CrowdStrike Holdings, Inc. (CRWD) Earnings Call Transcript & Summary

All right. We will get things going here. Thank you all for being here on day 3 of the UBS Tech and AI Conference. I have the pleasure of starting the day off with George Kurtz, Co-Founder and CEO of CrowdStrike. George, fresh off earnings. I appreciate you being here on short notice. But yes, thanks for being here.

Great to be here.

Yes. Cool. I think I want to talk a lot about the high-level strategy here. But given we're just off earnings last night and before we get into the bigger picture, maybe just review some of the highlights from last night. I felt like a very strong quarter on all regards. But in your words, what stood out?

Well, I think if you look at the quarter, it was broad based performance. Obviously, our ARR stands out year-over-year, 73% growth. We had a lower comp, of course. But when you look across our product lines, including next-gen SIM, including cloud, including identity, these all accelerated. So if you look at that, you look at our free cash flow, it was a record. You look at our gross margin for subscription 81%. We're getting big deals done. Falcon Flex, we've doubled the reflexes. When you put it all together, what I would say is we delivered an incredible quarter, broad-based success across all the product lines and geographies. And I think it really shows the power of the single platform that we've built and the fact that companies are embracing what we're doing, particularly technologies like next-gen SIM and I'm sure we'll talk more about that.

Awesome. Maybe 2 quick questions in the quarter. This is, I think, the best quarter of net new ARR since, I think, calendar 4Q '23 I know you got this question last night. I know I got this question, I'm sure you did too. You acquired 2 companies in the quarter. Can you talk a little bit about the contribution there? I think there was maybe some misinterpretation.

There was a lot of misinterpretation. We said de minimis, but de minimis means de minimis. It means $2.8 million of contribution. And there's some crazy numbers being thrown out there. So just to be crystal clear, was $2.8 million of net new contribution.

Yes. Very clear.

For the acquisitions.

And then the other question I got was just around the bottom line operating margin, EBIT. In many regards, this is a record quarter for non-GAAP operating income, EPS despite the fact that you closed 2 acquisitions, you had a record Falcon conference in September. Can you just talk about the operational execution? I know Burt is here somewhere. I'm sure we're pretty pleased with the quarter as well.

Yes, we are very pleased with the quarter. And I think when you look at sort of bottom line, what do you have in the quarter, where you have Falcon, which is our biggest selling event in the entire year, which drives the record pipeline, which we called out. And we did 2 acquisitions with de minimis revenue, right? So we still have to absorb all the expenses of the folks that we brought over. And we still had a fantastic bottom line results. So I know when we look at this and we look at overall the performance, obviously, things that Burt and I focus on ARR, we focus on cash, free cash flow. And these are the things that help drive the business, and these were records for us.

Yes. Cool. Maybe zooming out, I want to talk about platforms. And last night, you talked about CrowdStrike as the operating system for security operating system for the SOC. I think that idea demands a true single platform. So I'd love to get kind of your expanded thoughts on why that's so important, especially as we enter an AI attack landscape.

Yes. It's again, what's the ethos of CrowdStrike? It is the single agent single platform, and it's how I built the company. And I've learned from what not to do. I was at a prior company before, we did 21 acquisitions and it all looks good on the PowerPoint, but we can never get them integrated. So you have to look at those lessons learned in the past and go, okay, I'm not going to repeat that. I see it being repeated in other parts of our industry, but we're not going to repeat that. That's why we've been so thoughtful about M&A. And I know that's another topic we'll cover. But in a single platform, it really focuses on the data and the data architecture. And for me, data, in my opinion, can solve most security challenges that are out there. And I think most people would believe that data can solve that, whether that is a endpoint use case, whether that's a risk use case, whether that's an identity use case. If you have the data, you can not only identify things, but you can also prevent these breaches. And it really does then set up all of the AI training that allows the operating system to work at scale. You mentioned that yourself. The SOC is transforming. It isn't just kind of alert and triage and alert and triage. It needs to have much more autonomy built into the SOC. And one of the things that I talked about at Falcon is CrowdStrike really being the first to secure the AGI. We've got a lot of efforts internally working on this. Now the industry has to get to AGI. But along with that, our goal is to map out and bring the industry to a level 5 autonomy. And if we think about the simple analogy of autonomous driving, you have an autonomous chauffeur or you have an autonomous SOC agent, right? You have a Level 5 model in cars. And we mapped out a Level 5 model in security. So when you have that level of autonomous interactions, a, you've got to get it right; and b, it's just a different way to instrument and operate the SOC, and we're really pioneering that.

Yes. Cool. I wanted to talk about Falcon Flex that you mentioned. And I think, in my view, it highlights what customers think of your platform. I talk to some of those customers who appreciate the flexibility it gives them to try out new solutions while still making a broader commitment to CrowdStrike. I think you now have $135 billion of ARR going through Flex contracts, growing very rapidly. What's going right there and where can that go from here?

Flex is something that we put together in combination with our customers. And it was really a demand from our customers saying, look, we want to do more with CrowdStrike. You've got -- I mean, I started with 1 module. We went public with 10. We've got 30-plus modules today and growing. And customers basically want the ability to leverage the entire platform. So they came to us and said, how can you make it easier? How can you maybe take a page out of the hyperscale or playbook and give us a commitment model? It's not a consumption model, it's a commitment model. So customers commit, the more they commit, the better the dealers, they get a rate card for it. And then the entire product platform is opened up to them and friction-free procurement, right, you just have to go through it once. They can add a new product, and then it basically just burns down their commitment. This has been, as I said on the call, often imitated, never duplicate it. Ours, I think, is still differentiated from the others that are out there that couldn't even kind of renamed their Flex model. They just gave it something flex, which is, I guess, imitation is the sincerest form of flattery. But in any case, it works, customers like it. And the key is they're consuming more of it faster than sort of the contract term, right? So if you had a 3-year contract term and you can -- as an example, consume it in 18 months, you're up for a reflex or even sooner. So these are the dynamics that we're working with. And each customer is going to be a little bit different. But from a selling motion, it moves from, hey, here's another module. Here's another module to let us look at the outcome that you want. Let us look at how you want to consolidate and get rid of these 5 other products that don't work well and are costly and then move it all into Flex. And that's why we keep getting bigger and bigger Flex deals, yes.

I think it's really interesting, and that reflex activity remains super strong. You have 200 reflex customers that have shown up. And I know people have kind of equated this to an ELA. Like that doesn't sound like ELA buying motion.

It's not an ELA. The term ELA is banned from our company. This is not an ELA. It is a commitment model, again, very similar to what you would see in a hyperscaler. And we kind of view ourselves as a hyperscaler of security, having the model, having the platform, you have to have both together. You asked me about the platform earlier. A big piece of having the platform is actually having the model, the licensing model that can help customers consolidate and be part of the platform journey. And you have to have both pieces. And we put both together and really, we're hitting on all cylinders with both areas.

Yes. Okay. I want to talk a bit about next-gen SIM, which continues to grow, I think, pretty close to 100%. It's almost $0.5 billion in scale. You called out a couple of key wins on the call last night. It feels like the legacy replacement cycle there is maybe accelerating a little bit? Is that a fair thing to say?

It does. It feels a lot like the legacy replacement of AV. So when I came out with next-gen AV. We were, again, Symantec and McAfee all the big guys and nobody thought we had a chance. And we've seen how all that played out. It feels a lot like that in that customers are frustrated. They're certainly frustrated with the cost. They're frustrated with the performance they're frustrated with the complexity. And they're looking for a new model. This sort of alert, alert, alert and then this triage is just getting old. There's too much data. It's happening too quick and humans just can't keep up with it. So when you look at our next-gen SIM, the beauty of it, is -- and before we even got into the business, our customers were saying, like we're taking all of your EDR data, and we're putting it -- and paying to put it in another SIM and it's costing us a lot of money. Like 80-plus percent of the data that was going into a SIM was from CrowdStrike. So they said, why don't you just take the 20% that you don't actually create and take it into your platform? And that's what we've been able to do. So what is maybe underappreciated is they don't have to pay for the 80% they generated. There's a retention fee and those sort of things, but the transfer they don't have to pay for. So this is a huge cost savings to them. This is why we can be very disruptive in the pricing because we already have the data. So it makes it a lot easier when you go do a rip and replace. The one I talked about was a large bank in Europe. Not only did we replace their SIM, but we also added Onum to it. And this pipelining technology is very exciting. So I think the combination of what we built having it integrated and EDR data is really the highest resolution data that's out there, combined with things like Charlotte AI, making a winning combination.

Beyond that brownfield replacement cycle, there's also a greenfield opportunity to sell in the customers who maybe never bought a formal SIM before. And I think that you're kind of reinventing that coming from a very strong EDR standpoint. How do you think about that opportunity, both directly and indirectly working with some of your managed security service provider partners?

Well, certainly, the big folks out there, big companies have SIMs. And I think what we've been able to do, and we've shown this over time as we've been able to take something that's very complex. And we've been able to take that model and bring it down all the way to the SMB. So we did that with endpoint, next-gen AV, those sort of things. So we have the ability to do that with SIM. When you think about the companies, and there's so many smaller companies that are out there, it could be million dollar company, it could be even a billion dollar company. There's still a lot of risk that they have and having visibility into their security posture is important and even combining that with the managed service provider motion. So we think we can tap into the SIM market at a lower stratification than it's done before because for the most part, if you were setting up an enterprise SIM, it's a ton of complexity, you need lots of people. And because of the way that the product works in the platform, it's very easy, it's natively built in. This is the other piece. Every customer we have has next-gen SIM. Now what do I mean by that? I want to be very specific. They have access to next-gen SIM, and we give them 10 gigabytes of next-gen SIM for free, okay? So then it's on us to be able to upsell them. So even the smaller customers, we have plenty of small customers that are using the 10 gigabytes, and we have the ability to grow that.

Very cool. Last question on SIM. Earlier this week at re:Invent, AWS announced that Falcon next-gen SIM is going to be the default in for their customers in security hub. Can you talk about how important that is? And when you look at competition in this end market, some of the other hyperscalers are in some ways, your competition. I know AWS has been a big partner for you. But what does this mean this next step?

Well, we're really excited about this announcement came at re:Invent. And if you look at 2 of the -- I guess, 4 hyperscalers now sort of have their own, right? And this is a great, great addition to AWS so their customers can actually consume AWS data into a SIM that is now part of their stack. So you can go into your console, you can consume data, flow it in and then pay as you go. And that is going to dramatically open up new customers for us. It is pay as you go, so part of our selling motion will be to move them over to a full subscription. And it's a win for AWS because it gives them native capability within the platform, which they didn't necessarily have before. So obviously, we just got going on it. We just announced it at re:Invent, which was this week is obviously a big runway ahead of us. But in terms of the opportunity, we're already hearing from people who are using it and liking the technology. The other piece that I want to mention is what we did with F5. It's a very similar motion. So F5 worked with us, they said, hey, we want to put CrowdStrike on our F5 appliances, which are one, if you look at the appliance landscape, these are one of the most attacked sort of surfaces, but nobody runs anything on them. So working in collaboration with F5, we were able to certify our sensor to run on F5, which was a great collaboration. And now we have new customers coming to us saying, hey, we weren't a CrowdStrike customer. We use your technology with F5. It's way better than anything we have. We had no idea, and we want to get to an EBC, and we're doing that already, and we just announced it a couple of weeks ago. So if you look at what we did with F5 and then you kind of look at AWS, we're going to hit a whole bunch of customers that we've never hit before in a whole bunch of different regions where we want to continue to build out our momentum.

Cool. I want to talk a little bit about the Onum acquisition. You talked about it being a game changer for the next-gen SIM product, and I think broadly your exposure to the observability market. Can you -- what does that do for you in terms of emerging trends in that space around federated distributed data structures? And what led you to the Onum acquisition in the first place.

Well, interesting, the Onum acquisition, I was talking to a customer and I was traveling and they said, hey, you got to meet this company. It's really cool. And I knew a little bit about them, and I was in town and basically set up a meeting 1 hour, met some folks and I'm like, okay, this really is good stuff. And if you look at the background of the founders, again, we buy teams and tech, right? You have to have the right team, you have to have the right cultural fit. They came out of [ IVO ]. So they knew the whole SIM space. And they knew some of the problems associated with moving data, getting it in and duplicate data and costs and those sort of things. So they really built a next-gen pipeline and technology that can -- it's much more efficient in how it operates. It's not just designed to sort of reduce data and save cost. Yes, it can do that. But there's so much logic that's built into the pipeline. Now what that means is that as data is created and sent somewhere, they can actually apply logic to it in the pipeline. So it has to move from point A to point B. And that logic can be security logic, so you can do detection in the pipeline even before it hits our SIM makes it really efficient or it can be IT sort of logic, like where you're looking for performance? Are you looking for sort of anomalies in sort of IT infrastructure data, if you will. So that's why, to your point, of observability, we do have capabilities within Onum and then you combine that with LogScale, which, by the way, LogScale started as Humio, which is what we bought, 50% of the customers were observability customers. So we actually have the tech for observability, and we have more and more customers using it with their own sort of custom workflows. So more work we need to do around the workflows and some of the data that we take in, but it's all doable. So from that standpoint, if you only control the data fabric, I think it's a huge competitive advantage versus some of the other competitors that are out there, yes.

I wanted to go high level here and talk about AI in a few different ways. But maybe to start, last month, we saw state actors leverage an LLM to help propagate a tax on I think, 30 different enterprises. And I think we've always been talking about as an industry like this potential risk. But now that we're seeing it, like what is that doing to your customer conversations? Like are you hearing more concern? Is that elevating budgets? What's the general level of panic over what we saw with them?

There's a lot of concern about it. And I sort of try to distill problems into time and money. I mean that's just make it easy. And there is a time element to this AI attack vector. And there's also a money element that it's much cheaper for adversaries to do it. But what it has done is it has massively compressed the window that a defender has to be able to protect themselves. It used to be months and it was weeks, days, hours now and sometimes seconds. We've actually -- and we called this out one of our threat reports, seen an attacker pivot from one system to another in 51 seconds, right? So incredibly quick. So AI is driving a lot of the tooling around this. And in this particular case, they were using a public LLM model, and they were basically just driving new attacks and creating sort of what I'll call AI-type malware, that isn't really malware. It's more prompts, right? So it can hit a system, and then it can basically say, what system on my end? What's interesting? What files are here? Look at the files. Like there's no malware. It's just prompting and then it's creating scripts that will actually do that for the adversary on their behalf. So it's unique every time it hits a new system, it's unique, which again becomes a problem in the world, and that's why you need AI to fight AI.

Makes sense. The second AI theme question is how enterprises are thinking about securing AI, whether it's in first-party applications or API calls or through SaaS. And I've heard a lot of customers of your site interest in Falcon Shield, you talked about, I think, 50% sequential growth last night. You acquired Pangea to add functionality there. How are you helping customers grapple with challenges around securing AI applications?

Yes. So there's -- let me step back a little bit and when we talk about the AI applications, there's the AI creation, and we help secure that and then there's the applications, the use of AI, AI agents, et cetera. And I think where -- we see a huge opportunity, and I'll get to the -- some of the acquisitions is in the ability to secure these AI agents. I talked about this in September at our event. There's a stat on average a enterprise sort of person will control about 90 different agents in the future. So all those agents are going to need to be protected. Very similar to the way we protect endpoints, right? They have access to data. They have access to compute. They have access to other agents. They have access to workflow. So if you think about our opportunity, that we have in front of us. Everybody has a laptop or a device here, like we've built a huge business in protecting these technologies, cloud, et cetera. But we have a massive opportunity to protect all these AI agents. And now they're going to be at a different price point. If you have 90 of them, you're one person, it's going to be at a different price point, but it opens up a much broader opportunity for us. So when you look at what we did with Pangea, Pangea not only provides technology around sort of prompt injection, guard railing, identity, those sort of things. But it actually has a whole building block layer. So if you're building AI applications, you can actually use the Pangea building blocks. And it's not something because we really are releasing it in Q4 because we're integrating it. We haven't talked a lot about it, but it's really exciting, so it could be part of the whole sort of building of AI applications where you can build the security into it. That's why we're excited about that acquisition. And then Shield is amazing because you have a lot of SaaS applications with identity, certainly a lot of them driven by AI, shadow AI and Falcon Shield is immediate time to value. It's one of those technologies that when you run it, there's always a hot moment, and it's a very quick sales cycle. And we're getting a lot of net new business where customers just try it out, and they're like, wow, okay, once they're in the platform, then we have the ability to cross-sell them.

And the last point on AI is the use of AI to improve security operations and the idea of the agentic SOC where we're headed. I've been pretty encouraged by some of the feedback I've heard about Charlotte. I think the one example that stands out is a customer told me that they're regular seeing 3-hour investigations being done in a minute, and that trust level is increasing. At some point, like this is going to become a bigger deal. Do you feel like we're getting there is 2026, the year where we're going to see more adoption of some of this agentic AI technology in the SOC?

I think so. There's a cycle of AI adoption. I think everyone here would probably remember their first ChatGPT sort of moment and said, wow, okay, that's really interesting, right? Then you started to use it and then there was people bringing -- the first power users we're bringing it into the enterprise. And then the enterprise security folks and IT folks like, wait a minute, we got to control this thing, right, and then they kind of went through their motions and now we're in the deployment of AI agents. So we're in the early phase. So as more and more organizations get comfortable with AI, they're going to drive more AI across their entire architecture, including security. There isn't too many companies that go into it that tell me, hey, I've got unlimited budget and unlimited people. Conversely, it's like, hey, budgets are tight and people are tight. We don't want to add more people. So how do we leverage AI? So Charlotte is a perfect force multiplier. And the beauty of Charlotte is that we've taken a lot of what we do as one of the largest MDR providers, and we've built that into Charlotte. So think about the training data. We've got over 10 years of MDR data that we've annotated. And sometimes it's better to be lucky than good. We didn't know like GenAI was coming 10 years ago. But the training data was laid out in the way that made it really easy for us to do that. So that creates a moat in what I call the Reddit of security data, where we have all that, we're able to train Charlotte. So Charlotte has now become really a workflow orchestration layer. And it's gone well beyond our competitors sort of chatbots, and that's why you're seeing customers go, wow, okay, this is really evolving. And like every week or 2, there's new capabilities, and it gets better and better and better. And again, we're driving towards that autonomous SOC. That is our vision. That's down the road, but you're going to see more and more adoption, obviously, of Charlotte. We'll get more training. And then people get more comfortable with allowing it to do more things autonomously.

So I would say a year ago, this felt like an AI agent for the SOC felt like a road map item that everybody had to have. It seems to me like it's showing up more in wins. You continue to highlight Charlotte and Flex deals. How do you think about like driving adoption there versus like customers coming in to try and pull it and try to monetize it. And is it conceivable at some point that like cloud security and SIM identity, we could potentially have a Charlotte segment disclosure?

Yes, that's a Burt question, but it's possible on the disclosure side. When we think about the adoption of it, though, and what we're seeing is customers, they want something more than a chatbot. And I think to your point, one of your earlier questions, we've been able to build it within the platform. Like we just didn't slap together a chatbot and go here it is. So we wired it into each of the modules, and we actually built our own smaller LOMs, if small ends. And basically, because it's built into the platform, it allows us to actually do work on behalf of the customer in our workflow. And that's vastly different than others, but the platform really sets up Charlotte and again, gets back to how things are built. Not all things are built equally. And it will continue to grow and at some point, maybe there will be disclosure around that. So we'll take that up with Burt.

Very good. Maybe 2 last questions or 3. Just on the M&A strategy and coming maybe full circle on the idea of the platform. You've always had a very disciplined approach to M&A. At Falcon, you did note that you're not ruling out larger scale acquisitions. Can you just talk about kind of the framework and the high bar you set for whenever you're looking at going external for R&D?

Sure. When we think about M&A and what we've done, and I think what we've been incredibly successful with is tech and teams, right? And I always say teams first really because if you know the right team, tech doesn't matter. So tech and teams matter. And we started there, and I think we have a great track record of these acquisitions. If you go down the list from Preempt to Humio, I mean these are all stars for us, Falcon Shield, et cetera. So that has worked well. We're not ruling out doing something big, but it has to have a high bar. And my general philosophy, on an M&A deal is I say no to everything until I run out of noes. And then when I run out of noes, it's a default, yes, that's how we get a deal done. That's how all of our deals got done. So is there a larger acquisition that could potentially hit the yes, for sure. But again, we're not chasing ARR. If it comes with it, great. We want the best tech and the best team for the best outcome of our customers, and we don't want to dilute the value of the platform of what we built. And we're going to see many others out there struggle with trying to put piece parts together. And that's -- again, I got a lot of scars on my back from prior companies. I don't want to be in that situation. So I won't rule it out, but it's going to have to have a high bar.

At Falcon, you laid out a target for fiscal '27 for 20% net new ARR growth. And last night, you reiterated that on a higher fiscal '26 base. Could you just parse out your confidence in that number and maybe more of a Burt question, but I'm for sure the answer is everything we've talked about thus far. But what's your confidence in that? I know you talked about record pipeline in 4Q, but...

Yes. Well, I think it does start with a record pipeline. You have to have some visibility looking out, right? You have to -- you look at where we are today, the acquisitions, what we've done, the integrations we've done, Fal.Con coming out of it, Fal.Con Europe as well. and customers just coming around. There's a lot of customers -- new customers that are coming that might have been with another vendor through a life cycle. They might have had a 3- or 5-year deal that are now coming up, going, okay, like they're dissolution, the dissolution with the outcome and the cost. And they're talking to their peers, and we're solving really hard problems. And if you talk to them, and I encourage you, and I know you do, but if you talk to most customers, we're the #1 security control they have. Number one, right? And what do they do? They talk to their friends in the industry and go, what are you doing different? Like CrowdStrike. So that continues to build. And I think when you look at our road map, you look at the pipeline, you look at the market opportunity, particularly with AI in the areas that we're leading in that gives us confidence. And at our scale, there's not many 20% growers. I mean we're in rare air, right? So from my perspective, I think it's all coming together and you've got this tectonic shift in technology with AI that's going to help really drive that into the future years.

Awesome. I think that's a great place to end things. But this has been a great conversation. George, thank you for being here. And thank you all for listening in.

Fantastic. Thank you so much.