CrowdStrike Holdings, Inc.

Good day, ladies and gentlemen. Thank you for your patience. You've joined the CrowdStrike Holdings, Inc. Q1, Fiscal Year 2020, Financial Results Conference Call. At this time, all participants are in a listen-only mode. Later, we will conduct the question and answer session. At that time, to queue up for a question, you may press star, then 1, on your touchtone telephone. To remove yourself from the question queue, press the pound key. Should you require any additional assistance during the call, please press star, then 0, on your touchtone telephone, and an operator will assist you. As a reminder, this conference is being recorded. I would now like to turn the call over to your host, VD of Strategic Finance, Peter Daly. Sir, you may begin.

Good afternoon, and thank you for your participation today. With me on the call are George Kurtz, President, Chief Executive Officer, and co-founder of CrowdStrike, and Bert Podbear, Chief Financial Officer. Before we get started, I would like to note that certain statements made during this conference call that are not historical facts, including those regarding our future plans, objectives, and expected performance, are forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. These forward-looking statements represent our outlook only as of the date of this call. While we believe any forward-looking statements we have made are reasonable, actual results could differ materially because the statements are based on our current expectations and are subject to risks and uncertainties. We do not undertake and expressly disclaim any obligation to update or alter our forward-looking statements, whether it is the results of new information, future events, or otherwise. Further information on these and other factors that could affect the company's financial results is included in filings we make with the SEC from time to time, including the section titled Risk Factors in the company's Form S1 previously filed with the SEC. Also, unless otherwise stated, excluding revenue, all financial measures discussed on this call will be non-GAAP. A discussion of why we use non-GAAP financial measures and a reconciliation schedule showing GAAP versus non-GAAP results is currently available in our press release, which may be found on our investor relations website at .crowdstrike.com or on our Form 8K filed with the SEC today. Now I will turn over the

call to George to begin. Thank you, Peter, and thank you all for joining our first earnings conference call as a public company. I would like to begin by also thanking all of our employees, customers, partners, and investors for the hard work and dedication in helping us reach the important milestone of becoming a public company. We had a very strong start to the fiscal year. Consistent with the preliminary financial results of our IPO perspectives, we achieved 103% -over-year total revenue growth and added a record number of net new customers while meaningfully improving operational leverage in the first quarter. Bert will discuss the details of our Q1 financial performance in a few moments, but first, for those new to the CrowdStrike story, I will provide some background on our technology, business, and markets. Our success to date and rapid growth are the results of close to a decade-long mission to stop breaches and pioneer a new category, the security cloud. Nearly every breach you've ever heard of had two things in common. The victims had both a firewall and an antivirus solution. Today, companies and government agencies face the constant threat of cyber attacks from a variety of threat actors ranging from highly advanced nation states to organized crime, activists, and even terrorist organizations. These attacks aim to not only steal money and intellectual property, but increasingly they seek to disrupt and destroy. Using highly sophisticated tools and techniques, today's cyber adversaries run circles around fossilized legacy technologies. This is what led us to start CrowdStrike back in 2011. We set out to create a modern endpoint security platform with a cloud-native architecture built from the ground up to stop breaches. Like other cloud disruptors, CrowdStrike started with a clean slate to build not only a scalable cloud architecture, but also a scalable, frictionless, and highly efficient business model. Our platform is composed of two tightly integrated proprietary technologies. Our easily deployed intelligent lightweight agent in our cloud-based dynamic graph database called ThreatGraph. Our Falcon platform integrates 10 cloud modules via -a-service subscription-based model that spans multiple large markets including endpoint security, security and IT operations, and threat intelligence to deliver comprehensive breach protection even against today's most sophisticated attacks. We believe our cloud-native platform gives us a fundamental competitive advantage as we capture data once and reuse it and monetize it many times over. Our customers can try new modules already populated with their data for free. This creates a high-velocity cross-selling model. In fact, there are a number of key attributes that we believe sets a Falcon platform apart from other solutions in the market. First, our solution is rapidly deployable, easy to use, and unlocks the power of crowdsourced data. Second, it gets smarter the more data it consumes, increasing our effectiveness, intelligence, and competitive advantage with each new customer and endpoint or workload joining our crowdsourced network. Second, all of our cloud modules are powered by a single intelligent agent allowing customers to consolidate and remove numerous agents from their infrastructure and restore endpoint performance. Our lightweight agent is designed to be automatically installed and operational on an endpoint in less than 30 seconds. That's without any reboots. This is an important attribute for customers as they do not want to reboot their entire business to adopt a new solution. Solving this engineering challenge was critical for providing immediate time to value for our customers. Another key aspect of our agent is its ability to dynamically capture high-fidelity data with our proprietary smart filtering technology. What matters to stopping breaches is the quality and the type of data that we obtain and analyze. Smart filtering is critical to capturing the right data on both real-world attacks and benign behavioral patterns to continually train and enhance our algorithms resulting in industry-leading threat detection and low false positive rates. CrowdStrike's smart filtering technology also allows us to take full advantage of the cloud. Our cloud-native approach outperforms other solutions that may be forced to store their data locally or inefficiently stream unfiltered data from endpoints to on-premise controllers which crush networks and endpoint performance. And third, all the data we collect is stored in one place, not on-premise or stuck on the endpoint itself, but in the cloud where it is analyzed almost instantaneously across our entire customer base. To handle all this telemetry, we built our own proprietary distributed graph database that we call ThreatGraph. We like to think of ThreatGraph as the brain of our system. It is capable of dynamically scaling to meet demand. Every week it processes, correlates, and analyzes over one trillion events across our global customer base in real time. What makes our ThreatGraph so unique and powerful is its ability to very quickly discover and identify relationships and patterns within the data to see and stop attacks that are invisible and undetectable using conventional legacy solutions. ThreatGraph lets us apply cloud-scale AI to this data to stop breaches in real time. Today we serve over 3,000 subscription customers. We protect many large organizations across all major verticals, including nine of the top 20 banks, over 40% of the Fortune 100, and government agencies around the world. Our ease of use, rapid deployment, and exceptional efficacy also makes our solution a natural fit for small and mid-size organizations which often do not have large internal security teams. In the first quarter, we saw strong customer momentum. I will take a moment to highlight a few of the notable customer wins that showcase initial adoption drivers of the Falcon platform as well as our ability to expand within existing accounts. Key themes we often hear from customers are the need to simplify their security stack, reduce the number of agents on their endpoints, and gain the advantage of a true cloud-native endpoint security platform. Take the example from this quarter of a health insurance provider that was using a number of tools from other security vendors, including EDR from a next-gen vendor, AV from a legacy vendor, and a variety of tools embedded in the operating systems of their servers and workstations. Yet this company had issues with alert fatigue and had difficulty scaling its patchwork of solutions as the business was growing. To solve these problems, they dropped the old setup and rolled out CrowdTrack's Falcon platform, given its ease of deployment, single-agent architecture, and ability to take advantage of crowd-sourced data by adding our threat-hunting module, Overwatch. In Q1, we also displaced a legacy AV vendor at a mid-size pharmaceutical company. The board and leadership team at this company had a growing concern about their current state of security and the level of adversary activity they were seeing. They also knew they had limited cybersecurity personnel and a skills gap, which is another demand driver we commonly see among prospective customers. This company quickly identified our turnkey Falcon Complete offering to help them easily address their skills gap and fortify their cyber defenses. Next, I will highlight a win that represents our tremendous opportunity to expand within our customer base. This customer is in the public sector, which also speaks to our growing success in that segment of the market. We initially engaged with this large US city back in 2016 on a small deployment of 15,000 endpoints to replace a fossilized AV vendor that was failing to provide protection and value. We replaced that vendor with our combined EDR, Nexon AV offering, plus Overwatch. Based on the success of the initial deployment, we expanded our footprint to over 250,000 endpoints the following year. And I'm pleased to report that in Q1 of this year, we have increased coverage to 400,000 endpoints and sold additional cloud modules, including Falcon Discover for IT hygiene, Falcon Device Control, Falcon Spotlight for vulnerability management, and Falcon X for integrated threat intelligence. This is a great example of how we can land a new customer and expand that relationship by adding endpoints and modules over time. Our Falcon platform is one of the most strategic security purchases they have made in many years. These wins represent just a few of the 543 net new subscription customers that selected CrowdStrike in Q1 to help them stop breaches and protect their organizations. Driving the adoption of our platform is a robust sales and marketing engine that continues to deliver an increasing number of new logos while consistently removing friction from the sales process. Increasing our customer base is a key component of our growth strategy and we will continue to invest in customer acquisition programs, channel partnerships, and frictionless -to-market programs, including free and in-app trials. In addition to winning new customers at a rapid pace, we are also focused on expanding our relationship with existing subscription customers by deploying additional cloud modules and protecting more of their endpoints. Our dollar-based net retention rate speaks to the efficacy of our solution in our successful land and expand sales model. As of January 31, 2019, we had a dollar-based net retention rate of 147%. While this metric can fluctuate quarter to quarter, our benchmark is 120% or above, which we again exceeded in Q1. While we started in the endpoint security market, given the nature of our cloud-native architecture, we were able to rapidly innovate on top of our platform and build new modules for additional functionality and use cases not typically associated with endpoint security. Since 2016, we have launched seven new cloud modules and today we address five markets, corporate endpoint security, threat intelligence, security and vulnerability management, IT service management software, and managed security services. Combining these market segments, we estimate that our global market opportunity is $24.6 billion in 2019 and growing to over $29 billion in 2021. To help drive future growth, we plan to continue to develop new cloud modules to address broader endpoint use cases, such as IT configuration management and IT operations. To measure our success executing on our platform strategy, we look at the percentage of all subscription customers who have adopted four or more cloud modules. This percentage rapidly grew to 30% by the end of fiscal 2018 and grew to 47% by the end of fiscal 2019. In Q1, we continue to see an upward trend in this metric. In looking at our future growth prospects, it is common for those new to the CrowdTrack story to only think about the opportunity as endpoints, such as desktops and servers. However, we think about the opportunity differently and more broadly than that. We expanded our market opportunity by securing a wider array of workloads, which includes desktops and servers, virtualized and cloud environments, IoT devices and containers. In Q1, we expanded our market opportunity even further when we introduced Falcon for Mobile that supports Android and iOS. This is a powerful vector for growth. These workloads need to be protected and they are growing with every new connected device and every new cloud instance. We also intend to grow by broadening our reach into new international markets and customer segments, including smaller organizations, as well as acquiring customers in the federal government vertical. And lastly, we see significant longer-term opportunity with new workloads and applications within the CrowdTrack Store. The CrowdTrack Store offers the first and only unified security cloud ecosystem of trusted third-party applications. This sets the stage for us to further expand our TAM and grow in segments outside of security, such as IT operations and compliance. In summary, we cannot be prouder of our important mission, protecting our customers from devastating attacks, business disruption and the theft of IP and financial resources. In addition to stopping breaches, we also help our customers reduce cost and complexity, which differentiates us in the security marketplace. We have built a high-performing and enduring business with multiple engines for growth and a frictionless -to-market strategy. We are excited by our future opportunities and look forward to your support as we advance on our journey to become the leading endpoint security platform and ultimately the de facto endpoint platform of the future. With that, I'll turn the call over to Bert.

Thank you, George, and good afternoon, everyone. I'd like to express how pleased we are with the level of interest we have received from our analysts and investors. We look forward to getting to know you and keeping you updated on our performance. Today, I will provide a brief overview of our first quarter financial results, target operating model, and our second quarter and full year 2020 guidance. As a quick reminder, unless otherwise noted, all numbers except revenue mentioned during my remarks today are non-GAAP. Across the board, we deliver an outstanding first quarter with strength in multiple areas of the business, including ARR growth, revenue growth, and subscription gross margin improvement. We view annual recurring revenue, or ARR, as a key metric to measure our business, given it is driven by our ability to acquire new subscription customers and to maintain and expand our relationships with existing subscription customers. We define ARR as the annualized value of our customer subscription contracts at the end of the quarter, assuming any contract that expires during the next 12 months is renewed on its existing terms. In the first quarter, we delivered 114% ARR growth to reach 364.6 million, of which 52 million was net new ARR added in the quarter. This growth was driven by a strong quarter for new logo acquisition combined with low contraction and churn within our existing customer base. Total revenue more than doubled over Q1 of last year to reach 96.1 million. Approximately 90% of our revenue is subscription based, with no perpetual licenses, giving us a strong, scalable, recurring revenue base and a business model advantage. In the first quarter, subscription revenue grew 116% over Q1 of last year to reach 86 million. The remaining 10% of our total revenue is derived from our strategic professional service offerings, which include incident response and proactive services that are generally sold separately from our subscriptions. While professional services carry a lower gross margin than our corporative average, it is a small portion of our revenue base and we view it as strategic. We have been able to derive an average of about $3 of subscription ARR for every $1 spent on an initial incident response or proactive services engagement. To be clear, these are customers that are new to CrashRank. In terms of geographic breakdown, approximately 75% of first quarter revenue was derived from customers in the US and 25% from international markets. Moving to our operating results. We are focused on building a long-term business with sustainable growth and compelling margins. In Q1, we continue to recognize operating leverage in our SaaS model and the benefits of scale even as we increase investments in our global reach and cloud platform. First quarter non-GAAP gross margin improved to 70% from 59% a year ago. Our non-GAAP subscription gross margin increased to 73% from 62% in Q1 of last year. The improvement is primarily attributable to the efficiencies around hosting and data center costs and the uptake of multiple cloud modules by our customer base. Our collect once, reuse many data strategy means that after the first module is subscribed for by that customer is paid for and covers the cost of data storage and most computational costs, each additional subscription module carries a very high margin. Total non-GAAP operating expenses in the first quarter were $89.2 million or 93% of revenue versus $59.4 million last year or 126% of revenue. Scaling and growing our business efficiently is a top priority, which is why we focus on our unit economics metrics, including magic number. In Q1, we ended with a magic number of 1.1. Key factors driving our unit economics include our strong gross and net retention rates, our highly efficient low friction sales and marketing programs that continue to drive subscription revenue growth. We have a proven history of disciplined investing and remain committed to maintaining a thoughtful balance between generating top line growth and achieving operating leverage. Going forward, we plan to make continued progress in driving toward break even and beyond, but it may not be in a linear fashion depending on the timing of expenses. As a result of our rapid top line growth, improving growth margin profile and continued disciplined approach to investing in our business, we throw strong operating leverage in the quarter with our operating margin including 43 percentage points year over year. Non-GAAP net loss was $22.1 million or 47 cents per share, which compares to a non-GAAP net loss of $31.7 million or 73 cents per share in Q1 of last year. The weighted average common shares used to calculate first quarter ETS was 47.2 million shares in Q1 fiscal 2020 and 43.6 million shares in Q1 2019. Before I discuss our balance sheet, I'd like to review our long term operating model. On a non-GAAP basis, we are targeting gross margin to be in the 75 to 80 plus percent range. As a percentage of revenue, we are targeting non-GAAP sales and marketing to be 30 to 35%, R&D 15 to 20% and G&A 7 to 9%. We anticipate this will lead to a non-GAAP operating margin of 20% or greater. Turning now to the balance sheet, we ended Q1 with $175.1 million of cash, cash equivalents and marketable securities. Subsequent to the close of the quarter, we received net proceeds of $659.1 million from the IPO. Cash flow from operations in Q1 was positive $1.4 million and free cash flow was negative $16.1 million. Moving to our guidance for the second quarter and full year fiscal 2020. For Q2, total revenue is expected to be in the range of $103 to $104 million, reflecting a year over year growth rate of 85 to 87%, with subscription revenue being the dominant driver of growth. We expect non-GAAP loss from operations to be in the range of $29.1 to $28.6 million and non-GAAP net loss to be in the range of $30.5 to $30 million. Utilizing weighted average shares using computing non-GAAP net loss per share, basic and diluted of $129.9 million, we expect non-GAAP net loss per share, basic and diluted in the range of $24 to $23. For full year 2020, we expect total revenue to be in the range of $430.2 to $436.4 million, reflecting a growth rate of 72 to 75%. Non-GAAP loss from operations is expected to be between $113.4 and $110.4 million and non-GAAP net loss is expected to be between $105.9 and $103.2 million. Utilizing weighted average shares used in computing non-GAAP net loss per share, basic and diluted of $147 million, we expect non-GAAP net loss per share to be in the range of $72 to $70. We are pleased with the strong results we are reporting today and believe we have the capacity and resources to continue driving the business forward over the long term. We are excited about CrowdStrike's new phase as a public company and appreciate your ongoing interest and support. George and I will now take your questions. Operator, we'd now like to open the lines for questions.

Thank you, sir. Ladies and gentlemen, if you have a question at this time, please press star, then 1 on your touchtone telephone. Again, that's star, then 1 on your touchtone telephone to ask a question. If your question has been answered or you wish to remove yourself from the question queue, please press the pound key. To prevent any background noise, we ask that you please place your line on mute once your question has been stated. We ask that you please restrict yourself to one question and one follow-up. Our first question comes from the line of Heather Bellini of Goldman Sachs. Your question, please.

Great. Thank you so much, gentlemen, for taking my question and congratulations on your first quarter out of the gate. I wanted to follow up on some of the comments you made about the ultimate expansion into things like IT ops and APM. Just wondering, just trying to think outside of the endpoint market as you referenced, how do you think you're positioned in that market versus the competition? And just if you could share with us, is this kind of the customers kind of driving you into that market? And again, just share with us how you feel like you're positioned to start taking share in that market over time. Thank you.

Sure. This is George. Thanks, Heather. So I think it really is an extension of what we've already built and continue to refine in our IT ops and our Discover module. And it's just add-ons to what we've been seeing from a customer perspective. Getting back to the overall model of the single agent architecture, the ability to collect data one time, it becomes easy for us, if you will, to be able to represent that data and help customers understand the current configuration they have, help them provide more efficient IT operations once they have visibility into applications and the system health and things of that nature. So it really is just an extension of what we've already been doing. And when we think about the opportunity, again, as these workloads proliferate, whether it's a desktop server, an IoT device, a cloud instance, a containerized instance, they all need some level of protection and visibility. And really, this is just an extension to collecting the data that we already have and being able to display that in a workflow that makes sense for our customers.

Great. Thank you so much.

Thank you. Thank you. Our next question comes from the line of Sterling Odey of JPMorgan. Your line is open.

Yeah, thanks. Hi, guys. I wonder if you could give us an update on how your partnerships are developing, especially with partners like Dell.

Hi, Sterling. It's Bert. So I would characterize our leadership with Dell as the new leadings in terms of ARR generating where we think we can go with Dell. You know, we have access to the business, to every global business from our customers around the world. The upsell opportunity is significant. Anything from the technical education to the market integration and strategic management is exciting. Ultimately, we feel that the development of the ship will accelerate expansion into markets where they have a strong presence, such as in federal or AMIA or APJ.

Gotcha. And then one follow-up. In terms of the module adoption, you know, for investors that are newer, you know, what's kind of the most popular modules that you see within the ones that get upsold once a customer comes on?

Right. That's a good question. So as you saw on the S1, we're in a great spot. We've got 47% of our existing customers having four more modules in Q4. We saw that in Q1 the trend continued. For us, it goes back to how George first thought about the company, which was about next generation AV, EDR and Overwatch. Those were the three things that he came out with, and those are our core to our business, and that hasn't changed. All the other ones that we've talked about, you know, whether it's a device control or whether it's Discover, all those come in and they can come in equally depending on what the customer really wants to do. Great. Thank you.

Thank you. Our next question comes from the line of Tau Leoni of Bank of America. Your line is open. Hi, guys.

I'm trying to work next quarter numbers. If I put your guiding way higher than we thought, if I put 103 or 104 million in revenues, I don't get minus 23 cents. I get deeper loss. So that means your margin assumptions are better than what we are expecting. Can you elaborate on gross margin and OPEX assumptions for next quarter?

Thanks. Thanks, Paul. So, it's Bert. So, as we think about guidance, we think about guiding improvement based on the things that we know today, not necessarily on the things that we don't know. As we think about the future and to the guidance, we think about both improvements on the top, improvements on gross margin and OPEX. And as we think about the splits between OPEX and gross margin, we think it's about 50-50 in terms of how we think about the improvements and the benefit there.

Is, so still your targets, long-term targets, same targets, your reader-aider targets?

I am reading the targets, correct.

Okay, perfect. Thank you. I don't have a question on the fundamentals, so straightforward quarter.

Thanks. Thank you. Our next question comes from the line of Saiki Kalia of Barclays. Your question, please.

Hey, guys. Thanks for taking my questions here. First, maybe for you, Bert. You know, we spoke about some of the different modules in your prepared remarks, but can you talk about some of the different packages out there like Falcon Pro, Falcon Enterprise and, of course, Complete? Maybe just qualitatively, what you're seeing from a high level in terms of adoption across some of those different packages or bundles that you offer.

Sure. Hey, second. This is George. I'll take this first shot at this. So, if we look at Pro, which is really our prevent and our Falcon X, that has wide adoption in the smaller SMB and corporate space. Obviously, the enterprise package can be applicable to a large organization, a corporate company or even a large enterprise. And as we continue to go up the C-chain, if you will, with premium, we have, as we've talked about, we have many of our customers actually have Overwatch and Discover. And, you know, it really depends on the overall organization. Certainly, enterprise and premium are going to be more applicable to the larger organizations. And the Pro version, just pure antivirus, if you will, next-gen AV antivirus with our Falcon X technology can be useful for a smaller organization. The beauty of the model is once people understand our technology, it is, you know, easier to upsell them into an EDR technology where, as a smaller company, maybe they weren't quite exposed to it. But given our technology, how it works, how easy it is to use and combine that with Overwatch, it makes for an effective cross-sell. So, hopefully that gives you at least an idea of where we're seeing the traction. And again, our overall goal, even for large enterprises, is you could have a trial in a large enterprise of just the Pro product, but then we can quickly come in and cross-sell them or upsell them in the sales process into a package that fits their enterprise. So, it can leak into the enterprise just from the free trial, which is really exciting to us. And it doesn't just have to be a next-gen AV sale.

And, it's Bert, I'll just add on to that. As we think about, you know, what I just talked about in terms of the module adoption, as we continue to come out with different bundles and as we continue to bring new modules to the marketplace, we anticipate that not only the adoption within our existing customer base will increase, but the amount of modules that each customer will have will increase as well.

Got it. Got it. Maybe just to stay with you, George. You brought up the CrowdTrike store quickly in your prepared remarks. You know, realizing it's early, can you just talk a little bit about the pipeline of potential partners that you can work there, that you can work with there? And maybe some broad brushes on, again, realizing it's early, how you sort of envision some of the commercial terms as those partners leverage some of the CrowdTrike data that they're able to collect?

Sure. So, we've got close to a dozen partners that are in process and investigation phase. I think, just to reiterate, what we talked about is making sure that we've got the quality versus just quantity in the store. And it certainly is early days as we continue to underscore. I think when you look at the opportunity, the opportunity is much broader than that. You look at our technology fundamentally, what do we have the ability to do? We have the ability to gather large amounts of data at scale. It could be security-related data. It could be -security-related data. And we have the ability to take actions. And this is very important for organizations of all sizes. And ultimately, having them interact with third parties or create their own workflows is very exciting to these organizations. So, it's still early days, but we're focusing on getting the right partners in. And when we think about the revenue opportunity, Burke can comment some more specifically around this. But in terms of how we look to go to market with these partners, the more of the service offerings, the -the-scenes APIs, if you will, that they use, the greater revenue share that we would get. So, the more they consume our platform, the less that they have to spend on their own, and the more revenue from a rev share perspective we would be able to take advantage

of. Sure. And to expand on that just a little bit, as we look at each partner, we look at it on a -by-case basis. And for us, as we think about the opportunity, we would derive that revenue share from that.

Very helpful, guys. Thanks very much.

Thank you. Our next question comes from Brad Zelnick of Credit Suisse. Your line is open.

Hi. This is Rachel Lauren. On for Brad. Congrats on the quarter, and it was really, really great seeing the outlook. I just wanted to ask, are you seeing Windows 10 adoption as an opportunity as customers reevaluate endpoint security, and are you seeing more interest for Microsoft Defender ATP?

Yeah, this is George. I'll take this. I think any time you have a transition between Windows 7 and Windows 10, an operating system changes. It's always an opportunity for us to get built into the overall goal of images, and we continue to see that. With respect to other partners out there, or I should say other competitors, I mean, there's a variety of competitors that are out there. We've, I think, done a great job because of our platform support for technologies beyond just Windows. So in a heterogeneous environment, companies want coverage not only for Microsoft 10, but they also want it for Linux and Mac and other devices. So I think that's an area where we have a distinct advantage over our competition in terms of our platform support, particularly in the Linux environment.

Gotcha. Thank you. That's helpful. And as a quick follow-up, you guys reported a really strong net retention number, and I wanted to know, are you seeing more adoption in terms of increasing endpoints, or is that more coming from increasing module adoption?

Hi, it's Perg. So we see it from both. We're going after both, you know, both whether or not an existing customer has done an acquisition, then we would get more endpoints, or if it's the ability to upsell with our in-app trials, and we're seeing actually adoption of both.

Gotcha. Thank you very much.

The next question comes from John DeFutti of Jeffreys. Your line is open.

Thank you. I have a question for George and a follow-up for Bert. So George, Bert pointed out that every incremental product a customer buys improves margins, and that makes a lot of sense because they all work off that foundation that you talked about, the graph database and the lightweight endpoint. And you pointed out 47% at the end of the last year, or fiscal year, up from 30%. Actually, you have four or more products. I know you said that the trend continues. Can you give us any more on that? Because I happen to think that it's not just about the improved margins, it's also the stickiness. As you know, you've worked at other endpoint vendors too. The stickiness of endpoint is something that investors look at, and they question how sticky is it going to be. But you're much more than that. The more you are, the more sticky I think you're going to be. Can you give us any more color around that, better than 47%?

Well, I think in general just some color for the overall approach that we've taken, and just to maybe double-click. We talked about that city that I spoke about in my example earlier, where we started small and then have expanded out those modules. And that being one of the most strategic security purchases they made, I think that really underscores how strategic we are, how sticky we are with customers, and our ability to add new modules. And what's really interesting is when we're with customers, they routinely say, okay, before we're going to purchase something else that maybe is a module that we don't have today, they always ask us, will you have this module? And or will it be in your store? Because they don't want to make a buying decision that is outside of the Falcon platform. It's very similar to the way we, many customers look at Salesforce as an example, right? You want to have it all integrated. So we've seen that level of strategic interest in what we're building to make sure that they can harmonize on that before other purchases. I think that's really a good indicator of the stickiness. Very friendly comments.

Yeah, I know you want to drill a little bit more into where we think we can go above the 47%. I mean, as I said, that the trend continues in Q1. But I think really we have quite a few customers that have all of our capabilities. And that's going to put some upward momentum to that number. And we expect to do that.

Okay, okay, great. Invert, I think Tal mentioned about the guidance being the surprise here. As you know, from the S1, we had a look at what the numbers for the quarter would be. And you actually did a little better than that. But the real surprise here is the guidance, which is much better than where we were anyway. And I think most people adding almost 10 percentage points of growth to revenue for the year. And we know how that works. So I guess the question is, I mean, you have two weeks left to this quarter. You have insight into this quarter. And obviously you got it for that. But the pipeline, I guess that's reflective of that. So can you talk a little more, give us a little more color around the pipeline and what you're seeing as far as momentum in the market

right

now? Yeah,

yeah, sure. So definitely I think the momentum is continuing. I think the overall strategy where we've got modular expansion and then even on the bottom when we think about optimizing our cloud, our cloud approach, which is our hybrid cloud approach between using a public cloud provider and Okolos. And then finally, of course, the refinement of our ability to smart filter. I think those three things continue to allow us to see momentum in the marketplace today. When I think about the strong guidance, again, the guidance is based on the things that I know today and not necessarily things that I know tomorrow. Historically, we've had the benefit of running the table quarter on quarter. And I think it would be prudent not to guide that way in the future because we just don't know. But the momentum that we've got clearly from the strategy that we've taken is showing in the marketplace and in the guidance that we just gave.

Great.

Okay.

Thanks. Nice job, guys.

Thanks, John.

Thank you. Ladies and gentlemen, at this time, we ask that you please limit yourself to one question. Our next question comes from the line of Matt Hedberg of RBC Capital Markets. Your question, please.

Hey, guys. Thanks for taking my question. I see we're running a little late, so I'll try to keep it to one. I have multiple here. But well done in your first quarter. I wanted to ask the question about Modular a little different way. You know, Bert, can you provide some color on the level of catch of multiple products for new customers? I see you have to close up. I'm wondering if you can kind of help us out versus the trends a year ago, understanding a lot of your products have been introduced in the last couple of years. But kind of curious on if new customers are coming in at a higher rate than maybe you expected as well.

You know, we're very proud of the fact that the new customers that are coming in are buying bundles out of the gates. The majority of our new customers are buying more than one, more than two of our modules. Actually, the majority are buying three. And so we're very proud of that. And we're continuing to delight our customers. And that gives us a chance to have some of those that are coming in three. And there's a lot of customers that come in with more than that. So for us, as we think about bringing more modules to the marketplace, we would expect that to grow.

Great. Thanks a lot,

guys. Thanks. Your next question comes from the line of girl top has off Steve. Your line is open.

Great. Thanks for taking my questions. And congrats on a strong start here, the public company. I'll keep it to one for you, George. You alluded to this in prepared remarks, but I was hoping you could extrapolate a little bit. How difficult would it be for someone to effectively replicate your cloud architecture with your single lightweight agent? I mean, if somebody was to come in today and try to do what you do, how much would have to go in to ultimately replicate your strategy in your go to market?

Well, there's a lot of core IP that we've built into the technology. And we started in 2011 as the first cloud native endpoint security vendor. And obviously, there's a lot of lessons learned between now and then. I think there's key elements that we have that we've built. Number one is a single lightweight agent doesn't require reboots. That really helps time to value and adoption. And I think number two is the proprietary graph database that we've built, right, with our time dimension to it. Very hard to replicate at scale. We didn't pick an open source technology because it's just been scaled to what we needed and didn't have some of the elements. And then the modular framework to be able to add modules and views at scale. It's just a really, really hard thing to do. And, you know, you have a lot of folks that talk about cloud, but the reality is, there's cloud management, there's cloud native, and you really have to start from a single sheet of paper. I don't think it's any different than the Salesforce CBO analogy that you just can't take something that started on premise and try to jam it into a cloud and call it cloud native. So in our mind, it's a difficult thing to do. And more importantly, anyone coming into the space would really have low margins and have to go through a painful process of margin migration upwards. Obviously, you've seen we've gone through this, but a lot of it really is based upon the core IP that we've built, which is very unique. And the data mode, maybe is the last piece that I'll say is once you collect that amount of data, it keeps building on each other, on itself, I should say. And again, that becomes a very hard thing to replicate the sheer amount of trillions of events that we collect each week.

Awesome. That's great, Keller. Thanks, George. Thank you.

Thank you. Our next question comes from Sarah Henley of Macquarie. Your line is open.

All right, great. Thank you so much, guys. I have a question around new customer ads, which were really, really strong this quarter. I'm hoping you can tell me, you know, what factors you think are primarily driving that and how we should think about it going forward.

Hey, this is George. Let me start here. I think what we're seeing, again, is the recognition of the marketplace, whether it's analyst recognition, whether it's the single-agent cloud architecture, the adoption of new cloud modules, the adoption of workloads where customers are looking for something that's simple, media-time to value, and just works. I think we've done a good job in the free trials. We continue to see a lot of momentum where customers are coming in and very easily and quickly seeing the value of our technology, and then we can convert that with a very robust inside sales team. So we see a lot of momentum in that space. And I think it's just a recognition that the traditional legacy players are not really capable of dealing with advanced threats and customers are looking for something different, more importantly in a cloud-based architecture to match their needs as they migrate other technologies into the cloud. Yeah, that's

right. And for us, as excited as we are, and we've been talking about, you know, the upsell into our customer base, we're equally as excited to go after our new customers. And we are focused on going after both. We believe that we have a lot of headroom in both new logos as well as upsell into our customer base. And we compensate our sales team the same for either one of those sales. So we're excited to go after both of those.

All right. Great. Thank you, Bert and George. And then I had a follow-up in terms of the new modules. Now, I know it's still early days, but I'm just wondering how the pricing is shaping up as you're starting to really crack into these new markets. Is it similar pricing dynamics to EBR? What are you thinking early on here?

Yeah. So as we think about pricing for our new modules, you know, we take a look at what we've done in the past. We think, you know, what the market will bear. We have, you know, a great read on, you know, what customers have been able to absorb according to their budgets. And so for us, as we think about the fact that once you've bought that first initial module, you're absorbing a lot of the initial costs and we have a lot of flexibility in terms of where we want to go with our pricing as new modules come out. And so we've been able to benefit from that.

All right. Thank you very much, George and Bert. And congrats on the quarter.

Thank you. Our next question comes from Andrew Nolinsky of Piper Jaffery. Your line is open.

Great. Thank you and congrats on the nice start. So I just wanted to follow up on your comments about how malware is running circles around the fossilized vendor solutions that are in the market. Has the recent news related to Symantec created enough disruption so that you're noticing an improvement in your win rates, particularly over Symantec?

Well, any of the legacy vendors we continue to take share from, and again, I think it's a recognition of customers that are trying to transition to a true cloud architecture. You know, we don't really get focused on their distractions. We continue to focus on building the best endpoint security and platform technology that's out there. And, you know, that's why we win. We show the value in the sales process of what we can deliver, how we can protect against breaches, and more importantly, how we can create a modular framework that allows them to consolidate the bloated number of agents they have with a single lightweight agent that can do the work of many. I think that's why we continue to win in all areas of business. Okay. Thank

you. Keep up the good work, guys.

Thank you. Thank you. Our next question comes from Terry Tillman of SunTrust. Your line is open.

Yeah. Thank you, gentlemen, and congrats as well on the IPO and the strong results. Maybe, Bert, my question for you is, as we're just looking at our models and now updating and post the final results for OneQueue and then the guidance, how do we think about seasonality from the standpoint of some of the inputs, like new customers as we drive our IRR numbers throughout the year? Is your business kind of still not at a point where there's a lot of seasonality and things just continue to ramp each quarter? Any comments around seasonality? Thank you.

Sure. So we do have some seasonality. We do see dips in Q1 from Q4, but we generally tend to build from there. But as you think about your models, you know, clearly look at our Q1 and run with that. That's how we think about it. Thanks.

You're welcome. Thank you. Our next question comes from Eric Suffiger of JMP. Your line is open.

Yeah. Thanks for taking the question. Just in general, I'm curious, what difference has the IPO made for you? Has that changed hiring? Has that changed marketing opportunities? What changes have you seen in light of your hire profile at this point?

Yeah, this is George. Obviously, it was a financing event for us, but there's certainly a marketing aspect and awareness worldwide. So we continue to see more and more awareness of CrowdStrike and what we do and just how different we are from all the other technologies that are out there. And I think it served as a good event to provide a level of awareness that maybe wasn't available outside of the U.S. And I think, you know, we'll continue to create a broader presence, particularly in the international markets as a result of this IPO process.

Does it make a difference from a hiring perspective?

Well, from a hiring perspective, I think what's really interesting is the amount of data that we have and just the technology and the science that we have may not have been as well known. And when we think about some of the leading tech companies that operate at scale, I would put ourselves in that category. So for folks that really are looking to deal with data science and data

at

scale, they get really excited about what we've done. And I think we've been able to shine a light on that through the IPO process. Great. Thank you.

Thank you. Our next question comes from Greg Moskowitz of Mizzou Hall Securities. Your line is open.

Yes, hi. This is Michael Malian for Greg. I was just wondering, what did you see with respect to the pricing environment this quarter?

Yeah, so for us, you know, we've seen, you know, it's been consistent with prior quarters. We haven't seen anything that has been unusual and it's been basically business as usual.

Thank you. Our next question comes from the line of Alex Henderson of Needham. Your line is open.

Thank you very much. I have a question I wanted to ask that was the only thing that came back at me with any dissidence when we've been talking about the company over the last couple of months. And really the question was around your relationship with Splunk. As I understand the threat graph, a big piece of the customization of the threat graph is around the time variable and making sure that you have very accurate understanding of when things happen in order to anticipate the rollout of tax. To the extent that you're tied in with Splunk, how important is that relationship with Splunk given your time-based relationship? Or is there some things that you're getting from the logs that you're just not picking up otherwise?

Thanks. Yeah, I mean it's pretty simple. The Splunk relationship is really just for presentation purposes. So the graph database, the collection, everything is all our technology. And threat hunters tend to like to hunt and peck and search around. So we use Splunk, which they're very familiar with, as a presentation layer and that's the extent of it. So it's not really used for anything other than that.

Perfect. That's exactly what I thought. Thank you.

Thank you. Our last question is from Shaul Yow of Oppenheimer. Your line is open.

Thank you. Good afternoon, gentlemen. Congrats on the strong set of results as well as the outlook. George, thanks for your three customer examples in a number of verticals you provided us with earlier in the call. Of the 443 net use of Splunk customers, can you talk to us broadly about the average size of customers? Was it SMB? Was it mid-market? Or maybe high-end enterprise? Just some color along these lines. Thank you.

Okay, yeah. So just to clarify, it was 543. And it's really adoption across the board, whether it's large enterprise or smaller mid-market customers. I think the beauty of the model is that we have been able to go down market very effectively. We started in the enterprise and then we've been able to go down into the corporate space and ultimately into the small SMBs. And it's really because of that immediate time to value, up and running without really any configuration and immediate time to value. So it's across the board. We continue to see large enterprises switch off their incumbent vendors to CrowdStrike and embrace the single agent architecture. So we anticipate that trend continuing. Understood.

Thank you and congrats again.

Thank you. Thank you. At this time, I'd like to turn the call back over to George Kurtz for any closing remarks.

Sir? All right, great. Thank you. Great questions. And I want to thank all of you for your time today. We appreciate your interest and look forward to speaking with you next quarter. Thanks so much and have a great day.

Ladies and gentlemen, that does conclude today's conference. Thank you for your participation and have a wonderful day. You may disconnect your lines at this time.