CrowdStrike Holdings, Inc. (CRWD) Earnings Call Transcript & Summary

Welcome, and thank you for joining our investor briefing today. First up is an in-depth discussion with George Kurtz, our Founder and CEO; and Mike Sentonas, our CTO. This will be followed by a few brief customer and partner fireside chats. Our prepared remarks and fireside chats will take a little under 2 hours. We will then open up the session for Q&A with George and Mike. [Operator Instructions] We hope you find today's session informative. Before we get started, let me remind you of our safe harbor and risks associated with forward-looking statements. Today's presentation may contain forward-looking statements, including, but not limited to, statements concerning our product road map and future initiatives, the performance and benefits of our products, strategic plans or objectives, our estimates of market size and opportunity and our growth prospects. These statements are subject to risks and uncertainties that could cause actual results to differ materially from those expressed or implied by such statements and are not guarantees of future performance. Information concerning these risks and uncertainties is contained in CrowdStrike's most recent Form 10-K and other filings with the SEC. All forward-looking statements are based on management's estimates, projections and assumptions as of today, October 12, 2021, and CrowdStrike assumes no obligation to update them. I would like to note that we will not be providing any financial updates today, and we ask that you would be mindful of this during the Q&A session. Without further ado, I'd like to hand it over to George.

Thank you, Maria, and thanks, everyone, for joining us today. It's been 10 years since starting CrowdStrike, and it's been an amazing journey. Part of the thesis for CrowdStrike was to be the Salesforce of security, to be that fundamental cloud platform company that was missing in security. We started with one module. We're 19 today. And we claim a leadership position in our market. And leadership is really important, not only now but for the next decade. There's no compression algorithm for leadership. We've established ourselves with the largest enterprises all the way down to the smallest SMBs as a true leader of a company that can stop breaches and protect our customers. So we're going to go through an amazing set of product announcements that Mike is going to help us with as well as talk about the innovation that we're driving within the security industry. As a pioneer in cloud-native endpoint security, it's really all about innovation. And what we've done over the last decade has been nothing short of remarkable. And we're going to talk about what we're doing today, but more importantly, what we're doing in the future. And Mike is going to take me through some of these important announcements to continue our leadership position for the coming decade. Our revolutionary approach has made us the gold standard in endpoint security and workload protection. If you look at Gartner, if you look at Forrester, if you look at IDC, we're leaders in each one of those. We're furthest to the right in the visionary category for Gartner. Forrester, we offer superior endpoint security with a cloud-native architecture. And we're ranked #1 in IDC for modern endpoint security in 2020. And that doesn't happen overnight. That happens with the most well-thought-out platform built in the cloud, born in the cloud and solving real-world problems for our customers. All right, Mike, let's jump into the slides here, #1 for modern endpoint security. If you look at this chart, it's amazing. We've been at it for 10 years. Our legacy vendors have been at it for almost 30 years. And within 10 years, we're actually #1.

And if you also take the next-gen players that you don't see on the list there, if you combine their market share together, we're still bigger than the sum of all of those vendors. So we've achieved a lot in that very short period of time.

So what does cloud-native mean? I mean, we spend a lot of time on this. And when we got the company started, for me, it was really important to start from the cloud, be born in the cloud and use the latest modern technology. And in 2011, it wasn't so fashionable to be delivering endpoint security from the cloud. Take us through what it really means.

Well, the first thing when we talk about cloud-native, and you kind of touched on that, George, it wasn't fashionable 10 years ago, but now it's what everybody says. The thing that I would point out is, if you're going to call yourself cloud-native, you need to have one platform. You can't have multiple offerings. You can't have an on-prem for some customers, a cloud version for others, a hosted for certain organizations. We're focused on being cloud-native, true microservices. We're built in the cloud, for the cloud. So we really lend ourselves to traditional workloads, but also the cloud workloads. And that really sets us apart. We've really been focused through strong leadership from when the company was started to really pioneer and anchor on being cloud-native because the cloud gives us benefits that we're just not going to get from an on-prem version.

And the reality is, just about everyone else started with an on-prem version. And if you look at any of the websites, if they say hybrid or on-prem and they play that as a strong suit, it really isn't because of the way the product is architected. And a lot of our competitors actually batch information up. They save it to the hard drive, in some cases, 2 gigabytes to 25 gigabytes per endpoint, which absolutely destroys the performance. So I think it's one of those where you hear a lot of different comments from a marketing perspective. But it's kind of like Salesforce. There is no on-prem version of Salesforce. And if someone offers an on-prem version, they started with an on-prem version, put it in the cloud and try to call it good, and that comes with a lot of architectural limitations behind that.

Yes. What really matters is the customer. And when you have 2 different versions, someone misses out. So the customer that's using an on-premise version is not going to get the same experience. They're not going to have the same feature sets. You can't break the laws of physics, right? So that's the thing that we always focus on is the customer outcome. And cloud gives us an ability to stop breaches in a way that you just simply can't do with an on-prem or a hosted version.

And I can tell you, there's a business model advantage to it. It really impacts the speed of your development cycle and innovation, and we're talking a lot about innovation today. When you have 2 different versions that you have to maintain, it totally diffuses your development team. And as you said, one version tends to lose out and it's just, it's not really efficient. So let's talk a little bit about the security cloud. And when I started the company, I looked around. I looked at Salesforce and Workday and ServiceNow. And each of those companies created their own cloud and their own platform. And when I thought about security, there really was no security cloud. It wasn't any of the firewall vendors. It wasn't any of the antivirus vendors. It just didn't exist. So for me, creating and defining the security cloud was super important. Why don't you talk us through the benefits of having one security cloud.

There's a lot of benefits and that creation of the security cloud gives us a lot of capabilities that our customers enjoy today. Since having all of the endpoints connect to that one single cloud, it's the telemetry that comes from those endpoints. We bring in process data from the endpoint. Importantly, we bring in a lot of network data from the endpoint as well. We can get a lot from the endpoint. We bring in information about the asset, information about the configuration of the device, cloud information. Importantly, we bring in a lot of our identity. So as all of this comes into the cloud, we get that collective benefit. As more people connect to the cloud, our customers get the benefit of that shared intelligence across having that one security cloud. Our threat hunters can use that to be able to move very, very quickly. And importantly, we use it for our AI models. We can train our AIs to get efficacy levels and prevention scores that you're just not going to get with traditional approaches to security.

One of the keys to making all this work was creating our own graph. At the time when we started the company, the graph technology, the graph databases just didn't scale to what we needed. And they were missing an important element of time. So when you look at the Threat Graph, what's unique about it is, a, we built it for scalability and specifically for identification of threats and linking those threats together, what we call indicators of attack. The second piece of that is, we actually do that over time. So it's one thing just to collect data, but you have to organize it over time slices, which is very difficult to do in graph, and we figured out a way to do that. So when we look at our efficacy rates, we look at our threat hunting, it all starts from the Threat Graph. And it also empowers the business model because the whole idea was a single agent into one data store that is unique to us that allows us to create those modules on top of it. And that was one of the things that I saw was really missing in the industry when I started CrowdStrike. So to recap, we've got the single agent, lightweight. We've got the Threat Graph. We've got the modules. We've got a full platform. We started from one module. We got 19 today, real modules. The key area for us is stopping breaches. And that was a big part, again, of starting CrowdStrike. I saw the whole industry was focused on stopping malware and just thought about it a little bit differently. And it may seem like a small nuance, but it's a real big difference to say we stop breaches in addition to just stopping malware. But at the end of the day, over 60% of the attacks don't use malware. Talk a little bit about that.

Yes. I mean, it's a great point, George, because adversaries are going to innovate. And they're going to innovate to try to find ways to compromise an organization, to exploit a vulnerability. They're going to find ways of getting hands on keyboard to get in there. We did some research recently. And what we found was in the last 3 months, the hands-on-keyboard attempted breaches that we stopped, when we analyzed them to get that learning that we could use for threat hunting, we found that 68% of those attacks didn't use any malware at all. So if your defense strategy is to get the latest prevention to get the best in anti-malware, you're going to be in trouble because when the adversary doesn't turn up using that tradecraft, how do you stop them? And that's really what we've built here. And that's why we say we stop breaches regardless of the technique, regardless of the tradecraft, whichever way they're going to try to get in, we want to stop them. And we want to make sure that they don't cause any damage for the customer. And that's an important small point, but a lot of people don't realize, you need to focus on the tradecraft, not on any one, on all of it.

Yes. And you have to look at the kill chain over a period of different steps, which are very repeatable. And that's the thing in security. Folks look at it and they think, wow, it's ever-evolving. And it is. But if you look at the steps, those really haven't changed over 20 years. I mean, they're very similar. And what I wrote about in Hacking Exposed in 1999, the malware or a certain technique may change, but the actual kill chain itself, the attack chain hasn't changed at all.

Correct.

So when we think about interactive intrusions, security can be esoteric, and I think it's important to give some real-world examples of things that are not malware-related. So I'll give you 2 representative examples. Number one is identity and user credentials. And we see this all the time where people might get phished or their identity and user credentials are stolen, which leads to many of the breaches. There is no malware to stop. And I think that's really important to call out. There's no malware to actually stop. So Mike, if I have your credentials, I can log into that system. And I know a lot of people say they have two-factor. A lot of times, they don't or people just click authenticate. They think their VPN went down and now they're on the system. That's one good example. The other good example is taking advantage of vulnerabilities. If you exploit a vulnerability even in an application that may be a customer built like a web application and getting to a database and then getting remote access onto the system, there's no malware to prevent that. So when you think about these stats and what we do, what's different in terms of being able to prevent those breaches and being able to see that level of activity?

Well, there's an interesting stat here. So following on what you're covering, George, I mean, what we find when we look at the speed at which adversaries move and the comment that I made before that you need to cover every hole, every entry point into the network. What we find is adversaries are getting faster and faster. So finding those vulnerabilities, remote access tools are a gold mine in people that have misconfigured them. We have this saying in the security industry that you would have heard many times. That you, as an attacker, you need to find one entry point. As a defender, you need to defend against all of them. And we measure the time it takes for the adversaries to get in. We've been doing that for a few years now. How quick can they get that one entry point? And then once they're inside, how aggressively can they start to move laterally? So that number has dropped dramatically to 1 hour and 32 minutes. An adversary can find a way in. They can get that entry point. They can start to move laterally. And they can do it in well under 2 hours. About 30% of those adversaries are doing it in 30 minutes. So your defense strategy has to have the ability, of course, to stop malware. We've kind of covered the fact that, that's table stakes. But you also need to make sure that you're stopping the adversary that gets that entry point, the beachhead that they're trying to create.

So let's talk about OverWatch and the leading threat hunting team that we have. And I think that's one of those areas I love talking about because the team is so amazing. And when we think about OverWatch or MDR, some of the capabilities we have, these weren't even terms when I started the company. Basically looked at it and said, hey, there needs to be a place for humans in the loop. You want to drive as much automation as you can. But at the end of the day, threat hunting is a really important element that a lot of folks have tried to copy. And I think a lot of it is set up with our automation. Tell us about what we do on a daily basis.

It's certainly a hot topic at the moment, talking about threat hunting and talking about the value that it provides. And it's a topic that, to your point, we're very passionate about because it's what makes the difference. It stops your organization from being breached. Today, across the platform, we're processing around a little over 1 trillion events, signals from our endpoints every 24 hours. It's a massive number. And we are looking for those hands-on-keyboard attacks. We're looking for those outliers. And we automate that process. We've got a lot of technology built-in. We've got a very strict methodology in terms of the way that we do that threat hunting together with technology.

That's an area that we've really excelled at is driving automation and being able to find this across 1 trillion events every day. You get 1 trillion events every day, there's really nothing manual or human about it.

Well, the whole thing has to be automated. You have to automate the techniques that you use to try to find those outliers, to find those tools and the way that an adversary may use it, a little bit different to a legitimate user. And then you need to provide that information to the threat hunter, whether it's the end user that you're giving that information to or it's our OverWatch hunting team who are world-class that are going hand-to-hand combat with these adversaries every day. And when you boil it down, our team has stopped 65,000 attempted intrusions over the last 12 months, and that comes down to a number of one attempted attack every 8 minutes that they stopped.

I think what we've been able to do in terms of our AI and the automation, I think, far exceeds anything else in the industry. And at the end of the day, you're taking something that's a massive amount of information, you're distilling it down to just a few hunting leads that make all the difference in the world. And I think the threat hunting piece is critically important. And it's set up because we've got the best technology. A lot of our competitors actually don't have the data to go through the massive amount of information we can because they keep it resident on the endpoint.

And that's hard, right, especially when you start to think about cloud environments, when you start to think about ephemeral workloads, we have a lot of customers that they'll spin up machines that live for an hour. They live for 2 hours. If you're storing a lot of that data on the endpoint itself, when that endpoint is gone, when that workload is torn down and deleted, all of your threat hunting data is gone. Our OverWatch team is incredibly scalable because of the technology that we have. It allows them to go through so much information so quickly. So we're talking a lot about detection, but the important thing to point out is that this comes hand-in-glove with prevention. It's an interesting debate that's going on in the industry. It happens every few years. Prevention is better than detection and then someone will argue detection is more important. The thing that I would point out is, they are 2 concepts that work hand-in-hand. They're not in conflict with each other. Of course, you need to focus on prevention. And that's why we have a team that is dedicated on building the best AI models. And we get that technology tested. We do work with AV-Comparatives. We do work with SE Labs and a whole bunch of other third-party testers. And the numbers speak for themselves. The best thing that I recommend people to do, have a look at the results, have a look and see what the tests are looking for. And what is really important is they're testing your ability to stop malware. They're testing your ability to not leave any fragments of malicious software behind. But importantly, a lot of these third-party testers, they're testing your false positive rates. They're testing whether you're gaming the system. And the thing that they look at is, how would you use it in a production environment? And we're absolutely leading those tests. We're getting 99.5% prevention for real-world malware with AV-Comparatives. We're AAA-rated with SE Labs, 99%. And we're exceeding 99% and absolutely incredibly proud of the team and what they've created. But what it means for the customer is they can turn this on, they can use the standard settings, they're preventing malware, they're working with us to do the threat hunting and it's the power of that platform working together that is how we stop breaches.

And I think what's important, too, is when you look at those results, look at who isn't there.

There's a lot of names that are missing.

There's a lot of names that are missing from that list, and we're very transparent. We do testing. We welcome the testing. So let's talk a little bit about innovation. We've been at it for 10 years. We have a track record of driving innovation. We're updating the technology, adding new features almost on a daily basis. And the beauty of our model being a SaaS platform is you log in 1 day and you log in the next and you've got new features and new capabilities. And for me, the speed of innovation is nothing I've seen before in security. And I look at our new readmes when they come out and just all of the new capabilities that we see on a, really on a daily basis. Talk about the innovation within the company and where you see us today and where we're going.

Well, to your point, George, if you look at the platform today, a lot of the benefit we get is from the cloud-native architecture and just that work that we did building the foundations from the very start. That means customers, as you pointed out, get a lot of new features. They log off on a Friday. They come in on Monday. There's a whole range of new capabilities. It means that we can continually build new modules, fully featured true modules that sit on top of that single agent. There's no additional complexity. There's new workflow features. There's new incident response features. And as we look forward, that concept of collecting data once and reusing many times, having a cloud-native platform means that customers can continually get the new modules. They can get the new features that are coming out. They don't have to install new management consoles. What we've seen in the industry for so long, there's no complexity of new agents. And that's so critically important because there's an innovation engine that's built on some solid architecture that was designed 10 years ago when you started the company.

Well, the funny part of that is, I remember going in and talking to our Chief Architect, and he always wanted things faster. And I said, why are you putting gold-plated plumbing in? And his answer was, you're going to need it 1 day. And that's, we took the time and effort to build the foundation of the house the right way. And now you see the speed of the innovation, the speed of the modules when they come out. And keep in mind, when we create a module, that could be someone else's product that might take a long time to actually get out. We already have the agent. We already have the data architecture. We already have the platform. So really what we're creating is the workflow. So when that module comes out, it's a fairly mature product because the bulk of what we're doing has already been built, and then we create the new workflow. So Mike, it's all about the platform, as we've been talking about here. We covered a lot of ground, but we've got some exciting announcements. Why don't you take us through those.

The first one being FileVantage. This is one that a lot of our customers are really waiting for, very excited about our new FIM module, file integrity monitoring. And it's a need that everybody understands. We know file integrity monitoring, but it's not a solution that you hear a lot of people say, I love my FIM. A lot of complexity, they're hard to use. They're not really flexible. So we've spent a lot of time working on just some of those core problems. You get the ability to roll it out. It's part of the Falcon architecture. It's part of the Falcon platform. You turn it on, you then have the ability to track file changes. You have the ability to enforce change control, super important, making sure that you monitor who's making changes to systems. And it's just that granular control that we give as part of the Falcon platform that's going to make this, I think, a pretty exciting module for our customers, easy to roll out, which is just so important.

So you need a new agent?

Definitely don't need a new agent.

That's the beauty of the whole architecture, that same agent is going to collect that data and basically allow us to create a FIM module.

Yes. The thing that I like about this is, as it says on the slide here, no surprises. This is just good security architecture. That's probably the better way of putting it, making sure that you know who's trying to make changes to your systems, making sure that people can't delete files. So there's a good use case here for insider threat. If you've got an employee that's unhappy or somebody that gets on to your network that wants to cause damage, firstly, you can stop them from doing that, but you can then also record and have that information, evidence of somebody that's trying to go through, really important, as I said, for a malicious insider. The next release we'll talk about today, we're going to announce some great new features with the Spotlight module. Spotlight is just going from strength to strength. We're really building out those capabilities. But one of the questions that we get from customers is, what do I focus on? Every Tuesday, as I affectionately called it zero-day Tuesday, there's all of these vulnerabilities, what do I patch first? And if you look at the amount of patches that come every single month, it's a fair question for people to ask and one that you know really well, what do I prioritize on, which is the vulnerability that's going to cause me the most issue because I really need to focus my patch on that one. So we've really spent time focusing on how we look at solving that problem. If you look at all vulnerabilities, they're not created equal. If you look at the opportunity for the attacker to exploit the vulnerability, they're not all equal. So we challenged our data science and our engineering team to come up with a model to be able to predict which vulnerability was going to be the one that was more likely to be exploited by the adversary. So the benefit to the customer is, you log in, you get that prioritization score. We call it ExPRT.AI. You're going to get recommended remediation as part of that, and it's all orchestrated through the Falcon platform. So we'll tell you what to focus on. We'll give you the tools to roll out that emergency patch and you can respond and keep the organization safe and secure.

And that's really exciting for me, obviously, coming from starting Foundstone, which really helped pioneer vulnerability management. In the early days, as you remember, we had rudimentary prioritization. And I only wished, at that time, we had all the AI models to really drive what's most important. And I think to put a finer point on this, if you're sitting at home on a computer on your cable modem and you hit auto update, you're okay, right? But a lot of people don't realize how hard it is for big companies to keep up to date. They just can't roll out these patches. They have to reboot their systems and there's operational impact. And there's just so many of them on zero-day Tuesday that the ability to prioritize is absolutely key to reduce the overall risk.

And speed is going to make a difference between first and last. It's as simple as that. So being able to know which is the problem that you need to focus on, where you need to target, what you need to fix is going to keep the company safe and secure.

Well, if everything is the highest priority, there really is no priority.

That's it. The next area to focus on is cloud security. We need to make sure that the same type of security that people have on traditional systems extends to the cloud. So when we look at the typical challenges that people face here, one is attacks in cloud infrastructure and targeting the systems themselves. But a big one that we see, which is really common is misconfiguration. It's people setting up a lot of this architecture, setting up cloud systems, getting a few mistakes creeping in, and that's where we see adversaries sort of pounce in and they get access to steal data, to exfiltrate information. So we need to stop breaches in the cloud. The important thing here is to have a complete system that focuses on every technique that the adversary uses. And we've really focused on pioneering the best solution in this category. We can help protect the systems at run time, all of the machines that run your cloud infrastructure, but then we can start to integrate with any cloud of your choice. And we don't see customers that pick one cloud over another. Typically, they have all of them. They got AWS. They've got GCP. They've got a bit of Azure. We give people the choice that protecting the infrastructure that they build, but as well as the public cloud infrastructure to make sure that they can understand how things are being configured and they have a combination of run time protection and attack surface minimization. And it's the power of bringing them all together. So in short, I'd like to say that AV is table stakes these days. We've gone beyond AV, and we've built out the combination of using AV with indicators of attack with threat hunting. And really, what we're doing is we're extending that capability into the cloud now. So we give you comprehensive visibility into hybrid clouds. We give you information about misconfigurations. It's such a critical part of what we do, telling you where your mistakes are so you can address them as quickly as possible. We've got the industry's first cloud IOAs. What was pioneered when the company first started is now extending into cloud workloads. And we start to correlate run time and control plane visibility. So you've got full information about what's running in the environment.

And Mike, I also want to point out that it really is a greenfield opportunity for us when we think about the traditional legacy AV players that are just not in the cloud. And when we get to the cloud, typically, it's just underprotected. There's nothing there. So to have a leading technology like ours that can not only protect the endpoints that a company has in their physical servers but also their cloud workloads, I think, is a great opportunity for us. And that's one of the areas where I think it's really a 10x opportunity. And what I mean by that is, you might have 100,000 endpoints in a company, but they might have 1 million cloud workloads. And we've seen that ratio. Obviously, it moves around depending on the company. But if you think about just the ephemeral workloads, we protect well over 1 billion ephemeral workloads on a daily basis. And that number is only increasing with digital transformation and cloud adoption.

We've had some recent customer wins, which I think are a great representation of the way that the product is being built today. We've got customer wins where it's the DevOps team that is bringing CrowdStrike to the security group. And people talk about the friction between DevOps and the security ops. But when you've got your DevOps team saying, we want to build secure code. We want to do it using the Falcon platform. You know that you've hit those key requirements of security, but you're also giving people like an easy-to-use architecture that doesn't slow down the workforce.

And I think that's really important when you look at CrowdStrike and where we came and where we are today. Yes, we sell to the security team. Yes, we sell to the CIO, but we spend a lot of time selling to the DevSecOps team because we can remove a lot of that friction. And you really do have to build up that DNA to be able to sell to them. And we have done that, and we will continue to do that. And I think that's really important, not only for the endpoint protection technology, but also for technology like Humio.

And another great announcement is the Cloud Workload Protection Complete is the first of its kind, a fully managed cloud workload protection solution. So I'm incredibly excited about this because we are extending the capabilities of our complete team to offer cloud workload protection in a managed form. So customers get the ability of the CrowdStrike Complete team managing their cloud environment 24/7, 365. And I think this is going to be a huge win for a lot of our customers.

And the breach prevention warranty?

Well, that's it. You've got to back it up. So we believe so confidently in the team, the technology, and we have a breach prevention warranty. But importantly, no one has ever claimed against. And I think that's a great stat that needs to be shared.

So let's talk about the next phase of the journey. And one of the things I continually see organizations struggle with is just the complexity. There's just so much complexity in the enterprise, even to the smallest SMB players that are out there. It keeps growing. It's ever-increasing. And some of the things that we've seen continue to deal with the threat landscape. When we think about nation-state actors, we think about e-crime, hacktivism, their sophistication keeps going up over time. We also see cloud-first in remote employees. No longer is the firewall capable of protecting employees within their own organization. It's really work from anywhere. And there's so many cloud workloads that have sprung up, if you will. We also see more vulnerabilities. You talk about zero-day Tuesday. And it's really, really hard for organizations to keep track of all this information and reduce the overall complexity. So when we think about all this complexity organizations have to deal with, a lot of it is driven by the data they have to collect. And you think about every device that's out there, it could be the smallest IoT device. It could be the largest cloud workloads and everything in between. And there's just so much data and so much information to go through which is one of the reasons why we bought Humio, which I'm really excited about. I think it's a revolutionary technology. And why don't we do a deeper dive into Humio?

Yes. Thanks, George. And incredibly exciting to talk about Humio because when we speak to a lot of organizations, one of the problems that they talk to us about is just the complexity of storing data, and they're asking for help. They look at the size of our Threat Graph. They look at the experience that we have. So they're asking for us to help them with their bigger data problem. And it's a problem that grows every year. So when we think about Humio and we think about the core value that it provides, there's a whole heap of new features that I think organizations get access to as part of that Humio acquisition.

Well, and it's not just about storing the data, it's about actually using the data, storing the data, asking a question, getting an answer.

Yes. And there's key advantages here, and I'll step you through some of those. So you touched on it, better scale, better data integration and implementation than a lot of traditional tools out there. Another advantage of the Humio platform is the fact that it's index-free. So you don't have the challenges of indexes, which are very slow. They can become very expensive. And if you put that together with market-leading compression, it means that we can store a lot of data, do it at scale, and we can interact with that data very, very quickly. Another advantage which we've touched on is, this whole architecture allows you to retain more data and do it at dramatically lower costs. So that's a great win for organizations as well. And then if you look at just the way that the technology is built with the index-free storage architecture, with the way that we do compression, it also means that you have the ability to do blazing fast searches. So you can search across any data set, whether it's structured or unstructured and get results basically instantaneously. And then because of the fact that it's a flexible data warehouse, it allows you to solve a whole range of different use cases, SIEM use cases, observability use cases, but it can also solve compliance needs. We have a lot of organizations that are so excited about Humio because it allows them to store data and answer questions that they couldn't normally do with a lot of the traditional products they use. And then the last one that I'll touch on is really the core of the value that Humio provides. It allows you to log everything and ask anything across the entire enterprise technology stack. So incredibly excited for people to start using Humio across the world.

Yes. I think you touched on it. And we sort of get this question all the time. Like is Humio just log management? And you said the magic words, it's really a data warehouse, isn't it? It's something bigger than just log management.

It is bigger than log management, and you can use it to solve lots of different use cases. A natural one is log management. A natural one is to replace SIEM tools. We see a lot of people that are using this to help them with end user behavior analytics, even down to replacing EUBA tools that they have because they struggle with the data. And it's just giving customers the flexibility to solve the different use cases which is why we're so excited about this. And when we talked about bringing Humio into CrowdStrike, that flexible nature allows customers to solve security use cases in a way that they just couldn't do before.

Well, I think you hit on it. Obviously, we have the security DNA and we bring that to Humio. But Humio brings a lot of DevOps experience. And when we think about where they've been selling before the acquisition, the majority of it has been in DevOps, right? So talk about some of the use cases that are outside of security.

So there's a lot of DevOps use cases, as you mentioned, George. So it's tracking deployments. It's tracking Kubernetes architectures. It's getting the instrumentation from a lot of the applications that people are building. If somebody publishes an app, there's a whole bunch of systems and there's an interconnected ecosystem that runs that app. So Humio gives you the ability to take all of that information to be able to bring in observable so you can track the systems that you're building. So that flexible nature means that you can just solve a lot of these use cases.

And Mike, what that means is that we can really instrument the CI/CD pipeline across that whole DevOps life cycle.

We have customers that are doing that today, right? So they're using Humio to help identify faults. They're using Humio to look at performance statistics. And a lot of these organizations started small and they've built out that Humio architecture, and you've got a great announcement about that.

Well, it's not only about the technology, right? It's also about the go-to-market motion. And I'm really excited that we announced the Humio Community Edition, which basically allows anyone to download the Community Edition and use it free. It has some limitations over 7 days, but it really gives the user, and in particular, we think there's going to be a lot of DevOps users that download it, but it gives them the feel for how fast and how easy Humio is. And we think that's going to be really successful, and we think it's going to be disruptive to this market.

And I think that experience of being able to deploy it and test it and get your hands on the equipment is critical because we've seen that with some of the recent wins that we've had, where organizations have been struggling with their existing technologies. They've had a problem. And we've gone in, we've talked about Humio. And during the evaluation process, they realize that they can go from a small amount of data to huge volumes on the same single platform with better workflow with less complexity. And if we look at a couple of the wins that we've had recently, there's 3 that I'd love to talk about. One that's a really great success story is a large financial services company. They were really struggling to take in 20 terabytes a day. They had an ELK and Graylog environment. And the big challenge here was, it's not only the fact that they couldn't get all their data in, it was how long it was taking them to query. So this organization actually had a query team that if you wanted to ask something of the data, you had to write your query, you sent hit to a group that would audit that to make sure that it wasn't going to be an expensive query that slowed everything down. And with the Humio architecture, they were able to go from 20 terabytes a day up to 130 terabytes. And in that particular example there, not only is it a 6.5x increase in terabytes per day ingested, but they don't have to actually have that code review. So every developer has access to the system. They can start to use it in real-time. They can interact, and it just speeds up the entire ecosystem.

So let me put that in perspective, the 40-minute query basically comes back in a second or so.

Near instantaneous.

Near instantaneous.

The second example is the multinational IT company that we work with. Again, similar story, struggling with data ingestion. They're struggling with 10 terabytes a day with their Elastic infrastructure. Queries were causing systems impact. It's one that everybody hears about all the time. Somebody writes a query. They try to get some information and poorly written search just grinds everything to a halt. So in this particular scenario, customer, now customer of Humio, they went immediately up to 70 terabytes a day, so 7x increase. And again, it's the same story here, reduced friction, instant response, all the developers get direct access to Humio, and it just speeds up their entire development process. And a happy dev is a good dev. That's the one thing that we always have to remember.

Well, and the other thing that I want to point out, too, with the index-free ingestion, it really is a benefit. When you look at Elastic, it's actually index on write. So there are various technologies that are out there that may seem fast in some areas, but there is slowness in other areas. And I think what we've been able to do with Humio is really exploit its capabilities to give you that fast ingestion and fast query time.

And it makes such a difference. I mean giving people native access to the platform so that they can have faster code releases, so they can query the data in real-time is just such a game changer. And that's the theme of those 2 wins. The last win that I'll touch on is really interesting. This one is a little bit different. It's a multinational consumer goods company. This organization struggled with their EUBA tool, end user behavior analytics technology that they used, struggling with the amount of traffic, common theme that you're seeing here. The solution that they were using was topping out at 1 terabytes a day. So it just means that they weren't getting the analytics that they needed. They were making trade-offs on what was important. And as you know, from a security perspective, that doesn't end well. This particular organization used Humio to scale up the amount of data that they could bring in. But interestingly, they could actually solve the same use cases natively in Humio as they could in the EUBA tool. So it was not only a win from a data perspective, but we actually displaced the data warehouse they were using, the data platform they were using as well as the EUBA tool. So now you've got a team that can get really fast response, they can ask more queries from a bigger data set and it's just yielding a better outcome for that organization that really wanted to dig into end user behavior analytics.

Mike, what's really interesting is that the Community Edition will actually have Falcon Data Replicator information in it, of course, dummy data, but it will give people a real sense for how to consume Falcon data. And that's been one of the things where we've talked to customers. They've been using other technologies and using our APIs and putting our EDR information with other technologies that are out there. And with the ability to actually consume as much as they want of our Falcon Data Replicator and store it for as long as they want, it really gives them a lot of flexibility. So Humio is a game changer for us, but for sure, it opens up much bigger opportunities. And really, we're just scratching the surface. Part of the strategy, obviously, is to continue to develop, evolve, sell and make it part of our overall platform for log management and observability. One of the benefits that Humio has is its ability to pull in data from any data source, including other security vendors that are in the ecosystem. Let's talk a little bit about XDR.

Yes. So it's one of the interesting terms that people talk about and use. And I always say, one of the most overused and abused terms in security these days. And if you ask a lot of different vendors, if you'll ask a lot of different analysts what it means, you're going to get a whole range of different answers out there. So if we look at what XDR really means, and as I said, there's a lot of different ways that people talk about it. The challenge that I have is from an industry perspective today, a lot of people talk about XDR because it's so hot right now. And people talk about XDR because it helps with like valuations. But a lot of the time, what vendors are really talking about is just traditional SIEM or log management. And you touched on it before, getting data and putting it all into the one location. That's not XDR. That's SIEM. That's log management. Or getting data from all different devices and putting it under one, a visualization of that data under one pane of glass. That's not XDR either. At its most basic level, XDR gives security teams an easier way to stop breaches by extending visibility, detection and response all in that one location. It builds on, XDR builds on industry-leading EDR as I've talked about. But the really important thing is to make sure that you bring in that third-party telemetry and then you do something meaningful with it. Bringing in the third-party telemetry is just one thing. You have to do a little bit of structuring of the data. So we talked about what makes us unique earlier in the session. We talked about the ontology that we've built, the relationship between the data. And XDR really to be effective, you need to have ontology, not only on your own EDR data, but you need to extend that out to the third party. And the reason you do it is you want your artificial intelligence models the way that you prevent on the endpoint to extend to the network, to the e-mail, to the web, the way that you do threat hunting. If you understand the format of third-party data, your threat hunting extends onto those third-party data sources as well. And really, that's what XDR means. The X is enriching telemetry from your EDR product with third-party data sources. The D is the detection, provides real-time threat detection, alerting, prevention and hunting across multiple technologies and domains. And the R is the response, proactive automated responses across multiple technologies and domains.

I think that's key when you think about XDR is it's not just log everything and put it in one place. It really is to get an advanced threat detection that might be an enrichment of EDR data or might combine elements to come up with a brand-new detection. And for us, as you said, starting with the best EDR data puts us in pole position in this market. And when you look at just the EDR data itself and there's nuances in this and you don't see it in a glossy PowerPoint. But by far, we collect way more event types than any other vendor that's out there, and that really sets us up well to pioneer the best XDR technology in the industry. So Mike, earlier today, we announced Falcon XDR. I'm absolutely pumped for this announcement. Take us through what it means from a CrowdStrike perspective. What is Falcon XDR?

Yes, huge announcement, and it's about bringing the right visibility at the right time to make the best decisions to keep an organization safe and secure. If we look at what XDR means in Falcon XDR, we touched on a lot of this before. We get an amazing amount of benefit from bringing in together Humio together with Threat Graph. And if we look at the X, the X is bringing in the telemetry. It's bringing it in from third-party data sources. And you touched on it before. Humio gives us the ability to bring in third-party data. It allows us to do that ontology work so that we can start to derive value from the information from those third-party sources. So the Ds are our industry-leading threat detection. So it's allowing us to do increased visibility into indicators of attack. The platform provides real-time detection. We can talk about extending telemetry sources for a broader number of security use cases and correlations. And the important part is, and we've talked about this a few times, it's bringing in our data science models, what we do with artificial intelligence and machine learning and using that across CrowdStrike and third-party data to provide an improved detection speed so we can solve these use cases a lot faster.

I think that's critical as really the leader in AI prevention on the endpoint to be able to extend out that rich data science lineage that we have and pull in other data and do that at scale to get better outcomes and lower false positive rates, I think it's a tremendous benefit to customers.

Or the other way to look at it is, how did the attacker get to the endpoint where we stop them? What else could you have done in a different part of the network to build a stronger architecture? And the D here is really giving people that visibility across the entire organization so they can stop the attacker as quickly as possible. It's that defense and depth concept that we're building here.

So let me talk a little bit about the R in response now, and this is something that we spent a lot of time on. And it really goes to our philosophy of building automation throughout the entire platform to help with faster response times to help internal teams and their processes and to drive and continue to drive automation throughout the entire life cycle because our platform really has become the security platform of record. And every security and IT pro I talk to wants faster response, right? They want to help create playbooks that automate what happens when there's a detection, prevention and improve their speed and efficiency. As we know, there aren't unlimited security professionals in the market today. There's over 3 million open jobs that are out there now in the security and IT marketplace. So how do we empower? How do we create a multiplier effect for them and drive automation through this process? So I'm really excited to announce Falcon Fusion, which is really our Falcon SOAR technology. And the interesting and exciting piece for me is that it's actually purpose-built for CrowdStrike's Falcon platform to orchestrate and automate any complex or repetitive security workflow. And the beauty of it is, it's built into the platform. There's no extra charge for our customers. It's just built in throughout all of the workflows that we have across the module, and it really leverages the power of the security cloud and relevant contextual insights across all the endpoints, all the identities, all the workloads that we have. Enterprise customers that we've worked with as we've built this out have been extremely excited about the ability to build complex and real-time notifications and responses and queries where they can branch off and they can do different things, and they can also leverage what we call real-time response, and that is the automation, the ability to drive things like PowerShell remediation, the ability to collect more data. The flexibility, I think, is really unparalleled, and we're starting with the CrowdStrike EDR technology and its own data and then extending that out to the other XDR partners in our ecosystem. So take a look at the workflow here. Mike, maybe just quickly talk us through some of its capabilities.

So I'm super proud of what the team did here. So this is technology that's been built in to the Falcon platform. As you pointed out, similar to RTR, this is a core component now of the Falcon platform. So this shows you the workflow that you can build and the power of the Falcon Fusion capability here. So you set up a trigger in this particular example here in this demo, if there's a new detection, what we want to do is have a customized action, so we want to do a notification. You may have a Slack group. You've got some administrators or you've got a SOC team, so you send out a Slack message. So customize that Slack message and then start to go through a process of carrying out actions. So you may send out an e-mail. If it's in a cloud environment, if it's something that you want to send information to the cloud service provider, you get some information out to them via e-mail. But the cool thing here is because it's integrated in the platform, we can start to take information out from the Falcon platform. So get information about running processes, get a copy of the file. So it's a new detection, that's where we started. So take a copy of that file, send that to a particular team so they can start to work on it. But the last 2 pieces here, change the detection status, start to add some comments, so start to do case management. And this is some awesome functionality that's built into the fabric of the Falcon platform built by our CrowdStrike team. So what we've been doing is anchoring on the Falcon platform and bringing in data from third-party vendors to bring to market a solution that includes CrowdStrike and non-CrowdStrike data into one architecture. And the work that we've been doing for the last 10 years really sets us up for success here because we understand that data is about value and not volume. But we've proven at the same time that we can bring data at incredible scale. We deal with millions of workloads under management. We ingest as we've talked about today more than 1 trillion unique signals per day. And when we started CrowdStrike, we talked about this earlier, we spent time on establishing that ontology. We spent time defining the relationships between the telemetry from our sensor and threat activity. And this has helped us in the way that we do prevention. It's allowed us to create the concept of indicators of attack and benefits in threat hunting. So XDR requires the same concepts. XDR relies or requires that concept to go beyond just the endpoint, but to third-party data sources. And what we've done is we're focused on bringing in data the right way from third-party vendors. We're focused on being able to provide rapid insight into other security challenges. And the important part that's really core to the CrowdStrike vision is to reduce the burden on the security analyst, to make it easy to use the technology. So we want to actually extend the value that you get from other security vendors' products. So if you don't do this, we touched on this before, if you don't do all of this work, all you've got is log collection. And today, we announced Falcon XDR, which is a platform that's sophisticated enough to power users to be able to ask questions of the data from CrowdStrike and questions of the data from third-party security vendors that we integrate.

And I think that's really important because we spend so much time on the Threat Graph and the ontology, which is how it's organized and the relationships between all these different data points on the endpoint that it's critical that we extend that ontology to consume other data. And that's one of, I think, our secret sauces is that it wasn't a store and forward agent. It was a smart agent with a graph. It was a massive graph in the cloud. We never lost the context of the information as we sent it. And it allows everything to work seamlessly end to end so that we're not just shipping data and then trying to assemble it and figure out what happened. And by taking our ontology and be able to extend that out, I believe that's a real game changer for XDR in the way the industry is going to look at it.

So to summarize Falcon XDR, huge announcement today. It's expanding the reach and giving deeper insight across the whole security stack, CrowdStrike and non-CrowdStrike telemetry, better detection of threats. It's having faster investigation, more understanding of the risks that are out there. And ultimately, it's all about that response. It's having efficient incident management, case management to make sure that you keep the company safe and secure, doesn't matter how the attacker may try to get inside the organization. So super excited about this, can't wait for people to start to see the technology, and it's something that we announced, as we mentioned earlier today. So let's relook at the platform now. As you can see here, starting left to right, endpoint security, cloud security, managed services, security and IT operations, threat intelligence, identity protection, log management. And we've got on the end there, the CrowdStrike Store. And with the new announcements that we've made today, the platform extends to include 21 modules across these categories. So I'm incredibly excited for our customers to start to get the value from all of the new releases that we've talked about today. We're extending the capability. We're linking with our Humio database. And customers have the ability to use Humio as a stand-alone data warehouse that we've talked about, but that linkage with the Threat Graph allows organizations to get the full power of Falcon XDR. And the last announcement from George today is to talk about Falcon Fusion. It's that last layer. It's the response layer that sits across the entire architecture. So it's a critical part of Falcon XDR. The Falcon Fusion, available right now, can be used with endpoint security, with cloud security. So really excited about the new capabilities that Falcon Fusion brings into the architecture.

So let me talk a little bit about the CrowdStrike Store while we're on this slide. We've continued to evolve the platform now to extend out its capabilities so that other third parties can take advantage of it. Fusion is a great example. Those workflows that our third parties can now take advantage of, the ability to actually take in and understand third-party telemetry through XDR. So that becomes more and more important over time as we extend the framework for other third parties to leverage what we've already collected and what we've already built. So Mike, one of the other announcements we made today is the CrowdXDR Alliance. And we talked about the ontology that we spent so much time building to make sure that our data was organized and we could use that data in a way to train our algorithms. Now that we're taking in other third-party data, what are we doing there? Talk about this alliance.

So you kind of touched on it right there. So we believe it's a first of its kind integration and alliance that we've announced today. And it really comes down to what you mentioned with the ontology. XDR, the importance of it, the value of XDR is going to be taking that data, the schema, and creating that ontology. It's building the relationships with the data. So the announcements that we've made today, we've pulled together some amazing organizations as part of this alliance, and you can see the names in the announcement. And we're working to that standard. We're building the framework to allow customers to get the benefit of all of us working together.

Yes. So let's just maybe put a finer point on that. And that is, if we think about how the Internet works today, it's common protocols, right? So different technologies can speak to each other, whether that's TCP/IP or HTTP, it's a common language, if you will. And part of the challenge in security is that many of these products don't speak the same language. So really, what we're focused on is taking an ontology that we know works and extending that out into our partner ecosystem. So ultimately, when the data is received, it's organized in a way that makes sense so that the customer gets the benefit of having organized data through a true XDR platform and allows more advanced detections across it.

And it's going beyond out-of-the-box integrations. It's making sure that the preventions that we have extend to CrowdStrike and non-CrowdStrike data to the third-party technologies. It's the workflow. Customers use the Falcon platform for incident workflow. That workflow will go from CrowdStrike data to the data of our XDR Alliance partners. It will allow you to control access across all environments. So absolutely really excited about this announcement. It is first of its kind that we're talking about today, and we can't wait for people to start to get access to the technology.

And I also want to reinforce, too, that we're putting this information out there. We're working with some of these launch partners, but it won't be just limited to them. There'll be other companies that will be able to participate and even competitors of CrowdStrike, right? Because at the end of the day, I think it's all about organizing data the right way for the benefit of the customer.

Yes.

So now that we've gone through all of these announcements and we talked a little bit about our strategy, it wouldn't be possible without really the power of we. And really, what that means is the power of CrowdStrike, the power of the data that we collect but that data comes from other community customers, right? And that's the crowd in the CrowdStrike. And it also is our partner ecosystem, which is really important for us as we go to market. So CrowdStrike is a piece of it. The customers are a piece of it, that community immunity, the ability to share data at scale is critical and then leveraging the ecosystem of our partners. And that could be traditional resale partners. It could be managed service providers, which we have many of, or it could be our third-party partners that we're working with in the XDR Alliance. But all of that together is really focused on stopping breaches for our customers. Let's take a few minutes to hear from our partner, Accenture, who is using the Power of We and building services on Falcon. I'll turn it over to Matthew Polly, CrowdStrike's VP of Worldwide Alliances Channel and Business Development.

Thanks, George. Hi, folks. As George mentioned, I'm Matthew Polly, Vice President of Business Development Channels and Alliances here at CrowdStrike, and I'm with Kelly Bissell of Accenture Security Services. Thanks, Kelly, very much for being on our investor briefing today. I really appreciate you taking the time.

Good to see you again, Matthew. My name is Kelly Bissell, and I look after security across Accenture around the world, so our 8,000 people, our projects around the world for both government and commercial clients.

Great. And Kelly, if I'm not mistaken, you've been in security services for some time. Can you tell us a little bit about your career prior to Accenture?

Look, I've been in this space for a long time. One of the fortunate ones that got to help build some of the protocols within the Internet that we're using today. So maybe you can blame me for some of the security flaws, I don't know. But I started my career in the telco space where I helped really secure telephone networks. And then I built the security practice at Deloitte and was there for about 15 years. And then I joined Accenture so that we can really transform the way security works for our clients around the world to get to a safer place.

That's excellent. So you've built a career in security, really, and the last 20 or so have been in security services. I would imagine you've got a point of view on where you see the industry going. Can you kind of fill us in on that point of view and how you're setting Accenture on a course for the future as you see it?

Matthew, that's right. So not only the years past, but if I look at even the projects that we do from year to year, so 13,000-some-odd projects and 800 managed service clients. I think there are 3 trends that I'm noticing: one, innovation is happening faster than our clients can secure it; two, regulation is increasing huge pace. I mean, we've seen more regulation in the last, I would say, 12 months than we have in probably 3 years combined before that. And to put it in perspective, we're tracking 247 different laws around privacy and security. So that's the second thing, reg. The third thing is even though we're getting much better when it comes to the cloud and as-a-service functions, it also has -- the other side of the coin, it has another problem where we're seeing concentration risk. And this is where the adversaries, the hackers, if you will, see that, and they can attack that 1 client maybe, but many, many, many clients. So I see these 3 trends happening, and where I'm taking Accenture is knowing these things and helping our clients navigate through these trends. And that's securing 1 client at a time where we're going after ecosystems because as we know, a bank or a pharma company or an oil and gas, they don't operate by themselves. They operate within an ecosystem of third parties and other business partners. So we're actually trying to solve the whole ecosystem problem at a time. That's where we're going.

I mean, that's excellent. And we've certainly seen an increase in supply chain attacks where they're really attacking the ecosystem with a different target in mind. I mean, that's a trend we saw with SolarWinds, Kaseya and some of the others. I mean -- and that's really, I think, a good intersection for where the partnership between CrowdStrike and Accenture come together. Can you -- would you help our audience sort of understand, from your point of view, how you view the CrowdStrike partnership with Accenture?

Yes, this is right. So look, I think this is -- when it comes to us, we're 2 giants in this marketplace. And I think we have to band together to really make a real positive impact to the market. And I think it's huge. We signed our initial partnership about a year ago, but we're off and running. We've done this in 11 countries around the Americas, Europe and APAC. So I think we're moving fast. We worked on a bunch of clients together in the U.S., U.K., Australia, Germany, Italy. I mean, so we're already moving at a global scale. And I think this Accenture-CrowdStrike alliance really helps us together, do things like how do we enable the market and go to market for our clients together. But more importantly, I think we have a lot of opportunities so we can joint -- create joint solutions together. That's going to be interesting.

Yes, absolutely. And I think we've got a couple of -- or I know we've got a couple of joint solutions that we've already kind of delivered to the market. Maybe you can clarify for us a little bit about what you mean by joint solutions and give an example or 2, if you don't mind.

Sure. Yes. Joint solution is, for us, it means that we combine the great power and strength of Accenture best-in-class services, coupled with the incredible technology that CrowdStrike has to deliver more value to the client cheaper. And that's really what it comes down to. And I mean, we have lots of examples that we can go through, but maybe one I'll just highlight is we all know that our clients struggle to attract cybersecurity talent, and so they need our help. And this is where we come together to actually do what we do best with our clients around things like incident response and innovation around industry problems like maybe OT or retail or some other things. This is really where we actually help change the market in a positive way.

Sure. I mean, that incident response collaboration is one that we've seen be really productive for both Accenture and CrowdStrike. Would you mind talking about how you guys have leveraged CrowdStrike and your services that help customers in crisis?

Yes, so this is really good. So our incident response or some would call it IR, this is where a client is in crisis. They either have a data breach or maybe they're hit with ransomware. And they would call Accenture. And their mission is that for us to help get that hacker out of their systems so they can get back to normal operations. And what our incident responders can do is now leverage CrowdStrike Falcon platform, which is great, so that they can gain visibility across that client's environment and remediate those endpoints and get that hacker out. And so not only for the short term of getting them back online, but together, how do we transform the client and their security posture so that we can prevent another breach? And that's things around SOC services, multifactor authentication, application, security and tons more. This is where -- that we've done a lot of this with insurance companies in Europe. We've done it with automotive parts and electronics companies. We've done it in Asia Pacific, in Australia with energy providers. So that IR service is a really powerful thing that helps our clients recover but also be safe for the future attacks.

Right. It's an excellent offering that you guys take to market. You help the customer get back on their feet. And then it creates kind of -- I mean, for us, on a commercial point of view, creates pull-through for both your services for security transformation as well as long-term subscriptions for the CrowdStrike technology, right?

That's right. That's right.

So Kelly, how would you characterize the overall opportunity between Accenture and CrowdStrike going forward? Do you think we've maximized the collaboration with what we've done? Really, where do you see things going next, I guess, is my question?

Yes. I mean, look, first of all, I think the opportunity is gigantic. We haven't yet tapped into the power of both of our organizations because we're in this early innings of our relationship. So I think in the future, we're going to do so much more together across Europe, partially driven by what we are doing with Openminded, which is an acquisition that we made in France, which is a huge CrowdStrike user. We bought that company earlier this year, but also not just Europe but what we're doing in the U.S. commercial space, U.S. public sector and even in Asia Pacific.

Yes. And I mean, are there specific technologies or requirements from the customers where you think that the combination of CrowdStrike and Accenture would go next?

Yes, that's right. I think there are 3 things that we should -- that we're really moving forward with together. And the first one is our clients need simplicity. Most of them have 80, 120 different security tools that they have to knit together. What we've done together a little bit already is not just the Falcon platform, but what I like about where CrowdStrike is going is they have this -- you have this scalable licensing structure that helps our clients flex using data, not just from the endpoint, from others. And other parts of the network, they would normally put through the SIEM tool. And what -- why this is important is because this allows the client to have a broader visibility on fewer tools. So what it means is they have simpler, cheaper, faster, more secure services. Now -- and that's made possible because what you're doing with the Humio acquisition and your XDR strategy. So I really like the way you're pulling this portfolio of capabilities together to make it simpler for our clients because I mean, who wouldn't want cheaper, faster, more secure, right?

100%. So that's one area. And you said there were 3. I imagine the second is really in the category of Zero Trust.

That's right, Zero Trust. So look, we know that earlier in the year, the President issued a Zero Trust executive order, if you will, or a cybersecurity one that had Zero Trust. And most of our clients have technologies like SailPoint or Okta or Ping or even Active Directory. And so what I really like is where CrowdStrike is going around new capabilities around Zero Trust and their identity threat protection. And this is a new solution that we can potentially pull into the practice to help clients gain that additional visibility into things like shadow IT accounts, which they don't always be able to control with subs and affiliates; or orphan accounts, where there are system accounts that are not tied to a person; or shared or stale credentials. Now these are technical things but they're really important because they may allow for cracks in the armor of the client. And what this does is allow us to see those things so we can protect the client and make sure that they're safe. That's important. That's the second thing. And maybe I'll even -- for the third thing, which is, I think, exciting, which is cloud. I mean, we can't really talk about how do we secure a client's environment without going to cloud? I mean, I think you know that we have a gigantic cloud-first strategy and that we've been doing this for years and years, almost 10 years now. And customers perceive that security is this #1 obstacle to moving to cloud, to moving from those on-premise workloads to the cloud. What we'll explore now is how CrowdStrike's cloud workflow protection helps remove those barriers so that customers can move faster to the cloud with more confidence and safety. And so these 3 points together really paint a really, really exciting picture for the future for both of us.

That's fantastic. So maybe I'll just summarize. We've been collaborating. We've been doing deals around the world. We've got joint solutions around incident response and managed services wrapped around CrowdStrike managed SOC services delivered by Accenture wrapped around CrowdStrike. We're now exploring 3 new areas, which really involve the Humio capabilities for XDR incorporating and enhancing the endpoint data with signal from sources like network, firewall, what-have-you. The second is in the area of Zero Trust for identity threat protection on top of kind of the identity and access management practice that you've already got in play. And then the third is specific to cloud and workload protection, helping customers break down those obstacles from moving from on-premise to the cloud. I mean, I'm super excited about the opportunity we have ahead of us, Kelly. I mean, is there anything else just in closing, you'd like to highlight or share?

Well, thank you for having me on this. But the thing I would like to close is 2 things. One is this market has more cyber risk than any time in my 30-year career. But I'm not discouraged by that. I'm pretty excited about what we are doing together, 2 great security companies coming together so we can secure the world. So for one, I'm incredibly bullish on the go-forward plan and what we can do together to make our clients safe.

Well, Kelly, I really appreciate you taking time out of your busy day to speak with our investor conference today. So thank you very much. I'm really looking forward to working with you guys in the future.

Delighted. Good to see you again, Matthew.

Good to see you again.

Thank you, Matthew and Kelly. I know personally, I look forward to a long relationship with Accenture, and I know our joint customers do as well. Now I will turn it over to Jessica Alexander, CrowdStrike's VP, Amazon, Cloud Product Sales and Alliances; and Carol Potts, America's Head of ISV Sales at AWS, to discuss our joint activities in the AWS Marketplace.

Thank you, George. We are pleased to be part of the investor briefing today. I'm Jessica Alexander and lead our Cloud Product Sales and Alliances for CrowdStrike. With me today is Carol Potts from AWS, one of our strategic partners. Carol, thank you for taking time to speak with us today. Why don't you tell us a little bit about your role?

Sure. Thank you, Jessica, and I appreciate you having me join you today. My name is Carol Potts, and I lead the ISV Sales segment at AWS. And our team manages the business and relationships with the independent software vendors, or ISVs. And we're committed to working with the industry's most impactful ISVs and specifically, we help them bring high valuable software solutions to market, which then, in turn, helps the end user customers' business as well.

That's great. How long have you been at AWS?

I just hit the 7-year mark at AWS, which has gone very fast. I actually joined AWS before AWS' financials were reported separately. They were actually in the Other category, in Consumer, Digital and Others. So when I joined, not a lot of people understood what we were doing.

That's a long time. Can you tell us a little bit about your career journey?

Sure. I've always worked in high tech and many years in leadership roles, guiding sales teams that work with customers on solutions that help companies better innovate and grow their businesses. And I was at HP and Compaq a long time and then came to AWS to build the strategic accounts organization. And in my time at AWS, I've had the privilege and opportunity to work closely with many interesting companies like Netflix and Pinterest, Capital One and Adobe on their expansion in the cloud and with AWS, and then was asked 2 years ago to then build the ISV segment as we decided to pull this type of customer together and also a partner together in the sales organization.

That's great. What a fun journey to have. Our audience may not know what an ISV is. Can you explain it to us?

Yes, that's a good question. ISV, as I mentioned, stands for independent software vendor. And it's a software company that builds and sells software. And there are different types of software sales: B2C, business to consumer; and B2B, business to business. And we focus on the ISVs that are selling B2B solutions. And so there are technology companies that provides software solutions that run on or are integrated with AWS. And these partners -- these include our partners such as CrowdStrike and Okta and Snowflake, all of which leverage AWS services to innovate on behalf of their customers. And in addition to providing AWS services to ISVs, we also partner with them to sell and successfully market their products, transact faster via the AWS Marketplace and also integrate with AWS services to enhance their offerings for their target customers.

That's great. Well, as the leader for the ISV sales team, which sounds like a very strategic segment for AWS, what themes or trends have you seen over the last couple of years?

Well, looking really over the past 2 years, we've seen that ISVs are moving faster to a Software-as-a-Service, SaaS, and consumption-based model from a perpetual license-based model. And the consumption model really provides the ISVs greater flexibility and allows the ISVs to innovate faster for their customer. And I would say, too, that we see ISVs moving from self-managed products to managed services in the cloud. And the reason is it's just much easier to scale the ISV support and operations with managed services since they no longer must do the SysAdmin work, which frees up people and overhead. And last but importantly, a very fast-moving trend that we see is that ISVs are leveraging artificial intelligence and machine learning along with analytics to bring more innovation to their customers. And this is because there is just so much data that can be used to create more consumable and valuable product offerings.

And I think you've made 3 really good points because CrowdStrike leverages those as well. The SaaS services, we find our customers really like the SaaS solution. It's turnkey. We're also seeing a lot of demand for our managed services, our complete offering. And obviously, the AI and intelligence is built into our Threat Graph. So we see very similar things at CrowdStrike. Can any ISV list on the Marketplace? And what value do ISVs get by transacting through Marketplace?

Yes. ISVs that provide infrastructure software like security, observability, networking and storage or business applications like CRM or ERP, collaboration software, can list products on Marketplace in several ways, including SaaS, virtual machines and containers. And Marketplace also supports professional services offerings. And with AWS Data Exchange, we call it ADX, the Marketplace now provides data products to customers. And so overall, the AWS Marketplace works backwards from customers to search the offerings in Marketplace, in addition to having self-service capabilities for partners to list. And we also identify strategic partnerships in the marketplace in conjunction with our APN, Amazon Partner Network, which is our global partner organization, to provide robust options for our customers to transact with our ISVs.

That's great, Carol. We find a lot of value in that cohesion between the AWS Marketplace and the APN program. So it's a great package to be able to offer. What types of technologies are most popular in the AWS Marketplace, and how does CrowdStrike fit into that?

Sure. Marketplace has a broad range of domains that are popular across business applications and infrastructure software. And within the infrastructure software category, security is a highly in-demand offering, and for good reasons. Specifically, AWS employs a shared responsibility model, where the customers need to secure the data, applications and workloads that they place in the cloud while AWS takes care of the security of the cloud. So having security tools easily available, procured, entitled, provisioned, billed within their AWS environment is the way that we support customers by ensuring the security tools they prefer are easily accessible as they migrate and modernize to AWS. So the CrowdStrike platform is uniquely positioned to offer endpoint security and managed security services. And in fact, a good example is CrowdStrike's MDR, Managed Detection and Response, offering.

We find that out in the field, our better together story on why the shared responsibility model is, a, important; and b, how our relationship works in that is very important to customers, and it's nice -- they like having the integrated message as well as integrated solutions, so we find that with our customers as well. It sounds like the resources available to ISVs through the APN are fairly extensive. So what are the key components of a successful partnership with AWS?

I would say I could boil it down to really 3 broad components that make a successful partnership. Both AWS and the ISV should identify strategies and priorities for how we want to jointly delight the end user customer. And there are many programs and opportunities to engage, and all of which add value. And so ISVs that are most successful work backwards from their customers and then engage the right programs and resources. The second aspect is to resource a focused alliances team, as you've done at CrowdStrike, sponsored by the CEO or it might be sponsored by the head of global sales. But having an empowered leader to direct and marshal resources fast is invaluable. And third, to scale as a partner requires investment and adapting to the customers' changing needs. So the most successful ISVs understand this and evolve their go-to-market models and continue to push AWS to create resources that add value to their efforts. And a component of this, too, is understanding that AWS will always look at the business from what the customer wants and will align to that.

Good points. The AWS Marketplace has been a successful channel for us at CrowdStrike, and together, we are bringing industry-leading security to our joint customers. From your vantage point, why has the Marketplace grown into such a successful channel for CrowdStrike Falcon? Is it customer-driven or are there specific attributes to the Falcon platform make a compelling offering for AWS customers?

Yes. In the case of Marketplace, this was an early area of prioritization and focus for CrowdStrike to reach and engage with customers by leveraging the AWS field and also our go-to-market programs, and it worked. And also the protection and ease of use of Falcon is highly complementary to AWS' focus on driving customer success in the cloud. It has allowed for vibrant engaged co-selling between our field teams because it has a clear value proposition to our joint customers.

How does the AWS partnership with CrowdStrike delight our joint customers?

Well, over the last 5 years, CrowdStrike has made significant investments in the partnership to delight our joint customers, as you said, and 3 areas of investment specifically stand out. The first is the integrations with AWS services. That's a key component of our partnership. For example, CrowdStrike's integration with AWS Systems Manager makes adoption of CrowdStrike products easier for the customer. The integration with AWS Network Firewall gives customers actionable, accurate security telemetry from both the network and cloud workloads. One example is CrowdStrike's integration with AWS Customer Engagement Platform, which makes tracking and managing our joint business scalable and resilient. Second, CrowdStrike invests in our partnership by staffing specialized go-to-market roles that align with the AWS global partner teams. And third, I would say CrowdStrike also creates targeted marketing campaigns and co-branded assets that make it easy for customers to understand the value of using CrowdStrike and AWS together.

It's been a lot of work but well worth the effort, for sure. How do CrowdStrike's new cloud security products align with your customers?

Overall, it starts with CrowdStrike having such a complementary solution to AWS, and that naturally allows us to align well with our joint end user customers. CrowdStrike's cloud security products enable AWS customers to secure their AWS services like our compute, storage, Elastic Kubernetes Service, we call EKS. In fact, 1 popular use case we see is customers securing their local machines with CrowdStrike's product. And now this includes using CrowdStrike's new cloud product, which creates an even stronger security posture.

What key takeaways would you leave the investor community with today, Carol?

Well, if I haven't made the point already, CrowdStrike is a tremendous partner to AWS and importantly, to our customers. We're excited because with CrowdStrike's new cloud products, your solution will be even more complementary to AWS services. And the strategy to drive CrowdStrike's growth with our partner programs and with AWS Marketplace is benefiting our joint customers as well as AWS and CrowdStrike together. So we truly have a fantastic relationship, and I look forward to working and continuing our success together.

Thank you, Carol. We couldn't do it without you guys, and we feel the same way about our success and working jointly together towards really common positive outcomes for our joint customers.

Thank you.

Thank you.

Thank you, Jessica and Carol. Amazon is a great partner, and we look forward to our continued collaboration together. We think our customers say it best. I had the opportunity to speak with Jim Alkove, Salesforce's Chief Trust Officer. The fireside chat was part of our keynote this morning, and you can access it in the Falcon portal. We spoke with another prominent CrowdStrike customer, Zoom. We're going to jump to Jim Seidel, CrowdStrike Senior Vice President of Sales for the Americas, for a deeper dive with Richard Farley, Deputy CISO at Zoom.

Thank you, George, and thank you all for joining us today. With me is Richard Farley, Deputy Chief Information Security Officer from Zoom. So let's have a little chat over Zoom about Zoom, Richard. And before we jump in, do you mind if you give us a little bit of an introduction to yourself and describe your role at Zoom.

Sure, Jim. Yes. So Richard Farley, I'm the Deputy Chief Information Security Officer at Zoom, and I've been at Zoom for almost 3 years now. I've got a pretty long background in large-scale technology and security operations. And for the past year or so at Zoom, I've been focused on advancing and maturing our governance risk and compliance program. But previously, I was responsible for security operations at Zoom as well.

That's great. Thanks again for joining us today. Given this unprecedented threat landscape we live in, how does your Board and senior leadership think about cybersecurity in these times?

Well, cybersecurity has always been a priority at Zoom. Since Zoom basically became a household name over the past 1.5 years, we're, of course, a higher-profile cyber target. So the importance of cybersecurity to our Board and to our senior leadership team has never been greater. We've -- over the past year, 1.5 years, we've hired significantly in cybersecurity during this time. And we continue to engage with kind of best-in-class security partners to assist us as the threat landscape changes, our regulatory landscape changes and our technology environment grows and gets more complex over time.

So how do you believe this extends to the day in and day out job you and your team have for securing your environment?

Well, this new kind of hybrid work model that we've adopted largely because of COVID. Most companies, especially tech companies, have supported remote and mobile workers for a long time now. However, with COVID, that's significantly been amplified and that makes the company's attack surface larger as well. It's no longer viable to adopt a castle-and-moat model to secure your environment. As we've moved towards this idea of kind of Zero Trust baseline, it's now even more important for us as security leader to focus on identity and authentication and least privilege access management, along with, of course, securing the devices our workers are using to access our company information and the systems and the infrastructure and the data. This becomes an even bigger challenge for companies who adopt a bring-your-own-device model as Zoom has, where workers are using their own fixed and mobile devices to access the IT environment. At Zoom, we do support BYOD but we require certain instrumentation on those worker-owned devices to ensure that we have visibility and detection capabilities and that those devices are at a minimum baseline security standard. The other thing that I'd mention is that worker cybersecurity training is a critical component of our program. No matter what technical controls you put in place on your devices and your identity infrastructure, it makes no difference if your employee can be tricked by a bad actor, right? So the human firewall is an absolutely critical component of our defenses as well. We want all of our employees to feel invested in the overall protection of Zoom regardless of where they're working and how they're connected to our IT systems and data.

Yes. That's certainly between the chair and the keyboard, right, a big aspect of it. You mentioned trust, Zero Trust, and a lot about how you look at that. And I know trust is an important pillar for Zoom. Talk to us a little bit about what trust means to you. And how does trust influence your buying decisions?

Yes. So our CEO, Eric Yuan has a list of 4 books that are highly recommended to all of our employees at Zoom. And one of those books is a great book called The Speed of Trust by Stephen Covey. So he highly recommends that we all read that book as well as a few others. And at Zoom, we believe in a company culture where our employees can trust each other and are accountable for achieving their goals. The more that we can trust each other, the more agile and efficient we can be. So this extends not just to our employees but also beyond that to include our customers and our business partners. And so establishing and maintaining trust is just as important when we work with our business partners, including CrowdStrike. And that means to me that we each do what we say that we're going to do and make it right if we fall short, that we're transparent with each other and where possible, we try and go be of and beyond what is strictly written in a contract, for example. So the other key belief that we have in -- at Zoom is creating happiness. And so I think trust is a big component of creating happiness for our employees, our customers and as well as our business partners.

That's really great. I was just actually making some notes on those books, and talking about happiness and -- you also mentioned speed, right? And so when I look back at the beginning of the pandemic and your explosive demand in early 2020 and the growth that comes with that, what advice would you have for cloud-native companies as they prepare their technology and security stacks for this explosive growth and the speed of not only technology but the speed of adversaries and what we deal with every single day?

Yes. Well, Zoom is in, I think, a pretty unique situation. Just to give some context on Zoom's growth, when Zoom was founded in the early part of our journey, our target market was really centered around business use cases for sophisticated businesses that have security and IT teams that we work very closely with, very much white-glove relationships with our customers to establish the security settings that align with those individual threat models for those customers. And to some extent -- well, to a great extent, that changed with the COVID-19 pandemic. So the use of Zoom grew exponentially very quickly, and suddenly, we had an enormous number of individual single license customers or very, very small business customers that don't have sophisticated security teams to help make decisions about privacy and security settings for their users. So in response to this, last year we made changes to our default settings aligned with our -- what we think are security best practices for our product. And we've provided training materials that are available online to promote those best practices. And so I think with those lessons learned, I would suggest a couple of things: first, think long and hard about adopting a secure by default mindset for your product as you're coming to market; and second, really be prepared to be nimble and listen carefully to your customers and your users because you may not be able to anticipate ahead of time how your product might be used in surprising kind of new ways.

Yes. Continuous learning, right? Speed, agility, resilience, some of the things that we hear in the marketplace and work with our partners. That's really great and super. I mean, we're joined again today on a Zoom, right? And we're -- I'm joined from halfway around the world. And so does -- as you look at Zoom and the security needs of Zoom, is it different from other organizations? Maybe compare it to a cloud-native versus maybe a legacy sort of non-cloud-native company.

To some extent, yes. I mean, scale is obviously a very important factor for us. We certainly hope that we don't have another, I think, we'd call it a black swan event like COVID anytime soon. But we know that we need to be ready if it does. And this means that we have to be able to rapidly deploy our security instrumentation as we scale up and down our infrastructure. But not just the instrumentation of our services and infrastructure, also our SOC processes, right, because there's always a human part of this. And that may have to be done at a moment's notice, right? And so our customers often say Zoom just works. And even though they don't see what we have behind the curtains in all of our security operational capabilities, we have to have IT operations, including and maybe especially security operations that just works too. And so I'm sure there are other companies that are sort of in the same boat as Zoom, but I think we're -- the scale and the ability to rapidly adapt to changes is maybe a little bit unique compared to most other companies.

Yes. And there's so much similarities between CrowdStrike cloud-native security platform and Zoom. And when you looked at CrowdStrike and us being cloud-native from the very beginning, is there any benefits or key benefits that you thought about when we were partnering up?

Yes. I think first, we believe in a principle of kind of do no harm. So whatever technology we put in place, including our security controls, it has to be minimally invasive and avoid getting in the way of our workers doing their jobs. And by the way, it also has to not get in the way of our customers using our service, too. So -- but this can be a pretty big challenge because there's lots of instrumentation that has to go into managing and securing our devices and servers and infrastructure. We have mobile device management and device management agents for our fixed assets and cloud-dynamic assets on those devices. We have traditional signature-based AV that still plays a role, but we also have the advanced endpoint detection and response tools. We have user behavior analytics tools, file integrity monitoring, forensics instrumentation, lots of other stuff in the stack as well. And with such a large management and security stack, we run the risk of affecting the performance of our servers and user endpoints. I mean, you think about processing video and audio streams all day long at the scale that we're doing it, we are using 100% of our server CPU all the time. And if the security instrumentation gets in the way of that, that just increases our costs. It also could potentially impact performance and kind of add variability to -- you don't want the audio and the video stuttering when our users are in their meetings or in their webinars. But in some of these areas, we can't compromise, especially the endpoint detection and response. So we start with a prioritized list of requirements, and we evaluate those requirements and the different options that are out there to pick the best tools. And then when necessary, we can consider trade-offs where one tool might excel in a high-priority requirement and maybe be just good enough in a lower priority capability. And so in order to reduce the footprint of the stack, we may make that compromise or we may have to adopt multiple tools that are best breed for these different types of use cases.

Yes. Well, there's a few things to unpack there. That was really good, right? I mean, so you had performance, you had better protection, you had resilience of your IT infrastructure, a number of things that we certainly at CrowdStrike feel like we offer, and as you went through that process, it sounds like that was some of the decision-making that went into you adopting CrowdStrike Falcon. So just wanted to sort of circle back on a few points there and see if you could highlight a couple of things when you thought about CrowdStrike and the decision to move forward with it. I think you really did touch on many of those. Just wanted to see if there was any more that you may want to speak to.

Well, CrowdStrike Falcon was really at the top of our list for several of those prioritized requirements that we set at the outset of our evaluation. And the experience that we've had so far is the agents haven't caused any significant performance issues. The CrowdStrike platform supports our heterogeneous fleet that includes Linux in our data centers, Windows and Mac devices for our workforce. And then we've also got a combination of both physical data centers and a multi-cloud strategy, too, and CrowdStrike Falcon fits into all of those. We knew that CrowdStrike could scale with us as we saw the tremendous growth that we had last year. And I think also uniquely for CrowdStrike, we benefit from that continuous automated threat intelligence that's gathered through your large customer base and is enhanced with human intelligence as well. And so that's a bit of a secret sauce, I think, that CrowdStrike has is that we benefit not just from our scale but from the scale of your entire customer base, which is great.

Riding CrowdStrike, right?

Yes. Yes, that. And then also, I think it goes beyond the technology stack itself, right? So in 2020, we were approached by the NFL to support their -- the NFL draft in 2020, which obviously they couldn't do in-person at that time because of COVID. As you can imagine, an online-only NFL draft that had an audience of millions, tens of millions of people, you can imagine that was a potentially significant security target for the NFL disruption, whatever. Through our strong partnership and support working with CrowdStrike services team plus the technology stack that we had in place, we felt like we were really able to provide an enhanced service to the NFL during that marquee event. And we've leveraged the same learnings and capabilities across multiple very high-profile events that had happened on the Zoom platforms since then.

Yes, super exciting, right? Roger Goodell's chair, infamous chair on that Zoom. You spoke about that. If you just take something like an NFL draft, and sort of think about the business outcomes and the business value realized of security being embedded into all the processes of Zoom. Could you share some success or efficiencies your teams have realized?

Yes, I can. So this is a little bit more high level in general, but of course, we take privacy and security very seriously, and we believe that all of our customers have their own unique models and security requirements. So within our product, we provide a robust set of security controls and settings for our customers, and this includes options for meeting hosts to manage the security of their meetings in real-time with just a couple of clicks. Some examples include like controlling screen sharing and locking meetings and the use of waiting rooms and removing attendees, if necessary. Last year, we implemented, optionally, true end-to-end encryption where the encryption keys are invisible to Zoom so we can't see any of the data that's happening that's transferring through our data centers for the customers that need this level of security and privacy. And we also implemented flexible geographic data routing controls, which give account owners and administrators, who are paid accounts, the ability to customize which of our global data center regions they use for transiting their real-time meeting and webinar data. This year, we made enhancements to our user interface that now makes privacy information very easy for anyone attending a meeting to understand who can see, save, share the audio and the video and the data in a meeting. And I think very importantly for our Enterprise customers, our security and privacy settings can be enforced through a robust set of role-based controls that can be configured at the user level, at the group level and at the entire account level. And so that's some of the security and privacy enhancements that we've been focusing on for the past year.

And all of us think about that as we think about more information, more confidential meetings, more meetings just being held across Zoom, how do we make sure that we keep all that information secure? How do people feel trusted and go back to that word that we talked about trust Zoom to have the right controls to keep that information safe?

Critically important. And as Zoom becomes a bigger target in the cybersecurity space and the high-profile nature of the customers that we have that are using our platform, knowing that we have tools in place and partnerships with CrowdStrike to secure our endpoints and our servers, to be able to perform proactive threat hunting activities if we get security intelligence that there might be something mounting against Zoom or one of our customers. This really allows us to focus on what we do best, which is providing that frictionless video and audio and data sharing experience for our customers so that, that complexity of all of the security and all of the operational and scalability issues are hidden from our customers because that's why they trust us is that they don't have to worry about that stuff. And that's sort of why we trust CrowdStrike is that you're supporting us as, of course, we have to worry about that every day, but we know that we have that strong partnership with you to keep the infrastructure safe.

Thank you, Richard. Thank you for the time today. Thank you for your insights, and we feel exactly the same about our continued mission to keep you and all other customers safe together. And we do really appreciate the partnership.

Absolutely. Thanks a lot, Jim. Appreciate it.

Back to you, George.

Thank you, Jim and Richard. We're really proud to have Zoom as a customer, and we look forward to seeing you on stage again. So I want to thank everyone for their time and attention today. We know your time is valuable. We're certainly really excited about these announcements and where we are as a company and more importantly, where we're going. So with that, I'll turn it over to Maria for our Q&A session.

Thank you, George. Please note that this session is being recorded. [Operator Instructions] We ask that you limit yourself to 1 question and 1 follow-up. Our first question is from Sterling Auty of JPMorgan, and he will be followed by a question from Brent Thill of Jefferies.

So just a question about workload [indiscernible] and what other [indiscernible] to transport to the cloud you're still going to need a virtual firewall? What pieces of the puzzle does this occupy, and what's still going to be needed by customers?

Yes. Maria, maybe we can have him type that in chat because his comments just broke up there. We can come back to that question.

Yes, Sterling, your audio is a little garbled so if you could send it to us in the chat, that would be great. We will go to our next question, which is Brent Thill of Jefferies.

George, there's certainly a blurring of the line between security and infrastructure when you talk about being a potential data warehouse and doing other things with Humio. I'm just curious if you can kind of help bridge that divide and how aggressive you want to be there on that side? And just secondarily, if you can just follow up on Humio, where you stand with the broader sales force integration and the go-to-market plans.

Sure. I think it really stems from the agent itself, and we've got a lot of feedback from customers that they trust our agent. They're incredibly excited about the data and the telemetry that we can collect at scale. We've expanded out already, even before Humio, in collecting observability information above and beyond just security information. That could be identity information, could be health of the system, operating system, patch levels, things of that nature. So all of that is incredibly important. And from my perspective, it's something that customers have wanted for some period of time. And then when you have the ability to take observability information and fuse that into a Humio or a data lake along with CrowdStrike security information, we think that's a real win. So I don't see us being diffused there. We're always going to focus on our core. And outside of that, what we've done on the sales force piece is we've actually been able to create a specialist team that works with the broader sales force team to take advantage of the large sales force that we have today.

Brent, thank you for your question. Our next question is from Brian Essex of Goldman Sachs, and that will be followed by a question from Alex Henderson of Needham.

George, I just want to follow on to Brent's question. With regard of the impact of Humio on observability, what are the typical barriers that you're seeing from customers that have standardized on other platforms? I mean, I think Splunk is maybe the most popular one. What kind of gets them over the hurdle to adopt your platform more pervasively than something they may already -- some of them are really kind of enterprises we spoke to really kind of separate the analytics platforms on the network from security. And how is their mindset shifting to maybe consider your platforms instead of others that they're already standardized on?

Yes. So let me start and I'll turn it over to Mike. But if you look at the technology, whether it's replacing an ELK stack, which we've talked about, or another SIEM or something along those lines, I think when people actually see the technology work, they see that scale is an a-ha moment. And if you ask any customer, would you like to have the ability to log any information that's available on your enterprise and ask a question and get an answer back within a second, you'll get a resounding yes. So I don't know, Mike, if you want to follow on to that piece in a little bit more detail.

Yes. The only other thing that I'd add to that, Brian, is getting the data in. If people are obviously using an existing tool set, and they want to get data into something like Humio, they've got to look at an easy way of doing that, and that's where we've worked with people like Krugle. And we've got customers now that are sending data into their existing stack, and they're also sending it into Humio. And that's been fantastic, and we'll continue to obviously look to make things easy. And then also building our integration. So today, we released a heap of integrations that people have been used, and we'll keep adding to those. And it's just removing the friction in trying to get these tools up and running and get data.

Does that require building a new relationship with IT operations? Or is there a different way that you kind of penetrate a company with your platform?

Well, over time, we've expanded our relationship to IT operations already when we think about the Discover module, the ability to identify assets and discover information that's out there. We have a lot of IT teams outside of security that use the product for its real-time response to be able to roll out power shell scripts or take action. So I think it's really just a follow-on to what we've already done. Certainly, security is core to us. But with our specialist team, obviously, they understand how to sell into IT operations, a smaller team. And our larger sales force certainly understands how to sell security. And when you put the 2 together, I think we're going to have an effective selling machine. And I think over time, as we've proven we're pretty good at selling our technology and pretty efficient at it.

Our next question is from Alex Henderson of Needham & Company. And following Alex, we'll take Sterling's question via chat.

It seems pretty clear to me that you guys have really been a platform since the get-go. I remember you talking about platform before your IPO. And the term XDR has only really come on the stage recently. It strikes me that you've been an XDR from the get-go, and you're just really adopting marketing terms that are being used by other people as opposed to defining this as a new category. And I was hoping you could talk a little bit about how you see the problems that companies that are redefining themselves as XDR companies could fit in that. And then second part of the question is it looks like you've announced 2 new modules here, going from '19 to '21, is that right? And are they all GA? And can you talk a little bit about the pricing implications of all of these additional features and tool sets that you've announced relative to your existing pricing structure?

Thanks for the question, Alex. Yes, so it's a great comment that you make around XDR. And I think I probably couldn't have said it best myself. I think if you look at the marketplace, XDR is a term that's getting thrown around really a lot these days. And it's by a lot of people that are either trying to redesign or reannounce an existing SIEM capability or in many cases, it's a lot of the network vendors that are talking a lot about XDR. But your comment around us always providing XDR use cases is absolutely spot on. If you look at the sense of the agent that we have, we added network telemetry as part of that. We added asset information. We've added identity. We've added hygiene information. So broadly, looking at the capabilities, we could have been talking about XDR for years now. We could have had it all over the website, but that's not to us what we think of XDR. When you look at the announcement that we talked about today, it's then taking that next step and taking third-party telemetry and putting that together with the CrowdStrike's Threat Graph. It's the small use cases that we're looking to extend into by taking CrowdStrike and third-party data. But what makes this uniquely different is we want to take the capability like our artificial intelligence, like our indicators of attack, like our threat hunting and extend that across to these third parties. And that's why it's called extended detection and response. So that is critical to the announcement that we've made today. Your question around the modules we have gone from '19 to '21, and they are [ chargeable ] capabilities that are part of the platform that we've announced.

I'll now read Sterling Auty from JPMorgan's question over e-mail. The complete CWP discussion from today for Cloud Workload Protection, does this cover 100% of a customer cloud needs? Or does it still require layers for proxy as an Zscaler, virtual firewall or other [ pieces ]?

I'll hit that and Mike can certainly jump in. It's certainly focused on the ability to provide workload protection, as we've talked about in the past and visibility, and that could be a virtualized workload as well as a container and also ties into our Horizon capabilities, which focus a lot on policy configuration. And as we've seen in the past, there's a lot of companies that unfortunately get themselves into trouble. It can be very daunting to configure some of these architectures and make sure that there isn't one mistake or one hole or open file bucket or what have you. So we're really excited about this. It's something that we've gotten from customers over the last couple of years looking for this, and we're delighted that we're able to now offer this to our customers. I don't know, Mike, if you have anything else to add to that?

The one comment, George, is obviously the uptake in Complete has been significant, and customers love the fact that we take control over the management and we provide customers with information about what we fixed, and we're extending that capability to our cloud offerings. So a lot of excitement from customers that want to extend into that capability. And it's part of an overall strategy to include a number of different technologies from CrowdStrike and our partners to the question around additional capabilities from Zscaler and others.

Our next question is from Ittai Kidron of Oppenheimer and that will be followed by a question from Gray Powell of BTIG.

Guys, good to see a great announcement today. I guess I wanted to dig into the XDR alliance. It got to truly deliver on its vision. It needs to have as much information as possible from all kinds of third-party tools. Can't help but notice, but there's a very clear list of companies that are direct competitors of yours and companies like firewall vendors that are not part of the alliance here today. And so in what way would the XDR solution be able to deliver on its vision right out of the box versus something that will, over time, you'll be able to deliver on as you get more and more integrations and access to third-party data? And do you think there are parties that will not want to be part of this alliance? What kind of blind spots does it create for you?

Well, it's a great question. And these were really launch partners. The alliance is open. We're helping create the ontology. So let me just explain a little bit which is we spend a lot of time on this concept of how to organize data, we call it ontology. And we're basically extending that out and that framework to work with other partners, so that there's a common language that these vendors can speak so that XDR can be realized. So when we look at what we came out with today, that's really just the launch partners. We'll open that up to anyone else that wants to be part of it and integrate with it because we think it's good for customers. So it doesn't mean that any of our competitors or firewall vendors wouldn't be part of that. They have to participate in formatting the data the right way. But really, what we're trying to do is to help drive a bit of a standard, if you will, so that we can exchange data and ultimately solve a big problem for customers. And I think at the end of the day, open is good, and we want to get the right outcome for customers so we can all speak the same language behind the scenes.

Got it. Maybe if I reverse it, George, would you be open to customizing your data to feed into other third-party XDR platforms?

Well, our data does feed into other third-party platforms at this point. I mean you can basically connect to it with Falcon data replicator, you can do whatever you want with it. I think from our standpoint and what we've talked about and you heard in Mike -- if you saw in the keynotes or Mike talking, it's really about starting with the best XDR and -- sorry, best EDR and the XDR obviously extends that out. So obviously, we're a little biased. We think we do have the best XDR and EDR solutions. And you have to start with that. So at the end of the day, from an API perspective, we work with all the other vendors out there. We're really trying to focus on solving customer problems, and we'll continue to do that.

Our next question is from Gray Powell of BTIG, and that will be followed by a question from Gregg Moskowitz of Mizuho.

Okay. Great. question. Can you hear me okay? I had some audio issues before.

Yes, we got you.

All right. Great. Yes. This one might be so easy. I'm almost embarrassed to ask it, but I think I'm going to want to do it anyway. Can you just help us understand the difference between Falcon Advantage, which I believe you said is the new SIEM product versus Falcon XDR, which pretty much sounds like it does a lot of the same things as a SIEM. Would customers potentially buy both of these products? Or are there situations where one might be more appropriate than the other?

Yes, I can jump in. Gray, it's Mike. FileVantage is a file integrity monitoring system. So the whole concept of FileVantage is to allow you to define files or folders that you want to monitor and also enforce control over. So you may want to use this to lockdown certain directories and only allow certain people to connect to, you may want to lockdown and prevent any changes, really good for dealing with insider threat use cases or maybe a malicious insider that you want to lock out. Also really good to deal with change control. So you may want to make sure that certain parts of the server are changed and you only allow people once they're approved. So great technology that we've built in-house on top of our current capability, on top of our agent. It means that you don't have to roll out any additional infrastructure. You don't have to roll out another management server. So that FileVantage was part of the announcement today. XDR, as mentioned earlier, XDR is extending detection and response beyond just the endpoint to take in some third-party data, whether that's coming in from the network or from an e-mail or from web as an example. So slightly different use cases.

Okay. That's really helpful. And then just one other quick one. With the enhancements in Spotlight, is there any change in pricing on that module? Or is that just basically making your products more competitive in the vulnerability management space?

No pricing changes. We've continued to evolve the product from when it started. And we've added a tremendous amount of capability. And that's our general philosophy is start with a specific use case and extend that out. And we've seen a tremendous reception on that. If you look at sort of the zero-day Tuesday, as we talked about earlier, it's a big problem right now to prioritize. So that's just another feature that we're adding in, we continue to add a lot of value to our customers in the platform itself.

Our next question is from Gregg Moskowitz of Mizuho, and that will be followed by a question from Shaul Eyal of Cowen.

All right. Great. Great presentation today. So 2 questions. First, given that Humio is a core component of Falcon XDR, it will also continue to be sold stand-alone. Which solution will you be leading with [ once XDR GA ]? What will the sales motion be like?

Well, I think the sales motion is going to be focused on what problem are we solving. And like any of the modules we have, right, we've got everything from core security and endpoint security to threat intelligence and forensics, right? So I think the motion that we put in place is what are the real challenges and problems that customers have once the sales force identifies that they can hone in on specific opportunities and then be able to convert that. So when you look at XDR, I think it's a natural upsell because it's just another endpoint upsell, if you will. It's a very natural motion to have. And then when you look at Humio piece, I think a big part of why we're excited too is the freemium element, and that is people are going to download the product. They're going to use it for things that are not even security related, right? So we're going to have the ability, as we always have to kind of self -- have the platform self-select, what's really important so that we can surface that and really focus the sales force, whether it's the specialist sales force or whether it's the broader sales force.

All right. And then secondly, so the leading vulnerability management vendors, they all talk about prioritizing vulnerabilities and targeting remediation efforts. Naturally, you don't have all the capabilities of a VM solution and vice versa. But can you expand on what makes expert AI different when it comes to prioritizing risk?

Thanks, Gregg. I mean, the big thing that we looked at was how do we help customers work out. What the most critical vulnerabilities they need to focus on first. So you are correct. People have been trying to solve that problem for quite a while. I would basically say that customers still struggle with this today. So one of the reasons why we worked on this was to help people look at a number of different factors, look at a number of different data points. And then using that capability that we've built, help organizations focusing on what the most high-risk vulnerabilities are that they need to patch as quickly as possible. And we're really, really excited about the models that we've created. The AI team has extended their capabilities. And we think it's going to help customers really focus in on what's the most high severity issues that they need to address as quickly as possible. And it's all part of the Falcon platform, part of the Spotlight module.

Our next question is from Shaul Eyal of Cowen, and that will be followed by a question from Roger Boyd of UBS.

George, FileVantage would seem to be taking you towards the data security category or Varonis is one of the notable players. With that in mind, is that the right way to look at it? And maybe as my follow-up, I know we don't have [ bert ]. I know this is not a financial session, but...

My design, we don't have [ bert ].

Sure. No, but maybe just directionally, with all the announcements, the new categories, maybe subcategories you guys are heading into. Should we be thinking about your TAM as further extending down the road on the heels of what you provided back in April during our Analyst Day?

Yes, it's a great question. And no doubt we've expanded our TAM. We'll have some updates to that given the announcement that we have today. When we think about data itself, it's really important. And what we've really been able to do is to tie a sort of a 3-legged stool, which is you take the health and hygiene of the system itself or workload, right, that just call it an end point. Is it protected? Is it -- does it have the right hygiene? You tie that with identity, right, which we really have focused on with our preempt acquisition and they tie it to the data. And this is what customers are asking for. And again, we're pioneering tying all this together, and we think it's really, really important as we go forward. And if you think about today's environment, data just flows everywhere. It's not just confined within the firewall itself. So we're excited about the capabilities. It's not as feature-rich as some of the stand-alone players that are out there. But again, for V1, we're really excited. And like everything else, it's part of the overall frictionless agent that we have. And I know the customers who have been working on this with us, we're really excited about the capabilities here, and we'll continue to extend that out into the data arena.

Our next question is from Roger Boyd and our last question will be from Benjamin Bollin of Cleveland.

Can you hear me now?

Yes, we got you.

Sorry about that. Just a quick question on the work you're doing with Accenture. A lot of great work there. I appreciate that session. Just curious about how you think about working with partners there versus scaling your own internal IR and Pro service business. And you've also consistently talked about the idea of a 5:1 upsell opportunity from service to software. I'm curious how that upsell opportunity looks as you work with more IR partners there.

Well, Accenture has been a fantastic partner. And really, when we think about our services, it's a very small portion of what we do, but we do get the multiplier effect as you talked about out of it. And we do partner with larger companies like Accenture because there's just a much broader opportunity for them. When we think about digital transformation or security transformation, creating new policies and spending a lot of time with customers. That's their bailiwick, right? If we get called in for an incident response, we're in, we deploy our technology, we're out. And it's a great lead behind and an upsell. And that's really what we're focused on. We're very partner-friendly with all the large service providers. And there's only a few things we do. We're doing really well, and we will partner with them. A lot of times, even if a service provider has incident response, they may call us in because we have expertise in a particular area. But when you look at Accenture why we're so excited, they've got the reach. They've got the Board level context and they're spending a lot of time transforming companies. And security really is a transformational element of any company as they go forward. So we'll continue to focus on that, and we'll continue to work on the upsells with our incident response practice.

Our next question is from Benjamin Bollin of Cleveland Research.

I appreciate you doing this presentation. George, I was hoping you could talk a little bit about how you think about bundled selling motion with 21 modules, new analysts on the name, but it's hard enough for me to keep those straight. How do you think about customers understanding the importance of all those what you're doing, bundling that? Is that something that you think CrowdStrike is meant to lead? Is that a partner-led initiative? Just any thoughts on that? And then I have a follow-up.

Yes, it's a great question. And as I said before, I spent as much time trying to build scalable technology as they do a scalable sales motion. And I think we've done a great job in that area. So when you think about where we are today, it's really outcome-based selling. What problem is the customer trying to solve? Is it just core endpoint? Is it a threat intelligence problem? Is it an issue around observability? So every conversation when we're engaged starts at that level, and then we can drive to the specific modules. And we have 21 modules, but we only have a few categories of endpoint, threat intelligence, managed services. So it makes it a lot more reasonable once you get to just a handful of those. The other piece that I really want to focus on is the fact that we've got a very friction-free motion internally. So as a customer, and it's one thing to land a new customer focused on their outcomes. But as an existing customer, you can just put your hand up and say, "I want to try a FileVantage" or "I want to try our firewall protection module." Whatever it is, you can try it. And then obviously, there's a lot of analytics that come out of that, that gets into the inside sales team or the field sales team. And that allows us to be very efficient in having the customer self-select what they want to try from a cross-sell perspective. So that's that piece there. And then obviously, from a partner perspective, some partners will be more focused on observability and data and the core kind of SIEM and logging and others are going to be focused on core security. It's a matter of working with them and enabling them whether it's in the U.S. or whether it's outside to basically hit their sweet spot and each partner is a little bit different.

The last thing is, you talked about the extending the breach of protection insurance to -- I think it was the Cloud Workload Protection complete, CWP complete. Could you talk a little bit about what you think the breach protection insurance has done to date? How well received that has been? And if it's done anything to the broader motion or adoption or new customer additions, just thoughts along that?

The warranty that we have?

Yes.

Yes, I think it has certainly given a level of comfort to customers because we're willing to back up our technology and with a warranty, right? And there's a lot of companies that won't do that, or if you look into the details, it's more of a marketing game. This is a real warranty. So from that perspective, I think it's really important. And also -- let's keep in mind, too, there's really a challenge right now with cyber insurance. The rates are all up if you can get it, and it's a real problem that's here in the industry. It may not be so well known. So our customers, particularly Complete customers get a discount on their insurance in addition to being backed by our warranties. So I think it's 2 pieces. We put our money where our mouth is and back our product and service. And the second piece is we actually provide a way for companies to drive down their insurance cost, which has been very effective. Okay. Thank you. I think, Maria, that was our last question. So I want to get wrapped up here. It's been an action-packed fill day at Falcon. I still wish that we could be in person. I hope we're in person next year, but we've put together a lot of content. I know there's a lot to consume. Hopefully, you can go back and watch some of the videos. We're super excited, obviously, about XDR, about Humio, FileVantage, about the alliance that we put together, really helping, again, as we've done in the past is define the industry and drive it forward with a standard that's good for all customers and partners, irrespective of the category that they're in. So with that, I just wanted to thank everyone for the time and attention. We'll see you on the next earnings call, and I always wish everyone well, and stay safe. Thanks so much.