CrowdStrike Holdings, Inc. (CRWD) Earnings Call Transcript & Summary

All right. Good morning, everyone. My name is Brian Essex, a Goldman Sachs security software analyst. Thank you to everyone for joining us today on the first day of our technology and internet virtual conference. But before we get started, I'd like to mention that if anyone on the webcast has any questions or comments you'd like to address, please enter those questions on the webcast portal. I'll leave approximately 10 minutes at the end of the session. And I'll do my best to get as with many questions as I can. So with that, today, I'm very excited to have George Kurtz here. George is the President, CEO and Co-Founder of CrowdStrike. Out in 2011, CrowdStrike provides cloud-delivered endpoint and cloud workload protection, leveraging AI and CrowdStrike's open platform protects customers against hybrid attacks and endpoint [indiscernible] on or off the network, offering visibility and protection across the universe. With that, George, welcome, and thank you very much for joining us.

Thanks, Brian. A pleasure to be here.

Great. Maybe a great place to start, given that we have you here, is -- from an introductory perspective, could we talk a little bit about the background of starting the company and how the company evolved relative to your initial expectations? What's the -- essentially the secret sauce behind the company, so to speak?

Sure. So just, I guess, a little background. I started the company in late 2011. And it's the second company I started. The first company I started with a company called Foundstone. And I started that late 1999, that was focused on vulnerability management. Sold out to McAfee in 2004. So I spent about 7 years with McAfee. In the last couple of years, it's kind of a story because I tell all the time, I was asked to be the worldwide CTO, which I turned down twice because I didn't want to be just the tech guy. I was running a couple of different business units for McAfee. So I said fine, I'll take the job and it turned out to be one of the best jobs that I originally turned down, but it gave me a much better appreciation for how challenging the endpoint security market was being now inheriting McAfee or portfolio. And from my perspective, what I found there were 2 big things. Number one is that at that time, not just McAfee, but McAfee, Symantec, Trend, et cetera, they were focused on stopping malware, not necessarily stopping breaches, right, which are 2 different things. And then the second piece is that the architecture of everything at that point looked a lot like Siebel and a lot less like Salesforce. So for me, when I started CrowdStrike, it was really to focus on building a security cloud, the first real security cloud. And if you think about it, there was a Workday and a ServiceNow and a Salesforce, but there was no security equivalent of that. And that was the original goal, how could we build the cloud-native platform equivalent in security focused on stopping breaches with a modern architecture.

Got it. That's helpful. And maybe to also kick things off a little bit on the macro side, I have to get this question out of the way because it's relatively obvious and one that -- a lot of investors are really focused on it. But maybe if you could reflect for us on 2020, as we kind of migrated through the year, we picked the year off right after RSA with the pandemic, and then ended the year with the SolarWinds breach. Maybe if you could help us understand how your conversations with customers evolved over that period of time? And how that may -- how the beginning of 2021 may be different and [indiscernible]

Sure. So I see, I guess, a year ago, I was still traveling a bit in January. I didn't think anybody know how bad it was going to be. But there really kind of 3 phases of the pandemic. The initial phase, which was, hey, I'm a company, and I'm just trying to get up and running. And I sent all my employees home. And normally, we would just work in the office, but now everybody is from home. And all of our traditional tools don't work. Help, we're going to go buy some laptops and we need some security and things of that nature. So that was like phase 1, just get operational, even iPads. We have hundreds of thousands of iPads for one school district. just as an example. We got in the early days of the pandemic. So that was all here and gone. And then really, it's been sort of the middle phase, which is people are up and running, and they realize that from a digital transformation perspective, they have to do something. They've got to migrate to the cloud. They've got to leverage more cloud applications. And if you're going to go through a digital transformation, you're going to need a security transformation go along with it. You can't just lift and shift and hope for the best, right? So that's sort of like the middle phase of the pandemic to now. And now we're life at the end of the tunnel, right? It's there. And there's a lot of people saying the same thing. Hey, we got to get through this. We don't know if we're going to get back to the office in the same way that we did before. But we're going to have some people come back and we're going to move more things to the cloud, and let's talk long-term about what the new architecture looks like. And that's a much more sustainable trend. I think there's a lot of folks who, they look at work from home and go, wow, that's just a bump. No, it's really a sustainable trend. We got the bump that's here and gone in Q1. And really, what we're talking about now is a much more sustainable trend.

Got it. Any sense of urgency? I know the past few days, like yesterday and today, we're seeing vendors come out with exposure to vulnerabilities. Any kind of sense of urgency by CIOs or your customers in terms of the pace that they have to spin out and kind of following the SolarWind breach?

Well, yes, it certainly is a topic of every board discussion. What does it mean? It's a sophisticated reactor. It's been put out publicly in SolarWinds' 8-K that we're helping them out. They hired us, and they also purchased our technology to help them. But that being said, when you start to unravel it, you realize just how sophisticated it is. We put together, I think, a pretty amazing blog post yesterday. All the technical details of what we found. We're still not done, but they allowed us to put it out in combination with the blog post that SolarWinds has put out. And it's really fascinating reading. And then you kind of loop in sort of the Microsoft element to this and what did that mean with Office 365. And there's just a ton of questions around that, and I think there's more that's going to come out around that. It's just -- it's very unclear at this point. So it's one of those times where people are just stepping back on a while. We really need to make sure we've got the right security, the right technology in place and do the right thing. And I'm sure there's more to come out as we go forward and things are known. In a [ tug of war ], you sort of pull on a thread and you got one thing, and then it just keeps unraveling and you see other companies come out as the story unfolds a bit.

Right. And I guess, what inning do you think we are in now? I mean, it seems like every [indiscernible] week or so, we see another vendor come out that -- where they've been exposed. I mean how much visibility do we have do you think, from your point of view, on exactly what happened? I mean, I think you may never know everything but -- and it seems like incrementally, we're still getting news [indiscernible] out over how deep this actually went. How long do you think this persist?

Well, I think it's going to persist a little bit longer just because it takes so long to get through the forensics. You've got to work with law enforcement. You've got to -- there's an ecosystem of vendors that are out there that have been impacted that tell other vendors, and it kind of trickles down. So I still think there's more to come. But hopefully, we're working through the system on getting those sort of getting visibility into what's happening. And just realize that it's a really tough problem. I mean, it's a really tough problem. There's no 100% anywhere in security. And that's why I think CrowdStrike has done well with the technology we build, the visibility. And really, a lot of our focus, right, is helping customers identify and stop breaches, which with the determined adversary, is not an easy thing to do.

Right. And how does that impact your incident response business as a funnel for the rest of the business? Is that -- I mean, I got to imagine you're seeing some acceleration there? And how does that reflect on your view for growth going forward?

Well, I mean, I can't comment anything in particular about this quarter. But in general, as you might imagine, there's a lot of companies that are concerned, and we are one of the preeminent incident response team that's out there. There's really 2 of us, sort of the big guys, we're one of them. And it's certainly working with customers who are on retainer. We had a lot of customers on retainer. You might imagine that said, "Hey, we want to take a look at stuff." So from that standpoint, just getting visibility and helping people answer the question: Hey, am I impacted? What does this mean? And I think that's been an area where a lot of customers were happy they were on retainer, just to make sure that they had the eyes on what they needed. So but like you said, overall, from a Board perspective, nothing more important at this point than security. Really top of mind for any audit committee.

Great. And then you've kind of I guess, well-known as an endpoint provider but now also cloud workload protection. Maybe if you could frame for us how you think about your markets and how those might evolve over time?

Sure. So we do get lumped into endpoint security, which I always say is a bit of a limiting term. And that just happens to be the category that we're in, which is okay. But to me, endpoint security sounds 2010-ish, which is desktops and servers. And in 2021, I really think about next-gen workload protection. And when I think about what an endpoint of workload is, for me, a workload is anything with network, compute and storage. Pretty simple, network computing and storage. So your laptop, your desktop, your traditional "endpoints", they're all workloads, right? They just happen to be in the form factor of a physical device. Then your other workloads are cloud workloads, like containers and virtual workloads, femoral workloads, IoT devices, mobile, those are all different workloads. So 2021, that's why it's a much more dynamic market than 2010, right? 2010, it was like you're worried about how many PCs Dell shipped, right? This is a much different scenario. And what we've seen, and we've talked about this in one of our investor presentations, is really kind of a 10x increase as people take their existing technology, move it to the cloud. So there might be some big heavy iron server that a customer has. They want to migrate it to the cloud. A lot of times you're not just going one-for-one. They're basically moving into a different architecture that might be 10 different workloads, right, where they've gone from sort of a legacy sort of architecture to more containerized contemporary architecture, what might be a tenfold increase in the number of "workloads" doing the same thing, but a lot more efficient.

Got it. And that's a good segue into the next question. And you certainly talked about -- you've kind of addressed, I guess, the relatively low expectations of total addressable market workload protection. How do you see yourself competitively versus other vendors that are also approaching that market? We've got some approaching it from the developer side, some from the steward gateway side, others from the network security side. [indiscernible] your platform and your kind of unique real estate that you have on the endpoint, how do you think this all plays out in the workload protection platform market?

Well, the nice thing about security is it's a pretty dynamic and fascinating spaces. Multiple areas, as you talked about, you've got network, you've got gateway providers, you've got endpoint or workload providers. And I think what we really focus on is what our bread and butter is, it's that core endpoint, that core workload. And from a developer perspective, the nice thing about our technology is, it actually runs underneath all of the containers. So if you're a developer, you basically spin up your Kubernetes cluster and you go. And we're instrumenting those Kubernetes workloads, as an example, underneath at the kernel level. So the developer really doesn't have to do anything. And there's different models where you can run in a container or run a sidecar, and those are some architectures that we also have. But in general, if you can run underneath all of these containers, there's not much for the developer to do from a run time and protection and visibility perspective. So the least you can get in the way, the better of a developer. And I think that's been pretty attractive for a lot of our customers. They don't have to do anything. The developer keeps developing and we protect and provide run time visibility.

Right. Got it. And then how do you think about spending from the -- I think you gave an example of a retail customer that was expanding in the 10% of the company's workloads, and it represented a 50% expansion in ARR. How is that kind of a spend trajectory viewed by the customer? Is security something that might scale in the cloud and you might see some cost pressure over time? Or is there enough value there to really kind of keep that pricing steady?

Well, I think it's a total greenfield opportunity right now. And if you think about traditional "endpoints", right, you're -- we're always going to be replacing somebody, legacy provider or what have you. When you start thinking about the cloud workloads, generally, there's nobody there. It's more of an infrastructure provider, a virtual VPC, virtual private sort of kind of network that may be one of the hyperscaler provides. But at run time, there's normally nothing there because it's not like McAfee and Symantec have an architecture they could just run in the cloud and protect those workloads. So when you think about the opportunity, and we did some quick math on this for an investor presentation we did last fall, the current spend, if you look at the overall cloud security spent, right, security was like 1% of that, which is woefully inadequate. And it was literally going to 0.9%, and it made no sense to us, right? So what we thought was, if you took just, on average, kind of a Gartner number of 5.7% of an IT budget spent on security and you apply that to the cloud workloads, that's like a 10x TAM increase, right, in total opportunity. Because I don't think there's anybody on the planet who would think that the security spending is going to go down protecting cloud workloads. Like it just doesn't make any sense. And I think it's just an anomaly because there really hasn't been good security technologies in the cloud. A lot of it has just been infrastructure. And as companies like ours and others try to add more capabilities to the cloud security. And there's various areas, right? It's not just CrowdStrike and not everything that we do. We do think it represents a pretty big opportunity in the future.

Got it. I want to touch on maybe what's starting to achieve overused status in the market. But digital transformation, you've got a natural platform to drive the transformation. How do conversations evolve with your customers? What's the typical trigger point for them to adopt CrowdStrike?

Well, a typical trigger point is they're going through a renewal cycle and they're basically fed up and saying, "Hey, we're not going to do this again with -- pick your legacy vendor, right?" And they call us in and we get involved and convert them over to CrowdStrike. But when we think about security transformation, and it has been accelerated with COVID where people basically said, all right, like we had this 2-year or 3-year road map, and we're pretty much going to throw that out the window and we're going to try to migrate all of our applications to the cloud. And it might be a dedicated SaaS provider, right? It doesn't have to be just your apps. Or it might be hosting internal systems in the cloud, but doing it in a different way, a more efficient way. And a lot of times what we're seeing is companies will say, okay, if we're going to move to the cloud, we're going to containerize everything, right, we're not going to just take this iron that we have and just lift and shift it. And when they go through that level of transformation, by definition, there's a compliance mandate that says, these things have to be secure. They call us in and you have to have the security transformation as part of this overall digital transformation. So it depends -- each customer is a little bit different. But I think you have the -- hey, we're all in the cloud, and we've been using it for 10 years kind of a customer and CrowdStrike is there. And then you have even some financial institutions saying, man, we weren't -- we were like dipping our toe in the cloud water and now the dam is open and we're running headlong into it. And I think for those folks who are a little hesitant, it really did accelerate the time to get to, okay, we're going to cloud and we're not looking back.

Super helpful. We'll throw this one out there. This may be more of a Burt question, but we'll send it your way anyway. In terms of sales and marketing. Can you touch on spending initiatives that you have in sales and marketing, how your approach? I guess, what is your post to driving growth and how that might be changing over time?

Yes. Well, happy to take that one. So Burt and I interchange on some of the stuff. We spent a lot of time on the unit economics, and we spend a lot of time on planning for the next fiscal year or so. And we just basically finished up that cycle with the fiscal year ending in January. So part of it is looking at the overall market opportunity and looking at where we need to be, but also you need economics. So we spent a lot of time on things like magic number, right? Our magic number was 1.4 that we put out last quarter. And that's a measure of sales efficiency. I won't go through the whole calculation, but in general, if you have a magic number of 1.4, you're incredibly efficient. And if you look at someone who basically is a model of efficiency like Atlassian, they don't even have a sales team, right? And they're slightly ahead of us in terms of sales efficiency. So we would look at that number and say, wow, we probably need to spend some more in that area because we're so efficient. Now we keep getting more efficient and we spend a little more money and we get more efficient, we spend a little bit more money. But I think some of the efficiencies that you're seeing in the unit economics come to play around things like our in-app trial. We spent as much time building a scalable technology architecture as we do building a scalable sales architecture. And I can tell you, I spent a lot of time there myself. We have a dedicated e-commerce team that they're solely focused on making the platform sell itself. So if you're a customer and you're in our platform, why shouldn't we consumerize the enterprise experience? Everyone's familiar with their consumerized devices when they go on a website, what it all means. And we can bring that same level of experience to our customer where they can try other modules. So we have in-app trials, right? So I can be -- maybe I have 3 modules that CrowdStrike has. And well, vulnerability management is really important right now, I want to try that. Click here, a 15-day trial. All that's flighted, goes into the inside sales team, goes into the field team. And then we basically move you through that journey in a very low-touch way to basically get you to cross-sell you into vulnerability management. And if you look at our numbers, over 60% of our customers have adopted 4 more modules, right? 22% of our customers have 6 and more modules, which is ridiculous. I mean, most companies would be thrilled to have like 2-module adoption. We've got 6. So I think when we look at all of that and we think about sales and marketing, there's areas that we could spend more, particularly around different geographies. But we're also getting a lot of efficiencies based upon the model selling -- the platform selling itself.

Yes. I was going to ask you about the low-touch, no-touch model. I mean, how much of the revenue does that generate right now? How meaningful do you see that becoming over time as part of the platform?

Well, we're certainly starting to see a lot of logo velocity from that, right? And that could be new logos with a trial to pay, where that might be in the small and mid-type business. But it also bleeds into the enterprise. It's a little bit of a slack phenomenon where you have an enterprise customer that might have one security engineer that says, "Wow, I heard a lot about CrowdStrike and we've really been meaning to try their technology. Why don't I download the product?" And you have one guy or gal who just plays around with it and says, "Wow, this is really cool. I like it, it works." And then it becomes an enterprise sales motion, right, where we're reaching out -- we're certainly going to reach out if anybody who downloads it. They're probably going to reach out and say, "Hey, let's have a conversation about this." And it moves from a simple trial to pay to a much broader enterprise sales motion to convert them into a paying customer.

And that's going to segue to you into comments you made in the past, I think, with regard to sales reps getting comps for the same, for new logos as well as upsell. Is that still the case? Are you adjusting comp plans? And how do you think -- how do your sales reps think about penetration of new logos versus expansion with existing customers, what's your process like?

Well it still is the case, and we think about both. When we think about our new lands, obviously, really important, and we pay on that. But we think about our expands and moving a customer from 2, 3 to 6 different modules is important, right? It's -- your lowest sales cost is when you already have a customer and just cross sell them. So we have focused, and I think it's worked out well in being able to compensate our reps on both of those. Obviously, we can turn the dial with different kind of formulas of what the breakdown of that all looks like of net new versus cross-sell. But at the end of the day, we look at having reps build a book of business that's sustainable. And that's an overall annuity for them. And it's always making sure the customer is well taken care of. Making sure that if they need more modules, we're there for them. Making sure they're successful on the modules they bought and not just hunt for a new one and then forget about a customer. That's just not how we operate.

Yes. Okay. And then maybe thoughts on the CrowdStrike store as well as partnerships. What are those opportunities within each of those categories are you most excited about?

Well, you think about the CrowdStrike store, we've got probably 20 different partners in there now. We've seen a lot of success in the store. It's still early days. It's not a huge revenue generator for us today, but I think it could be. And when you think about what we built, our agents are essentially beachfront real estate, right? Everybody wants that real estate. And we've really created a, what I would call an agent pass layer, right? So if you're another third-party, instead of trying to roll out your own agent, we've got a big footprint, lots of customers. They're happy with it. Why not take advantage of the agent we have, the data we collected, the workflow that you can create around our platform to remove all the friction? It's really hard for a company to roll out yet another agent. Obviously, we've done that at scale and enterprise and customers trust us. So we continue to invest in the store. We look at different areas, everything from patch management to kind of lateral movement and everything in between. And we see what customers like, and we try to provide either ourselves or through a store partner.

And how has that conversation happen? I mean, particularly with -- let's take Illumio for example, within the store. Has that started relatively early stages and then they have to develop on your platform? Or is it a relatively seamless integration with your platform, become part of the support?

Well, it's an interesting one. I know Andy pretty well, Andy Rubin from Illumio, and we sat down and we said, "Hey, look, we got to be doing more together." And I think this is probably one of the -- the banker conventions that we were at, we sat down and said where we could travel. We got to do more together. And we talked about the store and what they were doing and the expertise they have in that micro segmentation world and how do you apply it to prevent lateral movement. So we sat down and said, "Okay, look, this is what we have in the platform." They said, "Okay, we need a couple more things in this one area." And we added that, the pieces that they needed. And then we went to market with them and rolled it out. And it's been pretty well received. So obviously, as time goes on, we get more feedback and they do deeper integrations. We provide some more functionality that they need. And a big thing for us is building out the capability in the platform piece so that it makes it easier and easier for third-party developers to create their own modules.

Got it. Super helpful. I was going to stop with 10 minutes, but we've got a lot of questions here. So maybe we'll go give you a little bit more extra time, we'll go through some of the ones that we've gotten through the portal. First one is, how would you -- and I know you've done this before, but it's coming up. We've got a number of questions on differentiation versus -- compared to other vendors like SentinelOne, [indiscernible] Cybereason [indiscernible] endpoint protection platform, the ER side. And then particularly, with regard to SentinelOne, how competitive is that platform? What are reasons why you might win versus what -- and maybe reasons why you might lose to SentinelOne?

Well, when you think about what they did, I mean, it's very similar to what Cylance. It really came out as an next-gen AV product, right? And they did spend the time and effort to build a true platform, a true architecture. And as I said before, if you have an on-premise version, you're not a true cloud-native technology, right? We don't have -- I mean, our agent runs whoever. But you couldn't take CrowdStrike and package it up and give it to somebody just like you can't do that with Salesforce. And if you look at Cybereason and you look at SentinelOne, that's exactly what you can do, right? And that means it's just put it in the cloud, try to call it multi-tenant, but it's not really a cloud native. It's the difference between multi-tenant and cloud native. And they don't have the threat graph. And a big part of our solution, technology and business model is once we collect that data one time, we can add all these new modules, right? So when you look at what they've done on the AV side and trying to add, particularly SentinelOne EDR capabilities, it just pales in comparison in terms of their ability to collect data at scale. And most of our competitors actually leave the data on the endpoint and then query it as opposed to stream it and have real telemetry into the cloud. So why would we lose to SentinelOne? Probably on price. If they win, generally, it's cheaper. And what we've seen is that customers boomerang it around, right? It's just doesn't really scale, doesn't work at scale. And AV technology is not bad, but when you look at all the other features, that pales in comparison to the 16 modules that we have today. So we're okay losing on price because in general, it comes back around when the technology doesn't work. If you look at Cybereason, again, that started more sort of EDR-ish. They tried to add AV to actually OEM, a legacy AV player that's in their products. So they don't build their own. They actually OEM a signature one. And again, just a lot of these guys are focused in one area. But the thing they haven't focused on is building a platform, doing it at scale and doing it with the right margin profile. I can tell you, there's a huge barrier to entry to do what we do just because to do what we do and move all this data around and do it at scale with the right margin profile is really difficult. And there's no compression algorithm. We're actually getting through that. So those for those 2. Did you have another one?

I think that primarily hits it. Yes, I think, I mean, most of these with regard to SentinelOne [indiscernible] Cybereason as well. So we got another Burt question. So we'll test your accounting depth here. How should we think about the gap between cash flow from operations margin and operating profit margin going forward compared to [indiscernible] the deferred revenue grow at a similar pace relative to sales growth in the coming years, as we've seen in the past few years? Kind of two question.

Yes. That is a Burt question, but let me just give you the high-level view, which is, Burt and I spent a lot of time on free cash flow and operating cash flow. And you've seen what we've done over the last quarter -- couple of quarters. So we're really proud of that. And the -- in SaaS, there's this J-curve of, as you get through your life cycle, you start to ramp and then you see losses sort of accelerate and then the J-curve kicks in. And then all of a sudden, you start to generate a lot of cash and a lot of profits. And you can see where we are in that life cycle, what the sheer amount of customers that we have and the sheer amount of modules that we have. Every module we have is pretty much pure gross margin. So we think about 5 -- 4, 5, 6 different modules for a customer. When you think about the -- just the momentum that we have in the customer count, adding over 1,100 customers last quarter. You can see where we are in that J-curve. And really, the net result of that is the cash flow. And again, Burt and I spent a lot of time on it, and that's really important to us. Yes, we're going to focus on growth, but we're also going to look at the business and be prudent how we run it. And cash, I think, is a pretty good barometer there.

Great. Maybe on this one, for Preempt, any relevance to Sunburst breach that you feel stopped the relationship or benefit you might have there?

Well, I think we got in front of this identity -- the identity challenges that organizations have. So if you look at Sunburst, pretty sophisticated, again, a lot of what happened behind the scenes in terms of persistence was the adversary was basically blending in as normal users and coming back in through a VPN and sort of abusing two-factor authentication. So we knew identity was very important. And that's an area that Preempt has a lot of AI around identity. What's Brian doing, where has he been? Where is he going? We combine that with the health of the system. Obviously, CrowdStrike knows Brian. What system you're using, what state it's in, what health of that system is there. And then when you combine those 2, you get a really powerful zero trust architecture that allows you, Brian, to go where you want to go. And if it's really you on a clean system, great, you can go there. And if it's not, then we can drive an additional -- we can drive a conditional access request, which might be another two-factor authentication. And then the beauty of it is we are masters of workloads, endpoints and now identity associated with those devices. But we then partner with folks like Okta and Ping where we can supply them with information like a trust score so that as an identity broker, they can also use that information to provide additional security to customers. So I think it's really perfect timing to have Preempt, and it's so topical right now. And so timely having these discussions, given the Sunburst activity.

Yes. Maybe to kind of like segue into the next one with regard to -- I heard you address this one before. But can you talk about your partnership with Netskope, Okta and Proofpoint, how that's been going? What is the need of the customer that you're addressing with those partners?

Well, I think when you look at that partnership, it's a package of way for people to have alternatives to technologies like Microsoft, right? Customers want best-of-breed platforms, right, that they can basically assemble together and have it all work. And so like Lego blocks, right? We used to talk about best-of-breed products. And now it's really best-of-breed platforms. I've got a CrowdStrike and I've got Okta, I've got a Proofpoint. I put them all together, and they should just work, right? It should just work. They don't need a whole bunch of engineers to try to make it all work. And I think when you look at what that does, it actually gives a really nice complement to what you see with Microsoft in the environment where they try to wrap and roll everything.

Great, great. Maybe this next one in terms of -- back to the CrowdStrike store, what role does it play in your go-to-market strategy with regard to like Illumio [indiscernible] and other?

Well, for us, right now, as I mentioned, we generate revenue, but that's -- it's a tiny part of our revenue stream. But it could be much larger in the future. But I think really what it is, it's very sticky for customers, right? We don't -- we do a lot of things, but there's some things that we don't do where maybe we don't have the expertise in an area, and we can augment that with a partner. And that solves a real problem. And the problem that we're solving, I think, which is underappreciated, is the fact that, without adding another agent, we can solve many more use cases. And on average, this is an IDC number. There are 12 different agents that enterprises have in use at any time, 12. So if we can eliminate the bulk of those and we can augment our capabilities with a partner using the same agent, that's a real win for the customer.

Got it. And then maybe along the lines of how you I guess we're aligned for install next to Microsoft. I mean, how often are you deployed alongside in endpoint protection platform such as Windows Defender versus [indiscernible]

Yes. I would say a couple of years ago, more than a couple of years ago, you'd choose side-by-side installations. Right now, I mean, most of it is just full rip and replace. Obviously, with Defender, you got a lot of customers that might get that with an E3 license. But candidly, a lot of the response work we do are for Microsoft customers that are using Defender, right, and have had issues. So I think there's a lot of customers who realize that, that technology is still legacy signature-based technology. It's not focused on really cross-functional Linux and Mac. And from our perspective, they're looking for a company that's sole focused, when they get up every day is to think about how to protect customers and how to stop breaches, right? And that's all we do. And we've got a lot of services, whether it's OverWatch or a Falcon Complete around that, which is very compelling for customers.

Got it. And that's why we have another Preempt question. Can you talk to the importance or relevance of their capabilities, particularly in light of threats that have come out with regard to leveraging active directory attack vectors and why wouldn't something like a Preempt become a standard security tool around helping organizations [indiscernible]

Well, amen. That's what we think too. It's exactly why we bought them. If you think about directory, it's one of the most important aspects in any organization. And then you have this hot mess of local active directory to cloud directories, which is -- we've seen some of the challenges just over the last month come out, right, and sinking these. And in terms of SAML tokens being stolen, things of that nature, it's really complicated stuff. And it's -- candidly, it's a bit of a hot mess. So I think what Preempt brings to us is it does give us a zero trust capabilities, but it also gives us a visibility into the directory structure. And there's a lot of basically directory objects. There's people, there's machines, there's applications. There's just a ton of objects or information that pertain to each other. And there's a zillion permutations of how those all come together. So part of what Preempt gives us is -- and no one else has this really is what I would call identity EDR, right, for your active directory. So that level of visibility, again, we have our competitors, a lot of the folks that you mentioned, they don't have anything even close to that. I think that becomes really, really important, certainly in light of what we saw over the last couple of months.

Great. And then what this one, touching on recruiting, particularly during the current environment. How effective or how robust is employee recruiting that maybe benefits accounts, as we might have, attracting and retaining talent in your platform?

It's been robust. And I think we've been successful. But as you might imagine, one of the biggest wars that anyone has right now is for talent. And when you look at a platform like CrowdStrike, these are not just traditional folks that are trying to build security software. These are the same people that are building scale, similar to Google or Facebook. We handle 4 trillion events per week. These are signals that come into our platform, right? We have one of the largest Kafka clusters in the world. So we're competing with the Facebooks and the Googles, et cetera, for talent just because of the sheer scale that we operate in. I think we've been lucky because we have a lot of folks that are focused on the mission and the purpose, which is stopping the bad guys, which they love. And -- but it's really cool when you think about it. I mean, 4 trillion events per week. So just give you -- put this in perspective, in a single day, so today starts and ends, we will have handled more events in our platform, these signals that come into our platform that Twitter has tweets in an entire year. Just to put that in perspective. So we're talking about a massive scale. And when you think about data scientists, right, a big part of our platform is the AI-driven outcomes, right? The more data we have, the better we can train our algorithms, the better outcomes. That all takes really, really smart people. So it's a talent war not only for us, but everyone else.

Great. Thank you. With that, we're at the top of the hour and I think out of time. So George, thank you so much. It's been a real pleasure.

Fantastic, Brian. Stay safe, and we'll talk soon. Thank you.

Yes, you too. And thank you, everyone on the webcast for joining us. George, have a great day.

Okay. Thanks so much. Bye-bye.

Take care. Bye now.