CrowdStrike Holdings, Inc. (CRWD) Earnings Call Transcript & Summary

All right. Well, thank you all for joining us at the UBS 2021 TMT Conference. I'm Roger Boyd. I cover cybersecurity and software here at UBS. Next up, we have CrowdStrike. Very happy to have CEO, George Kurtz; and CFO, Burt Podbere here. We have a Q&A option available. You can submit any questions using the form on the side, and I'll be happy to forward them onto the management team. So with that, George and Burt, thank you both for being here.

Great to be here.

Great to be here. Thank you.

Awesome. So maybe just to start off, you reported earnings last week. The rate of growth continues to be quite impressive even as you start to lap some pretty large numbers. Maybe we can just start with a high level -- maybe a recap of the quarter and the key drivers that really led to the results.

Yes. So thank you. I think if you were to look at the entire quarter and really think about it in one word, it's execution, and it's strong execution across the board. Whether it's large enterprise, SMB, our core product areas, our new product areas, you would have just seen very strong and robust demand. As I mentioned on the earnings call, a very favorable competitive environment and certainly a long way -- a long runway in replacing legacy technologies, like Symantec and McAfee and Microsoft, and new areas of -- that are really exciting for us. We called out identity and Humio and certainly identity really hitting an inflection point. So overall, very strong execution, great competitive environment and lots of customers still need world-class protection based upon the legacy technologies that they're using. So that's kind of the 2-minute wrap-up of the quarter.

Yes. Perfect. We can jump into that. And I want to get to the broader platform in a second because I think that's a critical piece of the story. But to maybe first talk about the endpoint security market. CrowdStrike's first decade as a company, you've now amassed, call it 15,000 customers, growing that customer count to 75%. Despite all that, you consistently -- you've consistently talked to the idea that this market is much larger. So I wonder if you could talk a little bit about the opportunities still in front of you, maybe relative to that legacy customer base out there.

Well, yes, when we think about the overall TAM, we've talked about a $55 billion TAM in CY '22 and going to $67 billion in CY '24 with the existing portfolio and then future TAM expansion up to $116 billion, which includes some future products and things that we're working on. So overall, obviously, we're in a big market. Security is big, and there just isn't one vendor that's going to be able to service the entire market of security because it is very specialized. And the area that we've carved off is endpoints, workloads, which we've talked about, but even much broader now when you think about identity and data and really some core areas that fit within our overall platform, but don't stray too far from the knitting of the company. So from our perspective, we've been successful in many of the core areas. But as I called out, when you look at identity as an example, when you look at Falcon Complete, when you look at cloud workloads, these are all areas with tremendous growth inside the organization. And I think we're still in the very early innings there.

Got it. Makes sense. And then another point from the quarter, you called out the competitive environment and talked about not only the competitive environment remaining pretty favorable, but also the pricing and discount environment being fairly constant. You didn't mince words with the competitive wins commentary. I wonder if you could just briefly highlight what you mentioned on the call and how you're thinking about the competitive environment now.

Well, we think it's still very favorable, whether it's the legacy players, which, again, are the bulk of the endpoints that are up for grabs, right? I don't think there's any question of capabilities, replacing a Symantec, a McAfee, a Microsoft in many environments. Obviously, with the next-gen players, we've called a few of those out. And the big thing is you have to have technology that actually works. You can't just throw up a PowerPoint and say it looks like CrowdStrike, here you go. And there's some level of physics involved in making this stuff work at scale, and we've perfected that over the last 10 years. So from our standpoint, a, it's a big market, well, I mean, we'll start there; but b, on the competitive nature, the bulk of where you're going to see a lot of replacements, obviously, is in the legacy area, and we continue to do that. That continues to be a multiyear journey. It's not like Symantec and McAfee, Microsoft, it's not like they don't have a bunch of customers because they do, and you're going to catch those customers generally around a renewal time. So it's always this constant flow of new renewals that are coming in that we're able to convert over.

Got it. Okay. And then last question specific to endpoint. Is it fair to say that the security industry, as it works through frameworks like Zero Trust and new challenges around remote work, is it fair to say that endpoint security is becoming more important? And if that's the case, are you seeing enterprises spend more at endpoint today than they have in the past, that would be relative to their overall security budget?

Well, it's critical, and I'll make the distinction a bit, and we've talked about this on a number of calls. It's really workload security, and endpoint is just a form factor, right? When I think about workload security, it really is something with network, compute and storage, and there are a lot of devices and virtual incarnations of that, right? So whether that's a cloud virtual workload, whether that's container, whether that's kind of serverless function workloads, those are all things that need to be protected. And that's why you've heard me, over the last couple of years, talking about endpoint like, yes, it's a category, but you need to be thinking much broader than just endpoint. I think about endpoint as a laptop and a server that sits on-prem or something or I mean, laptop, obviously, can be mobile. But when you're thinking about all these different workloads, I mean, you have IoT, that's a workload. So all of those are available to us, and that's something which we're obviously taking advantage of. It's absolutely critical as well because when you think about the breaches, the network is just a highway to get to the businesses and the houses to rob them, if you will, right? And that's the desktops and the servers or virtual environments. There's a lot of technology on the network side that, certainly, it's good hygiene, but ultimately, you're breaking into -- the bad guys, the adversaries are breaking into and stealing data and disrupting the endpoints and workloads. So that's why organizations have really focused on that from a risk perspective. And then when you look at things like ransomware, they really represent an existential threat to organizations. And it's moved from, hey, this is really annoying and my computer is encrypted too, could we be out of business because our entire business is now down.

Yes. I think that makes sense. And then the broader platform, it's -- today, you've got 21 modules across a number of different areas, not only endpoint security, but IT operations and cloud security. And maybe you can call 4 to 6 to 8 of those true endpoint security. You now have 1/3 of customers using 6 or more total modules. What modules are you seeing the most successful today maybe outside that core endpoint security space? And how receptive are customers to the ability to consolidate different endpoint technologies through your single agent?

I'll start maybe and then turn it over to Burt. So just to be clear, we have other modules in the hundreds of millions of dollars that are outside of just what we would call the core big 3 modules that we've talked about. So just to kind of give you a size and scale, we've got a lot of traction in modules outside of just the big 3. When you think about the opportunity that's outside of just security, you look at things again, like again, you look at things like intelligence or Humio. These all represent great areas of opportunity for us. And things like Spotlight have done really well on the Vulnerability Management side. So overall, as you pointed out, we've got 21 real modules. Our competitors have like 2.5, if they're lucky. So these are real modules with real revenue attached to them that we sell as individual SKUs, and obviously, there's some bundling that we do. But at the end of the day, we have a great opportunity to replace other agents that are out there. And I don't want to just gloss over that. There is a massive need for agent consolidation, and we've been able to do that. On average, IDC says there's 13 agents for a large enterprise. If we can consolidate 4, 5, 6 of those agents or more, that's a great opportunity for us because it's more TAM expansion, and it also is great for the customer because they get rid of cost and complexity. And it ties into our TCO and ROI sale, right? Let us get rid of things that you don't need, and you can spend more money with CrowdStrike.

So I think, to add on to George's points, I think that when we think about going into a customer, we do something called a business value assessment, where we would go in and look at their environment and see where we can come in and show the value of what we bring. And obviously, to George's point about TCO, total cost of ownership, we're coming in to bring that down, greater efficacy, a greater diversity in what they plan to achieve, to solving the outcome, of stopping the breach at a lower cost. At the beginning of the year, we had an investor briefing, and we talked about the module growth dynamics. We had -- we bucketized it into 3 different buckets: hypergrowth, high growth and specialty. And the hypergrowth modules, those are the ones that have growth rates significantly higher than our overall customer growth. That included some of the things that George talked about, Spotlight; we also have Device Control; Falcon X, which is our intelligence bundle; as well as Falcon Complete, which really is us going in and helping the customer through the -- running actually all of our tech for them. And that's been a big win for us. Every year, we see tremendous acceleration -- sorry, tremendous growth there, and we are super proud of being able to do that for our customers. High growth, which are growth rates similar to overall customer growth, include things like Discover, which is, of course, outside the security, specifically Insight, OverWatch and Prevent. So we're kind of in a great spot. You see the numbers in terms of module adoption by our customers. We give out numbers of 4, 5 and 6 in terms of adoption rates. Very soon, it will only be 5, 6 and 7 because 4 is growing to the point where most of our customers are having it and we're going to just focus on 5, 6 and 7 and then 7, 8, 9, et cetera. So hopefully, that helps.

It does. It does, Burt. And maybe a follow-up there. I mean you've been operating at a net retention metric of 120%-plus since you became public. And I guess, relative to that maybe 4, 5 module average, what's the typical upgrade path you see with customers? And can you also talk about the frictionless trial and buy motion you have relative to your platform and the benefit you have of using one agent and being able to leverage technology on a seamless fashion?

Yes. I mean you've hit a topic that is so near and dear to George's heart, with respect to the frictionless motion, whether it's our in-app free trial -- or sorry, our trial-to-pay or in-app trials. Either one, we're really ripping out the friction and making it easy for the customer to again go in and cross-sell, upsell or come in for the first time. And we spend a lot of time on that. And we spend a lot of time on working with the sales team, working with the engineers, working with customers, to figure out how do we make it really easy for them to either come in for the first time or to upsell or cross-sell, which benefits our net dollar retention rates. I think about how we have this opportunity in front of us, right? We continue, obviously, to go after new logos, but we have a tremendous opportunity to upsell and cross-sell our existing customer base. And whether they started with 1 of our big 3, that George talked about in terms of modules, or they come in through even identity with our Preempt acquisition or Humio, we have this great opportunity to kind of go and tell the customer, "Hey, look, we have 21 modules. Let's make something that -- let's work something out that's best for you to solve the outcomes that you're looking for." But in terms of how George thinks about all that, let me pass it to him then.

Well, yes, I think you hit on a couple of key topics, Burt, and we have spent as much time on the scalability of the sales model as we have on the scalability of the technology and just the ability to cross-sell. They have the platform. At 21 modules, you have to have people self-select what they're interested in. And if you want to try a module, you can do that for 15 days. It goes into the inside sales team. It's all flighted. We kind of know what customers want, and then we can go, kind of like a SolarWinds sale, [ to move and we'll ] get it into the field. So that's gone really well. Now we have a Community Edition for Humio, which, in 6 weeks, we got as many community members as we thought we would get in 6 months. So that's going to see the market. And then also, when you think about -- because you had a broad question on the cross-sell, when you think about our opportunity and just the way we think about it maybe, is we're looking at the total wallet share over a period of time for a customer, right? So 21 modules, I mean, we started with one. We're 21 today. We keep adding new modules. So there will be new ones. Obviously, there will be probably some other acquisitions at some point in the future. We're always looking at that. And even if there's an area where we discount, and software, I mean, you have some discounting that happens, and the more you buy, the bigger the discount you get. I mean this is normal software. But even if some of that happens in some areas, it doesn't mean that you have to discount in other areas, which I think is really an important point. We have identity as an example, and no one else does. That's specific to the endpoint. And again, I always want to reiterate the identity piece is complementary to like an Okta and not competitive. We actually share information. But all of those unique modules allow us to create value and maintain that value as we look at the total wallet spend for a particular customer, not just in 1 year, but over 5 years. And I think that's what's really compelling about the model that we've built.

Crystal clear. And that makes perfect sense. Maybe touching on one of those acquisitions. Humio is the most recent. You bought that at the beginning of this year for index-free log management. And you noted that you're -- at Falcon, in October, that really one of the use cases there is again XDR more efficiently. And so wondering if you could talk a little bit about that, but then also the broader use cases for a technology like Humio outside XDR in terms of user behavior management or analytics and whatnot.

Sure. So when we looked at Humio and all the other technologies that were out there, by far, we thought it was the best technology with a fantastic team. Index-free, as you mentioned, very cost efficient to run, built on modern cloud architecture technology. And it just works and scales, and it's very fast. You certainly have log observability. But I would go even a little bit broader and what we found is really a telemetry platform. And a lot of large companies are looking at this, not just as log, but real telemetry, to make decisions on. And we've talked to a bunch of Humio customers. That's what they're using the technology for. It's not just security. And then they connect it literally into everything they have. I mean it's connected into some like train networks and crazy things that you wouldn't necessarily expect. So that's where Humio, from a full collection -- basically collect any data you want, as much of it, and answer any question in real time. That's the whole premise of Humio. And then we've taken some of that technology and we've adapted that for XDR. So as most know, we've got the Threat Graph, which is structured data, which we built, which is part of the reason why things work so well because we control the data sets. But then, for XDR, you have to plug into other people's architecture, and it gets a little messy, right? Not every system name and IP are called the same thing, so you have all these different mappings. And Humio allows us to very efficiently map all this information and pull it in. And then really, what XDR is focused on is making a threat detection outcome, right? So is there some advanced data set that goes beyond something that we would have to make an advanced threat detection. The reality is 80% of the threat detections or more, it's probably 90%, are going to come from the endpoints and EDR, and that's the key thing. If you want the best XDR, you have to start with the best EDR because XDR is just an extension of that. So we've taken the best EDR in the market, which is ours, and we've now extended that to connect into other people's technology. So 2 things there. You get advanced threat detections. And then also, you would get a broader attack narrative. So things happened at the e-mail gateway or at a web gateway or firewall and they went all the way through, and we stopped it at the endpoint. You would have that full story to tell. So that's the way we look at XDR versus Humio, and we're investing massively in both areas, including Humio, as part of the platform, but as a stand-alone log observability telemetry platform.

Got it. That's perfect. Maybe hitting on MDR, it really feels like, for CrowdStrike, solutions like OverWatch and Complete are real differentiators. And the MDR market seems to be on fire. What sort of growth are you seeing with those modules? I know you talked to pretty massive growth in the customer bases there. And then secondly, in addition to approaching this market directly, you also work very closely with partners there. And I think there's maybe a rumor out there that you didn't work well with MSSP partners, but in fact, you've actually seen some pretty good growth there. So maybe dive into a few questions there.

Well, I'll start with there's a lot of misinformation in the flood that's out there. And I think the facts speak for themselves, the 30% growth with MSSPs. We've got a lot of MSPs -- MSSPs making a lot of money with CrowdStrike. So I'll start there. And then when you look at the individual offerings, again, OverWatch, we pretty much pioneered cloud-delivered MDR. Like it wasn't even called MDR before Gartner gave it a term. And we were doing that, which we thought was needed in the market. And then you look at things like Falcon Complete, which as Burt called out, it is one of our hypergrowth areas, and it's very, very scalable because of all the technology that we've built on the back end of it. And it's something that's really needed. If we think about the labor shortage for a lot of companies and the expertise shortage, some say there's a $3 million job deficit in security. So how are you going to get that covered? And you have smaller companies that have a lot of risk. There's like 20,000 billion-dollar companies out there, right? So I say smaller, a $1 billion company is not really a small company. They have as much risk or more as some of the bigger financial services companies, but they can't staff it. They don't have the expertise. So to come in with Falcon Complete and take someone from a Level 2 to a Level 5 in maturity in the endpoints and workload area is very compelling, backed by a $1 million warranty and also getting discounts from insurance providers. So it's very compelling. And I don't know, Burt, if you have any other comments there because I know you track a lot of this very closely, including Complete, and this is one of our crown jewels.

Yes, absolutely. Thanks, George. So just to dovetail on the thoughts around Complete. So 2 things there. One is, hey, we've done a lot of work on the flighting. We've built our own proprietary playbooks, which makes it really smooth and efficient in terms of us being able to manage for them. But also, the MSSP can leverage that as well. The MSSP, obviously, they handle a much broader thing than just security, and we can fit in nicely with respect to their overall offering. And Complete does just that. We spent a lot of time in terms of growing out the organization, flighting it, automating it, making it really easy to understand. Obviously, Humio was a great acquisition, to give us even more information to work with and even making our -- it enriches our already fantastic graph technology and the data that sits in there. So we're really investing in making sure that, that continues to be a success and making sure that our partners continue to make money and making them successful. So really excited to see the traction on Falcon Complete for us and also for our partners.

Yes. And just let me reinforce that because I think that's an important point with a lot of misinformation out there. We actually work with our partners where, instead of us going to the end user customer, our partner becomes the main customer, right? So we may have customers that we're interfacing with as our partner. But basically, we interface with just the partner because they're offering a broader service on top of it, right? So we're only handling the, kind of the MDR piece of endpoints and workloads, and they might have firewall management or some other things that are out there. And we actually just plug into their architecture. And as being the manufacturer, we have a good view of how this works and how we do it at scale, and we have partners that base to a -- say, well, why would I want to do that if I can just plug you in. And if they have that capability, no problem, they can lead with that capability, and we'll follow up with the software and we make sure that we minimize any conflict that's out there.

Got it. Makes sense. Maybe shifting to Cloud Security. You've introduced a handful of metrics in how that business has been tracking in terms of number of service protected. It's, call it, 25% of service protected in the cloud and so-called 1 billion containers on any given day protected by Falcon agents. I guess thinking about competition in that market and recognizing it's very large and maybe not very well-defined today, with lots of innovation, how are you thinking about the breadth of your platform today? And how confident are you that you have the pieces to compete across use cases and different ephemeral environments.

Well, we're very confident in that area. And I just want to maybe level-set a little bit because when we think about cloud and cloud security, there's many areas, but there's a few that are really important. One is Workload Protection, which, again, from our standpoint, if it's a desktop or an ephemeral workload, it doesn't really matter to us. We've adapted the technology to work across all of those different form factors, even containers, even things that may not seem intuitive but you have to keep track of all these containers. And [ when you're there and they are gone ] or if it's a function, when you want to go back from an EDR perspective, you need to know which one it was, right? So there's a whole bunch of science that goes into even just keeping track of these 1 billion containers so that you can go back and look at something. So that's Workload Protection and visibility. That's one piece. The other piece is Cloud Security Posture Management, and that is the agentless technology that we've developed with Falcon Horizon. And I want to call out that, that is something that we've built for many years. We only commercialized it over the last year or so. But we had to build it because there really wasn't any technology out there that was what we needed as running one of the largest clouds in the world. So we built it, we commercialized it, and it's been very well-received. Agentless ties into all the clouds. And not only does it look for misconfigurations, which our competitors do, but it also looks for things like indicators of attack. So we've taken a lot of the knowledge that we have of adversaries and how they work and kind of the behavioral elements, and we programmed that into the Cloud Security Posture Management. So not only are you going to get misconfigurations, you're going to get where things are out of compliance with certain areas, but then you're also going to get attack information, potential attack detections and preventions based upon taking that indicator of tech know-how and applying it to cloud.

Got it. Okay. Burt, maybe shifting back over to you. One metric that's caught investors' attention over the last couple of quarters is the net customer adds. You added 1,600 this last quarter and 1,700 in 2Q. Historically, that seasonality has looked a little different. But with the success you're seeing across different customer cohorts, maybe there's more variability of those numbers. So curious if you could talk a little bit about your ability to continue to add to customers at such a rapid clip. And maybe you could frame that relative to some of the legacy endpoint players out there in terms of customer size.

Exactly. I think that's a great point. So obviously, we're really proud with the performance in both Q2 and Q3. This quarter and last quarter, we added both -- we added over 1,600 net new logos. And to do that twice in a row, that's a great feat for us. And when we -- we posted 1,607 this quarter, 1,616 in Q2, but that really just goes to the fact that what we're doing is working from a platform play. And ultimately, whether it can -- ultimately whether it fluctuates up or down any given quarter, it just means 1 of 2 things. One, if it fluctuates, it could mean that we had bigger deals and more expansions, like we saw this quarter versus last quarter. And I think the main thing that I would love for anybody listening and your audience is that we focus on ARR. Our reps are comped on ARR. And whether it comes from a new logo or a cross-sell and expansion, at this point, we're going to pay the same. And for us, we think there is a tremendous amount of headroom in both net new logo and cross-sell expansion. Look, we're extremely proud of the over 1,400 -- 14,000 -- 14,500 customers that we have today. Having said that, that's a drop in the ocean compared to what some of our competitors have had in the past, hundreds of thousands of customers. So we think that we have a tremendous amount of headroom to go after both. And we think that we are in a great spot to do it. And we think that whether we go after the net new logo or whether we go after cross-sell or upsell, today, it's -- it doesn't matter, right? Today, we have so much to go after that we're in a really, really great spot, tons of runway on both. But again, I want to make sure that everybody focuses on the fact that what matters to us most out of all this is our net new ARR. And that's something we're actually giving out, which a lot of our folks don't do, but we think it's the right metric for everybody to focus in on.

Makes a lot of sense. And then, Burt, maybe to follow up on that. CrowdStrike has always been a seriously metrics-driven company, and you frequently talk about your magic number. So can you talk a little bit about how that's trended and what that means in terms of your sales and marketing investments?

Yes. No, it's trended very high when you compare it to the benchmark. Pick a benchmark. Some people look at 0.8 or 1.0 for the magic number. We've been hovering at the 1.3, 1.4 mark. We came down just a tad this quarter versus last quarter, and that's okay because it's telling us, when we're at those numbers, that we need to invest more and we are. We're investing more. We want to continue to invest more. We have a tremendous opportunity out in front of us, and we wanted to go capture it. We have a very efficient model. And I always talk about the fact that we're obviously going after growth, but we're going after growth in a very thoughtful manner. We're investing for growth. We feel that we have an opportunity to go after growth. But at the same time, we want to make sure that all our metrics kind of are in line and that it makes sense for what we're doing. So we're investing for growth. But at the same time, we've got an eye on the bottom and all our efficiencies.

Got it. Okay. And then, Burt, this is another...

Look, if I can just add on -- sorry, if I can just follow on to that because it ties into it. Rule of 40 coming in at 77%, I mean, at our scale, it's just remarkable. So obviously, you look at the magic number and you look at a bunch of other metrics that make that number work. But I wanted to point out, at over $1.5 billion in ARR, the magic number of -- pardon me, a Rule of 40 at 77% is truly remarkable. So I think that's a testament again to the sales model of what we've been able to build. And the efficiency, we didn't talk too much about it, but obviously, these modules, the whole idea is you collect data one time and then you monetize the modules on top of the platform, right? And that served us really well.

Got it. That's helpful. And maybe a question for both of you, but the entire economy is focused on the competitive market for labor. And Burt, you mentioned -- or George, you mentioned, call it, the 3 million unfilled security roles. How do you think about the competition for labor and the so-called great resignation? How has that impacted your ability to hire, retain talent and really attract the top-tier security talent?

Well, certainly, any tech company of scale, even smaller ones, are going to struggle with that. But I think, at the end of the day, one of the things that we focused on is being a remote-first company. We did that since I started the company back in 2011. It was always about getting the first 20 people, best-in-the-world, wherever they were and kind of grew remotely. And it served us well in this current period of time. And obviously, we've got offices and people in them. But the end of the day, we have a lot of flexibility. Certainly, we apply that flexibility to hire the best people wherever they're at, and we've got locations around the globe where we do that. And we spend a lot of time on the culture and the talent. You probably saw that we were named the future -- Forbes Future 50 #1 company, right? And that looks at, again, opportunities for growth and what we've done in the past. But a big part of what people are focused on is the company, the hiring, the culture that you have. So we have something, I think, that is talked about a lot in the industry, but 2 things very unique is that mission-driven culture. Stopping adversary, stopping breaches is what our folks live for. And maybe they can get more money somewhere else. Maybe they can't. But I think, at the end of the day, there's a big driver to do what we're doing, and we take advantage of that. So yes, it's competitive, but the bottom line is we have a great talent team that continues to source top talent for CrowdStrike.

Yes. And if I might add, this is obviously something that George and I focus on quite a bit. We've got a great machine in terms of bringing folks on board, filling the top of the funnel. We're doing all that it takes to fill that top of the funnel. But we're doing things as we move down the funnel. Meaning once they are on board, we spend a lot of time, money and effort on onboarding somebody. And then to the fact of training and development, we spend a lot of money on that as well. And I think that, that matters. And we don't want to lose that edge. When I compare our attrition rates to other tech companies, we're in really good shape. And we're really in good shape because of the things that George had talked about, the culture, the mission-driven and what we're doing, but also the investment in our talent. It's not like we go out and just fill the top of the funnel and then forget about it. We're very focused on each step of the process. And that's why we're in a pretty good spot.

Got it. Okay. Maybe one last one and then I'll switch over to some web questions coming through. But you've had Falcon Mobile for a couple of years now, but with a wide range of platform opportunities, I mean, identity and Cloud Security and XDR. It seems like we haven't really talked much about it. Curious if you could just talk a little bit about that Falcon for Mobile, what you see in terms of the mobile threat environment and the opportunity you have in that market.

It's a good question. And it's one of those areas where we continue, I think, to do well with it, but it's a smaller part of what we do. And the reality is, there aren't -- all of the latest threats are not happening on mobile, if you will, right? I mean people have lots of phones that are out there. And I would hazard a guess that if you look at -- when you talk to some folks and say, hey, have you got hit by ransomware, or has your mobile phone been hit? It's probably like ransomware, right? So one of the unique things that we did though is we basically applied our EDR technology into the mobile environment, which was the first to do that and very unique. And so when you think about mobile, it isn't just about stopping breaches and preventing things from running. It's also providing a lot of visibility into what's happening on the mobile devices and then looking -- the most sophisticated attacks actually cross between mobile and the PC, and it's your interaction with the mobile device and the PC that can be problematic. So we program that in as well. So I think, overall, it's a competitive environment, but it's a very robust offering in the areas that we focus on. It's not an MDM. I want to be clear there. It focuses on the threat detection and EDR. And the customers that use it really like it.

Makes sense. Okay. A question from the web. It goes back to kind of the cloud security market and competition and how you view the competitive environment versus the [ source code or ] container-focused players like Snyk and Lacework and Wiz. How do you think about expanding in those areas? You touched a little bit about on the agent versus agentless Horizon, but curious if you could just add on to that conversation relative to some of these start-ups.

Well, we would compete with any of the agentless technology with Falcon Horizon, and we feel really good there. And particularly, let me just drive down -- drive home the point. Most of these other players don't have workload protection. And the reality is you can have as much agentless as you want. That's fine. It's needed. You're still going to need to combine that with workload protection to get full coverage, right? So I think, again, we're in rarer air when you think about who has the best workload protection and also who has agentless. We don't have any source code sort of technology. Maybe that's something that we would look at. That's not a market that we're in today. But we feel really good about Horizon. And obviously, we feel really good about our workload protection. So we think the combination of the 2 of them is really impactful and it's what customers want. They don't just want one. They want both.

Got it. Okay. Maybe one more for me. You introduced a -- or you purchased a DLP solution through SecureCircle. You introduced the file-integrity module, FIM, or FileVantage. How do you think about those products, not only upselling with your existing customer base but also the new customers and thinking through that many of the existing offerings for those solutions are brittle, tied to legacy solutions? How do you think about that in terms of opening up that long tail of legacy customers that haven't switched over?

Sure. It's a good question, one I'm passionate about. So I'll just maybe reframe it a little bit because we bought a data protection company, not a DLP company.

Right. Sorry.

And that's the whole point, is DLP, we feel, is broken. There isn't a customer that I've talked to that likes the DLP solution. To be very candid, it's kind of like the customers I talked to in 2009, '10, '11, when I started CrowdStrike around the AV side, no one liked what they had, which is why we started CrowdStrike. So when you look at that -- the DLP market, yes, we call it data protection. When you look at the DLP market, that's a $3 billion-plus TAM. And since we did the acquisition, again, a small company is going to take a little time to integrate. And generally, we always favor, like let's get the integration done and get it right and make sure customers are happy before we just get it out in the market. That being said though, we have been overwhelmed by customers, in particular, Symantec DLP customers, that have said we've been waiting for this for many years from CrowdStrike. We're delighted that you have it. And we know there's going to be some integration. It takes some time, but we're lining up and ready to go if it delivers, as you say it will. And the beauty of it is you don't have a bunch of brittle rules and you create these SecureCircles of Roger and George and Burt get together and we want to share data. There's not a whole bunch of rules that need to go around that, other than we're in a SecureCircle. And it becomes even more important when you think about how data moves. It's not just on the file server anymore, right, it moves into all of your SaaS applications and your Salesforces and your Workdays. Even your source code, we can identify and protect all that in SecureCircles. So overall, we're really excited about it. We got a great team. And it's been brewing with customers for many years, and they've been emphatic on how excited they are about the acquisition and what it could mean to get rid of what they have.

Good stuff. One last one from the web. Going back to the identity space, where you've seen a lot of positive momentum with the technology being built off the Preempt product, but can you just talk about where -- how you line up competitively versus the identity players today, the Oktas, Pings, Sailpoints of the world, where you collaborate, and ultimately, does that become a more competitive environment?

Well, we don't really have any plans to be in the identity access broker market. I think the folks who do that do a good job of it. And we know the endpoints, we know the workloads better than anyone out there. And building the stuff at scale and having it work in production environments is not an easy thing to do. So our goal is to be able to tie in the identity of the system -- pardon me, to tie in the machine identity to the user identity, to the data. And that is a very, very powerful combination. And we intend to continue to work with partners like Okta and others, right? That's -- they're out there. They've been doing it a while. There's no reason for us to go build that. And I think the area that we've carved out is really understanding the identity of the machine and the user and then being able to help create scores around are they who they say they are, or should we challenge them with MFA. And using the AI technology that we got from Preempt is, I think, super important, that when you tie it into FileVantage and you tie it into SecureCircle, you begin to tie the identity, the machine and the data together. You can see how broad the opportunity is and why I've continued to reiterate, it's not just endpoint protection, right, it's a much broader story and a much bigger TAM.

Got it. Great stuff. Well, we have about a minute left, so we'll wrap it there. George and Burt, I want to thank you both for being here. It has been a fun discussion. And I hope everyone has a great rest of their day.

Thank you so much.

Thank you.

Bye-bye.