Thank you for standing by, and welcome to the CrowdStrike Holdings, Inc. Q3 2022 Financial Results Conference Call. At this time, all participants are in a listen-only mode. After the speakers' presentation, there will be a question-and-answer session. [Operator Instructions] As a reminder, today's conference call is being recorded. I would now like to turn the conference to your host, Ms. Maria Riley, Vice President of Investor Relations. Please go ahead.

Good afternoon and thank you for your participation today. With me on the call are George Kurtz, President and Chief Executive Officer and Co-Founder of CrowdStrike; and Burt Podbere, Chief Financial Officer. Before we get started, I would like to note that certain statements made during this conference call that are not historical facts, including those regarding our future plans, objectives, growth and expected performance, including our outlook for the fourth quarter and fiscal year 2022 are forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. These forward-looking statements represent our outlook only as of the date of this call. While we believe any forward-looking statements we make are reasonable, actual results could differ materially because the statements are based on current expectations and are subject to risks and uncertainties. We do not undertake and expressly disclaim any obligation to update or alter our forward-looking statements, whether as a result of new information, future events or otherwise. Further information on these and other factors that could affect the Company's financial results is included in filings we make with the SEC from time to time, including the section titled Risk Factors in the Company's quarterly and annual reports that we file with the SEC. Additionally, unless otherwise stated, excluding revenue, all financial measures included on this call will be non-GAAP. A discussion of why we use non-GAAP financial measures and a reconciliation schedule showing GAAP versus non-GAAP results is currently available in our press release, which may be found on our Investor Relations website at ir.crowdstrike.com or on our Form 8-K filed with the SEC today. With that, I will turn the call over to George to begin.

Thank you, Maria, and thank you all for joining us. I will start today's call by summarizing three key points. First, we delivered an outstanding third quarter headlined by an acceleration in net new ARR growth, strong execution across the market, from large enterprises to small businesses and expansion within the U.S. federal government. Second, we are seeing an inflection in new products with growing demand for our identity protection and Zero Trust, Humio and cloud security modules. And third, the competitive and pricing environment remains favorable to CrowdStrike. We continue to expand our lead over legacy and next-gen vendors because of our scalability, efficacy and differentiated offerings such as Falcon Complete. Now let's discuss our results and get into the topics in more detail. We delivered a robust third quarter with net new ARR growth accelerating and ending ARR growing 67% to surpass the $1.5 billion milestone. We added $170 million in net new ARR, which was ahead of our expectations and gained over 1,600 net new subscription customers for the second consecutive quarter. We proudly serve 14,687 subscription customers. In addition to accelerating net new ARR growth, we delivered record bottom line results and free cash flow reaching a new high watermark of $124 million. In the third quarter, we saw broad-based strength in multiple areas of the business and among SMB mid-market and large enterprises. Our outstanding results this quarter reflect continued strong customer adoption of our core products, growing success with our newer product initiatives, including identity protection, log management and cloud and our growing leadership in the market with a continued groundswell of customers turning to CrowdStrike as their trusted platform of record with our 21 modules. We also gained significant momentum and delivered a record quarter in the public sector, including wins with educational…

Thank you, George, and good afternoon, everyone. As a quick reminder, unless otherwise noted, all numbers, except revenue mentioned during my remarks today, are non-GAAP. We once again delivered exceptional results. In addition to strong growth at scale with accelerated net new ARR growth, we continue to maintain very high unit economics, drive leverage and generate strong operating and free cash flow. We also continued to perform at a high level well in excess of the SaaS industry's Rule of 40 benchmark, achieving a Rule of 77 and when calculated on a free cash flow basis, a Rule of 96 at scale with over $1.5 billion in ARR. We believe our continued outstanding execution speaks to our ability to rapidly and efficiently scale across the business, our customer first and mission-driven culture and our highly differentiated platform, all of which we believe set us apart from others in the market and are difficult to replicate. Demand in the quarter was broad-based and well balanced fueled by strength in multiple areas of the business as we expanded our leadership across the market from large enterprises to small businesses. We once again ended the quarter with our strongest pipeline to date, which we believe indicates a strong foundation for future growth. In the quarter, we delivered 67% ARR growth year-over-year to exceed $1.51 billion, a new milestone. Rapid new customer acquisition as well as expansion business within existing customers fueled an acceleration in net new ARR growth on both an organic and as-reported basis. Net new ARR grew 55% on an organic basis and 46% on a reported basis to reach a new all-time high of $170.0 million, with no outsized contribution from any one deal. It was a standout quarter for large deals as we derived a record amount of net…

[Operator Instructions] Our first question comes from Saket Kalia of Barclays Capital. Your line is open.

Yes. Burt, maybe I'll start with you, just to sort of knock this out first. I was wondering if you could speak to the pricing environment a little bit and whether you feel like competitors are having an impact here with potentially lower price strategies. Does that make sense?

It's a good question. But in regards to pricing and it's been the same way for quite some time, discounting has remained consistent with prior quarters. And I think it highlights the differentiation of our platform and the value we bring to customers. We talk about value selling for quite some time. So it's allowing customers to center on us and take off other vendors, and that allows us to offer our customers lower total cost of ownership. And that really matters. In terms of the platform, I'll turn it over to George to talk a little bit about that.

As Burt said, a big part of what we're doing is being able to consolidate other vendors. Agent consolidation, agent fatigue is a big issue that's out there. And obviously, we have a broad platform that's differentiated and works, and that's the key aspect of the platform that it actually works. And you've seen in the transcript that there was a large nonprofit hospital that went with a next-gen vendor on price and two months later was back with us and deploying because it didn't work. And I think that's a big part of it. You also have to look at things like identity, look at things like Falcon Complete. These are truly differentiated services. And when you look at the breadth of what we're doing, obviously, we're way more than just an endpoint company when you look at what we're focused on and the value we're delivering, and that's how we continue to win and drive the right pricing for us and obviously, good value for our customers.

That makes a lot of sense. George, maybe just a follow-up for you. Congrats on the CISA contract. I was wondering if you could just dig into that just one level deeper and maybe talk a little bit more broadly, but how much opportunity you feel like CrowdStrike has within the federal government on the whole?

Sure. Well, we're really proud of that win. And I think it really is a signature win given the directives that came out of the U.S. government. We're certainly proud to protect the U.S. government. When you look at Falcon as a whole in the platform, it was tailor-made to help protect the government an adversary focused approach using next-gen technologies, AI powered, very broad in what we're doing. And again, at the end of the day, our goal is to stop breaches. Again, a truly differentiated offering that we have is our intelligence. Most vendors don't have what we have, certainly not the next-gen vendors, and that's a key aspect of what we do and part of the whole data element to CrowdStrike. So we're excited about this win. We believe it is a big opportunity for us. Obviously, we've got this win, but there's more expansion capabilities and can protect the U.S. government as well as many governments around the world.

Thank you. Our next question comes from Sterling Auty of JPMorgan. Your line is open.

Just one question from my side. Can you give us a sense of what percentage of the net new ARR that you added in the quarter really came from protecting cloud workloads? And how does that compare to what it looked like maybe a year ago?

I'll start. Sterling, so when we think about our Cloud Workload Protection, so right now, what we can tell you is that it's growing, it's continuing to grow, and we've seen growth in the amount of opportunities that are available to us in the cloud. Right now, we -- what we do talk about is the fact that 25% of our servers that we protect are in the cloud. So that's just giving you an indication of where we're going. Maybe George has a couple of other comments on that.

Yes. And the 25% is up as we've talked about in prior calls. So when we think about Cloud Workload Protection or cloud security has two pieces to it, and we have both. One is workload protection, and that is really runtime protection visibility across virtual environments, containers, et cetera. The second one is Cloud Security Posture Management, if you will, Falcon Horizon, which we continue to really drive innovation through, and that's an agentless technology that ties into many of the APIs as a cloud provider. So now we cover all three cloud providers. It drives a lot of value very quickly. And again, we have a unique offering because it combines the visibility from an API perspective with runtime protection with a lot -- which is differentiated from a lot of the other competitors, including the private companies that are out there. So we feel really good about it, and we continue to drive and sell into the DevOps space. And I think we've really honed our skills in being able to sell value into that space and get people up to speed without a lot of friction.

[Operator Instructions] Our next question comes from Alexander Henderson, Needham. Your line is open.

Spectacular results again. I wanted to get a little bit clearer on the concept of XDR. It seems to me that you guys have been pigeonholed by many people as an endpoint company, but you're really a platform. And to the extent that, that platform allows you to then extend into other niches that have historically been seen as separate end markets, a lot of the companies that are in those end markets have turned around and redefined themselves as XDR realizing that they needed to be a platform. But taking the term XDR and plugged in front of the, say, SIEM companies product does not make it a platform. So can you talk a little bit about that flood that's out there and whether that confusion is spreading to any of your customers or whether they see through that issue and understand the importance of the expense of the platform and the breadth of your product line?

Well, thanks, Alex. It's a great question. And I think if folks are looking at us as just an endpoint company, pigeonholed endpoint company, they're really missing the big picture. I mean that's as simple as I could say it. We've proven that we are a platform company, as I said before, the sales force of Security 21 modules. You can look at the attach rates. And when you talk to customers and if folks really do their homework, and they talk to customers, they will see the value, and they see how we're consolidating there. So when we think about XDR, you have to start with the best EDR in the market, which is ours. It's been validated by Gartner and others and IDC, I mean, down the list. And the extension of EDR is XDR, right? And as a company who pretty much pioneered cloud-delivered endpoint security with Threat Graph and the massive data moat that we have by combining that with some of the technology we acquired from Humio and our Threat Graph. I think we're in a unique position to be able to drive additional threat detection outcomes as well as the declaration of the threat narrative, right, the attack narrative. And that's independent of Humio as a stand-alone log management observability platform. So we're really driving a lot of innovation in this area. And to your point, if you are just kind of a SIEM vendor now trying to glom on to XDR as an acronym, it's not going to work. You have to start with the best EDR in the world. And in my opinion, that's CrowdStrike.

Thank you. Our next question is from Brent Thiel of Jeffries. Your line is open.

You have Joe on for Brent. I really appreciate the question. Burt, can you just walk through the puts and takes of margin? I think guidance implied 150 points of contraction in that 4Q. Is that acquisition-related travel investment? And then, maybe just how we should think about leverage going forward on an annual basis?

Yes. So first, let me start with operating margin in total. So we're really proud of where we came in this quarter, over 13%. And a lot of that is attributable, obviously, to the unit economics that we were able to garner certainly on the sales side. So whether you pick magic number or you pick Rule of 40 that we talked about in the prepared remarks, that's driving a lot of that operating margin. When we think about the future, I think about a few things. One is that we have opportunity starting at the gross margin level. I think that we -- not long ago, I raised the long-term range of our gross margin expansion capabilities and opportunities, and I think that we have an opportunity to do that, and we're investing to do that. And then as you go down the rest of the P&L, I think that as we continue to grow in scale, we're looking for opportunities to continue to leverage our strong model. But at the same time, we want to invest aggressively. We're not going to move away from that strategy. And then in R&D, I think in investing in innovation is key and core to who we are. So I think that we're going to continue to keep our eye on that and invest in exactly what I talked about to be able to go after that massive opportunity that we see ahead of us. So that's how we think about it.

Thank you. Our next question comes from Matt Hedberg of RBC Capital Markets. Your line is open.

George, FileVantage for file integrity monitoring, it looks like a great addition to the platform. Can you talk about sort of what customers are saying? I know it was just launched, but sort of why is that such an important piece of a CISO sort of like data security fabric in sort of this new post-COVID world?

Yes. Thanks, Matt. It's a good question, and we're excited about this technology. And again, it goes to our strategy of consolidating agents and getting rid of other technologies that are costly and complex and weigh the system down. When you think about FIM, it's pure and simple compliance requirement. When you think about things like PCI and in the financial services industry, you have to understand what files change and who changed them and implement controls around that. So we've been able to do a lot of that for a long time. We've enhanced some features, put it into a module. And it's been extremely well received because it is literally a check box for just about any company that's out there, given the current regulatory frameworks and the various standards that exist.

Thank you. Our next question comes from Roger Boyd of UBS. Your line is open.

A follow-up on the CISA contract. Can you talk a little more about the selection process here, how competitive it was? And really, the role -- you mentioned threat intelligence, but the role that that an incident response played in helping achieve this, especially if the federal government gets more collaborative through programs like JCDC.

Yes. Anything in the federal government is competitive, as you know. Just -- that's by design, that's the way to do it and certainly believe in great partnership with them, and we believe it's a great technology choice and a proven technology choice and something that I've been saying for a long time that the government needs. So we're excited about the early partnership here. And when you think about threat intelligence, again, having a very unique group, there's maybe one other company that has an intelligence capability as robust as ours. And they're not in the endpoint security space anymore. So from my perspective, it drives value, not only for the U.S. government, but it really is a differentiator across all of our customers, right? We understand what the adversary is doing. We understand how to identify these sort of attacks. We program that into our AI technologies. And again, taking an adversary-focused approach is important to stopping breaches. And then you combine that with other services that we have and some of the managed services, again, very differentiated and I think going to be a great outcome for the government.

Thank you. Our next question comes from Brian Essex of Goldman Sachs. Your line is open.

Maybe George, if I could just have us unpack the new logo adds a little bit, it looks like a nice increase in new ARR. It looks like the landed cost of the logos that you added were a bit higher. Was it better strength from upmarket a little bit? Was it better, I guess, breadth of sale into the pipeline? Maybe if you could help us understand a little bit behind the drivers and what drove kind of the larger average customer ARR in the quarter.

Brian, it's Burt. I'll take that one. So first, we're really pleased with the Yes, no problem. We are very pleased with the net new logo adds in the quarter. It's also, I think, the fact that we were able to show acceleration in net new ARR was a big deal for us. Over 1,600 new logos, that's the second time we hit that high watermark, again, really excited about the performance on the net logos. In terms of where they came in on, I think that we had exceptional performance across the board. If I was to kind of highlight anything in particular, we saw some strength in the enterprise and the mid-market as well as MSSP. And so when you put that all together, along with some of the prepared remarks on the increase in the $1 million deals, you were able to see the performance that we were able to put on the board. And remember, I talked about the fact that we had no outside or no oversized or outside deals that contributed to this quarter. And that's the -- that, again, talks to the strength of the platform and the broad-based success that we had this quarter.

Thank you. Our next question comes from Rob Owens of Piper Sandler. Your line is open.

This is Justin Roach on for Rob. Just wanted to follow up around the cloud security solutions like your CSPM and CWP. Have you guys seen any increase in competitive pressures in this area, given the number of players coming out it from both the network and the endpoint side? Or do you guys still view this as a largely greenfield opportunity?

I think it's a largely greenfield opportunity. Obviously, you have a lot of early-stage companies out there, but this is so early in the life cycle, and it's a massive opportunity for all the players that are out there. We think we're in a great position because a lot of the players actually don't have the run time protection, which is important. You have to tie those two together. It just -- it isn't just about connecting, getting information from APIs, right? And although we do that in a differentiated way because we've basically ported some of our indicator of attack technology across that agentless technology, tying them together, I think, is really important for customers. A lot of these big wins involve cloud wins. Burt talked about the number of servers that we have. So tying together CSPM with Cloud Workload Protection and things even like vulnerability management, we have that technology. Yes, it works against desktops, but we can be inserted in the CICD pipeline. We can look for vulnerabilities that are in images, we can prevent them from being deployed. So these are all key elements of creating a technology that's widely adopted by DevOps.

Thank you. Our next question comes from Jonathan Ruykhaver of Baird. Your line is open.

Congrats on that strong execution. You've talked about the benefits of Humio as it relates to data ingestion and just the additive nature to Threat Graph and obviously, the push into a broader XDR use case. And George, you touched on this in your comments, but just wondered if you could talk a little bit more what you see around the log management observability use case and how you see that contributing to the overall platform near term and longer term?

Well, we've had some big wins this past quarter with Humio, even outside security. Certainly, security is a use case, but observability and telemetry, it really is a telemetry platform. And if you think about today's environment, all the various technologies out there, all the information they're gathering, you have to have a telemetry platform like Humio to make sense of it all at scale. So, it's been an amazing opportunity for us since acquiring the Company. I think we underappreciated what a huge opportunity is out there, particularly a lot of dissatisfaction with current vendors, and how open people are to wanting to switch into a technology like Humio. We've got a lot of customers that we're working with right now. And I see that, as I said before, really as a shining star, as a massive business opportunity and revenue driver for us in the future.

When you say that, is that including Falcon XDR? Is that more on the log management and observability use case?

Well, it's a good question. Falcon XDR is going to give you essentially a threat detection outcome and some visibility into an attack scenario that starts beyond the endpoint. When you think about a Humio, you can log everything. You can store it pretty much forever. You can connect it to whatever you want to connect it to, and you can drive observability information from things that are outside just core security, things like connecting it to your HR system, to your performance management systems, to all the various workflows in your environment. That's not the use case of XDR. Security use cases XDR and Humio goes way beyond that.

Thank you. Our next question comes from Patrick Colville of Deutsche Bank. Your line is open.

Can you just talk about partnerships? I mean, you hopefully shared a statistic in the kind of opening remarks around, if I'm not mistaken, 30% sequential growth in partner-sourced deals. I guess, is that right? I'm just hoping to understand that the kind of partnership dynamic. And I guess the reason I ask because I know that some of the investors have a concern that other next-gen EDR vendors are more partner-friendly. So kind of any color you can give around CrowdStrike and partnerships and kind of try to quantify the trend you're seeing there would be very helpful.

Sure. Sure. Let me just clarify to be very specific. It was 30% quarter-over-quarter on MSSP growth and triple digits year-over-year. So we're extremely partner-friendly. I think there's a lot of noise in the system, and people probably should talk to some of the larger partners that are out there because that's where we are sourcing our business from. Our partner opportunities are up. Our partners are making a lot of money jointly with us. And our goal is to be a partner-first company. So -- and that's what we've done. We've been very consistent with that. And as you said, it's -- and you rightly point out a lot of FUD that's in the environment.

Thank you. Our next question comes from Josh Tilton of Wolfe Research. Your line is open.

This is Strecker on for Josh. I just have one for Burt. So you mentioned the net new seasonality -- net new ARR seasonality will be less pronounced, and that makes sense. But as we start to model next year and the net new ARR seasonality, I'm not looking for guidance, but is there any -- is there a year we should look to as framework? This year, we had a sequential increase from 4Q to 1Q. We're not expecting that again. But just any color or goalpost you provide looking out to next year will be very helpful.

Sure. So first, let me start with that Q4 is off to a great start. We've got the record pipeline, record momentum, and we already landed a notable financial large financial -- global financial institution, so off to a great start in Q4. But again, we're coming off of a record Q3 at $170 million net new ARR super proud of that record and obviously really strong throughout this year. So when you -- when we look at comps, obviously, my comments are more to the fact that when we guide and we're guiding to revenue, we don't guide to running the tables. We guide to what we know, not to what we don't know. And so that comment just wanted to put everything into perspective for us. The numbers are getting bigger and bigger, and that's great for us. But as you know, when you think about the law of large numbers, then you're going to have -- and you don't guide to running the tables, that's why I put that comment in there.

Thank you. Our next question comes from Mike Walkley of Canaccord Genuity. Your line is open.

This is Daniel on for Mike. So the prepared remarks, you noted that your identity modules generated more net new ARR than Preempt did previously while they were stand-alone. Are there any notable customer segments you're seeing the strength in? Or was the demand pretty broad-based across the board?

Demand is broad-based across the board, and it really hit an inflection point. We've seen massive growth in it, as we said, more than all Preempt that they had as a stand-alone company. And the thing is we took the time and effort to do the integration right. Customers see the value of a single integrated agent. They understand that identity is critical to security. And we're the Company that's putting together runtime protection visibility with identity. And now with data protection, it's that triumvirate, that three-legged stool, and customers love it. So we've seen some massive wins in retail, in financial services, in manufacturing. It is a massive problem across the board for any company. And as we pointed out, over 60% of the breaches don't even use malware. They're using things like identity, which when you look at the Sunburst attack from last year, obviously, that was a key contributor. So people are looking to shore that up. And it's actually a key element to stopping ransomware, above and beyond any malware prevention that's out there. So customers understand the value of it, and they understand that we have another stone, and it's been a big driver for us.

Thank you. Our next question comes from Shaul Eyal of Cowen Company. Your line is open.

Congrats on the quarterly results and guidance. George, I know there was a prior question about partnerships. My question is actually about the alliances that CrowdStrike has been leading and joining over the course of the past, I think 12 to 18 months, give or take. Is that beginning to have some impact on revenue and on net new customer additions, specifically in light of the fact that you have been adding 1,600 customers two quarters in your row now?

It's Burt. Can you just repeat the main bulk of your question because it got garbled a little bit? Your line is open.

Sure. Sure. Apologies. A question about alliances that you've been leading joining over the past 12, 18 months, is that, Burt, beginning to have some impact on revenue and net new customer additions. I'm asking, specifically given the 1,600 customers additions over the course of the past two quarters, now acting in a row.

Well, it has. And when you look at some of the companies that we've talked about in the past, I mean, there's a lot. I'm sure I can't single everyone out, but I think Zscaler is a good example. You look at that partnership, you look at what we're doing, what they're doing on the network side, the integrations that we're able to share data, what we're doing with -- from an XDR perspective, and it makes sense. We're pulling them into deals. They're pulling us into deals, and we're meeting in the field and adding value to the customers and obviously gaining a lot of traction with those customers. And that's just one example. We're doing that across the board in our technology alliance partnerships.

Thank you. And our last question comes from Gray Powell with BTIG. Your line is open.

Great. So yes, I know you've talked about how you're more of a platform company than just an endpoint provider, but I'm going to ask an endpoint question, if that's okay. So just high level, the last two years in the endpoint space, it's just been really strong. I'd call it almost like a near perfect storm. How do you feel about the demand environment for the market as a whole, looking into next year just on a relative basis? Like do you think 2022 would be the same, better or worse than 2021 for the market?

I see it extremely strong. And when you look at the market in its totality, right, you have things like cloud adoption, cloud expansion, massive opportunity, and we've proven that with servers and what we're doing there. When you look at the legacy players that are out there, the replacements, the Symantecs, the McAfees, Microsofts, et cetera, massive opportunity for us, that's a long tail. You don't do that in one year. So we see that as a big driver for next year. And as I pointed out, even -- I mean, it's a smaller base, but even the next-gen players, we see those as opportunities as customers get dissatisfied as I pointed out with some of the players that are out there. So -- and you got to bifurcate a bit into pure endpoint and cloud, and I see both as massive opportunities because, again, if you look at our overall customer count, it's fantastic, but it's still small in the grand scheme of customers that are out there. And there's still a lot of legacy technologies that are out there that are and will be displaced.

Thank you. I'm showing no further questions at this time. I'd like to turn the call back over to George Kurtz for any closing remarks.

I want to thank all of you for your time today, and we certainly appreciate your interest and look forward to seeing you virtually at our upcoming investor events. Thanks again. Be safe, and we'll see you soon.

Ladies and gentlemen, this does conclude today's conference. Thank you all for participating. You may now disconnect. Have a great day.