CrowdStrike Holdings, Inc.

Good day, ladies and gentlemen. Thank you for your patience. You've joined the CrowdStrike Holdings Incorporated Q1 Fiscal Year 2020 Financial Results Conference Call. At this time, all participants are in a listen-only mode. Later, we will conduct the question and answer session. At that time, to queue up for a question, you may press star, then 1 on your touchtone telephone. To remove yourself from the question queue, press the pound key. Should you require any additional assistance during the call, please press star then zero on your touchstone telephone, and an operator will assist you. As a reminder, this conference is being recorded. I would now like to turn the call over to your host, V.D. of Strategic Finance, Peter Daly. Sir, you may begin.

Good afternoon, and thank you for your participation today. With me on the call are George Kurtz, President, Chief Executive Officer, and co-founder of CrowdStrike. and Bert Podbear, Chief Financial Officer. Before we get started, I would like to note that certain statements made during this conference call that are not historical facts, including those regarding our future plans, objectives, and expected performance, are forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. These forward-looking statements represent our outlook only as of the date of this call. While we believe any forward-looking statements we have made are reasonable, actual results could differ materially because the statements are based on our current expectations and are subject to risks and uncertainties. We do not undertake and expressly disclaim any obligation to update or alter our forward-looking statements, whether it is a result of new information, future events, or otherwise. Further information on these and other factors that could affect the company's financial results is included in filings we make with the SEC from time to time, including the section titled Risk Factors in the company's Form S-1 previously filed with the SEC. Also, unless otherwise stated, excluding revenue, all financial measures discussed on this call will be non-GAAP. A discussion of why we use non-GAAP financial measures and a reconciliation schedule showing GAAP versus non-GAAP results is currently available in our press release which may be found on our investor relations website at ir.crowdstrike.com or on our Form 8K filed with the SEC today.

Now I will turn over the call to George to begin. Thank you, Peter, and thank you all for joining our first earnings conference call as a public company. I would like to begin by also thanking all of our employees, customers, partners, and investors for the hard work and dedication in helping us reach the important milestone of becoming a public company. We had a very strong start to the fiscal year. Consistent with the preliminary financial results of our IPO perspectives, we achieved 103% year-over-year total revenue growth and added a record number of net new customers while meaningfully improving operational leverage in the first quarter. Bert will discuss the details of our Q1 financial performance in a few moments, but first, for those new to the CrowdStrike story, I will provide some background on our technology, business, and markets. Our success to date and rapid growth are the results of close to a decade-long mission to stop breaches and pioneer a new category, the security cloud. Nearly every breach you've ever heard of has two things in common. the victims had both a firewall and an antivirus solution. Today, companies and government agencies face the constant threat of cyber attacks from a variety of threat actors, ranging from highly advanced nation states to organized crime, activists, and even terrorist organizations. These attacks aim to not only steal money and intellectual property, but increasingly they seek to disrupt and destroy it. Using highly sophisticated tools and techniques, today's cyber adversaries run circles around fossilized legacy technologies. This is what led us to start CrowdStrike back in 2011. We set out to create a modern endpoint security platform with a cloud-native architecture built from the ground up to stop breaches. Like other cloud disruptors, CrowdStrike started with a clean slate to build not only a scalable cloud architecture, but also a scalable, frictionless, and highly efficient business model. Our platform is composed of two tightly integrated proprietary technologies. Our easily deployed intelligent lightweight agent in our cloud-based dynamic graph database called ThreatGraph. Our Falcon platform integrates 10 cloud modules via software as a service subscription-based model that spans multiple large markets, including endpoint security, security and IT operations, and threat intelligence to deliver comprehensive breach protection even against today's most sophisticated attacks. We believe our cloud-native platform gives us a fundamental competitive advantage as we capture data once and reuse it and monetize it many times over. our customers can try new modules already populated with their data for free. This creates a high-velocity, cross-selling model. In fact, there are a number of key attributes that we believe set the Falcon platform apart from other solutions in the market. First, our solution is rapidly deployable, easy to use, and unlocks the power of crowdsourced data. It gets smarter the more data it consumes. increasing our effectiveness, intelligence, and competitive advantage with each new customer and endpoint or workload joining our crowdsourced network. Second, all of our cloud modules are powered by a single intelligent agent, allowing customers to consolidate and remove numerous agents from their infrastructure and restore endpoint performance. Our lightweight agent is designed to be automatically installed and operational on an endpoint, in less than 30 seconds. That's without any reboots. This is an important attribute for customers as they do not want to reboot their entire business to adopt a new solution. Solving this engineering challenge was critical for providing immediate time to value for our customers. Another key aspect of our agent is its ability to dynamically capture high fidelity data with our proprietary smart filtering technology. What matters to stopping breaches is the quality and the type of data that we obtain and analyze. Smart filtering is critical to capturing the right data on both real-world attacks and benign behavioral patterns to continually train and enhance our algorithms, resulting in industry-leading threat detection and low false positive rates. CrowdStrike's smart filtering technology also allows us to take full advantage of the cloud, Our cloud-native approach outperforms other solutions that may be forced to store their data locally or inefficiently stream unfiltered data from endpoints to on-premise controllers which crush networks and endpoint performance. And third, all the data we collect is stored in one place, not on-premise or stuck on the endpoint itself, but in the cloud, where it is analyzed almost instantaneously across our entire customer base. To handle all this telemetry, we built our own proprietary distributed graph database that we call ThreatGraph. We like to think of ThreatGraph as the brain of our system. It is capable of dynamically scaling to meet demand. Every week it processes, correlates, and analyzes over one trillion events across our global customer base in real time. What makes our ThreatGraph so unique is and powerful is its ability to very quickly discover and identify relationships and patterns within the data to see and stop attacks that are invisible and undetectable using conventional legacy solutions. ThreatGraph lets us apply cloud-scale AI to this data to stop breaches in real time. Today, we serve over 3,000 subscription customers We protect many large organizations across all major verticals, including nine of the top 20 banks, over 40% of the Fortune 100, and government agencies around the world. Our ease of use, rapid deployment, and exceptional efficacy also makes our solution a natural fit for small and mid-sized organizations, which often do not have large internal security teams. In the first quarter, we saw strong customer momentum. I will take a moment to highlight a few of the notable customer wins that showcase initial adoption drivers of the Falcon platform, as well as our ability to expand within existing accounts. Key themes we often hear from customers are the need to simplify their security stack, reduce the number of agents on their endpoints, and gain the advantage of a true cloud-native endpoint security platform. Take the example from this quarter of a health insurance provider that was using a number of tools from other security vendors, including EDR from a next-gen vendor, AV from a legacy vendor, and a variety of tools embedded in the operating systems of their servers and workstations. Yet this company had issues with alert fatigue and had difficulty scaling its patchwork of solutions as the business was growing. To solve these problems, they dropped the old setup and rolled out CrowdStrike's Falcon platform given its ease of deployment, single-agent architecture, and ability to take advantage of crowdsourced data by adding our threat hunting module, Overwatch. In Q1, we also displaced a legacy AV vendor at a mid-sized pharmaceutical company. The board and leadership team at this company had a growing concern about their current state of security and the level of adversary activity they were seeing. They also knew they had limited cybersecurity personnel and a skills gap, which is another demand driver we commonly see among prospective customers. This company quickly identified our turnkey Falcon Complete offering to help them easily address their skills gap and fortify their cyber defenses. Next, I will highlight a win that represents our tremendous opportunity to expand within our customer base. This customer is in the public sector, which also speaks to our growing success in that segment of the market. We initially engaged with this large U.S. city back in 2016 on a small deployment of 15,000 endpoints to replace a fossilized AV vendor that was failing to provide protection and value. We replaced that vendor with our combined EDR next-gen AV offering, plus Overwatch. Based on the success of the initial deployment, we expanded our footprint to over 250,000 endpoints the following year. And I'm pleased to report that in Q1 of this year, we have increased coverage to 400,000 endpoints and sold additional cloud modules, including Falcon Discover for IT hygiene, Falcon Device Control, Falcon Spotlight for vulnerability management, and Falcon X for integrated threat intelligence. This is a great example of how we can land a new customer and expand that relationship by adding endpoints and modules over time. Our Falcon platform is one of the most strategic security purchases they have made in many years. These wins represent just a few of the 543 net new subscription customers that selected CrowdStrike in G1 to help them stop breaches and protect their organizations. Driving the adoption of our platform is a robust sales and marketing engine that continues to deliver an increasing number of new logos while consistently removing friction from the sales process. Increasing our customer base is a key component of our growth strategy, and we will continue to invest in customer acquisition programs, channel partnerships, and frictionless go-to-market programs, including free and in-app trials. In addition to winning new customers at a rapid pace, we are also focused on expanding our relationship with existing subscription customers by deploying additional cloud modules and protecting more of their endpoints. Our dollar-based net retention rate speaks to the efficacy of our solution in our successful land and expand sales model. As of January 31, 2019, we had a dollar-based net retention rate of 147%. While this metric can fluctuate quarter to quarter, our benchmark is 120% or above, which we again exceeded in Q1. While we started in the endpoint security market, given the nature of our cloud-native architecture, we're able to rapidly innovate on top of our platform and build new modules for additional functionality and use cases not typically associated with endpoint security. Since 2016, we have launched seven new cloud modules, and today we address five markets, corporate endpoint security, threat intelligence, security and vulnerability management, IT service management software, and managed security services. Combining these market segments, we estimate that our global market opportunity is $24.6 billion in 2019 and growing to over $29 billion in 2021. To help drive future growth, we plan to continue to develop new cloud modules to address broader endpoint use cases, such as IT configuration management and IT operations. To measure our success executing on our platform strategy, we look at the percentage of all subscription customers who have adopted four or more cloud modules. This percentage rapidly grew to 30% by the end of fiscal 2018, and grew to 47% by the end of fiscal 2019. In Q1, we continue to see an upward trend in this metric. In looking at our future growth prospects, it is common for those new to the CrowdTrack story to only think about the opportunity as endpoints, such as desktops and servers. However, we think about the opportunity differently and more broadly than that. We expanded our market opportunity by securing a wider array of workloads, which includes desktops and servers, virtualized and cloud environments, IoT devices, and containers. In Q1, we expanded our market opportunity even further when we introduced Falcon for Mobile that supports Android and iOS. This is a powerful vector for growth. These workloads need to be protected, and they are growing with every new connected device and every new cloud instance. We also intend to grow by broadening our reach into new international markets and customer segments, including smaller organizations, as well as acquiring customers in the federal government vertical. And lastly, we see significant longer-term opportunity with new workloads and applications within the CrowdStrike store. The CrowdStrike store offers the first and only unified security cloud ecosystem of trusted third-party applications. This sets the stage for us to further expand our TAM and grow in segments outside of security, such as IT operations and compliance. In summary, we cannot be prouder of our important mission, protecting our customers from devastating attacks, business disruption, and a theft of IP and financial resources. In addition to stopping breaches, we also help our customers reduce cost and complexity, which differentiates us in the security marketplace. We have built a high-performing and enduring business with multiple engines for growth and a frictionless go-to-market strategy. We are excited by our future opportunities and look forward to your support as we advance on our journey to become the leading endpoint security platform and ultimately the de facto endpoint platform of the future. With that, I'll turn the call over to Bert.

Thank you, George, and good afternoon, everyone. I'd like to express how pleased we are with the level of interest we have received from our analysts and investors. We look forward to getting to know you and keeping you updated on our performance. Today, I will provide a brief overview of our first quarter financial results, target operating model, and our second quarter and full year 2020 guidance. As a quick reminder, unless otherwise noted, all numbers except revenue mentioned during my remarks today are non-GAAP. Across the board, we delivered an outstanding first quarter with strength in multiple areas of the business, including ARR growth, revenue growth, and subscription growth margin improvement. We view annual recurring revenue, or ARR, as a key metric to measure our business, given it is driven by our ability to acquire new subscription customers and to maintain and expand our relationships with existing subscription customers. We define ARR as the annualized value of our customer subscription contracts at the end of the quarter, assuming any contract that expires during the next 12 months is renewed on its existing terms. In the first quarter, we delivered 114% ARR growth to reach $364.6 million, of which $52 million was net new ARR added in the quarter. This growth was driven by a strong quarter for new logo acquisition combined with low contraction in churn within our existing customer base. Total revenue more than doubled over Q1 of last year to reach $96.1 million. Approximately 90% of our revenue is subscription-based with no perpetual licenses, giving us a strong, scalable, recurring revenue base and a business model that vanishes. In the first quarter, subscription revenue grew 116% over Q1 of last year to reach $86 million. The remaining 10% of our total revenue is derived from our strategic professional service offerings, which include incident response and proactive services that are generally sold separately from our subscriptions. While professional services carry a lower gross margin than our corporate average, it is a small portion of our revenue base, and we view it as strategic. We have been able to derive an average of about $3 of subscription ARR for every $1 spent on an initial incident response or proactive services engagement. To be clear, these are customers that are new to CrashRank. In terms of geographic breakdown, approximately 75% of first quarter revenue was derived from customers in the U.S. and 25% from international markets. Moving to our operating results. We are focused on building a long-term business with sustainable growth and compelling margins. In Q1, we continue to recognize operating leverage in our SaaS model and the benefits of scale, even as we increase investments in our global reach and cloud platform. First quarter non-GAAP gross margin improved to 70% from 59% a year ago. Our non-GAAP subscription gross margin increased to 73% from 62% in Q1 of last year. The improvement is primarily attributable to the efficiencies around hosting and data center costs and the uptake of multiple cloud modules by our customer base. Our collect once, reuse many data strategy means that after the first module subscribed for by that customer is paid for and covers the cost of data storage and most computational costs, each additional subscription module carries a very high margin. Total non-GAAP operating expenses in the first quarter were $89.2 million, or 93% of revenue versus $59.4 million last year, or 126% of revenue. Scaling and growing our business efficiently is a top priority, which is why we focus on our unit economics metrics, including magic number. In Q1, we ended with a magic number of 1.1. Key factors driving our unit economics include our strong growth and net retention rates, our highly efficient, low-friction sales and marketing programs that continue to drive subscription revenue growth. We have a proven history of disciplined investing and remain committed to maintaining a thoughtful balance between generating top-line growth and achieving operating leverage. Going forward, we plan to make continued progress in driving toward break-even and beyond, but it may not be in a linear fashion depending on the timing of expenses. As a result of our rapid top-line growth, improving growth margin profile, and continued disciplined approach to investing in our business, we drove strong operating leverage in the quarter, with our operating margin improving 43 percentage points year over year. Non-GAAP net loss was $22.1 million, or $0.47 per share, which compares to a non-GAAP net loss of $31.7 million, or $0.73 per share, in Q1 of last year. The weighted average common shares used to calculate first quarter EPS was 47.2 million shares in Q1 fiscal 2020 and 43.6 million shares in Q1 2019. Before I discuss our balance sheet, I'd like to review our long-term operating model. On a non-GAAP basis, we are targeting gross margin to be in the 75 to 80 plus percent range. As a percentage of revenue, we are targeting non-GAAP sales and marketing to be 30% to 35%, R&D 15% to 20%, and G&A 7% to 9%. We anticipate this will lead to a non-GAAP operating margin of 20% or greater. Turning now to the balance sheet, we ended Q1 with $175.1 million of cash, cash equivalents, and marketable securities. Subsequent to the close of the quarter, we received net proceeds of $659.1 million from the IPO. Cash flow from operations in Q1 was positive $1.4 million, and free cash flow was negative $16.1 million. Moving to our guidance for the second quarter and full year fiscal 2020. For Q2, total revenue is expected to be in the range of $103 to $104 million, reflecting a year-over-year growth rate of 85% to 87%, with subscription revenue being the dominant driver of growth. We expect non-GAAP loss from operations to be in the range of 29.1 to 28.6 million, and non-GAAP net loss to be in the range of 30.5 to 30 million. Utilizing weighted average shares using computing non-GAAP net loss per share, basic and diluted of 129.9 million, We expect non-GAAP net loss per share, basic and diluted in the range of 24 to 23 cents. For full year 2020, we expect total revenue to be in the range of 430.2 to 436.4 million, reflecting a growth rate of 72 to 75%. Non-GAAP loss from operations is expected to be between 113.4 and 110.4 million, and non-GAAP net loss is expected to be between 105.9 and 103.2 million. Utilizing weighted average shares used in computing non-GAAP net loss per share, basic and diluted, of 147 million, we expect non-GAAP net loss per share to be in the range of 72 to 70 cents. We are pleased with the strong results we are reporting today and believe we have the capacity and resources to continue driving the business forward over the long term. We are excited about CrashFight's new phase as a public company and appreciate your ongoing interest and support. George and I will now take your questions. Operator, we'd now like to open the lines for questions.

Thank you, sir. Ladies and gentlemen, if you have a question at this time, please press star then one on your touchtone telephone. Again, that's star, then one on your touch-tone telephone to ask a question. If your question has been answered or you wish to remove yourself from the question queue, please press the pound key. To prevent any background noise, we ask that you please place your line on mute once your question has been stated. We ask that you please restrict yourself to one question and one follow-up. Our first question comes from the line of Heather Bellini of Goldman Sachs. Your question, please.

Great. Thank you so much, gentlemen, for taking my question, and congratulations on your first quarter out of the gate. I wanted to follow up on some of the comments you made about the, you know, ultimate expansion into things like IT ops and APM, and just wondering, you know, given just trying to think outside of the endpoint market, as you referenced, how do you think you're positioned in that market versus the competition? And just if you could share with us, you know, kind of is this Is this kind of the customers kind of driving you into that market? And, again, just share with us how you feel like you're positioned to start taking share in that market over time. Thank you.

Sure. This is George. Thanks, Heather. So I think it really is an extension of what we've already built and continue to refine in our IT ops and our Discover module, and it's just add-ons to what we've been seeing from a customer perspective. Getting back to the overall model of the single-agent architecture, the ability to collect data at one time, it becomes easy for us, if you will, to be able to represent that data and help customers understand the current configuration they have, help them provide more efficient IT operations once they have visibility into applications and the system health and things of that nature. So it really is just an extension of what we've already been doing. And when we think about the opportunity, again, as these workloads proliferate, right, whether it's a desktop server, an IoT device, a cloud instance, a containerized instance, they all need some level of protection and visibility, and really this is just an extension to collecting the data that we already have and being able to display that in a workflow that makes sense for our customers.

Great. Thank you so much.

Thank you. Thank you. Our next question comes from the line of Sterling Odie. I'm JP Morgan. Your line is open.

Yeah, thanks. Hi, guys. I wonder if you could give us an update on how your partnerships are developing, especially with, you know, partners like Dell.

Yeah, hi, Sterling. It's Bert. So I would characterize our partnership with Dell as the new leanings in terms of ARR generation versus where we think we can go with Dell. You know, we have access to it. every global business from their customers around the world. The upsell opportunity is significant. Anything from technical integration to market integration is exciting. Ultimately, we feel that the global partnership will accelerate expansion into markets where they have a strong presence, such as in Federal or EMEA or APJ.

Gotcha. And then one follow-up. In terms of the module adoption, you know, for investors that are newer, what's kind of the most popular modules that you see within the ones that get upsold once a customer comes on?

Right, that's a good question. So as you saw in the S1, we're in a great spot. We've got 47% of our existing customers having four more modules in Q4. We saw that in Q1 the trend continued. For us, it goes back to how George first thought about the company, which was about next generation AV, EDR, and Overwatch. Those were the the three things that he came out with, and those are our core to our business, and that hasn't changed. All the other ones that we've talked about, you know, whether it's device control or whether it's Discover, all those come in and they can come in equally depending on what the customer really wants to do. Great. Thank you.

Thank you. Our next question comes from the line of Tal Liani of Bank of America. Your line is open. Hi, guys.

I'm trying to work next quarter numbers. If I put your guiding way higher than we thought, if I put $103 or $104 million in revenues, I don't get minus $0.23. I get deeper loss. So that means your margin assumptions are better than what we're expecting. Can you elaborate on gross margin and OPEX assumptions for next quarter? Thanks.

Thanks, Paul. So, it's Bert. So, as we think about guidance, we think about guiding improvement based on the things that we know today, not necessarily on the things that we don't know. As we think about the future and to the guidance, we think about both improvements on the top, improvements on gross margin, and OPEX. And as we think about the splits between OPEX and gross margin, we think it's about 50-50 in terms of how we think about the improvements and the benefit there.

So still your targets, long-term targets, same targets, you're reiterating your targets?

I am reiterating the targets, correct.

Okay, perfect. Thank you. I don't have a question on the fundamentals, straightforward quarter. Thanks.

Thank you. Our next question comes from the line of Saki Kalia of Barclays. Your question, please.

Hey, guys. Thanks for taking my questions here. First, maybe for you, Bird, you know, we spoke about some of the different modules in your prepared remarks, but can you talk about some of the different packages out there, like Falcon Pro, Falcon Enterprise, and, of course, Complete? Maybe just qualitatively what you're seeing from a high level in terms of adoption across some of those different packages or bundles that you offer.

Sure. Hey, second, this is George. I'll take this first shot at this. So if we look at pro, which is really our prevent and our Falcon X, that has wide adoption in the smaller SMB and corporate space. Obviously, the enterprise package can be applicable to a large organization, a corporate company, or even a large enterprise. And as we continue to go up the fee chain, if you will, with premium, we have, as we've talked about, we have many of our customers actually have Overwatch and Discover. And, you know, it really depends on the overall organization. Certainly enterprise and premium are going to be more applicable to the larger organizations. And the pro version, just pure antivirus, if you will, next-gen AV antivirus with our Falcon X technology can be useful for a smaller organization. The beauty of the model is once people understand our technology, it is easier to upsell them into an EDR technology where, as a smaller company, maybe they weren't quite exposed to it. But given our technology, how it works, how easy it is to use, and combine that with Overwatch, it makes for an effective cross-sell. So hopefully that gives you at least an idea of where we're seeing the traction. And, again, our overall goal, even for large enterprises, is you could have a trial in a large enterprise of just the pro product, but then we can quickly come in and cross-sell them or up-sell them in the sales process into a package that fits their enterprise. So it can leak into the enterprise just from the free trial, which is really exciting to us, and it doesn't just have to be a next-gen AV sale.

Got it. It's Bert. I'll just add on to that. As we think about what I just talked about in terms of the module adoption, as we continue to come out with different bundles and as we continue to bring new modules to the marketplace, we anticipate that not only the adoption within our existing customer base will increase, but the amount of modules that each customer will have will increase as well.

Got it. Got it. Maybe just to stay with you, George, you brought up the CrowdStrike store quickly in your prepared remarks. You know, realizing it's early, can you just talk a little bit about the pipeline of potential partners that you can work with there and maybe some broad brushes on, again, realizing it's early, how you sort of envision some of the commercial terms as those partners leverage some of the CrowdStrike data that you're able to collect?

Sure. So we've got close to a dozen partners that are in process and investigation phase. I think just to reiterate what we talked about is making sure that we've got the quality versus just quantity in the store. And it certainly is early days as we continue to underscore. I think when you look at the opportunity, the opportunity is much broader than that. You look at our technology fundamentally, what do we have the ability to do? We have the ability to gather large amounts of data at scale. It could be security-related data. It could be non-security-related data. And we have the ability to take actions. And this is very important for organizations of all sizes. And ultimately, having them interact with third parties or create their own workflows is very exciting to these organizations. So it's still early days, but we're focusing on getting the right partners in. And when we think about the revenue opportunity, Burke can comment some more specifically around this. But in terms of how we look to go to market with these partners, the more of the service offerings, the behind-the-scenes APIs, if you will, that they use, the greater revenue share that we would get. So the more they consume our platform, the less that they have to spend on their own, and the more revenue from a rev share perspective we would be able to take advantage of.

Sure. And to expand on that just a little bit, as we look at each partner, we look at it on a case-by-case basis. And for us, as we think about, you know, the opportunity we would derive, didn't that revenue share from that?

Very helpful, guys. Thanks very much.

Thank you. Our next question comes from Brad Zelnick of Credit Suisse. Your line is open.

Hi, this is Rachel Lauren on for Brad. Congrats on the quarter. And, you know, it was really, really great seeing the outlook. I just wanted to ask, are you seeing Windows 10 adoption as an opportunity as customers reevaluate endpoint security? And, you know, are you seeing more interest for Microsoft Defender ATP?

Yeah, this is George. I'll take this. I think any time you have a transition between Windows 7 and Windows 10 and operating system change, there's always an opportunity for us to get built into the overall goal of images, and we continue to see that. With respect to other partners out there, or I should say other competitors, I mean, there's a variety of competitors that are out there. We've, I think, done a great job because of our platform support for technologies beyond just Windows. So in a heterogeneous environment, companies want coverage not only for Microsoft 10, but they also want it for Linux and Mac and other devices. So I think that's an area where we have a distinct advantage over our competition in terms of our platform support, particularly in the Linux environment.

Gotcha. Thank you. That's helpful. And as a quick follow-up, you guys reported a really strong net retention rate. and I wanted to know kind of are you seeing more adoption in terms of increasing endpoints, or is that more coming from increasing module adoption?

Hi, it's Perg. So we see it from both. We're going after both, you know, both whether or not, you know, an existing customer has done an acquisition, then we would get more endpoints, or if it's the ability to upsell with our in-app trials, and we're seeing actually adoption of both.

Gotcha. Thank you very much.

Our next question comes from John DeFucci of Jefferies. Your line is open.

Thank you. I have a question for George and a follow-up for Bert. So, George, Bert pointed out that every incremental product customer buys improves margins, and that makes a lot of sense because they all work off that foundation that you talked about, the graph database and the lightweight endpoints. And you pointed out 47% at the end of the last year, or fiscal year, up from 30% actually have four or more products. I know you said that the trend continues. Can you give us any more on that? Because I happen to think that it's not just about the improved margins. It's also the stickiness. As you know, you've worked at other endpoint vendors, too. The stickiness of endpoint is something that investors look at, and they question how sticky is it going to be. Right. You're much more than that. The more you are much more than that, the more sticky I think you're going to be. So can you give us any more color around that, better than 47%?

Well, you know, I think in general just some color for the overall approach that we've taken. And just to maybe double-click, we talked about that city that I spoke about in my example earlier where we started, you know, small and then have expanded out those modules. And that being one of the most strategic security purchases they made, I think that really underscores how strategic we are, how sticky we are with customers and our ability to add new modules. And what's really interesting is now with customers, they routinely say, okay, before we're going to purchase something else that maybe is a module that we don't have today, they always ask us, will you have this module and or will it be in your store? Because they don't want to make a buying decision saying, that is outside of the Falcon platform. It's very similar to the way many customers look at Salesforce as an example, right? You want to have it all integrated. So we've seen that level of strategic interest in what we're building to make sure that they can harmonize on that before other purchases. I think that's really a good indicator of the stickiness. I don't know if you have any other comments.

Yeah, I know you want to drill a little bit more into, you know, where we think we can go above the 47%. I mean, as I said, the trend, you know, continues in Q1. But I think, really, we have quite a few customers that have all of our capabilities. And, you know, that's going to put, you know, some upward momentum to that number, and we expect to see that.

Okay. Okay, great. And, Bert, I think Tal mentioned about the guidance being the surprise here. As you know, from the S-1, we had a look at what the numbers for the quarter would be, and you actually did a little better than that. But the real surprise here is the guidance, which is much better than where we were anyway, and I think most people, adding almost 10 percentage points of growth to revenue for the year, and we know how that works. So I guess the question is, I mean, you've got two weeks left to this quarter, right? You have insight into this quarter, and obviously you got it for that, but the pipeline, I guess that's reflective of that. Can you give us a little more color around the pipeline and what you're seeing as far as momentum in the market right now?

Yeah, John. Yeah, sure. So definitely, I think the momentum is continuing. I think the overall strategy where we've got modular expansion and then even on the bottom, when we think about optimizing, you know, our cloud, our cloud approach, which is our hybrid cloud approach between using a public cloud provider and Ocolos. And then finally, of course, the refinement, you know, of our ability to smart filter. I think those three things continue to allow us to see momentum in the marketplace today. When I think about, you know, the strong guidance, again, the guidance is based on, you know, things that I know today and not necessarily things that I know tomorrow. You know, historically, you know, we've had the benefit of running the table quarter on quarter, and I think it would be prudent not to guide that way in the future because we just don't know. But the momentum that we've got clearly from the strategy that we've taken is showing in the marketplace and in the guidance that we just gave. Great. Okay.

Thanks. And nice job, guys.

Thanks, John.

Thank you. Ladies and gentlemen, at this time, we ask that you please limit yourself to one question. Our next question comes from the line of Matt Hedberg of RBC Capital Markets. Your question, please.

Hey, guys. Thanks for taking my question. I see we're running a little late, so I'll try to keep it to one. I can have multiple here, but well done in your first quarter. I wanted to ask the question about module a little different way. You know, Bert, can you provide some color on the level of catch of multiple products for new customers? Obviously, you don't have to disclose that, but I'm wondering if you can kind of help us out versus the trend, say, a year ago, understanding a lot of your products have been introduced in the last couple of years. But kind of curious on if new customers are coming in at a higher rate than maybe you expected as well.

You know, we're very proud of the fact that the new customers that are coming in, you know, are buying bundles out of the gates. So the majority of our new customers are buying more than one, more than two of our modules. Actually, the majority are buying three. And so we're very proud of that, and we're continuing to, you know, delight our customers, and that gives us a chance to touch those that are coming in three. And, you know, there's a lot of customers that come in with more than that. So for us, as we think about, you know, bringing more modules to the marketplace, we would expect that to grow.

Great. Thanks a lot, guys.

Thanks. Your next question comes from the line of Gert Alpas of Steve Hoyt. Your line is open.

Great. Thanks for taking my questions, and congrats on a strong start here at the public company. I'll keep it to one for you, George. You alluded to this in prepared remarks, but I was hoping you could extrapolate a little bit. How difficult would it be for someone to effectively replicate a your cloud architecture with your single lightweight agent? I mean, if somebody was to come in today and try to do what you do, how much would have to go in to ultimately replicate your strategy and your go-to-market?

Well, there's a lot of core IT that we've built into the technology, and we started in 2011 as the first cloud-native endpoint security vendor, and obviously there's a lot of lessons learned between now and then. I think there's key elements that we have that we've built. Number one is a single lightweight agent. It doesn't require reboots. That really helps time to value and adoption. I think number two is the proprietary graph database that we've built, right, with our time dimension to it. Very hard to replicate at scale. We didn't pick an open source technology because it's just been scaled to what we needed and didn't have time. some of the elements. And then the modular framework, to be able to add modules and views at scale, it's just a really, really hard thing to do. And, you know, you have a lot of folks that talk about cloud, but the reality is there's cloud management, there's cloud native, and you really have to start from a single sheet of paper. I don't think it's any different than the Salesforce Siebel analogy that you just can't take something that started on-premise and try to jam it into a cloud and call it cloud native. So in our mind, it's a difficult thing to do. And more importantly, anyone coming into the space would really have low margins and have to go through a painful process of margin migration upwards. Obviously, you've seen we've gone through this, but a lot of it really is based upon the core IP that we've built, which is very unique. And the data mode maybe is the last piece that I'll say is once you collect that amount of data, it keeps building on each other. on itself, I should say. And, again, that becomes a very hard thing to replicate, the sheer amount of trillions of events that we collect each week.

Awesome. That's great, Keller. Thanks, George. Thank you.

Thank you. Our next question comes from Sarah Henley of Macquarie. Your line is open.

All right, great. Thank you so much, guys. I have a question around new customer ads, which were really, really strong this quarter. I'm hoping you can tell me, you know, what factors you think are primarily driving that and how we should think about it going forward.

Hey, this is George. Let me at least start here. I think what we're seeing, again, is the recognition in the marketplace, whether it's analyst recognition, whether it's the single agent cloud architecture, the adoption of new cloud modules, the adoption of workloads where customers are looking for something that's simple, media time to value and just works. I think we've done a good job in the free trials. We continue to see a lot of momentum where customers are coming in and very easily and quickly seeing the value of our technology, and then we can convert that with a very robust inside sales team. So we see a lot of momentum in that space. And I think it's just a recognition that traditional legacy players are not really capable of dealing with advanced threats and customers are looking for something different, more importantly, in a cloud-based architecture to match their needs as they migrate other technologies into the cloud.

Yeah, that's right. And for us, as excited as we are, and we've been talking about, you know, the upsell into our customer base, we're equally as excited to go after our new customers. And we are focused on going after both. We believe that we have a lot of headroom in both new logos as well as upsell into our customer base. And we compensate our sales team the same for either one of those sales. So we're excited to go after both of those.

All right, great. Thank you, Bert and George. And then I had a follow-up in terms of the new modules. You know, I know it's still early days, but I'm just wondering how the pricing is shaping up as you're starting to really crack into these new markets. Is it similar pricing dynamics to EBR? You know, what are you thinking early on here?

Yeah, so as we think about pricing for our new modules, you know, we take a look at what we've done in the past, you know, what the market will bear. We have, you know, a great read on, you know, what customers have been able to absorb according to their budgets. And so for us, as we think about the fact that once you've bought that first initial module, you're absorbing a lot of the initial costs, and we have a lot of flexibility in terms of where we want to go with our pricing as new modules come out. And so we've been able to benefit from that.

Thank you very much, George and Bert. And congrats on the quarter.

Thank you. Our next question comes from Andrew Nowinski of Piper Jaffray. Your line is open.

Great. Thank you. And congrats on the nice start. So I just wanted to follow up on your comments about how malware is running circles around the fossilized vendor solutions that are in the market. Has the recent news related to Symantec created enough disruptions where you're noticing an improvement in your win rates, particularly over Symantec?

Well, any of the legacy vendors we continue to take share from, and, again, I think it's a recognition of customers that are trying to transition to a true cloud architecture. You know, we don't really get focused on their distractions. We continue to focus on building the best endpoints. security and platform technology that's out there. And, you know, that's why we win. We show the value in the sales process of what we can deliver, how we can protect against breaches, and more importantly, how we can create a modular framework that allows them to consolidate the bloated number of agents they have with a single lightweight agent that can do the work of many. And I think that's why we continue to win in all areas of business. Okay, thanks.

Keep up the good work, guys.

Thank you. Thank you. Our next question comes from Terry Tillman of SunTrust. Your line is open.

Yeah, thank you, gentlemen, and congrats as well on the IPO and the strong results. Maybe, Bert, my question for you is, as we're just looking at our models and now updating and post the final results for 1Q and then the guidance, how do we think about seasonality from a standpoint of some of the inputs, like new customers, as we drive our IRR numbers throughout the year? Is your business kind of still not at a point where there's a lot of seasonality and things just continue to ramp each quarter. Any comments around seasonality? Thank you.

Sure. So we do have some seasonality. We do see dips in Q1 from Q4, but we generally tend to build from there. But as you think about your models, you know, clearly look at our Q1 and run with that. That's how I think about it. Thanks.

You're welcome. Thank you. Our next question comes from Eric Suffiger of JMP. Your line is open.

Yeah, thanks for taking my question. Just in general, I'm curious, what difference has the IPO made for you? Has that changed hiring? Has that changed marketing opportunities? What changes have you seen in light of your higher profile at this point?

Yeah, this is George. Obviously, it was a financing event for us, but there's certainly a marketing aspect and awareness worldwide, so we continue to see more and more awareness of CrowdStrike and what we do and just how different we are from all the other technologies that are out there, and I think it served as a good event to provide a level of awareness that maybe wasn't available outside of the U.S., and I think we'll continue to to create a broader presence, particularly in the international markets, as a result of this IPO process.

Does it make a difference from a hiring perspective?

Well, from a hiring perspective, I think what's really interesting is the amount of data that we have and just the technology and the science that we have may not have been as well known. And when we think about some of the leading tech companies that operate at scale, I would put ourselves in that category. So for folks that really are looking to deal with data science and data at scale, they get really excited about what we've done, and I think we've been able to shine a light on that through the IPO process. Great. Thank you.

Thank you. Our next question comes from Greg Moskowitz of Mizzou Health Securities. Your line is open.

Yes, hi, this is Michael Malian for Greg. I was just wondering, what did you see with respect to the pricing environment this quarter?

Yeah, so for us, you know, it's been consistent with prior quarters. We haven't seen anything that has been unusual, and it's been basically business as usual.

Thank you. Our next question comes from the line of Alex Henderson of Needham. Your line is open.

Thank you very much. I have a question I wanted to ask that was the only thing that came back at me with any dissidence when we've been talking about the company over the last couple of months. Really, the question was around your relationship with Splunk. As I understand the threat graph, a big piece of the customization of the threat graph was around the time variable and making sure that you have very accurate understanding of when things happen in order to anticipate the rollout of tax. To the extent that you're tied in with Splunk, how important is that relationship with Splunk, given your time-based relationship, or is there some things that you're getting from the logs that you're just not picking up otherwise?

Yeah, I mean, it's pretty simple. The Spork relationship is really just for presentation purposes. So the graph database, the collection, everything is all our technology. And threat hunters tend to like to hunt and peck and search around. So we use Spork, which they're very familiar with, as a presentation layer, and that's the extent of it. So it's not really used for anything other than that. Perfect.

That's exactly what I thought. Thank you.

Thank you. Our last question is from Shaul Eyal of Oppenheimer. Your line is open.

Thank you. Good afternoon, gentlemen. Congrats on the strong set of results as well as the outlook. George, thanks for your three customer examples in a number of verticals you provided us with earlier in the call. Of the 443 net new subscription customers, can you talk to us broadly about or the average size of customers, was it SMB, was it mid-market, or maybe high-end enterprise? Just some color along these lines. Thank you.

Okay, yeah, so just to clarify, it was 543. And it's really adoption across the board, whether it's large enterprise or smaller mid-market customers. I think the beauty of the model is, is that we have been able to go down market very effectively. We started in the enterprise, and then we've been able to go down into the corporate space and ultimately into the small SMVs. And it's really because of that immediate time to value, up and running without really any configuration and immediate time to value. So it's across the board. We continue to see large enterprises switch off their incumbent vendors to CrowdStrike. and embrace the single-agent architecture. So, you know, we anticipate that trend continuing.

Understood. Thank you, and congrats again.

Thank you. Thank you. At this time, I'd like to turn the call back over to George Kurtz for any closing remarks.

Sir? All right, great. Thank you. Great questions, and I want to thank all of you for your time today. We appreciate your interest. and look forward to speaking with you next quarter. Thanks so much, and have a great day.

Ladies and gentlemen, that does conclude today's conference. Thank you for your participation, and have a wonderful day. You may disconnect your lines at this time.