the Company to spend more time with his family. We are very grateful to Mike for his years of service and contributions to building a world-class sales organization. Mike, it has been a great partnership, and I can't thank you enough. We wish you all the best. In closing, we delivered an outstanding third quarter that can be characterized by phenomenal execution across the board and accelerated net new ARR growth. We continue to see a very favorable competitive environment today and into the future. We continue to expand our leadership and rapidly innovate as we once again redefine security. Looking forward, I could not be more excited about our future opportunities for growth. We have built a best in SaaS platform that not only significantly expands our reach beyond the core endpoint market, but also unifies the opportunity across cloud security, log management and identity protection. We see a long runway ahead in displacing legacy and next-gen point product vendors. And the fourth quarter is off to a great start, it already includes a notable land with one of the world's largest financial institutions. With that, I will turn the call over to Burt to discuss our financial results in more detail.

Operator:

[Operator Instructions] Our first question comes from Saket Kalia of Barclays Capital. Your line is open.

Burt Podbere:

It's a good question. But in regards to pricing and it's been the same way for quite some time, discounting has remained consistent with prior quarters. And I think it highlights the differentiation of our platform and the value we bring to customers. We talk about value selling for quite some time. So it's allowing customers to center on us and take off other vendors, and that allows us to offer our customers lower total cost of ownership. And that really matters. In terms of the platform, I'll turn it over to George to talk a little bit about that.

Saket Kalia:

That makes a lot of sense. George, maybe just a follow-up for you. Congrats on the CISA contract. I was wondering if you could just dig into that just one level deeper and maybe talk a little bit more broadly, but how much opportunity you feel like CrowdStrike has within the federal government on the whole?

Operator:

Thank you. Our next question comes from Sterling Auty of JPMorgan. Your line is open.

Burt Podbere:

I'll start. Sterling, so when we think about our Cloud Workload Protection, so right now, what we can tell you is that it's growing, it's continuing to grow, and we've seen growth in the amount of opportunities that are available to us in the cloud. Right now, we -- what we do talk about is the fact that 25% of our servers that we protect are in the cloud. So that's just giving you an indication of where we're going. Maybe George has a couple of other comments on that.

Operator:

[Operator Instructions] Our next question comes from Alexander Henderson, Needham. Your line is open.

George Kurtz:

Well, thanks, Alex. It's a great question. And I think if folks are looking at us as just an endpoint company, pigeonholed endpoint company, they're really missing the big picture. I mean that's as simple as I could say it. We've proven that we are a platform company, as I said before, the sales force of Security 21 modules. You can look at the attach rates. And when you talk to customers and if folks really do their homework, and they talk to customers, they will see the value, and they see how we're consolidating there. So when we think about XDR, you have to start with the best EDR in the market, which is ours. It's been validated by Gartner and others and IDC, I mean, down the list. And the extension of EDR is XDR, right? And as a company who pretty much pioneered cloud-delivered endpoint security with Threat Graph and the massive data moat that we have by combining that with some of the technology we acquired from Humio and our Threat Graph. I think we're in a unique position to be able to drive additional threat detection outcomes as well as the declaration of the threat narrative, right, the attack narrative. And that's independent of Humio as a stand-alone log management observability platform. So we're really driving a lot of innovation in this area. And to your point, if you are just kind of a SIEM vendor now trying to glom on to XDR as an acronym, it's not going to work. You have to start with the best EDR in the world. And in my opinion, that's CrowdStrike.

Joe Gallo:

You have Joe on for Brent. I really appreciate the question. Burt, can you just walk through the puts and takes of margin? I think guidance implied 150 points of contraction in that 4Q. Is that acquisition-related travel investment? And then, maybe just how we should think about leverage going forward on an annual basis?

Operator:

Thank you. Our next question comes from Matt Hedberg of RBC Capital Markets. Your line is open.

George Kurtz:

Yes. Thanks, Matt. It's a good question, and we're excited about this technology. And again, it goes to our strategy of consolidating agents and getting rid of other technologies that are costly and complex and weigh the system down. When you think about FIM, it's pure and simple compliance requirement. When you think about things like PCI and in the financial services industry, you have to understand what files change and who changed them and implement controls around that. So we've been able to do a lot of that for a long time. We've enhanced some features, put it into a module. And it's been extremely well received because it is literally a check box for just about any company that's out there, given the current regulatory frameworks and the various standards that exist.

Roger Boyd:

A follow-up on the CISA contract. Can you talk a little more about the selection process here, how competitive it was? And really, the role -- you mentioned threat intelligence, but the role that that an incident response played in helping achieve this, especially if the federal government gets more collaborative through programs like JCDC.

Operator:

Thank you. Our next question comes from Brian Essex of Goldman Sachs. Your line is open.

Burt Podbere:

Brian, it's Burt. I'll take that one. So first, we're really pleased with the Yes, no problem. We are very pleased with the net new logo adds in the quarter. It's also, I think, the fact that we were able to show acceleration in net new ARR was a big deal for us. Over 1,600 new logos, that's the second time we hit that high watermark, again, really excited about the performance on the net logos. In terms of where they came in on, I think that we had exceptional performance across the board. If I was to kind of highlight anything in particular, we saw some strength in the enterprise and the mid-market as well as MSSP. And so when you put that all together, along with some of the prepared remarks on the increase in the $1 million deals, you were able to see the performance that we were able to put on the board. And remember, I talked about the fact that we had no outside or no oversized or outside deals that contributed to this quarter. And that's the -- that, again, talks to the strength of the platform and the broad-based success that we had this quarter.

Justin Roach:

This is Justin Roach on for Rob. Just wanted to follow up around the cloud security solutions like your CSPM and CWP. Have you guys seen any increase in competitive pressures in this area, given the number of players coming out it from both the network and the endpoint side? Or do you guys still view this as a largely greenfield opportunity?

Operator:

Thank you. Our next question comes from Jonathan Ruykhaver of Baird. Your line is open.

George Kurtz:

Well, we've had some big wins this past quarter with Humio, even outside security. Certainly, security is a use case, but observability and telemetry, it really is a telemetry platform. And if you think about today's environment, all the various technologies out there, all the information they're gathering, you have to have a telemetry platform like Humio to make sense of it all at scale. So, it's been an amazing opportunity for us since acquiring the Company. I think we underappreciated what a huge opportunity is out there, particularly a lot of dissatisfaction with current vendors, and how open people are to wanting to switch into a technology like Humio. We've got a lot of customers that we're working with right now. And I see that, as I said before, really as a shining star, as a massive business opportunity and revenue driver for us in the future.

George Kurtz:

Well, it's a good question. Falcon XDR is going to give you essentially a threat detection outcome and some visibility into an attack scenario that starts beyond the endpoint. When you think about a Humio, you can log everything. You can store it pretty much forever. You can connect it to whatever you want to connect it to, and you can drive observability information from things that are outside just core security, things like connecting it to your HR system, to your performance management systems, to all the various workflows in your environment. That's not the use case of XDR. Security use cases XDR and Humio goes way beyond that.

Patrick Colville:

Can you just talk about partnerships? I mean, you hopefully shared a statistic in the kind of opening remarks around, if I'm not mistaken, 30% sequential growth in partner-sourced deals. I guess, is that right? I'm just hoping to understand that the kind of partnership dynamic. And I guess the reason I ask because I know that some of the investors have a concern that other next-gen EDR vendors are more partner-friendly. So kind of any color you can give around CrowdStrike and partnerships and kind of try to quantify the trend you're seeing there would be very helpful.

Operator:

Thank you. Our next question comes from Josh Tilton of Wolfe Research. Your line is open.

Burt Podbere:

Sure. So first, let me start with that Q4 is off to a great start. We've got the record pipeline, record momentum, and we already landed a notable financial large financial -- global financial institution, so off to a great start in Q4. But again, we're coming off of a record Q3 at $170 million net new ARR super proud of that record and obviously really strong throughout this year. So when you -- when we look at comps, obviously, my comments are more to the fact that when we guide and we're guiding to revenue, we don't guide to running the tables. We guide to what we know, not to what we don't know. And so that comment just wanted to put everything into perspective for us. The numbers are getting bigger and bigger, and that's great for us. But as you know, when you think about the law of large numbers, then you're going to have -- and you don't guide to running the tables, that's why I put that comment in there.

Unidentified Analyst:

This is Daniel on for Mike. So the prepared remarks, you noted that your identity modules generated more net new ARR than Preempt did previously while they were stand-alone. Are there any notable customer segments you're seeing the strength in? Or was the demand pretty broad-based across the board?

Operator:

Thank you. Our next question comes from Shaul Eyal of Cowen Company. Your line is open.

Burt Podbere:

It's Burt. Can you just repeat the main bulk of your question because it got garbled a little bit? Your line is open.

George Kurtz:

Well, it has. And when you look at some of the companies that we've talked about in the past, I mean, there's a lot. I'm sure I can't single everyone out, but I think Zscaler is a good example. You look at that partnership, you look at what we're doing, what they're doing on the network side, the integrations that we're able to share data, what we're doing with -- from an XDR perspective, and it makes sense. We're pulling them into deals. They're pulling us into deals, and we're meeting in the field and adding value to the customers and obviously gaining a lot of traction with those customers. And that's just one example. We're doing that across the board in our technology alliance partnerships.

Gray Powell:

Great. So yes, I know you've talked about how you're more of a platform company than just an endpoint provider, but I'm going to ask an endpoint question, if that's okay. So just high level, the last two years in the endpoint space, it's just been really strong. I'd call it almost like a near perfect storm. How do you feel about the demand environment for the market as a whole, looking into next year just on a relative basis? Like do you think 2022 would be the same, better or worse than 2021 for the market?

Operator:

Thank you. I'm showing no further questions at this time. I'd like to turn the call back over to George Kurtz for any closing remarks.

Operator:

Ladies and gentlemen, this does conclude today's conference. Thank you all for participating. You may now disconnect. Have a great day.

Operator:

Thank you for standing by and welcome to the CrowdStrike Holdings Second Quarter Fiscal Year 2022 Financial Results Conference Call. At this time, all participants are in a listen-only mode. After the speakers presentation, there will be a question-and-answer session. [Operator Instructions] As a reminder, today's conference call is being recorded. I would now like turn the conference to your host, Ms. Maria Riley, Vice President of Investor Relations. Please go ahead.

George Kurtz:

Thank you, Maria and thank you all for joining us today. We delivered an outstanding second quarter, with rapid subscription revenue growth and record net new ARR generated in the quarter. We saw strength in multiple areas of the business, added $150.6 million in net new ARR and grew ending ARR 70% to exceed $1.34 billion. Our continued strong performance was driven by the groundswell of customers turning to CrowdStrike as their trusted security platform of record. We saw strong demand across the market which for us spans large enterprise, mid-market and SMB customers. Our success in gaining share in each of these market segments is reflected in our net new customer growth rate which on an organic basis accelerated in the quarter. In total, 1,660 net new customers chose CrowdStrike as their security partner, bringing our customer count to 13,080. The CrowdStrike brand is viewed as the gold standard in security. We designed the Falcon platform and our Security Cloud to add value and improve the security posture of any organization, regardless of size and sophistication. Customers new to CrowdStrike this quarter included a household name in the consumer security space; one of the largest nonprofit health care organizations in the United States; a Fortune 50 global insurance provider; and our security partner, Proofpoint, who we are excited to deepen our relationship with as both a technology and security partner. I'm also pleased to highlight that Workday, a cloud pioneer and leading provider of enterprise cloud applications for finance and human resources which CrowdStrike also uses, has now standardized on CrowdStrike Falcon across their multi-OS fleet. The threat environment remains fierce as expanding attack surface and inherent vulnerabilities in widely used operating systems, along with the complexity of active directory, leave companies of all sizes open to attack and provide a rich feeding ground for sophisticated and novice e-criminals alike. The lessons learned from recent attacks emphasize that a breach involves more than just malware which is why companies need to employ a holistic breach prevention strategy rather than overly relying on malware prevention, regardless if it's legacy or next-gen. As I have said before, nearly every breach you have ever heard of had two things in common

Operator:

[Operator Instructions] Our first question comes from Saket Kalia of Barclays Capital. Your line is open.

George Kurtz:

Sure, sure. Good to hear from you. So as you indicated and as I talked about in the prepared remarks, the threat environment, again, continues to get worse. We've seen a lot of the ransomware attacks and what it's done. And in particular, it has impacted business resiliency. It's no longer the case of encrypt a computer and reimage and carry on. It's impacting massive amounts of business and costing hundreds of millions of dollars. And I can tell you, I have done more Board briefings in the last two months than I've ever had. It seems like one a week to audit committees on this topic, particularly ransomware. When you look at big deals, how does this kind of translate? When you look at these big deals, we're talking about the media company, that was 11 modules that we landed with, so big lands and some real big commitments from customers saying, "We want all in on your platform. We want all in on Humio." And we spent a lot of time consolidating other technologies and removing agents and driving value to customers. So the big deals, the big enterprises, the big lands continue to be there. And I think we continue to get stronger and stronger every quarter in these areas.

Operator:

Thank you. Our next question comes from Sterling Auty of JPMorgan. Your line is open.

George Kurtz:

Sure. Good to hear from you, Sterling. We've actually seen an increase in our win rates across the board, legacy and next-gen. Obviously, we spend a lot of time in the enterprise but we have a very robust mid- and SMB business and we've seen strong results across the board. There's a lot of noise but I think you have to look at the numbers that we put up on the board. And one-fourth of our net new ARR is probably 94% of the total ARR. So when we think about this, it's a big market. Customers have a lot of choice. And they're focused on for breach prevention, not just detecting malware. And I think our platform, our ability to scale, our ability to get immediate value on rollout and manageability, these are all things that are really important to not only large enterprises but also to the smallest SMB customers out there; so that's what we've seen so far.

Operator:

Thank you. Our next question comes from Brent Thill of Jefferies. Your line is open.

George Kurtz:

I think it's across the board. We're still in the early innings. If you look at the number of customers we have, 13,000-and-change versus some of our legacy competitors that have over 100,000, I mean, still lots of customers that are out there. When you look at things like XDR and you look at Humio, amazing growth drivers for us. When you look at cloud, we've done a lot of work on that. Last year, we did a little analysis on the opportunity. We think it's really undersized from a MarketScape perspective, if you will, from the analyst. And then when you look at things like identity, we're the only folks that have a Zero Trust identity module that came from Preempt. That's it. We're the only endpoint folks that have that. So that's been extremely successful for us. And when you look at the attacks, a lot of them are identity-based. And you switch that to identity being abused in the cloud and our Falcon Horizon module which has done an amazing job and we've seen amazing traction with that. So I think there's pockets of opportunity, broad-based across all the modules, across all the geographies. And with the momentum begets momentum. We really have become the go-to company in this space and that gold standard brand reputation has served us well.

Operator:

Thank you. Our next question comes from Rob Owens of Piper Sandler. Your line is open.

George Kurtz:

Yes. I think they are becoming more strategic and that's a lot of what we focus on. How do we consolidate? How do we become the platform of record like we have in many other companies for them? And how do we eliminate cost and complexity what they have? When we think about XDR, it's really advanced threat detection. We've been doing that for a long time. And now you're combining that with other people's data as well. So that's fantastic. That's a great growth driver. But we still have the Humio log management product as it is, right? And obviously, there'll be more integration with that in our platform. But that is an amazing product that allows you to log everything all of the time and answer any question in real time. So there are kind of two different products, if you will and between the two of them, as I mentioned, we have a seven-figure land in Q3, I think really we're just in the early innings. I'm so excited about that technology and I can't wait to see how everything unfolds over the next couple of quarters.

Matt Hedberg:

Great. Thanks a lot for taking my questions guys. George, you know, I noticed you launched Falcon Complete for GovCloud this quarter. Can you remind us of your exposure to U.S. fed and maybe how you guys are uniquely positioned to take share in kind of the overall public sector vertical?

Operator:

Thank you. Our next question comes from Tal Liani of Bank of America. Your line is open.

George Kurtz:

Sure. I think if you buy into the marketing hype, that's one thing. But if you look under the covers, we have more automation by far than any other competitor, including SentinelOne. I mean that's how we get the scale. That's why the product is easily deployed. That's why we can drive cost out of the customer base because it does it automatically. When you look at the totality of all the services, again, we're focused on stopping breaches, not just -- we didn't come from a malware product that we tried to bolt on other pieces, we built this from the ground up. So on the pricing standpoint, we sell on value and we routinely win with a higher price point because the product works. It doesn't blow up machines, it's scalable. And people are talking to other customers saying, what are you using? And how is it working? And again, we're focused on stopping breaches, not just dealing with malware. And I think that serves us well. So low-cost options, I think you get what you pay for. There's a difference between a Fiero and Ferrari. And we happen to be the Ferrari model and that's what a lot of customers want.

George Kurtz:

I mean there's always going to be competitive deals that are out there, whether it's next-gen competitors or legacy players and you have to play each deal by ear, if you will. But at the end of the day, we're going to compete on value which we have. And I can tell you there's a lot of deals we win where we're higher priced than our competitors. And I think the product is differentiated enough in a true platform. When you look at the technology, only one with the forensic modules, only one with the identity module. We've got an amazing growth in Spotlight, vulnerability -- predictive vulnerability management. So when you strip out all the PowerPoint and noise, you got to look at what really works and what are big customers focused on rolling out and it's CrowdStrike.

Operator:

Thank you. Our next question comes from Brian Essex with Goldman Sachs. Your line is open.

Burt Podbere:

When you -- I think the first thing you got to look at is the new logos, right? So we saw acceleration in new logos and a lot of that is coming from down market. And so what you see in down market is you see folks that can come in quickly. We've taken out friction from the system to be able to allow onboarding to be really smooth, efficient. And then they're getting a tremendous amount of value in the down market. And certainly, when folks in the SMB space, if they choose our Falcon Complete offering which we monitor -- we remediate directly for them, they see the value in terms of filling that skills gap as well. And so that talks to the retention rates that we're seeing with respect to down market. So very optimistic about our opportunities in down market. We've done really well overall and we continue to win our unfair share in that segment.

Burt Podbere:

Sure.

Alex Henderson:

Great, thanks. I was hoping you could talk a little bit about the average deal size in your pipeline across strata. In other words, if I look at enterprise to enterprise, mid-market to mid-market and lower end to lower end, are your deal sizes increasing across the pipeline? And did it happen in the most recent quarter? And similarly, with the -- all of these attacks that we've been seeing, can you talk a little bit about the other key metrics such as time to close and the overall strength of the pipeline? Has the attack rate caused an uptick in those three metrics? Thanks.

Alex Henderson:

Any comment on time to close; the length of time to close deals?

Alex Henderson:

Great, thank you.

Operator:

Thank you. Our next question comes from Ittai Kidron of Oppenheimer. Your line is open.

George Kurtz:

Yes. So when we look at international growth, I think you've got to look at how strong the U.S. has been. So when you look at the U.S. growth, it's been on fire for sure. And internationally, I think that's -- you always continue to build out your capacity there, your partner network and that's a key piece. We're just more mature in the U.S. We have more mature partners. So we continue to focus on that. I think we've had some really great international win, some big players that are out there. And we continue to focus on the key areas in the key geographies. I don't know, Burt, if you have any other comments on that piece.

Ittai Kidron:

Very good. Good luck. Thanks.