This conference call transcript was computer generated and almost certianly contains errors. This transcript is provided for information purposes only.EarningsCall, LLC makes no representation about the accuracy of the aforementioned transcript, and you are cautioned not to place undue reliance on the information provided by the transcript.
8/30/2022
Thank you for standing by and welcome to Crown Strength Financial Fiscal Second Quarter 2023 Results Conference Call. At this time, all participants are in listen-only mode. After the speaker's presentation, there will be a question and answer session. Please limit yourself to one question each. You may get back in the queue as time allows. In order to get into the queue, please press star 11 on your telephone. As a reminder, today's program may be recorded. And now I'd like to introduce your host for today's program, Maria Riley, Vice President, Investor Relations.
Please go ahead. Good afternoon, and thank you for your participation today.
With me on the call are George Kurtz, President and Chief Executive Officer and co-founder of CrowdStrike, and Burt Podbear, Chief Financial Officer. Before we get started, I would like to note that certain statements made during this conference call that are not historical facts, including those regarding our future plans, objectives, growth, and expected performance, including our outlook for the third quarter and fiscal year 2023, our forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. These forward-looking statements represent our outlook only as of the date of this call. While we believe any forward-looking statements we make are reasonable, actual results could differ materially because the statements are based on current expectations and are subject to risks and uncertainties. We do not undertake and expressly disclaim any obligation to update or alter our forward-looking statements, whether as a result of new information, future events, or otherwise. Further information on these and other factors that could affect the company's financial results is included in the filings we make with the SEC from time to time, including the section titled Risk Factors in the company's quarterly and annual reports. Additionally, unless otherwise stated, excluding revenue, all financial measures discussed on this call will be non-GAAP. A discussion of why we use non-GAAP financial measures in the reconciliation schedule showing GAAP versus non-GAAP results is currently available in our earnings press release, which may be found on our industrial relations website at ir.crowdstrike.com or on our Form 8K filed with the SEC to With that, I will now turn the call over to George to begin.
Thank you, Maria, and thank you all for joining us. The Crowdtrike team delivered a strong second quarter, headlined by record net new ARR of $218 million as growth accelerated to 45% year over year, record net new customer additions, and record non-GAAP operating profit. We achieved several additional milestones in the quarter. Ending ARR grew to $2.14 billion on a 59% year-over-year growth rate. We believe this makes us the second fastest software company reported to reach the $2 billion ARR milestone. Ending ARR for our emerging products grew to $219 million, up 129% year-over-year. This included record-setting net new ARR for both Identity Protection and Humio, and we also achieved record net new ARR for modules deployed in a public cloud. Quarterly revenue exceeded $500 million for the first time. We added over 1,700 net new customers, another first for the company. Gross retention climbed to a new record for the second consecutive quarter, and dollar-based net retention reached its highest level in seven quarters. We achieved these results while also driving record non-GAAP operating profit of $87 million, a 147% increase over Q2 of last year, and growing free cash flow 84%. As Bert will discuss in a few minutes, we are raising our revenue guidance for the year and remain committed to delivering non-GAAP operating leverage and 30% or greater free cash flow margin for the year, while investing in key initiatives that will further widen the gap between CrowdStrike and the competition. Moving to our markets, the competitive environment remained favorable and our win rates remained consistent. We continued to see strong demand, even as organizations responded to macroeconomic conditions. For CrowdStrike, this primarily manifested in the form of increased levels of required approvals on some deals as companies evaluated investment priorities, which can extend the time it takes to close deals. However, cybersecurity is not a discretionary line item. Cybersecurity is a priority for CIOs, CEOs, and CFOs and boards of directors, and our value proposition resonates strongly with these stakeholders. Deals committed to close in the quarter did close in the quarter, and we entered Q3 with a record pipeline. Over the past several months, I've had many discussions with CIOs, and the message is clear. They are looking to consolidate on a platform like Falcon. They want fewer point products, fewer agents, and technologies that consume fewer resources. They need to reduce complexity and simplify operations in their security and IT stack. Complexity is the enemy of security, efficiency, and TCO. This business imperative is even more crucial in times when budgets are tightening, which accelerates standardization on trusted platforms that deliver immediate ROI and lower TCO, such as CrowdStrike's Falcon platform. We believe that with increased scrutiny comes increased opportunity for CrowdStrike over the long term, given the Falcon platform empowers customers to consolidate technologies and achieve better protection with less time, fewer resources, and lower total cost. This differentiates us from others in the market and we believe positions us well for continued success even in the current macro environment. And we are seeing this dynamic in our business. As the number one vendor by market share in both IDC's 2021 Worldwide Corporate Endpoint Security and Moderate Endpoint Security categories, customers are increasingly standardizing on the Falcon platform, driving module adoption, greater wallet share, and larger customers, the trademark characteristics of a generational platform. Q2 subscription customers with five or more, six or more, and seven or more modules were 59%, 36%, and 20% respectively. This represents a 70%, 84%, and 105% year-over-year increase in these respective module adoption cohorts. As customers adopt more modules, Falcon is increasingly embedded in their operations and workflows, which we believe leads to higher retention rates and even more opportunities for future expansion. Customer retention is also driven by advanced capabilities built into the platform, such as Fusion, our customizable security automation and remediation engine. Utilization of Fusion by customers has continued to increase since its launch and in just one year approximately 35 percent of our customers now use Fusion workflows. In the quarter momentum was strong among customers of all sizes from large enterprises to medium-sized businesses and smaller accounts. We believe our diversified customer base adds to our resiliency and our ability to deliver durable ARR growth over the long term. Ending ARR growth from our $1 million or more ARR customers accelerated in Q2 and continued to grow faster than our corporate average. These larger customers are standardizing on Falcon, consolidating vendors, and prioritizing expansion projects that represent sizable cross-sell and up-sell opportunities that are moving forward even under uncertain macro conditions. We are also seeing increased strength in the public sector, which in Q2 was driven by record SLED performance and wins within the U.S. federal and international government agencies. To date, 20 of the 37 U.S. states that are CrowdStrike customers, as well as the District of Columbia, have standardized on Falcon. One noteworthy development in Q2 was with the state of New York, which is exclusively using Falcon EDR for the newly established Joint Security Operations Center. As part of the shared services initiative, New York's cities and counties in the program will be protected by Falcon. The JSOC program is designed to house cybersecurity assets from multiple levels of government under one roof to protect against attacks across New York's interconnected network and IT services. We believe this is a model program that other states will look to emulate as their communities grapple with the heightened threat environment and cybersecurity skills gap. The second quarter was also a record quarter for our e-commerce sales engine, which is a key factor in our strategy to efficiently reach and serve the small business community at scale. To further support small businesses, during the quarter we launched our newest bundle, Falcon Go. This starter package is specifically designed as a landing point for smaller businesses with 100 endpoints or less that may be more price sensitive and looking to transact through our e-commerce or trial program. We also serve small businesses through the MSSP channel. The Falcon platform empowers MSSPs to stop breaches for their customers, simplify operations, and drive cost efficiencies. MSSPs are a rapidly growing component of our partner ecosystem, with Q2 year-over-year ending ARR increasing more than 150%, and a rapidly growing customer base that is excluded from our reported logo metrics. In Q2, we added over 1,700 net new customers, bringing the total number of reported customers that rely on Falcon to protect their business to 19,686, a 51% increase year over year. I'm especially proud to announce one of our new customers this quarter included a leading incident response firm, that purchase Falcon for their internal use. We are also pleased with our strong module performance across the Falcon platform. I'd like to highlight a few standouts in Q2. First is Falcon Complete, which has continued to gain strong momentum in the market as companies look to address the growing cybersecurity imperative and contend with the cybersecurity skills shortage. Over 1,000 customers have adopted Falcon Complete since the start of the fiscal year. By leveraging the advanced automation in the platform, Falcon Complete offers customers and partners a way to quickly and cost-effectively scale and fortify their cyber defenses with gold standard expertise and technology while lowering their total cost of ownership. As we add modules to the Falcon Complete lineup, customers are standardizing on Complete. An example in Q2 is a payments company that adopted our full suite of Falcon Complete offerings, which includes Managed Identity and Managed Cloud Workload Protection. Next is our emerging product category that solves use cases outside of traditional endpoint protection, but are rapidly becoming core in the minds of customers. This category includes our Discover, Spotlight, and Identity Protection modules, as well as Humio. We delivered record net new ARR from our emerging products propelling the ending ARR for this category to $219 million, up 129% year-over-year. Our identity protection lineup achieved a record quarter and quickly grew to become the largest contributor to ARR within our emerging category. In Q2, the number of customers subscribing to our identity protection modules grew more than 100% quarter-over-quarter, driven in part by a new logo attach rate that tripled, with close to 80% of cyberattacks leveraging identity-based tactics to compromise legitimate credentials and use techniques like lateral movement to quickly evade detection, identity protection is core to stopping breaches. We see many parallels between this new market and the early days of the EDR market, including a massive greenfield opportunity with an estimated $3.7 billion CAMP in calendar year 2022 and a sizable uplift to ASP, which can be north of 30%. With our early and growing momentum, we believe CrowdStrike is well on the way to defining and leading the identity protection category. CrowdStrike Falcon Identity Threat Protection is unique in the industry as it can detect and stop in real time identity-based attacks. And with one easy-to-deploy agent, the Falcon platform can respond to modern attacks with endpoint, identity, and workload context without the multi-platform complexity and post-processing other solutions require. QMEO had a record Q2 as we secured wins across multiple verticals, including financial services, healthcare, retail, manufacturing, transportation, and professional services. Notable wins included a multinational financial services firm with ingestion requirements of up to four terabytes a day that adopted Humio to displace its legacy provider whose query speeds and data ingestion capabilities were inferior. And an IT and security services provider in APAC that is now leveraging Humio as the engine to collect and store security and observability data from its growing customer base. Moving from a module perspective to a deployment environment view, our public cloud business delivered a record Q2 with any AR growth accelerating quarter over quarter for the second consecutive quarter to reach $174 million. Building on the cloud native application protection platform or CNAP capabilities we introduced last quarter, this quarter we announced new CNAP capabilities to extend support within AWS Fargate to Amazon's Elastic Container Service. Introduce the first AI powered indicators of attack comprehensive fileless attack prevention, and enhanced visibility for cloud intrusions. And introduce Falcon Overwatch Cloud Threat Hunting, the first standalone cloud threat hunting service for threats originating, operating, or persisting in cloud environments. Cloud is another evolving market where we believe we can significantly expand our share, especially as CIOs look to consolidate vendors and move away from point products. As we discussed last quarter, CrowdStrike's cloud capabilities stand alone in the market by delivering agent-based and agentless solutions natively from the Falcon platform in a single user interface with a shared data backend and threat graph. The combination of agent-based and agentless capabilities in the cloud enables pre-runtime and runtime protection, whereas agentless-only solutions can only offer partial visibility and cannot provide runtime security. Taking a moment to summarize and put everything we have shared with you today into context, customers want a trusted platform that seamlessly unifies endpoint, cloud, identity, and data, redefining what core cybersecurity means. CrowdStrike is leading this replatforming with Falcon, and we see no other competitor with a comparable offering. I believe the CISO of a county on the East Coast said it best, and I quote, it's hard to remember the days when I didn't have immediate 24-7 remediation. vulnerability reports on every device, discovery of every asset on my network, and a clear understanding of every account login, but I'm never going back, end quote. I want to thank each and every CrowdStriker for your passionate focus to make us the best in the business. It is your work that earned CrowdStrike's recognition as a winner in the Best Security Company category for the 2022 SE Awards U.S., and Falcon XDR as a winner in the Best Emerging Technology category for the SC Awards Europe 2022. Before I turn it over to Bert, I would like to invite our investors and analysts to join us at Falcon in Las Vegas in September. Similar to last year, in conjunction with the event, we will hold an investor briefing featuring conversations with customers, partners, and industry experts. To join in person, please contact our IR team for the registration information. The briefing will also be webcast live on our IR website. With that, I will turn the call over to Bert to discuss our financial results in more detail.
Thank you, George, and good afternoon, everyone. As a quick reminder, unless otherwise noted, all numbers except revenue mentioned during my remarks today are non-GAAP. We delivered another outstanding quarter, exceeding the high end of our guidance on all metrics. Strength in multiple areas of the business and superb execution by the CrowdStrike team translated to rapid growth at an increased scale, record non-gap operating profit, and strong cash generation. In the second quarter, we continued to maintain very high unit economics, drive leverage, and remain very capital efficient. We also continued to execute on our investment plan for the year, fueling innovation on the Falcon platform, expansion into new markets, and growing the CrowdStrike team. Our second quarter results are a testament to the resilience of our markets, value of our platform, and the ongoing durability of our SaaS business model that provides excellent visibility and enables us to deliver high growth with strong profitability and free cash flow. In the quarter, ending ARR grew 59% year-over-year to surpass the $2 billion milestone. Net new ARR growth accelerated to 45% year-over-year. we delivered a record $218.1 million in net new ARR representing our strong momentum in the market. The composition of net new ARR in Q2 was very well balanced across deal size with no outsized contribution from any one deal. Our dollar-based net retention rate was above our benchmark, reaching its highest level since Q3 in fiscal 2021. Gross retention reached a new record for the third consecutive quarter, demonstrating our strong commitment to stopping the breach, delivering value to customers, and restoring trust to the security posture of companies worldwide. As George mentioned, we are also seeing more customers standardize on the Falcon platform and adopt more modules. We believe these trends will create an enduring business opportunity for the years to come. Moving to the P&L, Total revenue grew 58% over Q2 of last year to reach $535.2 million. Subscription revenue grew 60% over Q2 of last year to reach $506.2 million. Professional services revenue was $29.0 million, setting a new record for the eighth consecutive quarter and representing 32% year-over-year growth. In terms of our geographic performance in Q2, We continue to see strong growth in the U.S. at 53% and international revenue growth at 73% year-over-year. Second quarter total and subscription non-GAAP gross margins remain relatively consistent at 76% and 78% respectively. As we continue to invest for growing demand, we are pleased with our strong subscription gross margin performance, which remains within our target model range. During the quarter, we executed on our plan to invest in new technologies, international geographies, and marketing programs. We are also executing our 2023 hiring plan and pleased to report that we added a record number of net new hires for the second consecutive quarter. Bringing on and retaining top talent is a cornerstone to supporting our product roadmap, future growth, and market share gains in new markets. We believe the investments we are making today will lead to sustained growth over the long term and maintain our position as a trusted security partner of choice. Given our strong top line, disciplined approach to investing, and efficient sales motion, we were able to make these investments while also driving increased leverage and profit. Total non-GAAP operating expenses in the second quarter were approximately $321.4 million, or 60% of revenue, versus $222.4 million last year, or 66% of revenue. In Q2, our magic number was 1.3, reflecting the phenomenal efficiency of our go-to-market engine. We believe a magic number in excess of 1.0 indicates very favorable go-to-market efficiency and supports our current investment plan. Second quarter non-GAAP operating income more than doubled, growing 147% year-over-year to reach a record $87.3 million, and operating margin improved by 6 percentage points year-over-year to reach 16%. Looking at the first half of fiscal year 2023, non-GAAP operating income grew 162% year-over-year to reach $170.3 million and 17% of revenue. Non-GAAP net income attributable to CrowdStrike in Q2 also more than tripled over the prior year, growing to a record $85.9 million, or 36 cents on a diluted per share basis. Our weighted average common shares used to calculate second quarter non-GAAP EPS attributable to CrowdStrike was on a diluted basis and totaled approximately 239 million shares. We ended the second quarter with a strong balance sheet. Cash and cash equivalents increased to approximately $2.32 billion. Cash flow from operations grew 94% year-over-year to $209.9 million. Free cash flow grew 84% year-over-year to $135.8 million, or 25% of revenue, and reflects our planned increased capital investments, which more than doubled year-over-year. Moving to our outlook. Given the growth drivers of our business, as well as our strong second quarter performance, record pipeline, and record growth retention rate, we are raising our revenue guidance for the fiscal year 2023. At the same time, we have factored in what we believe is an appropriately pragmatic view with respect to the current global macroeconomic backdrop. While we do not guide to net new ARR, given the unseasonal strength in net new air are delivered in both Q1 and Q2 of this fiscal year, we believe it is prudent to assume less pronounced quarter-to-quarter seasonality in the back half in comparison to prior years. Also, as a reminder, we suggest that investors adjust their seasonality expectations to exclude the impact of significant large deals, such as the two approximately eight-figure accounts we discussed in Q4 of last year. On the bottom line, we are also raising our guidance for fiscal year 2023, and as our guidance reflects, we remain committed to deliver non-GAAP operating margin leverage for the year while continuing to invest in the business. We also remain committed to achieving 30% or more free cash flow margin for the year. For the third quarter of FY23, we expect total revenue to be in the range of $569.1 to $575.9 million, reflecting a year-over-year growth rate of 50% to 52%, with subscription revenue being the dominant driver of growth. We expect non-GAAP income from operations to be in the range of $72.7 to $77.7 million, and non-GAAP net income attributable to CrowdStrike to be in the range of $73.0 to $78.0 million. We expect diluted non-GAAP net income per share attributable to CrowdStrike to be in the range of 30 to 32 cents, utilizing a weighted average share count of 241 million shares on a diluted basis. For the full fiscal year 2023, we currently expect total revenue to be in the range of $2,223.0 to $2,232.0 million. reflecting a growth rate of 53 to 54% over the prior fiscal year. Non-GAAP income from operations is expected to be between 321.8 and 328.5 million dollars. We expect fiscal 2023 non-GAAP net income attributable to CrowdStrike to be between 313.7 and 320.5 million dollars. Utilizing 240 million weighted average shares on a diluted basis, We expect non-GAAP net income per share attributable to CrowdStrike to be in the range of $1.31 to $1.33. George and I will now take your questions.
Certainly. Ladies and gentlemen, if you have a question at this time, as a reminder, please press star 1-1. Analysts will be limited to one question each.
One moment for our first question. And our first question comes from the line of Sake Callier from Barclays.
Your question, please.
Okay, great. Hey, folks, thanks for taking my question here. George, a lot of great stuff to talk about, but maybe the one that I'd love to hone in on is the higher attach rate on identity. Can you just remind us whether the identity module here Is displacing something else within your customer base? And what do you think is driving that a higher attach rate to new logos?
Yeah, great second. Thanks for the question. It's not displacing anything because nothing else exists. And that was one of the things that we really got ahead of with our preempt acquisition well before anyone else in the market. And when we think about these sort of attacks that are out there, 80% of the attacks leverage compromised identities and lateral movement, which is a big part of how breaches occur. So when we think about our identity module, which is baked into our agent, single agent, it's much differentiated from everything else that's out there. It works with Active Directory and Azure AD. It's been a real game changer for customers. And I continue to see customer feedback, even during the proof of value stage, that they've never seen this level of visibility in their identity and Active Directory infrastructure, and they continue to find many, many weaknesses. So to me, it's a real game changer, and I think it can be as big as XDR, and it's going to be a core module going forward.
Very helpful. Thanks, guys. Operator, you can please take our next question Hello, Jonathan, are you available to take our next question? It appears we're having technical difficulties. Please stand by. Thank you.
Our next question comes from the line of Andrew Nelson from Wells Fargo. Your question, please.
And congrats on another great quarter. I just wanted to ask about your new logo ads. It looks like you added four Fortune 100 customers this quarter, which I presume were larger deals, even though you said there were no outsized deals in the quarter. I'm wondering, you know, your new logo ads in total only increased maybe mid-single digits, but I'm wondering if you're just focusing on larger customers now or if you're seeing, you know, more customers starting the initial deal with more modules like Preempt and Humio, et cetera, whereas it might have been, you know, a smaller initial land a year or two ago. Thanks.
Hey, Andy. It's Bert. Thanks for the question. So, first and foremost, we're very pleased with the net new logo count of 1741, a new record for us. And we're pleased with what we've seen in the makeup of the 1741 new logos. You know, I think that when we go through, you know, the various details with respect to the new logos, we found that hey, we got new logos coming in from large companies, we have new logos coming in smaller companies, and as typical, the velocity is driven more by mid-market and SMB. It's also worthy to note that we do have a very strong MSSP business. We talked about the fact that it's grown 150% year over year, and that is not reflected in the 1741 in terms of net new logos. So overall, we are very pleased with the Q2 performance. We think that we have great opportunities to go after new logos and to continue to gain new business, especially when you think of the backdrop in terms of what's available to us. Sure, just under 20,000 logos to date. That's great, and we're very pleased about that. But when you think about the overall market that's available to us, that's a very small number. And so we think that we're still in the very early innings in terms of net new logos that we can go after.
Thank you.
Our next question comes from the line of Don DeFucci from Guggenheim Partners. Your question, please.
Listen, George and Bert, really impressive results here, especially given the macro backdrop. But George, you mentioned that security is not discretionary, and that makes sense. But when you win, you're displacing someone, at least for your core products. And in our observation, because we're old, I guess, if this becomes a prolonged and even perhaps deeper macro slowdown, what we've seen is that customers start to freeze. It's almost as if they've gotten by with what they have up until now, and then they don't want to introduce any more change, which brings risk. And there's enough risk in the macro environment. I'm just wondering, how do you see this developing going forward? Because you've avoided this up until now, for sure. But how do you think it happens going forward, not only for CrowdStrike, but even for the broader security, IT security space? Because a lot of your brethren have sort of held up really well in this, too.
Well, I think it goes to the durability of security and the business model that we've built and certainly the platform play. And I think if you're a point product, your comments will resonate. I think when you look at a true platform like CrowdStrike, the conversations that we're having, and I've had many of them with CIOs, board members, CEOs over the last quarter, couple of quarters, and it really was about how do we do more with CrowdStrike? We want to consolidate. We didn't necessarily see them freezing. We saw them thinking about how they could spend more with CrowdStrike and reduce their overall spend and security. And as we've talked about before, we spend a lot of time in value selling and something we call our business value assessment, where we actually compute an ROI, which typically is 150% within the first year. So that's the kind of strategic conversations that we're having. up and down the stack. And then when you think about the macro environment, you know, people don't want to add heads. How it can complete is a game changer for them. They couldn't do what we do for the price that we charge. I mean, they need an army of internal people to try to do what we do, and it's just not possible with the level of expertise. So we look at the macro as an opportunity at CrowdStrike to further consolidate in our customer base.
Thank you. And as a reminder, ladies and gentlemen, if you have a question at this time, please press star 1 1 on your telephone.
One moment for our next question.
Our next question comes from the line of Rudy from DA Davidson. Your question, please.
Hey, guys. Thanks for taking my questions. Certainly a lot to like here given the macro backdrop. I guess if I narrow in on maybe one metric, you know, the customers with 6-plus and 7-plus modules, that stepped up a point from Q1. But the percentage of customers with 5-plus was flat at 59%. We've seen that figure go up two to three points a quarter for the last several years now. Anything to note there? Did you see any customers on the new logo front that maybe just given the macro maybe took one or two fewer modules to start out? And if so, obviously, identity sounds like that, attach rates increasing nicely. But any modules in particular that saw maybe a bit more of an impact to demand than others? Hi, this is Bert.
So, you know, great question. So, when we think about, you know, the modules that have been doing really well, we go back to the April 7th webinar when we talked about the hypergrowth modules. And these are modules that have year-over-year growth rates that are significantly higher than the overall customer growth. And we zoom in on a few of them. There are some that we've been talking about for a long time, like Spotlight. That's our vulnerability management product module, and that's gone really well. We think about some of our cloud modules, whether they're our cloud workflow protection or Verizon. These are getting traction. But also the identity threat detection. George just talked about it. We're really excited about how that's been taken up you know, by not only the existing customer base, but by new customers that are coming in and, you know, enjoying, you know, all the benefits of, you know, attaching themselves to a true cloud-native platform. And so I think that there are a lot of opportunities to go in terms of more module adoption with customers. As you said, we've had an uptick on both the 7-plus and 6-plus, and I think that we're going to continue to see customers come in and you know, enjoying, you know, all the benefits of, you know, attaching themselves to a true cloud native platform. And so I think that there are a lot of opportunities to go in terms of more module adoption, uh, with customers. Um, as you said, we've had an uptake on both the seven plus and six plus, and I think that we're going to continue to see, uh, customers come in and land with more modules, uh, you know, in the future. certainly as we continue to come out with new modules. So we're excited about those module adoption rates, and I think they're best in class. And we're glad to see that we saw the uptick, you know, in the six and seven. And remember, we got rid of, you know, the poor category, which is amazing. That was over and above, you know, that 70% benchmark. So that was, you know, exciting and encouraging just in and of itself. Good question, though. Thank you.
Thank you. And our next question comes from the line of Matt Hedberg from RBC. Your question, please.
Great, thanks for taking my question, guys. George, for you, the other thing, obviously, we've been talking about Humio for a while, and it's great to see it had another record quarter.
You know, when you think about your expansion motion, you know, what are... ...instrument, things like Kubernetes clusters, when you look at the ability to flow data into something like an elastic, you know, they're certainly looking for alternatives. And Humio's flexibility is the fact that it can take data from anywhere. And it can do that ingestion-free. It doesn't need an index. And it's very, very efficient from a cost perspective. So we continue to get pulled into security and non-security deals. We had a record Humio quarter with some great wins. You know, we see frustration. with incumbent vendors across the SIEM space as well as the observability space. And a lot of times companies will try to roll their own. They'll go to open source and try to pull in different stacks, and it's really complex. And they just love the ease of use and the flexibility that Humio provides. So we continue to be extremely bullish on Humio and its various use cases, which are security and non-security related. And we had some great wins in both SIEM replacement,
uh in log management as well as observability thank you and our next question comes from the line of rob owens from piper sandler your question please rob owens your lines is open sorry my phone cut out there hi guys thanks for taking my questions
George, we'd love for you to expand around your comments on consolidation. And, you know, we've seen a few cycles, obviously, maybe not as many as Mr. DeFucci, who admitted to his age earlier. But that being said, why here and now, given we've had platform plays before, and do you think this is economic, this is technical, that part of the problem set? Thanks.
Sure. I think now is the time given the current macro. And when we think about platform plays, we're both probably showing our age, but there aren't a whole bunch of platform plays out there in security. And I think that's one of the things that we've really focused on from a CrowdStrike perspective, to be that foundational cloud platform that you think about in other spaces. So now that a true platform company is out there covering 22 modules, it really is the perfect opportunity with the current macro backdrop. And it certainly has stimulated the conversations in our ability to reduce cost and complexity for large and small companies. And then when you combine that with a very unique offering, again, with Falcon Complete, customers are, you know, they're not interested in adding a bunch of heads, right? So they want to take advantage of the offerings that we have in that area where we can do it much more cost-effectively and efficient than they ever can with a better outcome. So I think it's really a combination of a robust platform with many, many modules in multiple categories, as well as some of the very unique offerings like Falcon Complete that has really driven the conversation home with customers. Again, better outcome, but we're having that financial opportunity discussion at the right levels with many large and small customers. Thank you, Rob.
Thank you. Our next question comes from the line of Alex Henderson from Needham. Your question, please.
Great. Thank you very much. So a lot of people have over time thought of you guys as an endpoint company. Obviously, we've always thought of you as a platform. The first thing you ever told me was you're a platform, and I totally agree with it. And there's been a lot of conversation about price pressure as an endpoint company, seeing price pressure or some churn. And I think the statistics here strongly suggest that you're not seeing either. I was hoping you could talk a little bit about the proof points that, A, you're not seeing any pricing pressure, and, B, there's no evidence of any – you know, customer churn, I think a gross retention being at a record is a pretty good indicator of that as well as the GMs and the net retention rates. But can you talk to those two issues a little bit?
Sure. And I think I'll start with the latter comments that you made. If you look at our gross retention at a record, if you look at net retention, just how well we've done, and obviously we'll put that out at the end of the year, um what it means is customers like our our technology they stay with us and they buy more from us um in a market like ours is always going to be companies like to compete on price because you know they're av only and i think you've got to look at our platform and say well you've got av which is differentiated but it's one module and uh you know if companies are trying to compete on on uh price there You know, at the end of the day, what we're selling is prevention of breaches, right? It's not just malware prevention, which we've seen a lot of companies, legacy and non-legacy, just try to focus on that. And if that's where they started as, you know, an AV company or an action AV and then they bolt other things on, it really isn't a true platform. And I think the genius and the beauty of what we built here is it is probably the most scalable agent cloud architecture on the planet in terms of our ability to ingest no reboots, you know, you deploy it immediate time to value and it just works. So even if there was pricing pressure in one module, which we don't, you know, always see, I mean, obviously there's competition out there. When we put together all of the modules, our ability to consolidate our TCO play, you know, with a real ROI, this is very compelling for customers large and small. So Again, there's always been lots of companies in our space, and I think to your point, we've proven that while our form factor is agent cloud, we're doing many more things in a different way that go beyond just traditional endpoint protection.
Thank you. Our next question comes from the line of Fatima Boullier from Citi. Your question, please.
Hey, good afternoon, gentlemen. Thank you for taking my questions. George, maybe this one's for you. Just with respect to some of the traction and the hyper growth trajectory you're seeing with capabilities that are embedded in self and complete and even Overwatch. I think one of the things that some of your competitors, your peers in the past have stumbled into is sort of the rules of engagement with the channel. And yet you disclosed doing MSSP business that was up 150% year-over-year. So I'd love to kind of get your perspective on how you're sort of threading that needle between, you know, staying cooperative without getting too competitive and really driving, you know, triple-digit growth in modules and capabilities that, you know, otherwise on the surface would seem... to sort of, you know, encroach into some of your partners' business and franchises? Thank you.
Sure. That's a good question. I think there's a lot of FUD from our competitors out there because they don't have anything like Falcon Complete, as an example, which is absolutely top in the industry. And when you look at what we've done, we try to make it a win-win. You know, you look at a partnership like what we have with Mandiant, you know, obviously they've got those capabilities. in certain areas, but they're leveraging our technology, and that's the key area. Can they leverage our technology if they bring us into account? Fantastic. We're happy with that. Or in some managed service providers, they'll take our offering and kind of rebundle it into a broader offering that might cover network or other areas, and we're happy with that too. And as a manufacturer, we are experts in what we do. So we try to make it a win-win, and that's the reason why our MSSP business has grown so dramatically. A, it's the best technology. And the rules of engagement have been really important. You know, there are deal regs. We protect the account. And then we also focus on leveraging our services as part of a broader service that an MSSP has. And at the end of the day, the numbers don't lie in terms of our success there. So that's what we're focused on, the facts, not the fiction.
Thank you. Our next question comes from the line of Roger Boyd from UBS. Your question, please.
Hey, thanks for taking the question and congrats on the impressive results. I wanted to go back to cloud security, really impressive growth there. And I think you've done a really good job of proving out the need for a tightly integrated agent plus agentless technology. But I was curious if you could talk a little bit about the reception you've seen specifically to the Horizon product and how you think that stacks up against the peer plays out there. Thanks.
Sure. We're, Absolutely excited about Horizon as well as the combination of cloud workload protection. And we think it stacks up very well. And more importantly, where is the differentiation? The differentiation is in things like the ability to actually protect the workload and the infrastructure, right? So you've got agentless in Horizon and you've got our cloud workload protection, which we have tremendous capabilities there. This is what customers want. If you look at the pure plays out there, they're just covering agentless. And candidly, that's the easiest thing to do because you just plug into APIs. we've got to build some workflows around it. And then there's certainly some good competitors in the market. At the end of the day, it's really the combination of agent agent lists on a platform. That's going to give you visibility in the cloud, uh, as well as in your, your hybrid data centers. Um, and that's what we're seeing. We continue to add, uh, many, many capabilities. We've added overwatch threat hunting for cloud. We've got dynamic container analysis, uh, an image assessment, you know, so we continue to build in those areas and we're seeing a great reception. And I think, you know, when you look at our heritage of threat intelligence and things like indicators of attack, a lot of our competitors are just doing sort of policy misconfigurations and not really able to understand if they're under attack or where an attack might be possible. And we've applied that indicator of attack knowledge from our endpoints into the cloud. So we feel really good about that. Obviously, everyone's in the early innings in the cloud journey, which is exciting because it's a greenfield opportunity. And we feel like we've got the right products and the right go-to-market motion around it.
Thank you. Our next question comes in the line of Joe Gallio from Jefferies. Your question, please.
Hey, guys. Thanks for the question. Just to follow up to John's earlier question, no comment on his age, by the way. George, on those extra levels of scrutiny, any incremental context? Were they SMB or enterprise, any geolocation specifically? And are these deals pure cyber or are they broader with Humio and other infrastructure aspects? And then Bert, are you including any extra conservatism in your guidance because of this? Thanks.
Yeah, I think if you look across, you know, across either geographies or segments, I mean, there's nothing that really stands out. It's really company dependent and industry dependent. You know, and again, you would expect an additional level of scrutiny The beauty is, as I called out in the report, in the script, is the fact that the deals that we forecast to close, closed, right? And I think, you know, that's really important when we think about the current macro backdrop. And what we're doing is really, from a sales perspective, make sure we're getting ahead of it, right? Through our BVA process, make sure that we've got all of who we need and understand the accounts of who has to sign off because there's, you know, additional sign off that has to happen. So that's sort of my commentary on that. I don't know, Bert, if you want to add to it.
Yeah, just on the guide. I mean, I think we've stuck to our guns. We guide to what we see, not to what we don't see. And we took an appropriately pragmatic view, you know, on the macro.
And that's how we looked at the guide for this year.
Thank you.
Our next question comes from the line. It's Kendrin from Oppenheimer. Your question, please.
Thanks. Hey, guys. Great quarter. A couple for me. George, you haven't talked about XDR, the XDR Alliance, and how's traction moving along there. Maybe you can give us an update. And then for Bert, FX, you haven't mentioned that at all in the quarter. Can you talk about the impact to your business on FX and how it's impacting you globally?
Yeah, perfect. I'll start. When we think about XDR, it's going very well. And in fact, we've got some, I think, great announcements at Salcon. So we talked about that in our script of making sure that people attend that or even our investor event virtually. So we continue to build that alliance. We've actually also partnered with AWS in some of the efforts that they have to standardize on open formats, which I think is good for the industry. We continue to add integrations And, again, when you look at our XDR approach, it starts with the best EDR and our ability to add third-party information into our decision-making. So, so far, so good. I think, you know, us included as well as the rest of the industry, it's still an emerging category, and there's a lot of marketing hype around it, and we're focused on delivering the best technology outcome for customers and really extending that experience that we have with with our Insight product, which is, in our opinion, the best EDR in the market, and extending that to third parties so that the workflows are similar and we're looking for additional detections that are outside of just the endpoint domain. So that's a little bit about XDR.
Yeah, I'll jump in, George, really on the FX question. I think there was nothing material or we would have talked about it. We primarily invoice in U.S. dollars, but we do have expenses incurred in currencies out to the U.S. But on the deal side, it goes back to what George has been talking about. It's the platform play. It's lowering TCO. It's all those things that we're able to bring to bear that nobody else can.
Thank you. Our next question comes from the line of Hamza Fadawala from Morgan Stanley. Your question, please.
Hey guys, thanks for squeezing me in. Just a quick one for Bert. I was wondering if you could give more context on your comments around second half seasonality. I think normally Q4, generally stronger. Q3, you do see a little bit of lighter seasonality, although you do have the Fed vertical really take off during that quarter. So can you give us a sense of how the net new ARR pattern should be? Should it be similar to last year, year before that? Just any color you could give us would be really helpful.
Sure. You know, take a step back and just look at the current quarter. We have, you know, outperformed our expectations, you know, for really the full first half of the year. I'm really pleased with our strong start to the year with the, you know, record pipe. We just posted $218 million in that new ARR record quarter. Really pleased about that. And we expect to see a seasonal build throughout the year, albeit less pronounced quarter-to-quarter seasonality in comparison to what we've seen in the prior years. So that's how I would frame it.
Thank you. Our next question comes from the line of Sha'el from Cowan. Your question, please.
Good afternoon, guys. Congrats on the solid performance. George, last quarter, preempt grew 30% quarter by quarter. This quarter, it's accelerating to 100%. In recent months, we've witnessed an accelerated level of consolidation, specifically within the identity category, paying sale point, to name a few. How is that impacting the preempt business in the context of both displacement and greenfield opportunities?
Well, good question, and I'll reiterate again, as I do, I think, on every call that we partner with Ping and Okta and others, right? And our identity product is really specific to the endpoints and Active Directory in terms of identity threat protection and detection. So, we continue to work with them. And I think when you look at the environment today, there's just a continued demand for having a handle on identity. And, you know, we're one piece of it on the endpoints of servers and the directory structures. And there's other players in the market that, you know, handle identity access, brokering, et cetera. So, you know, from our standpoint, we, as I reiterated, continue to see very, very strong demand with a very differentiated technology. As you pointed out, 100% quarter over quarter growth, new logo attach rate tripled quarter over quarter growth. And the answer is why? It gets back to the architecture. The single lightweight agent, very easy for us to activate it, very easy for us to activate it at scale in trials. And a lot of times what we'll see is when there is high threat environments, customers will activate it, get immediate value, and then we can convert them over into paying customers. Again, this is, I think, going to be a standout for us, A, in terms of the acquisition we did, and also in terms of integration and our ability to go to market with it.
Thank you. And our final question for today comes from the line of Greg Moskowitz from Mizzou.
Your question, please. All right. Thank you for taking the question.
Congrats on a very good ARR performance. I did want to ask about RPO, which historically has risen by double digits sequentially in Q2 periods, although this quarter went up mid-single digits. Were there any, you know, changes to average duration? Is this, you know, perhaps somewhat reflective of the increased levels of approval that you noted earlier? Or is there anything else that you would call out? Thanks.
Hey, Greg. Thanks for the question. So, you know, really, I think the, the focus really is, you know, on, on net new, that really, that new ARR, that's really the one that tells the health of the business as opposed to RPO or as opposed to Billings or what have you. And we're, we're excited about the fact that, well, you know, we're, we're going in with, um, you know, a record pipeline. We've just posted a, you know, the strongest net new ARR quarter in, in company history. So I think that when you think about, you know, reaching a record 218 million um in that new with any outside deals you're you're really showing strong health in the business and so overall we're just really pleased with results and that's the metric that you know we zoom in on that's the metric that you know our whole company is rallying around and that's the focus for us thank you this does include the question and answer session of today's program i'd like to hand the program back to george kurtz for any further remarks
Great. Thank you.
Well, I certainly want to thank all of you for your time today. We appreciate your interest and look forward to seeing you in person at our upcoming Falcon Conference and our Investor Day via webcast. Thank you so much. And that concludes the call.
Thank you, ladies and gentlemen, for your participation in today's conference. This does conclude the program. You may now disconnect. Good day. This does conclude the program. You may now disconnect. Good day.
The conference will begin shortly. To raise your hand during Q&A, you can dial star 11.