CrowdStrike Holdings, Inc. (CRWD) Earnings Call Transcript & Summary

Okay. I guess that is my signal. Welcome. I'm Jonathan Ruykhaver responsible for security and infrastructure and software coverage here at Baird. I'm very pleased to introduce CrowdStrike. From the company, we have Burt Podbere, the CFO. So this is a fireside chat format. If you have questions, feel free to use that Q&A chat function. We'll get to as many as we can. But just to point out, directly following this conversation, we do have a breakout session for CrowdStrike where you will have additional time for Q&A.

So let's get started. First off, Burt, congrats on a very strong start to fiscal '22 which you reported last week. Can you just take a few minutes to -- just touch on the high-level commentary on the quarter and the more important factors driving that strong growth?

Hi Jonathan. Hello, everybody. Thanks for joining. It's a pleasure to be here. And thank you for your comments about our strong quarter. Yes, we were extremely pleased with our strong quarter. I think it really goes back to who we are and what we do, the fact that we're really the true pure cloud-native, cloud-delivered security company and the world is looking for that, right? We've seen this backdrop of incredible bad actors that are out there, whether it's ransomware or inside or whatever it is, in terms of the viciousness, the frequency, it's in the -- it's everywhere. And there are multiple factors for it, right? Other -- it's like a copycat right? If someone sees success in a bad way and continues to -- it just proliferates. And there are other things that have helped fuel that engine like crypto, right? So crypto taking off has enabled bad guys to receive payments through a system that's unregulated, right? So you have the backdrop of that plus the movement to cloud plus the movement to digital/security transformation. So you have all that demand coming in, and there are very few companies out there who can protect against that and we're one of them. So I think that's part of the reason we've seen our success and our record momentum. And as for Q1, the record net new ARR, which is the measure that we look at in terms of the health business. And in Q1, that's pretty impressive, generally speaking, for software companies and SaaS companies. Q1 is the toughest quarter. But for us to post a quarter that's larger than Q4, basically delivering 2 Q4s in a row, that's something special and so we're proud of that. We ran the tables in terms of being able to close deals in the quarter and we were excited about that. And then exiting Q1 and looking into Q2 and beyond, we're seeing record momentum in the pipe. So that's exciting to us.

That's helpful, Burt. Thank you. Yes. So the endpoint market is an interesting market, right? It's been around for a long time, and I think it's notorious for the intensity of the competition and that the lack of differentiation historically. And so I constantly get that question. Are we going to go back to the old days of the next-gen going to be able to catch up and deliver on similar functionality? Are they going to be able to scale in a similar way? So you had a next-gen vendor file their S-1 last Thursday. Actually, I think it was right when you were doing your earnings call, which was interesting. But maybe you can just talk to where you think CrowdStrike is differentiated, both when you look at Threat Graph and the back-end platform and then the applications on top? Where do you think that differentiation is and how do you sustain that differentiation?

Yes. To your first point about we've seen other security companies come and go in the past, and the past is -- it's a good example to say, hey, what -- take what worked and then leave behind what didn't work. And what we've seen is we see a company like Salesforce and what they've done in the CRM space, really build on this SaaS model, the strong business model that shows durability and sustainability and visibility and predictability. They were the early trendsetters for SaaS, right? And back in the day, nobody really understood how powerful that model is. Well, we saw, and we took a page out of their book in terms of how to do the business model. We had our tech visionary, George Kurtz, CEO. He kind of saw that the world is going to go to cloud. Okay, got that. But then he combined it with this strong business model, right, that the world is really coming to grips with today, you're seeing that durability in that space. And then you come back to -- you drill down one level below that, if you think about, okay, well, why is CrowdStrike special? Why have they been successful at what they do? And it goes back -- it goes down to kind of 3 or 4 specific principles. Number one, it's cloud, it's [ cloud-based ] right? But out of the gate, that was the vision from period 1 that said, hey, that's going to allow us scale. That's going to allow us to get smarter with every new customer that comes in, allows our AI to get trained better because we're seeing all the data come together in one spot. Number two, it's this whole idea of single agent, single lightweight smart agent, which basically acts as a consolidator to the space, right? So you've got -- historically, you've got all these single-trick pony companies that are out there that are great one day and gone the next. But for us, we're able to combine the different technologies into one single lightweight agent that allows us to consolidate in a seamless way. So the customer sees this one UI, everything is right in front of you, and that drives down total cost of ownership, right, because you're able to consolidate, something cheaper, better. But that's 2 of the main factors. But the third one, which really, really matter was the data. Being able to get the data, utilize the data, consolidate the data in a way that creates a moat, right? More data you have, the better you can train your AI, the better you can train your machine learning and the better efficacy. At the end of the day, we're here to stop breaches, right? Stop the bad guys. And if you get that data and you're able to utilize such a way that nobody else can, you're going to be better than everybody else. And it just continues because the more data you get, the more customers you get, you know it's that circle. And let me share with you the fact that that's hard to do, and also, you have to be super patient. Back in the day when there are a bunch of vendors in our size and shape, trying to bring out the fastest new mousetrap and put a marketing program around it, well, those didn't last. They all went by the -- like the [indiscernible], right, gone. We said we're going to be patient. We're going to get that data. And then we're going to create this moat that's going to be really hard to replicate. Even with a lot of money, even with great people, you've got to get the data. And once you get the data, the idea was collect it once and reuse it many times. And I think that's why you're seeing the differentiation come through for us, being a true platform that's data-driven. It's a so overused word, the word platform. But once you get there, it's super powerful. And that's kind of why I think we've been successful versus our competitors and even companies that you've just mentioned that filed and dropped their S-1 during our earnings call.

I want to stick on the competitive question, one more question on that angle. When you look at the market, you've got these platform companies like Palo Alto and I put Microsoft in that camp as well. Then you have the next-gen vendors. And I'm just curious, out of those 2 groups, what has you more concerned long term? When you look at this market, it's obviously an attractive market, and the needs in the market, which one of those serve those needs more effectively?

Well, when you think about the next-gen vendors, we're here basically because of them, right? They weren't able to scale. So we're still -- they're still donating share to us and I think that's going to happen for quite some time. With respect to Palo, I mean, they're in a -- they're a great firewall. That's what they do, right? And then when they went out and tried to acquire all these different companies that come, took a path similar to what we saw McAfee do, which ultimately didn't work for the customer, things that are patchwork, hodgepodge put together. I mean, there are going to be different pieces that we compete with them in a more material way than others. But as a whole, not so much, right? And so the good news for us is that we continue to take share from the likes of theirs. And Palo, really, we don't see them very much out in the field, to be quite honest with you. And I think that gap is going to only increase.

Right, okay. So you mentioned the data angle. I wanted to ask a couple of questions regarding the recent acquisition of Humio. It really seems like a transformative deal in terms of what it can do to Threat Graph and also what it can do around extending your capabilities around XDR. So I want to talk about those -- both those. But first, help us understand Threat Graph. You talked about the index-free technology. Can you just elaborate there and what that means in terms of the data you were able to source in terms of adding value to that overall backend?

Yes. So 2 different concepts. One is the Threat Graph, which I mentioned. So Threat Graph for us is kind of the brains behind everything we do. It organizes the data. It -- we're able to utilize that data in such a way to prevent obviously, breaches and obviously even incidents. The Humio acquisition, it does a variety of things for us. So number one, I think we -- when we think about Humio and why we acquired it, we thought first, there's this XDR, right, which the foundation of XDR is EDR, which we basically own, right? We're the leader in EDR. And so it's an extension of that. But we were already doing XDR well before the term came to prominence that it has today. And so for us, I think about that first step that Humio offers us, which is even more data coming in that can be ingested by our Threat Graph and make, yes, some of our other technologies even better, right? Whether it's the Threat Hunters or whether it's folks that work in our complete offering, which is basically we run everything for our customers, that's ours. And so I think that the first thing out of the gate for Humio acquisition will be an XDR module. Stay tuned, it's not launched yet. We got to still kind of integrate it. We want to make it as seamless as all our other modules in our platform where you just press a button and boom, off you go. But I think that for us, the telemetry, the additional telemetry that we're going to get is going to be -- it's going to amplify our abilities to be even more effective in stopping the bad guys. So that's, that one with Humio, which is -- which we're very excited about. Then we have some other things that are going to be available to us like lock management, for example. It's not -- it's a foray into it. This -- you talked about this index-free adjustment. We talk about it. That takes up the friction, right, time to be able to access it. It's massive. The difference is enormous, right? When you think about it, right, if it's index-free, you don't have to go through all the time and effort to kind of index things, which consumes compute time and everything else. So the log management piece of it, that's going to be exciting for us too down the road. Now obviously, the XDR and the log management are just 2 legs of the stool. The third one is observability. So when you think about companies like Datadog and others, we're going to go after the [ 80-20 ] rule, right? What do customers cost? What are the things they want from observability because we can't do it all out of the gate, right? Over time, yes, but -- and so we -- so the beauty of the model, of course, is when you buy something like a Humio or even a Preempt, the idea is to plug it right in, press the button and boom, there you go and continue to use the -- collect the data once and use it many times. That, we never want to stay away from. It's made us who we are today. This just gives us additional use cases for our customers to basically continue to consolidate, using that in a single lightweight intelligent agent.

Yes, That makes sense. Okay. So endpoint EDR, EPP, the workload protection of physical servers. You guys are doing extremely well. It's a big TAM. And it's just the -- as you've seen in multiproduct -- multi-module adoption as well just driving that TAM. But what I wanted to talk about is just the cloud security opportunity because I think, for me, it seems like that is kind of the next largest opportunity over time. And as George likes to point out, the dollars spent there are just a fraction of what the overall spend is to support that infrastructure route to cloud. So can you talk about those 3 products you sell today, CSPM, Cloud Discovery, Cloud Runtime Protection? How those products are doing, what the adoption rates look like? And how do you see the sale progressing? I know there are separate modules, but do you see a single SKU just broadly covering cloud security in incorporating those elements over time or it's going to continue to be separate modules? So a lot to unpack there, but I'd love to hear your thoughts.

Yes. That's okay. So let's start at the highest level. So remember, we just launched some of those modules, right? So the actual raw numbers aren't that big. Having said that, as a group, we've doubled our ARR over prior quarter, like the numbers were small. It's still very early days. And then to your point, it's still a really underserved market, right? I think that only about 1% from last year from IDC revenue was attached to cloud platform and infrastructure spend. So we've got this huge amount of room to be able to go in there and we think we're uniquely situated. We're pretty much the only ones doing it. And so by being the first to market with respect to offering those types of solutions, I think we're going to have that first-mover advantage and getting people to get excited about us. I think that customers are rapidly understanding the priority for protecting cloud workloads, certainly, as they undergo their digital transformation and security transformation. This is a big piece of that. And we think that by providing those solutions, which we talked about, are those the things that really matter? Like misconfiguration is a big one, right? And our Horizon Module helps with respect to making sure that, that doesn't happen. And when you think about cloud and certainly protecting the cloud, it becomes intricate. It becomes something that not everybody is used to. So I think what that means is that you're going to see the new technologists within companies are going to come in and talk to the people in the old guard and say, look, the old solutions, they're not going to work, right? They don't work. So here's what I think you need to do. You're going to need to look at companies like CrowdStrike that can come in and protect those workloads that are in the cloud as well as obviously traditional workloads. And I think that's going to be -- that's still yet to come. I think there's still an old guard out there that think the old technology is good enough. And it's not. And it doesn't even go into the cloud, right? So I think that all those things combined really leads us to a really bright future.

Right, but still very early. So it's the...

Still very early, absolutely.

So the core market for EPP, I think Gartner and most recent Magic Quadrant, congrats on that because you guys were, up until the -- further step into the right. But in that piece, they cite that 65% of enterprise EPP market is currently using a cloud-delivered solution, which suggests that we've seen pretty aggressive cloud growth over the last several years. But I was surprised it was that high. And maybe you can kind of peel the layers back here because I think a lot of that is the legacy guys who plan to have a cloud-delivered solution but really doesn't scale. So where do you think -- the question really is around that legacy market, where we are in terms of the share shifts. Are we in the third inning, the sixth inning? Your thoughts there would be great.

Yes. So first, you're spot on. I think that the number of 65% does include the legacy providers who take a module and stick it in the cloud and call it cloud, right? And so you're not getting anywhere near the benefits of a cloud-native company, which I already talked about, right, which are huge, right, in terms of stopping the breach. So I think that -- it starts there. Number two, I think that with respect to the endpoint protection and certainly, in the -- in terms of how Gartner looks at it, the goodness is I think Gartner looks at the same degree, right? It's got the traditional PC servers and then you've got cloud workloads and you've got devices, right? So they see it the same way. The fact that they threw out 65%, I think, is a little bit misleading, just given the fact that what's in that bucket is not really -- certainly on the, what they call cloud endpoint providers. It's really not, right, is the bottom line, right? And it doesn't take a senior technologist to go realize that they need do a testing, right? And the minute they do their testing and we get into a POB, it's pretty much game over. So stacks are great. Gartner's great. Showing us on the top right is great. I love all that stuff. But what really matters is what the customers are saying, right? And customers talk. We've got over 11,000, right? So we're covering all industries in all geographies, and they all talk. And so for us, we think that we've got still a tremendous amount of headroom. We're 11,000-plus customers today. But when you think about what other vendors have had over time, it's tiny, right? Some customers have 200,000, 300,000 customers alone -- sorry, some other competitors that, at one point, had 200,000, 300,000 customers by themselves and we're at 11,000. So I think -- I'm not going to say inning 1 because I think we're a little past that but it's not too much into 2 or 3.

So that if you look at that 65% that they cite and you strip out the legacy guys that claim they have some cloud-delivered capability, you just look at the true next-gen vendors, is it 10% of the market? Probably, right? Less than 10% even?

I'd say even less than 10%, yes. Less than 10%, yes.

Okay, yes. I think...

Yes, that's how I think about it.

Yes. Okay, good. We're on the same page there. So a couple of e-mail questions for participants. So this one is how do you compare with Datadog on cloud workload security? So it might be hard for you to really know. I think Datadog's offering is so early that you might not have a feel for that. But I guess you can address that if you feel like you have a sense for what that might be. But it's not just maybe a comment on the overall move by these observability vendors into security, your thoughts there.

Yes, whether you take Datadog or you take other vendors in other spaces, really, really hard to go into security, right? I mean, security is one of those things that you want to have folks that have been brought up in security that started with the right technology, right sheet of paper and said, look, this is what security's going to look like. Stick to your guns and make it work. Other folks coming in like, We don't see Datadog from a security standpoint, right? But they're too small. It's just -- we don't see them. Now for us, we think about if you start in security, which is really -- and it goes back to the data. And you've organized the data in such a way and you created this ability to collect data once and reuse many times, you can go into those other areas quite seamless, right? I mean, I think that one of our earlier modules, Discover, which is not pure security, it's an adjacency, a customer said to us, you already have all the data. You know it's going to be on the environment. Just flag it that way. And literally, we were able to knock out a module in a couple of months, right, or less because the data was there. All we had to be was flag it in a certain way, it was really easy. So I think that from our standpoint, it's much easier going from endpoint security to adjacencies, right? And really, to think about us, it's not just endpoint security but endpoint, period, right, which is where we play. I mean we -- George often talks about -- it's all about real estate, right? Having that agent at the point of contact or where the bad guys are going right away. That's the difference right there. And if you've got that beachfront real estate, then you can build around it more successfully than others who aren't there and are trying to get there. And I think that's the difference.

Yes, okay. So the next question that I wanted to ask was really around the high -- you guys have built up a really successful high velocity inside sales motion augmented by, I think, trial-to-pay, these in-app trials, you offer another mechanism to really eliminate friction. And I'm just wondering how much more can you do there, especially -- and so you start to leverage more traditional channels like resellers. Is that something you continue to benefit from when you go to the channel? Or does that actually start to impede the sales velocity?

No. I think if anything, it's just helped the volume. You've seen the numbers in terms of our net new adds. We had a record number of net new logos in the quarter. A lot of that is velocity from SMB and mid-market, and a lot of it is coming from those free trials, right? And so I think one of the -- yes, I think one of the next evolution of that is also our own -- creating our own marketplace, right, and being able to flag it in such a way that people go to that area and boom, they've got -- in there would be the free trials and everything else, but it will just be so easy to kind of go and pick and choose on what you want to do. And so I think that's the next [ rev ] as well as just continue to getting better on flagging the trials and flagging the free trials. And just ultimately, we want to get to the point where you basically -- someone free trials and press the big red button, credit cards or whatever are then paying and you're off the races. Sometimes, those free trials are lead gens where they're handed, like the red button is pressed right out of the gate. You've got that lead. Somebody went in there and tried it, and then you've got an inside salesperson going in and contacting them and closing the deal. So there's more to do on that but I think that we're not early days there. We're mid days and now we're just going to get better at it.

Yes. Yes. No, it's exciting. I mean, you guys called out, I think your Analyst Day that Partner Source ARR in fiscal '21 grew faster than total ARR. So that tells -- that says a lot about your positioning and the money that those partners are making working with you. But I think for me, more spectacular is the growth you noted in ARR transacted through the AWS Marketplace. And so that's what I wanted to talk about, that's a new channel relative to what we've seen in security historically. But how sustainable is that? And can you build off of that on an ongoing basis? Is there something that's more just onetime about that? Did you see that as an ongoing part of your sales motion?

Yes. I think that for us, the AWS partnership has been very successful, right? I think if we start with AWS then I'll go back to the channel. The AWS relationship has been made easier because they've seen the tech, they love the tech. They see -- they know it works and they're willing to commit to it. And what does that mean? Well, it means that when we go to market in their marketplaces, a customer comes in, we'll pay their reps, they'll get credits. They have the -- think about it as a Starbucks card where you come in and they can draw down on credits they have on the usage of their other products. And they can use those credits to purchase us. So that makes it easy. Then you've got -- they have something called an enterprise contract where if both buyer and seller are on that enterprise contract, you've knocked out 80% of the [ Ts and Cs ]. So you've knocked out 80% of the time that needs to go back and forth on the negotiation so you're able to close the deal 80% faster, round numbers. And so for us, that ability to continue to share in the success has been phenomenal. And I think that AWS is probably one of the most transacted ISPs in the marketplace, right? I think for us to be associated with that really matters. And you saw the numbers at our Investor Day, they're not small, right? They're real numbers. And I think when you have -- when you combine the ease of use, you combine the enterprise contract, you combine it with quota relief on commissions and you do all that and you're kind of going to see that, wow, you can really speed up the process, get volume through there. And that matters. Now the good news is it's you can repeat that and you can do it in other places. But I think one of the things, on your first point, about the traction we have with our partners is that we are a partner-first company, right? Why it works is we're getting pull from the customers, right? So when you get pull from customers, the channel is going to feed that pull, right? And ultimately, what are customers looking for? Ultimately, we're looking for the best company in the world to stop the breach, that's us. There's not even a close second, right? So the fact that we're so effective in what we do, couple that with TCO being lower, coupled that with the ease of use and ease to implement, and you're kind of going, why would I go anywhere else? And I think that's kind of what is resonating in the community today. And our partners, and we take care of our partners, as you said, right? I'm an executive sponsor for one of our largest partners. So I'm on a call every quarter with that partner, every quarter. Then we go through quota, we go through how they're doing, what can we do different, what are you hearing from customers, what can we do to make it better for you. So each one of the executive staff is associated with a partner and talk to them every quarter or more to make sure that, that relationship is continuing going down the right path. It's not like you sign a piece of paper and that's it and you move on. No, it takes effort, time, sometimes, money to make sure that it all works out in the end. And we do that. And we are a partner first, not just getting volume through but really integrating, being part of their team, them being part of our team. We're a little unique in our market because our direct sales force. It's their book of business but their book of business includes the partner. So that's how we all make it work, right? And they provide such incredible breadth, right, and reach that we couldn't do by ourselves. Even though we have a robust go-to-market and sales team, it is still small compared to what a real channel could do for you.

Yes. Well, unfortunately, we've exceeded our 30-minute time limit.

We can keep going forever, Jonathan.

Well, so to remind everybody, in 5 minutes -- less than 5 minutes -- we'll have a 15-minute session for folks online just to ask Q&A to Burt. But Burt, thank you very much for participating. Everybody online, thank you for joining. Next up in this session is 8x8. And hopefully, we'll see everybody -- or some of you in 5 minutes. Thank you.

Thanks, Jonathan. Great to spend time with you and your investors today.

Thanks.