All right. Good morning, everybody. We'll get started. Thank you so much for joining us on the last day of the Morgan Stanley TMT Conference. Really appreciate it. This morning, we're privileged to have George Kurtz, CEO and co-founder of CrowdStrike. George, thank you so much for your time.
Great to be here. Thank you.
And before I begin, just an important disclosure. Please see the Morgan Stanley Research Disclosures website at www.morganstanley.com/researchdisclosures. With that, we'll begin. So, George, really impressive results this week. You know, you continue to exceed people's expectations. A few highlights, if you don't mind me singing your praises for a moment. Almost $3.5 billion ARR, growing 34% year-over-year. Record net new ARR, growing 27% in a time where a lot of software companies in general are struggling to grow new bookings. Record GAAP and non-GAAP profitability. CrowdStrike is now eligible for the S&P 500. And the other stat that really stood out to me was $850 million ARR across some of your newer products, including cloud security, Next-Gen SIEM , identity protection. That doubled year-over-year as well. And we'll certainly talk about that. So clearly, no signs of slowdown or fatigue, if you will.
Anything I missed there, first of all, and anything you wanted to add?
I think you covered it. I think just in general, phenomenal execution to our team. So big thanks to them. And when you look at some of these numbers and best-in-class unit economics, you look at our gross margin now at 80%. And where Burt is focused on taking gross margin, I think the ability to continue to scale, and have best-in-class economics, unit economics, is really important to us. And then, obviously, that accrues value and generates cash flow. And those are. We've talked so many times. You know, Burt and I, our CFO, really focus on two things. One is ARR, and two is cash. And that's how we sort of run the business. Obviously, gross margin is a big driver of that. But there's a tremendous amount of focus on gross margin.
You can see that in the leverage we have in the business.
Got it. The other stat I missed was your guidance, obviously. You know, came in ahead of the street. You're guiding to 30% revenue growth this year. There's someone can fact-check me on this, but I checked this morning. I think you're one of three public software companies to, to be growing 30% and projecting 30% revenue growth. And you're doing it at scale, almost $4 billion of revenue this year with over 30% free cash flow margin. So I think, you know, CrowdStrike is really entering this rarefied era of, of, of, of SaaS companies. You know, ServiceNow, Salesforce has come to mind. The big topic has been platforms. You've been in cybersecurity for three decades. Doesn't look it. But, so you've seen a lot of companies who have attempted to become platforms in cybersecurity and have come up short.
When you founded CrowdStrike in the early days, what did you learn from some of those past experiences? What did you do differently at CrowdStrike to make this a, you know, true platform in your eyes?
Sure. And this was really a founding principle when I started CrowdStrike. I, I back in 2011, you had Salesforce and Workday and ServiceNow. But there really wasn't a true platform company. It wasn't any of the firewall companies. It wasn't ArcSight, Symantec. It wasn't anyone. It was just that missing, what I thought generational security company. So I think it's important to go back and talk a little bit about the market and how customers have bought security over the years. First, you have point products. It was the best point products. That happened for a long time. Still happens in some areas today. Then it moved to best-of-suite. When I was at McAfee, you had Symantec and SEP and McAfee ePO. That's really where we fought things out.
But what we found and what I found there is that you had inferior products that were being bundled into a best-of-suite. And it wasn't a great outcome for the customer. So when I started CrowdStrike, it was really to have a single platform, a single agent, a single interface that had the best-of-breed technologies in that platform. And that's really what I call best-of-platform today. And this is what customers are looking for. We, we don't do everything in the security space, right? We, we do a, a nice piece of it. But customers look at what we have, and they say, "Okay. Well, you've got CrowdStrike. Let's connect to a Zscaler or connect to someone else," right?
They wanna be able to take the best-of-platforms and plug them together as opposed to be saddled with point products, kind of masquerading as a platform that aren't best-of-breed. And this is what our customers tell us directly.
Got it. And then maybe just double-click a little bit on the notion of having the single agent architecture where a lot of stuff is integrated and, you know, that reduces the friction, obviously, of deploying some of these new products too.
It's, it's a really good question. And, and security is so nuanced. There's a lot of things that sound similar. I've never seen PowerPoints that were wrong. So when you actually get to deploying it, there's a reason why it's so friction-free to deploy our product. There's a reason why large cloud customers deploy 25,000 agents in an hour because it just installs. There's no reboot. Now, I just made a passing comment. There's no reboot on the technology. We're the only technology that doesn't have a reboot. What does that mean? I learned this lesson when I was at McAfee. We bought stuff in McAfee. We would have to go into a company and say, "Hey, we got a new agent. It's not integrated. And by the way, you have to reboot 300,000 endpoints." No one wants to do that.
So the fact that we've thought about the small details of getting a lightweight agent, less than 100 MB in, being able to manage it at scale, which is really hard for companies to do, we only have one when we're in production, we basically have that's the GA release of the agent. We don't make special agents for you or for another customer. And that allows that manageability to install, manage, and run it very efficiently. So it's the small details that make the user experience really impactful. But it's the single agent, the ability to collect data at scale that then unlocks all of the other modules because we've already collected the data. And that gives you the leverage in the gross margin. Almost every other module we add is pure gross margin.
Got it. Got it. Let's go into some of the newer products, if I may, or some of the products you've been selling for the last three to five years, which was cloud, identity protection, and Next-Gen SIEM . I'd like to start with cloud security since that's the biggest piece of that. So public cloud ARR surpassed $400 million. Net new ARR growing 200%. By our work, you're adding the most net new ARR in this market among the cloud security vendors. So talk a little bit about there, some of the things that you've done to really accelerate your share gain within that market specifically.
Well, we started with the hardest part first, which is cloud workload protection. That's really the preventative technology that runs in these virtual environments in, you know, Kubernetes clusters, etc. So there's a lot of different ways that you can consume cloud workload protection. But it's aware of whatever environment it is in, in the cloud. So that took the better part of 10 years, you know, to build something as robust as what we've built. Now, why do I spend a little bit of time on this? Because we are protecting some of the world's largest clouds. We're protecting some of most of the world's largest SaaS platforms.
You can't go to a dev team and say, "We're gonna put a piece of software on there that's gonna interrupt what you're doing." So it is really high ground and what I call a barrier to entry to get a cloud workload protection agent in a critical workload. So we started there. Then what did we do? Well, we actually built our own CSPM, because we didn't like what was in the market. And then we took what we built, and we commercialized it. And now we didn't get to that first 'cause we built our own. But in the commercial aspect of it, we commercialized it. And now I believe we have parity, in terms of just features with some of the pure-play competitors that are out there.
Then you combine the piece of cloud workload protection with CSPM, now with application security posture management, now with data security posture management with which we just are acquiring with Flow. And we believe we've got the best cloud offering in the market. Not only is it best-of-breed in these areas, but the fact that it all works together and can seamlessly identify threats, identify misconfigurations in the big thing is prevent the breach. A CSPM doesn't prevent anything. It really is vulnerability management for the cloud. So it's compliance and reporting. Nice to have, but customers want to stop the breach, and they wanna stop things like data leakage.
Got it. So being in the cloud workload protection side of that broader cloud security market really gives you the pole position.
It does.
To further accelerate.
It's very hard to create an agent at scale and do that in a short period of time than any large cloud provider or infrastructure is gonna install and use because it's just so sensitive to be running in those environments.
Got it.
Mission critical.
Got it. The other one I wanted to touch on was identity protection. And really, this is Identity Threat Detection and Response . So different from the access management vendors like Okta and Ping Identity of the world. You know, we had dinner last night. And one of the things you mentioned was when you acquired into the space, you made a small tuck-in acquisition, a company called Preempt. That was around Q3 of calendar 2020, I believe. And it was less than $7 million of ARR. Today, it's over $300 million ARR and more than doubling year on year. Talk to us about how you saw so much success there, how you were able to sort of ramp adoption of that product so fast.
Sure. I wanna answer that question. Maybe let me just frame where we play in it because I think it's important. We get a lot of questions. Maybe I can preempt a lot of the questions I'm gonna get after this call.
Okay. I'm fine.
Right? So when we think about identity, it's a broad category. And we break it into three areas. You have identity creators. That would be a Microsoft and an AD, Azure AD. So you're creating the identities. Then you have identity aggregators, which would be a Ping and an Okta. We've got all these identities. We gotta put them together and make it a single sign-on. And then you've got identity protectors like CrowdStrike, the ability to actually prevent the identity from being abused and prevent lateral movement. So that's the area that we focus. And we acquired a really great company. And what we did and I don't know many companies that would actually do this. I know many of the ones that I worked for in the past wouldn't. You acquire technology, and you essentially didn't sell it for the better part of 18 months.
What I mean by that, like, we didn't actively put it into the Salesforce. We didn't actively give it away. We basically said, "We're gonna take their technology with a great team, and we're gonna carefully rewrite it into our agent because our brand promise to our customers is single agent architecture." And by the way, we didn't wanna screw up what we built. So we needed to rewrite it and make sure that we took their functionality but put it in the construct that we needed. Once we did that, then we went mainstream with the Salesforce. And then all of a sudden, you know, it was one of the fastest-growing modules in the history of CrowdStrike because all you need to do is turn it on. We would walk into a customer sometimes, and they would say, "Okay.
I love identity. "What do I need to do?" You know, "Here's the PO. Press hard. It's in triplicate." I mean, there's you just turn it on. So there's not much other to do than activate it. And that is part of the secret of our success. We continue to build functionality in that allows us to very frictionless, in a friction-free manner, activate identity. And I believe identity should be key and part and parcel to every customer who has our EDR product.
Got it. It's also important to mention over 80% of breaches, I believe, are identity-related somehow, so.
They, they are. And really, in today's environment, if you're just using EDR without an identity product, there's a whole bunch of areas that, particularly around identity, mostly identity is what I'm talking about, that would be a gap. And what we've built, we're the only technology in the marketplace that has single agent identity protection built in. You have some other players that multiple agents, and you have some big players that don't even have the same capability in their core protection product.
Got it. Got it. Maybe shifting over to the Next-Gen SIEM business or what's also known as LogScale. So that surpassed $150 million in ARR in the latest quarter. I think you now have over 1,000 customers. Again, another area where when you acquired Humio back in early 2021, you were very thoughtful about integrating this into your existing stack. And now it really seems to be taking off. I had a two-part question. One, maybe just describe how CrowdStrike, as a leader in the endpoint market, that gives you a data advantage as you attack this Next-Gen SIEM space.
Mm-hmm.
Secondly, how do you see that business growing over time as customers consider migrating off of their legacy SIEMs?
Sure. Well, when we think about SIEM and why SIEM was invented is over the years, you had a hodgepodge of technologies that were generating alerts and information, and no one can sort out what was happening. But at the end of the day, SIEM was really focused on, "How do I detect activity, adversary activity, or breaches that I'm not gonna find with my existing tools by correlating all this data together?" That's really what the outcome a customer's buying. So over the years, we've had customers obviously look at our technology and say, "Well, do I even need a SIEM?" I've had customers take SIEM budget and just buy CrowdStrike because their end goal, right, it wasn't log management, their end goal was to find and stop breaches. And we were able to do that.
So when you look at the SIEM market today, the legacy SIEM market—and I'm just talking about the security piece of it—you have a lot of customers that spend a lot of money. It's very expensive for data ingest. And they're still piecing all this information together. And a key part of our technology is we never lose the context from the endpoint or the workload as it gets to the cloud. There's a mini graph on the endpoint, and then we have a huge graph in the cloud. So what happens in the SIEM world—and you have a lot of companies try this—they just generate log information. They ship it to a SIEM. But that's taking—it's like taking a 20-megapixel picture and downgrading it to one and shipping it and then having to rehydrate it. You lose all the context of it.
So with CrowdStrike, we have what I believe is about 85% of the core data that goes into a SIEM. And customers have said, "You already have all this data. Can you open your platform and allow third-party access for third-party data so that you can correlate across areas that you don't do?" Right? So there's a whole bunch of things: email, security, firewall. These are things that we don't do. Can you correlate across that? And the answer is now yes. So with LogScale, it is natively built into our platform with our Raptor release. And we have over 1,000 paying LogScale customers. But the beauty now is we've enabled 20,000 through the migration of our customers to be Raptor enabled.
Now, what that means is all we need to do is go through and turn on the entitlements and start the billing to allow them to pull in third-party data. So we think we're really in pole position because the critical data is the endpoint data. That's the high-fidelity data. And we already have it. And by the way, we just turned on 20,000 of our customers that are ready to be entitled to be paying customers for Next-Gen SIEM .
Got it. And also, I think you mentioned, and pardon me if I missed this, but, you know, over 80% of the data that the SIEMs often ingest is from the endpoint itself.
Yep.
Going back to that.
Exactly. Because that really is where the activity takes place. If we think about network data and some of the other data, identity data, those are small amounts of data. Even on the network side, you're looking at network flows. It's very difficult to get deep into the inspection of all this network flow because many of the conversations are encrypted. So what customers are looking for is they wanna see actually what happened, not who drove from, you know, store to store. It's like, "Well, what happened on that highway?" Not what happened on the highway. What happened when they got to a business or the bad guys got to a house, and they started to ransack it? And that's really where we can instrument, and we do instrument, the endpoints and workloads, to an incredible degree of detail and accuracy.
That's the information that is flowing into a SIEM. At this point now, customers are saying, "Well, why do I have to ingest and pay for it?" It's already in CrowdStrike Falcon, which gives us this whole concept of Data Gravity. Right? The data's gonna stay there. And now we're gonna pull other people's data in.
Got it. Got it. You know, the other thing too is obviously, customers today are spending a lot on, on these SIEM deployments. Can you maybe give us, a couple examples or one example of how CrowdStrike has been able to, you know, get a large customer on, on their Next-Gen SIEM solution and really help them, you know, save money?
Sure. So we have a very large worldwide bank, one of your peers, that is using the technology. And they came to us. They were spending a lot of money on a legacy SIEM product. The ingest was incredibly expensive. And they said, "We want something better." And there's been some catalyst in the market with, you know, acquisitions and things of that nature. So what they basically said is, "We want better, faster, cheaper, lower TCO and really lower cost." So we said, "Okay. We can help you." And we essentially became their data lake for, I think it's like 40 PB a day of data. And that allowed us to then downselect. And they still didn't migrate off their legacy SIEM yet because there's a process to it.
But we were able to cut their bill to one-third of what they were paying. And now they're using our technology. And searches that we're taking two days take, like, less than a minute. So this is a really powerful solution when you use it. And one of the things about LogScale is it doesn't require an index. So what that means, and this is really important in the security world, is, as soon as you start to ingest data, you get results, and you can begin to query it. And in security, time is of the essence. If you have a forensic investigation, and you collect all this data, and you have to wait a day to actually create an index, you just lost the day. So in our technology, without the index, you get immediate results.
It's when people see it in action, they're blown away. And the Humio team that we acquired has just done a fantastic job. And we've taken it to the next level.
Got it. You know, one product that you launched recently, which maybe doesn't get a lot of fanfare but is a big opportunity, is Falcon for IT. This is an area that you talked about. There's been some pretty strong early traction, since you launched it at your Falcon conference. Just talk to us about the genesis of that, and how that brings you into broader IT operations conversations as well.
Sure. So really, the genesis around Falcon for IT, which we just general GA'd last week, is the fact that we've got the single agent. We have many of the capabilities to actually take action on an endpoint. It's already built in with real-time response. We already have the workflows with Fusion and other workflows. So over the years, particularly through the pandemic, customers were using CrowdStrike to patch their systems. They were using it to, we have, you know, an airline that when they have an issue with their kiosk, they actually use CrowdStrike to remediate that just on the IT side. And the list goes on and on. So if you could think it, you could script it. You could automate it. And we've got full automation already built into the product.
So that team and many of these teams have come to us and said, "Every time we find an issue, we have to put it into a ticketing system. It then gets shipped over to the IT group. The IT group speaks tickets and how fast they can close it. And the security group is talking about risk and priority." The IT team is like, "Give me a job. Let me close it. And tell me what I need to do." So what we decided was we wanted to give the IT folks a home. So Falcon for IT leverages the single agent, reducing cost, where we already have the features they need. We've added some more to it to make it even more fulsome in terms of all the information they can gather and how they do that. And then we've created workflows specific to IT.
So when an IT user logs in, they don't see vulnerabilities, and they don't see threat updates. All they see is, "I have a problem. And what actions do you wanna take?" But it now allows us to connect the security team to the IT team. And the IT teams have a home and a place where they can actually do work. So I will tell you, coming out of Falcon where we announced this and today, it is the number one requested module we have. So I think this one is gonna really dramatically change, you know, what we do in the IT landscape. And there's a lot of technologies that are out there that our customers have that they're basically saying, "It's really expensive. You already do most of it. So just give us the workflows we need. And we can then consolidate off that other vendor.
You've been able to obviously launch and sell a lot of products and get to $100 million ARR, you know, fairly quickly. When you think about Falcon for IT, the interest level just, you know, from your perspective, compared to what you have with identity protection, some of the other products you've launched, any way you can maybe compare that?
Yeah, and when identity launched, you had to explain to someone what it did, you know, 'cause just like I did, "Well, what does it do? Is it Okta?" "No, it's not Okta. It does this other thing over here. They're a partner of ours." So essentially, we had to explain why identity was important. In Falcon for IT, everybody knows, we literally have. I had a customer, a big bank, say, "I'm using your technology to fix our IT tool." It literally, "We use your tool to fix the IT tool 'cause it doesn't work." So when they came to, when we announced it, they basically said, "This is a total home run for us because we keep doing all the work for the IT team.
We want them to have a home where they can do some of the work." The challenge you always have is the IT teams want their own stuff, and the security teams want their own stuff. But if you can give them a home that looks like and speaks their language, that we think is a home run. So, overall, the problem is there. It's acute. There's an issue. I need to patch it. There's a problem. I need to close the ticket. This has been done for a long time. This is why there's so much interest around it.
The other sleeper product in our view is Falcon Data Protection. You know, you made an acquisition of Flow, which I think fits into this context, to bolster your data security offering. And obviously, there's a huge legacy market of DLP vendors. So talk a little bit about that, some of the interest level you're seeing there.
Off the charts for data protection. I can tell you why. We've had many customers that were on legacy suites. Over the years, we replaced the legacy providers. But we didn't have data protection. So they came to us and said, "You have to help us. We're, we're still paying this vendor." And, in many cases, they had to pay them the same amount even though we replaced their entire suite. They charged this vendor charging the same amount for just the data protection. So they were not quite happy about that. And they said, "You gotta come up with something better." So when we looked at the DLP market, it really is analogous, in my mind, to the legacy AV market. You have high dissatisfaction rates by customers. You have a product that doesn't do all that much. It, it really checks a box for compliance.
It's expensive to manage. We have some teams. I would gather most of the large banks, they probably have 50 people in their DLP group, I mean, just doing rules and things of that nature. So for me, I love markets that there's a lot of dissatisfaction with a lot of legacy players. And in our world, there really isn't a, a modern, technology, particularly on the endpoint. None of our competitors really have that. So we spent the last two years working with our customers. We acquired a company called SecureCircle. And then we worked with our, and we just needed a few bits of that. We worked with our customers over the last two years and said, "What is it that you want to replace your existing DLP?" And we came out with Falcon for Data Protection. We just launched it, last week.
We're already paying customers 'cause they were helping us. And now with Flow, right, we have the ability because in today's world versus 10 years ago, it's not data's not just generated on your laptop or on a server. We can cover that well with data protection. But now it goes out to a SaaS application or to a cloud infrastructure provider. And it's really about the flow of data, which is why I love the name so much. So now we have the ability to understand the flow of data. We can track it back to identity 'cause you need the identity of who owns the data or who touched the data. And then you can track it back into the hygiene of the system. And we can actually prevent the data leakage and exfiltration. That's what Flow does.
Not only does it categorize the data (it has an AI component for that) and understands the flow of it, but it can actually prevent the data leakage. So we think that is gonna be best in class in the industry. And we can't be more excited for the team and the technology.
Definitely looking forward to hearing more about that. I wanted to shift to generative AI. Obviously, big topic. You talked a little bit about how the majority of the threat data today comes from the endpoint. And you have other elements that you're now bringing together as well. But just to kinda step back for a minute, you know, last year was a very busy year for your incident response team. You had some major breaches, MGM, Caesars, etc. Ransomware attacks, you know, almost doubled from last year. Can you talk to us a little bit about how generative AI, from what you're seeing, is driving an increase in threat activity, and what CrowdStrike is doing from an incident response standpoint to really help prevent that?
Sure. So in terms of just some of the names you named, we don't name them. So if it's in the public, it's in the public. And if you say it, it's you're saying it. But we don't really talk about who we help there. But in general, when we look at this business and this is a key element for us, we're always at the forefront of doing these breaches. The two biggest companies that do this are us and Mandiant, right, and both key quality players that are out there that are responding to these breaches. So this really gives us a leg up because not only do we see all this activity from our cloud, but you're really at the tip of the breach.
And it's the ability to take our data-centric platform with our automation and have this, you know, this sort of very high-end service group with our Intel team, with our data scientists that allows us to always understand what's happening in the environment. So we are trusted advisors for organizations. When you deploy our technology in an incident response, it's up and running. Guess what? You can't do a 12-week deployment, to in an incident response. You gotta get it up and running that day. This is what we do. And we actually work with many of the service providers. Like Mandiant, actually, we use our technology as part of an incident response. So that's the way we see this as a force multiplier. We don't have to do all of it.
At the end of the day, though, in working with companies in generative AI, there's a lot of talk about, "What does this mean? How do I use it? How do I secure it?" By the way, Flow can help secure generative AI queries as they go out to some of these providers. But what we're gonna see just in general with generative AI is the ability to actually prevent and identify these attacks, which is great. But it really, from an adversary perspective, it's gonna be a force multiplier. And it's gonna take a lot of esoteric information. And it's gonna basically make it available to the masses. I don't have to be a security expert anymore to implement an attack. I can leverage something in the generative AI world. I can go out to an access broker. I can go to a ransomware as a service, organization.
Basically, I can just assemble what I need and execute an attack. It really dramatically, I believe, is gonna dramatically change the arc of these attack vectors.
Got it. And then if we could shift to the big product launch there around Charlotte AI. You know, when I talk to a lot of security operations teams, they're inundated with a lot of threat alerts, and some of these more manual ad hoc tasks. So how does Charlotte AI help to improve that? What are the value of that service?
One of the core tenets that we've focused on when we started Charlotte AI or created Charlotte AI, it was about 18 months ago, was, "How do we drive more automation in the SOC?" One of the key problems if we start with the problem statement is there's not enough security people on the planet. Let's start there. There's not enough skilled security people. If you have a tier-one analyst in the SOC, right, you got tier one, two, and three, how do you take that tier-one analyst and how do you turn it into a tier-three analyst? The goal for Charlotte wasn't to be a chatbot. It was to be a virtual SOC assistant. What that means is it takes the collective knowledge of CrowdStrike. We've instrumented Charlotte to understand our Intel.
All of our Intel for over a decade is in Charlotte. We've instrumented it to understand the assets in a corporation specific to that company. We, we instrumented it to understand the vulnerabilities and how they work and how the attacks work. So essentially, you take this collective wisdom and you make it now available in the Charlotte. So yeah, I can ask Charlotte almost any question about either the threat landscape or a threat actor. And then I can say, "Well, how does it apply to my, my environment? Tell me exactly what assets might be exposed. Tell me, you know, what the hygiene of those assets are. Now that you have that information, actually execute, you know, a change or remediation, create a PowerShell script." So our whole goal is to take eight hours of really mundane work in the SOC and turn it into 10 minutes.
We and our customers who have been using it are really excited about that. In general, I gave the stat out, 80% of the folks that we surveyed after sort of this program believe they're gonna save hours, if not days, of time using Charlotte.
Got it. And I think, so you priced it at Falcon at about $20 per endpoint per year, which.
Per year.
On a monthly basis, it would be less.
Less than a Starbucks.
Yeah. So, curious, like, what the feedback on that has been, when you talk to customers, do they see the value? Are they willing to, you know, pay that price?
I think so, because when you look at, that's the list price. If you buy more, there's discounts and those sort of things. But when you look at some of the other players in the market that are $30 a month, we're $20 for the year. And we think we've got a better product. So for us, it's all about ubiquity. We want customers using it. We want to drive stickiness. We wanna drive the automation in their SOC. And we think it's priced right for adoption. And we think our customers and CrowdStrike are both gonna get a lot of value out of it.
Got it. One more question. And I'll, I'll shift this to the audience, for Q and A. When I just look at the market that you started with in endpoint EDR, you know, today, you have still less than 30,000 customers. Some of the incumbents in the market, you know, Symantec, which is now Broadcom, at its peak had over 300,000 customers. You're still about 18% market share just in endpoint alone. So, you know, do you foresee yourself getting to 50%-100% market share over time? And how do you think about that trade-off between adding new customers and, you know, perhaps, you know, price or ARR per cost?
It's just such a big market when you look at it. And the dynamics are way different than McAfee and Symantec. And now you've got cloud, which really wasn't kind of an element in the past. And when I look at what we built, I always talk about this element. It's not just endpoint. The agent is the ability to actually get data into a data platform. But it enables all of the other things that you talked about. It enables, you know, log scale and identity and everything else. So to me, it's all part and parcel. But when you look at just endpoint protection, EPP, the endpoint protection market, we're the leader at 18%. I think it's an IDC stat. And almost 50% of the market is still using legacy AV.
So just in that one area of endpoint protection, there's such a huge runway to be able to convert customers over. You've got the enterprise. You've got mid-market. You've got SMB. There's all kinds of players that are in those markets. And for us, it's just a long-term opportunity. You've got many governments. It'd take a long time to get the legacy pieces out. So we feel really good about it. And, you know, that's to us, it's still a growing market. It's not going away anytime soon.
Any questions from the audience here? We got one back here.
Thank you. It's been an eventful couple of weeks in the security space. You know, some competitors are talking about, you know, platformization, you know, maybe discounting, bundling, etc. Just could you respond to, to some of those concerns that, you know, the market might get more competitive? Thank you.
Yeah. I just, similar to what I talked about on the earnings call, it's just a new term that's really a made-up term for discounting, bundling, and giving products away for free. This is not anything new. This happens in security all the time. And it's been happening with our competitor. You know, look at their endpoint product. They bought the thing in 2014. They've been giving it away since then. It's got, like, less—I don't know. Single-digit market share is low. So from our perspective, I don't think it's anything new. And, again, we believe we've got the right product. We believe we have the right go-to-market. We believe we've got the right licensing mechanisms, to be able to effectively compete. So, you know, we'll see what happens. But ultimately, I think the best platform, not platforms, win.
We think it's gonna be us.
Any other questions? We got one right here.
Is this all right? Good. So George, a couple of years ago, you guys announced both the CrowdStrike Store and the CrowdStrike Marketplace. You haven't talked a ton about it since then. But, curious how that's been sort of playing through with your customer base. Do you think it's improving your sales efficiency or any other benefits you've seen from those two initiatives?
The answer is yes. I think it's the ecosystem that we've created is open. Our competitors, many of them, are closed. So when you look at the CrowdStrike Store, it's really allowed our customers a level of integration that they haven't had with other vendors. We haven't fully monetized that. And that's okay because we really wanted to build critical mass around it. And I think we have some really good opportunities in the future to harvest that in more. But now with the Raptor framework, it opens up a much broader aperture to be able to take our store customers or our store partners, I should say, and allow them to further and deeply integrate what we do. One of the things that we announced at Falcon was Falcon Foundry. We actually have the ability to create a custom arguably your own module.
So now we can think about our partners developing on the platform because they can almost create a module as we could create it. And a customer can do that as well. So I think there's a lot to come in that area. But in general, it's been very sticky and very good for customers to realize, "We're open. Our competitors are closed.
Any other questions? Oh, we got one here.
Hi. One question about new regulation for public companies. I was wondering, how are you seeing that drive business in the last year, you know, companies putting security as a top priority and not wanting to be exposed with legacy products? Can you just maybe give some color? How is it driving new business for you?
In particular, the SEC regulation. There's a lot of regulatory requirements not only in the U.S., not only at the federal level, state level, local level, and internationally. When we think about those requirements, they're pretty stiff. And security really has come from the back room to the boardroom because now there's real impact. There's disclosure requirements in four days. And customers and companies need to understand what is material. And did they do the due diligence, right, to say, "Hey, we took all of the precautions we could. We acted with a duty of care. And we can identify and report something if we have to." So that is, I think, a huge opportunity for us. And I was actually on a board call yesterday in between meetings, talking to an entire board just about that. And, they're a customer of ours.
So one of the areas, and maybe I'll tell a little bit of a story of how I think, you know, some of this plays out. That continues to gain momentum. But the bad guys are now using that as well. So in one ransomware case, a company got ransomwared. And they basically said, "Hey, we're not gonna pay." So what the threat actor did was they basically reported them to the SEC because they didn't file their 8-K knowing they had a breach four days earlier. So they're actually using those SEC rules to weaponize against the companies that they actually ransom.
Got it. That's pretty fun. Okay. Well, we'll end it right there. George, team, thank you so much for your time.
Great. Thank you so much.