This conference call transcript was computer generated and almost certianly contains errors. This transcript is provided for information purposes only.EarningsCall, LLC makes no representation about the accuracy of the aforementioned transcript, and you are cautioned not to place undue reliance on the information provided by the transcript.
spk09: Good afternoon, and thank you for your participation today. With me on the call are George Kurtz, President and Chief Executive Officer and co-founder of CrowdStrike, and Bert Podbear, Chief Financial Officer. Before we get started, I would like to note that certain statements made during this conference call that are not historical facts, including those regarding our future plans, objectives, growth, and expected performance, including our outlook for the first quarter and fiscal year 2023, are forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. These forward-looking statements represent our outlook only as to the date of this call. While we believe any forward-looking statements we make are reasonable, actual results could differ materially because the statements are based on current expectations and are subject to risks and uncertainties. We do not undertake and expressly disclaim any obligation to update or alter our forward-looking statements, whether as a result of new information, future events, or otherwise. Further information on these and other factors that could affect the company's financial results is included in the filings we make with the SEC from time to time including the section titled Risk Factors in the company's quarterly and annual reports. Additionally, unless otherwise stated, excluding revenue, all financial measures discussed on this call will be non-GAAP. A discussion of why we use non-GAAP financial measures and a reconciliation schedule showing GAAP versus non-GAAP results is currently available in our press release, which may be found on our Investor Relations website, at ir.crowdtrack.com or on our Form 8K filed with the SEC today. With that, I will now turn the call over to George to begin.
spk05: Thank you, Maria, and thank you all for joining us. Before we get started, I would like to acknowledge the war in Ukraine. Our deepest thoughts and support are with all of those impacted by this tragedy, as we are reminded of the terrible human toll that military conflict brings. We are hoping for peace in Ukraine and the broader region. Turning to our financial results, I will start today's call by summarizing four key points. First, CrowdTrack delivered an exceptional fourth quarter that far exceeded our expectations. This quarter's results are headlined by an acceleration in net new ARR growth for the second consecutive quarter to reach $217 million. record 19% non-GAAP operating margin, and record free cash flow of $127 million or approximately $197 million when excluding the IP transfer tax payment related to the acquisition of Humeo. Second, our success outside of traditional endpoint security is now punctuated by both scale and hypergrowth as we surpass the $150 million ARR milestone while growing in excess of 100% year over year for our IT hygiene, vulnerability management, identity protection, and log management modules collectively. Third, we exit the year with tremendous momentum for ARR derived from Falcon deployments in the public cloud, where ARR eclipsed the $100 million milestone and grew 20% quarter on quarter as we lead the effort to transform security for the public cloud. And fourth, as you can see from our outstanding results, our growth engine is executing on all cylinders, which includes our thriving partner ecosystem. One partner I'd like to highlight is AWS. In fiscal 2022, ending ARR transacted through the AWS marketplace grew more than 100% year over year. Furthermore, CrowdStrike ended the year as one of the top ISV partners by transaction volume on the AWS marketplace with partner source deals growing strongly throughout the year. We believe this speaks to the success of our partnership with the world's largest public cloud provider and highlights the value we can provide to both partners and customers alike. Now let's discuss our results in more detail. Net new ARR growth accelerated for the second quarter in a row to reach $217 million, and for the first time in company history surpassed the $200 million milestone. Demand was driven by expansion in the core endpoint market, as well as a record quarter for cloud, identity protection, and Humeo. Growth was also fueled by rapid customer expansion among companies of all sizes, from large enterprises to small businesses. we added over 1,600 subscription customers for the third consecutive quarter, bringing the total number of customers that rely on CrowdStrike to protect their business to 16,325, a 65% increase year over year. Demand in the quarter was broad-based and new wins included, sizable deals with multiple top global financial services organizations, a record number of new Falcon Complete customers, including Fortune 500 and multinational companies across the technology, media, telecommunications, education, and government sectors, among many others. Record lands for our Cloud Workload Protection Module and Horizon, our agentless cloud security posture management module, including wins at a large US insurance provider, a Fortune 250 software company, and a Fortune 50 energy company. We achieved another record quarter for our identity protection modules, which significantly differentiate Falcon in the field and continue to lead to higher win rates. Key wins included a global leader in customer experience management, a global financial services company, public sector agencies, and multiple wins in the Fortune 500. Q4 was also another record quarter for Humio, with wins across multiple verticals such as retail, financial services, manufacturing, technology, and transportation. Our success with Umeo this quarter included securing a seven-figure deal with a financial services customer whose existing log management solutions had become budget prohibitive given the exponential growth of data being captured by their DevOps teams. And lastly, we are thrilled to announce that CloudFlare, a trusted CrowdStrike technology partner on a mission to build a better Internet, became a new customer in the quarter, adopting both Falcon Complete and Horizon. We look forward to deepening our natural partnership and identifying even more opportunities to work together. Among these many fantastic recent wins, let me take a moment to share some additional details about the expansion with a Fortune 50 financial institution that I think exemplifies our technology advantage in action and why scalability and trust matter. Mid-year, this particular customer had chosen CrowdStrike to protect its traditional endpoints and displace the legacy incumbent. At approximately the same time, for relationship reasons, this organization had chosen a next-gen competitor to protect a server environment But after six months, they were still struggling to deploy the other vendor's product in its server environment. They were plagued by forced reboots, significant memory usage, and unmet product roadmap promises. While they struggled to get their service protected, Falcon was fully deployed across their hundreds of thousands of endpoints in a matter of weeks without requiring a reboot. Side by side, we showcased our differentiation on a broad scale, in a real production environment. This customer was able to see the rich telemetry Falcon provided in real time and the power of our security cloud, all resulting in better efficacy. This customer terminated the other vendor's contract and is now deploying Falcon to protect their servers globally. This is just one of many customer stories that demonstrate the fundamental reason why we have earned our leadership with increased win rates and record displacements efficacy, scalability, manageability, real-time versus batch mode, and importantly, our ability to consolidate agents while solving a growing number of real-world business problems. Q4 was also a record quarter for our partner ecosystem. In total, for fiscal year 2022, we gained significant leverage from our partner ecosystem. During the year, partner stores and the ARR grew 83% year-over-year, with our MSSP business growing more than 200%. Our architecture is fundamentally different from any other vendor we see in the market. While our technology advantages are vast, it all starts with how we designed the platform from the beginning with smart filtering capabilities on the agent, which gives us the ability to dynamically adjust our aperture to stream rich telemetry to the cloud in real time. We believe these foundational architectural elements have created a high barrier to entry while competitors operate in batch mode and struggle with storing data on the endpoint. We continue to extend our technology leadership across the entire platform. As we announced yesterday, Humio sets the standards for streaming index-free data ingestion and reached a new benchmark of over one petabyte of data ingestion per day. CrowdStrike will continue to leverage the speed and scale of the Humio engine to extend our position in the XDR space. You have heard me say that CrowdStrike is more than just an endpoint provider. The success of our platform strategy is reflected in the hypergrowth we are deriving from many of our modules, as well as our strong module adoption metrics, which have consistently increased quarter after quarter. In Q4, subscription customers with four or more, five or more, and six or more modules increased to 69%, 57%, and 34% respectively. As both new and existing customers increasingly trust Falcon to solve security challenges outside of core endpoints, we have multiple product areas contributing significantly to ARR growth. We are seeing tremendous growth from our emerging products that solve use cases outside of traditional endpoint protection. This includes our Discover, Spotlight, and Identity Protection modules, as well as Umeo. ARR for this group grew more than 100% over last year, contributing $157 million to FY 2022 ending ARR. These modules are significant road drivers for our overall business, with ending ARR for these modules growing 30% quarter over quarter and representing approximately 17% of our Q4 net new ARR collectively. Our success to date in these adjacent areas speaks to the extensibility of our platform outside of core next-gen AV and EDR, the data we collect, and our ability to make meaningful inroads in accessing new TAMs. Changing from a module perspective to a deployment environment view, our public cloud business surpassed the $100 million milestone in Q4 to reach $106 million in ending ARR. This milestone encompasses our modules deployed in the public cloud, including our cloud runtime protection and CSPM modules. We have seen tremendous momentum in this business as we exit the year. Ending ARR growth for our business when viewed through a cloud deployment lens outpaced the growth of our overall business, growing 20% quarter over quarter and represented approximately 8% of our Q4 net new ARR. Cloud workloads are increasingly targeted by adversaries and are largely underprotected, representing a significant growth opportunity in FY23 and beyond. Moving to the market dynamics, there are powerful tailwinds driving our markets, and we do not currently see any indication that these trends will abate anytime soon. The adversaries are certainly not slowing down, actually quite the opposite. As we published in our most recent global threat report, 2021 provided no rest for the weary with an 82% increase in ransomware-related data leaks. As the nation-state events of the past few weeks have demonstrated, cyberspace is center stage, joining land, air, sea, and space as the fifth dimension of warfare. There are no borders in cyberspace, and the cyber blast radius has no bounds. putting every organization and government at risk, as attacks can extend far beyond their intended targets, as we saw with NotPetya. Last year, 62% of attacks we observed were malwareless, with most of these involving compromised identities. We expect that both e-criminals and nation-state adversaries alike will continue to exploit vulnerabilities across endpoints and cloud environments and ramp up tradecraft around the use of identity and stolen credentials to bypass legacy defenses. In addition to advancing adversary tactics in a heightened threat environment, organizations must contend with the ongoing security skills gap, which we have seen drive increased demand for our Falcon Complete offering. To help companies combat the increasing threat of compromised identities, last week we launched Falcon Identity Threat Protection Complete, the industry's first managed identity solution, and a new way to help customers scale their security teams to protect against sophisticated attacks and stop breaches. Additionally, the attack surface is expanding rapidly, and the digital supply chain is ever-growing as organizations embrace digital transformation and move more workloads to the cloud. We believe our TAM continues to expand, and all of these factors will lead to sustained market growth for the foreseeable future. We also continue to see a very favorable competitive environment and multi-year runway to displacing legacy endpoint vendors, which is bolstering our growth as companies look to transform their security stack. Before I hand it over to Bert, I will provide some final thoughts on the big picture of what we see unfolding. As I shared with you in my opening comments, in addition to our growing leadership in the EPP market, We now have multiple vectors driving our growth and scale that are outside what some might consider our core. We have been very deliberate and purposeful in choosing to enter markets. Enterprise risk is coalescing around three critical areas, endpoints or workloads, identity and data, all three areas we have been investing, innovating, and see as core to CrowdStrike's mission. These areas represent the biggest risk for organizations. and customers are increasingly looking to the Falcon platform to solve their most pressing security needs as legacy products in these markets are brittle, complicated, and struggle to deliver value to the customer. Given our footprint on the endpoint or workload, the data we collect, and the advantages our architecture and security cloud afford, we see great alignment and great opportunity in our approach to solving a multitude of problems for customers as we innovate, and disrupt in these emergent categories such as log management, SIM, and observability, which is reflected in our growing strength in these newer markets as well as endpoint protection. In closing, I would like to thank every CrowdStriker around the world for their tireless dedication to protecting our customers, which ultimately translates to the financial success of our company. I'm humbled and inspired by the commitment level of execution, and hard work CrowdStrikers exemplify on a daily basis. They are the everyday champions that make results like the fourth quarter possible. Thank you. With that, I will turn the call over to Bert to discuss our financial results in more detail.
spk06: Thank you, George, and good afternoon, everyone. As a quick reminder, unless otherwise noted, all numbers except revenue mentioned during my remarks today are non-GAAP. Before we get started, I will note that the results we are reporting today include the acquisition of Secure Circle, which was de minimis to both revenue and ARR, contributing less than $1 million in Q4 ARR. The acquisition of Secure Circle resulted in the addition of 26 net new customers in the quarter. We once again delivered exceptional results to top off a phenomenal year. We finished the year with over $1.73 billion in ending ARR. And in fiscal year 2022, we delivered 65% ARR growth, 66% total revenue growth, 215% operating income growth, 157% net income growth, and record free cash flow of $442 million, or 30% of revenue. This is the second year in a row CrowdStrike delivered 30% or better free cash flow margin, which is in line with our target model. Importantly, we accomplished these results while also aggressively investing in the business and expanding our remarkable team by 46%. We believe our strong performance highlights that in addition to our clear and defined mission and our cloud-native architecture, our business fundamentals possess the hallmark characteristics that have transformed and come to dominate their respective markets, including rapid growth at an ever-increasing scale, best-in-class gross retention rates, enduring market dynamics and a growing leadership position, as well as a highly leverageable model with the ability to deliver phenomenal free cash flow. As we continue to capitalize on our unique market position, I firmly believe CrowdStrike's best days are ahead. Now, moving to the fourth quarter. Net new ARR growth accelerated for the second consecutive quarter. Demand in the quarter was broad-based, fueled by strength in multiple areas of the business and reflects continued strong customer adoption of our core products, growing success with our newer product initiatives, including identity protection, log management and cloud, record expansion business, and continued rapid new customer acquisition. Net New ARR grew 52% to reach a new all-time high of $216.9 million. The composition of Net New ARR was very well balanced across deal size, even though two large accounts contributed approximately eight figures each to Net New ARR this quarter. We believe this represents our continued leadership in the enterprise segment, expanding deal sizes, and the pricing leverage attributable to our distinct product differentiation. Our dollar-based net retention rate was once again above our benchmark. We continue to be very pleased with the success of our land and expand strategy. Our gross retention rate remains high and best in class at 98.1% at year end. Our dollar-based net retention rate was above the 120% benchmark throughout the year. Net retention was 123.9% as of the end of FY22, which is essentially a similar level to last year, but on a much bigger base. For the interim FY22 quarters, net retention was 121.8% in Q3, 120.4% in Q2, and 123.4% in Q1. Our professional services organization is a strong lead generation engine for the Falcon platform. Among organizations who first become a customer after February 1st, 2020, for each $1 spent by those customers on their initial engagement for our incident response or proactive services, as of January 31st, 2022, we derived an average of $5.71 in ARR from those subscription contracts up from $5.51 reported last year. Moving to the P&L, total revenue grew 63% over Q4 of last year to reach $431.0 million. Subscription revenue grew 66% over Q4 of last year to reach $405.4 million. Professional services revenue was $25.6 million, setting a new record for the sixth consecutive quarter and representing 26% year-over-year growth. Fourth quarter total and subscription non-GAAP gross margins remained relatively consistent at 77% and 79% respectively. We continue to be pleased with our strong subscription gross margin performance as we continue to invest for growing demand. Total non-GAAP operating expenses in the fourth quarter were approximately $250.8 million or 58% of revenue versus $170.3 million last year, or 64% of revenue. In Q4, we ended with a magic number of 1.3 as we continue to ramp investments to capture more of the market opportunity at hand and expand globally. Our continued exceptional unit economics speaks to the efficiency of our go-to-market engine and our ability to rapidly onboard and support customers of all sizes. We also believe that a magic number of 1.3 continues to indicate that we should increase investments even more, given the massive market opportunity. The leverage we generated this year demonstrates the efficiency in our model and enables us to step up investments in new technologies, new international geographies, and other marketing programs, as well as continue to hire aggressively. We believe the investments we are making today will lead to sustained growth over the long term and maintain our pole position as the trusted security partner of choice. Fourth quarter non-GAAP operating income more than doubled, growing 134% year over year to reach a record $80.4 million, and operating margin improved approximately six percentage points over Q4 of last year to reach 19%. Non-GAAP net income attributable to CrowdStrike in Q4 also more than doubled, growing to a record $70.4 million, or 30 cents on a diluted per share basis. Our weighted average common shares used to calculate fourth quarter non-GAAP EPS attributable to CrowdStrike was on a diluted basis and totaled approximately 238 million shares. We ended the fourth quarter with a strong balance sheet. Cash and cash equivalents increased to approximately $2 billion and reflects the $61 million cash payment net of cash acquired for the acquisition of Secure Circle and the approximately $70 million cash payment for IP transfer tax related to the acquisition of Humio. Cash flow from operations in the fourth quarter was a record $159.7 million and free cash flow grew to a new record of $127.3 million or 30% of revenue. Excluding the approximately $70 million IP transfer tax payment related to the acquisition of Humio, free cash flow would have been approximately $197 million, or 46% of revenue for Q4, and $512 million, or 35% of revenue for the fiscal year. Before we move to guidance, I'd like to cover a few modeling notes. First, I would like to note that we have entered the quarter with the strongest pipeline ever for a Q1. While we do not specifically guide to ending or net new ARR, given the incredible performance of Q4, which included two accounts that contributed approximately eight figures each to net new ARR, I'd like to provide a framework for how to think about net new ARR for Q1. As you may recall, last year we significantly overperformed in Q1, and it was not indicative of typical season health. Consistent with years prior to that, 11% to 13% sequential seasonality was more typical for net new ARR, which we would expect this Q1 after adjusting for the two large contributors in Q4, and this is implied in our revenue guidance. Second, as we continue to invest for future growth and scale and invest to remain ahead of any potential supply chain delays, We expect capital expenditures as a percent of revenue to be between 10 and 12 percent in fiscal year 2023. We anticipate these investments will be more weighted to the first half of the year than the second. At the same time, we are planning to maintain free cash flow margin at 30 percent of revenue for the year, weighted more towards the second half. Moving to our guidance. We are starting the new year with a robust pipeline, and we remain optimistic about the demand for our offerings and the powerful secular trends fueling our growth. For the first quarter of FY23, we expect total revenue to be in the range of $458.9 to $465.4 million, reflecting a year-over-year growth rate of 52% to 54%, with subscription revenue being the dominant driver of growth. We expect non-GAAP income from operations to be in the range of $61.7 to $66.4 million, and non-GAAP net income attributable to CrowdStrike to be in the range of $52 to $56.7 million. We expect diluted non-GAAP net income per share attributable to CrowdStrike to be in the range of 22 to 24 cents, utilizing a weighted average share count of 240 million shares on a diluted basis. For the full fiscal year 2023, we currently expect total revenue to be in the range of $2,133.1 to $2,163.2 million, reflecting a growth rate of 47 to 49 percent over the prior fiscal year. Non-GAAP income from operations is expected to be between $289.2 and $311.8 million. We expect fiscal 2023 non-GAAP net income attributable to CrowdStrike to be between $251.1 and $273.6 million. Utilizing 243 million weighted average shares on a diluted basis, we expect non-GAAP net income per share attributable to CrowdStrike to be in the range of $1.03 to $1.13. We look forward to sharing additional details about our business on our next investor webinar scheduled for April 7th. George and I will now take your questions.
spk16: Thank you. Again, ladies and gentlemen, if you'd like to ask a question, please press star then one on your touchtone telephone. Again, to ask a question, please press star then one. We do ask that you please limit yourself to one question, and then you may rejoin the queue. Our first question comes from Sakit Khalil of Barclays. Your line is open.
spk07: Okay, great. Hey, guys, thanks for taking my question here. Maybe for you, George, first of all, a lot of nice, helpful disclosure on some of the non-endpoint products. Maybe if we could just zero in on one. I was wondering if you could talk a little bit more about preempt. It feels like it's been a module that's been gaining traction over the last couple quarters. Can you just talk a little bit about how you feel like it differentiates from your competition and also how it might contribute to deal sizes.
spk05: Sure. Thanks, Saket. When you look at our identity zero trust module, which came from the preempt acquisitions, now been integrated into the platform, which makes it seamless, it's obviously been a standout for us because when we think about the threat environment, we've seen many of these breaches abuse identity, abuse directory services, And there's a massive compliance issue in just understanding all of these accounts, where they live and who has access to privileged accounts. So this is a highly differentiated module. Our competitors really don't have anything that's close to this. The way it works, the AI algorithms that we have built around it that we've got from the preempt team and the expertise that we have in this area. So it certainly is a big way for us to help differentiate the platform among many others. And it has been an absolute standout for us. And I think we've taken the time and effort to do the integration right, which is an important part of the way CrowdStrike looks at its platform. Thank you.
spk16: Thank you. Our next question comes from Sterling Addy of JP Morning. Your line is open.
spk03: Yeah, thanks. Hi, guys. I wanted to zero in on the cloud security issue. um, opportunity that you talked about. And what I'm curious about is when you go in and sell, what does that security stack look like in the cloud and what percentage of the wallet do you think you can capture versus the kind of capture rate that you get on prem with endpoint?
spk05: Sure. Um, thanks Sterling. When we look at the cloud, um, business, and I think we put some good disclosures around our penetration there. To us, it's still a greenfield opportunity, and the beauty of our platform is that we cover two very important areas. One is runtime protection, and the second one is cloud security posture management. There are companies that have one or the other. We actually have both, and they're integrated across our Falcon control plane. which makes it very effective. We also have the ability to identify indicators of attack, which is much different than just misconfiguration. So when you combine those together and you think about containers and Kubernetes clusters, the configuration, whether they have vulnerabilities, whether it's just traditional virtualization and everything in between, we're covering a big part of the overall security stack of what people are looking for in that runtime protection visibility. So we still feel it's in the early innings. We've got great technology in both the agent side, if you will, and some of it is agentless with cloud security posture management. But we make it very easy and effective for the DevOps teams, that's who we're selling to in these areas and we've gotten pretty good at it, to be able to implement this as part of the CICV pipeline. Understood. Thank you.
spk16: Thank you. Our next question comes from Andrew Nowacki of Wells Fargo. Your line is open.
spk04: Andrew Nowacki Thank you. Congrats on another amazing quarter, guys. So, in our last reseller survey, CrowdStrike had the top results, and I'm wondering if you're seeing any sort of inflection with resellers and channel partners. And similarly, I'm wondering if that CISA deal last quarter has maybe created an inflection within the U.S. federal market.
spk05: Sure. So thanks. When you think about our partner opportunities and CrowdStrike, first, we're a partner-first company. That's the way I built it. We haven't wavered from that. And there's many areas of partnering, everything from traditional resellers to managed service providers to cloud providers and hyperscalers like AWS that I talked about earlier. So Why have we been successful there? Well, we've taken the right approach to not compete with partners, to augment what they're trying to do. And what we've seen in the managed service world is that the managed service providers are looking for the best endpoint platform that they can plug in and offer other services. I think we've figured out a way to complement the services that they have in those areas, and it's been very effective. And, of course, customers want our technology, so They're clamoring to these partners to work with us. So we will continue to do that, and I think we've put some great proof points out on our success in managed service in the cloud providers as well as traditional resellers. When we think about CISA, it's a fantastic validation for us in the federal government. I've spent time in Washington. I was just there recently. And there's a lot of excitement about our technology finally being able to be deployed there. As you know, you have to go through a lot of different compliance and accreditations to get to sell in the federal government and work through those. We continue to work through those at different levels. And it opens up a massive opportunity for us that, you know, we've seen a big pull from customers' interest in that particular technology. vertical because of the aging technologies that they've been saddled with in the past. So more to come on that, but very excited about the opportunity today and in the future.
spk16: Thank you. Our next question comes from Joel Fishbein of Truist. Your line is open.
spk14: Hey, thank you, and congrats on a fantastic execution. I have a quick question for George and a follow-up for Bert if I could. George, You just GA'd Falcon XDR module. I think there's a lot of noise in the space. Can you talk about Falcon XDR and how it's different than the other products that are out there and why it's important going forward?
spk05: Sure. When we think about XDR, it's more than just the marketing acronym. And what we've seen in the past is that organizations of all shapes and sizes, security companies have tried to just slap XDR on products. what they have that's legacy. And we don't think that's the right approach. We think you have to start with the best EDR in the market, and then you extend that. We believe our EDR is the best. It's been validated many times over in different places. And what we've been able to do is to leverage the very powerful, fast, and efficient streaming engine of Humio. We just talked about the petabyte benchmarks. To be able to combine that with our threat graph, apply AI on top of it, to get the best threat detection outcome and response leveraging our fusion technology. So we're still in the early days. Obviously, we just launched it. We're working with a lot of customers. We're adding more integrations around that. But we're really excited about that, and we believe that's really a technology that will subsume the SIEM market, and we think we're in a perfect pole position to be able to capture it.
spk16: Thank you. Our next question comes from Brent Thiel of Jefferies. Your line is open.
spk17: Hey, guys. You have Joe on for Brent. Thanks for the question, and really appreciate the additional disclosures. Bert, unreal results and fantastic opening guide for revenue for fiscal 23. Maybe just walk us through the methodology, and has anything changed with how you would typically give an opening guidance? And then maybe to what extent do we expect a mixed shift of revenue outside of core endpoint, and what were the inflationary impacts to revenue and OPEX for fiscal 23? Thanks.
spk06: Thanks for that. So in terms of our methodology, nothing's really changed. We guide to what we see. We do not guide to running the tables. So absolutely no change there. I think that the question about going and capturing some of the additional markets outside of core endpoint, I think we've given some good disclosures about some of our momentum. We don't see any of that momentum fading. and we are excited about both core and some of our emerging products. And so when we think about it and when we look at our pipeline and we look at the opportunities in front of us, we get really excited about both opportunities. And then you drill down even a little further and we get excited about being able to sell both those opportunities to both the largest enterprise companies in the world all the way down to some of the smallest. So that's how we think about it.
spk16: Thank you. Our next question comes from Matt Hedberg of RBC Capital Markets. Your line is open.
spk08: Great. Thanks for taking my question, guys. Congrats. Lots of things to talk about here. I guess, Bert, for you, one of the things that really stood out to me was when we look at ending the RR per subscription customer, you know, that had declined sequentially for many quarters. In Q3, it was kind of flattish, maybe up a little bit. But Q4, according to my math, it was up about 3% sequentially. really, really strong. I think, to me, that speaks to your cross-sell ability. I'm wondering, when you think about the guide for next year, you know, what are some of the assumptions around ending ARR per subscription customer? Should that continue this kind of upward sequential trajectory at this point?
spk06: Hey, Matt. So, we really don't look at it that way, to be fair with you, because when you think about net new ARR, it could come from anywhere. It could come from new logos. It could come from, you know, our existing base. Our focus, as you know, has been and always will be NetNew ARR, wherever it comes from. So when we think about looking out into this year, we're doing the same thing from a compensation perspective with our sales team as we have done last year, meaning we're going to pay our sales team the same whether they bring in a NetNew logo or whether they bring it from an existing customer. So we pay on NetNew ARR. We don't care where it comes from. The great news is, of course, is that we have tremendous amount of headroom in both, right? Our expanding base really helps in terms of cross-sell for sure, but we still have a tremendous amount of headroom in terms of being able to go after new logos. And that's kind of a great position to be in. And it really talks to the fact that we think about CrowdStrike in the early innings of our journey with a lot of headroom to go. So hopefully that makes sense to you.
spk16: Thank you. Our next question comes from Taliani of Bank of America. Your line is open.
spk02: Hi, guys. Great quarter. I want to ask about competition. And you have now – the last count I have is 24 modules. How is the landscape of competitors? How is it changing with the additional modules? And can you talk about the acceptance rates? Normally, you give out kind of how many – how many, what percentage of customers have, subscription customers have more than four, five, and six modules? And I didn't hear it this quarter, maybe I just didn't hear it. So can you give an update on the acceptance rates of your modules and speak a little bit about the take rate of the new modules and where do you see, kind of, how do you see it ramping versus historical trends, et cetera? Thanks.
spk05: Yeah, thanks. So George here. You know, when we look at the competition, I think this quarter we put a punctuation mark on the competitive point. When you see the growth, you see the cross-sell, you know, you see some of the modules outside of just the core. We've never seen a better competitive environment for us. We're entering the quarter with the largest pipeline. We've got lots of replacements in the legacy world, lots of replacements in the next-gen world and truly differentiated platform with our modules. We have 22, just to be clear. And when you look at what we put together in the endpoint and workload protection visibility space, combined with identity, which is very unique to us that others don't have, combine that with data now, with Secure Circle, you know, it's a true platform that customers are looking to buy and understand that they can consolidate agents, reduce costs, and get much better outcomes. And then you combine our world-class offerings like Falcon Complete and Overwatch on top of it, and it certainly is a winning combination. So full steam ahead from us on the competitive side, and we continue to out-innovate and build what we believe is the best platform in the industry. Bert, I'll let you take the module take rates.
spk06: Sure. I'll give them out again because we're very proud of them. So the percentage of customers with four or more modules is 69%. five or more modules is 57%, six or more modules is 34%, all of which are increases over last quarter.
spk16: Thank you. Our next question comes from Alex Henderson of Needham. Your line is open.
spk15: Thank you very much. I've actually got a clarification and a question. The first one is a clarification. I mean, you talk about a record pipeline that's kind of a throwaway considering your growth rate. I mean, you're growing so fast, you have to have a record pipeline to keep the growth going. So I was wondering if you were to look at your pipeline relative to forward expected net new ARR, whether the ratio of your pipeline to the forward ARR is, in fact, a record as well. And then the question I have for you is really actually on a smaller piece of your business, but I think a very important one. which is the services business, which obviously did very well with the increase in revenue upsell. With Mandiant having been bought out here or announced to be bought out, they have been obviously one of the more successful companies in targeting events and coping with them. Does that open up a runway for you? It's my understanding that Google is planning on using that predominantly for internal products as opposed to what Band-Aid has done in the past. So does that open up a new opportunity for you to expand that further and become the preeminent, not that you're not already, but even more of a preeminent player in those securities so you can get that upsell?
spk06: Hey, Alex, it's Bert. Thanks for your questions. I'll take the first clarification point and then I'll toss it to George to talk about the Madden acquisition. So what we came out and said is that obviously that our pipe going into the year is the greatest pipe we've ever seen in company history. I think I'll leave it to everybody else and you on the call to kind of figure out what that means in terms of net new ARR. But generally, I think that combine that with the momentum that we've talked about in the business, we feel really good about starting the year. And then I'll turn it over to George for your second part of the question.
spk05: Yeah. So, thank you, Bert. And first, I want to congratulate Kevin and the entire team. I've known and worked with Kevin many years at Foundstone, and they're a fantastic organization, one of the best in the business, and we have a lot of respect for them. So, We continue to work with them on partnering opportunities. We think it's a great opportunity being part of Google, who is also another big partner of CrowdStrike. So I think both organizations make a lot of sense. You've got world-class capabilities across the board, and we think our technology can be additive to the overall mandate solution. And we look forward to seeing how that progresses and continuing to partner with them. So Overall, I think it's a positive net for all parties.
spk16: Thank you. Our next question comes from Fatima Delani of Citi. Good afternoon.
spk10: Thank you for taking my questions. Bart, I have this one for you. I look at your operating income guidance for fiscal 23, and it implies close to a 60% growth in operating incomes. And I look at that in comparison to kind of the 49% you've guided to the high end from a revenue standpoint. So what I wanted to ask you was, what are some of the contributing factors to your operating income growth outstripping your revenue growth? And what sort of considerations do you have in place vis-a-vis travel and expense levels reverting to sort of pre-COVID levels? And frankly, some of the talent retention and talent acquisition costs and wage inflation that has maybe bedeviled some of your peers. Any thoughts around there and how you've been able to buck that trend as contemplated in your guidance would be very helpful. And that's it for me. Thank you.
spk06: Sure, Fatima. Thank you for your question. So first, let me just start off by saying when we take a look at the guide, we take a look at, of course, what we see, not necessarily what we don't see, similar on the revenue side. And then we think about the power of our model. We've got a lot of leverage in our model. Unit economics is really strong, and it's pointing to one thing, which is continue to invest aggressively, which we plan to do. And it's reflected in the guide. I think there are a few things that really shape that guide. One is I think that we've seen a lot of tailwinds for us. We've seen momentum in the business. So scale and how we think about the revenue guide really plays a big role in terms of how we think about our margin guide. But we do take into consideration things like inflation. We take into consideration what we're seeing out there in terms of talent. It is talent war that we're seeing on a day-to-day basis, not only for us but for others in the space. And we've got to differentiate ourselves here. from others to attract folks to come and join us. And we've done a really good job so far, but pedal to the metal in terms of hiring. And then your last piece of the question with respect to travel, I think that it's going to be more than it was last year, knock wood. Obviously, it's a result on how the pandemic plays out this year. But the idea is that we do plan on more travel. We want people to get together. We want people to collaborate. We want to go and visit customers on the one hand. On the other hand, I think every CFO out there is taking a look at what was done in the past and then how they think about the future and is looking for highest and best use of travel. And I'm no exception. So I'm going to take the opportunity to make sure that we've got all the controls in place to make sure that we are doing just that. making sure that we are, you know, looking at, you know, the highest and best use of our dollars for travel. And I think everybody will be appreciative of that. And I think that, you know, as a company, it just goes to continue our story about being a really, you know, really, really well-flighted company in all aspects of the business, from tech to go-to-market to finance. I hope that answers your question.
spk16: Thank you. Our next question comes from Joshua Tilton of Wolf's Research. Your line is open. Thank you.
spk12: Hey, guys. Thanks for taking my question. You spoke a lot in the prepared remarks about the success of the non-endpoint modules. Can you just comment on the demand environment as we enter the year, but more specifically, compare and contrast the demand for endpoint modules versus the demand for the cloud security and identity modules? Where are you seeing the highest demand of those three categories, and how does that maybe compare to this time a year ago?
spk05: When you look at the endpoint security modules and identity, they go together. So we see broad-based demand on all of them. People are buying the endpoint security modules primarily for two reasons. One, protection, and two, visibility, which we give both. In order to enhance the protection, they add the identity module, which makes sense given that many of the breaches don't necessarily even use malware in today's environment. So We see them going together and we see a great opportunity for many customers who have been with us for a long time who don't have identity because that's a newer module to be able to add identity to their existing platform. And again, there's not much that they have to do other than activate it given the architecture that we've built. And then when you look at some of the other modules just in general, vulnerability management has done exceptionally well. We've seen lots of vulnerabilities in the environment. understanding the assets and their configurations and the hygiene is very important to protecting them. And in a distributed world, which we have today, right, there is no perimeter. It's all, you know, systems wherever they may reside, they're going to need this level of protection, visibility, and, you know, ability to even understand their vulnerabilities. So, Overall, we're pleased with the module growth outside of what we call just core endpoint protection, and we look forward to continued growth in those areas.
spk16: Thank you. Our next question comes from Rob Owens of Piper Stanley. Your line is open.
spk01: Great. Thanks for taking my question. I was wondering if you could touch on the critical infrastructure defense project that you recently announced just I guess how it came about with these vendors, and more broadly, how underprotected are we in these verticals relative to next-generation technologies? Thanks.
spk05: Yeah, sure. Rob, we thought it was appropriate with some of our counterparts in the industry to see where we can help. And when you look at critical infrastructure and what the government is really concerned about, you know, hospitals, hospitals, pipelines, things of that nature, it's super important that they're protected. And there aren't a whole bunch of enforced standards in some of these areas, and a lot of times they're underprotected for a variety of reasons. So, you know, we thought it was the right thing to do in terms of, you know, offering our technology out there for some period of time. And we think we're going to be able to hopefully move the needle at protection in places where it may have not been as good. And then, obviously, we'll look to see how that pans out from a business perspective. But first and foremost, we're just trying to do the right thing.
spk16: Thank you. Our next question comes from Jonathan. We'll cover a bear. Your line is open.
spk11: Yeah. Hey, guys. Congrats. I wonder if you could just provide some color on the free tiers, whether it be the Homeo Community Edition, I think you introduced some sort capabilities as well. Just curious how you're thinking about that sales motion. Is there an opportunity to introduce those free tiers more broadly going forward?
spk05: Well, yeah, so let's talk about Falcon Fusion for a bit, which is our sort capabilities. The beauty is it's built into the platform. You just get it if you're a Falcon customer, which has been extremely well by our customers. And the amount of automation that we've been able to achieve, we think, far outstrips what our competitors can do, and it ties into our XDR response strategy, and it's seamlessly built in. It wasn't an acquisition that we had to bolt on. So we're really happy with that. But other than making sure everybody knows we have it, there's not a lot of motion that we have to go into there, and it has been a differentiator for us. When I think about the Humio Community Edition, I think it goes to the heart of where we've been able to make some really good inroads in the DevOps world both in cloud protection but as well as observability. We talked about some of the big wins with Humio. Some of them are not even security-related. They're simply observability. The beauty of that technology is the ability to get data from just about any source and answer any question at scale. The community edition, very well received. We have people that are using it and then obviously saying it is great technology. We want to learn more. We want to think about licensing it. So we're still in the early innings on that, but it goes to the heart of our e-commerce efforts and our platform that we've built out, which I think is candidly underappreciated in what we're able to do from a business perspective and the sales efficiency that it actually brings to CrowdStrike.
spk16: Thank you. Thank you. Our next question comes from Ipad Kidron of Oppenheimer. Your line is open.
spk18: Thanks. Hey, guys, great quarter, and thanks for all the disclosures. I have a couple. George, first for you on the new modules, clearly you're making very good progress here, but can you tell us how much of the progress here is more upsell activity? Do you have customers that actually land first with you in these solutions? And for you, Bert, great job on the operating margin side. I guess you're pretty much at your target operating margin range, so... Is it time to raise it finally?
spk05: All right, so I'll take the first part. When we think about how customers land, let's take a couple of examples. So cloud workload protection, cloud security posture management, Horizon, absolutely they can land there first before they put Falcon on any of their what we'd call traditional endpoints. And we see that all the time. Same with Humio. When you think about something like Identity, that becomes a driver for why they're calling us. They're looking at their existing solution saying, hey, we need a solution in the endpoint identity space. You guys are the only folks that have it. Come in and talk to us. And then traditionally we will land with that among something else, right, probably the endpoint detection or EDR. And the beauty, again, of our model is single agent, collect data one time, all the modules become available. So once we get the agent on that system, Everything else opens up to us from a module perspective. So there's different demand drivers, and then there's specific technologies which are just natural for us to lead with and sell and then be able to cross-sell in other places in the organization, like cloud workload protection and cloud security posture management.
spk06: Bert? Thanks, George. Thanks, Itay, for the question. So number one, really happy with our performance on the top and the bottom performance. I think that, you know, the guide really reflects what we really want to do this year, which is aggressively invest in the business. We've got this opportunity in front of us. We think there's a tremendous amount of demand. There's a tremendous big opportunity for us and we're going for it. So I think that when we, when we guided, we took all of that into consideration. And so I feel really, really good about where we are. And of course our unit economics, you know, the metrics that we look at are all driving that decision in terms of how we guide it. Right. And, That's the great thing about our business, right? It's well-flighted. The model itself is open to leverage. And right now, we're going to use some of that leverage to go invest aggressively into the business.
spk16: Thank you. And our last question comes from Greg Moselitz of Mizuho. Your line is open.
spk13: All right, thank you very much. Thanks for taking the question. I'll keep it to one just in the interest of time. So you now have more than half of the Fortune 500 in total, and based on our numbers, you've added 77 of the Fortune 500 over the past 12 months. I mean, both of these are just remarkable statistics. So I guess two things relating to this. First, as you look ahead to fiscal 23, how would you characterize your new customer pipeline, specifically at the larger enterprise level? And then how much runway is there for your current Fortune 500 customers to continue to expand with CrowdStrike? Thank you.
spk05: Great. Well, we still see a big runway of potential customers in the Fortune 500 that aren't on CrowdStrike, and we've seen, obviously, a lot of interest there. And I think enterprise customers understand if they're looking for the best protection at scale with the manageability, CrowdStrike is the technology of choice, and we've built our gold standard reputation in that arena. So that's what I would say there. Bert, anything else to add? I know we're short on time.
spk06: Yeah, it's a great question. I think right now, Greg, look, we're really happy that we have over 50% of those Fortune 500. We've got a whole bunch more to go. And when George thinks about, and George and I think about, you know, the rest of our potential business for looking forward, again, tremendous success in enterprise. That's where George flighted the business, and that's where we started. And we're going to continue to, I think, see, you know, lots of opportunities come our way. And then on going down market, right? I think we've had a lot of success in being able to build a technology, the same agent for both a company that's you know, has a million endpoints versus one that has five. That's really hard to do. And so we've got, you know, the beauty of where we are right now is we have over 16,000 subscription customers. Those are all open to cross-sell and up-sell. And then we've got this tremendous amount of new logos to be able to go after whether it's an enterprise, mid-market, or SMB. And that's the beauty of where we are. And that's why you're hearing the excitement in our voices. And now I'll turn it back over to the moderator. Thank you.
spk16: Thank you. I'm showing no further questions. I'd like to turn the call back over to Mr. Kurtz for any closing remarks.
spk05: Okay. Well, thank you so much. We appreciate everyone's time and attention, and we wish the best. Everyone stay healthy, and we look forward to seeing you next quarter. Thanks so much.
spk16: Thank you. Ladies and gentlemen, this does conclude today's conference. Thank you all for participating. You may now disconnect. Have a great day.
Disclaimer