This conference call transcript was computer generated and almost certianly contains errors. This transcript is provided for information purposes only.EarningsCall, LLC makes no representation about the accuracy of the aforementioned transcript, and you are cautioned not to place undue reliance on the information provided by the transcript.
8/31/2021
Thank you for standing by and welcome to the CrowdStrike Holdings Second Quarter Fiscal Year 2022 Financial Results Conference Call. At this time, all participants are on a listen-only mode. After the speaker's presentation, there will be a question-and-answer session. To ask a question at that time, please press star then 1 on your touch-tone telephone. As a reminder, today's conference call is being recorded. I will now turn the conference to our host, Ms. Maria Rowley, Vice President of Investor Relations. Please go ahead.
Good afternoon, and thank you for your participation today. With me on the call are George Kurtz, President and Chief Executive Officer and co-founder of CrowdStrike, and Bert Podware, Chief Financial Officer. Before we get started, I would like to note that certain statements made during this conference call that are not historical facts, including those regarding our future plans, objectives, growth, and expected performance, including our outlook for the third quarter and fiscal year, 2022 are forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. These forward-looking statements represent our outlook only as of the date of this call. While we believe any forward-looking statements we make are reasonable, actual results could differ materially because the statements are based on current expectations and are subject to risks and uncertainties. We do not undertake and expressly disclaim any obligation to update or alter our forward-looking statements, whether as a result of new information, future events, or otherwise. Further information on these and other factors that could affect the company's financial results is included in filings we make with the SEC from time to time, including the section titled Risk Factors in the company's quarterly and annual reports that we file with the SEC. Additionally, unless otherwise stated, excluding revenue, all financial measures discussed on this call will be non-GAAP. A discussion of why we use non-GAAP financial measures and a reconciliation schedule showing GAAP versus non-GAAP results is currently available in our press release, which may be found on our Investor Relations website at ir.crowdstrike.com or on our Form 8K filed with the SEC today. With that, I will now turn the call over to George to begin.
Thank you, Maria, and thank you all for joining us today. We delivered an outstanding second quarter with rapid subscription revenue growth and record net new ARR generated in the quarter. We saw strength in multiple areas of the business, added $150.6 million in net new ARR, and grew ending ARR 70% to exceed $1.34 billion. Our continued strong performance was driven by the groundswell of customers turning to CrowdStrike as their trusted security platform of record. We saw strong demand across the market, which for us spans large enterprise, mid-market and SMB customers. Our success in gaining share in each of these market segments is reflected in our net new customer growth rate, which on an organic basis accelerated in the quarter. In total, 1,660 net new customers chose CrowdStrike as their security partner, bringing our customer count to 13,080. The CrowdStrike brand is viewed as the gold standard in security. We designed the Falcon platform and our security cloud to add value and improve the security posture of any organization, regardless of size and sophistication. Customers new to CrowdStrike this quarter included a household name in the consumer security space, one of the largest nonprofit healthcare organizations in the United States, a Fortune 50 global insurance provider, and our security partner, Proofpoint, who we are excited to deepen our relationship with as both a technology and security partner. I'm also pleased to highlight that Workday, a cloud pioneer and leading provider of enterprise cloud applications for finance and human resources, which CrowdStrike also uses, has now standardized on CrowdStrike Falcon across their multi-OS fleet. The threat environment remains fierce, as expanding attack surface and inherent vulnerabilities in widely used operating systems, along with the complexity of Active Directory, leave companies of all sizes open to attack, and provide a rich feeding ground for sophisticated and novice e-criminals alike. The lessons learned from recent attacks emphasize that a breach involves more than just malware, which is why companies need to employ a holistic breach prevention strategy rather than overly relying on malware prevention, regardless if it's legacy or next gen. As I have said before, nearly every breach you have ever heard of had two things in common. The victims had both a firewall and an antivirus solution, which is why we built the Falcon platform from the ground up to stop breaches and not just prevent malware. With this mission, CrowdStrike has turned the tables on the adversaries and has become a trusted leader in security. Meanwhile, competitors fall further behind as they continue to blindly promote a strategy that relies on malware prevention versus a comprehensive solution focused on people, process, and technology that stops breaches. According to recent data from our customer-based index by threat graph, more than half of detections analyzed were not malware-based. Attackers are increasingly attempting to accomplish their objectives without using malware. They are exploiting the proliferation of vulnerabilities and abusing systemic weaknesses in identity architecture to get on the system and then moving laterally, thus making it more difficult for legacy and next-gen malware-focused products to be effective because they are not focused on breach prevention. To further demonstrate my point, I'd like to share a recent customer win with a Fortune 500 company that was using Microsoft's legacy security products that failed to rise to the challenges of today's adversaries and ended up unnecessarily costing them millions of dollars. This company experienced a long and difficult deployment process, particularly in low bandwidth environments where endpoint performance was critical. Notably frustrated, this company began to evaluate alternatives when it was unfortunately hit by ransomware that encrypted their primary and backup data, causing weeks of business disruption and a financial impact estimated to be in the tens to hundreds of millions of dollars. This is when they turned to CrowdStrike, first by bringing in our incident response team to remediate and stabilize their IT operations, and followed by deploying Falcon Complete, across their environment. Our approach to stopping breaches with the Falcon platform is foundational to CrowdStrike's leadership position in the market and the epicenter of restoring trust to the security posture of companies worldwide. Using AI, machine learning, and an intelligent, lightweight agent, the Falcon platform defends against today's most sophisticated threats with unmatched speed and simplicity. CrowdStrike's threat graph combines a massively scalable threat intelligence database with with AI-powered analytics to detect, prevent, predict, and mitigate advanced attacks and zero-day exploits. ThreatGraph and Falcon's XDR capabilities continuously ingest massive volumes of live telemetry data from Falcon endpoints and other sources at scale. The Falcon platform processes approximately one trillion events per day from millions of agents, delivering unprecedented security insights. This empowers Falcon to benefit from crowdsourcing and economies of scale unlike any other solution on the market today, which we believe enables our AI algorithms to be uniquely effective. The success of our platform strategy and growing leadership as the trusted security partner of choice is also reflected in our module adoption metrics, which we have continued to increase quarter after quarter. Subscription customers that have adopted four or more modules, five or more modules, and six or more modules increased to 66%, 53%, and 29%, respectively, in the second quarter. We believe that our extensible Falcon platform, purpose-built to collect data once and reuse it many times to address multiple use cases, not only provides customers an advantage over adversaries, and lowers TCO, it is a cornerstone to building a durable growth business over the long term. As we innovate on the platform, customers can derive even more value from their CrowdStrike investment. Take, for example, a mid-sized healthcare organization who, despite their limited budget and security staff, was looking to bolster its security in the wake of repeated attacks against their peers. this organization initially thought they only needed to add a SIM solution, but quickly realized the implementation and maintenance would be a burden to their current security posture. Whereas with CrowdStrike Falcon Complete, Falcon Zero Trust, and Humio, they could transform their security posture, have round-the-clock monitoring, gain identity visibility and risk scoring, and implement a highly effective log management solution for less than the cost of purchasing a standalone SIM product. This customer was also amazed by Humio's speed of ingestion and ability to query data in real time, which they deemed critical given the rise in malicious cyber activity targeting the healthcare sector. Customer interest in Humio is very high as the ability to log everything and get answers in real time is a growing necessity. In Q2, we secured new Humeo deals across multiple industries, including technology, healthcare, hospitality, and financial services. Additionally, Humeo is already off to a great start in Q3 with a seven-figure land and growing pipeline. The integration of Humeo into our already market-leading XDR capabilities is on track, and we are encouraged by the growth opportunities we see in this area. We look forward to showcasing more of our leading XDR capabilities at Falcon in October. I will now highlight several of our cloud modules that are gaining exceptional traction with customers as the threat landscape has intensified. First is Falcon Complete, our turnkey managed detection and response subscription. The heightened threat environment has put a significant strain on cyber resources and has exacerbated the skills gap in the industry. Recent reports indicate that over 3 million cyber jobs are unfulfilled, which is more than double the current number of professionals currently working in the field. Falcon Complete combines the advantages of our security cloud, the technology in our Falcon platform, and a team of threat hunters and responders to deliver gold standard security around the clock at scale with superior economics to organizations of all sizes. This translates to stopping breaches that extend far beyond the prevention of malware and that leverage legitimate software or services, exploit system misconfigurations, or abuse legitimate credentials. In recent quarters, we have seen a significant increase in the Falcon Complete customer base, which has grown approximately two and a half times year over year. Additionally, just last week, Falcon Complete was named a leader in in IDC MarketScape for U.S. managed detection and response services. Within the report, Falcon Complete was recognized for strengths in its breach prevention warranty, fully remote automated remediation, breadth of threat hunting capabilities, and strong machine learning and artificial intelligence capabilities for detection and response. The next module on the Falcon platform I would like to highlight is Falcon Spotlight, which leverages the power of the cloud to provide real-time vulnerability assessment and AI to prioritize vulnerability remediation without impacting performance of the network or endpoint. Real-time vulnerability management is becoming a necessity for a proactive security posture given the continued targeting of core functionality and vulnerabilities in the Microsoft ecosystem and increase in zero-day exploits such as the recent Microsoft print nightmare vulnerability. Demonstrating the power of Falcon's network effect, we leveraged the massive amount of data and intelligence available in our security cloud in our AI model to predict that this newly discovered vulnerability would be exploited by adversaries. Using this data intelligence allowed us to provide customers with real-time visibility into their exposure. Our ability to provide real-time vulnerability management significantly differentiates CrowdStrike and its directly attributable to the fundamental architecture of our cloud native Falcon platform that enables us to collect data once and reuse many. We believe our success to date with Spotlight is an excellent illustration of our ability to leverage the CrowdStrike security cloud to stop breaches and drive module adoption. Spotlight's ability to provide visibility in real time into print nightmare exposure without deploying new agents or scanning with a significant driver of no-touch trials generated through the Krausreich store. Spotlight has also become strategic in the sales process, with the number of Spotlight customers growing more than 150% year-over-year in Q2. Next, I will briefly discuss Zero Trust. The recent Kaseya breach, which is reported to have impacted over 1,000 companies from a single breach, serves as a reminder to the far-reaching impact of a supply chain breach, and the importance of a zero trust architecture. It is also important to remember that most ransomware outbreaks have a compromised identity component. Shoring up this threat factor is critical to stopping breaches and lateral movement. Customers are increasingly turning to a zero trust solution to combat threat actors that leverage identity-based attacks and move laterally within their targeted environments. CrowdStrike has the only zero trust solution on the market today that combines endpoint, workload, and identity visibility and behavioral analytics to secure environments and prevent lateral movement. Moving to cloud. More and more organizations are waking up to the fact that adversaries do not draw much of a distinction between targeting data on an endpoint versus a cloud environment. As an innovator in cloud security and operator of one of the largest clouds, organizations are turning to CrowdStrike to protect their cloud estates. I'd like to share with you a recent customer win that demonstrates how cloud native organizations can leverage the Falcon platform to achieve best in class security that empowers their business model instead of clashing with it. A cutting edge enterprise AI platform company and a member of the Forbes Cloud 100 was experiencing stability and scaling issues when trying to use a competitor's cloud security offering that was built through M&A. As a company on a mission to reduce their own customer friction and deliver actionable intelligence, they felt it was critical that their security partner could match their speed and scale in the cloud instead of slowing them down. With these requirements in mind, this cloud innovator selected CrowdStrike for its ability to provide a fully integrated and fully managed cloud solution through a single pane of glass with a single team. This customer purchased Falcon Complete with cloud workload protection and Falcon Horizon to fully manage both their traditional endpoints and cloud workloads. This new customer found immense value in Falcon's cloud offerings across their EC2 and AWS Fargate infrastructure, making CrowdStrike the perfect partner to scale with their business. To summarize the power, breadth, and value the Falcon platform provides, and the importance of building trust with customers, I will share two more customer wins with you. The first is with a large media company that was using a legacy provider and was hit with a severe ransomware attack that quickly spiraled across their business. They called on CrowdStrike Services, who leveraged both Falcon EDR for visibility as well as our new module, Falcon Forensics, which automates the data collection and accelerates incident analysis. to help them quickly locate the root cause and take back control of their environment. Following remediation of this breach, this new CrowdStrike customer was eager to transform their security posture and adopted 11 Falcon modules, including Falcon Complete, Discover, Spotlight, Falcon X Recon, Cloud Workload Protection, and Falcon Zero Trust, to proactively secure and fully manage their workstations, cloud workloads, an identity layer, as well as provide visibility into their IT assets and vulnerabilities. Next is a customer when I spoke about earlier with one of the largest nonprofit healthcare organizations in the United States. Given this company is a nonprofit, budget really matters, but not at the expense of breach protection. This customer was looking to refresh its endpoint strategy and move away from their existing vendor, Silance, given it lacked the focus, efficacy, and the customer service they had been promised. Without a security partner they could trust to protect them, they felt vulnerable as incidents were not identified or remediated at the speed required to stay ahead of today's threat actors. The competitive bake-off initially included multiple next-gen and legacy vendors. The low-cost next-gen product was quickly eliminated because the CISO realized the overly prevention-focused approach was too similar to legacy tech. Ultimately, this customer chose CrowdStrike as their trusted security partner, given Falcon's low false positive rate, manageability at scale, ease of use, and performance that stood out prominently over all others. Additionally, our frictionless deployment was once again a key differentiator as Falcon was deployed across nearly 400,000 endpoints in just a few weeks. Moving to our partners. As we have discussed before, we are a partner-first company and believe the rapid expansion of our partner ecosystem is a direct reflection of our growing leadership position. Partners naturally gravitate to market leaders as it helps them bring in new customers. And likewise, customer choice helps propel vendor prominence within the partner community. Our leadership position is driving strong engagement with all partners of all sizes, which is contributing to our growing presence among the highest levels, including boards and CIOs. For the first half of fiscal 2022, our partner-sourced ending ARR nearly doubled year over year. Investing in our partner ecosystem continues to be a key priority. In July, we teamed up with Telefonica Tech to bring the power of the Falcon platform to their hundreds of thousands of customers across Europe and North and South America. Coupling CrowdStrike Falcon with Telefonica's NextDefense MDR offering, our joint customers now have trusted and proven NextGen endpoint protection and world-class services. We are also excited to announce a new strategic alliance with Verizon. Through this collaboration, the CrowdStrike Falcon platform will be positioned as part of Verizon's business security portfolio to provide comprehensive endpoint and workload protection that spans prevention, detection and response capabilities. Verizon Business will be able to manage CrowdStrike through their managed detection and response and CRM services, and we are thrilled to team up with them to help joint customers stop breaches and reduce cyber risk. In summary, I couldn't be more confident in our leadership position and opportunities for growth. I do not see another vendor in the market with our vision, platform, or ability to execute at scale. Our leadership as a trusted security platform of record and strong financial performance stands as a testament to CrowdStrike's dedication to innovation, protecting and delivering value to customers, and transforming the security industry. I'd like to thank every CrowdStriker for all that they do, day in and day out, to make us the best in the business. With that, I will turn the call over to Bert to discuss our financial results in more detail.
Thank you, George, and good afternoon, everyone. As a quick reminder, unless otherwise noted, all numbers except revenue mentioned during my remarks today are non-GAAP. We once again delivered exceptional results. In addition to strong growth at scale, in the second quarter, we continued to maintain very high unit economics, drive leverage, and remain very capital efficient, generating strong operating and free cash flow. Additionally, we continued to perform at a high level, well in excess of the SaaS industry's Rule of 40 benchmark, once again achieving a Rule of 80. Demand in the quarter was broad-based and well-balanced, fueled by strength in multiple areas of the business as we expand our leadership across the market from large enterprises to small businesses. We once again ended the quarter with a record pipeline, which we believe indicates a strong foundation for future growth. In the quarter, we delivered 70% ARR growth year-over-year to exceed $1.34 billion. Rapid new customer acquisition as well as expansion business within existing customers drove substantial growth in the second quarter, once again resulting in very strong net new ARR, which came in at an all-time high of $150.6 million. Our dollar-based net retention rate was once again above our benchmarks. Moving to the P&L, total revenue grew 70% over Q2 of last year to reach $337.7 million. Subscription revenue grew 71% over Q2 of last year to reach $315.8 million. Professional services revenue was $21.9 million, setting a new record for the fourth consecutive quarter and representing 49% year-over-year growth. In terms of our geographic performance in Q2, we continue to see strong growth in the U.S. as well as international markets. Revenue growth in the U.S. was 73 percent and contributed approximately 72 percent of second quarter revenue. Approximately 14 percent of revenue was derived from Europe, Middle East, and Africa markets, 10 percent from Asia Pacific, and approximately 4 percent from other markets. Second quarter non-GAAP gross margin was 76%, up more than 150 basis points from Q2 of last year. Our non-GAAP subscription gross margin was 78% and up more than 90 basis points from Q2 of last year. We continue to be pleased with our strong subscription gross margin performance. While we expect subscription gross margin to fluctuate quarter to quarter, we expect it to remain solidly within our increased target model range of 77 to 82% or more as we march to fiscal year 2025. Total non-GAAP operating expenses in the second quarter were $222.4 million, or 66% of revenue, versus $140.9 million last year, or 71% of revenue. As planned, we continued investing aggressively in our business during the quarter, including increasing investments in new technologies, international geographies, and marketing programs. We believe the investments we are making today will lead to sustained growth over the long term and maintain our pole position as the trusted security partner of choice. Scaling our business efficiently remains a top priority, which is why we intensely focus on our unit economics, including magic number. Our go-to-market engine is executing on all fronts to seize the strong demand we see in the market so we can help even more customers restore trust in their security posture. In Q2, we ended with a magic number of 1.4. Our continued exceptional unit economics speaks to the efficiency of our go-to-market engine and frictionless sales motion, which we specifically designed to rapidly onboard and support customers of all sizes. It also indicates that we should increase investments in order to capture even more of the market opportunity at hand, which is exactly what we are planning. Second quarter non-GAAP operating income was $35.3 million, and operating margin improved more than six percentage points over Q2 of last year to exceed 10%. Non-GAAP net income attributable to CrowdStrike in Q2 was $25.9 million, or 11 cents on a diluted per share basis. Our weighted average common shares used to calculate second quarter non-GAAP EPS attributable to CrowdStrike was on a diluted basis and totaled 238 million shares. We ended the second quarter with a strong balance sheet. Cash and cash equivalents increased to approximately $1.79 billion. Cash flow from operations in the second quarter was $108.5 million, and free cash flow was $73.6 million, or 22% of revenue. This brings our free cash flow as a percent of revenue to 30% for the first half of the year. Moving to our guidance. We remain optimistic about the demand for our offerings, record pipeline, and the powerful secular trends fueling our growth. Given the growth drivers of our business, as well as our exceptional second quarter performance and momentum into the third quarter, we are raising our guidance for the fiscal year 2022. While we do not specifically guide to ending or net new ARR, we expect seasonality in net new ARR to be less pronounced relative to prior years as we move from Q2 into Q3, given our steady climb at a much higher scale in recent quarters. Additionally, please recall that our net new ARR in Q3 of last year included approximately $6.8 million in acquired net new ARR. For the third quarter of FY22, We expect total revenue to be in the range of $358 to $365.3 million, reflecting a year-over-year growth rate of 54% to 57%, with subscription revenue being the dominant driver of growth. We expect non-GAAP income from operations to be in the range of $29.4 to $34.7 million, and non-GAAP net income attributable to CrowdStrike to be in the range of $19.7 to $25.0 million. We expect diluted non-GAAP net income per share attributable to CrowdStrike to be in the range of 8 to 10 cents, utilizing a weighted average share count of 240 million shares on a diluted basis. For the full fiscal year 2022, we currently expect total revenue to be in the range of $1,391.2 to $1,409.4 million, reflecting a growth rate of 59 to 61% over the prior fiscal year. Non-GAAP income from operations is expected to be between $138.5 and $152.1 million. We expect fiscal 2022 non-GAAP net income attributable to CrowdStrike to be between $102.9 and $116.5 million. Utilizing 239 million weighted average shares on a diluted basis, we expect non-GAAP net income per share attributable to CrowdStrike to be in the range of 43 to 49 cents. George and I will now take your questions.
Thank you. Again, ladies and gentlemen, if you'd like to ask a question, please press star then 1 on your touchtone telephone. In the interest of time, we do ask that you please limit yourself to one question. Thank you. Our first question comes from Saqib Khalil of Barclays Capital. Your line is open.
Hey, guys. Thanks for taking my question here. George, maybe for you, I was wondering if you could talk a little bit about the environment for big deals and what you're seeing out there. You know, I think we all see the threat environment. I think you called it fierce in your prepared remarks. You know, I'm curious how you're seeing that sort of manifest itself in bigger commitments with crowdsourcing. Does that make sense?
Sure, sure. Good to hear from you. So as you indicated and as I talked about in the prepared remarks, the threat environment, again, continues to get worse. We've seen a lot of the ransomware attacks and what it's done, and in particular it has impacted business resiliency. It's no longer the case of, encrypted computer and, you know, reimage it and carry on. It's impacting massive amounts of business and costing hundreds of millions of dollars. And I can tell you, I've done more board briefings in the last two months than I've ever have. It seems like one a week to audit committees on this topic, particularly ransomware. When you look at big deals, how does this kind of translate? When you look at these big deals, we're talking about the media company. That was 11 modules that we landed with. So big lands and some real big commitments from customers saying we want all in on your platform, we want all in on Humio, and we spent a lot of time consolidating other technologies and removing agents and driving value to customers. So the big deals, the big enterprises, the big lands continue to be there, and I think we continue to get stronger and stronger every quarter in these areas.
Got it. Very helpful. Thanks, George.
Thank you. Our next question comes from Sterling Aki of JPMorgan. Your line is open.
Yeah, thanks. Hi, guys. So since Sentinel-1 went public, I think the number one question I still get is what's happening with market share and what's the kind of competitive win rates, especially in different market segments as you look to go down market? I wonder if you could just kind of comment on what you're seeing.
Sure. Good to hear from you, Sterling. We've actually seen an increase in our win rates across the board, legacy and next-gen. Obviously, we spend a lot of time in the enterprise, but we have a very robust mid- and SMB business, and we've seen strong results across the board. There's a lot of noise, but I think you have to look at the numbers that we put up on the board. One quarter of our net new ARR is probably 94% of their total ARR, so You know, when we think about this, it's a big market. Customers have a lot of choice. And, you know, they're focused on breach prevention, not just detecting malware. And I think our platform, our ability to scale, our ability to get immediate value on rollout and manageability, these are all things that are really important to not only large enterprises, but also to the smallest SMB customers out there. So that's what we've seen so far.
Makes sense. Thank you.
Thank you. Our next question comes from Brent Thiel of Jefferies. Your line is open.
Hey, guys. This is Joe on for Brent. Really appreciate the question. Maybe if you look out of the next 18 months, can you just rank your growth drivers? Is there any low-hanging fruit still there in core endpoint, or is it going to come from XDR via Humio, or is international the opportunity? Any color there would be helpful.
I think it's across the board. We're still in the early innings. If you look at the number of customers we have, 13,000 and change, versus some of our legacy competitors that have over 100,000. I mean, still lots of customers that are out there. When you look at things like XDR and you look at Qmeo, amazing growth drivers for us. When you look at cloud, you know, we've done a lot of work on that. Last year we did a little analysis on the opportunity. We think it's really undersized from a market scape perspective, if you will, from the analyst. And then when you look at things like identity, you know, we're the only folks that have a zero trust identity module. that came from preempt. That's it. We're the only endpoint folks that have that. So that's been extremely successful for us. And when you look at the attacks, a lot of them are identity-based. And you switch that to identity being abused in the cloud and our Falcon Horizon module, which has done an amazing job. And, you know, we've seen amazing traction with that. So I think there's pockets of opportunity, broad-based across all the modules, across all the geographies. And the momentum begets momentum. You know, we really have become the go-to company in this space. And that gold standard brand reputation has served us well.
Thank you.
Thank you. Our next question comes from Rob Owens of Piper Sandler. Your line is open.
Great, and thank you for taking my question. George, to follow up there in terms of the growth drivers, could you double-click – on the XDR opportunity and whether this is the tip of the spear for customers or you're able to go back into the installed base. I guess the spirit of the question is, are you seeing clients be reactionary still at this point given the breach environments, or are they starting to get more strategic in terms of how they're deploying those security dollars? Thanks.
Yeah, I think they are becoming more strategic, and that's a lot of what we focus on. How do we consolidate? How do we become the platform of record like we have in many other companies for them? And how do we eliminate, you know, cost and complexity of what they have? When we think about XDR, it's really advanced threat detection. We've been doing that for a long time, and now you're combining that with other people's data as well. So it's fantastic. You know, that's a great growth driver. But, you know, we still have the Humio log platform, log management product as it is, right? And obviously there'd be more integration with that in our platform, but that is an amazing product that allows you to log everything all of the time and answer any question in real time. So, you know, there are kind of two different products, if you will, and between the two of them, as I mentioned, you know, we have a seven-figure land in Q3. You know, I think really we're just in the early innings. I'm so excited about that technology, and I can't wait to see how everything unfolds over the next couple of quarters.
Thank you. Our next question comes from Matt Hedberg of RBC Capital Markets. Your line is open.
Great. Thanks a lot for taking my questions, guys. George, you know, I noticed you launched Falcon Complete for GovCloud this quarter. Can you remind us of your exposure to U.S. Fed and maybe how you guys are uniquely positioned to take share in kind of the overall public sector vertical?
Sure. Well, we kind of lump state, local, federal all together. Obviously, Fed is a big focus for us. And when we think about what's happening in the current environment and some of the moves that are being made in Washington, we think our technology is uniquely suited for solving some really big problems in those areas. We've seen success in the civilian agencies. And we're all processed for IL-4 certification. We're just waiting on the government to approve that. And that allows us into other higher classified areas, if you will. So that is a, you know, a segment that takes a lot of time and effort. And, you know, government doesn't move so fast. But we've made great strides there. And really across the board, state and local as well. I mean, we've got some amazing, you know, states that are customers, many of them, and local government. So, you know, as we look at those in its totality, We've done tremendously well there, and we still think we're in the early innings.
Thank you. Our next question comes from Kyle Liani of Bank of America. Your line is open.
Hi, guys. Congrats on a great quarter. I have two questions on the market. When we discuss with... Distributors, there are two things that come up, and I want to ask you about the importance of automation, and that's specific in relation to the selling point of SentinelOne. And second, about the price difference between you two. As far as I understand, and please correct me if I'm wrong, they compete with you with a lower price solution. Is price a significant factor in the sales process? Thanks.
Sure. You know, I think if you buy into the marketing hype, that's one thing. But if you look under the covers, we have more automation by far than any other competitor, including S1. I mean, that's how we get the scale. That's why the product is easily deployed. That's why, you know, we can drive costs out of the customer base because it does it automatically. When you look at the totality of all the services, again, we're focused on stopping breaches, not just, you know, we didn't come from a malware product that we try to bolt on other pieces. We built this from the ground up. So on the pricing standpoint, you know, we sell on value and we routinely win with a higher price point because the product works. It doesn't blow up machines. It's scalable. And, you know, people are talking to other customers saying, what are you using and how is it working? And, you know, again, we're focused on stopping breaches, not just dealing with malware. And I think that serves us well. So low-cost options, I think you get what you pay for. There's a difference between a Fiero and a Ferrari. And we happen to be the Ferrari model, and that's what a lot of customers want.
Do you feel any pricing pressure in the market, or we're not yet at this stage?
You know, I mean, there's always going to be competitive deals that are out there, whether it's you know, next-gen competitors or legacy players, and you have to play each deal by year, if you will. But at the end of the day, you know, we're going to compete on value, which we have. And, you know, I can tell you there's a lot of deals we win where we're higher priced than our competitors, and I think the product is differentiated enough in true platform. You know, when you look at the technology, you know, only one with the forensic modules, only one with – the identity module. We've got, you know, an amazing growth and spotlight, you know, vulnerability, predictive vulnerability management. So when you strip out all the PowerPoint and noise, you've got to look at what really works and what are big customers focused on rolling out, and it's CrowdStrike. Got it. Thank you. Thank you. Thank you.
Our next question comes from Vaughn Essex with Goldman Sachs. Your line is open.
Yeah, good afternoon. Thank you very much. Thank you for taking the question. Maybe Bert, you know, as we see you kind of like, you know, inching down market, how do you think about the model from the perspective of, you know, giving investors comfort that you can maintain retention rates, module adoption margins? What are the difference in dynamics? And do you have a sense of, I don't know if you can quantify the mix and what you're seeing through the model?
You know, I think the first thing you got to look at is the new logos, right? So we saw acceleration in the new logos, and a lot of that is coming from down market. And so what you see in down market is you see folks that, you know, can come in quickly. We've taken out friction from the system to be able to allow onboarding to be really smooth, efficient. And then they're getting a tremendous amount of value in the down market. And, you know, certainly... when folks in the SMB space, if they choose our Falcon Complete offering, which we monitor, remediate directly for them, they see the value in terms of filling that skills gap as well. And so that talks to the retention rates that we're seeing with respect to down market. So very optimistic about our opportunities in down market. We've done really well overall, and we continue to, you know, win, you know, our unfair share in that segment.
Okay. Super helpful. Thank you.
Sure.
Our next question comes from Alex Henderson of Needham. Your line is open.
Great. Thanks. I was hoping you could talk a little bit about the average deal size in your pipeline across strata. In other words, if I look at enterprise to enterprise, mid-market to mid-market, and lower end to lower end, are your deal sizes increasing across the pipeline? And did it happen in the most recent quarter? And similarly, with all of these attacks that we've been seeing, can you talk a little bit about the other key metrics, such as time to close and the overall strength of the pipeline? Has the attack rate that caused an uptick in those three metrics. Thanks.
Thanks, Alex. So first, let me comment that, again, as I said in the prepared remarks, we've seen, you know, record momentum in the business, you know, heading into the second half. So we're excited about that. And, you know, that's an accumulation across the board in all the segments here. You know, for us, we don't give out specifics, you know, into each of those different segments. But what we can tell you is that, you know, we're landing with more modules, you know, SMB all the way up to enterprise. You know, you can refer to, you know, George's comments, you know, about that one deal that had 11 modules. And so we're seeing more and more of that. And that's also evidence as you look at the adoption rates of our modules. You know, every quarter, that we talk about adoption rates, they keep going up, you know, and I think that, you know, that's a testament to the strength of the platform. It talks to the fact that more and more customers want to buy a platform as opposed to point solutions. And, you know, soon we're going to be giving out data on, you know, no longer 456, but 567 modules, because the fourth module is going to be, you know, you know, virtually, you know, the same as, you know, the third as, you know, as in terms of adoption rates. So, you know, we're continuing to see momentum, you know, across the board, and we're seeing, you know, those adoption rates continue to tick up because of folks trying to, customers trying to, you know, buy the platform, which is all integrated and flighted for them. So that's what we're seeing, Alex.
Any comment on time to close, the length of time to close deals?
You know, I'll just comment that, you know, we generally don't talk about that, but we've talked about in the past, you know, where we've had large enterprise deals that, you know, close over a weekend. And, you know, we still see some of those. That's not obviously every case. But, you know, we're seeing, you know, customers come to us, you know, obviously more frequently by the number of logos. And, you know, some are closing really, really rapidly, you know, even, you know, seven-figure deal type of customers.
Great. Thank you.
Sure.
Thank you. Our next question comes from Kizran of Oppenheimer. Your line is open.
Thanks. Hey, guys. Great quarter. Not that growing 64% is bad in your international business on a year-over-year basis, but with it being only 28% of revenue, why is it growing still slowly than the U.S.? ? George, maybe you could talk about the international progress, your priorities there, and is there a different go-to-market approach perhaps you need in order to really unlock the opportunity internationally?
Yeah, so when we look at international growth, you know, I think you've got to look at how strong the U.S. has been. So, you know, when you look at the U.S. growth, it's been on fire for sure. And internationally, I think that's – You know, you always continue to build out your capacity there, your partner network, and that's a key piece. You know, we're just more mature in the U.S. We have more mature partners. So we continue to focus on that. I think we've had some really great international wins, some big players that are out there. And, you know, we continue to focus on, you know, the key areas and the key geographies. Bert, if you have any other comments on that piece.
Yeah, so, I mean, this goes back to the fact that we're looking to, you know, continue to invest aggressively, and international markets is one of those areas. I think we've got, you know, opportunity out there to take more share. You know, when you're comparing it to the U.S., you know, we have a high-grade problem where the U.S. is still really super strong. And as George already mentioned, you know, we're still in early innings in the number of logos and customers that we have, 13,000. You know, it's great. We're really proud of that. But it's a drop in the ocean when you compare it to some of the legacy players that have had over 100,000 customers. So we think about that opportunity internationally to be out there, and we're going to aggressively go after it. Very good. Good luck. Thanks. Thank you.
Yes. Our next question comes from Gray Powell of BTIG. Your line is open.
All right, great. Thanks for taking the question, and congratulations on the strong results. So, yeah, earlier this year, you all seemed pretty excited about the potential to gain incremental customers against Microsoft. I know you had some comments and prepared remarks, and obviously the headlines on Microsoft have not been particularly great this year in security. So, yeah, just how are you seeing that opportunity play out, and how big do you think it could be?
Sure. So obviously, Microsoft, you have to take seriously as a competitor, which we do for all competitors, and it's a big market. I think when customers are looking for that sales force of security, they're coming to CrowdStrike fully integrated, covering multiple operating systems, and again, focusing on stopping breaches. And there has been a lot of talk, again, at the audit committee around risk in a monoculture And customers are becoming more and more uncomfortable with putting their eggs in one basket. So, you know, I think we have a great opportunity there. We highlighted some of the big wins. You know, and at the end of the day, Microsoft's Microsoft. They're going to get customers. But I think, you know, with the best platform, the best technology, you know, our results speak for themselves in what we've been able to do. And customers, again, want that ease of use, ease of deployment, and just have it work. Got it.
That's really helpful. Thank you.
Thank you. Our next question comes from Greg Moskowitz of Mizuho. Your line is open.
Okay. Thank you for taking the question, and very good quarter. I had a follow-up on Falcon Complete, which I think you mentioned has a customer base up 2.5x in recent quarters. And, you know, similarly, we're hearing that demand has really been spiking for the solution over the past few months, including among larger organizations. And so, you know, with that in mind, can you talk about your expectations for adoption of Complete going forward across both large enterprises and governments?
Sure. It's a great question. When we originally built Complete, we thought it would be built for that mid-market customer that maybe had one security person or none or a half. The reality is we're selling it to the smallest SMBs all the way up to the largest enterprises. One of our largest enterprise customers is a Falcon Complete customer because the economics are so good for them. When you look at Again, getting back to automation, the automation we've built in is second to none in how we operate this service. When you look at that, we can really drive the cost out for our customers and provide a very high-touch engagement with them, which is what they're looking for. Again, stopping breaches, being able to identify threats very quickly and remediate them very quickly outside of any of the other automation that we have. So that level of engagement is something that truly differentiates us. And when you even think about you know, this sort of market, you know, it's a little bit more than MDR, but we were doing this before MDR was even coined a term. So we have a lot of experience here that pales in comparison to our competitors. Terrific. Thank you.
Thank you. Our next question comes from Mike Walkley of Canaccord Genuity. Your line is open.
Great. Thanks. Congratulations on the net new customer's I was wondering if you could share roughly the number of modules on average a new customer chooses today versus a year ago, and also how is the percent of multi-year deals improving as shown by the strong RPO metrics?
Thanks, Mike. Good question. So, you know, we don't give out the specific numbers, you know, how many, you know, modules each customer gives, but we do give out the percentage of customers with four or five and six plus modules, which are respectively 66, 53, and 29. And that's been increasing quarter over quarter. And so that just talks to the testament of our ability to continue to sell the platform. And we are focused on continuing to build out the platform and to give customers more and more choice in terms of what they have available to them. And at the end of the day, George has talked many times about, hey, we're going to make this thing seamless for you to deploy and at the end of the day, easy to manage. And when you combine those things, it just makes it easier for customers to adopt. And so going back to our earlier comments about you know, the ability to, um, you know, to, to scale and the ability to, you know, drive a customer adoption, it all comes back to, you know, making it easy for the customer. And we're, we're, we're, we're very focused, uh, in that, in that, in that, in that area. And, and that's part of our core and part of our DNA. And we'll never going to take our eye off that just that, you know, similar to that, we're never going to take our eye off of efficiency, right? Unit economics matters. However, we do know that we've got this opportunity in front of us to be able to go after more market share, and we're going to invest, you know, in that area to be able to go after more and more, you know, new logos, you know, as we continue our journey.
Great. Thank you. Thank you. Our next question comes from Ed of JMP.
Yeah, thanks for taking the question, and congrats on a good quarter. I was curious about the CrowdStrike store. They've been adding partners since the IPO, certainly. I was wondering, can you try to quantify or give us some context in terms of what revenue opportunity that is? And then also, I think Rapid7 and Simplify were a couple of partners you highlighted earlier. Can you talk a little bit about where your organic capabilities end and where they pick up, you know, with the QMEO technology with Simplify and the spotlight with Rapid7?
Sure. So from a partner store perspective, it's, I think, been very well received by customers and They love the integration. And again, part of the strategy that we have with a single agent, a single data store with ThreadGraph, and what I would call beachfront real estate is customers don't want more agents. They want less. And they trust our agent. It's there. They know it's performance and it works. So the whole idea, again, is how do we leverage that architecture, almost agent as a service, if you will, for other partners. So That includes data integration, being able to interact with our agents, things of that nature. We've done that for, you know, many other partners that are out there, and it's really based on customer demand. Do they have other technologies that they're using they want to integrate? And some of the names you mentioned, you know, fall into that area. When we think about Spotlight and its capabilities, you know, we are replacing a lot of other agent-based VM technology that's out there. And, again, remember, we don't do the network scanning piece. We think that's a bit commoditized. And what customers are looking for, and we highlighted this with the nightmare vulnerability that Microsoft had, is they want push-button results instantly, which we give them. And now, using AI, we can actually prioritize what vulnerabilities are most likely to be exploited, which really helps the IT ops team. So we've got tremendous capabilities in those areas. And Qmeo is, you know, again, has just been a shining star for us. There hasn't been a customer or a prospect I talked to that haven't been, you know, extremely impressed with the capabilities there. So we'll be leveraging that as, uh, you know, part of the integrations for the store. And I think, you know, we're still in the early innings there. And, uh, you know, that can be a, any, and, you know, out years, a big driver of, of revenue for us. But right now it's very strategic and make sure our customers are happy.
Thank you.
Thank you. Our next question comes from Patrick Colville of Deutsche Benz. Your line is open.
Thank you for taking my question. I guess my question is about, um, AV, you know, one of the things we get a lot of incoming on is how far through that AV displacement are we, you know, in kind of mid-2021? You know, would you say that based on the kind of conversations you're having with customers and potential customers that are kind of in the late innings of that process, or is there still kind of a lot to go in the early innings? I mean, that would be helpful. Thank you.
Sure. I still think we're in the early innings. Again, if you look at our customer count versus a MACV or Symantec or a Trend, it's, again, impressive for a younger company, but still pales in comparison to all the customers that they have. So it's an ongoing effort. It's a multi-year effort. Lots of tailwinds there for us. And that's in the enterprise. And when you get down into the S&B, the mid-market, you've got a ton of other players that are out there, too many to mention here. So that's always going to be an ongoing opportunity for us. And in my opinion, still very early on, very early innings. And I know that from the big deals that we're doing and, you know, the maxing, the semantic replacements, I mean, it just happens every quarter, kind of like clockwork.
And can I, can I just tag on? I mean, when, you know, when do you think we'll get to the late earnings of that displacement? Is it like, I don't want to kind of put you on the spot and give forward guidance, but is it like anytime soon or is it quite far out?
Personally, I think it's far out because, you know, you have to look at the renewal cycles for many of these customers, right? It could be a year, two years, or three years, and it's always ongoing. And, you know, I would look at the customer count, compare that to other players that are out there, and that would give you a good idea of where we are versus, you know, what's available to us. Thanks so much.
Thank you. And this does conclude the formal part of the conference call. I'm going to turn the call back over to George Kurtz for closing remarks.
Great. I want to thank all of you for your time today. We certainly appreciate your interest and look forward to seeing you virtually at our upcoming investor events. Thank you. Be safe and have a great day.
Thank you. Ladies and gentlemen, this does conclude today's conference. Thank you all for participating and have a great day. You may all disconnect.