CrowdStrike Holdings, Inc. (CRWD) Earnings Call Transcript & Summary

All right. Good morning, everybody. We'll get started. Thank you so much for joining us on the last day of the Morgan Stanley TMT Conference. Really appreciate it. And this morning, we're privileged to have George Kurtz, CEO and Co-Founder of CrowdStrike. George, thank you so much for your time.

Great to be here. Thank you.

And before I begin, just an important disclosure. Please see the Morgan Stanley Research disclosures' website at www.morganstanley.com/researchdisclosures. With that, we'll begin. So George, really impressive results this week. You continue to exceed people's expectations. A few highlights, if you don't mind me singing your praises for a moment, almost $3.5 billion ARR, growing 34% year-on-year. Record net new ARR growing 27% in a time where a lot of software companies in general are struggling to grow new bookings. Record GAAP and non-GAAP profitability, CrowdStrike is now eligible for the S&P 500. And the other stat that really stuck to me was $850 million ARR across some of your newer products, including Cloud Security, Next-Gen SIEM, Identity Protection, that doubled year-on-year as well, and we'll certainly talk about that.

So clearly, no signs of slowdown or fatigue, if you will, anything I missed there, first of all, and anything you wanted to add?

I think you covered it. I think just in general, phenomenal execution to our team, so a big thanks to them. And when you look at some of these numbers and best-in-class unit economics, you look at our gross margin now at 80% and where Burt is focused on taking gross margin. I think the ability to continue to scale and have best-in-class unit economics is really important to us. And then obviously, that accrues value and generates cash flow. And those are -- we've talked so many times. Burt and I, our CFO, really focus on two things. One is ARR and two is cash. And that's how we sort of run the business. Obviously, gross margin is a big driver of that. But there's a tremendous amount of focus on gross margin, and you can see that in the leverage we have in the business.

Got it. And the other side I missed, your guidance obviously came in ahead of the Street. You're guiding to a 30% revenue growth this year. There's -- someone can fact check me on this, but I checked this morning. I think you're 1 of 3 public software companies to be growing 30% and projecting 30% revenue growth. And you're doing it at scale, almost $4 billion of revenue this year with over 30% free cash flow margin. So I think CrowdStrike is really entering this rarified era of SaaS companies, ServiceNow, Salesforce has come to mind. The big topic has been platforms. You've been in cybersecurity for 3 decades, doesn't look it. But so you've seen a lot of companies who have attempted to become platforms in cybersecurity and have come up short. When you founded CrowdStrike in the early days, what did you learn from some of those past experiences? And what did you do differently at CrowdStrike to make this a true platform in your eyes?

Sure. And this was really a founding principle when I started CrowdStrike. Back in 2011, you had Salesforce and Workday and ServiceNow, but there really wasn't a true platform company. It wasn't any of the firewall companies, it wasn't McAfee, Symantec, it wasn't anyone. And it was just that missing what I thought generational security company. So I think it's important to go back and talk a little bit about the market and how customers have bought security over the years. First, you have point products, and it was the best point products, and that happened for a long time, still happens in some areas today. And then it moved to best of suite. When I was at McAfee, you had Symantec and SAP and McAfee, EPO, and that's really where we [ thought ] things out. But what we found and what I found there is that you had inferior products that were being bundled into a best of suite, and it wasn't a great outcome for the customer. So when I started CrowdStrike, it was really to have a single platform, a single agent, a single interface that has the best of breed technologies in that platform. And that's really what I call best of platform today. And this is what customers are looking for. We don't do everything in the security space, right? We do a nice piece of it, but customers look at what we have and they say, okay, well, you've got CrowdStrike, let's connect to a Zscaler or connect to someone else, right? They want to be able to take the best of platforms and plug them together as opposed to be saddled with point products kind of masquerading as a platform that aren't best of breed. And this is what our customers tell us directly.

Got it. And then maybe just double click a little bit on the notion of having the single-agent architecture where a lot of stuff is integrated and that reduces the friction obviously, of deploying some of these new products, too.

It's really a good question. And security is so nuanced. There's a lot of things that sound similar. I've never seen PowerPoints that were wrong. So when you actually get to deploying it, there's a reason why it's so friction-free to deploy our product. It's the reason why large cloud customers deploy 25,000 agents in an hour because it just installs there's no reboot. Now I just made a passing comment, there's no reboot on the technology. We're the only technology that doesn't have a reboot. What does that mean? I learned this lesson when I was at McAfee. We bought stuff in McAfee, where we would have to go into a company and say, "Hey, we got a new agent, it's not integrated. And by the way, you have to reboot 300,000 endpoints." No one wants to do that. So the fact that we've thought about the small details of getting a lightweight agent less than 100 megs in, being able to manage it at scale, which is really hard for companies to do. We only have one -- when we're in production, we basically -- that's the GA release of the agent. We don't make special agents for you or for another customer. And that allows that manageability to install, manage and run it very efficiently. So it's the small details that make the user experience really impactful but it's the single agent, the ability to collect data at scale that then unlocks all of the other modules because we've already collected the data, and that gives you the leverage in the gross margin. Almost every other module we add is pure gross margin.

Got it. Got it. Let's go into some of the newer products, if I may, or some of the products you've been selling for the last 3 to 5 years, which was Cloud, Identity Protection, and Next-Gen SIEM. I'd like to start with Cloud Security since that's the biggest piece of that. So public cloud ARR surpassed $400 million, net new ARR growing 200%, by our work, you're adding the most net new ARR in this market among the cloud security vendors. So talk a little bit about there, some of the things that you've done to really accelerate your share gain within that market specifically?

Well, we started with the hardest part first, which is cloud workload protection. That's really the preventative technology that runs in these virtual environments in Kubernetes clusters, et cetera. So there's a lot of different ways that you can consume cloud workload protection, but it's aware of whatever environment it is in, in the cloud. So that took the better part of 10 years to build something as robust as what we've built. Now why do I spend a little bit of time on this? Because we are protecting some of the world's largest clouds. We're protecting some of -- most of the world's largest SaaS platforms. You can't go to a dev team and say, we're going to put a piece of software on there that's going to interrupt what you're doing. So it is really high ground and what I call a barrier to entry to get a cloud workload protection agent in a critical workload. So we started there. Then what do we do? Well, we actually built our own CSPM, because we didn't like what was in the market. And then we took what we built and we commercialized it. And now we didn't get to that first because we built our own, and in the commercial aspect of it, we commercialized it. And now I believe we have parity in terms of just features with some of the pure-play competitors that are out there. Then you combine the piece of cloud workload protection with CSPM, now with application security posture management, now with data security posture management, which we just acquired with Flow. And we believe we've got the best cloud offering in the market not only is it best in breed in these areas, but the fact that it all works together and can seamlessly identify threats, identify misconfigurations, and the big thing, is prevent the breach. A CSPM doesn't prevent anything. It really is vulnerability management for the cloud. So it's compliance and reporting. Nice to have, but customers want to stop the breach, and they want to stop things like data leakage.

Got it. So being in the cloud workload protection side of that, broader cloud security market really gives you the pole position in...

It does. It's very hard to create an agent at scale and do that in a short period of time than any large cloud provider or infrastructure is going to install and use because it's just so sensitive to be running in those environments. Mission-critical.

Got it. The other one I wanted to touch on was Identity Protection. And really, this is identity threat protection response, so different from the access management vendors like Okta and Ping Identitys of the world. We were at dinner last night. And one of the things you mentioned was when you acquired into the space, you made a small tuck-in acquisition, a company called Preempt that was around 3Q of calendar '20, I believe. And it was less than $7 million of ARR. Today, it's over $300 million ARR and more than doubling year-on-year. Talk to us about how you saw so much success there? How you were able to sort of ramp adoption of that product so fast?

Sure. So I want to answer that question. Maybe let me just frame where we play in it because I think it's important. We get a lot of questions. So maybe I can Preempt a lot of the questions I'm going to get after this call, right? So when we think about identity, it's a broad category, and we break it into three areas. You have identity creators that would be your Microsoft and ADS or AD. So you're creating the identities. Then you have identity aggregators, which would be a Ping and an Okta. We've got all these identities. We've got to put them together and make it a single sign-on. And then you've got identity protectors like CrowdStrike. The ability to actually prevent the identity from being abused and prevent lateral movement. So that's the area that we focus. And we acquired a really great company and what we did, and I don't know many companies that would actually do this. I know many of the ones that I worked for in the past wouldn't. You acquire a technology, and you essentially didn't sell it for the better part of 18 months. What I mean by that is like we didn't actively put it into the sales force. We didn't actively give it away. We basically said we're going to take their technology with a great team and we're going to carefully rewrite it into our agent because our brand promise to our customers is single-agent architecture. And by the way, we didn't want to screw up what we built, so we needed to rewrite it and make sure that we took their functionality, but put it in the construct that we need it. Once we did that, then we went mainstream with the sales force and then all of a sudden, it was one of the fastest-growing modules in the history of CrowdStrike because all you need to do is turn it on. We would walk into a customer sometimes and they would say, "Okay, I love Identity, what do I need to do?" Here's the PO, press hard and it's in triplicate. I mean there's -- you just turn it on. So there's not much other to do than activate it, and that is part of the secret of our success. We continue to build functionality and that allows us to very frictionless -- in a friction-free manner, activate identity. And I believe identity should be key and part and parcel to every customer who has our EDR product.

Got it. It's also important to mention over 80% of breaches, I believe, are identity-related somehow. So...

They are. And really, in today's environment, if you're just using EDR without an identity product. There's a whole bunch of areas that -- particularly around identity, mostly identities, what I'm talking about, that would be a gap. And what we've built, we're the only technology in the marketplace that has single-agent identity protection built in. You have some other players that multiple agents and you have some big players that don't even have the same capability in their core protection product.

Got it. Got it. Maybe shifting over to the Next-Gen SIEM business or what's also known as LogScale. So that surpassed $150 million in ARR in the latest quarter. I think you now have over 1,000 customers. Again, another area where -- when you acquired Humio back in early 2021, you were very thoughtful about integrating this into your existing stack and now really seems to be taking off. I had a two-part question. One, maybe just describe how CrowdStrike as a leader in the endpoint market that gives you a data advantage as you attack this Next-Gen SIEM space? And then secondly, how do you see that business growing over time as customers consider migrating off of their legacy SIEMs?

Sure. Well, when we think about SIEM and why SIEM was invented is over the years, we had a hodgepodge of technologies that were generating alerts and information and no one can sort out what's happening. But at the end of the day, SIEM was really focused on how do I detect activity, adversary activity or breaches that I'm not going to find with my existing tools by correlating all this data together. That's really what the outcome a customer is buying. So over the years, we've had customers obviously look at our technology and say, "Well, do I even need a SIEM?" I've had customers take SIEM budget and just buy a CrowdStrike because their end goal wasn't log management, their end goal was to find and stop breaches, and we were able to do that. So when you look at the SIEM market today, the legacy SIEM market, and I'm just talking about the security piece of it, you have a lot of customers that spend a lot of money. It's very expensive for data ingest and they're still piecing all this information together. And a key part of our technology is we never lose the context from the endpoint or the workload as it gets to the cloud. There's a mini graph on the endpoint and then we have a huge graph in the cloud. So what happens in the SIEM world, and you have a lot of companies try this, they just generate log information. They ship it to a SIEM, but that's taking -- it's like taking a 20-megapixel picture and downgrading it to 1 and shipping it and then having to rehydrate it, you lose all the context of it. So with CrowdStrike, we have what I believe is about 85% of the core data that goes into a SIEM. And customers have said, you already have all this data, can you allow us -- can you open your platform and allow third-party access for third-party data so that you can correlate across areas that you don't do, right? So there's a whole bunch of things, e-mail, security, firewall. These are things that we don't do. Can you correlate across that? And the answer is now, yes. So with LogScale, it is natively built into our platform with our Raptor release. And we have over 1,000 paying LogScale customers. But the beauty now is we've enabled 20,000 through the migration of our customers to be Raptor-enabled. Now what that means is all we need to do is go through and turn on the entitlements and start the billing to allow them to pull in third-party data. So we think we're really in pole position because the critical data is the endpoint data. That's the high fidelity data, and we already have it. And by the way, we just turned on 20,000 of our customers that are ready to be entitled to be paying customers for Next-Gen SIEM.

Got it. And also, I think you mentioned, and pardon me if I missed this, but over 80% of the data that the SIEMs often adjust is from the endpoint itself, going back to that.

Exactly because that really is where the activity takes place. If we think about network data and some of the other data, identity data, those are small amounts of data. Even on the network side, you're looking at network flows. You're not -- it's very difficult to get deep into the inspection of all this network flow because many of the conversations are encrypted. So what customers are looking for is they want to see actually what happened. Not who drove from store to store. It's like, well, what happened on that -- not what happened on the highway, what happened when they got to a business or the bad guys got to a house and they started to ransack it. And that's really where we can instrument and we do instrument to endpoints and workloads to an incredible degree of detail and accuracy. And that's the information that is flowing into a SIEM. And at this point, now customers are saying, "Well, why don't I have to ingest and pay for it?" It's already in CrowdStrike Falcon which gives us this whole concept of data gravity, right? The data is going to stay there, and now we're going to pull other people's data in.

Got it. Got it. The other thing, too, obviously, customers today are spending a lot on these SIEM deployments. Can you maybe give us a couple of examples or one example of how CrowdStrike has been able to get a large customer on their Next-Gen SIEM solution and really helps them save money?

Sure. So we have very large worldwide bank, one of your peers that is using the technology. And they came to us. They were spending a lot of money on legacy SIEM product. The ingest was incredibly expensive and they said, "we want something better." And there's been some catalysts in the market with acquisitions and things of that nature. So what they basically said is we want better, faster, cheaper, cheapest, lower TCO and really lower cost. So we said, okay, we can help you. And we essentially became their data lake or I think it's like 40 petabytes a day of data, and that allowed us to then down select and they still -- they didn't migrate off their legacy SIEM yet because it was -- there's a process to it. But we're able to cut their bill to 1/3 of what they were paying. And now they're using our technology and searches that were taking 2 days take like less than a minute. So this is a really powerful solution when you use it. And one of the things about LogScale is it doesn't require an index. So what that means, and this is really important in the security world, is as soon as you start to ingest data, you get results and you could begin to query it. And in security, time is of the essence. If you have a forensic investigation and you collect all this data and you have to wait a day to actually create an index, you just lost a day. So in our technology, without the index, you get immediate results. It's -- when people see it in action, they're blown away. And the Humio team that we acquired has just done a fantastic job, and we've taken it to the next level.

Got it. One product that you launched recently, which maybe doesn't get a lot of fanfare, but is a big opportunity is Falcon for IT. This is an area that you talked about, there's been some pretty strong early traction since you launched at your Falcon conference. Just talk to us about the genesis of that and how that brings you into broader IT operations conversation as well?

Sure. So really, the genesis around Falcon for IT, which we just general -- GAed last week, is the fact that we've got the single agent. We have many of the capabilities to actually take action on an endpoint. It's already built in with real-time response. We already have the workflows with Fusion and other workflows. So over the years, particularly through the pandemic, customers were using CrowdStrike to patch their systems. They were using it to -- we have an airline that when they have an issue with their kiosk, they actually use CrowdStrike to remediate that, just on the IT side. And the list goes on and on. So if you could think it and you can script it, you can automate it, and we've got full automation already built in the product. So that team and many of these teams have come to us and said, every time we find an issue, we have to put it into a ticketing system. It then gets shipped over to the IT group. The IT group speaks tickets and how fast they can close it and the security group is talking about risk and priority. IT team is like, give me a job, let me close it and tell me what I need to do. So what we decided was we wanted to give the IT folks a home. So Falcon for IT leverages the single agent, reducing cost where we already have the features they need. We've added some more to it to make it even more fulsome in terms of all the information they can gather and how they do that. And then we've created workflow specific to IT. So when an IT user logs in, they don't see vulnerabilities, and they don't see threat updates. All they see is I have a problem and what actions do you want to take but it now allows us to connect the security team to the IT team and the IT teams have a home and a place where they can actually do work. So I will tell you coming out of Falcon, where we announced this and today, it is the #1 requested module we have. So I think this one is going to really dramatically change what we do in the IT landscape. And there's a lot of technologies that are out there that our customers have that they're basically saying, it's really expensive. You already do most of it. So just give us the workflows we need, and we can then consolidate off that other vendor.

You've been able to obviously launch and sell a lot of products and get to $100 million ARR fairly quickly. When you think about Falcon for IT, the interest level, just from your perspective compared to what you have with Identity Protection, some of the other products you've launched, any way you can maybe compare that?

When Identity launch, you had to explain to someone what it did because -- just like I did. Well, what does it do? Is it Okta, no, it's not Okta. It does this other thing over here. They're a partner of ours. So essentially, we had to explain why Identity was important. And Falcon for IT, everybody knows. We literally have -- I had a customer, a big bank say, I'm using your technology to fix our IT tool. Literally, we use your tool to fix the IT tool because it doesn't work. So when they came -- when we announced it, they basically said, this is a total home run for us because we keep doing all the work for the IT team. We want them to have a home where they can do some of the work. The challenge you always have is the IT teams want their own stuff and the security teams want their own stuff. But if you can give them a home that looks like and speaks their language, that we think is a home run. So overall, the problem is there. It's acute. There's an issue. I need to patch it. There's a problem. I need to close the ticket. This has been done for a long time. And this is why there's so much interest around it.

The other sleeper product, in our view, is Falcon Data Protection. You made an acquisition of Flow, which I think fits into this context, to bolster your data security offering. And obviously, there's a huge legacy market of DLP vendors. So talk a little bit about that, some of the interest level you're seeing there.

Off the charts for data protection, I can tell you why. We've had many customers that were on legacy suites. Over the years, we've replaced the legacy providers, but we didn't have data protection. So they came to us and said, "You have to help us. We're still paying this vendor." And in many cases, they have to pay them the same amount, even though we replaced their entire suite, they charge -- this vendor is charging the same amount for just the data protection. So they were not quite happy about that. And they said, you got to come up with something better. So when we looked at the DLP market, it really is analogous, in my mind, to the legacy AV market, you have high dissatisfaction rates by customers. You have a product that doesn't do all that much. It really checks a box for compliance. It's expensive to manage. We have some teams. I would gather most of the large banks. They probably have 50 people in their DLP group. I mean, just doing rules and things of that nature. So for me, I love markets that there's a lot of dissatisfaction with a lot of legacy players. And in our world, there really isn't a modern technology, particularly on the endpoint. None of our competitors really have that. So we spent the last 2 years working with our customers. We acquired a company called SecureCircle. And then we worked with our -- and we just needed a few bits of that. We worked with our customers over the last 2 years. So what is it that you want to replace your existing DLP. And we came out with Falcon for Data Protection. We just launched it last week. We already have paying customers because they were helping us. And now with Flow, right? We have the ability -- because in today's world versus 10 years ago, it's not -- data is not just generated on your laptop or on a server. We can cover that well with data protection. But now it goes out to a SaaS application or to a cloud infrastructure provider, and it's really about the flow of data, which is why I love the name so much. So now we have the ability to understand the flow of data. We can track it back to identity because you need the identity of who owns the data or who touched the data. And then you can track it back into the hygiene of the system, and we can actually prevent the data leakage and exfiltration. That's what Flow does, not only does it categorize the data, there is an AI component for that, and understands the flow of it, but it can actually prevent the data leakage. So we think that is going to be best in class in the industry, and we can't be more excited for the team and the technology.

Definitely looking forward to hearing more about that. I wanted to shift to generative AI, obviously, a big topic. You talked a little bit about how the majority of the threat data today come from the endpoint and you have other elements that you're now bringing together as well. But just to kind of step back for a minute, last year was a very busy year for your incident response team. You had some major breaches, MGM, Caesars, et cetera, ransomware attacks, almost doubled from last year. Can you talk to us a little bit about how generative AI, from what you're seeing, is driving an increase in threat activity? And what CrowdStrike is doing from an incident response standpoint to really help prevent that?

Sure. So in terms of just some of the names you named, we don't name them. So if it's in the public, it's in the public. And if you say it, it's -- you're saying it, but we don't really talk about who we help there. But in general, when we look at this business, and this is a key element for us, we're always at the forefront of doing these breaches. The two biggest companies that do this are us and Mandiant, right, and both key quality players that are out there that are responding to these breaches. So this really gives us a leg up because not only do we see all this activity from our cloud, but you're really at the tip of the breach. And it's the ability to take our data-centric platform with our automation and have this, the sort of very high-end service group with our intel team, with our data scientists. It allows us to always understand what's happening in the environment. So we are trusted advisers for organizations. When you deploy our technology in an incident response, it's up and running. Guess what, you can't do a 12-week deployment in an incident response. You got to get it up and running that day. This is what we do. And we actually work with many of the service providers like -- Mandiant actually will use our technology as part of an incident response. So that's the way we see this as a force multiplier. We don't have to do all of it. At the end of the day, though, in working with companies in generative AI, there's a lot of talk about what does this mean? How do I use it? How do I secure it? By the way, Flow can help secure generative AI queries as they go out to some of these providers. But what we're going to see, just in general, with generative AI, is the ability to actually prevent and identify these attacks, which is great. But it really -- from an adversary perspective, it's going to be a force multiplier, and it's going to take a lot of esoteric information, and it's going to basically make it available to the masses. I don't have to be a security expert anymore to implement an attack. I can leverage something in the generative AI world. I can go out to an access broker. I can go to a ransomware as a service organization. And basically, I can just assemble what I need in executing an attack. So it really dramatically, I believe, is going to dramatically change the arc of these attack vectors.

Got it. And then if we could shift to the big product launch there around Charlotte AI. When I talk to a lot of security operations teams, they're inundated with a lot of red alerts and some of these were manual ad-hoc tests. So how does Charlotte AI help to improve that? What is the value of that service?

One of the core tenets that we focused on when we started Charlotte AI or created Charlotte AI, is about 18 months ago, was how do we drive more automation in the SOC? And one of the key problems that we start with, the problem statement is there's not enough security people on the planet. Let's start there. There's not enough skilled security people. So if you have a Tier 1 analyst in the SOC, right, you got Tier 1, 2 and 3, how do you take that Tier 1 analyst and how do you turn it into a Tier 3 analyst? And so the goal for Charlotte wasn't to be a chat bot. It was to be a virtual SOC assistant. And what that means is it takes the collective knowledge of CrowdStrike. So we've instrumented Charlotte to understand our intel. All of our Intel for over a decade is in Charlotte. We've instrumented to understand the assets in the corporation specific to that company. We instrumented to understand the vulnerabilities and how they work and how the attacks work. So essentially, you take this collective wisdom and you make it now available in the Charlotte. So yes, I can ask Charlotte almost any question about either the threat landscape or a threat actor. And then I can say, well, how does it apply to my environment? Tell me exactly what assets might be exposed. Tell me what the hygiene of those assets are. Now that you have that information actually execute a change of remediation, create a power shell script. So our whole goal is to take 8 hours of really mundane work in the SOC and turn it into 10 minutes. And we and our customers who have been using it are really excited about that. And in general, and I gave the stat out, 80% of the folks that we surveyed after sort of this program believe they're going to save hours, if not days of time using Charlotte.

And I think you -- so you priced it at Falcon at about $20 per endpoint per year.

Per year.

On a monthly basis like it would be about...

Less than a Starbucks.

Yes. So curious like what the feedback on that has been when you talk to customers? Or do they see the value or are they willing to pay that price?

I think so because when you look at -- that's list price, if you buy more, there's discounts and those sort of things. But when you look at some of the other players in the market that are $30 a month, a month, we're $20 for the year. And we think we've got a better product. So for us, it's all about ubiquity. We want customers using it. We want to drive stickiness. We want to drive the automation in their SOC. And we think it's priced right for adoption, and we think our customers and CrowdStrike are both going to get a lot of value out of it.

Got it. One more question, and I'll shift this to the audience for Q&A. When I just look at the market that you started with in endpoint EDR, today, you have still less than 30,000 customers. Some of the incumbents in the market, Symantec, which is now Broadcom, at its peak had over 300,000 customers, you're still about 18% market share, just in endpoint alone. So do you foresee yourself getting to 50% to 100% market share over time? And how do you think about that trade-off between adding new customers and perhaps price or ARR per...

It's just such a big market when you look at it. And the dynamics are way different than McAfee and Symantec. And now you've got cloud, which really wasn't kind of an element in the past. And when I look at what we've built, I always talk about this element. It's not just endpoint. The agent is the ability to actually get data into a data platform. But it enables all of the other things that you talked about. It enables LogScale and Identity and everything else. So to me, it's all part and parcel. But when you look at just endpoint protection, EPP, the endpoint protection market, we're the leader at 18%. I think it's an IDC stat. And almost 50% of the market is still using legacy AV. So just in that one area of endpoint protection, there's such a huge runway to be able to convert customers over. You've got the enterprise, you've got mid-market, you've got SMB. There's all kinds of players that are in those markets. And for us, it's just a long-term opportunity. You got many governments that take a long time to get the legacy pieces out. So we feel really good about it. And that's -- to us, it's still a growing market. It's not going away anytime soon.

Any questions from the audience here? We've got one back here.

Thank you. It's been an eventful couple of weeks in the security space. Some competitors are talking about platformization maybe discounting, bundling, et cetera. Just -- can you respond to some of those concerns that the market might get more competitive?

Yes, just similar to what I talked about on the earnings call, it's just -- it's a new term that's really made up term for discounting, bundling and giving products away for free. This is not anything new. This happens in security all the time. And it's been happening with our competitor. Look at their endpoint product, they bought this thing in 2014. They've been given it way since then, it's got like less, I don't know, single-digit market share, is low. So from our perspective, I don't think it's anything new. And again, we believe we've got the right product. We believe we have the right go-to-market. We believe we've got the right licensing mechanisms to be able to effectively compete. So we'll see what happens. But ultimately, I think the best platform, platform, not platforms, win, and we think it's going to be us.

Any other questions? We got one right here.

So George, a couple of years ago, you guys announced both the CrowdStrike e-commerce store and the CrowdStrike Marketplace. You haven't talked a ton about it since then. But curious how that's been sort of playing through with your customer base? Do you think it's improving your sales efficiency or any other benefits you've seen from those two initiatives?

The answer is yes. I think it's the ecosystem that we've created is open. Our competitors, many of them are closed. So when you look at the CrowdStrike store, it's really allowed our customers a level of integration that they haven't had with other vendors. We haven't fully monetized that, and that's okay because we really wanted to build critical mass around it. And I think we have some really good opportunities in the future to harvest that more. But now with the Raptor framework, it opens up a much broader aperture to be able to take our store customers or our store partners, I should say, and allow them to further and deeply integrate what we do. One of the things that we announced at Falcon was Falcon Foundry. We actually have the ability to create arguably your own module. So now we can think about our partners developing on the platform because they can almost create a module as we could create it and a customer can do that as well. So I think there's a lot to come in that area. But in general, it's been very sticky and very good for customers to realize. We're open, our competitors are closed.

Any other questions? We've got one here.

One question about new regulation for public companies. I was wondering how are you seeing that drive business in the last year, companies putting security as a top priority and not wanting to be exposed with legacy products. Can you just maybe give some color how is it driving new business for you?

In particular, the SEC regulation, there's a lot of regulatory requirements not only in the U.S., not only at the federal level, state level, local level and internationally. When we think about those requirements, they're pretty stiff and security really has come from the back room to the boardroom because now there's real impact. There's disclosure requirements in 4 days and companies need to understand what is material and did they do the due diligence, right? To say, hey, we took all of the precautions we could. We acted with a duty of care, and we can identify and report something if we have to. So that is, I think, a huge opportunity for us. And I was actually on a Board call yesterday and between meetings talking to a Board, an entire Board just about that, and they're a customer of ours. So one of the areas, and maybe I'll tell a little bit of a story of how I think some of this plays out. That continues to gain momentum, but the bad guys are now using that as well. So in one ransomware case, the company got ransomwared, and they basically said, "Hey, we're not going to pay." So what the threat actor did was they basically reported them to the SEC because they didn't file their 8-K knowing they had a breach 4 days earlier. So they're actually using those SEC rules to weaponize against the companies that they actually ransom.

Okay, we'll end it right there. George, team, thank you so much for your time.

Great. Thank you so much.