Earnings Call: Q4 2021

Mar 16, 2021

Ladies and gentlemen, thank you for standing by, and welcome to the CrowdStrike 4th Quarter and Fiscal Year 2021 Financial Results Conference Call. At this time, all participants are in a listen only mode. After the speaker presentation, there will be a question and answer session. Telephone. Please be advised that today's conference is being recorded. I would now like to hand the conference over to your speaker today, Maria Riley, Investor Relations for CrowdStrike. Please go ahead. Good afternoon, and thank you for your participation today. With me on the call are George Hertz, President and Chief Executive Officer and Co Founder of CrowdStrike and Bert Podbear, Chief Financial Officer. Before we get started, I would like to note that certain statements made during this conference call that are not historical facts, including those regarding our future plans, objectives, Growth and expected performance, including our outlook for the Q1 fiscal year 2022, are forward looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. These forward looking statements represent our outlook only as of the date of this call. While we believe any forward looking statements we have made are reasonable, Actual results could differ materially because the statements are based on current expectations and are subject to risks and uncertainties. We do not undertake and expressly disclaims any obligation to update or alter our forward looking statements, whether as a result of new information, future events or otherwise. Further information on these and other factors that could affect the company's financial results is included in filings we make with the SEC from time to time, including the section titled Risk Factors in the company's quarterly and annual reports that we filed with the SEC. Additionally, unless otherwise stated, excluding revenue, all financial measures discussed on this call will be non GAAP. A discussion of why we use non GAAP financial measures and a reconciliation schedule showing GAAP versus non GAAP results is currently available in our press release, which may be found on our Investor Relations website at ir. Crowd check.com or on our Form 8 ks filed with the SEC today. Please also note that in light of our recent acquisition of Humio, management will provide additional information into our guidance assumptions. We do not intend to provide this additional information on an ongoing basis. Now I'll turn the call over to George to begin. Thank you, Maria, and thank you all for joining us today. We have a lot of ground to cover. I will focus today's discussion on 3 key points. First, we delivered a phenomenal 4th quarter with results exceeding our expectations across the board as customers of all sizes are increasingly choosing CrowdStrike as their security cloud platform of record. 2nd, as recent events such as the Sunburst software supply chain attack highlight, copying the breach is no longer just about protecting endpoints. It also encompasses cloud workload security and identity protection. We continue to enhance our capabilities and invest in all these areas, including our timely acquisition of Preempt. And as a result, we are driving strong momentum with customers. 3rd, our recent acquisition of Humio is a key element of our strategy to drive long term growth. Together, we are building what we believe will be the fastest, most cost efficient and extensible cloud data platform that will deliver best in class visibility for security as well as observability for IT operations. Now let's discuss our results and get into these topics in more detail. The 4th quarter tops off a banner year for Krauszweig in which we delivered exceptional growth at scale, significantly improved our margins and generated meaningful positive free cash flow for the year. We reached a significant new milestone with ARR surpassing $1,000,000,000 up 75% over last year. We believe this makes us the 3rd fastest cloud native SaaS company reported to reach $1,000,000,000 in ARR following fellow pioneers, Salesforce and Zoom. We already talked about Zoom being a CrowdStrike customer, and we are pleased to also add Salesforce to the roster in Q4. The exceptional execution of the Crouch Wright team made reaching this significant milestone a reality. I could not be more proud of our dedication and success as a team in helping customers achieve and maintain an advantage over adversaries as we leverage the cloud speed, agility and visibility to digitally transform their security. I would like to personally thank every CrowdStrike for their unwavering support and congratulate the team on reaching our first $1,000,000,000 in ARR. Across the board, our 4th quarter results well exceeded our expectations. During the quarter, net new subscription customer growth accelerated to 70% year over year. We added a record $143,000,000 in net new ARR and achieved 77% subscription revenue growth. We also continued to see rapid module adoption. CrowdStrike subscription customers that have adopted 4 or more modules, 5 or more modules and 6 or more modules increased to 63%, 47% and 24%, respectively. Organizations around the world are shedding legacy and inferior next gen security technologies and accelerating their move to modern cloud native technologies to meet the demands of today's threat landscape, future proof their security architecture and adopt a 0 Trust security model. Our go to market strategy is executing on all fronts to seize on the strong secular tailwinds and opportunities we see in the market, Demonstrating the power of our sales engine and our land and expand strategy, we added a record 480 net new subscription customers in the quarter and now proudly serve 9,896 subscription customers worldwide. We have gained incredible momentum with both marquee enterprise and small businesses alike. In total, for the year, 4,465 net new customers chose Falcon. The marquee customer stories that I will share with you today highlight our growing leadership among large enterprises and include companies in the Fortune for the Fortune 100 and Fortune 500. I would like to note that while these are Q4 wins, Given customer delivery schedules, ARR contribution will begin in Q1, further reflecting our exceptional Q4 net new ARR performance. First, I am pleased to report that Pfizer, a biopharmaceutical company and leader in COVID-nineteen vaccine research, is a new CrowdStrike customer. Pfizer selected CrowdStrike to help fortify its security posture with an initial purchase of 7 Falcon The next win I'd like to share with you is Procter and Gamble. In executing their digital transformation plans, Procter and Gamble recognized they needed to transform security. Procter and Gamble was attracted to CrowdStrike's tightly integrated cloud native single agent architecture. Our strategic partnerships with and AWS were instrumental and Procter and Gamble choosing CrowdStrike. I'd also like to highlight a win with a large technology company where we are replacing SentinelOne. This customer was eager to find a true security partner to protect its endpoints as well as its cloud workloads across both its development and production environments. In addition to efficacy issues, SentinelOne was not a scalable solution and dramatically degraded performance on the endpoint, causing instability and impacting developer productivity. CrowdStrike was selected given our proven efficacy, breadth and depth of the Falcon platform, performance and scalability across operating systems, including Mac and Windows workstations and Linux servers. We also secured a foundational customer in the federal space with a major defense contractor standardizing on CrowdStrike for their internal infrastructure, Outshining a long standing relationship with a legacy AV vendor as well as a next gen EDR vendor, the Falcon platform was selected as part of the digital transformation initiative to increase efficiency, enhance visibility, improve performance at scale and consolidate agents across their environment. Our next customer story takes us to Israel. After leveraging the Falcon for home use program earlier this year as a new customer, Bank LiUmi, a leading bank in Israel, selected CrowdStrike to protect their endpoints and implement a 0 Trust model to future proof their security architecture. CrouseRack was chosen over the competition after determining their solution was unable to adequately protect multiple versions of Windows or match the performance and speed of the Falcon platform. As one of the most respected security organizations operating in both an industry and country that have long been targets for nation state actors in e Crime, they focused on selecting a new security partner with a modern solution capable of preventing targeted attacks, protecting their active directory and supporting the remote workers with to the scale and performance of the cloud. Expanding with Falcon 0 Trust, along with several more modules, Bank Lumi is taking advantage of the extensive functionality offered by the Falcon platform and single agent architecture to protect its critical structure. Our outstanding performance in the enterprise sector was complemented by our strength with mid market and SMB customers as reflected in our net new customer growth rate, which accelerated in the quarter. In addition to investing in our best in class sales team, A key pillar of our strategy to efficiently grow our market share and leadership is to expand our routes to market through our partner ecosystem, trial to pay platform and Krauszreg store. We are seeing our investments in these areas over the past few years delivered meaningful results. In fiscal 2021, we gained significant leverage from our partners, growing our partnership count by 85% worldwide and doubling our partner source transactions. Our partnership with AWS is a standout with both partner influenced deals and transactions fulfilled through the AWS marketplace growing significantly throughout the year. In fiscal 2021, ending ARR transacted through the AWS marketplace grew 6 and 50% over the last year and transaction volume grew over 300%. We are also seeing positive momentum from our new alliance with which is already influencing multiple deals as their clients look for modern cloud native security to enable their digital transformation plans. Adversaries do not draw much of a distinction between targeting data on an endpoint versus a cloud environment and neither should organizations. We operate and protect 1 of the largest clouds, our security cloud, and we naturally incorporate all this experience into our products. We have been investing and innovating in this area for a number of years and as a result are also driving momentum with customers. Building on the cloud workload module we announced last year, we recently expanded the capabilities to provide customers greater control and visibility from build to runtime. The Falcon cloud workload protection module now has the ability to secure applications with the new Falcon container sensor that is uniquely designed to run as an unprivileged container in a pod. This brings broad support to container runtime security even in managed container environments such as AWS Fargate, where the customer cannot run a kernel mode sensor. And one of the new capabilities in Falcon Horizon, our cloud security posture management solution now provides end to end visibility to Azure AD. This is an important tool to quickly identify privilege permissions and misconfigurations in Azure AD, which is notoriously difficult to administer and protect. Securing this threat vector can help limit attacks like Sunburst. Sunburst highlights the urgent need for organizations to modernize and transform their security. It should serve as a wake up call to organizations that rely on legacy technology because legacy Teck is no match for today's adversaries. While it is challenging to measure specific pipeline effects events like Sunburst may have, We do not believe it was a significant contributor to our strong Q4 results. We do believe it has raised awareness at the Board level and will serve as an additional tailwind to the industry over the long term. Furthermore, we are seeing a crisis of trust within the Microsoft customer base driven by Sunburst and their more recent 0 day vulnerabilities in exchange that has been reported to affect 250,000 customers worldwide. Customers are looking to de risk their security architecture by choosing an alternative vendor to Microsoft. Additionally, following the Sunburst campaign, we we have seen customers become increasingly concerned about protecting their cloud directories such as Azure AD. This is driving interest for identity protection technologies, such as our 0 Trust offerings derived from our acquisition of Priyant. As I communicated to the Senate Intelligence Committee last month, Sunburst further highlights the importance of a 0 Trust posture. Organizations need to incorporate new security protections focused on authentication in order to significantly reduce or prevent lateral movement and privilege escalation during a compromise. With preempt security, CrowdStrike is leading the charge in delivering a 0 trust solution focused on endpoints and workloads. We believe combining workload security with identity protection is foundational for establishing through 0 Trust Environments. Pre EMP expands Craftstrike's 0 Trust capabilities and incorporates critical identity behavior data and analysis to help customers fortify their defenses and prevent identity based attacks and insider threats. Our initial phase of integration of Preempt is on track and targeted for the end of Q1, and we are very encouraged by initial customer response engagement. We believe CrouseRack has the opportunity to be a key beneficiary as companies look to transform and bolster their security defenses in order to stay ahead of adversary advancements. We believe our pole position in the market is further strengthened with Qumio, a leading provider of high performance cloud log management and observability technology that we acquired several weeks ago. Whether you're looking to secure traditional endpoints or cloud workloads, visibility and data are vital. Security efficacy is directly related to the quantity and quality of data collected and the ability to analyze it in real time. As a pioneer in EDR, we have spent the last decade building upon rich endpoint data by adding more network visibility and telemetry from all workloads regardless if they are on premise, in the cloud or deployed in a container. All the data we collect is stored in one place, the is a threat graph where it's analyzed across our entire customer base, providing real time protection and community immunity. By streaming the telemetry to the cloud with our proprietary smart filtering technology, we believe we have a fundamental time and performance advantage over most vendors. Today, ThreatGraph processes over $5,000,000,000,000 security related events per week. With Humio, we are now redefining next gen XDR. Through a platform that spans endpoints, identities, applications, the network edge In the cloud, CrowdStrike is building a unified data layer to power the next generation of enterprise security and IT. Qumio provides us the ability to expand our data lake and to solve more security and non security use cases in real time. I can't emphasize enough the power of index query the data in real time as it's being ingested. Additionally, Jumio's capabilities will be built into the fabric of our Falcon Overwatch, complete and threat intelligence modules as well as our professional services offerings, providing Krauszweg with a greater time advantage over the competition and the We believe that combining Yumio's data ingestion and analysis engine with the CrowdStrike's agent technology, which provides OS and application process level telemetry, introspection capabilities and smart filtering will create a powerful data platform with a new level of speed and efficiency. This can be transformative and provide a fundamental advantage that has the potential to disrupt the log management and observability markets. Humio builds on the momentum we have already achieved with Falcon Spotlight and Falcon Discover to grow our total addressable market by solving broader use cases outside of traditional security. On day 1, Humio broadens our reach into the log management market. This market alone is forecasted to be $4,900,000,000 in 2023 based upon IDC estimates and that does not include any potential adjacencies such as the massive observability market. Looking forward, we have even greater plans for this new CrowdStrike business unit. While it will take some time and investment to deliver this powerful combination to the market, We believe it has the potential to open up massive new TAM for Crouch Wrike, provide a runway for growth well into the future and ultimately create another line of business on par with our security business. As you can probably tell, We are very excited about the future opportunities and prospects Humio brings to CrowdStrike and are thrilled to welcome the team on board. Before turning the call over to Bert, I would like to take this opportunity to specifically applaud the outstanding work of our professional services team, which resulted in a record quarter. These outstanding professionals are widely respected across the industry as one of 2 elite forensic expert teams in the market. Our team of defenders are laser focused on helping patients survive a breach and prepare for the next attack. After being engaged by SolarWinds to investigate the sunburst attack, this team rolled up their sleeves and worked tirelessly to protect customers in a dynamic threat environment. Shortly thereafter, our services team released the CrowdStrike reporting tool for Azure, a free community tool to help other organizations quickly and easily review excessive permissions in their Azure AD environments, determine configuration weaknesses and mitigate risk. We share the intelligence and learnings we derive from our incident response work with our engineering, product intelligence, overwatch and complete teams further enhancing our ability to protect our entire customer base. We believe this is another factor that provides CrowdStrike a unique advantage over the adversaries and the competition. In closing, as you can see from the exceptional results we reported today, our Falcon platform is increasingly recognized as a mainstream market choice for enterprises of all sizes around the world. We believe we are still in the early innings of our growth journey. CrowdStrike is positioned to continue our momentum and further expand our leadership as we build on our success, expand our platform capabilities and extend our reach into new and adjacent markets. With that, I will turn the call over to Bert. Thank you, George, and good afternoon, everyone. As a quick reminder, unless otherwise noted, all numbers except revenue mentioned during my remarks today are non GAAP. We delivered another outstanding quarter and fiscal year. Our record performance highlights our continued exceptional execution and ability to rapidly scale our business, while at the same time maintaining best in class operations. In fiscal year 2021, we delivered 82% revenue growth, 7% operating margin and $293,000,000 in free cash flow for 33 percent of revenue. We are exiting the year with a record 4th quarter, which includes record subscription gross margin at high end of our target model and record free cash flow of $97,000,000 In the 4th quarter, we saw broad based demand and strength in multiple areas of the business with multiple large deals, none being outsourced. Similar to last quarter, demand for our solutions was well balanced between new customers and expansion business and between large enterprises and mid market and smaller accounts. We once again ended the quarter with a record pipeline, which we believe indicates a strong foundation for future growth. In the Q4, we delivered 75% ARR growth year over year to reach $1,050,000,000 Rapid new customer acquisition as well as expansion business within existing customers drove substantial growth in the quarter, once again resulting in another quarter of record net new ARR, which came in at $142,700,000 Excluding the acquired net new ARR reported in Q3, net new ARR grew approximately 30% quarter over quarter, which is an increase from the trend we saw last year. We continue to be very pleased with the success of our land and expand strategy. Our gross retention rate remains high and best in class at 90 8% at year end. Our dollar based net retention rate exceeded the 120% benchmark throughout the year. Net retention increased to 125% as of the end of FY 'twenty one, up from 124% at the end of FY 'twenty. For the interim FY 'twenty one quarters, Net retention was 128% in Q3, 131% in Q2 and 126% in Q1. Moving to the P and L, total revenue grew 74% over Q4 of last year to reach 264,900,000 Subscription revenue grew 77% over Q4 of last year to reach $244,700,000 Professional service revenue was $20,300,000 setting a new record for the 2nd consecutive quarter and representing 49% year over year growth. In addition to providing valuable breach remediation and forensic services to organizations around the world, our professional services are a strong lead generation engine for the Falcon platform. Among organizations who first became by professional services customer after February 1, 2019. The average subscription ARR derived for every $1 spent on initial incident response or proactive service engagement grew to $5.51 This is up significantly when compared to 3 point $0.73 reported last year. In terms of our geographic performance in Q4, we continue to see strong growth in the U. S. As well as international markets. Approximately 71% of 4th quarter revenue was derived from customers in the U. S, 14% from Europe, Middle East and Africa markets, 10% from Asia Pacific and 5% from other markets. Growing our international business is a key component to our plan to sustain growth over the long term. We were pleased to see our investments in these markets deliver in fiscal 2021 with EMEA posting 84% growth and APAC revenue more than doubling at 113% over last year. We remain focused on building a long term business In Q4, we recognized significant operating leverage in our SaaS model and the benefits of scale, even as we increase investments in our global reach and cloud platform. 4th quarter non GAAP gross margin improved to a record 77%, a 3 80 basis point increase from Q4 of last year. Our non GAAP subscription gross margin increased to 80%, compared with 77% in Q4 of last year. Subscription gross margin reached the high end of our target range, reinforcing the business advantage of our collect data once and reuse many times strategy. Total non GAAP operating expenses in the 4th quarter were $170,300,000 or 64 percent of revenue versus $118,400,000 last year or 78 percent of revenue. We continued investing aggressively in our business during Scaling our business efficiently remains a top priority, which is why we intensely focus on our unit economics, including Magic Number. In Q4, we ended with a magic number of 1.3, which remains very high. We attribute this to our frictionless go to market engine, including our digital lead generation and self-service e commerce capabilities, and while to a lesser degree, some benefit from reduced travel due to COVID-nineteen restrictions. We drove strong leverage in the quarter and fiscal year. For FY 'twenty one, total operating expenses as a percentage of revenue improved by 17 percentage points with both R and D and G and A within our target operating model. The leverage we generated this year demonstrates The efficiency in our model and enables us to step up investments in new technologies, new international geographies and other marketing programs, as well as continue to hire aggressively. We believe this will lead to sustained growth over the long term. We look forward to sharing additional details about our model on our next investor webinar scheduled for April 8. 4th quarter non GAAP operating income was a record $34,400,000 and operating margin improved 17 percentage points over Q4 of last year to reach 13%. Q4 represents our 9th consecutive quarter of improving non GAAP operating performance on both a dollar and margin basis. Non GAAP net income in Q4 was $31,200,000 were $0.13 on a diluted per share basis. Our weighted average common shares used to calculate 4th quarter non GAAP EPS was on a diluted basis and totaled 236,700,000 shares. This brings our non GAAP net income for fiscal 2021 to $62,600,000 or $0.27 on a per share diluted basis using 234,400,000 shares. We ended the 4th quarter with a strong balance sheet. Cash and cash equivalents totaled approximately $1,900,000,000 Our cash balance reflects approximately $740,000,000 in net proceeds from the $750,000,000 senior unsecured notes issued in January. We also expanded our revolving credit facility to $750,000,000 providing CrowdStrike access to additional capital without diluting our shareholders. Cash flow from operations in the 4th quarter grew to $114,500,000 and free cash flow increased to $97,400,000 setting new records for both measures. Before we move to our guidance, I would like to make a few modeling notes. With respect to net new ARR, as is typical for software companies and similar to last year, we expect to see seasonality as we move from Q4 to Q1. Our guidance includes the impact of our recent acquisition of Fumio, which closed on March 5, 2021. We currently expect the acquired net new ARR contribution from Humio to be approximately $2,000,000 in the Q1. We funded the cash portion of the Humio acquisition with cash on hand. The $352,000,000 cash payment, net of cash acquired, will be reflected in our Q1 FY 'twenty two cash balance. We expect interest expense at Bease from the issuance of $750,000,000 in senior unsecured notes and the $750,000,000 undrawn credit combined to be approximately $22,600,000 per year, excluding amortization of debt issuing costs and discount. Moving to our guidance. We continue to remain optimistic about the demand for our offerings, record pipeline and the powerful secular trends fueling our growth. For the Q1 of FY 'twenty two, we expect total revenue to be in the range of $287,800,000 to $292,100,000 reflect a year over year growth rate of 62% to 64%, with subscription revenue being the dominant driver of growth. We expect non GAAP income from operations to be in the range of $18,500,000 to $21,700,000 and non GAAP net income to be in the range of of $10,800,000 to $13,900,000 We expect diluted non GAAP net income per share to be in the range of $0.05 and 0 point 0 $6 utilizing a weighted average share count of 238,000,000 shares. For the full fiscal year 2022, we expect total revenue to be in the range of $1,310,400,000 to $1,320,700,000 reflecting a growth rate of 50% to 51% over the prior fiscal year. Non GAAP income from operations is expected to be between $94,800,000 $102,500,000 We expect fiscal 2022 non GAAP net income between $63,800,000 $71,400,000 Utilizing weighted average shares Used in computing diluted non GAAP net income per share of $240,000,000 we expect non GAAP net income per share to be in the range of of $0.27 to $0.30 The midpoint of our non GAAP EPS guidance includes approximately $0.08 per share in added operating expense for Humio and $0.09 per share in added interest expense for the debt we previously discussed. George and I will now take your questions. Our first question comes from Saket Kalia with Barclays. You may proceed with your question. Okay, great. Hey, thanks guys for taking my questions here. A lot to sort of run through, But George, maybe I'll zero in on the public cloud and Falcon Horizon. The question is, As customers take a look at Falcon Horizon and your other security tools for the public cloud, can you just talk about how much you're able to cross sell those into your existing customer base and maybe how your conversations, understanding it's early, with new customers are trending around Falcon Horizon and the other public cloud security tools? Sure. Thanks Saket. Yes, obviously, if you look at our model, we've done a great job of Being able to cross sell our technologies and when you look at Horizon, it's the perfect opportunity for us to cross sell into those cloud workloads, which as we've pointed out, are increasingly becoming more and more important for all the companies as they digitally transform. We've gotten tremendous feedback so far, obviously, still early days on Horizon. But again, that's something that we had built for ourselves over many years. So while it's new to the market, it's been a proven technology and it's been very well received so far by our customers and we've gotten some nice traction with it. So we also pointed out some additional updates in the Linux modules where we can run-in a Fargate environment as an example. So overall very strong offering in the cloud workload, runtime protection and visibility space and we continue to build that out and we'll continue to build that out over time. Got it. That's really helpful. Bert, maybe for you for my follow-up. Understanding we don't guide to ARR for next year, maybe one component of that, that I wanted to 0 in on is that ARR per customer. Obviously, a tough metric to forecast because there are just so many different drivers inside of But as you look forward, just broad brush, how do you think about that ARR per customer sort of trending in fiscal 'twenty two? And What are going to be some of the puts and takes about? Hey, Saket, great question. Great to hear your voice. So when we think about ARR per customer, you can see that there's a mix shift that is happening. I mean, that's evidenced by the accelerated growth we Saw in net new logos, and that was really driven by the mid market and SMB space. And as a reminder, when you think about our ARR per customer, Across the board, accounts are expanding, and that's evidenced by our 125% And then finally, when you think about the overall success of our net new logos and the velocity that we're seeing with You're seeing that we're able to sell to customers large and small. This is very hard to do. And getting great satisfaction from our customers, we're across the board is something that we absolutely strive to. So there are a lot of different dynamics that go into that equation. You've got the velocity from the smaller mid market Folks, in terms of the volume of new logos, but you're also seeing us still be able to land You know those bigger deals. So excited about the opportunity and certainly excited about our expansion opportunities. Absolutely, it shows. Thanks guys. Thank you. Our next question comes from Sterling Auty with JPMorgan, you may proceed with your question. Yes, thanks. Hi, guys. I appreciate the disclosure on the sales through AWS, but I'm just wondering if you can either quantitatively or qualitatively give us a sense of what percent of the net new ARR in the quarter or even the year actually came from protecting cloud workloads, just so we can get a sense of that use case for endpoint versus traditional ones. Sterling, it's Bert. Still, very, very good question. So remember, I think that, First of all, we feel that it was a strong quarter through AWS Marketplace. I think it's grown into a really meaningful number. I think that one of the things you want to really put into perspective is that we're probably one of the most transaction ISVs on the And I think the key is that we're seeing good pull for our new cloud modules. George talked about how many containers We secure, and it's a big number. And I think that when you combine that with almost more than 20% of Our servers we protect are in the cloud. I think that you're starting to put the picture together. The better news is that we're still have a greenfield opportunity with Protecting cloud workloads and we're really, really ahead of anybody else that's out The marketplace is really a great vehicle for transacting business with both large and small customers. And George often talks about the speed in terms of how we close the process with AWS. I think that With respect to their governing contracts or their global contracts, I think that this has been a real advantage for us. If both the buyer and seller agreed to this standard contract, Higher and seller agreed to this standard contract. That just speeds up the process by 80%. At End of the day, companies want Artech and they are buying it through the marketplace, as one avenue. So we see this as, again, I want to highlight, we This is a greenfield opportunity for us. Got it. Makes sense. And then just the other question on Humio. George, when you think about XDR, how would you kind of characterize any differences between XDR and SIM? Is this kind of the first step or do you see those as the same opportunity? So in other words, are you going to become more of a full blown SIM provider over time? Well, I think you have to look at the outcome. The outcome is to find advanced threats and You don't want to create just bigger needle stacks, right? You want to be able to find those nuggets that are out there. You want to leverage the vast artificial intelligence technologies that we've built. And we've been even prior to Humio, I mean, we've built a lot of technology, which which would be XDR like in terms of looking at different network flows and connectivities. So we feel really good about the technology. We've looked at Just about everything else that's out there and we were just blown away about how fast the technology works, index free ingestion and what it's going to bring. And as I pointed out in the script. It's going to help in multiple areas across the board that I pointed out, even the cross strike store to pull additional integrations in. So I think it's a real foundational technology for us. You'll hear more about it as we Solidify the integration plans, but very excited. Got it. Thank you. Thank you. Our next question comes from Atim Goolani with UBS. You may proceed with your question. Good afternoon. Thank you for taking my questions. George, maybe I'll start with you just with respect to Humeo. You did talk a lot about the revenue opportunity associated with Humeo. I'm wondering if you can expand upon the cost benefit opportunities and to the extent we can think about CrowdStrike replatforming the back end on Humeo and if that's a path that you're thinking about as it relates To CapEx, gross margin and just the way you're thinking about your own back end infrastructure? And then I have a follow-up for Bert, if I may. Well, certainly it will be a technology that will be used throughout the CrowdStrike platform. You could see that we're at the high end of our range for gross margin. So I think it could be a small impact, but I'll let Bert comment on anything further than that. But overall, it's going to be, foundational technology for us. Its ability To compress data is without actually having to rehydrate it. So I mean you can search all this information even a very compressed Which is very unique in the industry. I think certainly going to help across the board and we'll know more when we get into it. Yes. It's a good question, Fatima. I think that to George's point, I mean, we're already in a good spot with respect To our subscription gross margin, there's going to be a little help with respect to Humio. And so we do anticipate an opportunity for increased margin Tien Tsin, due to that, but also due to other things like more modules that we're going to add to our platform and more optimization. Fair enough. And Bert, since I have you, Just with respect to some of the remarks George made around ARR in the script, where there might be some spillover into the first Fiscal quarter, can you just reconcile that and some of the large deal momentum you saw in this quarter versus some of the seasonality expectations that you pointed us towards for fiscal 2022? That would be really helpful. Thank you. Sure. First, Let me comment on seasonality. So I think that we typically see seasonality Our business in ARR and we saw last year or similar to last year, we saw a dip from Q4 to Q1 and I think that's going to be the case again. The good news is, again, there were no outsized deals in the quarter. We had a lot of large deals, and so that was beneficial for us when we think about our ability to continue to land many large deals. And some of the things, some of the remarks that George made with respect to ARR going into Q1, that really relates to So we would still land them in Q4, but the subscription start date would take place in the following And that happens in every quarter. And we have many, many, many deals that obviously land in the And also start, their subscription start date is in the quarter as well. And I think that the other thing is it really is dependent on The customer's deployment schedule, right. We're ready to go anytime, right. But we want to make sure that the customer is ready. And so that's We think about large deals or small deals landing in 1 quarter, but the subscription start date in another. Very clear. Thank you so much. You're welcome. Thank you. Our next question comes from Brian Hassett with Goldman Sachs. You may proceed with your question. Hi, good afternoon and thank you for taking the question. George, I was wondering maybe if you could touch on Humio again a a little bit. How I guess, who do they typically see competitively in environment? Are they similar to Scalar And or is this maybe taking their technology and repurposing in a completely different direction than what they were typically or I guess strategically aligned for? Well, you know, I think you've got the normal Players in the SIM and log management space that are out there that they would consider competitors. With With respect to their technology and why it's differentiated, I really did talk about the index free ingestion, the fact that there's a lot of things that they can do in memory, which is just amazingly how efficient the technology is and when we put it through its paces I hooked it up to our back end and it handled all the data that we threw at it. So when you look at its flexible architecture and data models, it's Different than others where you can operate it from the cloud, you can have data in different places, data sovereignty. So I think it gives us a lot of flexibility. And then when you combine it with our Agent, our agent is more than just a forwarder of data. It's a very intelligent agent that does introspection and does system call analysis, provides information, observability information that can be extremely valuable to IT departments, again, outside of So when you combine our agent, our smart filtering with their ability at scale to ingest data in real time, we really think it's a winning combination. Got it. That's super helpful. Maybe as a follow-up, you mentioned in your prepared remarks, crisis of trust within the Microsoft customer base. Could you provide a little bit of context around that? I mean is it strictly with regard to endpoint or you see that across identity management, email with the recent Exchange Server attack. I mean, how pervasive do you think it is? And how might that affect not just your business, but others across the ecosystem? You know, it's I think it's across the board. We're seeing it. We're hearing it from CISOs. We're hearing it from CIOs. Boards are concerned, when you look at the latest breaches around Sunburst and you look at the exchange 0 day vulnerabilities, just about every incident response we do involves Microsoft technology. So Obviously, we're focused on being able to protect it, but there's a lot of customers that are looking at this and saying, hey, we need to de risk our environment and we need another provider, You know the proverbial, I want the fox guarding the hen house and you know I think just over the last couple of months this has really highlighted the risk in using sort of a monoculture for both security and operating systems. Got it. Thank you very much for that color. That's very helpful. Yes. Thank you. Our next question comes from Andrew Nowinski with D. A. Davidson, you may proceed with your question. Okay. Thank you for taking the questions and congrats on the consistently strong execution, which is not easy in this environment. So I wanted to start with a question on a win you mentioned in your Prepared remarks at Salesforce, was that was the incumbent vendor that you displaced a legacy or a next gen provider? And Why do they select CrowdStrike? So thanks, Andy. It was a next gen vendor. 1 has been making a lot of noise in the Investment community and they chose us because of the scalable platform, low impact and And efficacy and I think that's across the board that's what we're seeing whether it's a next gen vendor or whether it's an incumbent vendor is the ease of use time to value is incredible. We've done some massive financial services companies and it's It's been the smoothest rollout that they've seen, just works and the amount of visibility that we have is unbelievable compared to our competitors. So a lot of things may sound and seem the same, but when you actually get in Technology in the platform, this was built to scale and we've pioneered a lot of these technologies over time. Others have tried to Yes, but bad copy is still a copy. Okay. Thanks, George. And then maybe just a follow-up as As it relates to the legacy vendors that you compete against, I would imagine the sale of the McAfee Enterprise business is a potential churn event for their customers. So just wondering if you could comment on that and then what inning do you think you're in with regard to taking share from Symantec? Thanks. Well, yes, maybe I'll start with the later one the latter one. We still are taking share, just how the sales tactics Work and how the renewals work, it's really great opportunity for us to continue to take share from Symantec. And I think that sort of Play is, again, we'll continue with McAfee in the enterprise business. Whenever you see a disruption between And particularly if it's a financial sponsor, We believe and I think that's been proven over time, you're not going to see a lot of innovation on the R and D side. And again, you're starting with an architecture that's just legacy. So there's a lot of work that would have to be done and we It's a great opportunity for us to continue to take share in that area. That's great. Thanks guys. Keep up the good work. Thank Our next question comes from Alex Henderson with Needham. Great. Thank you very much. I appreciate you taking the question. I wanted to talk a little bit about Metrics around the pipeline. You stated that you saw a record pipeline. I think you're clearly seeing Record deal sizes. Can you talk a little bit about some of the metrics around time to close deals? Are you seeing any change in that timeline. And what is the time to first upsell look like? And then in that context, as you are now at the end of the year and looking into the new year, can you give us some sense of what your Expectations are around the sales staff build, to drive that pipeline over the course of the new fiscal year? Hey, it's George. Thanks for the question. So we don't normally give the stats out and candidly it's difficult to I'll give you something that's consistent. You look at an incident response engagement and it could be a week for a massive enterprise deal. You look at some of the other big financial Services, it could be 6 months and everything in between. So I think what's consistent is that when we get into a proof of value, You know, we're winning it. People are seeing the ease of use. It's super easy to deploy. So, we can get it out there very quickly And that does accelerate the sales cycle. I talked about the threat environment being the worst that I've ever seen and certainly the heightened awareness around that from boards and and wanted to make sure they had things locked down. So overall, it's very variable, but I think we've done a good job So, consistently proving value to our customers, consolidating agents, proving a real ROI and sometimes it's a 3 to 6 month payback on our technology as we rip out other technologies that are there. And, as we rip out other technologies that are there. And in terms of module expansion, As we talked about in the past, we've got in app trials. We've got a lot of customers trying new modules even if they didn't buy them and then self selecting saying, hey, I want that. And that Salespeople to go after that record pipeline going into the year. So like I've been talking about for a while, Alex, we're constantly looking at our opportunities and we're going to invest aggressively when we see them and we clearly see them now. Obviously, When we see them and we clearly see them now. Obviously, it's we're really happy with our magic number at 1.3, But I think we have some room there to continue to aggressively invest in the sales and marketing Because we clearly see the opportunity in front of us. You're welcome. Thank you. Our next question comes from Joel Fishbein with Truist. You may proceed with your question. Good afternoon all and congrats again on a phenomenal execution in the quarter. George, for you, I mean, I want to highlight on you talked about it a little bit last quarter. System integrators seem to be playing a much bigger role in this Digital transformation and security transformation, which you're obviously a large part of. I wanted to see if you would elaborate a little bit on what's happening with the E and Y partnership and then if we should Expect to see other system integrators like that develop go to market strategies around CrowdStrike? Thanks, Joel. And I'll start with the latter one. Obviously, we continue to build out the system integrator partnership, so You'll see more over time. When you look specifically at they've been great partners for us, the P and G deal that I called out, great relationships there. And As you very well know, they're operating at the Board level. They've got deep and long relationships. And as they're helping companies digitally transform, As I've said many times, you need to go through a security transformation as well. And they're hand in glove. So we're very excited about that relationship. Obviously, it's a worldwide relationship and I think we're only in the beginning of that. And As that begins to ramp across the globe, we're excited about the potential opportunities that brings. Great. Thank you so much. Thank you. Our next question comes from Rob Owens with Piper Sandler. You may proceed with your question. Great. Thanks for taking my question. I wanted to touch a little bit on that last answer, George. I guess relative to the international opportunity and maybe the GSIs could be the great accelerator. And while growth has paced, I guess, with overall growth, if you think about mix longer term, Is there any governing factor or gating factor relative to getting to kind of a fifty-fifty? If I look historically at companies in this space, they had Revenue domestic capital international. Could you see that same type of mix longer term? Or is there anything that might prevent that? Well, I certainly could see that mix longer term. We continue quarter over quarter to expand rest of world outside of North America as an example. We continue to build the partnerships and the partnerships are very important outside well, they're important everywhere, but In many geographic locales, that's really the only way to go to market is through partnerships. So we'll continue to expand that out when Look at AWS of the world, broad reach across the globe. We've got many other worldwide partners and they're certainly very strategic for us. And what we're seeing right now, Rob, is strong And what we're seeing right now Rob is strong customer pull to the partner community, right. So it's one thing to have a partner network. It's another thing when you have Their customers saying we want CrowdStrike, we want it as our system of record. Great, thanks. Thank you. Our next question comes from Gray Powell with BTIG. You may proceed with your question. Great. Thanks for taking the questions and congratulations on the quarter. So I think in the prepared remarks, you mentioned that you did not see SolarWinds as a material driver to ARR in Q4. But I do think that everyone probably agrees that there should be a tailwind to growth in the EDR space from the breach in 2021. So I guess how should we think about that this year? And then beyond just EDR, what modules do you see the SolarWinds breach driving the most incremental demand for? Sure. So we certainly see it as a sustainable tailwind. When you look at what happened, I mean, this Particular event was probably most significant I've seen in almost 30 years in my security career. So that's going to drive a long term trend in terms of customers They want better technologies, they want greater visibility that drive EDR and XDR. So that's all good and we see that. When you look at the modules that we think could really benefit something like our 0 Trust and Really our pre empt technology, we talked about identity being incredibly important. Obviously, you have EDR and there's a lot of technologies Find bad things, but identity is a big element protecting organizations both on prem and in the cloud. And I Couldn't think of a more well timed acquisition than preempt because of what's happening right now. So we've got there isn't a conversation we're having with a large enterprise It doesn't involve identity, specifically again where we operate on the endpoints and workloads and 0 Trust again on the endpoints and the workloads. Got it. Okay. And then anything on the vulnerability management side or IT hygiene? Well, yes, the vulnerability side, a lot of it is driven by the vulnerability of the week from the Microsoft perspective. So people are having a hard time just Dealing with all the vulnerabilities where they are, they patched. If it's patched, is it really the latest, is it fixed? And Our VM spotlight product is has really, really matured and is very well received by our customers. And that's actually been one that we've seen, I think, really good uptake on as well. Got it. All right. Thank you very much. Thank you. Thank you. And that concludes our Q and A session. I would now like to turn the call back over to George Kurtz for any closing remarks. Thank you. That concludes our Q and A session. I would now like to turn the call back over to George Kurtz for any for further remarks. Operator, let's go ahead and conclude the call. And I'd like to thank everybody for joining us today. And we look forward to seeing you virtually at our upcoming events. Thank you. Thank you. Ladies and gentlemen, this concludes today's conference call. Thank you for participating. You may now disconnect.