CrowdStrike Holdings, Inc. (CRWD) Earnings Call Transcript & Summary

I appreciate you joining us today. I am Patrick Colville, a senior analyst at DB, covering the cybersecurity software space. The format of this session will be a fireside chat, with a listener Q&A. There's a chat box where you can ask questions. Any questions will be anonymous, so we're not going to mention your company name or company affiliation. So let's kick this off with introductions. We've got George Kurtz, the CEO and Co-Founder of CrowdStrike, here with us; and we also have Maria Riley, the Head of Investor Relations of CrowdStrike. As everyone I'm sure knows, CrowdStrike is a cloud security pioneer and a leader in endpoint security. George and Maria, thank you so much for joining us.

Great to be here.

So I guess, let's just go straight into questions. I think it's pretty well understood by all that the cybersecurity risks facing the enterprise and facing the kind of federal vertical are only increasing. But can you describe from CrowdStrike's perspective how you see the cybersecurity landscape changing and I guess, how CrowdStrike plays into this changing cyber landscape?

Well, the threat landscape has been changing for some time. We continue to put out annual reports where threat environment continues to get worse. And the way we break down the threat environment, just to put in context, is 3 key areas. One is nation-state threat actors; second one is e-crime; and the third one is hacktivism. And if you look over the last number of years, there's been a change in some of the activity from those actors. And what we've seen is that nation-state actors and their sophisticated techniques have actually trickled down into the e-crime actors. And they have basically adopted those sophisticated techniques for something we call big-game hunting, which is actually getting into the systems or companies, planting their ransomware and then deploying it and encrypting systems en masse. And that's different than just sending a phish e-mail and hoping to get 1 or 2 victims. So there's a lot of money to be made right now. There's a lot of business impact that we've seen. And business is pretty good for the e-crime actors.

And I guess, I mean, you made a number -- like a number of interesting points there. I mean is -- nation-state threats, you could argue, probably weren't really a thing 10 years ago. Stuxnet maybe kind of kicked that, the whole process off. So are they becoming kind of more of a threat of late? Is the kind of balance shifting between those kind of 3 areas, nation-state, e-crime and hacktivist? Or -- and kind of based on your conversation with customers, which are the ones that like, I guess, are causing the most problems or worsening, or you've seen the kind of biggest deltas?

Well, in 2007, '08, '09, '10, the buzzword was APT, advanced persistent threats. And a lot of that was nation-state actors, and it became well known some of the capabilities from the nation-state actors. Obviously, they've advanced those capabilities over time. But again, we have seen a shift into the capabilities of the e-crime group. And I think the, really, the motivation is dollars and the fact that it's so easy to actually do this. There's a pretty well-tried and true system of buying access, buying malware, buying ransomware as a service. You really don't have to be even all that sophisticated. You can just buy off-the-shelf elements or services that you need and execute these campaigns. And that's what we've seen over the last 10 years. It's become much easier for individuals or smaller groups or e-crime actors to pop up and execute a well-oiled machine of raking in a lot of money.

And I guess, I mean, one of the kind of big trends of the pandemic was distributed workforce, which increased the threat perimeter. I guess how do you see that kind of threat perimeter changing now? I mean are we -- is -- the last 12, 18 months for CrowdStrike has been a really kind of a great period for customer acquisition. How do you see the threat environment playing into CrowdStrike's strength or not? Or you just like -- I'm trying to understand, I guess, how we should think about the kind of the next 12 months from here.

Well, I think there's 2 factors that I would look at that are sustainable tailwinds. Number one is when we think about the threat environment, as I talked about earlier, continues to get worse every year. And it's unfortunately just the reality. So -- and what we've seen is that Boards of Directors are incredibly focused on this, 1 or 2 top risk for any Board. So that's a trend that we believe we will continue to see as the threat environment continues to worsen. The second one is digital transformation. That was really, to your point, around the pandemic. Obviously, a lot of companies have been going through that. They've been moving systems to the cloud. They've been adopting SaaS services. And with that digital transformation comes a security transformation. And we believe that's a long-term event as well. That's not going to happen overnight. And as people move to the cloud or they retool their systems, obviously, they're looking to get off legacy-type systems. And they're also looking for more modern security technologies like CrowdStrike to help them not only secure the cloud environment, but also make sure they have the right policy settings and configurations. So those are 2 events that we see as tailwinds, and we don't see them subsiding anytime soon.

Yes. That's fascinating. And I guess, I mean, can we just jump into the kind of competitive dynamics? SentinelOne has been getting a lot of attention in the investment community post its IPO. They printed their results last night, 127% ARR growth. How often do you come across SentinelOne in competitive bake-offs?

Well, we certainly see them out there, a lot of competitors, whether it's them or Microsoft or other competitors that are out there. And I think it's a symptom of the fact that the legacy players that are out there haven't been doing a good job with their technologies, and customers are looking for something else. And when you look at what we've built and the success we've had, and just put in perspective, you can look at our numbers and we're 1 year older than SentinelOne, I think what we've built and the financial success is really indicative of what customers are looking for, technologies that are true platforms, that are focused on stopping breaches.

And I guess, I mean, versus SentinelOne, just not to kind of flog a dead horse with that one, but when does CrowdStrike typically win versus SentinelOne? You mentioned the platform, you mentioned maturity, but just trying to understand, I guess, the kind of factors when CrowdStrike will win. And conversely, SentinelOne obviously has a book of business. When does SentinelOne beat CrowdStrike? What are the kind of the factors that cause them to win?

Well, we -- if we get into a bake-off, we'll typically win. And the reasons why we win are, again, a true platform; a multi-module support; some of the service offerings that we have around it, like Falcon Complete and OverWatch, which are incredibly valuable for customers; and the fact that people are looking for something that's easy to manage, easy to use and easy to deploy and actually works. We've won multiple SentinelOne accounts that I've called out in the past because of scalability issues, false positives, system impact. And when you look at the architecture, you can't have an on-prem promise -- an on-prem product and claim you're cloud native, right? So if you're cloud native, then you must have 2 codebases and lots of limitations. We don't have any of that. And I kind of look at Salesforce, there's no on-prem version of. There's no on-prem version of our technology. So the architecture is really key in winning this and efficacy and the fact that we do have the best prevention in the marketplace today, and we actually test it and put it in writing. If we lose, it could be on price. If we lose, it could be on relationships. But what we found is if we lose on price, it generally boomerangs back to us because the technology struggle to be deployed, multiple deployments kind of just fail or take so much time to get through the environment. The other thing that I'll point out is we're realtime, they're batch mode. So even if you look at their system requirements, 25 gigabytes of storage space, which means they're storing all that data locally, we stream that data to the cloud with a 50-meg versus 25-gig requirement. And that's the difference between marketing and actual technology.

Yes. I mean fascinating. And I mean, to the audience, if you want to ask any questions to George Kurtz, the CEO of CrowdStrike, if you want to ask a question, please drop it in the chat box. We're not going to mention any names or company affiliations. And one of the questions I got over e-mail was about price. So you mentioned price is something that SentinelOne sometimes compete with. Just help us understand the delta. More like, are they just -- do they go in cheaper for kind of a like-for-like product? Or just help us understand kind of that difference.

Well, that's the thing, it's not like-for-like, if you look at the 19 modules that we have versus they've got an AV product, which they started with an EDR product which is a bolt-on. So when you compare like-for-like, and we do this all the time, the value that we provide far exceeds anything that's out there. So we spend a lot of time on selling value to the customers. We call it BVA, Business Value Assessment. And when we go through that process, I think it's clear to customers why we win even if we have a higher actual price point. The value is there because we're consolidating agents. We're helping them on the headcount side, which is hard to get. And the reality is I don't know many security practitioners that want to buy leaky lifeboats, right? You can get a great deal on a leaky lifeboat, but in security, it's all about preventing the breaches, not stopping malware. And that is a big focus for us. And you look at our tagline, "Stop Breaches," it's pretty simple to understand. That's why I built the company because many of the companies out there are focused on prevention-only and prevention of malware. But a good example of that is if someone phishes you and gets on to your computer, uses legitimate credentials, there's zero malware to prevent, zero. There's nothing that's going to stop that, assuming you didn't have 2-factor authentication. So now you're on a system, you have to be able to identify that very quickly and be able to stop an incident from turning into a breach. It just happens all the time. So we're breach prevention-focused rather than malware-focused. And obviously, we've got world-class malware prevention. But that's what folks are buying. They're buying the complete system of being able to stop breaches and more than that, when you look at vulnerability management, when you look at what we're doing in asset identification and inventory and threat intelligence. And you go down the list of the 19 modules, identity, we have identity, they don't. Let's look at the SolarWinds breach as an example. Most of that was identity-based. We're the only endpoint player in the market that is doing Zero Trust at that level from an identity perspective, and it's really resonating with customers. So there's a difference between a Fiero and a Ferrari, which I've said in the past, and you can buy something that's cheap, but odds are you'll probably be back to buying CrowdStrike.

Yes. I mean that's helpful. I mean can we talk about Humio and the identity product, if we may? I mean just help us understand what that brings. And you mentioned that CrowdStrike is the only endpoint vendor that has an identity solution. I mean why is that important? Why is having identity onto your platform something that is compelling for customers?

Well, you have to step back again to what I started with, was we want to prevent breaches, right? We do more than that, but we want to prevent breaches. It's a core part of what we do. Over half the breaches actually don't use malware. Let me say that again, over half the breaches don't use malware. So when we go down this path of AI and malware detection rates and things of that nature, that's great. That's a nice discussion to have. That's a bit of table stakes. But it's a complete system that's designed to identify not only malware, but also other breach indicators. So when you think about identity, and I use the SolarWinds attack, the SUNBURST attack that we saw last year, a lot of it was based on identity, abusing directory services, laundering those connections between on-prem and cloud, Azure AD. And we have deep visibility into all the AD products that are out there. We use AI. And this is technology that we've acquired from Preempt that's now built into CrowdStrike. We use AI to determine is it really George on a system, where do I want to go, what's the trust score of that system based upon the identity and the health of the system? And then we create a Zero Trust score, and we can hand that off to companies like Okta, identity access brokers, or Ping or others. So we don't do what they do. We -- actually, they're a great partner of ours. We look at the hygiene of the system and we look at the identity of the user, and we can actually empirically score is it really George on the system or someone else. And a big element to that is stopping lateral movement. We can actually stop the movement of getting on a system and then moving laterally. We can do that, the others can't. And the identity is a huge element and really resonating with our customers. So that's the Preempt piece. The second one you asked me about was Humio, which is in the log management and observability space. We're really excited about that technology, incredibly scalable, index-free ingestion of data and basically ingests whatever you want without creating an index, ask any question you want of the data, get an answer, 15x the compression versus competing products. And that technology is also now being adapted into some of our other platform offerings. So not only will we continue to sell that as stand-alone log aggregation, SIM-type product, but we're adapting the technology for other core parts of the platform to complement the Threat Graph technology that we've built.

And I guess, I mean, those 2 products, those are Preempt and Humio, like is -- are they going to be typically adopted by your very largest kind of enterprise customers that have kind of complex environments? Or will they be more suitable for the kind of midsize-type customers that have the, I guess, more kind of simple environments and maybe more web apps?

I think both. If you look at Preempt, once it's integrated to the system, it's a matter of turning it on and getting visibility into your direct structures or enforcing policies. So we make it pretty easy. And if you look at Humio, that's anyone from the largest companies, to the smallest SMBs. A big part of the business too is around visibility into cloud environments, Kubernetes environments, production environments. What you can map in, in terms of data is unlimited. So it's really what do you want to solve. We have people solving use cases that are way outside of security, and they're small little companies. So that's why we're so excited about that because data really is the oil that makes everything run in today's environment. And given the amount of data that we ingest, it's a really competitive moat for us. So we have the ability now with the structured data in the Threat Graph, which is massive, and also the unstructured data that we take from other sources, to combine those together to create a really powerful solution. And that really then continues to power the AI algorithms that we have that continue to learn and train off the data that we ingest.

Got it. Can we talk back to the competitive environment? And we've got a couple of questions coming through. I mean I would love to ask you about Microsoft, given that they're kind of a 1,000-pound gorilla. But I think maybe, first, we'll talk about Palo Alto. I mean in their earnings earlier this month, they disclosed that their Cortex product is over $400 million of ARR, which, for me and I think many, was a surprise, how big that is. Do you see those guys often? If so, where are they competitive? And they would argue that the network and network security is a kind of obvious platform for consolidation. I guess you would argue that the endpoint is more of a platform for consolidation. Just help us understand, I guess, CrowdStrike's side of that debate.

Well, we focus on the endpoint and workloads. We think that's the tip of the spear for the breaches. When we think about a breach, a network is basically the highway that the bad guys drive on to get to the businesses and the houses to rob. And network firewalls, as an example, have become nothing more than a speed bump on the information superhighway. They're not going away. People still have them. There's requirements. We get that. But at the end of the day, if you think about a breach, every company you've ever read about had 2 things, a firewall and antivirus, and they still got breached. So if you take that perspective, you realize why endpoint is so important. And I think, for us, it's important to say what we do is what we don't do. We're not network providers. We're not firewall box vendors. We're not e-mail security providers. We work with all those partners that are out there. And I think that's what customers are looking for. They're looking for the best-of-breed platforms like us and Zscaler or Okta, others, where they can assemble these platforms together to create a compelling solution. So when you look at Palo Alto, certainly a good company, respect for them. But at the end of the day, we were the company that really focused on endpoint and workloads. And in my career, and I've been at various companies, I haven't seen companies that were able to really put network and endpoint together and be super successful. So we like our opportunity there, and we'll continue to compete as we always do in the field. And good news is it's a big market.

Yes. That chasm between endpoint and network is something that has not been crossed. Yes, it's interesting. I guess with Cortex, I mean, where are they competitive? And where do you see them doing an okay job? Is it certain kind of segments of the market? Is it kind of very price-sensitive accounts? Or just like help me understand like where you might come up against them.

I think they do a good job with wrap and rolling, so if they have a customer that has lots of firewalls, wrapping it all together and rolling it into bigger licenses. But it's -- we don't come across them all that often. And it's probably more North America than anywhere else. Certainly, we would see them in the cloud space. They -- Cortex is really -- and a lot of what they're doing is an amalgamation of a lot of the acquisitions they've done. So if you look at what they bought, from a cloud perspective, that would be competitive with Falcon Horizon, which is our Cloud Security Posture Management technology as well as we've got Workload Protection, security that runs in containers and serverless environments, things of that nature. So that's probably where we would see the most in those areas. And that's a function of the acquisitions that they've done.

Yes. And I mean, I guess, just kind of switching to Microsoft on that competitive sphere. We've seen in other areas of security, name and identity, Microsoft seemingly double down and become more competitive. What's to say that they don't do that in endpoint security and become more competitive in that space?

Well, they've been at it for a while, and you've got to look at the underlying technology which they get back to. That was an antivirus company they bought in 2004, still signature-based. They've added other things and acquisitions around it. But at the end of the day, Microsoft is not a security company. That's not their focus, as we know, just look at their revenue. And customers are looking at this, and there's a bit of a crisis of trust that is just another Microsoft Azure AD vulnerability exposure that was announced today. So you have a lot of customers saying, do I really want to put all my eggs in one basket? Do I want church and state to remain separate? And the reality is, when you think about most enterprise as an example, they don't have just Windows, right, they got Windows and Linux and Mac and all kinds of other things. And people are looking for a holistic solution that encompasses more than just technology, but it also encompasses things like threat hunting and Falcon Complete and turnkey solutions that are focused on this. So end of the day, Microsoft will always be successful. They're Microsoft in certain areas. But when you look at the myriad of consoles they have, the complexity and the fact that a lot of these breaches were being protected by Microsoft technology, a lot of these ransomware outbreaks, people have to scratch their head and go, do I really want -- yes, I will use them for my operating system, but do I really want to put all my eggs in one basket and leverage them for full protection as well as the operational complexity that it brings? So certainly, a formidable competitor, but there's a lot of reasons that we win deals as opposed to Microsoft.

Yes. And I guess, I mean, can we switch to Zscaler now because Zscaler is a company that, like CrowdStrike, has seen just phenomenal success. CrowdStrike is a partner with Zscaler. Just can you just help us understand that partnership better and then how that's enhancing -- your partnership with Zscaler's enhancing your process?

It kind of gets back to what I talked about earlier. When customers are looking for best-of-breed, they're looking at really best-of-platform. And it started years ago with best-of-breed, then it was best-of-suite, now it's best-of-platform. And what I mean by that is, again, it's just assembling the LEGO blocks. Customers don't want to spend a lot of time and money in hiring people to just build security tools. They want to say I built a -- I bought a platform of CrowdStrike on my endpoints and workloads. I bought Zscaler. And I want to connect them together via APIs, are all cloud-based. And they're really good at the network. We're really good at the endpoint. Again, getting back to the focus, we think that's the best way to go. So we actually have created the Zero Trust scores that we can hand off to Zscaler. We've got integrations, where activity we see can be correlated with stuff that they see. There's actions that can be taken that are, again, more than just alerting. And we've got field engagement. We are routinely selling into each other's accounts and leveraging that, and it's worked out really well because you got 2 great technologies that work and play well together. And that's what customers are, in my mind, are looking for.

Yes. That's helpful. Can we talk about the, I guess, the public cloud tools? It's an area where a number of vendors have options there and including Palo Alto, including Zscaler, which you just mentioned, including SentinelOne. Can you just help us understand why a customer would choose CrowdStrike in an area like Cloud Security Posture Management or Cloud Workload Protection platform rather than these other vendors? Is it typically a kind of platform-type sale? Is it superior technology pricing? Just kind of help us understand that motion within this kind of public cloud sphere.

I'll start with it just works. It's super easy to deploy, very low overhead. I talked about 50 megs versus 25 gigs for a Linux server for some of our competitors. It was built in the cloud, for the cloud. You have to keep in mind that we've been at this for 10 years. We use our own technology to protect our own cloud, which is -- and clouds that we have, which is one of the largest in the world. So we built a lot of this technology. So when you look at Falcon Horizon, which is our Cloud Security Posture Management, we looked at all the technology that was out there. We looked at all the technologies that Palo Alto bought. It didn't meet our needs, so we actually built our own. So when we deployed and launched Falcon Horizon, it was actually technology we just took and built in-house and then kind of recreated it in Falcon. And not only does it give you, what I would call, indicators of misconfiguration, it also gives you indicators of attack, which is different than our competitors. So we've taken that expertise that we have in behavioral attack vectors as well as AI, and we've applied that to misconfigurations and cloud attacks, which we're getting. In that particular case, you're getting that from the APIs of the cloud vendors. So we think it's differentiated. And why are customers buying it? Well, it's integrated. It's so easy to use as part of the Falcon platform. Let's start there. Two, it doesn't get in the way of DevOps, which is really important, easy to deploy. We can run underneath the operating system. We don't have to deploy in containers. We can, if you need to. So we've got a lot of flexible architectural issues that don't slow things down, don't require lots of overhead. And in one console, we have a large financial services, probably a Fortune 100, that use us in the cloud as well as in the -- on -- in their internal environment. And the beauty of it is it doesn't matter where anything is. It all shows up in the console. It's all there. It's visibility across all these different platforms. So I would say that's a key reason why we win.

Yes. And I guess, I mean, in public cloud, I mean, we see kind of 2 opportunity sets. One is protecting the kind of IaaS workloads, which you kind of -- I think you protect in a kind of more traditional way, with a kind of an agent on a virtual machine. And then separately, what we were just discussing was kind of protecting more kind of modern PaaS, workload, serverless, containers, Kubernetes, that kind of stuff. Is that the right way to be thinking about public cloud security, kind of just really bifurcating IaaS versus PaaS?

You can look at it that way. I think, for us, we just try to keep it simple. We've got an agent that can run on the underlying operating system and is smart enough to introspect into any of the workloads that's running. So it's super performant. If you wanted to run in a workload, we can do that as well with very little overhead. And even serverless environments, again because of the deep integration we have at the kernel level, we can instrument what's happening across any of those workloads, right? So a serverless workload is just kind of a function that happens in the operating system that's containerized, right, using sort of modern kernel architecture. And we can instrument that and we can drive prevention outcomes through that. And that again goes back to the architecture. And we spent -- just to give you an idea, when I started the company, we spent 6 months creating an agent, just this 1 feature was 6 months, the ability to install without a reboot. Our competitors have to reboot. So you look at the adoption rates and time-to-value at CrowdStrike, it's immediate. The ability to roll out at scale with some of these large banks, 400,000, 600,000, 800,000 in a month, 1.5 months, is like unheard of because we don't have to reboot a business. And our competitors have to go in there and not only install it and manage it in a different way than we do, but they actually have to reboot everything. So it's that level of fit and finish and thought that goes into it that you may not see on a glitzy PowerPoint that the customer actually sees and is a pain point if you're actually not doing it.

Yes. That's helpful. Just I guess, sorry to jump around, but getting quite a few questions on, I guess, the TAM and the displacement opportunity. I mean first question would be, if you -- the coronavirus was clearly a big tailwind for CrowdStrike in terms of customer adoption and agent adoption. I mean how are you seeing kind of companies think about the security strategy now kind of going forward? Probably would be one question. And then I think the second question would be how much of your installs are displacing a legacy kind of AV technology versus are you increasingly seeing displacement of a competitive next-gen AV or EDR vendor?

Let me start with the first one. And when we think about corona, yes, you had the initial "people are buying laptops and working from home", but that was short-lived. And really, what we saw is this digital transformation and the security transformation that goes along with it. And that's everything from modernizing the internal systems or the laptops that they have or how they work from anywhere, or it's again protecting and instrumenting their cloud environments. And to us, that's sustainable. When you think then about who we're replacing, certainly McAfee and Symantec are the big share donors that are out there. We continue to replace them. It's just a great environment for that. So I mean, I'm happy to go into more detail there, but that should be fairly obvious of why we win and how we win. And again, technologies, you've got Siebel and Salesforce, right? If people want the Salesforce version, they come to CrowdStrike. So I'm trying to think is -- did I cover everything in the question? Oh, next-gen. So yes, we've actually routinely replaced next-gen. I talked about it earlier. We see next-gen players that haven't delivered manageability issues, false positive issues, don't have a true platform. And I've called these out in our earnings calls in the past, some of the big replacements of next-gen vendors that are out there. And those are the reasons why.

And I guess, I mean, is next-gen still kind of fairly small in terms of the displacement opportunity? Or is it still kind of, by and large, traditional antivirus?

Well, if you look at our next-gen competitors and you look at their overall footprint, it's tiny, right? Even at 13,000-plus customers that we have, just customer count, I'm not talking about endpoints, it's still tiny versus a legacy player that has got over 100,000 customers. We're happy with it. I think if you look at our numbers and our growth, and it's been amazing, I mean, execution by the team. But that being said, it's still a small footprint. And when you look at modern endpoint, this is an IDC number, modern endpoint market share, we're 12%. The other players, we're bigger than almost all of them put together. So -- but still at 12%, there's a long way to go because the rest of that is legacy players that are out there that are still ripe for displacement. So we think it's, again, a long-term opportunity. And how these displacements work, this isn't we're going to go sell everybody in 1 quarter. These are rolling renewals that come up, right, and customers of new projects and they finish off one subscription, they want to move to something else. And it just rolls every quarter, and that's how those opportunities are created.

And like just one of the questions we get frequently is how much of that displacement TAM is there left? Has kind of 2019 and 2020 and the first half of this year been so great for CrowdStrike, that actually they kind of burnt through the opportunity and there's kind of not much left? I mean help us understand like how much of that legacy displacement you see remaining? Will probably be one question. And then just probably the upsell motion once you've landed those customers will probably be the second kind of interesting facet.

There's a massive amount left, massive. Again, just a simple math on the number of customers that are out there, 13,000-plus that we have. You're talking about hundreds of thousands of customers that McAfee and Symantec have. But that's just them, right? And you've got Microsoft customers. You've got other folks that are out there. So we're really in the early innings of that. And again, that's just one piece of a replacement. Let's think about all the cloud workloads. We've seen almost a 10:1 relationship between an endpoint and a cloud workload because they're ephemeral. You might have 10 ephemeral workloads. To give you an idea, on a daily basis, we're over 1 billion containers that we protect, over 1 billion, 1 day, right? And those are things that go up and down. So the opportunity is not just how many shipments of a PC are out there. The opportunity is obviously protecting endpoints and servers. But when you look at the cloud and the virtual environments and the containers, it's almost unlimited. And that's why we believe, when you look at the TAM and you look at the cloud penetration, it's a massive TAM. And the numbers, and we've called this out at one of our investor days, it's a deck from last year, you can see it, but when you look at the spend around cloud security, it's like 1%, and it should be 5%. So the overall market is still massive. And it's really early days in the cloud protection environment. There's not even anybody there to displace. It's -- if you remember the early days, you turn on a PC, you didn't even have antivirus, right? You would download McAfee and install it. I mean for the older folks, you probably remember that. In the cloud, there's a lot of workloads that actually don't have any protection, and that's a huge opportunity.

Got it. Well, George, thank you so much for your time. I mean the key takes for me, I think the drivers of the business right now are digital transformation, which is expanding the threat perimeter and increasing the need for modern security tools; more digital crime as a kind of second key driver of the business; competitively, McAfee and Symantec, continued displacement there, see lots of opportunity for displacements; don't see SentinelOne a ton in competitive environments, don't come across Cortex a ton, Microsoft still struggling competitively in endpoint security; and then Preempt, the kind of thinking behind that acquisition was that half of breaches don't use malware, so having a credential security tool was critical to kind of support the platform; and Humio is all around kind of log management and indexing and competes with some of the SIM vendors. Really, really fascinating points, but thank you so much for taking the time, George. I hope you have a great rest of the day.

Thank you so much. Pleasure to be here.

Thank you.