CrowdStrike Holdings, Inc. (CRWD) Earnings Call Transcript & Summary

We have a great lineup, and we hope you find this session informative. Today, you will hear presentations from George Kurtz, our Co-Founder and CEO; Michael Sentonas, President; and Burt Podbere, our CFO, then we will open up the session for Q&A. [Operator Instructions] Before we get started, let me remind you of our safe harbor and the risks associated with forward-looking statements. For additional information, please see the risk factors in our SEC filings. Additionally, unless otherwise stated, excluding revenue, all financial measures discussed in this presentation will be non-GAAP. Please refer to our disclosures on why we use non-GAAP financial measures and a reconciliation of these non-GAAP financial measures to their most directly comparable GAAP financial measures in the appendix of the presentation, which will be posted on our Investor Relations website shortly following conclusion of the webcast. With that, I will hand it over to George.

Thank you, Maria, and thanks, everyone, for joining us today. We're going to discuss the evolution of endpoint security and how CrowdStrike has revolutionized modern security as we know it. You're also going to hear from Mike Sentonas for insights around key product areas and some brief product demos. And finally, Burt is going to dive into our financial metrics and discuss how we plan to grow the company profitably and at scale. So let's dive into it. I wanted to spend some time to talk about the modern XDR platform and how CrowdStrike has really redefined what the modern XDR platform is all about. But before I do that, I wanted to take you through memory lane and just talk about how endpoint has been viewed for many years, even to this day. If we think about the first antivirus product, it was actually created in 1987, signature-based, focused on blocking malware. We still see legacy technologies using this approach today, whether it's Microsoft, Symantec, McAfee, Trellix, based on signatures. And we know that there's a difference between stopping breaches and stopping malware. So when I started CrowdStrike, we first started with endpoint detection and response and deliver that from the cloud, focused on stopping breaches using a lightweight agent, AI-powered prevention, a single console and our Threat Graph. We added next-gen AV, again leveraging AI. And in 2011 and 2012, these were really cutting edge [indiscernible] in security. And today, it's actually kind of funny to see people get a smile when they go into ChatGPT and ask it a question. We were leveraging AI before it was fashionable. You fast forward to today, we've got the modern XDR platform, which is really focused on taking data from our first-party sources, combining it with third-party sources and again, leveraging the single-agent architecture to stop breaches. The fact is our technology is easy to use, it works, it saves money, it saves time and reduces complexity. So when we think about CrowdStrike redefining the modern security, we have to first recognize that legacy AV is a commodity. That signature-based protection is a commodity. Even rebranded signature-based protection is a commodity. But stopping breaches will never be a commodity. And that's what we're focused on at CrowdStrike, stopping the breach. So let's talk about the Falcon platform. It evolved from 1 module to 23 focused on endpoint protection. Over the years, we've added identity protection, cloud workload protection, observability, security and IT ops and more. And this really forms the foundation for modern XDR security, pioneered and defined by CrowdStrike. Just to give you an idea of why the endpoint is the epicenter of the enterprise. It's because 80% of the most valuable security data collected comes from the endpoint. This is where productivity happens. This is where the attackers are actually focusing their efforts. Whether it's a traditional endpoint like a laptop or whether it's a workload that is running in the cloud. So let's talk a little bit about the endpoint and how the adversary goes about their business. 90% of successful cybersecurity attacks and 70% of successful data breaches originate at the endpoint. This is why we say it's the tip of the spear for these breaches. And just to give you some more stats, 80% of attacks use compromised identities and 71% of attacks are now malware free. This is why a legacy signature-based approach is set up for failure. It's the reason why McAfee and Symantec were never able to make this jump, including Microsoft, into protecting and preventing breaches rather than identifying malware. On the subject of Microsoft, 900-plus Microsoft vulnerabilities in 2022, and this is really a windfall for the adversary. This is where they're targeting these desktops, these servers, these cloud environments, because they're rich with vulnerabilities. And the challenge is actually being able to identify, prioritize and protect against these vulnerabilities, which again, CrowdStrike is focused on. And as I always like to say, the most valuable real estate in all of security is the endpoint. And if there's one takeaway from this talk, it's to realize that your view of the endpoint, of thinking of it as just endpoint protection, is limited. I really want you to think outside the box of the endpoint as a form factor that opens up all these additional adjacencies within the platform. When we think about the platform, not only is it focused on protecting endpoints and workloads, but we've added capabilities around observability in IT Ops and identity protection and cloud security and threat intelligence. The Falcon platform has become the defining ecosystem of cybersecurity. We've made stopping breaches of team sport where every type of partner that works through or alongside CrowdStrike helps customers win. Our thousands of partners help businesses of all sizes achieve superior outcomes. We're continuing to increase our partner focus to scale in every segment, particularly in the SMB space. So let's talk a little bit about CrowdStrike versus Microsoft. Why does CrowdStrike -- why are we different? 8 out of 10 times when an enterprise customer test CrowdStrike, they choose CrowdStrike over Microsoft, 8 out of 10 times. Well, why is that? There's a few problems with Microsoft that I've boiled down into the 3 Cs, starting with coverage, complexity and catastrophe. So let's talk about coverage. CrowdStrike relies on advanced AI without the use of signatures. This is one of the areas that we helped pioneer. Microsoft still relies on AV signature technology. In fact, it gets updated 6 or 7 times a day with new signatures. This is the same failed model that McAfee and Symantec have been using for the past 25 years. The second area is complexity. CrowdStrike has 1 console, 1 agent and a lower TCO. Microsoft customers have up to 9 consoles, multiple agents and a higher TCO. This level of complexity is going to drive up additional costs within the environment in managing, maintaining and certainly adding additional head count to any Microsoft instance. And the last area is catastrophe. Microsoft Windows represents 95% of the compromised endpoints CrowdStrike actually investigates and remediates during our incident response engagements, 95%. And further to that, the IR team, during an investigation of customers that have been breached, 75% of the time is defended that has been bypassed. So you can see this is a recipe for disaster, leveraging signature-based AV, which equals one thing, and that's being breached. So when we think about the legacy technologies that are in this environment, I talked about IDC. We're ranked #1 at 17.7%. But what's important to realize is that other next-gen vendors in the top 10 have a combined 7.4% of market share. And the legacy vendors in the top 10 still have a 46.7% combined market share. So when I look at this, it just screams opportunity for CrowdStrike in the long tail of replacing many of these legacy vendors that still remain in the market today. So where is our TAM today defined by IDC in terms of modern endpoint security market's $20 billion. But again, endpoint opens up adjacencies into many other markets. Things like FIM, which were never considered endpoint, are actually part of our overall offering, because we can deliver it through the form factor that we call endpoint. So as we think about this $20 billion of modern endpoint security TAM, when you add in all of the other areas that we cover, you can see how our TAM has grown from $20 billion of core endpoint protection to $98 billion when you combine all the other modules that we have. And in fact, that will be then growing through organic TAM growth, our product road map, cloud opportunities and future initiatives to a whopping $158 billion potential TAM in CY '26. Before I hand it over to Mike, I want to leave you with a few points. Our single XDR agent underpins everything that we do and is essential to understanding our business. You can think of our agent as a form factor that delivers security and nonsecurity outcomes to our customers that go well beyond the traditional definition of endpoint security. So while we may periodically report on the success of individual modules or categories of modules, core, emerging cloud, et cetera, there really is no distinction between core emerging and cloud in the minds of our customer because they're buying the Falcon platform, and that's why we win. So thank you for your time, and we look forward to answering your questions at the end.

Thanks, George. It's clear we are building a generational company with a generational platform to support our customers. Today, I'll be detailing what we believe makes CrowdStrike the most highly differentiated cybersecurity company in the market with a deep competitive moat and sustainable innovation across all foundational aspects of cybersecurity. I'll cover how we protect identities with Falcon Identity Protection, safeguard the cloud with Falcon Cloud Security, and importantly, where we are taking CrowdStrike into the future with extended detection response, or XDR as my friends in marketing like to call it. In each of these areas, I'll highlight what makes us different and take you far beyond slides with hands-on demos that demonstrate our unique capabilities. So let's start with our platform. From the beginning, we had the foresight to build our platform on the most critical real estate in the enterprise, the endpoint. Today, our unified agent elegantly delivers integrated capabilities across the endpoint, cloud and across identities. That single-agent architecture is infinitely extensible to deliver new capabilities that removes the need for multiple point products and agents, which is just so incredible to all of our customers. We use the same agent as the delivery system across the platform, including our foundational modules, EPP, which includes Falcon Prevent, Falcon Insight, Falcon Intelligence and Falcon OverWatch. Our emerging and cloud modules, which include Falcon Identity protection, Discover, Spotlight, LogScale and Falcon Cloud Security. Now one of the key differences with CrowdStrike is how each module is deeply integrated with each other and delivered as part of our unified platform. We like to call it our simple and elegant platform solution. So with our platform, you have 1 agent to deploy and manage, 1 console to use with deeply integrated intelligence, context and coordinated actions, not stitched together acquisitions or crude licensing bundles, which is ultimately what leads to people having complexity and getting breached. Our focus is, and always will be, how we deliver a superior experience for our customers, and that drives down the cost and effort of stopping breaches. To achieve this, we created a fundamentally differentiated agent that delivers comprehensive coverage across all critical environments, including endpoint, cloud and identity as well as precise detection, investigative context and response capabilities with over 1,000 unique attributes collected, which is unique in the industry. It can be easily deployed across hundreds or hundreds of thousands of agents in days, not weeks or months like other competitive solutions from other vendors. Our agent was architected from the ground up to deploy without requiring rebids, which can be operationally crippling in the cloud or verticals like manufacturing in banking and finance. And finally, our agent cloud architecture ensures that every agent is always up to date with the latest protection. It doesn't require a massive tuning burden and dozen blue screen endpoints with failed updates, which happens a lot across the industry. Our customers tell me one of the most important things to me, that CrowdStrike simply just works, and we can rely on CrowdStrike every time. As part of this platform, we constantly strive to deliver better security value, simplicity of operations and economic value for our customers. Let's turn to how we extended our unified agent into a completely new environment while still preserving its key differentiating attributes, protecting identities with Falcon Identity Protection. This is a unique offering that completely reshapes our organizations stopped modern attacks, which increasingly abuse valid identities and credentials as their primary point of entry. In the past, organizations were faced with an impossible choice when considering how to protect their active directory, either needing to roll out yet another agent, creating crippling complexity and cost, roll out yet another point product on a server with more to deploy and operate or worse yet, try to deploy an agent on a domain controller, which could take months or years to deploy with all the required testing and change control. This is one of the key differentiators here at CrowdStrike. We brought our unified agent and cloud architecture to identity protection. All customers need to do is simply turn it on. The agent is already there. And this is a foundational element. This elegance has helped Falcon Identity Protection continue to rapidly scale, now contributing over $100 million in ending ARR to the business as of the endpoint of FY '23. Now before we see Identity Protection in action, let me set some foundation context. When talking with customers, they often ask me how CrowdStrike fits into their identity ecosystem. And I've talked about this with you all before. First, you have to create an identity. So you create identities of the accounts you need to manage, and you do it in Microsoft Active Directory or Azure ID as an example. Then you need to manage those identities, ensure the right user can access the right application with identity and access management tools like Okta, Ping or Duo, all of which we have tight partnerships with. But then the most important thing is you need to secure those identities, and to do that, organizations turn to CrowdStrike. So lots of log-ins and accounts to various apps and sites go to an identity provider like an IAM to manage and then you turn to CrowdStrike for the security. So with that in mind, I'd like to bring in Cristian Rodriguez, our newly appointed Chief Technology Officer for the Americas, to run the demo. Let's see how identity protection works.

Thanks, Mike. One of the major benefits of our Falcon Identity Protection module is that it's already integrated with Falcon. Meaning if you have Falcon deployed on your domain controllers, instant visibility of your authentication activity is already there. Because of this, securing your active directory is a frictionless deployment model. Let's start out with the overview dashboard where we help IDP analysts gain instant visibility into both on-premise and cloud-based active directory activity. This helps identify areas such as shadow administrators, stale accounts, shared credentials and other AD attack paths. More importantly, this highlights the riskiest identities for both user and service accounts given a combination of event triggers. The triggers listed in this instance are categorized in a way to help reduce risk by monitoring authentication traffic in real time and applying behavioral analysis for credential weakness, access deviations and password compromises with dynamic risk scores. In this example, an alert for a user with a risk score of 8.5 gives a Falcon IDP analyst a quick view into areas such as the users group membership, log on activity, authentication types and anomalous log on locations. Let's take a closer look at their activity. Starting out with assets, administrators have visibility into all of the systems a user may have logged on to. Applications, as the name implies, includes a list of all web applications or on-premise applications that may have been accessed by this user. And finally, top destinations includes a list of network resources requested by this user over the past 90 days. By reviewing the activity log, administrators gain complete visibility into location information, log-in type, source and destination data, including access via SSL VPN and RDP across on-premise and cloud deployments. With a robust integration ecosystem into third-party tools, including orchestration and MFA providers, Falcon Identity Protection allows administrators to efficiently enforce conditional access MFA policies against a variety of systems, services and applications. One example of conditional access policies, they include the use of MFA for remote desktop requests to systems considered critical to a business. Another example may include the use of conditional access enforcement for file servers hosting sensitive data or intellectual property. This use case could be applied to a standard policy for validating and tracking user access to company files and identifying outliers within those types of access requests. For RPC calls, the same can apply where conditional access policies can limit who accesses what system via tools, such as Microsoft MMC. A common requirement for enterprises may include the use of tracking and reauthenticating users accessing specific applications. And with Falcon Identity Protection, enterprises can define conditional access policies tied to those application types. MFA enforcement can then be applied via tools like Okta, Ping Identity and Radius. Lastly, for non-Windows systems, Falcon Identity Protection can still enforce a conditional access policy using our unique ability to analyze authentications in real time even if Falcon is not installed in the system in question. With 80% of attacks being attributed to compromised credentials, Falcon Identity Protection is built for hyper accurate detection of identity-based threats in addition to adaptive authentication mechanisms. I'll hand it back to you, Mike.

Incredible. Absolutely incredible. Now you can see the simplicity and elegance of our unified agent, delivering a highly differentiated security capability by leveraging the foundational elements of the CrowdStrike Falcon platform in harmony with a fully integrated technology from the Preempt acquisition. Now let's turn from identity to the cloud. Just like attackers are compromising identities to breach organization, we know and we've seen in our engagements that cloud attacks have skyrocketed, and that's not going to slow down. Based on our unique visibility into the threat landscape and the ground truth from incident response engagements, we reported in the CrowdStrike global threat report, a 95% increase in cloud exploitation. We also have observed our adversaries are moving between the endpoint and the cloud, starting on one and moving to the other, so from cloud to endpoint, but importantly, from endpoint to cloud as part of a coordinated attack. Meaning if your endpoint and your cloud security solutions aren't working together, your organization is wide open for a breach. To solve this growing problem, we released Falcon Cloud Security, a fully integrated agent and agentless cloud protection solution that the industry typically calls cloud-native application protection platforms, or CNAPP, for short. In typical fashion, we started with the hardest problem first, stopping breaches in the cloud by extending our agents to workloads to containers and serverless applications with cloud workload protection platforms. or CWPP. You can think about this as securing the runtime environment. Runtime protection is how you stop an active breach in the cloud, just as we do on a corporate endpoint as an example. You have to be on the device or on the workload to find and stop the attack. Otherwise, at best, you're detecting a breach with no ability to do anything about it and you typically detect that issue very slow. The hardest part and one most vendors actually fail at is building an agent that is easy to deploy, easy to manage and doesn't require a reboot without introducing significant complexity into an environment. Without these key values, you can't build it into your DevOps or DevSecOps processes. And we took over a decade of work building the world's best agent and brought it to the cloud. Now from there, we extended our platforms with native agentless capabilities to solve essentially for human error. That's where cloud security posture management and cloud identity entitlement management capability come in to safeguard against misconfiguration, accidental exposure and other human areas such as default admin passwords over permissive entitlements as an example. An agentless cloud security solution is absolutely critical to fully protect your cloud environment. With only an agentless approach, everyone has access to the same APIs, making stand-alone agentless vendors essentially a commodity to incredibly easily rip out and replace. Organizations need the tight native integration of an agent and an agentless solution that spans runtime to CSPM, CIEM to stop breaches from both adversaries and human error. Our unique agent and agentless approach has been validated by customers they get benefit from this architecture every day inside their organization, but it's also been validated by vendors that try and fail to match this architecture by forming loose partnerships. They serve to do 1 thing, and that's to add multiple products and complexity into the endpoint user environment, which always result in missed attacks and slow threat detection and response. So let's see this in action.

Thanks, again, Mike. We do have really great options for our customers' cloud security requirements, including both an agent and agentless configuration. And to your point, we did start with a difficult part, and that's basically with Falcon running within a cloud workload for optimal protection. By creating a container version of the sensor, this agent-based option for cloud workload protection gives you full visibility across process data tied to detection and prevention events. The detection view that most car-struck admins are familiar with represents malicious activity within the container. One major difference is the included workload metadata in the detection event itself. For example, worker node and container ID information are present. Getting deeper into detection events also yields valuable cloud data for efficient correlation to the cloud environment this system is tied to. This also includes CSPM data, which we'll revisit later. For the sake of this demo, let's investigate this container in our container view. The detection container view gives you visibility against advanced threats we protect against. With this view, analysts have a much deeper look into the actual image of the container in addition to the actual configurations across the cloud environment it sits in. This may also include vulnerabilities tied to the image. Let's take a quick look. Analysts need a quick way to understand which images are impacted by the most severe vulnerabilities. And by drilling into these alerts, analysts are presented with a full breakdown of the vulnerabilities driven by CrowdStrike's proprietary adversary-first expert AI system. To get a larger view into impact analysis, analysts also have access to a full packages view. This view allows admins using registry connections to get a full assessment on images and repositories with the respective vulnerability data if found. The beauty of the cloud overview dashboard allows an administrator to see a fully consolidated view of not only the images that we detected and the respective vulnerabilities, but also the detections themselves and also IOM policies, which we'll cover in the next CSPM module. So Mike, in contrast to what we've just seen where Falcon can run as a container service, real run time protection, in addition to image assessments with registry connections, we also do a full cloud security posture management assessment of your cloud assets across multiple cloud security and solution providers. So in events where an organization may have access to AWS, Azure or GCP or a combination thereof, it's very important to get a full view into all of those assets in addition to understanding configurations or misconfigurations across those services that are within those cloud providers. In this next section, we're going to cover a little more on how administrators can easily get access to those configurations, the services that are running within these cloud services and ultimately, how to quickly remediate against those threats that could ultimately take advantage of those misconfigurations in these cloud environments. Let's take a deeper look. Most cloud providers have a plethora of services that enterprises take advantage of. With CrowdStrike's cloud asset view, admins get a full breakdown of each service and their respective asset IDs with asset detailed data. This gives full visibility into services that may be considered orphans, unauthorized, underutilized, but more importantly, misconfigured. And we do that via a series of CrowdStrike indicators of misconfiguration or what we call IOMs. Let's take a deeper look at an asset ID. Interacting with an asset allows an analyst to graph the relationships of services and asset properties across an interactive map. This helps in understanding service and configuration associations between compute instances in this example, but also gives analysts a workflow in understanding the classifications of a misconfiguration. We can see here that a global ingress configuration setting is being flagged for further review, but an analyst may also want to assess where else this misconfiguration is present. The results of this expanded query gives an analyst a full view into every instance that meets this misconfiguration or IOM, in addition to an understanding on where the run time iteration of Falcon is actively running. We classify these systems with a managed or unmanaged label. Many of these indicators of misconfiguration are tied to CIS benchmarks, PCI benchmarks and NIST. And with a direct tie-in to Falcon, analysts can pivot directly into the detections UI for active runtime detections. These are just a few features in our cloud-native application protection platform. Mike, I'll hand it back to you.

Beyond cloud, we are also extending our platform with other agentless capabilities, including one I'm incredibly excited to be talking about today, Falcon Surface, our attack surface management module. As part of our focus on simplicity and workflow elegance, we rapidly integrated our recent acquisition of Reposify into the Falcon platform, which has been incredibly well received by all of our customers. We bought Reposify to give our customers an outside in view of their enterprise, letting them see their organization from an attacker point of view to understand their points of weakness and vulnerability. It's an easy and effective way to get even more visibility that can immediately be turned into action. So let's see how we take a company's domain and quickly turn it into an actionable way to reduce business risk with Falcon Surface.

Falcon Surface gives enterprises this real-time view into the risk that's associated with their attack surface outside of their managed network. Consider assets like a neglected dev server or maybe a subsidiaries misconfigured and expose sensitive database or an orphan cloud instance. Another example could be cloud services or CMS systems or maybe there was a misconfiguration on your firewall or a router, which ultimately expose a system to the Internet. Enterprises using Falcon Surface are provided with a discovery path to help them easily understand why the asset is associated with the organization and the logic behind it. This may include a full breakdown of subsidiary connections and associations, which otherwise could take months to map out manually. Many times, these assets are orphaned or under managed when it comes to areas such as patching or major OS updates which will ultimately lead to a larger likelihood of these systems being targeted by adversaries given how easy they are to exploit. Without having to know all of your domains, CrowdStrike Surface automatically streamlines asset identification by giving enterprises a sorted inventory by platform type, exposed service type and vulnerability type using this proprietary internet scanning algorithm. Asset information includes a fingerprint of each system, which details data points such as the operating system, the services that are running on that system and of course, their respective versions. Let's take a look at this company's subsidiary, which currently holds a grade of F for security posture. Security and vulnerability analysts will have quick access to a list of services and their respective assets they belong to with varying levels of risk severities defined. This helps prioritize response to the systems imposing the most risk at any given moment. The details of each service not only includes a risk rating, but also the respective CVE, CVSS scores and types, but more importantly, the proper remediation steps required to reduce the risk of the system in question, which allows the vendors to see their exposure before adversaries do. With a plethora of filtering options at your fingertips, analysts have an easy way to prioritize and monitor risk and measure the impact of subsidiary posture across brands and locations in an automated way. And with the variety of integration options, alerting can be done natively via e-mail or via integrations with the likes of Slack, Jira and ServiceNow.

Kudos to the teams who rapidly integrated Reposify into our platform. It's a testament to the platform's extensibility and our commitment to keep pushing to the boundaries of security innovation. We've talked a lot about today, so let's look into tomorrow. Part of what has made CrowdStrike unique from the beginning is that we've never shied away from solving the hard problems for our customers. We anchor our strategy on what makes the biggest impact for their security posture and gives them the best outcome. And that's how we've been approaching XDR. As our friend, Allie Mellen at Forrester says, "Good XDR lives and dies by the foundation of a good EDR." And we believe we have the best EDR in the world. We've taken the foundational security and operational outcomes from pioneering the EDR category and brought them to every attack surface across the enterprise, and it's all delivered from the agent at its core. That future is here with our customers today with how they are using our modern XDR platform to see more across every attack surface, giving them the ability to investigate faster by focusing on a unified analyst experience and respond conclusively across CrowdStrike as well as third-party products. It's actually the dream of every SOC team, collapse the endless consoles and tools into one. And here, at CrowdStrike, we're delivering it from the strongest foundation possible, our unified agent with the richest, deepest EDR telemetry. And now with data at the heart of XDR, Falcon LogScale is part of our customer's XDR journey, offering them a modern log management system to collect everything, query all of it in seconds, and keep it forever at an economical cost. So let's explore where we are today with our modern XDR platform.

CrowdStrike's extended detection and response capabilities go way beyond the endpoint using integrations with vendors such as Okta, which allow analysts to ingest single sign-on logs and trigger Okta response workflows, such as resetting authentication factors. Another integration may be tied to messaging services like Slack, which allows security teams to centralize alerts and deploy customized workflows. And for the vast number of partners leveraging Webhooks, CrowdStrike XDR allows automated workflow customization with a simple Webhook integration interface. CrowdStrike's XDR platform allows administrators and analysts to collect data from previously siloed security tools across an organization's technology stack for easier and faster investigation. The platform allows responders and analysts to collect security telemetry from not only Falcon, but also cloud workloads and network tools and services such as e-mail gateways, web proxy, CASB and NDRs. For today's demo, we're highlighting an integration workflow with the likes of Corelite Falcon, Falcon Identity, Zscaler and Mimecast e-mail security. By streamlining views such as impacted hosts, analysts and threat hunters can focus on high-priority threats and responses. A good example of that would be containing multiple systems to isolate a threat or prevent lateral movement. In this example, response actions can be focused on the identity of the user in question. This includes adding the user to a restricted group within Zscaler's web enforcement policy, or adding the user to a watch list for further analysis within CrowdStrike's Identity Protection module. And with seamless integration into single sign-on vendors like Okta, options may include forcing a password reset for the next time that user attempts to authenticate. And with our ever-growing ecosystem of partner integrations, additional telemetry enrichment is natively presented within an incident with vendors such as OPSWAT and VirusTotal. One of the main benefits of our XDR platform lies within the threat context and telemetry correlation for fast and efficient root cause analysis. Easy to digest indicator reviews, guide an analyst through an entire investigation and remediation process. This includes giving visibility across multiple detection tool layers. And analysts may want to understand the context behind a spearfishing attachment by reviewing the data from their respective e-mail gateway. More importantly, if there's any correlation of activity tied to that user, a CrowdStrike identity policy trigger can bring more awareness into potential credential abuse. A responder may also need to explore a time line perspective of these events, which will quickly provide a chronological representation of each event from a disparate log source correlated in a logical root cause analysis view. And finally, analysts have the option for a graphical representation of an incident. Using graph technology, responders now have cross-domain attack path views via an interactive map of the entities involved in the XDR event. This allows analysts to quickly streamline triage approaches by investigating all facets of an attack. This may include pulling additional contextual data like parent processes or additional relevant indicators to the investigation. Using Falcon Fusion, CrowdStrike's native orchestration tool, responders also have the ability to automate complex workflows in an effort to speed up incident triaging. Workflow options are vast with our growing ecosystem of partner tools, Falcon Fusion seamlessly integrates into partner applications to enrich notifications, detections and active response logic. And with Falcon LogScale as the underlying data repository, analysts have access to a feature-rich query language for complex queries across large data sets in lightning fast speed.

That's the future of cybersecurity. But best of all, that is here today. Now to round this out, let's endpoint where we started. Customers choose CrowdStrike because we stop breaches. We're easy to deploy easy to manage and deliver significantly better economic outcomes. And we're incredibly proud to have been recognized directly by our customers as being #1 in EPP and EDR across leading independent customer review sites, including G2, PeerSpot and TrustRadius. We've been recognized by leading third-party testing firms such as MITRE where we achieved the highest detection coverage out of all vendors tested in the MITRE ATT&CK, managed services evaluations. We've been recognized by SE Labs where we achieved 100% ransomware prevention, which is incredible. These are only a few accolades our platform has achieved, but they're incredibly important ones to me. The reason for that is they represent the voice of our customer. To bring our values to life, I want to take you through a few stories of why CrowdStrike replaced Microsoft Defender. As you heard from George, trusting Microsoft for your security leaves you with compromise, complexity and in many cases, catastrophe. So I'd like to dig into why 2 customers switched from Microsoft to CrowdStrike as their cybersecurity partner. Let's start with how we provide superior security. A large school district moved from Microsoft Defender due to its inability to detect let alone stop a large-scale malware attack across the district. In this case, Defender was fully up to date. The attack resulted in thousands of lost productivity hours as the school reimaged almost 6,000 machines, grinding productivity and student activities to an absolute halt. Not only this, but Microsoft produced 10x the amount of noisy detections that further burden their overwhelming security team with false positives. With CrowdStrike, we replaced Defender district-wise to immediate prevention and cut their triage time from 20 minutes per detection to less than 5. And we are incredibly proud to have given this customer confidence and peace of mind when they needed it, giving them hours of time back, so they can avoid catastrophe. Our next Microsoft replacement focuses on a U.S. state with multiple agencies that upgraded over 60,000 agents from Microsoft Defender to CrowdStrike. This customer had dozens of operating system additions and operating system versions, including about 30% of their estate running versions that were out of support or outdated. What does this mean? It means that they couldn't even get the latest protections. Since Microsoft Defender is bound to the operating system, it requires the latest version with the right support and licensing for consistent protection. And what we hear from customers is that it takes more time figuring out Microsoft licensing and dealing with constant operating system updates than actually spending time protecting their organization. How does that differ with CrowdStrike? With CrowdStrike, the customer was able to deploy consistent, best-in-class protection across their entire estate that was always up-to-date and worked regardless of our operating system version. We delivered this through our unified agent, which means we cut complexity while giving them better security and the customer was able to save $6.4 million over 3 years by avoiding the hidden costs of Microsoft Defender, including the operational complexity of upgrading their operating systems, licensing support and the right versions and dealing with the potential of a breach. We heard George talk about how we win against Microsoft. To close out the 3 Cs of Microsoft, let me bring in and introduce Tim Parisi, Senior Director of Professional Services at CrowdStrike, to share an incredibly compelling story about a former Microsoft customer that brought in CrowdStrike services to remediate an incident. This global services firm use Microsoft Defender, but its lack of coverage and overall complexity ultimately led to a breach. Welcome, Tim. Why don't you give us a quick background on yourself and your role here at CrowdStrike.

Absolutely, Mike. I've been at CrowdStrike for 6 years. I have over 15 years of experience leading incident response investigations for companies, who fell victim to state-sponsored or e-crime attacks, many of which have made the headlines. As part of these investigations, my team and I help organizations during their toughest times to contain the threat and identify the who, what, when and how of the breach.

Well, we're lucky to have you and your team here at CrowdStrike. Our customers get incredible value from what you all do every day. I want to jump into a case study and ask a couple of questions, if I can. And I think let's start at the top. You see this every day. You understand it's better than everybody. Customer environments can be incredibly complex. There's different operating systems, there's legacy technology. I'd love to hear your perspective on why comprehensive coverage is just so important to a letting and why it's so important to being able to stop adversaries? And why in this example here, a lack of coverage led to this breach?

Sure. Well, in this case, the customer was using a managed detection response, or MDR, provider for short, to perform an investigation of activity shown by the Microsoft Defender console. In this particular case, the alerts from Defender for endpoint and identity were not unified, and they didn't provide actionable information for the MDR provider to understand what was happening. So as a result, they fail to thoroughly investigate and even escalated security alerts. And in an incident response situation, comprehensive coverage of those tooling and alerts across the environment is critical. Otherwise, you get detection gaps like we saw here.

So this customer use Microsoft Defender for endpoint and Microsoft Defender for identity, but they still missed the attacks. So why is that given they use both?

Yes. In a breach situation, every second counts, as we say, and complexity is the enemy of speed. So in this case, Microsoft Defender for identity alerts were actually in a separate area of the Defender's suite. And none of the alerts were linked to Defender for identity. So none of that EDR data was correlating nicely with identity and it just created mass confusion for the client and for the MDR, unfortunately.

So you talked about alerts, let's touch on that a little bit. Is it common for a company of this size to have upwards of hundreds of alerts a day. How do they deal with that?

So a company of this particular case like classifies a medium to large sized organization. Typically, what we run into in the front line, you're seeing companies encounter hundreds, if not thousands of alerts in their very security tooling consoles, and it ultimately results in what we call alert fatigue. And those organizations ignore alerts that shouldn't be ignored and miss alerts that really shouldn't be missed just within all that noise. And so unfortunately, that's what we saw here.

All right. So let's really get to the crux of the issue here, how we helped the organization ultimately remediate the breach and how do we protect the customer? Talk a little bit about really what we did as part of this engagement?

Yes, we started by using security tooling that sets us and the customer offer success, and that's the Falcon platform. This customer had deployed Falcon to roughly 7,000 systems in 36 hours. And with our unified sensor at both Insight XDR and Identity Threat Protection modules enabled via 1 agents flowing unified data into 1 console. This allowed our incident responders to execute a rapid response plan, containing and replicating the adversary within hours while not disrupting business operations. Insight XDR allowed us to investigate and remediate the endpoints, while Identity Threat Protection allowed for seamless visibility and easy controls into active directory. So correlating this detection data from Falcon, we leveraged our Threat Intel team, and we quickly identified the adversary was a state-sponsored group from China. They placed multiple web shells on servers running Microsoft's Internet information services or environment persistence. They use what we are referred to as living off the land techniques, which means using native Microsoft tools to carry out the attack while staying under the radar. So in this case, the adversary used native tools such as MSBuild to evoke malware to compromise endpoints running the Windows operating system, all while not alerting Microsoft Defender. They were even able to steal all active directory accounts and corresponding password hashes despite using Microsoft Defender for identity. And when the dust settled, our team found the adversary had remained in the environment for approximately 1 year, which is disappointing given the investment this customer made in the best-of-suite Microsoft security. But at the endpoint of the day, I'm glad we were able to clean up the mess and help the customer evict the adversary.

Thanks, Tim. A great example of how catastrophic a breach can be and a powerful example of the efficacy of the Falcon platform as well as the value that our professional services group can provide to our customers in these worst-case scenarios and in their time of need. Today, we've been able to highlight the unique and differentiating innovations of the Falcon platform across Falcon Identity Protection, Falcon Cloud security, Falcon Surface and XDR. This is only a glimpse of the sustainable innovation the team is driving every single day here at CrowdStrike. But I felt it was important to carve out our time and show you what our customers experience and why they trust CrowdStrike with their cybersecurity requirements. We're proud to be building the world's best Modern XDR platform with the agent as a delivery system for new modules. And at the end of the day, here is what matters. We deliver better security, that's easier to manage, it's easier to operate with much better return on investment. That's why CrowdStrike continues to grow. It's why we are continuing to take share. And I'm incredibly excited to share more with all of you in the future. So thank you for all of your attention today and your engagement. I look forward to your questions at the end. And with that, I'd now like to introduce Burt Podbere, our Chief Financial Officer.

Thank you, Mike, and thank you, everyone, for joining us today. First, let's set the stage with what we achieved to date. It has been another year of milestones for CrowdStrike, setting new records in multiple areas even as the macro environment changed. This year, we added $828 million of net new ARR, growing ending ARR 48% to reach $2.56 billion, marking another year of incredible growth at an ever-growing scale for CrowdStrike. We delivered another record year for net new logos with over 6,600 net new subscription customers, bringing our total reported customers served to over 23,000. We also continue to achieve strong unit economics and drive increased leverage. Non-GAAP subscription gross margin of 78% remained within our target model even as we invested for future growth and brought new capabilities into the platform. We grew operating margin by 235 basis points, delivering 15.9% operating margin for the year. We also delivered at least 30% free cash flow margin for the third consecutive year. And for fiscal year 2023, we achieved the Rule of 85 on a free cash flow basis. Taking a longer review of our growth trajectory to date, you can see sustained high growth at scale as reflected in our 5-year CAGRs, which are around 80% for ending ARR and total revenue with subscription revenue at 87%. We continue to see strong growth in both domestic and international markets with a long runway to continue gaining customers, expanding adoption of the Falcon platform and growing our market share. Our professional services revenue contributed 6% of our total FY '23 revenue and continued to grow nicely. Looking deeper into the strategic nature of our professional service group, it continues to drive new platform or subscription business. Among organizations who first become a customer after February 1, 2021, for each dollar spent by those customers on their initial engagement for our incident response or proactive services, as of January 31, 2023, we derived an average of $6.07 in ARR from those subscription contracts, up from $5.71 and $5.51 in the previously reported years. This small but highly strategic portion of our business has been extremely successful, not only by itself but in driving software platform cross-sell opportunities for us. As we discussed on our earnings call, we remain steadfast in our vision to grow ending ARR to $5 billion or more by the end of fiscal year 2026 even as we expect to continue encountering macro environment headwinds in the near term, including a 10% year-over-year headwind to net new ARR in the first half of this fiscal year. Despite these near-term factors, we see an achievable path to reaching $5 billion or more in ending ARR by the end of FY '26. Let's take a closer look. You all know I prefer to illustrate things as simply as possible. In that vein, for illustrative purposes, I would like to show you the minimum net new ARR required to get us there. In FY '23, we added $828 million in net new ARR, bringing the ending ARR to more than $2.5 billion. While I'm not providing explicit guidance on how exactly we expect to get to $5 billion, and I'm not even suggesting this would be a likely scenario, building on that strong foundation, if we just repeat what we did in FY '23 and add $828 million in net new ARR in each of the next 3 fiscal years, we will end FY '26 with $5 billion or more in ending ARR. Now let me reiterate that I'm not suggesting or guiding that net new ARR will remain at $828 million for the next 3 years. As we discussed on our earnings call, our assumptions to have FY '24 a net new ARR assumption of roughly in line to very modestly up year-over-year with consistent macro impacts that we saw in the back half of FY '23. Beyond FY '24, we assume net new ARR to return to year-over-year growth, assuming macro conditions remain consistent. Now let's take this illustration 1 step further and take a peek at the minimum dollar-based net retention rate required in each of these years, if all we did was deliver $828 million in net new ARR for each of them. Last year, a little over half of net new ARR was derived from expansion If we play that forward and assume a consistent ratio of new versus expansion business the next 3 years. That would mean we would only need to have a net retention rate of 117% in FY '24, 113% in FY '25 and 110% in FY '26. In FY '24, we expect to achieve a dollar-based net retention rate at or above our 120% benchmark. So take the numbers you see on this slide as they are intended, a simple illustration of the minimum required. Our best-in-class gross retention rate, strong dollar-based expansion rate, growing customer base and our meaningful technology differentiation give us confidence in our ability to reach our vision and profitably grow this company to $5 billion in ARR and beyond. Now let's dive into some of our growth dynamics that are helping us drive towards these ARR milestones. Our growth drivers have not fundamentally changed, but we continue to thoughtfully and strategically invest in them as we execute on our strategic initiatives and transform the security industry. We intend to continue to take market share by landing customers at a rapid pace across all facets of the business market, capitalize on our increased momentum with partners, expand our wallet share by driving module adoption with new and existing customers alike, entering into new adjacencies and maintaining our strong retention rates. We expect to continue driving success in the enterprise by landing and expanding within large enterprises. At the same time, we expect to grow our market presence among smaller companies. I'll take you through some updated metrics that demonstrate how we are doing all of these things. While we don't manage the business to specific net new logo targets, we are continuing to win customers at a rapid pace. Our win rates remain high, and we believe that we are clearly gaining share. We've made phenomenal progress in our net new logo acquisition with subscription customers growing 41% to reach 23,019 total customers in FY '23. This does not include the end customers that are served through our MSSP channel, which we estimate are over 18,000 and counting. We believe we have only scratched the surface in terms of number of companies that are out there. While we have achieved tremendous success to date, there are many more customers to win globally in the enterprise, mid-market and SMB. Let's take a look at the growth of the minimum spend required among our top accounts. The minimum ARR to make it to our top 25 is now $7.2 million, a 57% increase over the prior year and 7x over 5 years ago. $2.9 million is required to be a top 100 customer, a 32% increase over the prior year and 10x over 5 years ago. And to be a top 400 customer, a minimum of $1.1 million, a 42% increase over last year and a significant increase over just $60,000 in FY '18. Let's take a moment to let that sink in. Just 5 years ago, we only had 400 customers with greater than $60,000 in ARR. Now a customer needs to spend more than $1 million to be considered a top 400 customer. I believe this is just 1 trend that demonstrates the immense success of the Falcon platform, our ability to not only rapidly innovate and expand the definition of endpoint security, but also drive adoption and deliver real value to customers. But the enterprise isn't, by any means, our only focus or our only area of success. We are driving growth across the market as well. Demonstrating our progress in FY '23, the number of customers with more than $1 million in ARR stood at 436, a 5-year CAGR of 71% and 44% growth from last year. The number of customers with ARR between $100,000 and $1 million stood at 3,553, a 5-year CAGR of 68% and 43% growth from last year. And finally, smaller accounts with ARR below $100,000, stood at 19,030, representing the bulk of our subscription customer base with a 5-year CAGR of 82% and 41% growth from last year, showing that we are seeing strong growth across the spectrum of customer accounts. And as we move to an ending ARR view of those same groups, you can see exceptional growth across all categories. You can also more clearly see the dynamic we have discussed a number of times where we see the bulk of new logo acquisition coming from the lower end of the market, whereas the bulk of ARR dollars is derived from the higher endpoint of the market. Regardless, we see strong growth across all 3 categories with a greater than $1 million ARR category, growing 57% year-over-year with a 5-year CAGR of 87%, the $100,000 to $1 million category growing 43% year-over-year with a 5-year CAGR of 71%, and the less than $100,000 ARR category, growing 37% year-over-year with a 5-year CAGR of 79%. Module adoption is another area where our trends continue to be exceptional, showing that customers are adopting more of the platform than ever. Just as we are winning new logos and driving increased ARR across all segments, we are also driving module adoption across the market. Customers across every group have increased the average number of modules that they are using, which is reflected in the increase of our percent of module adoption stats that we speak to every quarter. Increased module adoption, regardless of the customer size, demonstrates the applicability of the platform across the market. We also continue landing new customers with more modules. The average module count of a new customer has increased from 4.7 modules last year to 4.8 this year, and this has grown 118% over the last 5 years. We see this dynamic increasing for a number of reasons, including as our brand recognition grows, customers are increasingly likely to embrace the platform more fully in the initial land, especially as customers look to consolidate vendors, streamline operations and reduce headcount. And second, we are providing compelling value to customers as we expand the platform to cover new adjacencies and non-security use cases. This goes back to the power of the platform as customers can run more and more of their processes through Falcon and build a virtuous cycle as they only get more visibility and value out of their data. And you can see that our metrics on customers adopting 5, 6 and 7 or more modules have been on a steady march upward quarter after quarter. This demonstrates clear buy-in on the platform strategy by customers as we redefine endpoint security and solve more and more use cases with our single agent platform. Another area where we see a lot of opportunity for growth is with our emerging group. Modules in this group were once considered adjacencies. But as George and Mike discussed, with our unique XDR agent as the delivery system, we have made them deeply integrated critical capabilities accessible on the Falcon platform. This group currently includes our discover, spotlight, identity and log management, which are all meaningful contributors. Ending ARR for modules for this group grew 116% to $339 million in ending ARR in FY '23 and over 4,500 customers have adopted 2 or more of these modules. In order to address the growing problem of identity-based attacks, we think every organization should add identity threat protection to their arsenal to fight cyber adversaries. In FY '23, our identity modules grew to become the largest contributor to ARR within the emerging group category with over $100 million in ending ARR and last year we posted over 200% ending ARR growth. Our success to date in these areas demonstrate that Falcon is a true extensible cloud platform with significant growth opportunities in front of us as we add new capabilities to the platform and continue to redefine the very essence of integrated security. We believe this truly differentiates us from any other competitor in the market today, provides a wide competitive moat and drives customer retention. Given the rapid evolution of the threat landscape, it's important for customers to have a platform that can dynamically address new threat vectors such as public cloud environments. New and growing threat vectors represent new growth opportunities for the Falcon platform. For example, ending ARR from deployments of Falcon in the public cloud grew 111% year-over-year, surpassing the $200 million milestone. Recall that this represents a deployment view and refers to any module deployed in the public cloud. Today, we have over 7,000 customers who have deployed Falcon in a public cloud environment. That represents nearly 1/3 of our customer base at the end of FY '23. And while we view that as a great start, we think there's a lot of headroom within these accounts within the rest of the CrowdStrike customer base and, of course, with new logos. I'd also like to note that the landing dynamics in the cloud generally start with smaller initial deployments and offer larger workload expansion opportunities, which is very different from what we see in traditional endpoint where we are generally deployed wall-to-wall out of the gate. As you heard George discuss earlier, our partner ecosystem is a critical part of our go-to-market motion across all segments of the market, and a significant area of investment and growth for CrowdStrike. In FY '23, we saw our partner source ARR increase year-over-year by more than 50%. To illustrate how partnerships can act as a force multiplier for our and our partner's growth, I'll dive into a brief example of a partner case study. The partner in this example is a major IT services provider with deep roots in storage, compute, data center and networking. They produce approximately $15 billion of revenue with thousands of global customers. Many of the world's largest organizations turn to this partner for key technology strategy projects. In just the last 18 months, they closed more than $200 million worth of CrowdStrike Falcon deals. In only a short time together, we've built a scaled global practice focusing on legacy AV replacement, XDR projects driving vendor consolidation, identity and cloud security and log scale projects. Together, we're bringing the Falcon platform and capabilities to both new accounts and existing customers. While we're still in the early innings of this partnership, our work together exemplifies CrowdStrike's leadership and shows why our partner-focused go-to-market creates a win-win-win where customers win, partners win and CrowdStrike wins. Moving to our dollar-based net retention rate, we remained above our benchmark throughout FY '23, which further demonstrates the success of our land-and-expand strategy, especially in light of our growing scale. Similarly, our gross retention rate remained best-in-class throughout FY '23, exiting the year at 98.0%. We've seen meaningful contributions to DBNR from both the expansion of the number of sensors as customers increase Falcon's footprint across their environment and from cross-selling as customers purchase additional modules. In FY '23, we once again saw close to a 50-50 split between expansion and module cross-sell similar to the prior year. Now let's dive into the significant runway for growth available to us within our existing customer base and existing modules. Looking at this from a white space perspective, the question is what does our total addressable market look like within our own customer base. In FY '22, we achieved $1.7 billion in ending ARR with a healthy net retention rate as our upsell and cross-selling motions are very mature. Expanding on that cohort. If our FY '22 customers adopted the entire platform that was available to them at the time with the same number of endpoints and consistent ASPs, the platform opportunity would be equal to more than 4x FY '22 ending ARR for an $8.7 billion combined opportunity, showing a significant runway to add net new ARR from within our existing accounts. Using the same methodology for FY '23, the incremental FY '23 platform opportunity of the customer base is at approximately $9.6 billion for a combined $12.2 billion opportunity, approximately 3.7x our FY '23 ending ARR and approximately 37% growth in opportunity from the prior year. And looking one layer deeper, the white space opportunity is roughly split between 3 categories: first, faster-growing modules, including CNAPP Identity and LogScale; second, managed services; and third, all other modules on the modern XDR Falcon platform. While we don't assume that every customer will adopt the full Falcon platform, the magnitude of expansion in the total opportunity speaks to the extent to which we are increasing the value we can provide to our customers and the rate at which we are expanding the capabilities of the platform. So far, I have focused on growth, but as our efficiency and profitability metrics reflect, we are not a growth at all cost company or management team. We have made incredible progress on our march to our target model and still have incredible leverage to realize. Let's take a look at gross margin. One of the core benefits of the immense differentiation we have in the Falcon platform is a very strong and defensible stance with regard to ASPs. So when we think about quarter-to-quarter fluctuation in gross margin, it is not so much about pricing, it's more about enhancements on the optimization of infrastructure or incremental new data that we are collecting or integration of newly acquired technologies. We've been doing a lot of investing in our own infrastructure. And in Q1, we're expecting to see up to 1 percentage point incremental increase in our subscription gross margin as some of the fruits of our labor are going to pay off. On the COGS side of the house, the drivers are continued public cloud and data center workload optimization, public cloud cost optimization as we scale and ongoing integration of redundant infrastructure associated with the acquisition of LogScale. We've been investing for years in our private cloud. And we've made some great strides there. And over time, we look forward to being able to get to the top end of our long-term range because of those investments that we are making today. We believe it's not all going to come at once but it will come over time. We have seen a steady progression in operating margin expansion, ending the fiscal year at approximately 16%. On a dollar basis, our non-GAAP operating profit grew more than 80% in FY '23 as we recognize the benefits of the significant leverage in our model. I'm incredibly pleased with our margin performance, especially in combination with our scale, continued investment in innovation and the aggressive hiring plan that we executed in FY '23 in which we grew the size of our team by 46% year-over-year. The net effect of this is the incredible amount of cash that the business model delivers. We have grown from $12 million of free cash flow in FY '20, the year of our IPO, to well over $600 million in free cash flow at 30% of revenue in FY '23. We believe that we have a model capable of delivering durable free cash flow margin of at least 30%. FY '20 was our first year to generate positive free cash flow with our margin for that year at 3%. In each of the 3 years since then, we have delivered 30% or greater free cash flow margin. While we expect there to be seasonality in free cash flow on a quarter-to-quarter basis, one of our key targets in managing the business is to deliver at least 30% free cash flow for the year. The top line, increased gross margin, operating efficiencies and increased interest yields are positive drivers to free cash flow margin. These can be offset by duration such as when multiyear lands renew with shorter terms, flexible payment terms as we partner with our customers and increased CapEx and cash outlays for taxes. For FY '24, our free cash flow margin target of 30% is inclusive of estimated full year impacts from billings duration and cash taxes balanced by the positive tailwinds of increased operating leverage, higher interest income and lower CapEx. Looking into FY '25, we view 30% free cash flow margin as our starting point and see a path to delivering between 30% and 32% free cash flow margin for the year. And looking 1 year beyond that into FY '26, we see 32% free cash flow margin as our starting point, up 200 basis points from the prior year starting point. Looking at all of this in the context of our target model, we have made significant progress. In our last 3 reported fiscal years, subscription gross margin, R&D, G&A and free cash flow margin were all within our target ranges. And I think it is clear from our phenomenal performance in Q4 and fiscal year 2023 that our model is highly leverageable, and we are operating very efficiently as a company achieving a high ROI on our investments. We believe our business model is capable of delivering our target operating income target in the near term, but we do not think that would be the best course of action given the massive market opportunity we see at hand and our strategic position within the ecosystem. We are an innovation company, and as we presented to you today, we have our sights on building an even bigger company, and we are bullish on our opportunities and ability to execute on our vision. As such, we are continuing to increase investments in key areas, including building out our global footprint, which includes sales, partners, channels and international markets, investing in our modern XDR platform, including data protection, identity protection, log management, observability and XDR. As our FY '24 guidance reflects, we expect to deliver increased leverage at approximately 30% free cash flow margin, even as we grow and aggressively invest in the business. And as highlighted with the green boxes on this slide, we expect to maintain subscription gross margin, sales and marketing, R&D, G&A and free cash flow margin within our target range on an annual basis, excluding any potential M&A. We expect to achieve our operating margin target model sometime within FY '25. While we expect to see fluctuations on a quarter-to-quarter basis, we expect to realize more of the benefits from the investments we are making today in COGS optimization that will translate to gross margin in FY '25. What is nice about scale and an efficient go-to-market engine is even small incremental refinements in gross margin can lead to meaningful operating margin uplift. Additionally, longer term, we see room to exceed these targets beyond FY '25. And this is just the beginning. We have our sight set on a much larger goal of reaching $10 billion in ending ARR. The investments we are making today are designed to fight the company for success to reach our goal of growing to $10 billion and beyond. Here are the areas that really excite me and we believe have the biggest opportunity for growth on the Falcon Modern XDR platform as we look ahead. LogScale, data protection, CNAPP, identity theft protection and continuing to capture market share from legacy vendors. Bringing this all together, I'd like to end on what I personally believe puts CrowdStrike in a league of its own. This time last year, we shared with you that CrowdStrike has the winning formula of rapid growth at scale and strong free cash flow. We showed that while there were over 40 public enterprise software companies with over $1 billion in LTM revenue, only 5 had a growth rate greater than 60%, and only CrowdStrike had both of those attributes and delivered a 30% free cash flow margin. This year, as we surpassed the $2 billion LTM revenue milestone, CrowdStrike remains in a league of its own. Based on the most recently reported figures, there were only 26 public enterprise software companies with more than $2 billion in last 12-month revenue and just 2 of those companies were growing at an LTM rate of 50% or more. Those included CrowdStrike and Snowflake. And only CrowdStrike delivered this scale and growth in combination with a 30% LTM free cash flow margin, a truly remarkable feat that every CrowdStriker should be very proud about. In summary, I've never been more excited about the opportunities for CrowdStrike. I look forward to continuing to profitably scale our business and invest in our opportunities. Thank you very much. Before we open it up to Q&A, I will turn it over to George and Daniel to discuss our partner program in more detail.

Thanks, Burt. And before we open the call for questions from the audience, I thought our audience would like to hear from Daniel Bernard, our Chief Business Officer, to get us taken our partner initiatives and SMB program. And Daniel, you recently joined us from SentinelOne. So tell us about your new role at CrowdStrike.

George, thanks. It's a pleasure to be here and greet you and greet to everybody. As Chief Business Officer here at CrowdStrike, I'm looking after our partner community. It's a vast network of thousands of resellers, technology alliance partners, system integrators and the long tail of MSPs that we can really mobilize to transform our business and change cybersecurity as a whole. In addition, SMB is also something that I'm looking after. Huge opportunity in the TAM to go and disrupt it just like we've been doing in the enterprise for so long. We're well on our way, but there's a lot of TAM out there for us to replace legacy products and bring the power of the Falcon platform to SMBs at scale all around the world.

And what are you hearing from the partner community?

Yes. I think what we're hearing from the partner community, and you and I have been out on the road visiting these folks quite a bit in the last couple of weeks is really some consistent information. One, CrowdStrike is the technology that customers want, that customers need. Two, customers need consolidation. They're looking for platforms that enable leaving many different point products and optimizing workflows, optimizing spend and optimizing capabilities. And three, we've got the programs, the plan right here to help partners be successful. At the end of the day, what partners are keen to do is help customers stop the breach, where the technology to enable that, where the technology to build a business around where the technology that can really transform this market. And the partners are just craving to work with CrowdStrike and sell the modules, sell the story and sell the outcomes.

And you're right, traveling around and meeting with many of the partners with you. It's been just great feedback on how many partners want to continue to work with us and new partners want to work with us. One of our best, biggest and greatest partners is AWS. And they've grown to be one -- we've grown to be one of the top ISVs for them. Can you provide some insight on how things are going with AWS?

Sure. We don't really break out individual partner-specific information. But CrowdStrike was super early to invest with AWS and build out a cloud-first go-to-market to help customers that were using us on endpoint transition to helping secure the cloud. What I can say is we're seeing huge momentum with AWS. The amount of partner sourced revenue that they're bringing to the table for us is unprecedented. AWS would tell you that we're one of the most successful ISV partners, security partners. We'd say the same. And really, the results of taking the partner community, leveraging that with the AWS marketplace and unlocks a huge TAM, deal velocity and amazing results for our sellers, even more results for our customers that are looking to use their AWS spend credits on the latest and greatest cybersecurity. That's right here. That's right here on the Falcon platform.

Now there's been a lot of excitement about the Dell announcement. So can you share with the audience the different ways we are working with Dell and how it expands our market reach.

Sure. I'm really excited about the Dell announcement. I've worked with Dell a number of times in my career. And in the long term, this is a game changer for CrowdStrike. What Dell does for us is a number of different things. One, it brings us to new markets, new TAMs globally. This is a global partnership. Dell sells us on the box, that's with PCs for businesses of all sizes. Dell also has the ability to sell the entire Falcon platform, bring that to market to customers. In addition, Dell has a managed service to help companies optimize how they want to consume cybersecurity. We're there as well. And last but not least, down in the SMB space, new packaging models that we're able to trial with Dell, such as a monthly subscription, device-as-a-service, all these different routes to markets, all these different geos, all these different customer outcomes are all serviced through Dell, which really represents about 30% of the PC market today. Huge opportunity for us, and we're just getting started.

And lastly, let's dive into SMB opportunities. We talked a lot about that recently. It's not something that we just started. We've been working on it for many years. How do you think about that opportunity to penetrate the SMB and drive better outcomes for our customers in what I would call a traditionally underprotected and very fragmented market?

Yes, I think let's first start talking about the market. This is a market that's significantly still using legacy AV subpart products. And if you look at it first, do we have the right technology, product market fit with solutions like Falcon Go, super easy to deploy, no updates required, no interoperabilities. Set it, forget it. This is something that's perfect for SMB customers. Two, the routes to market and optimizing those. And I think to what you were just talking about, this is something that CrowdStrike and specifically you were thinking about earlier on, that Atlassian model. Go to crowdStrike.com. You can click on the buy button. You can buy the software anytime. You can try it anytime, and we're the only company in the market that does that. So we make it extremely easy for our customers of all sizes, specifically SMB, to get started and see success right away. But then you look at partnerships like what we're doing with Dell. You look at the power of some of our partners that really serve the small and medium business. You look at what we're doing in the MSP space. This is the technology that can solve the problem, that can stop the breach, that can transform cybersecurity. And there's a compelling event out there right now. What is the compelling event? It's cyber insurance. Every business, large companies, small companies, businesses of all sizes, they're being asked to make sure that they adhere to certain cybersecurity standards, that they optimize and transform their cybersecurity stack so that they can qualify for insurance. Cyber insurance is something that's on everybody's mind. Businesses of all sizes, specifically SMBs, they all know somebody or maybe it was them that was impacted by a breach. The market is ready for this transformation. We have the technology to do it, and there's a lot of TAM out there for us to go address in the SMB.

Well, thank you, Daniel. Really excited to have you on the team. So let's turn the call over to Maria for our Q&A session.

Thank you, George. We will now take questions from our covering analysts. [Operator Instructions] Our first question is from Saket Kalia of Barclays. He will be followed by Sterling Auty of MoffettNathanson.

Okay. Great. Maria, can you hear me okay, and see me okay?

Yes, Saket.

Okay. Great. Awesome. George, I want to pick up just off that last topic that you were talking about with Dan on SMB and maybe just connect that a little bit back to some of the really helpful stuff you gave on just the competition with Microsoft. I think the 80% win rate in the enterprise was great to see. But George, maybe you could just talk a little bit about how that compares in the SMB, and how Falcon Go can perhaps replicate some of that some of that down market as well?

Well, Saket, I think it's very similar in the SMB space. Customers that have been using a variety of technologies, whether it's Microsoft or other legacy technologies have had issues. They've had ransomware issues. They continually struggle with a lot of the security implementation. So when we have the opportunity to show them and get engaged with them with Falcon, more times than not, we're going to win. And one of the other areas for smaller SMB, when you talk about Falcon Go, is also being able to upsell them into Falcon Complete. We have so many small businesses that have a lot of risk. They can't get insurance. They need insurance. And they turn to something like Falcon Complete, which is an absolute game changer. And that's really, I think, a huge opportunity for us. It's much differentiated than anything Microsoft or others offer in the market today, and it's set up based upon the platform architecture that we have.

Our next question is from Sterling Auty of MoffettNathanson. He will be followed by Joel Fishbein of Truist.

I wanted to ask about cloud, the couple of hundred million in ARR. I think, Burt, you mentioned that you land small and grow with the workload. I'm curious about what the opportunity is to actually penetrate existing workloads? Or are you really tied to just new workloads, which unfortunately, we're seeing that growth slow due to macro.

Sterling, it's Mike. I can jump in there. It really is both to answer the question. Obviously, we've got a lot of organizations that have significant cloud deployments to today. And the big thing that I'd call out is they've got a flavor version of everything. And that really works well with our strategy, which is to not dictate what cloud people should use, but to give you choice, to give you the ability to run any cloud version you like, any infrastructure you like, and then we'll come in and secure it. So works very well for what people have today. And then as people continue to build out and grow -- and grow aggressively into the cloud, the technology stack allows them to continue, and we grow with them, which is part of that simplicity and elegance of the solution that we talk a lot about.

And just to follow on that, we actually have many customers who started in the cloud first. They were on a journey. They maybe they were a little bit later in the adoption curve with cloud. They chose CrowdStrike to protect that cloud environment and they realize how easy and effective it was. And then we actually were able to get the internal desktop servers, laptops, et cetera.

Our next question is from Joel Fishbein of Truist, and he will be followed by Don DiFucci of Guggenheim.

George or Michael, it's the -- I would love to just understand Falcon Complete. It sounds like -- it seems to us that Falcon Complete, every customer should have it. What's the impediment of not every customer adopting Falcon Complete? And what is the strategy to potentially get more customers to adopt it would be really helpful.

Joel, I'll take this one. I mean, look, you are right. It's an incredibly compelling offering. And really, when you look at the economic value that a customer gets, they have the ability to get access to Falcon Complete, they have the ability to leverage the platform. They have the benefit of us deploying the capability, operationalizing it and providing 24/7 all year round. The cost benefit to the customer is very clear. They get straight away. They get economic value. It's going to cost them a lot more to try to hire people to build a 24/7 service to be able to get the skills and keep people employed. It's a tough market, as you know. So a very compelling offering. And look, we're really making sure that people have the ability to get access to Complete. We want people to get the access either directly from CrowdStrike or through our partners. And having Daniel on the team and really building out that capability, so people have the choice to work with CrowdStrike or a local partner as part of the strategy. And as you've seen, we've also increased the Complete offerings. We started off providing Complete as a service to leverage the Prevent and Insight module with Overwatch, and we've built that out to include Identity, to include the cloud. We provide Complete for LogScale. And we will continue to innovate in this space as customers are demanding more and more and just getting so much value from it.

And I think -- just to add on to Mike's comments, I think what's underappreciated in our model is the ability to create additional offerings in the Complete product family. As Mike said, we started with one. And now as we've added new modules or acquired new companies, added new technologies, in almost every case, we have the ability to add an additional extension to the Falcon Complete product offering. And that obviously is a massive opportunity for us given the price points for Falcon Complete.

And one last point. We often go back to our customers with respect to something called the business value realized. So we do a business value assessment, 6 months later, we go back and show the savings. And if they don't have Complete at that point, we would show them additional savings that are there to be had. So it's not something that we just try to educate once, but we continue to do that education and to continue to show value in that offering.

Our next question is from John DiFucci of Guggenheim, and he will be followed by Alex Henderson of Needham.

I was getting all confused there. But anyway, my question is actually for Daniel, or if these -- if you can answer the areas. And maybe, George, you come in on this, too. It makes a ton of sense for you guys to go. The SMB for you, we -- I see as sort of all greenfield opportunity. It's not some place you've ever really gone after aggressively. Maybe you pick up customers along the way, but nothing like what's out there. But it's also traditionally a very cost-sensitive market. And your premier product is also usually sold at a premier price because it's the value selling, right? I guess I'm just trying to figure out how you combat that, but your thoughts around.

Sure. John, let me jump in there. So first, the markets at a maturation point where the existing solutions and products that are there just aren't good enough, and customers are really looking for something different. And there's a willingness to pay. We've tested that thousands of times over. There's a willingness to pay for a superior product, a superior outcome. So that's number one. Two, and it really dovetails nicely into the role in what I'm doing here. The partners play such a pivotal part in our go-to-market in that part of the market specifically. So the way that we're going to dominate the SMB isn't by hiring another couple of thousand reps or hundreds of reps. It's going to be by activating the partner ecosystem to really focus there and work with the kinds of partners that really specialize in that area of the market. So it's really a different go-to-market motion for us. The third is really just the product market fit and having this ubiquitous brand, the trust in the market, I mean folks drive to work. They hear George on the radio. They watch him on TV. They know CrowdStrike. They know it's the best cybersecurity. They read the Global Threat Report. They call their cyber insurance broker. They hear about us there. So this market is ours for the taking. We're not going to do it on the cheap. We're going to make sure that we're offering the right value.

Okay. That makes sense. And I'd like to see George wear that jacket on TV next time. But go ahead, George. I actually like it.

Well good. Good. I'll let my wife know. So at the end of the day, when you look at this market, as we talked about, SMB is very fragmented, and it really is the partner community that's going to help, I sometimes make the joke, it's a little like the AV world in your house. You just want the AV to work and whatever they recommend you kind of go with. And that's kind of the relationship that's out there in the SMB market. If you are the recommended solution, you're going to get in at the right price point. And just to even further the comment on the willingness to pay. We've had customers, and I've talked about stories like this over and over, that have come in, bought $2,000 of Falcon Go and then we upsold them to $40,000 of Falcon Complete. Yes, a lot more money, but when you look at what we were giving them, they couldn't even hire 1/4 of a person to do what we were doing for them. And by the way, they were getting discounts on their insurance with Falcon Complete. It's a huge opportunity. So when you package it all up and you look at the total value, it becomes a no-brainer, which is why so many small businesses have chosen Falcon Complete.

Okay. And I guess -- and I'm sorry, it's the same topic here, but just the go-to-market difference, is that -- can that also be a lower cost go-to-market, so you can play a little bit with price if you want?

We have the flexibility to play with price there. With Falcon Go, we have a lot of flexibility. And the partner ecosystem, we know where we need to be, and we can absolutely be in that ballpark. And then we have the ability, obviously, to upsell adjacent modules and things like Falcon Complete. So once we get in, we know we have a history of being able to cross-sell. You can see it in all our numbers. And that's the goal in the SMB space.

Our next question is from Alex Henderson of Needham, and he will be followed by Brian Essex of JPMorgan.

Great. And George, it's great to hear you reiterate the importance of seeing you not as an endpoint company but definitively as a platform. I wanted to shift the question a little bit over to what I think a lot of people are worried about in terms of risk and maybe I can get to Burt to talk a little bit about a couple of categories of risk. Specifically, what is your finance vertical exposure? Are you concerned at all about the recent impact on regional banks and what that might mean for their spending outlook? And if that's a vertical that has meaningful scale to it, when do you think that might show up in the numbers? And second, along the same lines, a lot of companies, particularly in tech, doing staff reductions, reducing their physical footprint by closing offices. How are you impacted by those dynamics? And is that something that's a slice of bread or a loaf of bread? How big a risk do we have to those 2 variables?

Yes. So look, I'll take the first and talk a little bit about the banking sector. So for us, in the regional banks, we have low single percent of ARR in the bank so the exposure is quite low. So for us, that's something that we're in a really good position to be able to minimize that risk. And it goes beyond just regional, right? We have -- overall, the risk in the banking sector is single low digits in ARR. And I'll turn it over to George for the second.

Yes. And just to comment on that first question, it's not like banks are going to stop needing security. I mean, it's a regulatory requirement, right? So -- but specific to your question around employees, basically, what we found is we've hit even a broader sweet spot for companies that have reduced some of their workforce because they don't have the people power to actually protect their environment. And what we've seen is there are budgets available just not for headcount. So we've been, I think, quite successful in selling Falcon Complete into these organizations that are looking to rightsize their environment and provide a level of protection and maturity within the security organization through our Falcon Complete offering. And that, I think, has hit a sweet spot, particularly for those companies that are looking to rightsize.

Our next question is from Brian Essex of JPMorgan, and he will be followed by Andy Nowinski of Wells Fargo.

Brian, you're on mute.

Okay. I always make that mistake. The question was for you, Burt. You noted the margin targets. I noticed that you indicated that they exclude M&A, and you have that nice $10 billion ARR target out there. So I guess a couple of points on that. How aggressive should we anticipate you might be pursuing that $10 billion target? And how should we expect the extent to which you might sacrifice margins for M&A? What is your discipline around margin accretion with regard to M&A? Is it going to -- are you going to set a floor saying, for example, it wouldn't fall below this level? Or is there an expectation like if you happen to do a deal that's not immediately accretive to margins, you might set a recovery rate to set expectations around?

Yes. So good questions, Brian. So one -- so first, before we get to the $10 billion, let's talk about the $5 billion. Again, it's an illustrative right of how to get there. And the idea there, the design there was to show many different paths to be able to get to the $5 billion. The $10 billion is going to be even further. We don't know when that's particularly going to happen. But obviously, we think that with the TAM that we talked about and its opportunity and the fact that we are so low penetrated with respect to the TAM, we have an incredible opportunity to go and capture so much more. And that was the idea just generally in how we think about it. And then M&A, we've been quite disciplined today, right? I'll let Mike take a little bit about that. But from a financial profile, number one, we're not growing. We're not -- we're the company that's not growing at any cost, right? We've been disciplined from day 1. Having said that, we're going to be looking at targets that have been successful for us, right? The ones that are rate tech, great people, we're not looking to buy ARR. We think we've got a great distribution engine where if we do buy great tech and great people, we can plug that in and off we go. But I'll pass it over to Mike with respect to a little more depth on the M&A side.

Yes. Sure. Brian, thanks for the question. I think Burt said it really well. We obviously look for great tech and great people. But the thing that I'd put above that is making sure that the great tech and the great people work for our customers. And one of the things that we've been really careful about is making sure that the technology that we -- the companies that we acquire and the technology that we want to bring to market integrates with our security platform and it integrates with our endpoint where applicable. And it's a really careful consideration that we made to make sure that the customer doesn't become the systems integrator. And we see this all the time. You look at a lot of companies in security, really a lot of organizations in the tech space that buy a lot of product. And what ends up happening is the end user ends up suffering. And we see very commonly a lot of vendors will then go and buy maybe some middleware, they'll go and buy an orchestration platform to try to get all those products to work. And it doesn't really end well for the endpoint users. So we've been very careful. We want to make sure that we stay focused on the areas that are foundational for CrowdStrike and the emerging areas that we talk about. We want to get products that solve real-world customer problems, but they have to be something that we can integrate. They have to be great. The technology needs to be highly differentiated, and we're looking for good people. So we will continue to be careful in this space.

Our next question is from Andy Nowinski of Wells Fargo, and he will be followed by a question from Jonathan Ho of William Blair.

So you guys did a great job laying out all the different growth drivers and all the different new market segments like SMB that you guys are penetrating in. I guess I want to circle back and talk about the $5 billion ARR target you have. I think you made the argument that, that target in FY '25 is very -- is almost ultra conservative, and that it only requires $830 million in net new ARR growth or no growth, I should say, flat growth for 3 consecutive years. So it seems to me like, I guess, number one, why wouldn't you raise that target, given all the positives you talked about today? And then second, what would have to go wrong to hit that $5 billion target? Because it seems like a lot more would have to go wrong versus right for CrowdStrike to deliver $5 billion ARR in FY '25.

Sure, Andy. I'd love to explore that a little more with you. So first, again, the $5 billion was an illustrative design to show you the many paths. I mean we really look at the $5 billion as a whole platform sale. This is how our customers view us as well. They are buying the platform at the end of the day. The more foundational capabilities we deliver through our single-agent cloud architecture, the more we differentiate ourselves in the market and drive high retention rates. That's what we're really after. We really become critical to the business. And our foundational capabilities drive growth for modules in newer areas that may have once been considered adjacency and vice versa. We have this great opportunity to explore that $5 billion through our foundational capabilities as well as some of our faster-growing adjacencies that are now converting into our foundational capabilities. So we're getting excited about how to get to a $5 billion from many different angles. And I think for now, I think the right answer is to show you those and to show you how we think about it. And there are other -- many different other angles. We talked about SMB. DB went into it a little more about how he thinks about SMB. And you've got to remember that our tech -- we don't have to customize our tech for SMB versus enterprise. It's that same tech, which is so rare in software, as you know, Andy. So that's how we think about it, and we're excited to be able to put out the $5 billion in a different path to get there from an illustrative example point of view to kind of illustrate the different levers that we can pull to get there. And I think that was the reason behind why you put it out there.

Our next question is from Jonathan Ho of William Blair, and he will be followed by a question from Hamza Fodderwala of Morgan Stanley.

I just wanted to maybe circle back with sort of the Microsoft question. How often do you see customers that have switched from CrowdStrike to Microsoft switch back? And are you seeing any scenarios where maybe these customers, their testimonies or their experiences are getting out more into the marketplace and sort of altering that dynamic over time?

Yes, I'll start, and I'll let Mike jump in. We haven't seen many switch. So let's start there. That's the good news. So I don't know, I guess it's still early in the cycle. I'm not saying someone couldn't have switched, but what we find though are the customers that have already bought into Microsoft switching to us, and we've gone through a litany of those or at least several in this particular webinar. And again, it gets back to what we were talking about. A lot of times, they come to us after a breach. A lot of times, they're frustrated. They thought they were going to pay 1 item, and it was a much bigger bill at the end, and they got sticker shock. And again, I kind of see this playing out just like the Symantec McAfee days in that signature-based AV that isn't really -- it's cobbled together consoles that's not stopping breaches is why we've been so successful. So customers who maybe on Microsoft, we think, is a great opportunity down the road to come back -- to come to CrowdStrike. And that's what we'll focus on. Mike, do you want to add to that?

Yes. I think just to follow on, on a couple of your comments there, George, what we are seeing is more examples of people coming from Microsoft to the CrowdStrike, not from CrowdStrike to Microsoft and then boomeranging back. And I wanted to use 1 example. Obviously, when we reached out to you all and asked what you wanted us to cover and talk about, there was a lot of questions around Microsoft. And I thought that was a great example, having temporary from our services team use and go through an example where somebody had issues and then came over to CrowdStrike. It starts with an incident response engagement. So there's an opportunity there and then ends up with a platform sale. And beyond that, we see this quite often. I was with the customer last week, who was telling me about the issues that they had. They were a Defender customer. They even brought in Microsoft during a breach and that didn't go well. They got breached again. And then they ended up going with CrowdStrike, and they've had an amazing experience since. So that's probably more representative of what we see out there in the field, Jonathan.

Yes. And I'll add one more to that. I was with the customer last week, and they were a Microsoft customer. They had an issue. They switched to CrowdStrike. And the customer's comment was, if I ever leave my current employer, I will put in my contract a requirement that the new employer buys CrowdStrike if they don't already have it. So I think that's strong testimony. And that's the kind of fanatical customers that we have at CrowdStrike. So thank you.

Our next question is from Hamza Fodderwala of Morgan Stanley, and he will be followed by Keith Bachman of BMO. Hamza, are you there?

You're on mute, Hamza.

Maybe we should go to our next question, and we can come back to you, Hamza. Our next question is from Keith Bachman of BMO.

Can you hear me okay?

Yes. Thank you, Keith.

Okay. Perfect. And I think BMO is a new CrowdStrike customer. So happy about that. I wanted to ask really a 2-part question. First is on the margin targets that you gave, the free cash flow margin increase from the 30% looking out a couple of years to 32 plus is less of a slope, if you will, in terms of your operating margin target increase over that same period of time. So I just wondered if there's anything you wanted to call out. Are you embedding some duration difference in that margin target that you put out for free cash flow? And then perhaps just in the interest of time, I'll sneak in my second one here. I just wanted to ask about pricing within the context of SMB. You did say that the underlying technology is great, which makes it a really efficient go-to-market capability. But it sounds like you may be more willing to ask for different pricing structures. And indeed, this past quarter, we've had some feedback from the channel and the SMB category CrowdStrike was more aggressive in enterprise, there was really no tracing change behavior. And I just wanted to speak to why the underlying technology is the same, is there sort of a different philosophy as you're migrating into the SMB category from a pricing. So this isn't related to channel but just absolute pricing, then I'll see the floor.

Sure. I'll start with the -- I'll start with the cash. So the only thing I would call out on cash and why op margin is outpacing free cash flow margins slightly, it's -- it's due to a little bit on duration, on billings duration to be specific or billing cycles. Let's start the conversation with respect to prior to the macro. The majority of our customers were on annual billings. And as we entered the macro, we saw a slight increase of our annualized billing customers move towards annual billings. So that would be the counterpoint to why the op margin is going faster than free cash. And I'll turn it over to Mike and George to talk about the SMB and what's going on there.

Yes. So yes, I'll start on the SMB side. When we think about SMB and how we look at the market, we can be very aggressive in that market. And what's important to keep in mind is that the price points are relatively high in that market. So there's a lot of margin if you need to be aggressive compared to a large enterprise deal that has volume discounting. So I think it may seem counterintuitive, but there's high price points, and we have the ability to be very aggressive given the margin profile of something like Falcon Go. So we have, we will and we continue to be aggressive because we know we have high gross and net retention rates and our ability to go in and consolidate that market is pretty exciting to us, and that's what we want to take advantage of. And that's why guys like Daniel are here and given our routes to market with our partners, we think we're going to be pretty successful there. Daniel, anything to add there?

George, you summed it up well. Keith, these folks are looking for a change. We have the change they need and they may not need all 20-plus modules on day 1. So there's a lot of opportunity to not only land at a compelling price, but also expand, take them on the journey, get them into Falcon Complete or have our CrowdStrike-powered Falcon Complete service help a partner deliver that on our behalf. So a lot of optionality there and a lot of reasons for partners to take us down into that part of the market.

Our next question is from Patrick Colville of Scotiabank, and he will be followed by Roger Boyd of UBS.

I guess my question is around the exposure to the tech vertical. So I mean, Burt, you kind of very helpfully discussed earlier the exposure to the finance vertical. I think another risk that we've been fielding from investors is what about exposure to the VC-backed tech vertical. I mean would you be able to provide some, I guess, qualitative color there and then also some kind of quantitative data just to help us frame that question?

So sure. I'll start, and then I'll toss it to George to finish and you'll get where I'm going. So basically, on the tech side of the house, all the banks that did bank with SVB in the tech area, the private ones, I mean the good news is, obviously, the FDIC stepped in. They're still making payroll. They're still doing what they need to do, and so they're still there. But what I can say with respect to not only the focus, what's happened with respect to the focus on profitability, not only in the privates, but in the public, I would say, a, they all need security. Let's start there. And then, b, I think the key point is, even if there are downsizing in terms of number of people, they're still going to need to have cloud protection or they're going to need workload protection. And as automation can take over more and more of a company in terms of how they run their business, we're going to be there to be able to supply that type of security. The other thing I'd like to say is on the -- on some of the smaller tech companies, the one thing that we do really well is Complete, right? So I think this is that offering where we're able to offer the best-in-class type of security at a fraction of the price of what it would cost for somebody to go out and hire a team or even 1 person in many examples. So when you have something like CrowdStrike out there that's easy to use, simple to deploy and we can manage it for you, that's super compelling for not only the private tech companies but for the public ones. And I think that when we think about the tech space and you've seen all the downsizings that have taken place, ultimately, workloads and companies becoming more efficient is what's going to drive our continued success with respect to our offerings, right? It's not just about users. It's about protecting the data. It's about protecting the machine. So I think that -- and servers and so -- and cloud workloads. I think those things are going to continue to grow and be important to us as we look down the horizon.

Okay. Thank you, Burt. Yes. Thanks, Patrick. And our last question comes from Roger Boyd of UBS. Roger, are you there? Okay. It looks like Roger is not available.

Can you hear me?

Yes, we can hear you now, Roger.

Sorry about that. Just to hit on talk and complete, I think Gartner is talking about 1 in every 3 EDR customers buying provider-offered MDR on top of it. And George, you talked a little bit about the momentum you're seeing, especially in this market with the need for more outsourced services. But I'm wondering if you could talk about Falcon Complete from a competitive angle and how big of an advantage is that versus some of your core competitors? Maybe you could talk about Microsoft who are a little bit less established in that provider-offered MDR space.

Well, it's a great question and it's a huge advantage for us, and it really is set up with the XDR agent that we have and the platform that we've built. It's very difficult to do or replicate what we do with the existing tooling that's out there with a mishmash of technologies, consoles and again, getting the right outcome. There's a reason we offer $1 million -- up to $1 million breach warranty to our Falcon Complete customers, right? I don't see Microsoft or others doing that. And the reason we do that is we've got confidence in the service, and it works. When you look at the ability to try to replicate that, it's difficult because the way the agent works and the way the data is actually centralized, we get a complete view of what's happening across the entire organization and it isn't sort of a piecemeal that you have to stitch together. So from that standpoint, it is very differentiated. And in fact, I talk to customers all the time. We -- again, it's a different customer, but last week, I was with one, they said, if I can marry a technology, it would be CrowdStrike. That was another Falcon Complete customer. And these are all great quotes. We'll have to get them on one of our Investor Days. But to that end, I'll maybe turn it over to Daniel to see if he want to add anything with Falcon Complete because obviously, that's a big opportunity for us, particularly in the small businesses.

Yes. Not only in the small businesses, first, Roger, the stat is true in terms of vendor delivered. The other piece here is partner delivered. And there's a huge opportunity for partners. They have the same problem that a lot of these customers have, which is how do I find cybersecurity staff to staff the SOC to deliver a service. And that's where the value prop of Falcon Complete becomes even more compelling, where partners are either turning to Falcon Complete to deliver the SOC for them or to augment their SOC with a Crowd-powered offering. And that gives them brand cache, that gives instant credibility. So while one may be buying it from a vendor through a partner, there's still 2 more, 3 more, 5 more, 10 more that are going the route of consuming it through partners, and then you go down the stack to what we're talking about before to SMB, you're not hiring any cybersecurity staff. You need this capability. This becomes belt and suspenders, a necessity for how you operate security today.

Mike?

Yes. I would jump in, Roger, and just to add 1 point. I think really, if you want to look at a great example of where the rubber hits the road, as they say. Last year, MITRE ATT&CK Evaluation for security service provider really showed the differences between the test. It was a closed book test. It was a very complex test, very different to the typical MITRE ATT&CK Evaluations. CrowdStrike Falcon, the platform achieved 99% detection and coverage of adversary behavior, and you just didn't see that performance across the stack. And where service providers that have great people, have great skills, used tools from Microsoft or Palo or other vendors, some even used products and pulled out of the test. You saw a couple of things really, really clearly. CrowdStrike was easy to use. It got the efficacy, got the results. And where people were using those other products, they didn't do well at all, and service providers really struggled. And it talks to a problem with complexity. It talks to a problem with hard to leverage these products when you need them most, when you need them to perform. And I think we were really proud of that, and we would demonstrate time and time again how different the platform is to what's out there from other competitors.

Thanks, guys. With that, I'll turn it back to George for closing remarks.

Well, I just wanted to thank everyone for spending some time today with us. Hopefully, this was informative. We tried to give you a view of the platform itself and how we think about our platform is really a form factor of being able to create additional adjacencies that go beyond what one might consider just core endpoint protection. We talked about emerging products and modules. And again, I want everyone to really think about what we have as a platform and some of the modules are faster growing, but it's all 1 platform, and that's really how our customers consumer foundational platform with emerging modules. Mike, I think, gave some great demos and talked about our identity solutions and XDR and surface. Again, great feedback from customers, and there's a reason why they continue to buy more and more modules from us. And then Daniel spoke about how much effort we're putting into SMB and also our partner network and the reception there. And then obviously, Burt went through all of his financial numbers and his illustrative discussion around our path to $5 billion. And with that, I'll get things wrapped up. We look forward to seeing everyone on our next quarterly conference call. And again, thanks, everyone, for their time today.