CrowdStrike Holdings, Inc. (CRWD) Earnings Call Transcript & Summary

Welcome everyone, and thank you for joining CrowdStrike's Investor Briefing today. I am Maria Riley, Senior Director of Investor Relations. We have a great lineup, and we hope you find this session informative. Today, you will hear presentations from George Kurtz, our founder and CEO; and Burt Podbere, our CFO. Then we will open up the session for Q&A. [Operator Instructions] Before we get started, let me remind you of our safe harbor and the risks associated with forward-looking statements. For additional information, please see the risk factors in our SEC filings regarding any forward-looking statements. Additionally, unless otherwise stated, excluding revenue, all financial measures discussed in this presentation will be non-GAAP. Please refer to our disclosures on why we use non-GAAP financial measures and a reconciliation table showing GAAP versus non-GAAP measures referenced today in the appendix of the presentation, which will be posted on our Investor Relations website shortly following the conclusion of the webcast. Without further ado, I'd like to hand it over to George.

Thank you, Maria, and thank you all for joining us today. It's still early days for CrowdStrike, and we believe the best is yet to come. We're going to take you through our story of where we are today and where we're going. And as you've probably heard me say, CrowdStrike is much more than an endpoint company. And we will take you through exactly why that is and why we believe there's a large untapped opportunity for sustained high-growth at scale, while also delivering strong unit economics. So when you think about the category defining cloud platforms, when I started the company, I looked around and saw Salesforce and ServiceNow and Workday and each respective cloud they created, whether it's the CRM cloud or the service management cloud or the HR cloud, and there really was no security cloud. It wasn't built by any of the companies that were out there. There was no fundamental platform company built from scratch to deal with security -- creating the security cloud. So this is something that was really important to me, something that we focused on and something I think we've achieved. I certainly want to highlight one of our major achievements that we talked about in Q4, which is achieving $1 billion in annual recurring revenue, as one of the fastest-growing SaaS companies behind the likes of Salesforce and Zoom. We don't see it as a finish line. It's really our jumping off point, focused on building a much larger company. And today, I'm here to share our vision of getting the $3 billion-plus in ARR and beyond, and we're going to focus on how we're going to do that with our technology, our people, our platform, our market opportunity as we continue to grow our total addressable market. There's a couple of key areas that we continue to focus on. One of the core elements of CrowdStrike since the beginning is really driving innovation. We pioneered cloud endpoint security, now workload protection. We've built things that people said weren't possible. We've created categories before they had names, and we will continue to drive innovation throughout our product offering. We're also going to capture the secular trends. We know the threat environment continues to change. And we also understand, as people migrate to the cloud, the secular trends that go with that, the ability to actually secure these cloud workloads. With that, we've expanded our TAM. We've gained market share and certainly increased wallet with our customers. If you look at our rapid and efficient growth at scale, this is something that I'd like to talk a lot about, is that not only have we built a very scalable technology platform but we also built a very scalable and efficient sales machine. And when we look at whether it's a Rule of 40 only eclipsed by Zoom, or when we look at the payback period, 15.9 months, subscription revenue, growth rate and run rate year-over-year. So we're extremely proud of not only what we've built, but the efficiency in the model that we've created, and we continue to see that pay dividends going forward. So when we IPO-ed the company, we started with 10 modules, and we rapidly innovated the platform because we spent the time and effort to build a platform and have the scalability of the single lightweight agent, a Threat Graph and the ability to modularize new workflows on top of that. And since that time, we've made considerable progress, adding more modules to take the total to 19 modules as it stands today. We've entered different markets, we've acquired several companies, and we believe that this platform approach has served us very well, and it shows up in the ability to cross-sell into other customers in our module attach rates, which we'll talk more about. So for FY '21, there's some key technology achievements I want to take you through. First is identity security. We thought this was a very important element to CrowdStrike, which is one of the reasons we acquired Preempt. We've seen SUNBURST and some of the related attacks, and we realize how important identity is to actually securing endpoints and workloads. We dramatically expanded our cloud security offerings, runtime, visibility, cloud security posture management, and we continue to be a leader in that space. Zero Trust, the ability to actually enforce policies and provide scoring of the health of the system and the users, we've added forensic capabilities within our platform, which is a widely requested feature and has been very well received. We continue to support many different operating systems, continue to build out our workflow and we're really pioneering endpoint security delivering store partners and infrastructure that they can actually gather data, obviously, opt-in by customers and create their own unique workflows while leveraging the very valuable real estate that we've built at CrowdStrike. So what are the strong secular themes driving demand? Well, first and foremost is digital transformation. With the pandemic, there aren't many companies that haven't focused on accelerating their digital transformation and their movement to the cloud. We see emerging cloud workloads as a critical growth area for CrowdStrike. We have the ability to not only protect those workloads but also provide visibility into what's happening and also the configuration of those workloads. And you combine that with an elevated threat environment, and it's really the perfect storm for strong secular growth for many years to come. And we believe, as I've said before, that security isn't the nice to have, it's a must have. It's equivalent to shelter in the hierarchy of corporate needs. So let's talk about our TAM evolution. At IPO in 2019, we had a $25 billion TAM. With our current portfolio in 2021, we believe that TAM is $36 billion. And in 2023, we see it growing to $44 billion. What's really exciting for me is we believe we have a path to increasing our TAM to $106 billion in 2025. And the ability to get there is really focused in a couple of areas: First is organic TAM growth from the existing modules we have; second one is a very innovative product road map; third is future initiatives that we're working on; and lastly, our cloud security opportunity, which we're really excited about, and we'll talk more about here in a minute. So let's talk a bit about FY '25 estimated global unit opportunities. If we just take PCs as an example, almost 1 billion PCs available to protect, 900 million, 6 billion global mobile devices, which we also protect. 70 million global servers. These are physical servers. We believe there's a lot more virtual servers to protect. We'll talk a little bit about our cloud opportunities in a minute, and over 10 billion global IoT devices. So when we think about CrowdStrike, we are the perfect company to protect these devices as the threat environment continues to evolve as a proliferation of workloads and servers and devices continue to grow, CrowdStrike will be there to capture this market opportunity. And just to put this in perspective, if you look at cloud pioneers and where CrowdStrike is in our early days of customer acquisition, you can see ServiceNow with a total of 7,000 customers; Workday, 8,000; CrowdStrike, 10,000, as the youngest company on this list, and Salesforce is 150,000. So we're really early into our customer acquisition journey. We're really proud of what we've achieved so far. But in the grand scheme of customer acquisition, there's still a long way to go, and that's an exciting opportunity for us. If you layer in other companies like Trend and VMware, you can see the opportunity when you look at the total customers they have. And these are all companies that have security needs, small and large companies. And it just gives you a representative example of how many companies are out there. So we believe we're certainly in the early innings of tapping our market opportunity and early in the customer acquisition journey. So let's talk a little bit about the cloud, one of my favorite topics. In one of our last webinars, we talked about the 10x opportunity in securing cloud workloads. There's just too much complexity. And it really is a greenfield opportunity when we think about cloud workloads. There's not a lot of protection in these cloud workloads today. Many of them have no protection. And CrowdStrike has built an incredible portfolio where we protect 1.2 billion plus containers every day, focused on runtime protection, workload protection, posture management, threat hunting, identity, security, all focused on the cloud. And in 2023, we think the cloud security opportunity is 12 billion-plus. And I would refer you back to our webinar that we did last year in 2020, that really goes through the math behind this. But we believe that the market is undersecured and underrepresented in terms of the ability to actually penetrate this market. So it's a big opportunity for us. We've got multiple avenues to attack, and we continue to build out our portfolio. All right. We'll move to Zero Trust. This is an exciting area for us, ZTX in our framework. When we think about Zero Trust, it's about people, workloads, networks and devices and tying those together with data. You trust nothing, you verify everything and you anticipate the breach. We've been working very closely with other security partners to provide scoring in a framework, because we have visibility of what's happening on those endpoints and what the user is doing and the hygiene of those workloads and endpoints. And not only can we provide visibility, but we can also enforce policies and drive conditional access requests and prevent users from being able to get to places they shouldn't or do things that they shouldn't be doing. One of the big areas around this certainly is lateral movement. And with our Preempt technology as well as what we built before the acquisition, we've got a very compelling architecture to be able to identify and prevent these sort of attacks. I think this really is highlighted by the SUNBURST activity and just how important it was for companies to be able to identify unused accounts, accounts that have been abused or administrator accounts as part of an overall campaign by nation-state actors. So the Zero Trust ecosystem, one of the things that I do like to talk about is where we sit versus others. So obviously, we've got a very unique view of the endpoints and workloads, whether that's in a standard corporate environment for desktop PCs or whether that's in a cloud -- in a Kubernetes container environment. And we have the ability to basically score and understand the health of that system, again what users are doing, and then be able to provide that information to other identity providers like Okta, Ping, Azure and others. So we're focused on the endpoints and workloads we work with and partner with many of the other identity players in the marketplace and provide our scoring as one of the things we just announced very recently with Zscaler, where they're taking advantage of our Zero Trust architecture and our scoring mechanisms. So very excited about this, more to come. And obviously, we're really excited about Preempt and what that provides to CrowdStrike and its customers. So I'll move on to Humio, our latest acquisition, one of the most exciting acquisitions that I've been involved with. And when we think about data growth -- and certainly security data growth and the complexity that we see in most organizations and the budget pressures that companies are under and dealing with legacy vendors, we think that there is just an exponential amount of unstructured data sets that are out there that are growing so fast that it's hard for organizations to actually get a handle on it. And that's where Humio comes into play, the ability to actually log everything and answer anything in real time. And Humio works with any data format, whether it's structured or unstructured because you don't have to define all these fields upfront. You can ask questions of the data, whether it's live or archived. And one of the really interesting and compelling pieces of Humio is that it can ingest this data in real time without any lag, so you can create live searches as soon as you start ingesting the data. And when we looked across the environments' various competing technologies, we just didn't see anything as compelling or innovative as Humio. So Humio provides a few things for us and a few advantages over other technologies. First, index free. So we don't actually have to have an index, which takes time and effort and simplifies the ability to ask questions and log everything. It's real time. So you're getting immediate value as soon as you start ingesting data. It's cloud native, it's multi-tenant. And what a lot of customers love is its unlimited ingest, right? So the ability to ingest data and log everything, which provides amazing speed. When we did our test before we did the acquisition, we were blown away at the amount of data that can be adjusted, the efficiency of it. The fact that it actually compresses all this data, 15x any competitive technology and still allows you to search into that data. So it provides a much lower TCO over the life of the technology. So what is Humio going to do for us? First is to redefine XDR. There's really 2 areas of Humio: First is on the security use case; and the second one I'll get to in a minute with log management. But redefining legacy XDR is really important. And I would say that XDR is one of the most overused overhype words in the industry. And it's not just about creating bigger needle stacks, right? It's about taking the right information at the right time, combining it together, leveraging our Threat Graph and being able to create insights that existing products just can't solve. Some of the issues with traditional SIM and other technologies of the past, they just take so much effort in care and maintenance to get you to the outcome that you're actually looking for. So stay tuned for more on our XDR. Obviously, we're going through the road maps. We'll come back and hopefully have an update as we continue to evolve the technology. But we're really excited about that. So that's one piece of Humio. The other piece is log management and observability. And that's the full Humio product as it stands today. And we will continue to support that and also integrate that into our platform. So it's really 2 use cases. It's security and then it's log, any other technologies that you're looking at as well as the observability market. So again, still early innings for us, more to come on that, but very exciting, very positive feedback from our customers. And I think it's a perfect complement to our Threat Graph and what we've already built. The other area that Humio provides is support for other modules, right? The ability to integrate with OverWatch and complete in our intel offerings to support data ingest from our threat graph and our services team and obviously support our CrowdStrike store partners. So it really is a fundamental technology that the Falcon platform will continue to leverage. It will support security use cases and nonsecurity use cases like log ingestion and observability. So really exciting and more to come on that. So in summary, I really want to tell you how excited I am about this opportunity. To get to $1 billion in annual recurring revenue with the likes of Zoom and Salesforce, there is speed and efficiency. To have a line of sight to $3 billion in annual recurring revenue, growing to $10 billion, and to be that fundamental cloud platform that really changes security the way we know it. If there's one takeaway from my presentation here is that CrowdStrike is much more than an endpoint security company. We're a platform company with the ability to go into adjacencies, like log management as well as identity. And we'll continue to expand our module offering, starting with one module, can an IPO, 19 today. And our fundamental core principle of data. Once we've got that data, the ability to reuse that, create new modules and more importantly, solve some really compelling use cases for our customers. This is just the beginning, and it's been a pleasure to chat with you today, and I look forward to your questions later. With that, I'll turn it over to Burt.

Thank you, George, and hello, everyone. Let's get right into it. Last year was a year of milestones. We delivered a phenomenal year, setting new records in multiple areas. The really big milestone for us, as George mentioned, was ending ARR, which surpassed $1 billion, up 75% over last year. We also added a record $450 million in net new ARR, up 56% over last year. Additionally, we added a record number of net new logos, which increased 53% over last year. What makes these growth milestones even more impressive, is that we achieved them while at the same time, improving our margins and delivering strong unit economics. We hit 79% non-GAAP subscription gross margin, a new record. We achieved non-GAAP profitability for the first time, and we delivered an operating margin of 7% for the year. We also delivered a free cash flow margin of 33%, also a record. These milestones demonstrate the power of our model. As George mentioned, we delivered rapid and efficient growth at scale, comparable to best-in-class SaaS companies that you can count on 1 hand. Let's now take a deeper dive into our growth to date. With strong secular tailwinds and the combination of our cloud-native architecture, with both a highly scalable Threat Graph and a single lightweight intelligent agent, we were able to achieve a rapid ARR and revenue growth at scale with subscription revenue being the primary driver of growth. The good news is that we are seeing strong growth in both domestic and international markets with a long runway to continue gaining share. We are also very pleased with our services business, where we saw strong growth, which was higher than our expectations. Service revenue made up 8% of our total FY '21 revenue, and although small, it is very strategic to us. For every $1 spent on services since February 2019, we garnered $5.51 in subscription ARR, and you can see how this has grown significantly over the last year. And it's a symbiotic relationship. Our tech helps drive our services engagements. While our team members have great experience and expertise and are a critical element to our success, the Falcon platform and our remote forensic capabilities differentiates CrowdStrike from others in the market. We have set the gold standard for services engagements. Once we are called in to help a company clean up an incident or a breach, which another vendor's inadequate software was unable to prevent, we quickly do the forensics work, the investigation work and generate the required reporting the company needs. At this point, the company sees our value, and we then leverage our professional services team to sell our platform. So in a nutshell, our professional services team comes in, executes quickly, helps to sell our platform and then leaves. This is a very different approach than what the other professional services leader in the space does, where they come in and want to stay at the company for an extended period of time, which is both expensive and inefficient. Now let's move on to how we achieved the $3 billion-plus in ARR that George talked about earlier. George ran through the TAM and the market opportunities available to us to achieve the $3 billion in ARR and beyond. Now let's take a deeper look into the mechanics and dynamics of our business that we believe will help us reach the next level, the path to $3 billion-plus in ARR. As I'm sure many of you can appreciate, as a CFO, I love math and the dynamics of a recurring subscription model. I also love simplicity. So let's look from a mathematical perspective at the net new ARR generation required to reach $3 billion and beyond by FY '25. If we just repeat FY '21 and generate approximately $450 million in net new ARR for each of the next 4 years, that gets us to approximately $3 billion in ending ARR for FY '25. And to repeat, that is without any net new ARR growth. That is not to say that we will not generate net new ARR growth between now and then. It is merely an illustration of the math required to reach approximately $3 billion in ARR by FY '25. Looking at this another way, every 10% CAGR you layer on to FY '21 net new ARR growth equates to at least an additional $500 million in ending ARR in FY '25. And importantly, as we think about our opportunity to get to $3 billion and beyond, we see a path to this next milestone by leveraging the business we have today with minimal contribution from Humio and Preempt and without a reliance on the future initiatives we discussed. As George mentioned, we see many opportunities available in the market today. I will focus on our ability to execute on these 4 opportunities at hand: First, continue to take market share by landing customers at a rapid pace across all facets of the business market; second, capitalize on our increased momentum with partners; third, expand our wallet share by driving module adoption with new and existing customers alike; and fourth, maintain our strong retention rates. Let's explore each of these in more detail. We are winning customers at a rapid pace. We've seen an acceleration in the number of new logos we win each year and in Q4 FY '21. Even off a tough comp, our net new customer growth rate accelerated. Our win rates remain high, and we believe that we are clearly gaining share. And as George pointed out, with about 10,000 customers to date, we are still in the early innings of our journey. Many more logos to win. For added context, some of the legacy vendors in this space had hundreds of thousands of enterprise customers. The key to our rapidly expanding customer base is that we are winning customers of all sizes. From a one-person shop all the way to the largest companies in the world, we can sell into any vertical, geography or any level of technical sophistication. Essentially, we can sell to almost anyone. To give you some insight into how far we've come, the number of customers with more than $1 million in ARR stands at 176 compared to just 10 in FY '17. This is a 105% 4-year CAGR. The number of customers with ARR between $1 million and $100,000 stands at 1,569 compared to just 151 in FY '17. This is an 80% 4-year CAGR. And smaller accounts with ARR below $100,000 stand at 8,151 compared to just 286 in FY '17. This is a 131% 4-year CAGR. You can see how these smaller accounts really contribute to our overall logo velocity. And putting this into perspective of ARR contribution, it's approximately 40% from accounts greater than $1 million in ARR, 40% from the mid-range accounts and 20% from customers less than 100,000 in ARR. Adding customers at this rate and among companies of all sizes is not an easy task. It boils down to an incredibly easy-to-deploy tech, the strength of our low friction sales motion, including our trial to pay and our ability to scale our operations and G&A functions to onboard customers at a rapid pace. Another opportunity before us is to drive growth is to continue to increase our partner momentum. We are a partner-first company with a direct sales force, whereby our sales reps own their own book of business, which includes partnerships. Our partner-first strategy has enabled us to expand the breadth of our customer coverage in a highly efficient manner. You can see our success last year, where we achieved an 85% increase in the absolute number of partners. This increase came from our U.S. and international partners as well as our global strategic partners, such as EY. We've also been investing to increase partner-sourced deals and are seeing the results. Partner-sourced transactions more than doubled in FY '21, and this has translated into an 86% increase in partner-sourced ARR. Our unwavering focus on our partnerships has led to consolidation in the market where CrowdStrike is broadly becoming the partner of choice. AWS is an example of a standout partnership, a partnership which we have invested in and have experienced rapid growth in ARR transacted. Last year, we saw 650% growth in ARR transacted through the AWS Marketplace, bringing the total ARR generated through the marketplace to well over $50 million. The good news about the AWS Marketplace is that we are able to transact with both large and small companies. An additional advantage of transacting through the AWS Marketplace is the availability to leverage the enterprise contract. When a buyer and a seller both agreed to use the enterprise contract, it materially reduces the number of terms and conditions that need to be negotiated between the parties and hence, dramatically reduces the sales cycle in many cases from months to weeks. In addition to winning customers at a fast pace, we are also seeing strong success with our top accounts and growing the minimum spend required to be a top customer. The minimum ARR to make it to our top 25 is now $3.6 million compared with under $0.5 million in FY '17; $1.6 million to be a top 100 compared with just $167,000 in FY '17; and to be a top 400 customer, a minimum of $478,000 compared with $10,000 in FY '17. Another way to look at this, the minimum spend required to be a top 25 customer in FY '17 is now the minimum required to be a top 400 customers today. We are landing bigger deals and that we are expanding with both modules and workloads, covering more of a customer state, leading to strong net retention rates. Let's now look at a customer journey of one of our top 100 customers that demonstrates how small initial wins can lead to significant ARR expansion over time. This large retailer began their journey with CrowdStrike in FY '15 with an intel purchase, which was fairly common back then and was not sold per endpoint. In FY '17, it expanded by purchasing our Insight and OverWatch modules, which marked our first sensor land with them. This led to a large increase in ARR, granted, it was off a small base. In FY '18, we once again increased the deal size with Preempt. This brought them to a total of 4 modules. In FY '19, their ARR more than doubled with sensor growth and 2 additional modules. In FY '20, we once again saw sensor growth. In FY '21, they added Spotlight, and brought Falcon into a portion of their cloud estate. This led to another 70% increase in deal size. Today, this customer's ending ARR spend with CrowdStrike is 3 million, a 3,500% increase from the initial land and encompasses 7 modules. This customer is a great example of how we grow an account, both by adding more workloads and by increasing modules. This customer also demonstrates that as we launch more modules or cover more of their cloud workload estate, we grow the account, providing us headroom for growth even within accounts we may already fully cover on an endpoint basis. When you have customers like this and many more like it, it is not difficult to see why we have such strong retention rates. Our net dollar-based retention rates have consistently remained above our 120% benchmark, which is excellent. And then when you look at our gross dollar-based retention rate, that has been a best-in-class 98% for 9 consecutive quarters, well, that's just exceptional. Now here is something fairly unique to us. Just as we are experiencing impressive expansion of our existing customer base, as evidenced by the previous slide, we are landing new deals with more modules. We have seen a steady progression over the past several years, and now our average module count of a new customer is a little over 4 modules, up from 2 modules in FY '17. And we see even more modules than that on the initial lands of big accounts, like Pfizer, which we showcased on our earnings call. So the question is, why aren't we seeing bigger lands? The answer is that, one, we are experiencing growing brand recognition, and with that, a more prominent leadership position in our space; two, we are winning with agent consolidation; three, our platform is easy to deploy and easy to manage with a stunning user interface; and four, we are providing compelling value to customers. Looking across our entire customer base, module adoption continues to increase. We believe this shows strong customers buy-in for our platform approach. As we expand our lineup of modules, we expand the use cases we addressed. We expand our TAM, and we expand the virtuous circle of our "collect once, reuse many" model. Underpinning all of this is our platform that enables rapid innovation. And as George spoke about earlier, with this innovation, we have grown from 10 modules at IPO to 19 modules today, as well as a robust product road map for future releases. When we look at the year-over-year growth rate of customers subscribing to each module, we are seeing tremendous success with these modules in the markets they serve. Customer accounts for our big 4 modules: Prevent, Discover, OverWatch and Insight, are all growing at a similar rate to our overall customer base, which was 82% year-over-year at the end of Q4. Even more exciting are the hyper growth modules that are growing at rates significantly faster than our overall customer base. These hyper growth modules include: Falcon Complete, which is our turnkey security offering device control; Falcon X for threat intel; and of course, Spotlight, our highly differentiated vulnerability management solution. Again, these are own modules where customer accounts are growing far in excess of the 82% growth we are seeing in our overall customer base. The third category, I will call specialty modules, where we find Sandbox and search. Both these modules are growing at a slower rate. I would point out that many of the capabilities of Sandbox and search can be acquired through our Falcon X offering, which is one of our hyper growth modules. So there is definitely a strong demand for these capabilities. Finally, I'd like to note the new modules, which year-over-year growth rates are not yet available because they are new to the market within the past year. Of course, we look forward to additional high-growth and hyper growth modules coming from this group of rising stars. Just like we are winning new logos from companies of all sizes, we are also driving module adoption. Regardless of the size of the company, their problems remain the same. They all need security and are looking for a true partner. They all want a solution that works and is easy to use. They all want to reduce complexity and the number of agents. And they all have limited security resources. The great news is that the Falcon platform addresses all of these needs. The bottom line is increased module adoption, regardless of the customer size, demonstrates the applicability of the platform across the market. To summarize today's presentation thus far, we believe we're in the early innings of CrowdStrike's journey and that reaching $1 billion in ARR is just the first of many milestones we envision obtaining. We see multiple avenues to drive sustained long-term growth, leveraging our existing business and solutions fueled by strong secular tailwinds and our true cloud native platform, an efficient go-to-market engine that is winning customers of all sizes. Our ability to rapidly innovate and bring new modules to market enable us to naturally expand into adjacencies, grow our TAM and drive module adoption with both new and existing customers. Our extensible platform also enables us to relatively quickly integrate new or acquired technologies and enter markets that are poised for disruption. It is important that we continue investing to capture and execute on the opportunities we see in the market, especially during this unique time in the industry, which has experienced great consolidation over the past couple of years, clearing the way for a new market leader. While growth in seizing the opportunities in the market are top priorities, we are also focused on building a long-term business with sustainable growth and compelling margins. And we've made significant strides. Take gross margin, this is an area that I'm extremely proud of, where we have shown significant improvement. Coming from the mid-30s in fiscal year 2017 to almost 80% in FY '21 is almost unheard of to drive that kind of improvement, let alone in such a short time. The better news is that I see a path to continue this upward trend, and I will get to that in a moment. Then take operating margin. We've seen a steady progression in margin expansion with 9 consecutive quarters of improving non-GAAP operating performance on both a dollar and margin basis. And we delivered a non-GAAP operating margin of 7% in FY '21. On a personal note, I am just as pleased with our margin performance as I am with our phenomenal ARR performance. As I have often mentioned, scaling our business efficiently is a priority for us. 2 of several metrics we look at to assess our efficiency are Magic Number and the Rule of 40. We performed very well on both measures. We are highly efficient, an indication we need to invest more, and we are doing just that. Let's pull all of what we have shared with you today into perspective of our target model. On subscription gross margin, we have sustainably reached a range of 75% to 80% in FY '20 and reach the high end of the range in FY '21. As alluded to earlier, I see a path to continuing this upward trend and I'm raising our target model to 77% to 82% plus. The 2 main drivers in increasing this target are: First, continued module creation and adoption. Every new module our customer purchases after they purchase the first module is essentially pure margin for us. Second, continued operational efficiency gains in both our public and private cloud data center environments. Let's now look to S&M, G&A and R&D. As I mentioned, continuing to invest in all aspects of the business will be key for us, but especially in R&D and S&M. The current target model for these measures is at an appropriate level as we mature as a company. Even though we hit our R&D range in FY '21, we are increasing investments in this area. So we expect R&D as a percentage of revenue to tick up in the near term, but then trend back into our target model range over time. We reached our G&A target model in FY '21, and believe that is an appropriate level to continue supporting our growth and believe we can sustain our target range for the time being. With the increase in gross margin, we are raising our operating margin target to between 20% and 22% plus. Let's now look at how this translates into free cash flow margin. This is a new metric for our target model. We had phenomenal FY '21 performance of 33%, but we don't expect to repeat at this level in FY '22 as we will continue investing in the business. When we do reach our target model, we expect to generate 30% or more on a consistent basis. We expect to achieve each of these targets in various quarters over the next few years. And assuming $3 billion or more in ending ARR in FY '25, we'd expect to be within the range on all measures in FY '25 on a sustainable basis. I would like to also note that you will find a slide with a few modeling notes in the appendix of the presentation, which will be posted on our IR website shortly. In summary, I've never been more excited about the opportunities before us, and I look forward to continuing to rapidly expand and scale. Thank you very much. I will now turn it over to Maria to open up Q&A.

Great. Thank you, Burt. [Operator Instructions] And our first question is from Saket Kalia of Barclays, and he will be followed by a question from Matt Hedberg of RBC. Saket, you may begin.

Okay. Great. Well, first and foremost, guys, thanks very much for hosting this session. A lot of great content to Q1. George, maybe for my first question for you. I think we all took away from your presentation that CrowdStrike is not only an endpoint security company, but something broader. But maybe just to zoom into endpoint for a second because it's been a space that you've just disrupted so much. Can you just talk about what inning you feel like we're in when it comes to converting legacy market share to something more modern like CrowdStrike?

Sure. So thanks, Saket. Always good to see you. I think it's what we've said, certainly for some time now, it's still near early innings. If you look at our overall opportunity, and we provided some customer counts of where we are versus some other companies, and we look at where we've been able to penetrate, certainly, we've done well. We're proud of our performance, but there's such a broader opportunity that's in front of us. If you look at the workloads that are out there on the cloud side, the containers, obviously, we put some physical hardware out there, which is pure endpoint as opposed to just workloads. Overall, we're just scratching the surface and the opportunity of, what I would call, endpoints and workloads, right? We always make that distinction, and we look at the broader workloads. So for us, still very early innings. Great performance so far. But in the grand scheme of the total market opportunity, it's just a fraction of what's available to us.

Got it. That's very helpful. Burt, maybe for my follow-up for you. First of all, thanks for all the detail and for the FY '25 framework. Maybe from a high level, if you think about the ARR growth equation, as part logo growth, part endpoints per logo and part modules per endpoint, if you will, or workload, maybe is a better point, right, to George's point, understand you don't -- understand you don't disclose this data. The question is, how do you think about the path from here to $3 billion qualitatively within those 3 metrics? It seems like all 3 of these drivers have contributed equally in the last few years. But over the next few years, how do you think about that equation changing, if at all?

Great to see you, Saket, and great question. So the great news is for each one of those, I think we have lots of avenue to contribute to get to the $3 billion. I think if you just take the new logo velocity, I talked about certainly on the less than 100,000 customers, you can see how fast and how many were growing there. And I think that, that is going to -- we've still got a tremendous opportunity with respect to the new logos. Just as George showed on his slides, we're still in the really early innings. With respect to -- I think the number of endpoints per logo. Look, the world -- proliferation of the endpoints workloads, just as you had mentioned, is just growing really, really fast. And so we have this opportunity to be able to protect that proliferation of all those endpoints, even within a logo. And then modules per logo. I mean I think the great news there is you've seen what happened when we went from IPO to today from 10 modules coming out from market to 19 today. You've seen what's happened to each one of the different groups that we showed you, with respect to the amount of logos and doubled or just -- or more than doubled with respect to each group in terms of logo -- sorry, module per logo. So all 3 of them, I think, still have robust system in terms of where we see coming from today going into $3 billion.

Great. Thank you, Saket. Our next question is from Matt Hedberg of RBC, and he will be followed by Gregg Moskowitz of Mizuho. Matt, you may begin.

Thanks, Maria. This was really fantastic. We got a lot of details here to unpack. But maybe, George, I think we can talk about a lot of the things you highlighted. But the move in your TAM to $106 billion by 2025, I mean -- I think that's certainly caught me -- call my attention. I'm wondering, when you look at that, how much of that is growth in your current markets today versus new adjacencies? You had some components at the bottom of that chart. And for those new adjacencies, what are the things that excites you the most, that perhaps you don't even touch today?

Well, we're excited about the TAM opportunity. And I think when you look at where we are today, it really is underrepresented with all the things that we do and how customers actually use our technology. So we have where we are today, we have where we're going in a couple of years with our current platform. Obviously, we talked about some things that are in R&D that we haven't announced, which are actively being built and then future opportunities that fall within those adjacencies. You saw things like Humio and our identity acquisition of Preempt. So these are all logical adjacencies, and we have a very robust strategic plan over the next coming years. And we didn't break out the specific numbers, so I'm not going to go into all the details. But as Burt mentioned, to get to the overall $3 billion plus, we can do that with our current opportunity that we have in front of us, and this is additive. So as things unfold, obviously, we'll update our TAM. It'd be a little bit more specific. But things like our cloud opportunity, where -- what we're covering today is still only a small segment of what we can do in the cloud. We've added new capabilities with Horizon and CSPM and workload protection, and it goes on and on. So we see that as a massive opportunity that I called out. And I think in general, when you look at Humio and data and our ability to move into adjacencies that are relevant to security, but not outside of our core competency, I mean, that's where we get this broader TAM. So I would say stay tuned. We try to do our best to provide a broader picture. But obviously, there are some specifics that will come down as we begin to release products and execute on the road map.

That's great. And then maybe that dovetails into a question on Humio. Obviously, it looks like logs is the logical starting spot, but you talked somewhat about observability. And maybe talk a little bit more about that move from logs to a broader observability play. I mean is that something that your customers are currently asking you for? Is that a logical thing that you think is within the purview of the next year or two?

Sure. Well, if you go back to the presentation, there were 2 key areas for Humio. One was the extension of XDR in our platform and connecting that into our Threat Graph to pull in data that's outside of just our core endpoint workload data. That's one piece. Then if you look at what Humio does today, it's log and observability. And what we believe -- and there's some nuances to this, is that not all agents are created equal. So when we think about our agent, it actually has the -- it has visibility to just call information into -- deep into the kernel. So we understand performance of what's happening on those systems and it's not just a log shipper. So we think by combining our single agent, which, of course, was built with a security use case, but because of the way it was built, it can be extended into other areas, it can provide, I think, some great visibility into the observability market, if you will, and supply that to Humio. So they are doing that today, and we will continue to expand on their current road map.

Our next question is from Gregg Moskowitz of Mizuho, and he will be followed by Ittai Kidron of Oppenheimer. Gregg, you may begin.

All right. Great. Thanks, Maria. I'll echo the thanks for all the great details today. So I guess first question for George. You mentioned that you're now protecting 1.2 billion-plus containers every day. It's just a phenomenal number. And we've seen, obviously, what that trajectory has looked like. I guess the question is, there is a lot of noise in the space, a lot of vendors that are starting to go after this market and talking about cloud workload protection, CSPM more and more frequently. How much understanding when you say there is from a customer vantage point as it relates to not just the need to protect these workloads, but also to go with CrowdStrike in terms of their decision?

Well, given the model and how we built it and how we sell it, I certainly think our customers have a good view of what we've built and how they can actually try and deploy it in the cloud. Burt talked about the retailer where we started with something very small and massively grew the opportunity there, including protecting some of their cloud. So it is a big focus for us. We have some specialization in the sales force actually to focus on that because you need to understand those cycles and DevOps and things of that nature. And it's still a noisy space out there. But I think given our partnership with the likes of AWS. You saw the performance there. It puts us in a great spot to be able to extend out our capabilities above and beyond what might run on traditional desktops and servers into those cloud workloads. And customers are looking for a multi-cloud architecture, where it doesn't matter where our agent runs. It could be across any of the big cloud providers. You're still going to get a single view. And it's going to be agnostic as opposed to locked in with one particular vendor.

All right. That's helpful. And then for Burt, so I wanted to go back to your statement that Discover, Insight, OverWatch, Prevent, your 4 big modules. They're growing at a similar rate to your customer growth rate of kind of in the low 80s. So given that dynamic, coupled with the fact that you're landing with 4 plus modules on average, you have all these exciting new modules. It would seem that you really have a line of sight to continued strong growth for quite some time. And specifically, when you talk about $3 billion-plus in ARR by fiscal '25, I mean, again, it just does not seem remotely heroic. So I guess, when you look at all these drivers, would that be a fair statement? Is there anything that you would add to that?

Look, we're -- great to see you by the way, Gregg. I think that when you look at those modules, I've talked about them before, the big 4, then you can throw in a fifth that's climbing up there, which is Device Control. We're getting really excited about talking about 4, 5, 6 and getting more excited, soon talk about 5, 6, 7 modules that are going to be adopted. But when I think about the $3 billion, it's more of a path that I wanted to show in terms of just great math. I think the half of $3 billion and $3 billion-plus. I really wanted to keep it simple and just give an indication of what something would look like. I think that it would be a fairly reasonable objective for us for the $3 billion-plus in that time frame then to have our sights on. So that's how we think about that.

Our next question is from Ittai Kidron of Oppenheimer, and that he will be followed by Tal Liani of BofA. Ittai, you may begin.

Thanks, Maria. Thank you very much for the presentations. They're very informative. I guess, George, I have a couple of questions, and I'm kind of more focused on the go-to-market and the packaging of all this. It sounds like that in the not-too-distant future, you'll have 40 different modules or 50 different modules out there to sell. And I guess the risk that you're creating there is that you overwhelm people with such a long list of menu, and they really get confused. And perhaps even confuse the Salesforce, what's the best way approach to kind of start all of this. Help me think about the balance of this? I mean modules adoption has clearly been a very big driver for you. But perhaps to a point in time where to shift focus away from a number of modules and perhaps consolidate number of modules to a smaller number, raise price? How do you create that balance between overwhelming versus making sure you get value for your products?

Well, it's a good question. And I think we've done a good job with the bundling and packaging, as we sell today. Yes, we have 19 modules, but we tend to package those up in the sort of good, better, best, ultimate, if you will. Those are not the names, but you get the point we actually pull them together, take into effective bundles. I think they can be logically bundled into cloud or servers or data or identity, things of that nature. And the other thing that I really want to point out is the risk that you run, and I'll tell you how we ameliorate that, is that salespeople, they've got too much to sell, right? So a big part of our strategy has been the platform needs to sell itself. So we do a lot of in-app serving up of what customers may want, right? So if you're a customer that's using our AV product and our EDR product, well, a logical extension would be our vulnerability management. And you can basically try that for 15 days without any interaction from us. I mean, it's click on it, it's all on your data, what better way to actually try the technology than with your own data. And that serves as a self-selection mechanism so that the sales team don't -- they don't get overwhelmed. They're not worried about 40 products. The customers are putting up their hands saying, hey, I'm really interested in these couple of things, and then we continue to educate them through our platform. So it's really, I think, an underappreciated feature of our platform and how much selling it actually does behind the scenes, and how we've instrumented that into our field team as well as our inside sales team to be able to keep that motion. And the result of that is Magic Numbers that are 1.3, the sales efficiency, the net retention rate. So that's the way we look to do it is to leverage the platform.

Got it. Maybe as a follow-up for that. Again, it sounds like the scope of what you're going to do is it's going to expand tremendously over the next 2, 3 years. How do you think about the constituencies within the general IT department that you're talking to today? How does that need to change going forward? Are there constituents within the overall IT department would be more network? Would it be more developers, people that you're going to have to build rapport with the brand and an approach with in order to drive those new avenues of growth?

Sure. And we've been doing this for some period of time. When you look at the dollars that are being spent on CrowdStrike as, what I would call a platform of record, these are not small dollars. You saw the $1 million ARR-type deal. So we've moved -- certainly, we sell at the Chief Information Security Officer level, but we sell a lot at the CIO level, right? We're involved at CIO, we're doing a lot of board work. And at the CIO level, you're going to capture a lot of the pieces that are there. So for us, the network piece, we don't have anything that's really network related, but those folks are out there. I think the more important piece would be the DevOps side. And we're already selling there. We've got some specialization in the sales force. Technologies like Humio naturally pull us into that world. So it's building those capabilities, building the muscle memory, building the sales motions and continuing to sell high into the account, which is really at the CIO level.

Our next question is from Tal Liani of Bank of America, and he will be followed by Brian Essex of Goldman Sachs. Tal, you may begin.

Now you can see me and you can hear me also. Two questions. Burt, first with you. Great. I have a question that you were asked probably a million times, but I think this is the time of the year to ask it. We're heading now into April. April, you started to see great demand from -- related to COVID. How much -- before that -- I mean, when we asked you the same question before, you said you don't anticipate much of an impact related to COVID, meaning tough comps should -- didn't worry you just because you thought you can upsell and corporates expedite their migration to digital world. And I'm asking you the same question again. As you started the year, we're 1/3 into the year or 1/4 into the year, what's the risk of slowdown in the next quarter or 2 just because of tough comps? How much of the contribution of new modules, how much of it can offset the great demand you've seen last year?

So I'll take a shot at that one. So great to see you, Tal. So yes, what we talked about or what I talked about, when you're talking about COVID is yes, it acted as an accelerant to, I think, something that was already there, right, which is this movement to digital transformation and obviously underpinned by security transformation. And we've seen that consistently through the year. The good news is, as I talked on our last earnings call, our momentum going into the year is the strongest it's ever been, right? So clearly, we're seeing upticks other than COVID in and of itself that are driving this momentum and the bright future that we think we have. So I think it's the things like the modules. I think it's the things like the fact that folks are expanding their footprint. And I think a big one, obviously, is the proliferation of the adversaries and the attack surface. I think all those things together combined to create this record amount of momentum that we have going into the year. So I think the COVID result of all that was the acceleration to get to where I think we're moving into the state where all those other things are going to play into our growth, and to be able to get to those numbers that I had talked about earlier.

Got it. And George, so far, all your acquisitions are extremely synergistic to your platform, you're basically adding more and more modules to your platform. General question is, you have a great currency. Is there any thinking in the company to grow outside of your platform or to make bigger acquisitions and become a bigger security company and create a bigger security company?

Well, I think what Burt laid out is we're working on becoming a bigger security company, but we need to do that in a way that meets our model and meets the high bar that we have. There's not a week that goes by that we probably don't get to inbound from somebody acquisition opportunities. And as you've seen, we've been able to execute on two of those. And the vast, vast majority, they just don't meet the bar that we have. As you pointed out the integration with the platform has to happen at the adjacencies, the areas that we're focused on, it all has to make sense to us. And we want to stay within our focus. I think there's a lot of companies over the years who have strayed away from what they're really good at and got into different areas and lost their way. And everything that we've done so far and what we continue to focus on is to be part of the platform and be very logical and something that we can sell very efficiently within the platform. So we're not going to change our approach at this point. We will certainly continue to look at the marketplace as it evolves. But we feel really good about the 2 big acquisitions that we did over the last year.

Thank you, Tal. Our next question is from Brian Essex of Goldman Sachs, and he will be followed by Brent Thill of Jefferies. Brian, you may begin.

Yes, maybe Burt, first, a question for you. And thank you again for all this information. This is fantastic. If we think about the operating margin profile that you've kind of outlined, the pieces within that. One of the things that impressed me is are you going to keep sales and marketing relatively robust over the next few years as you go towards that $3 billion target. But your model has some of the best unit economics of any of the companies that we cover. And I think last quarter, I think one of the interesting things for me anyway was how you went down market a bit and the attach rates increased. So it went down very effectively, still with great unit economics. How should we think about -- with that in mind, where are you going to be spending from a sales and marketing perspective? How are we're going to track progress towards reaching that goal? And anything meaningful pop up like increased channel presence, international presence? Or how should we think about where are you going to be spending incremental dollars given that most companies when they scale will become more efficient on that metric?

Yes. Great question, Brian. So first and foremost, my message of we're going to continue to aggressively invest, that exists. That's something that I've been talking about for quite some time. The fact that we've had such strong unit economics goes back to what George was talking about earlier. The taking the friction out of the system, having this trial to pay, in-app trials. So as we think about where I'm going to deploy dollars, obviously, we're going to continue to try and deploy dollars to make that even more frictionless. But then obviously, international. We had a strong international quarter. 29% of our business was outside the United States. And we think that we have room to grow. We think we have move to eventually get to 50-50. We have a long way to go to do that because we're still growing so fast in North America. But it's certainly -- international is a space that we're going to continue to deploy dollars. The way that we look like a headcount, it's been working. It's a tried and true formula that we use, and we don't want to bust the model. It just so happens to turn out a really strong unit economic measure. But we know it works. Because if you try and deploy too many heads, all at once, they're not going to be able to be -- they're not going to be able to do what they need to do. And the same with marketing dollars. You throw a whole bunch of marketing dollars or something. If you don't have the people to be able to -- and the systems to go after and capture it and make use of it, the marginal dollars that you're going to get into that is going to start declining. So we've got a tried and true formula right now. We're going to continue with it. We're going to continue to aggressively invest internationally. And so far, that's been working.

Great. That's super helpful. And then maybe for George, I just want to ask, it's picking at a small point, but would love to get your thoughts on how you see the right store is, I think, as [Technical Difficulty] footprint, your customer base and others can build on your platform to penetrate markets as well. How meaningful do you think that's going to be when you're working towards your $3 billion goal?

Yes. So you broke up a little bit, but I think it was related to the store. And I think we've made tremendous progress in the store since we launched where we are today and a number of participants. Humio adds additional capabilities to be able to put more data and create new workflows. Burt can comment on any related financial pieces of that. We'll not comment, as you probably we'll do. But for us, it's very sticky to our customers. It's what they want. And over time, I think long term, it can be a meaningful piece. But for us, as we've looked around and talked to these cloud pioneers, there's some early investment that you have to do. And then ultimately, it pays off with the platform approach. And it shows up in attach rates and win rates and things of that nature. So I don't know, Burt, if you have any other comments or non comments on that, but we are excited about the future opportunity, long-term opportunity of the store.

Yes. No, absolutely. So I still think we're in early innings, by the way, with the store. But I think at some point, Brian, the net new era that we generate from the store could be the same or greater than what we do from a platform on a quarter basis. But we still have a long way to go, but what's happening now is just the additional stickiness, right? Building out that ecosystem, as George talked about, for customers to kind of enjoy not only what we have but what others have and doing it in a way that it's already integrated for them. I mean that's -- it goes back to the ease of the use of our platform.

Our next question is from Brent Thill of Jefferies. And he will be followed by a question from Erik Suppiger of JMP. Brent, you may begin.

You're very bullish on the cloud workload protection segment of the business. I'm curious if you could give us any sense or size of that business on trajectory. And a quick follow-up for George. Just as it relates to AWS, you mentioned the $50 million threshold that you passed. Is anything different this year with AWS and the go-to-market motion? What's the next chapter for the AWS relationship from your perspective?

Brent, so with respect to cloud workloads, we are very excited about that. I think it's greenfield, George talked about, that there are so many unprotected workloads in the cloud. And we're the first mover, right? So we're the first mover to be there. The example that we gave today with the customer journey, we're protecting some of their cloud environment. And so when we think about the opportunity for everybody else out there, we think it's massive, right? We try to put some math behind what that size looks like. And we think we're -- even with that, I think we're conservative in terms of the overall TAM for that opportunity. And I think it's being, as George mentioned, even at the onset of this presentation, it's being completely underserved. And that's why I think that both George and I and the rest of the team are really excited about the opportunity with respect to cloud. It's still small today, right? It's not a big piece of our business, but we think it's greenfield, and we have a lot of room to go. And with that, I'll pass it over to George to talk about AWS.

Sure. With respect to AWS, I think it's the natural maturation of a great partnership. Obviously, we've added many more capabilities around cloud workload protection, cloud security posture management. AWS continues to mature their programs and their APIs and just how you interact with their store in their marketplace. We've added some specialization in the sales force specific to those cloud workloads. And I think just in general, there's a broader awareness of the massive investments that we've made over the last number of years to capture that market. And again, it's getting people educated on the fact that, yes, it's not just an endpoint company. We protect billions of containers -- over 1 billion containers per day. And we've got the technology to be able to do that, which is top of the food chain. So we're excited about where we are. I mean I think the progress is amazing. We're able to talk a bit about it. And I think there's another fantastic path forward with AWS and what we build today and what we're working on in the future.

Our next question is from Erik Suppiger of JMP. And he will be followed by a question from Gray Powell of BTIG. Erik?

George, I think I saw in the modules that you were discussing a firewall module. Can you talk a little bit about what the competitive dynamics are and how you anticipate approaching that market?

Well, so we need to be super clear. So that's a firewall module on our endpoint of workload. That's not a firewall. And again, it's a natural extension to what we do being on the endpoint. It allows policy configuration and enforcement of traffic flows in and out of the system. And it's really not that much more complicated than that. Obviously, customers want to be -- have that protection as they move about and the corporate network disappears, and we just make it easy for them to be able to do that.

So that's not something that would replace a traditional enterprise firewall. It would be more of a complement?

Yes, it has nothing to do with the network firewall. It's the firewalling within an endpoint or workload. So basically, the system itself has its own capabilities to control network flows. And when you're outside of a corporate environment, you may be at home, you may have a router or something, but people want to be able to lock down those systems as you travel, go to a hotel, go to Starbucks. So yes, it's great that we clarify that because this is not anything related to a traditional firewall market other than leveraging the ability to protect the endpoint itself using firewall-type rules.

Okay. Burt, when you did the IPO, you talked a lot about how the opportunity once you displace an incumbent expands fairly significantly because you're able to follow on with a number of additional features and functions. I'm curious, have you done any more work in terms of what kind of expansion you get as you displace incumbents? What kind of multiple effect you get on that opportunity?

Yes. We tried to give you a highlight on one of the customers in the retail space, where we expanded to $3 million in ARR over a period of years. It was very small at the beginning and then moved along with the journey. And to be fair, it can be quite large, right? The journey from where the company starts to where it ends up. The good news, Erik, that we're seeing today is we're actually landing with bigger lands in terms of more modules and more dollars across the board, across all the different areas. And so the opportunity there is, obviously, as George and team come up with more modules, each time that we come out with something, there's an opportunity for that customer to buy it. And we've had great traction with that. And obviously, we've had great traction with customers out there that have used us as the cornerstone of their security profile and beyond, and have said whatever module you come out with, almost whatever it is, we're going to buy it. It's sort of this, "Hey, look, like Salesforce did a great job. Hey, if it doesn't connect to Salesforce, we don't want it. But if Salesforce, it does come up with something, we're going to want it." And we're kind of seeing that as well in our early days, right? We're seeing customers that have been so enamored with the efficiency effect and efficacy and total cost of ownership that we're able to offer that they're just going to come in and do more with us. And that's something the trend line is going up into the right with respect to that.

Our next question is from Gray Powell of BTIG, and he will be followed by a question from Andrew Nowinski at D.A. Davidson. Gray, you may begin.

Okay. All right. Just a couple on my side. So as we think about the path to $3 billion in ARR, how much do you think comes from your core endpoints in EDR target markets? And then how much should come from some of the newer products or tangential markets?

Yes. So as I stated earlier, obviously, it was an illustrate view of how to get to the $3 billion and $3 billion plus. But as we think about it, we talk about the fact that it's really from -- just overall, it's from the modules and everything that we have today. We're not anticipating very much at all from the acquisitions that we just did in Humio and Preempt. And then when you break it down with respect to what modules are going to get to get us there, right, it's what we've always talked about. We've got the big 3 and big 4, right? So we've got Prevent, detection, OverWatch, Discover, right? But when we've got the device control that I mentioned earlier on in my remarks. But then you're also seeing those hyper growth modules that we talked about, right? You've got Complete, which is our turnkey solution, which is really popular with our under-$100,000 customers, because they were just -- it solves a resource issue as well as you're getting the best protection on the planet. And someone's managing it for you all in one, to things like Falcon X and Spotlight, which is our vulnerability management module. I think all of those things are going to contribute to getting us there. And you saw how we've built the path. Again, we think it's a reasonable objective, given what we have today.

Okay. That's helpful. And then just one other question, if I can. On the earnings call, you highlighted an increase in the opportunity to win customers from Microsoft, particularly after some of their recent security headlines. I'm just curious, how do you see that playing out over the next year or 2? And how does that opportunity compare with some, I guess, what you've seen in the last couple of years with the legacy guys like Symantec and McAfee?

Well, yes. I mean I would bucket Microsoft and the legacy boat because that's -- they have legacy AV signature, AV things of that nature. And the reality is customers are concerned in a couple of areas. One, creating a monoculture of all-in on Microsoft, particularly given the serious challenges they've had on the security side that we've talked about. And it's been in the news. Customers, as I mentioned, have had concern a crisis on trust and want to derisk their security spend. And I think in general, you got to look at the platform, the efficacy. We don't have 20 different consoles and things that are Band-Aided together to try to make it all work. And we work seamlessly across Windows and Mac and Linux, which is just not the case for someone like Microsoft. So for us, obviously, there's still always going to be a big competitor, and it's a big market opportunity, but we certainly believe we have the best technology and customers, I think, would probably echo that. And we'll continue to build out the platform and add value where we can in. Again, we wake up every day and think about how do we protect our customers and how do we focus on security. And not about office applications and other things. So I think that singular focus is really important. And then the last piece is things like OverWatch and Complete, we pioneered managed detection response and these capabilities. We were doing this before they even had names from Gartner. And that's extremely valuable to customers.

Our next question is from Andy Nowinski at D.A. Davidson. And he will be followed by a question from Alex Henderson of Needham. Andy?

Great. Thank you. Maybe just a few questions on the modules. So thanks a lot for all the color on the adoption. I'm wondering are you seeing any specific modules out of the '19 that you now have that are getting -- are seeing any increase in adoption as a result of the SolarWinds and Microsoft Exchange hacks?

I think in general, the Zero Trust element, the Preempt technology that we bought has been, I think, pretty well received, right? So I know we've gotten some really nice deals post SolarWinds, specifically around an identity. We're still completing the integration process. So you'll hear more about that. And I think that one has a lot of long-term legs. And I've gone through the demos recently of the integrations, and it looks fantastic. So I think we've taken a very -- specific to that technology. We've taken a very measured approach, which is let's get the integration in before we really hit the gas. We really haven't hit the gas on it. And I think that we've got the flexibility to be able to do that, and that's going to serve us well in the long-term to have a seamless, integrated product rather than something that's not quite as integrated as people would like. So -- but I think that's a big one coming out of what we call SUNBURST attack.

Yes. Maybe just one more as it relates to AWS, you had the $50 million that was transacted through that channel. I'm curious, what are customers deploying when they -- or which modules are customers deploying when they deploy CrowdStrike and AWS? Are they typically the same as what a customer would deploy if a deal is transacted outside of AWS? Just kind of curious how they would compare.

Yes. They're similar. I mean people want protection, right? So you want runtime protection. You want visibility, which are core elements of the product. You want to understand whether there's any policies that are mis-configured because you don't own the infrastructure, right? So you have to look at the policy piece because you're not setting it up yourself, and that's relatively new. But I think core workload protection visibility is what people will buy. And they attach it to OverWatch, which is a fantastic service. And again, we've got the ability to extend out into many of the other areas, outside of those core capabilities.

Our next question is from Alex Henderson of Needham. And he will be followed by a question from Roger Boyd of UBS. Alex?

Thank you very much, and I look forward to Roger's question from UBS. Good guy. So I wanted to talk a little bit about the defensibility that you guys have built in your positioning. I recall when you first started the business, the gross margins were very low because of the extremely high uplift associated with bringing the data to the cloud. And that there was a very long learning process once you brought that data up to understand exactly how you get the high level of efficacy that has been the hallmark of the company. I also think to the extent that you've got an agent that's designed specifically for carrying the Threat Graph down to a local level to be able to bring that in, and now with the Humio acquisition, even more of an advantage. Can you talk a little bit about how much of an advantage that is versus anybody trying to replicate what you're doing? And similarly, when you look over to the cloud world and you start talking about workload, runtime protection, I mean, we've clearly got an agent bloat problem on endpoints. But I would think in the cloud server environment, AWS is not going to let more than 1 or 2 agents onto their server. And therefore, I would think that, that's even more rarified. So how much of an advantage does that represent in terms of your -- the inability of other people to get their agent on and protect those workloads because, obviously, you have to be on the server, not inside the workload to be able to see multiple iterations of that workload? So those dynamics strike me as enormous defense advantages that create a moat that's insurmountable.

Well, always a pleasure to see you Alex and some great questions in there. Let me try to unpack it. You really pointed out something that's important and will often get lost in the noise of the marketplace. And that is the very specialized agent that we built and how we built the platform. So if you look at a lot of our competitors, the vast majority of them is set out to be just another AV product, and then they bolted on some EDR capabilities. And that is really problematic. I mean, it takes hours for some of our competitors to actually get data to the cloud, and that's a very small subset instead of real time, just as one example, right? It also may sound the same, but it's vastly different. When you look at what we built, because we started with the agent and the Threat Graph and visibility, and we said like, let's just send a whole bunch of data up there, and then we'll figure it out. When we did that over time and we built things like our smart filtering technology, which dynamically controls what goes up. We built a platform that's scaled over time. We've added modules. And all of that accrued to a much better margin profile. And as I like to say, there's no compression algorithm for experience. So a lot of our competitors will simply just take an agent, and it's called the shipper, and they'll just take data and try to ship it. But there's no smarts involved in it, and there's no ability to actually retain the context of the data. And as you pointed out, there's a mini graph on our endpoints and workloads, and that context has never lost as the data is smartly shipped to the Threat Graph. So that's an important element, and it does create a huge barrier to entry because of the fact that it's easy to install, easy to run, doesn't overwhelm the system or the network and gets the right data there with the right margin profile. Now customer may not care about the margin profile, but they care about what data goes up and if it impacts anything. But as you said, it takes a long time to actually get that right, and that does create a barrier to entry. The other thing that you pointed out was specific to AWS. And a customer can kind of run what they want on their endpoints. But I think it's the relationship to -- that we have with AWS in the marketplace and the fact that it just -- it works. Like everything else, it's easy, it works, it doesn't impact performance. And a lot of our competitors, you have to install like their own management console in AWS instance. You don't have to do any of that with ours. And more importantly, we don't impact the performance of these critical workloads like our competitors. So that's the second piece. And the piece that you didn't bring up, but I'll mention is with things like Humio, the more data we collect, we have now the ability to collect even more data creates an additional data load, if you will. And it makes it even harder to kind of get that data moat, others to recreate that, I should say. So we're -- we think it's the right approach, and there are many moats in our business.

And if I could, just one for Burt, just to be absolutely crisp and clear. The commentary about taking the growth that you achieved last year and just cloning it for a number of years. It's not a forecast, that's a baseline framing and that you would not -- you're not saying the $3 billion is your target. Obviously, there's considerable growth. And I think that 10% increment is every -- is $500 million incremental growth that is the right way to mechanically think about how much above that you could get. Is that a fair characterization? I don't want everybody to go ahead and say, they're guiding to $3 billion because it's not -- it doesn't seem like that's what you're doing.

Correct. That is not what we're doing. We were just giving an illustration of what it would take to go from $3 billion or $3 billion plus. We think the $3 billion-plus number that we talked about in the second illustration, again, is a reasonable objective and target for us to -- as we look out to the future. George, when he started the company, by the way. When George, when he was thinking about where he wanted to go, he was thinking very big, right? He said, "I want to be able to sell to all customers everywhere in the world." And he's been able to achieve that, so it goes back to that. I think we're putting a lot of resources to kind -- to be able to achieve his goal. And I think that for us, you're pointing out that, that's not our guide, it's not. It's just here's what a case looks like or 2. And we think they're reasonable in terms of how we think about the future.

So since that was just a clarification, just one last piece I wanted to ask, which was you didn't mention deal cycle time. Is your deal time to close shortening?

Yes. Well, I'll touch on it and then, George, you can take it. So well, the good news is when we talk about the AWS part of it, it's becoming more and more of a meaningful number. The good news with AWS, they have a -- they have an enterprise contract. And what that is, is when -- again, when a buyer and a seller both agree to that enterprise contract, then you've knocked out 80% of the terms of conditions or more, and you're able to really reduce that time line. So the more we do there, obviously, the lower the cycle time. But in general, what we're seeing is that the cycle times, whether it's the large or small, they're kind of still in that same box as they were, although this time, we're landing with more modules, right? So that's the good news and bigger deals.

Yes. Just, just to add to that, it's an interesting business in security because when you look at the delta of times to get that deal closed, it could be 6 months for a big company or 2 days for the same size company. And it really depends on their overall buying pattern, but it also depends on the threat environment. If there's an incident, they had an issue, they've got an efficiency that the compliance matter the Board has come down on them. And we've done deals in 2 -- we've done deals in literally million-dollar-plus ARR deals in 4 hours, right, through the AWS Marketplace because somebody had to have it. So it's -- you don't always see that in different industries. But I think in general, we've seen the ability through some of these channels, as Burt called out like the AWS really help accelerate getting deals to cut down the legal cycle time. But overall, it's been, I think, pretty robust.

So we only have time for 2 more questions. So we're going to take a question from Roger Boyd, followed by Matt -- Roger Boyd of UBS, followed by Matt Parron of JPMorgan, and we ask that you limit your question to one. Roger?

A little bait and switch for you there, George and Burt. So hopefully, a little bit of a spicy upside surprise. George, I'll start with you. On a unit-based opportunity, you mentioned some very staggering numbers around the number of PC units, and mobile devices and servers. I'm curious, can you shed some light on what your state-based market share coverage looks like today? And how do you, at very high level think about pricing dynamics and price elasticity as it relates to some of these very, very large numbers? And then I have a follow-up for Burt.

Sure. We don't go into all the specifics, but we're still in single-digit market shares in many of these areas. So again, that's why we look at -- I'm a simple math guy. It's like you look at the number of the devices that are out there, you look at how many potential customers are out there. You look at it 5 different ways. And you go, okay, yes, we're doing great. But we're still very small and very early in the customer acquisition journey. So -- and then obviously, the pricing is going to be different. Pricing is different on mobile devices versus IoT versus workloads and servers, and that's all accounted for and how we go to market and how we package.

Very helpful. And Burt, maybe for you. You gave us the tiering of customers in terms of what they're spending, what their module penetration looks like. I'm wondering if you can help us bridge the gap between the net retention rate by customer tiers. And more specifically, I want to understand if the 8,000 customers you have that are transacting with you at less than $100,000 of ARR, what their retention and churn behavior looks like because that to me is perhaps your biggest opportunity to really sell a significant amount more in terms of modules and what's covered for that base. So just any thoughts around the net retention rate by customer tiers, just to reconcile that with your global net retention rate number.

Fatima, great to see you. No offense to Roger, but always great to see you. So on the retention rates, we don't necessarily break them out, right? It's kind of like the big bucket. And -- but what I can tell you is that, obviously, the more modules that somebody has, whether they're bigger or smaller, the harder it is to rip it out, right? The good news is with the retention rates. And the net retention number is always very noisy, especially early days because, as I said, we're landing these bigger deals upfront. So that could have an impact on net retention rate, so you can see some fluctuation. We've done a pretty good job overall. But the good news is there is also that we've got just about -- just under 10,000 customers. So that base is growing and growing. And I think about -- when I think about retention rates and when I think about the 8,000 coming from that less than 1,000 in ARR group, for me, one of the strongest things that we have for that group is our complete offering. That's the turnkey solution. And once a customer of that size or any size for that matter, gets a taste of taste of that, they're like, I don't really want to go anywhere else, right? It's so compelling, it's the best in the world in terms of efficacy, and you've got somebody managing it for you, right? So you're getting the best in the world in terms of people who understand our tech and how it works. So it's pretty compelling.

So suffice it to say there is some price elasticity baked into your anticipation and expectation of providing more coverage footprint, whether it's a PC or a mobile device or an IoT device. Is that a fair inference?

Well, think about elasticity. I mean that's assuming you have one type of product and nothing happens for us. We've got 19 modules today, right? So at the end of the day, remember, I think this is for you in the full audience, it's about some value, right? So we're coming in and we're replacing other technologies and the total cost of ownership for all the different things that customers are looking for is less with us, even though the dollars to us is more. So that's how we think about it.

So our last question is from Matt Parron of JPMorgan.

It's Matt on for Sterling. Nice to see you. Burt, I just had a question for you. You talked about how the number of modules that customers are landing. That's basically doubled over the last few years, but you still maintained that net expansion rate above 120%. So how should we think about that metric going forward? And specifically relating to that $3 billion number that you mentioned, how should we think about the net retention rate playing into that metric?

Great question, Matt, it goes back to what I was talking about with Fatima, I think it's -- first, it's a noisy metric because, again, there's a lot of dynamics that play. Here's the great news. George talked earlier about how much headroom we have with respect to the logos, right? We're in the early innings. You saw some of the other companies that are out there, many, many multiples of where we are today. So we think we have a lot of headroom there. The great news also is that we're bringing in new modules. Since IPO, we added 9, right? So we're being able to offer that customer base, which is now just under 10,000, 9 more modules, right? And so we have this opportunity to cross-sell and upsell. With respect to the number itself, we chose that 120% benchmark because it seems like a -- that's a best-in-class company. And we've been able to show the strength of our upsell and cross-sell. But in any given quarter, it could fluctuate. And so for us, though, that the continued pace to increase the more modules we can offer our customers, the better it is for both cross-sell and upsell and net retention rates as well just as our initial land. So it's -- I wouldn't get hung on, on it too much. We're extremely proud of where we are today, with respect to both net retention and new logos, but we have a long way to go for both. And I think that's the message that I'd love to be able to indicate to everybody.

And with that, I'll turn it back to George for closing remarks. George?

All right. Thanks, Maria, and thanks to everyone who spent some time with us. [Technical Difficulty] Burt, I and the company are excited to go through additional details. I'm sure everyone will be busy digesting those. But as always, we try to be as transparent as we can. And I think we've got some good stuff out there that really demonstrates the value of the platform, proof point on the partnerships that we built gives you size and shape of where we're going in some of these long-term models. And for me, I think, again, just to reiterate when I talked about it earlier, is to leave you with, yes, we are a great endpoint company and a great workload company. And we talk about that market, which we're never, never going to stray away from. But I think we've demonstrated the power of the platform and the modular format and the adjacencies, that we've been pulled into and entered that make logical sense given the platform. And we're not going to stay away or stray away from our knitting, and we're going to continue to focus and build out this platform and continue our journey of customer acquisition. As we said, we're still in the early innings. So we do look forward to catching up with everyone soon. I hope everyone stays safe and healthy. And I know all of this, Maria, will be posted on our investor website at some point, so you'll be able to download this and go through it in more detail. So thank you. Have a wonderful day, and we'll see you soon.