Investor briefing today. I am Maria Riley, Vice President of Investor Relations. We have a great lineup, and we hope you find this session informative. Today, you will hear presentations from George Kurtz, our Co-Founder and CEO, Michael Sentonas, President, and Burt Podbere, our CFO. We will open up the session for Q&A. All participants will be in listen-only mode until the Q&A session begins. If you wish to ask a question, please make sure your Zoom username is easily identifiable and use the Raise Your Hand feature on the bottom of the meeting window. When you are selected for a question, please be prepared to turn on your video and un-mute your microphone. There may be a slight delay as you are promoted to the live queue. Before we get started, let me remind you of our safe harbor and the risks associated with forward-looking statements.
For additional information, please see the Risk Factors in our SEC filings. Additionally, unless otherwise stated, excluding revenue, all financial measures discussed in this presentation will be non-GAAP. Please refer to our disclosures on why we use non-GAAP financial measures and the reconciliation of these non-GAAP financial measures to their most directly comparable GAAP financial measures in the appendix of the presentation, which will be posted on our investor relations website shortly following conclusion of the webcast. With that, I will hand it over to George.
Thank you, Maria. Thanks everyone for joining us today. We're gonna discuss the evolution of endpoint security and how CrowdStrike has revolutionized modern security as we know it. You're also gonna hear from Michael Sentonas for insights around key product areas and some brief product demos. Finally, Burt is gonna dive into our financial metrics and discuss how we plan to grow the company profitably and at scale. Let's dive into it. I wanted to spend some time to talk about the modern XDR platform and how CrowdStrike has really redefined what the modern XDR platform is all about. Before I do that, I wanted to take you through memory lane and just talk about how endpoint has been viewed for many years.
Even to this day, if we think about the first antivirus product, it was actually created in 1987, signature-based, focused on blocking malware. We still see legacy technologies using this approach today, whether it's Microsoft, Symantec, McAfee, Trellix, based on signatures. We know that there's a difference between stopping breaches and stopping malware. When I started CrowdStrike, we first started with endpoint detection and response and delivered that from the cloud, focused on stopping breaches using a lightweight agent, AI-powered prevention, a single console, and our threat graph. We added next gen AV, again leveraging AI. In 2011 and 2012, these were really cutting-edge technologies.
This meeting is being recorded.
Today, it's actually kind of funny to see people get a smile when they go into ChatGPT and ask it a question. We were leveraging AI before it was fashionable. You fast-forward to today, we've got the modern XDR platform, which is really focused on taking data from our first-party sources, combining it with third-party sources, and again leveraging the single agent architecture to stop breaches. The fact is, our technology is easy to use. It works, it saves money, it saves time, and reduces complexity. When we think about CrowdStrike redefining the modern security, we have to first recognize that legacy AV is a commodity, that signature-based protection is a commodity. Even rebranded signature-based protection is a commodity. Stopping breaches will never be a commodity, and that's what we're focused on at CrowdStrike, stopping the breach. Let's talk about the Falcon platform.
It evolved from one module to 23, focused on endpoint protection. Over the years, we've added identity protection, cloud workload protection, observability, security and IT ops, and more. This really forms the foundation for modern XDR security, pioneered and defined by CrowdStrike. Just to give you an idea of why the endpoint is the epicenter of the enterprise, it's because 80% of the most valuable security data collected comes from the endpoint. This is where productivity happens. This is where the attackers are actually focusing their efforts, whether it's a traditional endpoint like a laptop, or whether it's a workload that is running in a cloud. Let's talk a little bit about the endpoint and how the adversary goes about their business. 90% of successful cybersecurity attacks and 70% of successful data breaches originate at the endpoint.
This is why I always say it's the tip of the spear for these breaches. Just to give you some more stats, 80% of attacks use compromised identities, and 71% of attacks are now malware-free. This is why a legacy signature-based approach is set up for failure. It's the reason why McAfee and Symantec were never able to make this jump, including Microsoft, into protecting and preventing breaches rather than identifying malware. On the subject of Microsoft, 900+ Microsoft vulnerabilities in 2022, this is really a windfall for the adversary. This is where they're targeting these desktops, these servers, these cloud environments because they're rich with vulnerabilities. The challenge is actually being able to identify, prioritize, and protect against these vulnerabilities, which again, CrowdStrike is focused on.
As I always like to say, the most valuable real estate in all of security is the endpoint. If there's one takeaway from this talk, it's to realize that your view of the endpoint of thinking of it as just endpoint protection is limited. I really want you to think outside the box of the endpoint as a form factor that opens up all these additional adjacencies within the platform. When we think about the platform, not only is it focused on protecting endpoints and workloads, but we've added capabilities around observability and IT ops and IT action and cloud security and threat intelligence. The Falcon platform has mining ecosystem of cybersecurity. We've made stopping breaches a team sport, where every type of partner that works through or alongside CrowdStrike customers win. Our thousands of partners help businesses of all sizes achieve superior outcomes.
We're continuing to increase our partner focus to scale in every segment, particularly in the SMB space. Let's talk a little bit about CrowdStrike versus Microsoft. Why does CrowdStrike win? Why are we different? Eight out of 10x when an enterprise customer tests CrowdStrike, they choose CrowdStrike over Microsoft. Eight out of 10x . Well, why is that? There's a few problems with Microsoft that I've boiled down into the three C's, starting with coverage, complexity, and catastrophe. Let's talk about coverage. CrowdStrike relies on advanced AI without the use of signatures. This is one of the areas that we help pioneer. Microsoft still relies on AV signature technology. In fact, it gets updated six or seven times a day with new signatures. This is the same failed model that McAfee and Symantec have been using for the past 25 years. The second area is complexity.
CrowdStrike has one console, one agent, and a lower TCO. Microsoft customers have up to nine consoles, multiple agents, and a higher TCO. This level of complexity is going to drive up additional costs within the environment in managing, maintaining, and certainly adding additional headcount to any Microsoft instance. The last area is catastrophe. Microsoft Windows represents 95% of the compromised endpoints CrowdStrike actually investigates and remediates during our incident response engagements. 95%. Further to that, the IR team, during an investigation of customers that have been breached, 75% of the time is Defender that has been bypassed. You can see this is a recipe for disaster, leveraging signature-based AV, which equals one thing, and that's being breached. When we think about the legacy technologies that are in this environment, I talked about IDC. We're ranked number one at 17.7%.
What's important to realize is that other next-gen vendors in the top 10 have a combined 7.4% of market share, and the legacy vendors in the top 10 still have a 46.7% combined market share. When I look at this, it just screams opportunity for CrowdStrike in the long tail of replacing many of these legacy vendors that still remain in the market today. Where's our TAM today defined by IDC in terms of modern endpoint security market? It's $20 billion. Again, the endpoint opens up adjacencies into many other markets. Things like FIM, which were never considered endpoint, a part of our overall offering because we can deliver it through the form factor that we call endpoint.
As we think about this, $20 billion to modern endpoint security TAM, when you add in all of the other areas that we cover, you can see how our TAM has grown from $20 billion of core endpoint protection to $98 billion when you combine all the other modules that we have. In fact, that will be then growing through organic TAM growth, our product roadmap, cloud opportunities, and future initiatives to a whopping $158 billion potential TAM in CY 2026. Before I hand it over to Mike, I want to leave you with a few points. Our single XDR agent underpins everything that we do and is essential to understanding our business. You can think of our agent as a form factor that delivers security and non-security outcomes to our customers that go well beyond the traditional definition of endpoint security.
While we may periodically report on the success of individual modules or categories of modules, core, emerging, cloud, et cetera, there really is no distinction between core, emerging, and cloud in the minds of our customer because they're buying the Falcon platform, and that's why we win. Thank you for your time, and we look forward to answering your questions at the end.
Thanks, George. It's clear we are building a generational company with a generational platform to support our customers. Today, I'll be detailing what we believe makes CrowdStrike the most highly differentiated cybersecurity company in the market with a deep competitive moat and sustainable innovation across all foundational aspects of cybersecurity. I'll cover how we protect identities with Falcon Identity Protection, safeguard the cloud with Falcon Cloud Security, and importantly, where we are taking CrowdStrike into the future with extended detection response, or XDR, as my friends in marketing like to call it. In each of these areas, I'll highlight what makes us different and take you far beyond slides with hands-on demos that demonstrate our unique capabilities. Let's start with our platform. From the beginning, we had the foresight to build our platform on the most critical real estate in the enterprise, the endpoint.
Today, our unified agent elegantly delivers integrated capabilities across the endpoint, cloud, and across identities. That single agent architecture is infinitely extensible to deliver new capabilities that removes the need for multiple point products and agents, which is just so incredible to all of our customers. We use the same agent as the delivery system across the platform, including our foundational modules, EPP, which includes Falcon Prevent, Falcon Insight, Falcon Intelligence, and Falcon OverWatch. Our emerging and cloud modules which include Falcon Identity Protection Discover, Spotlight, LogScale, and Falcon Cloud Security. One of the key differences with CrowdStrike is how each module is deeply integrated with each other and delivered as part of our unified platform. We like to call it our simple and elegant platform solution.
With our platform, you have one agent to deploy and manage, one console to use with deeply integrated intelligence, context, and coordinated actions. Not stitched together acquisitions or crude licensing bundles, which is ultimately what leads to people having complexity and getting breached. Our focus is and always will be how we deliver a superior experience for our customers, and that drives down the cost and effort of stopping breaches. To achieve this, we created a fundamentally differentiated agent that delivers comprehensive coverage across all critical environments, including endpoint, cloud, and identity. As well as precise detection, investigative content, text, and response capabilities with over 1,000 unique attributes collected, which is unique in the industry. It can be easily deployed across hundreds or hundreds of thousands of agents in days, not weeks or months like other competitive solutions from other vendors.
Our agent was architected from the ground up to deploy without requiring reboots, which can be operationally crippling in the cloud or verticals like manufacturing, banking, and finance. Finally, our agent cloud architecture ensures that every agent is always up to date with the latest protection, it doesn't require a massive tuning burden, and doesn't blue screen endpoints with failed updates, which happens a lot across the industry. Our customers tell me one of the most important things to me, that CrowdStrike simply just works, and we can rely on CrowdStrike every time. As part of this platform, we constantly better security value, simplicity of operations, and economic value for our customers. Let's turn to how we extended our unified agent into a completely new environment while still preserving its key differentiating attributes. Identities with Falcon Identity Protection.
This is a unique offering that reshapes how organizations stop modern attacks, which increasingly abuse valid and credentials as their primary point of entry. In the past, nations were faced with an impossible choice when considering how to protect their Active Directory, either needing to roll out yet another agent, creating crippling complexity and cost, roll out yet another point product on a server with more to deploy and operate, or worse yet, try to deploy an agent on a domain controller, which would take months or years to deploy with all the required testing and change control. This is one of the key differentiators here at CrowdStrike. We brought our unified agent and cloud architecture to identity protection. All customers need to do is simply turn it on. The agent is already there, and this is a foundational element.
This elegance has helped Falcon Identity Protection continue to rapidly scale, now contributing over $100 million in ending ARR to the business as of the end of FY 2023. Before we see Identity Protection in action, let me set some foundation context. When talking with customers, they often ask me how CrowdStrike fits identity ecosystem, I've talked about this with you all before. You have to create an identity. You create identities of the accounts you need to Active Directory or Azure AD as an example. You need to manage those identities, ensure the right user can access the right application with identity and access management tools like Okta, Ping, or Duo, all of which we have tight partnerships with. The most important thing is you need to secure those identities, to do that, organizations turn to CrowdStrike.
Lots of logins and accounts to various apps and sites go to an identity provider like an IAM to manage, and then you turn to CrowdStrike for the security. With that in mind, I'd like to bring in Cristian Rodriguez, our newly appointed Chief Technology Officer for the Americas, to run the demo. Let's see how identity protection works.
Thanks, Mike. One of the major benefits of our Falcon Identity Protection module is that it's already integrated with Falcon, meaning if you have Falcon deployed on your domain controllers, instant visibility of your authentication activity is already there. Because of this, securing your Active Directory is a frictionless deployment model. Let's start out with the overview dashboard, where we help IDP analysts gain instant visibility into both on-premise and cloud-based Active Directory activity. This helps identify areas such as shadow administrators, stale accounts, shared credentials, and other AD attack paths. More importantly, this highlights the riskiest identities for both user and service accounts given a combination of event triggers. The triggers listed in this instance are categorized in a way to help reduce risk by monitoring authentication traffic in real-time and applying behavioral analysis for credential weakness, access deviations, and password compromises with dynamic risk scores.
In this example, an alert for a user with a risk score of 8.5 gives a Falcon IDP analyst a quick view into areas such as the user's group membership, logon activity, authentication types, and anomalous logon locations. Let's take a closer look at their activity. Starting out with assets, administrators have visibility into all of the systems a user may have logged on to. Applications, as the name implies, includes a list of all web applications or on-premise applications that may have been accessed by this user. Finally, Top Destinations includes a list of network resources requested by this user over the past 90 days. By reviewing the activity log, administrators gain complete visibility into location information, login type, source and destination data, including access via SSL VPN and RDP across on-premise and cloud deployments.
With a robust integration ecosystem into third-party tools, including orchestration and MFA providers, Falcon Identity Protection allows administrators to efficiently enforce conditional access MFA policies against a variety of systems, services, and applications. One example of conditional access policies may include the use of MFA for remote desktop requests to systems considered critical to a business. Another example may include the use of conditional access enforcement for file servers hosting sensitive data or intellectual property. This use case could be applied to a standard policy for validating and tracking user access to company files and identifying outliers within those. For RPC calls, the same can apply, where conditional access policies can limit who accesses what system via tools such as Microsoft's MMC. A common requirement for enterprises may include the use of tracking and reauthenticating users accessing specific applications.
With Falcon Identity Protection, enterprises can define conditional access policies tied to those application types. MFA enforcement can then be applied via tools like Okta, Ping Identity, and RADIUS. Lastly, for non-Windows systems, Falcon Identity Protection can still enforce a conditional access policy using our unique ability to analyze authentications in real time, even if Falcon is not installed on the system in question. With 80% of attacks being attributed to compromised credentials, protection is built for hyper-accurate detection of identity-based threats in addition to adaptive authentication mechanisms. I'll hand it back to you, Mike.
Incredible. Absolutely incredible. You can see the simplicity and elegance of our unified agent delivering a highly differentiated security capability by leveraging the foundational elements of the CrowdStrike Falcon platform in harmony with a fully integrated technology from the Preempt acquisition. Let's turn from identity to the cloud. Just like attackers are compromising identities to breach organization, we know and we've seen in our engagements that cloud attacks have skyrocketed, and that's not going to slow down. Based on our unique visibility into the threat landscape and the ground truth from incident response engagements, we reported in the CrowdStrike Global Threat Report a 95% increase in cloud exploitation. We also have observed how adversaries are moving between the endpoint and the cloud, starting on one and moving to the other. From cloud to endpoint, but importantly, from endpoint to cloud as part of a coordinated attack.
Meaning if your endpoint and your cloud security solutions aren't working together, your organization is wide open for a breach. To solve this growing problem, we released Falcon Cloud Security, a fully integrated agent and agentless cloud protection solution that the industry typically calls Cloud Native Application Protection Platforms, or CNAPP for short. In typical fashion, we started with the hardest problem first, stopping breaches in the cloud by extending our agents to workloads, to containers, and serverless applications with Cloud Workload Protection Platforms, or CWPP. You can think about this as securing the runtime environment. Runtime protection is how you stop an active breach in the cloud, just as we do on a corporate endpoint as an example. You have to be on the device or on the workload to find and stop the attack.
Otherwise, at best, you're detecting a breach with no ability to do anything about it, and you typically detect that issue very slow. The hardest part, and one most vendors actually fail at, is building an agent that is easy to deploy, easy to manage, doesn't require a reboot without introducing significant complexity into an environment. Without these key, you can't build it into your DevOps or DevSecOps processes. We took over a decade of work building the world's best agent and brought it to the cloud. Now, from there, we extended our with agentless capabilities to solve essentially for human. That's where cloud security posture management and cloud identity entitlement management capability come in to safeguard against misconfiguration, accidental exposure, and other human errors such as default admin passwords, over-permissive entitlements, as an example.
An agentless cloud security solution is absolutely critical to fully protect your cloud environment. With only an agentless approach, everyone has access to the same APIs, making standalone agentless vendors essentially a commodity to incredibly easily rip out and replace. Organizations need the tight native integration of an agent and an agent time to CSPM, CIEM to stop breaches from both adversaries and human error. Our unique agent and agentless approach has been validated by customers that get benefit from this architecture every day inside their organization. It's also been validated by vendors that try and fail to match this architecture by forming loose partnerships. They has to add multiple products and complexity into their end user environment, which always results in missed attacks and slow threat detection and response. Let's see this in action.
Really great option for our customers' cloud security requirements, including both an agent and agentless configuration. To your point, we did start with the difficult part, and that's basically with Falcon running within a cloud workload for optimal protection. Creating a container version of the sensor. This agent-based option for cloud workload protection gives you full visibility across process data tied to detection and prevention events. The detection view that most CrowdStrike admins are familiar with represents malicious activity within the container. One major difference is the included workload metadata in the detection event itself. For example, worker node and contain ID information are present. Getting deeper into detection events also yields valuable cloud data for efficient correlation to the cloud environment the system is tied to. This also includes CSPM data, which we'll revisit later.
For the sake of this demo, let's investigate this container in our container view. The detection container view gives you visibility against advanced threats we protect against. With this view, analysts have a much deeper look into the actual image of a container in addition to the actual configurations across the cloud environment it sits in. This may also include vulnerabilities tied to the image. Let's take a quick look. Analysts need a quick way to understand which images are impacted by the most severe vulnerabilities. By drilling into these alerts, analysts are presented with a full breakdown of the vulnerabilities driven by CrowdStrike's proprietary adversary first expert AI system. To get a larger view into impact analysis, analysts also have access to a full packages view. Admins using registry connections to get a full assessment on images and repositories with respective vulnerability data if found.
The beauty of the cloud overview dashboard allows an administrator to see a fully consolidated view of not only the images that we detected and the respective vulnerabilities, but also the detections themselves, and also IoM policies, which we'll cover in the next CSPM module. Mike, in contrast to what we've just seen, where Falcon can run as a container service, real runtime protection, in addition to image assessments with registry connections, we also do a full cloud security posture management assessment of your cloud assets across multiple cloud security and solutions providers. In events where an organization may have access to AWS, Azure, or GCP, or a combination thereof, it's very important to get a full view into all of those assets in addition to understanding configurations or misconfigurations across those services that are within those cloud providers.
In this next section, we're going to cover a little more on how administrators can easily get access to those configurations, the services that are running within these cloud services, and ultimately, how to quickly remediate against those threats that could ultimately take advantage of those misconfigurations in these cloud environments. Let's take a deeper look. Most cloud providers have a plethora of services that enterprises take advantage of. With CrowdStrike's cloud asset view, admins get a full breakdown of each service and their respective asset IDs with asset detail data. This gives full visibility into services that may be considered orphaned, unauthorized, underutilized, but importantly misconfigured. We do that via a series of CrowdStrike Indicators of Misconfiguration or what we call IOMs. Let's take a deeper look at an asset.
Interacting with an asset allows an analyst to graph the relationships of services and asset properties across an interactive map. This helps in understanding service and configuration associations between compute instances in this example. Also gives analysts a workflow in understanding the classifications of a misconfiguration. We can see here that a global ingress configuration setting is being flagged for further review. An analyst may also want to assess where else this misconfiguration is present. The results of this expanded query gives an analyst a full view into every instance that meets this misconfiguration IoM, in addition to an understanding on where the runtime iteration of Falcon is actively running. We classify these systems with a managed or unmanaged label. Many of these indicators of misconfiguration are tied to CIS benchmarks, PCI benchmarks, and NIST.
With the direct tie-in to Falcon, analysts can pivot directly into the detections UI for active runtime detections. These are just a few features in our Cloud Native Application Protection Platform. Mike, I'll hand it back to you.
Beyond cloud, we are also extending our platform with other agentless capabilities, including one I'm incredibly excited to be talking about today, Falcon Surface, our attack surface module. As part of our focus on simplicity and workflow elegance, we rapidly integrated our recent acquisition of Reposify, which has been incredibly well received by all of our customers. We bought Reposify to give our customers an outside-in view of their enterprise, letting them see their organization from an attacker's point of view to understand their points of weakness and vulnerability. It's an easy and effective way to get even more visibility that can immediately be turned into action. So let's see how we take a company's domain and quickly turn it into an actionable way to reduce business risk with Falcon Surface.
Falcon Surface gives enterprises this real-time view into the risk associated with their attack surface outside of their managed network. Consider... a dev server or maybe a subsidiary's misconfigured and exposed sensitive database or an orphan cloud instance. Another example could be cloud services or CMS systems, or maybe there was a misconfiguration on your firewall or router which ultimately exposed a system to the Internet. Enterprises using Falcon Surface are provided with a discovery path to help them easily understand why... the asset is associated with the organization. This may include a full breakdown of subsidiary connections and associations which otherwise could take months to map out manually.
Many times, these assets are orphaned or under-managed when it comes to areas such as patching or major OS updates, which will ultimately lead to a larger likelihood of these systems being targeted by adversaries, given how easy they are to exploit. Without having to know all of your domains, CrowdStrike Surface automatically streamlines asset identification by giving enterprises a sorted inventory by platform type, expo service type, and vulnerability type using this proprietary Internet scanning algorithm. Information includes a fingerprint of each system which details data points such as the operating system are running on that system, and of course, the respective versions. Let's take a look at this company's subsidiary, which currently holds a grade of F for security posture. Security and vulnerability analysts will have quick access to a list of services and the respective assets they belong to with varying levels of risk severities defined.
This helps prioritize a response to the systems imposing the most risk at any given moment. The details of each service not only includes the risk rating, but also the respective CVE, CVSS scores and types, but more importantly, the proper remediation steps required to reduce the risk of the system in question, which allows defenders to see their exposure before adversaries do. With a plethora of filtering options at your fingertips, analysts have an easy way to prioritize and monitor risk and measure the impact of subsidiary posture across brands and locations in an automated way. With the variety of integration options, alerting can be done natively via email or via integrations with the likes of Slack, Jira, and ServiceNow.
Kudos to the teams who rapidly integrated Reposify into our platform. It's a testament to the platform's extensibility and our commitment to keep pushing to the boundaries of security innovation. We've talked a lot about today. Let's look into tomorrow. Part of what has made CrowdStrike unique from the beginning is that we've never shied away from solving the hard problems for our customers. We anchor our strategy on what makes the biggest impact for their security posture and gives them the best outcome. That's how we've been approaching XDR. As our friend, Allie Mellen at Forrester says, "Good XDR lives and dies by the foundation of a good EDR." We believe we have the best EDR in the world.
We've taken the foundational security and operational outcomes from pioneering the EDR category and brought them to every attack surface across the enterprise. It's all delivered from the agent at its core. That future is here with our customers today with how they are using our modern XDR platform to see more across every attack surface, giving them the ability to investigate faster by focusing on a unified analyst experience and respond conclusively across CrowdStrike as well as third-party products. It's actually the dream of every SOC team. Collapse the endless consoles and tools into one. Here at CrowdStrike, we're delivering it from the strongest foundation possible. Our unified agent with the richest, deepest EDR telemetry.
Now with data at the heart of XDR, Falcon LogScale is part of our customer's XDR journey, offering them a modern log management system to collect everything, query all of it in seconds, and keep it forever at an economical cost. Let's explore where we are today with our modern XDR platform. CrowdStrike's extended detection and response capabilities go way beyond the endpoint using integrations with vendors such as Okta, which allow analysts to ingest single sign-on logs and trigger Okta response workflows, such as resetting authentication factors.
Another integration may be tied to messaging services like Slack, which allows security teams to centralize alerts and deploy customized workflows. For the vast number of partners leveraging webhooks, CrowdStrike XDR allows automated workflow customization with a simple webhook integration interface. CrowdStrike's XDR platform allows administrators and analysts to collect data from previously siloed security tools across an organization's technology stack for easier and faster investigation. The platform allows responders and analysts to collect security telemetry from not only Falcon, but also cloud workloads and network tools and services such as email gateways, web proxy, CASB, and NDRs.
For today's demo, we're highlighting an integration workflow with the likes of Corelight, Falcon Identity, Zscaler, and Mimecast Email Security. By streamlining views such as impacted hosts, analysts and threat hunters can focus on high-priority threats and responses. A good example of that would be containing multiple systems to isolate a threat or prevent lateral movement. In this example, response actions can be focused on the identity of the user in question. This includes adding the user to a restricted group within Zscaler's web enforcement policy. Adding the user to a watch list for further analysis within CrowdStrike's Identity Protection module. With seamless integration into single sign-on vendors like Okta, options may include forcing a password reset for the next time that user attempts to authenticate.
With our ever-growing ecosystem of partner integrations, additional telemetry enrichment is natively presented within an incident with vendors such as OPSWAT and VirusTotal. One of the main benefits of our XDR platform and the threat context analysis. Easy to digest indicator views guide an analyst through an entire investigation and remediation process. This includes getting visibility across multiple detection tool layers. An analyst may understand the context behind a spear phishing attachment by reviewing the data from their respective email gateway. More importantly, if there's any correlation of activity tied to that user, a CrowdStrike identity policy trigger can bring more awareness into potential credential abuse. A responder may also need to exploit timeline perspective of these events, which will quickly provide a chronological representation of each event from each disparate log source correlated in a logical root cause analysis view.
Finally, analysts have the option for a graphical representation of an incident. Using graph technology, responders now have cross-domain attack path views via an interactive map of the entities involved in the XDR event. This allows analysts to quickly streamline triage approaches by investigating all facets of an attack. This may include pulling additional contextual data like parent processes or additional relevant indicators to the investigation. Using Falcon Fusion, CrowdStrike's native orchestration tool, responders also have the ability to automate complex workflows in an effort to speed up incident triaging. Workflow options are vast. With our growing ecosystem of partner tools, Falcon Fusion seamlessly integrates into partner applications to enrich notifications, detections, and active response logic. With Falcon LogScale as the underlying data repository, analysts have access to a feature-rich query language for complex queries across large data sets in lightning-fast speed.
That's the future of cybersecurity. Best of all, that is here today. Now to round this out, let's end where we started. Customers choose CrowdStrike because we stop breaches. We're easy to deploy, easy to manage, and deliver significantly better economic outcomes. We're incredibly proud to have been recognized directly by our customers as being number one in EPP and EDR across leading independent customer review sites, including G2, PeerSpot, and TrustRadius. We've been recognized by leading third-party testing firms such as MITRE, where we achieved the highest detection coverage out of all vendors tested in the MITRE ATT&CK Managed Services evaluations. We've been recognized by SE Labs, where we achieved a 100% ransomware prevention, which is incredible. These are only a few accolades our platform has achieved, but they're incredibly important ones to me. The reason for that is they represent the voice of our customer.
To bring our values to life, I want to take you through a few stories of why CrowdStrike replaced Microsoft Defender. As you heard from George, trusting Microsoft for your security leaves you with compromise, complexity, and in many cases, catastrophe. Let's dig into why two customers switched from Microsoft to CrowdStrike as their cybersecurity partner. Let's start with how we provide superior security. A large school district moved from Microsoft Defender due to its inability to detect, let alone stop, a large-scale malware attack across the district. In this case, Defender was fully up to date. The attack resulted in thousands of lost productivity hours as the school re-imaged almost 6,000 machines, grinding productivity and student activities to an absolute halt. Not only this, but Microsoft produced 10 times the amount of noisy detections that further burdened their overwhelmed security team with false positives.
With CrowdStrike, we replaced Defender district-wide to immediate prevention and cut their triage time from 20 minutes per detection to less than five. We are incredibly proud to have given this customer confidence and peace of mind when they needed it, giving them the hours of time back so they can avoid catastrophe. Our next Microsoft replacement focuses on a U.S. state with multiple agencies that upgraded over 600 agents from Microsoft Defender to CrowdStrike. This customer had dozens of operating system editions and operating system versions, including about 30% of their estate running versions that were out of support or outdated. What does this mean? It means that they couldn't even get the latest protections. Since Microsoft Defender is bound to the operating system, it requires the latest version with the right support and licensing for consistent protection.
What we hear from customers is that it takes more time figuring out Microsoft's licensing and dealing with constant operating system updates than actually spending time protecting their organization. How does that differ with CrowdStrike? With CrowdStrike, the customer was able to deploy consistent best-in-class protection across their entire estate. That was always up to date and worked regardless of operating system version. We delivered this through our unified agent, which means we cut complexity while giving them better security, and the customer was able to save $6.4 million over three years by avoiding the hidden costs of Microsoft Defender, including the operational complexity of upgrading their operating systems, licensing support, and the right versions, and dealing with the potential of a breach. We heard George talk about how we win against Microsoft. He closed out the 3 Cs of Microsoft.
Let me bring in and introduce Tim Parisi, Senior Director of Professional Services at CrowdStrike, to share an incredibly compelling story about a former Microsoft customer that brought in CrowdStrike services to remediate an incident. This global services firm used Microsoft Defender, but its lack of coverage and overall complexity ultimately led to a breach. Welcome, Tim. Why don't you give us a quick background on yourself and your role here at CrowdStrike?
Absolutely, Mike. I've been at CrowdStrike for six years. I have over 15 years of experience leading incident response investigations for companies who fell victim to state-sponsored or e-crime attacks, many of which have made the headlines. As part of these investigations, my team and I help organizations during their toughest times to contain a threat and identify the who, what, when, and how of the breach.
Well, we're lucky to have you and your team here at CrowdStrike. Our customers get incredible value from what you all do every day. I wanna jump into a case study and ask a couple of questions, if I can. I think let's start at the top. You know, you see this every day. You understand this better than everybody. Customer environments can be incredibly complex. There's different operating systems. There's legacy technology. I'd love to hear your perspective on why comprehensive coverage is just so important to alerting and why it's so important to being able to stop adversaries, and why this example here, a lack of coverage led to this breach.
Sure. Well, in this case, the customer was using a managed detection and response or MDR provider for short to perform an investigation of activity shown by their Microsoft Defender console. In this particular case, the alerts from Defender for Endpoint and Identity were not unified. They didn't provide actionable information for the MDR provider to understand what was happening. As a result, they failed to thoroughly investigate and even escalate security alerts. In an incident response situation, comprehensive coverage of those tooling and alerts across the environment's critical. Otherwise, you get detection gaps like we saw here.
This customer used Microsoft Defender for Endpoint and Microsoft Defender for Identity, but they still missed the attack. You know, why is that given they use both?
Yeah. You know, in a breach situation, every second counts as we say, and complexity is the enemy of speed. In this case, Microsoft Defender for Identity alerts were actually in a separate area of the Defender suite, and none of the alerts were linked to Defender for Identity. None of that EDR data was correlating nicely with Identity, and it just created mass confusion for the clients and for the MDR, unfortunately.
You talked about alerts. Let's touch on that a little bit. Is it common for a company of this size to have upwards of hundreds of alerts a day? How do they deal with that?
Yeah. A company of this particular case, I'd classify as a medium to large size organization. Typically, what we run into on the front lines is you're seeing companies encounter hundreds, if not thousands of alerts in their various security tooling consoles, and it ultimately results in what we call alert fatigue and disorganization. Ignore alerts that shouldn't be ignored and miss alerts that really shouldn't be missed just within all that noise. Unfortunately, that's what we saw here.
All right. Let's really get to the crux of the issue here, how we help the organization ultimately remediate the breach, and how do we protect the customer. Talk a little bit about, you know, really what we did as part of this engagement.
Yeah. Well, we started by using security tooling that sets us and the customer up for success, and that's the Falcon platform. This customer had deployed Falcon to roughly 7,000 systems in 36 hours, and with our unified sensor had both Insight XDR and Identity Threat Protection modules enabled via one agent flowing unified data into one console. This allowed our incident responders to execute a rapid response plan containing and eradicating the adversary within hours while not disrupting business operations. Insight XDR allowed us to investigate and remediate the endpoints while Identity Threat Protection allowed for seamless visibility and easy controls into Active Directory. Using this detection data from Falcon, we leveraged our threat intel team, and we quickly identified the adversary was a state-sponsored group from China. They placed multiple web shells on servers running Microsoft's Internet Information Services for environment persistence.
They used what we are referring to as living off the land techniques, which means using native Microsoft tools to carry out the attack while staying under the radar. In this case, the adversary used native tools such as MSBuild to invoke malware to compromise endpoints running the Windows operating system. They were even able to steal all Active Directory accounts and corresponding password hashes despite using Microsoft Defender for Identity and when the dust settled, our team found the environment for approximately one year, which is disappointing given the investment this customer made in Microsoft security. At the end of the day, I'm glad we were able to help the customer evict the adversary.
Thanks, Tim. A great example of how catastrophic a breach can be and a powerful example of the efficacy of the Falcon platform, as well as the value that our professional services group can provide to our customers in these worst case scenarios and in their time of need. Today, we've been able to highlight the unique and differentiating innovations of the Falcon platform across Falcon Identity Protection, Falcon Cloud Security, Falcon Surface, and XDR. This is only a glimpse of the sustain innovation the team is driving every single day here at CrowdStrike. I felt it was important to carve out our time and show you what our customers experience and why they trust CrowdStrike with their cybersecurity requirements.
We're proud to be building the world's best modern XDR platform with the agent as a delivery system for new modules. At the end of the day, here is what matters. We deliver better security that's easier to manage, it's easier to operate with much better return on investment. That's why CrowdStrike continues to grow. It's why we are continuing to take share. I'm incredibly excited to share more with all of you in the future. A thank you from me. Thank you for all of your attention today and your engagement. I look forward to your questions at the end. With that, I'd now like to introduce Burt Podbere, our Chief Financial Officer.
Thank you, Mike, and thank you everyone for joining us today. First, let's set the stage with what we achieved today. It has been another year of milestones for CrowdStrike, setting new records in multiple areas, even as the macro environment changed. This year, we added $828 million of net new ARR, growing ending ARR 48% to reach $2.56 billion, marking another year of incredible growth at an ever-growing scale for CrowdStrike. We delivered another record year for net new logos with over 6,600 net new subscription customers, bringing our total reported customers served to over 23,000. We also continued to achieve strong unit economics and drive increased leverage. Non-GAAP subscription gross margin of 78% remained within our target model, even as we invested for future growth and brought new capabilities into the platform.
We grew operating margin by 235 basis points, delivering 15.9% operating margin for the year. We also delivered at least 30% free cash flow margin for the third consecutive year. For fiscal year 2023, we achieved a rule of 85 on a free cash flow basis. Taking a longer review of our growth trajectory to date, you can see sustained high growth at scale as reflected in our five-year figures, which are around 80% for ending ARR and total revenue, with subscription revenue at 7%. We continued to see strong growth in both domestic and international markets with a long runway to continue gaining customers, expanding adoption of the Falcon platform, and growing our market share. Our professional services revenue contributed 6% of our total FY 2023 revenue and continued to grow nicely.
Looking deeper into the strategic nature of our professional service group, it continues to drive new platform or subscription business. Among organizations who first become a customer after February 1st, 2021, for each $1 spent by those customers on their initial engagement for our incident response or proactive services as of January 31st, 2023, we derived an average of $6.07 in ARR from those subscription contracts, up from $5.71 and $5.51 in the previously reported years. Highly strategic portion of our business has been extremely successful, not only by itself, but in driving software platform cross-sell opportunities for us.
As we discussed on our earnings call, we remain steadfast in our vision to grow ending ARR to $5 billion or more by the end of fiscal year 2026, even as we expect to continue encountering macro environment headwinds in the near term, including a 10% year-over-year headwind to net new ARR in the first half of this fiscal year. Despite these near-term factors, we see an achievable path to reaching $5 billion or more in ending ARR by the end of FY 2026. Let's take a closer look. You all know I prefer to illustrate things as simply as possible. In that vein, for illustrative purposes, I would like to show you the minimum net new ARR are required to get us there.
In FY 2023, we added $828 million in net new ARR, bringing the ending ARR to more than $2.5 billion. While I'm not providing explicit guidance on how exactly we expect to get to $5 billion, and I'm not even suggesting this would be a likely scenario, building on that strong foundation, if we just repeat what we did in FY 2023 and add $828 million in net new ARR in each of the next three fiscal years, we would end FY 2026 with $5 billion or more in ending ARR. Now, let me reiterate that I'm not suggesting or guiding that net new ARR will remain at $828 million for the next three years.
As we discussed on our earnings call, our assumptions to have FY 2024 net new ARR assumption of roughly in line to very modestly up year-over-year with consistent macro impacts that we saw in the back half of FY 2023. Beyond FY 2024, we assume net new ARR to return to year-over-year growth, assuming macro conditions remain consistent. Let's take this illustration one step further and take a peek at the minimum dollar-based net retention rate required in each of these years if all we did was deliver $828 million in net new ARR for each of them. Last year, a little over half of net new ARR was derived from expansion.
If we play that forward and assume a consistent ratio of new versus expansion business the next three years, that would mean we would only need to have a net retention rate of 117% in FY 2024, 113% in FY 2025, and 110% in FY 2026. In FY 2024, we expect to achieve a dollar-based net retention rate at or above our 120% benchmark. Take the numbers you see on this slide as they are intended, a simple illustration of the minimum required. Our best-in-class gross retention rate, strong dollar-based expansion rate, growing customer base, and our meaningful technology differentiation give us confidence in our ability to reach our vision and profitably grow this company to $5 billion in ARR and beyond.
Let's dive into some of our growth dynamics that are helping us drive towards these ARR milestones. Our growth drivers have not fundamentally changed, we continue to thoughtfully and strategically invest in them as we execute on our strategic initiatives and transform the security industry. We intend to continue to take market share by landing customers at a rapid pace across all facets of the business market, capitalize on our increased momentum with partners, expand our wallet share by driving module adoption with new and existing customers alike, entering into new adjacencies, and maintaining our strong retention rates. We expect to continue driving success in the enterprise by landing and expanding within large enterprises. At the same time, we expect to grow our market presence among smaller companies. I'll take you through some updated metrics that demonstrate how we are doing all of these things.
While we don't manage the business to specific net new logo targets, we are continuing to win customers at a rapid pace. Our win rates remain high. We believe that we are clearly gaining share. We've made phenomenal progress in our net new logo acquisition, with subscription customers growing 41% to reach 23,019 total customers in FY 2023. This does not include the end customers that are served through our MSSP channel, which we estimate are over 18,000 and counting. We believe we have only scratched the surface in terms of number of companies that are out there. While we have achieved tremendous success to date, there are many more customers to win globally in the enterprise, mid-market, and SMB. Let's take a look at the growth of the minimum spend required among our top accounts.
The minimum ARR to make it to our top 25 is now $7.2 million, a 57% increase over the prior year and 7x over five years ago. $2.9 million is required to be a top 100 customer, a 32% increase over the prior year and 10x over five years ago. To be a top 400 customer, a minimum of $1.1 million, a 42% increase over last year and a significant increase over just $60,000 in FY 2018. Let's take a moment to let that sink in. Just five years ago, we only had 400 customers with greater than $60,000 in ARR. Now, a customer needs to spend more than $1 million to be considered a top 400 customer.
I believe this is just one trend that demonstrates the immense success of the Falcon platform, our ability to not only rapidly innovate and expand the definition of endpoint security, but also drive adoption and deliver real value to customers. The enterprise isn't by any means our only focus or our only area of success. We are driving growth across the market as well. Demonstrating our progress in FY 2023, the number of customers with more than $1 million in ARR stood at 436, a five-year CAGR of 71% and 44% growth from last year. The number of customers with ARR between $100,000 and $1 million stood at 3,553, a five-year CAGR of 68% and 43% growth from last year.
Finally, smaller accounts with ARR below $100,000 stood at 19,030, representing the bulk of our subscription customer base with a five-year CAGR of 82% and 41% growth from last year, showing that we are seeing strong growth across the spectrum of customer accounts. As we move to an ending ARR view of those same groups, you can see exceptional growth across all categories. You can also more clearly see the dynamic we have discussed a number of times where we see the bulk of new logo acquisition coming from the lower end of the market, whereas the bulk of ARR dollars is derived from the higher end of the market.
Regardless, we see strong growth across all three categories with the greater than $1 million ARR category growing 57% year-over-year with a five-year CAGR of 87%, the $100,000 to $1 million category growing 43% year-over-year with a five -year CAGR of 71%, and the less than $100,000 ARR category growing 37% year-over-year with a five-year CAGR of 79%. Module adoption is another area where our trends continue to be exceptional, showing that customers are adopting more of the platform than ever. Just as we are winning new logos and driving increased ARR across all segments, we are also driving module adoption across the market.
Customers across every group have increased the average number of modules that they are using, which is reflected in the increase of our % of module adoption stats that we speak to every quarter. Increased module adoption, regardless of the customer size, demonstrates the applicability of the platform across the market. We also continue landing new customers with more modules. The average module count of a new customer has increased from 4.7 modules last year to 4.8 this year. This has grown 118% over the last five years. We see this dynamic increasing for a number of reasons, including as our brand recognition grows, customers are increasingly likely to embrace the platform more fully in the initial land, especially as customers look to consolidate vendors, streamline operations, and reduce headcount.
Second, we are providing compelling value to customers as we expand the platform to cover new adjacencies and non-security use cases. This goes back to the power of the platform as customers can run more and more of their processes through Falcon and build a virtuous cycle as they only get more visibility and value out of their data. You can see that our metrics on customers adopting five, six, and seven or more modules have been on a steady march upward quarter after quarter. This demonstrates clear buy-in on the platform strategy by customers as we redefine endpoint security and solve more and more use cases with our single agent platform.
Another area where we see a lot of opportunity for growth is with our emerging group. Modules in this group were once considered adjacencies, but as George and Mike discussed, with our unique XDR agent as the delivery system, we have made them deeply integrated critical capabilities accessible on the Falcon platform. This group currently includes our Discover, Spotlight, Identity, and Log Management, which are all meaningful contributors. Ending ARR for modules for this group grew 116% to $339 million in ending ARR in FY 2023, and over 4,500 customers have adopted two or more of these modules. In order to address the growing problem of identity-based attacks, we think every organization should add identity threat protection to their arsenal to fight cyber adversaries.
In FY 2023, our identity modules grew to become the largest contributor to ARR within the emerging group category with over $100 million in ending ARR. LogScale posted over 200% ending ARR growth. Our success to date in these areas demonstrate that Falcon is a true extensible cloud platform with significant growth opportunities in front of us as we add new capabilities to the platform and continue to redefine the very essence of integrated security. We believe this truly differentiates us from any other competitor in the market today, provides a wide competitive moat, and drives customer retention.
Given the rapid evolution of the threat landscape, it's important for customers to have a platform that can dynamically address new threat vectors such as public cloud environments. New and growing threat vectors represent new growth opportunities for the Falcon platform. For example, ending ARR from deployments of Falcon in the public cloud grew 111% year-over-year, surpassing the $200 million milestone. Recall that this represents a deployment view and refers to any module deployed in the public cloud. Today, we have over 7,000 customers who have deployed Falcon in a public cloud environment. That represents nearly a third of our customer base at the end of FY 2023. While we view that as a great start, we think there's a lot of headroom within these accounts, within the rest of the CrowdStrike customer base, and of course, with new logos.
I'd also like to note that the landing dynamics in the cloud generally start with smaller initial deployments and offer larger workload expansion opportunities, which is very different from what we see in traditional endpoint, where we are generally deployed wall-to-wall out of the gate. As you heard George discuss earlier, our partner ecosystem is a critical part of our go-to-market motion across all segments of the market and a significant area of investment and growth for CrowdStrike.
In FY 2023, we saw our partner-sourced ARR increase year-over-year by more than 50%. To illustrate how partnerships can act as a force multiplier for our and our partners' growth, I'll dive into a brief example of a partner case study. The partner in this example is a major IT services provider with deep roots in storage, compute, data center, and networking. They produce approximately $15 billion in revenue with thousands of global customers. Many of the world's largest organizations turn to this partner for key technology strategy projects. In just the last 18 months, they've closed more than $200 million worth of CrowdStrike Falcon deals.
In only a short time together, we've built a scaled global practice focusing on legacy AV replacement, XDR projects driving vendor consolidation, identity and cloud security, and log scale projects. Together, we're bringing the Falcon platform and capabilities to both new accounts and existing customers. While we're still in the early innings of this partnership, our work together exemplifies CrowdStrike's leadership and shows why our partner focus go-to-market creates a win-win-win, where customers win, partners win, and CrowdStrike wins.
Moving to our dollar-based net retention rate, we remained above our benchmark throughout FY 2023, which further demonstrates the success of our land and expand strategy, especially in light of our growing scale. Similarly, our gross retention rate remained best in class throughout FY 2023, exiting the year at 98.0%. We've seen meaningful contributions to DBNR from both the expansion of the number of sensors as customers increase Falcon's footprint across their environment and from cross-selling as customers purchase additional modules. In FY 2023, we once again saw close to a 50/50 split between expansion and module cross-sell, similar to the prior year. Now, let's dive into the significant runway for growth available to us within our existing customer base and existing modules. Looking at this from a white space perspective, the question is: what does our total addressable market look like within our own customer base?
In FY 2022, we achieved $1.7 billion in ending ARR with a healthy net retention rate as our upsell and cross-selling motions are very mature. Expanding on that cohort, if our FY 2022 customers adopted the entire platform that was available to them at the time with the same number of endpoints and consistent ASPs, the platform opportunity would be equal to more than 4x FY 2022 ending ARR for an $8.7 billion combined opportunity, showing a significant runway to add net new ARR from within our existing accounts.
Using the same methodology for FY 2023, the incremental FY 2023 platform opportunity of the customer base is at approximately $9.6 billion for a combined $12.2 billion opportunity, approximately 3.7x our FY 2023 ending ARR and approximately 37% growth in opportunity from the prior year. Looking one layer deeper, the white space opportunity is roughly split between three categories. First, faster growing modules including CNAPP, Identity, and LogScale. Second, managed services. Third, all other modules XDR Falcon platform. While we don't assume that every customer will adopt the full Falcon platform, the magnitude of expansion in the total opportunity speaks to the extent to which we are increasing the value we can provide to our customers and the rate at which we are expanding the capabilities of the platform.
Far, I have focused on growth, but as our efficiency and profitability metrics reflect, we are not a growth at all cost company or management team. We have made incredible progress on our march to our target model and still have incredible leverage to realize. Let's take a look at gross margin. One of the core benefits of the immense differentiation we have in the Falcon platform is a very strong and defensible stance with regard to ASPs. When we think about quarter-to-quarter fluctuation in gross margin, it's not so much about pricing, it's more about enhancements on the optimization of infrastructure or incremental new data that we are collecting or integration of newly acquired technologies.
We've been doing a lot of investing in our own infrastructure, and in Q1, we're expecting to see up to 1 percentage point incremental increase in our subscription gross margin as some of the fruits of our labor are going to pay off. On the COGS side of the house, the drivers are continued public cloud and data center workload optimization, public cloud cost optimization as we scale, and ongoing integration of redundant infrastructure associated with the acquisition of LogScale. We've been investing for years in our private cloud, and we've made some great strides there, and over time, we look forward to being able to get to the top end of our long-term range because of those investments that we are making today. We believe it's not all going to come at once, but it will come over time.
We have seen a steady progression in operating margin expansion ending the fiscal year at approximately 16%. On a dollar basis, our non-GAAP operating profit grew more than 80% in FY 2023 as we recognize the benefits of the significant leverage in our model. I'm incredibly pleased with our margin performance, especially in combination with our scale, continued investment in innovation, and the aggressive hiring plan that we executed in FY 2023, in which we grew the size of our team by 46% year-over-year. The net effect of this is the incredible amount of cash that the business model delivers. We have grown from $12 million of free cash flow in FY 2020, the year of our IPO, to well over $600 million in free cash flow at 30% of revenue in FY 2023.
We believe that we have a model capable of delivering durable free cash flow margin of at least 30%. FY 2020 was our first year to generate positive free cash flow with our margin for that year at 3%. In each of the three years since then, we have delivered 30% or greater free cash flow margin. While we expect there to be seasonality in free cash flow on a quarter-to-quarter basis, one of our key targets in managing the business is to deliver at least 30% free cash flow for the year. The top line, increased gross margin, operating efficiencies, and increased interest yields are positive drivers to free cash flow margin. These can be offset by duration, such as when multi-year lands renew with shorter terms, flexible payment terms as we partner with our customers, and increase CapEx and cash outlays for taxes.
For FY 2024, our free cash flow margin target of 30% is inclusive of estimated full year impacts from billings duration and cash taxes balanced by the positive tailwinds of increased operating leverage, higher interest income and lower CapEx. Looking into FY 2025, we view 30% free cash flow margin as our starting point and see a path to delivering between 30% and 32% free cash flow margin for the year. Looking one year beyond that ino FY 2026, we see 32% free cash flow margin as our starting point, up 200 basis points from the prior year's starting point. Looking at all of this in the context of our target model, we have made significant progress. In our last three reported fiscal years, subscription gross margin, R&D, G&A, and free cash flow margin were all within our target ranges.
I think it is clear from our phenomenal performance in Q4 and fiscal year 2023 that our model is highly leverageable, and we are operating very efficiently as a company, achieving a high ROI on our investments. We believe our business model is capable of delivering our target operating income target in the near term. We do not think that would be the best course of action given the massive market opportunity we see at hand and our strategic position within the ecosystem. We are an innovation company. As we presented to you today, we have our sights on building an even bigger company, and we are bullish on our opportunities and ability to execute on our vision.
As such, we are continuing to increase investments in key areas, including building out our global footprint, which includes sales, partners, channels, and international markets, investing in our modern XDR platform. Data protection, identity protection, log management, observability, and XDR. As our FY 2024 guidance reflects, we expect to deliver increased leverage at approximately 30% free cash flow margin even as we grow and aggressively invest in the business. As highlighted with the green boxes on the slide, we expect to maintain subscription gross margin, sales and marketing, R&D, G&A, and free cash flow margin within our target range on an excluding any potential M&A. We expect to achieve our operating margin target model sometime within FY 2025.
While we expect to see fluctuations on a quarter-to-quarter basis, we expect to realize more of the benefits from the investments we are making today in COGS optimization that will translate to gross margin in FY 2025. What is nice about scale and an efficient go-to-market engine is even small incremental refinements in gross margin can lead to meaningful operating margin uplift. Longer term, we see room to exceed these targets beyond FY 2025. This is just the beginning. We have our sights set on a much larger goal of reaching $10 billion in ending ARR. The investments we are making today are designed to flight the company for success to reach our goal of growing to $10 billion and beyond.
Here are the areas that really excite me, we believe have the biggest opportunity for growth on the Falcon Modern XDR platform as we look ahead: LogScale, data protection, CNAPP, identity theft protection, and continuing to capture market share from legacy vendors. Bringing this all together, I'd like to end on what I personally believe puts CrowdStrike in a league of its own. This time last year we shared with you that CrowdStrike has the winning formula of rapid growth at scale and strong free cash flow. We showed that while there were over 40 public enterprise software companies with over $1 billion in LTM revenue, only five had a growth rate greater than 60%, and only CrowdStrike had both of those attributes and delivered a 30% free cash flow margin.
This year, as we surpass the $2 billion LTM revenue milestone, CrowdStrike remains in a league of its own. Based on the most recently reported figures, there were only 26 public enterprise software companies with more than $2 billion in last 12-month revenue, and just two of those companies were growing at an LTM rate of 50% or more. Those included CrowdStrike and Snowflake. Only CrowdStrike delivered this scale and growth in combination with a 30% LTM free cash flow margin, a truly remarkable feat that every CrowdStriker should be very proud about. In summary, I've never been more excited about the opportunities for CrowdStrike. I look forward to continuing to profitably scale our business and invest in our opportunities. Thank you very much.
Before we open it up to Q&A, I will turn it over to George and Daniel to discuss our partner program in more detail.
Thanks, Burt. Before we open the call for questions from the audience, I thought our audience would like to hear from Daniel Bernard, our Chief Business Officer, to get his take on our partner initiatives and SMB program. Daniel, you recently joined us from SentinelOne, so tell us about your new role at CrowdStrike.
George, thanks. It's a pleasure to be here and greet you and greet everybody. As Chief Business Officer here at CrowdStrike, I'm looking after our partner community. It's a vast network of thousands of resellers, technology alliance partners, system integrators, and the long tail of MSPs that we can really mobilize to transform our business and change cybersecurity as a whole
In addition, SMB is also something that I'm looking after. Huge opportunity in the TAM to go and disrupt it, just like we've been doing in the enterprise for so long. We're well on our way. There's a lot of TAM out there for us to replace legacy products and bring the power of the Falcon platform to SMBs at scale all around the world.
What are you hearing from the partner community?
Yeah. I think what we're hearing from the partner community, and you and I have been out on the road visiting these folks quite a bit the last couple of weeks, is really some consistent information. One, CrowdStrike is the technology that customers want, that customers need. Two, customers need consolidation. They're looking for platforms that enable leaving many different point products and optimizing workflows, optimizing spend, and optimizing capabilities. Three, we've got the programs, the plan right here to help partners be successful. At the end of the day, what partners are keen to do is help customers stop the breach. We're the technology to enable that. We're the technology to build a business around. We're the technology that can really transform this market, the partners are just craving to work with CrowdStrike and sell the modules, sell the story, and sell the outcomes.
You're right, traveling around and meeting with many of the partners with you, it's been just a great feedback in how many partners wanna continue to work with us, and new partners wanna work with us. One of our best, biggest, and greatest partners is AWS, and We've grown to be one of the top ISVs for them. Can you provide some insight on how things are going with AWS?
Sure. We don't really break out individual partner-specific information, CrowdStrike was super early to invest with AWS and build out a cloud first go-to-market to help customers that were using us on endpoint transition to helping secure the cloud. What I can say is we're seeing huge momentum with AWS. The amount of partner sourced revenue that they're bringing to the table for us is unprecedented. AWS would tell you that we're one of their most successful ISV partners, security partners. We'd say the same. Really the results of taking the partner community, leveraging that with the AWS Marketplace, it unlocks a huge TAM, deal velocity, and amazing results for our sellers, even more results for our customers that are looking to use their AWS spend credits on the latest and greatest cybersecurity. That's right here. That's right here on the Falcon platform.
Now, there's been a lot of excitement about the Dell announcement, can you share with the audience the different ways we're working with Dell and how it expands our market reach?
Sure. I'm really excited about the Dell announcement. I've worked with Dell a number of times in my career. In the long term, this is a game changer for CrowdStrike. What Dell does for us is a number of different things. One, it brings us to new markets, new TAMs globally. This is a global partnership. Dell sells us on the box, that's with PCs for businesses of all sizes. Dell also has the ability to sell the entire Falcon platform, bring that to market to customers. In addition, Dell has a managed service to help companies optimize how they want to consume cybersecurity. We're there as well.
Last but not least, down in the SMB space, new packaging models that we're able to trial with Dell, such as a monthly subscription, device as a service, all these different routes to markets, all these different geos, all these different customer outcomes are all serviced through Dell, which really represents about 30% of the PC market today. Huge opportunity for us, and we're just getting started.
Lastly, let's dive into SMB opportunities. We've talked a lot about that recently. It's not something that we just started. Been working on it for many years. How do you think about that opportunity to penetrate the SMB and drive better outcomes for customers in what I would call a traditionally underprotected and very fragmented market?
Yeah. I think let's first start talking about the market. This is a market that's significantly still using legacy subpar products, and if you look at it first, do we have the right technology? Product market fit. With solutions like Falcon Go, super easy to deploy, no updates required, no interoperabilities. Set it, forget it. This is something that's perfect for SMB customers. Two, the routes to market and optimizing those, and I think to what you were just talking about, this is something that CrowdStrike and specifically you were thinking about earlier on, that Atlassian model. Go to crowdstrike.com. You can click on the buy button. You can buy the software anytime, you can try it anytime, and we're the only company in the market that does that.
We make it extremely easy for customers of all sizes, specifically SMB, to get started and see success right away. You look at partnerships like what we're doing with Dell. You look at the power of some of our partners that really serve the small and medium business. You look at what we're doing in the MSP space. This is the technology that can solve the problem, that can stop the breach, that can transform cybersecurity, and there's a compelling event out there right now. What is the compelling event? It's cyber insurance.
Every business, large companies, small companies, businesses of all sizes, they're being asked to make sure that they adhere to certain cybersecurity standards, that they optimize and transform their cybersecurity stack so that they can qualify for insurance. Cyber insurance is something that's on everybody's mind. Businesses of all sizes, specifically SMBs, they all know somebody, or maybe it was them, that was impacted by a breach. The market is ready for this transformation. We have the technology to do it, and there's a lot of TAM out there for us to go address in the SMB.
Well, thank you, Daniel. Really exciting to have you on the team. Let's turn the call over to Maria for our Q&A session.
Thank you, George. We will now take questions from our covering analysts. As a reminder, if you wish to ask a question, please make sure your Zoom username is easily identifiable and use the raise your hand feature on the bottom of the meeting window. When you are selected for a question, please be prepared to turn on your video and unmute your microphone. There might be a slight delay as you are prompted into the live queue. We ask that you limit your questions to one and return to the queue. Our first question is from Saket Kalia of Barclays. He will be followed by Sterling Auty of MoffettNathanson. Saket, please proceed.
Okay, great. Hey, Maria, can you hear me okay and see me okay?
Yes, Saket.
Okay, great. Awesome. Well, hey, thanks everyone for taking my question here and for hosting this session. George, I wanna pick up just off that last topic that you were talking about with Dan, on SMB and maybe just connect that a little bit back to some of the really helpful stuff you gave on just the competition with Microsoft. You know, I think the 80% win rate in the enterprise was great to see. George, maybe you could just talk a little bit about how that compares in the SMB and how Falcon Go can perhaps replicate some of that success down market as well.
Well, Saket, I think it's very similar in the SMB space. Customers that have been using a variety of technologies, whether it's Microsoft or other legacy technologies, have had issues. They've had ransomware issues. They continually struggle with a lot of the security implementation. When we have the opportunity to show them and get engaged with them with Falcon, more times than not, we're gonna win. One of the other areas for a smaller SMB, when you talk about Falcon Go, is also being able to upsell them into Falcon Complete. We have so many small businesses that have a lot of risk. They can't get insurance, they need insurance, and they turn to something like Falcon Complete, which is an absolute game changer. That's really, I think, a huge opportunity for us.
It's much differentiated than anything Microsoft or others offer in the market today, and it's set up based upon the platform architecture that we have.
Makes sense. Thanks, guys.
Thank you.
Thank you, Saket. Our next question is from Sterling Auty of MoffettNathanson. He will be followed by Joel Fishbein of Truist. Sterling, please proceed.
All right. Thanks, guys. I wanted to ask about cloud, the couple $100 million in ARR. I think, Burt, you mentioned that you land small and grow with the workloads. I'm curious about what the opportunity is to actually penetrate existing workloads, or are you really tied to just new workloads, which, you know, unfortunately we're seeing that growth slow due to macro?
Hi, Sterling. It's Mike. I can jump in there. It really is both, to answer the question. Obviously we've got a lot of organizations that have significant cloud deployments today, and the big thing that I'd call out is they've got a flavor, a version of everything, and that really works well with our strategy, which is to not dictate what cloud people should use, but to give you choice, to give you the ability to run any cloud version you like, any infrastructure you like, and then we'll come in and secure it.
Works very well for what people have today, and then, as people continue to build out and grow and grow aggressively into the cloud, the technology stack allows them to continue and we grow with them, which is part of that simplicity and elegance of the solution that we talk a lot about.
Just to follow on that, we actually have many customers who started in the cloud first. They were on a journey, they may be they were a little bit later in the adoption curve of cloud. They chose CrowdStrike to protect that cloud environment, and they realized how easy and effective it was, and then we actually were able to get the internal, desktop servers, laptops, et cetera.
Understood. Thank you.
Thank you.
Thank you, Sterling. Our next question is from Joel Fishbein of Truist, and he will be followed by John DiFucci of Guggenheim. Joel, please proceed.
Thank you, Maria, thanks for taking the question, lots of great info here. George, or Michael, I would love to just understand Falcon Complete. It sounds like, you know, it seems to us that Falcon Complete, every customer should have it. What's the impediment of not every customer adopting Falcon Complete, what is the strategy to potentially get more customers to adopt it? It'd be really helpful. Thanks.
Hi, Joel. I'll take this one. I mean, look, you are right. It's an incredibly compelling offering. Really when you look at the economic value that a customer gets, they have the ability to get access to Falcon Complete, they have the ability to leverage the platform, they have the benefit of us deploying the capability, operationalizing it, and providing 24 by 7, all year round. The cost benefit to the customer is very clear. They get straight away, they get economic value. It's gonna cost them a lot more to try to hire people to build a 24 by 7 service, to be able to get the skills and keep people employed. It's a tough market, as you know. Very compelling offering.
Look, we're really making sure that people have the ability to get access to Complete. We want people to get the access either directly from CrowdStrike or through our partners. Having Daniel on the team and really building out that capability so people have the choice to work with CrowdStrike or a local partner is part of the strategy. As you've seen, we've also increased the Complete offerings. We started off providing Complete as a service to leverage the Prevent and Insight module with OverWatch, and we've built that out to include identity, to include the cloud. We provide Complete for LogScale. We will continue to innovate in this space as customers are demanding more and more and just getting so much value from it.
I think just to add onto Mike's comments, I think what's underappreciated in our model is the ability to create additional offerings in the Complete product family. You know, as Mike said, we started with one, and now as we've added new modules or acquired new companies, added new technologies, in almost every case, we have the ability to add an additional extension to the Falcon Complete product offering. And that obviously is a massive opportunity for us given the price points for Falcon Complete.
One last point. We often go back to our customers with respect to something called a business value realized. We do a business value assessment. six months later, we go back and show the savings, and if they don't have Complete at that point, we would show them additional savings that is there to be had. It's not something that we, you know, just, you know, try to educate once, but we continue to do that education and to continue to show value in that offering.
Great. Thank you.
Thank you.
Thank you, Joel. Our next question is from John DiFucci of Guggenheim, and he will be followed by Alex Henderson of Needham. John, please proceed.
Thanks, Maria. Thanks for getting me in there. I was getting all confused there. Anyway, my question is actually for Daniel or if he can answer it, there he is. Maybe George, you come in on this too. It makes a ton of sense for you guys to go. The SMB for you, we, I see as sort of a all green field opportunity. It's not some place you've ever really gone after aggressively. Maybe you've picked up customers along the way, but nothing like what's out there. It's also traditionally a very cost sensitive market, and your premier product is also usually sold at a premier price 'cause it's the value selling, right? I guess I'm just trying to figure out how you combat that, I don't know.
Your thoughts around it.
Sure. John, let me jump in there. First, the market's at a maturation point where the existing solutions and products that are there just aren't good enough, and customers are really looking for something different. There's a willingness to pay, we've tested that thousands of times over. There's a willingness to pay for a superior product, a superior outcome, that's number one. Two, it really dovetails nicely into the role in what I'm doing here, the partners play such a pivotal part in our go-to-market in that part of the market specifically. The way that we're gonna dominate the SMB isn't by hiring another couple thousand reps or hundreds of reps. It's gonna be by activating the partner ecosystem to really focus there and work with the kinds of partners that really specialize in that area of the market.
It's really a different go-to-market motion for us. The third is really just the product market fit and having this ubiquitous brand, the trust in the market. I mean, folks drive to work, they hear George on the radio, they watch on TV, they know CrowdStrike, they know it's the best cybersecurity. They read the Global Threat Report. They call their cyber insurance broker, they hear about us there. This market is ours for the taking. We're not gonna do it on the cheap. We're gonna make sure that we're offering the right value.
Okay. That makes sense. I'd like to see George wear that jacket on TV next time, but go ahead, George. I actually like it.
Good. Good. I'll let my wife know. At the end of the day, when you look at this market, as we talked about, SMB is very fragmented, it really is the partner community that's gonna help. I sometimes make the joke, it's a little like the AV world at your house, you know? You just want the AV to work.
Right
... whatever they recommend, you kind of go with. That's kind of the relationship that's out there in the SMB market. If you are the recommended solution, you're gonna get in at the right price point. Just to even further the comment on the willingness to pay, we've had customers, and, you know, I've talked about stories like this over and over, that have come in, bought $2,000 of, you know, Falcon Go, and then we upsold them to $40,000 of Falcon Complete. Yeah, a lot more money, but when you look at what we were giving them, they couldn't even hire, you know, a quarter of a person to do what we were doing for them. By the way, they were getting discounts on their insurance with Falcon Complete.
Okay.
It's a huge opportunity. When you package it all up, you look at the total value, it becomes a no-brainer, which is why so many small businesses have chosen Falcon Complete.
Okay. I guess, and I'm sorry, it's the same topic, Maria, but just that go-to-market difference. Can that also be a lower cost go-to-market? You can play a little bit with price if you, if you want to.
We have the flexibility to play with price there. With Falcon Go, we have a lot of flexibility, and the partner ecosystem, you know, we know where we need to be, and we can absolutely be in that ballpark, and then we have the ability, obviously, to upsell adjacent modules and things like Falcon Complete. Once we get in, we know we have a history of being able to cross-sell. You can see it in all our numbers, and that's the goal in the SMB space.
Great. Thank you.
Thank you.
Thank you, John. Our next question is from Alex Henderson of Needham, and he will be followed by Brian Essex of JP Morgan. Alex, please proceed.
Great. Thanks so much, Maria. George, it's great to hear you reiterate the importance of seeing you not as an endpoint company, but, you know, definitively as a platform. I wanted to shift the question a little bit over to what I think a lot of people are worried about in terms of risk, and maybe I can get Burt to talk a little bit about a couple of categories of risk. Specifically, you know, what is your finance vertical exposure? Are you concerned at all about the recent
Impact on regional banks, and what that might mean for their spending outlook, and if that's a vertical that has meaningful scale to it, when do you think that might show up in the numbers? Second, along the same lines, lot of companies, particularly in tech, doing staff reductions, reducing their physical footprint, by closing offices, how are you impacted by those dynamics? Is that something that's, you know, a slice of bread or a loaf of bread? How big a risk do we have to those two variables?
Yeah. Look, I'll take the first and, you know, talk a little bit about the banking sector. First, for us, you know, in the regional banks, we have low single percent of ARR in that bank. The exposure is quite low. For us, you know, that's something that, you know, we're in a really good position, to be able to, you know, minimize that risk. It goes beyond just regional, right? We have, you know, overall, you know, the risk in the banking sector is single low digits in ARR. I'll turn it over to George for the second piece.
Yeah. Just to comment on that first question, it's not like banks are gonna stop needing security. I mean, it's a regulatory requirement, right? Specific to your question around employees, basically what we found is we've hit even a broader sweet spot for companies that have reduced some of their workforce because they don't have the people power to actually protect their environment. What we've seen is there are budgets available, just not for head count. We've been, I think, quite successful in selling Falcon Complete into these organizations that are looking to right size their environment and provide a level of protection and maturity within the security organization through our Falcon Complete offering. That I think has hit a sweet spot for, particularly for those companies that are looking to right size.
Super. Thank you.
Thank you.
Thanks.
Thank you, Alex. Our next question is from Brian Essex of JP Morgan. He will be followed by Andy Nowinski of Wells Fargo. Brian, please proceed.
Brian, you're on mute. Brian, you're on mute.
Okay. Thanks for that. Always make that mistake.
No worries.
Thanks, thanks Maria. Thanks for taking the question. You know, the question was for you, Burt. You know, the margin targets, you know, I noticed that you indicated that they exclude M&A, and you have that nice $10 billion ARR target out there. I guess a couple of points on that. You know, how aggressive do, should we anticipate you might be at pursuing that $10 billion target? And how should we expect the extent to which you might sacrifice margins for M&A? What is your discipline around margin accretion with regard to M&A? Are you gonna set a floor saying, you know, for example, it wouldn't fall below this level?
Is there, you know, an expectation, like if you happen to do a deal that's not immediately accretive to margins, you might set a recovery rate to set expectations around?
Yeah. Good questions, Brian. One, first, before we get to the $10 billion, talk about the $5 billion, again, it's an illustrative example, right, of how to get there. The idea there, the design there was to show many different paths to be able to $5 billion. The $10 billion, you know, is gonna be out even further. We don't know when that's specifically gonna happen. You know, obviously, we think that with the TAM that we talked about and its opportunity and the fact that we are so low penetrated with respect to the TAM, we have an incredible opportunity to go and capture so much more. You know, that was the idea, just, you know, generally in how we think about it. M&A, we've been quite disciplined to date, right?
I'll let Mike take a little bit about that. From a financial profile, you know, number one, we're not growing. We're the company that's not growing at any cost, right? We've been disciplined from day one. Having said that, you know, we're gonna be looking at targets that have been successful for us, right? The ones that are great tech, great people. We're not looking to buy ARR. We think we've got a great, you know, distribution engine where if we do buy great tech and great people, we can plug that in and off we go. I'll toss it over to Mike with respect to, you know, a little more depth on the M&A side.
Yeah, sure. Hey, Brian. Thanks for the question. I think Burt said it really well. We obviously look for the, for great tech and great people, but the thing that I'd put above that is making sure that the great tech and the great people work for our customers. You know, one of the things that we've been really careful about is making sure that the technology that we, that the companies that we acquire and the technology that we wanna bring to market integrates with our security platform and integrates with our endpoint where applicable. It's a, it's a really careful consideration that we make to make sure that the customer doesn't become the systems integrator. We see this all the time.
You look at a lot of companies in security, really a lot of organizations in the tech space that buy a lot of product, and what ends up happening is the end user ends up suffering. We see very commonly a lot of vendors will then go and buy maybe some middleware. They'll go and buy an orchestration platform to try to get all those products to work, and it doesn't really end well for the end user. We've been very careful. We wanna make sure that we stay focused on the areas that are foundational for CrowdStrike and the emerging areas that we talk about. We wanna get products that solve real-world customer problems, but they have to be something that we can integrate. They have to be great.
The technology needs to be highly differentiated. And we're looking for good people. We will continue to be careful in this space.
Okay. Helpful color. Thank you.
Thank you, Brian. Our next question is from Andy Nowinski of Wells Fargo, and he will be followed by a question from Jonathan Ho of William Blair. Andy, please proceed.
Thanks, Maria. Thank you very much for taking the question today. You guys did a great job laying out all the different growth drivers and all the different new market segments, like SMB, that you guys are penetrating. I guess I wanna circle back and talk about the $5 billion ARR target you have. I think you made the argument that that target in FY 2025 is very, is almost ultra-conservative, in that it's, it only requires $830 million in net new ARR growth, or no growth, I should say, flat growth, for three consecutive years. Seems to me like, I guess, number one, why wouldn't you raise that target given all the positives you talked about today? And second, what would have to go wrong to hit that $5 billion target?
Seems like a lot more would have to go wrong versus right for CrowdStrike to deliver $5 billion ARR in FY 2025. Thanks.
Sure, Andy. I'd love to explore that a little more with you. First, again, the $5 billion was, you know, a illustrative design to show you the many paths. I mean, we really look at, you know, the $5 billion as a whole platform sale. This is how our customers view us as well. They're buying the platform at the end of the day. The more foundational capabilities we deliver through our single agent cloud architecture, the more we differentiate ourselves in the market and drive high retention rates. That's what we're really after. We really become critical to the business, and our foundational capabilities drive growth for modules in newer areas that may have once been considered adjacency, and vice versa.
We have this great opportunity to, you know, explore that $5 billion through, you know, our foundational capabilities, as well as our some of our faster-growing, that were age adjacencies that are now converting into our foundational capabilities. We're getting excited about, you know, how to get to a $5 billion from many different angles. I think for now, I think the right answer is to show you those, and to show you how we think about it. There are other many different other angles. We talked about SMB. You know, DB went into it a little more about how he thinks about SMB. You've gotta remember that our tech, we don't have to customize our tech for SMB versus enterprise.
It's that same tech, which is so rare in software, as you know, Andy. That's how, that's how we think about it. We're excited to be able to put out, you know, the $5 billion and different paths to get that, to get there from a, you know, an illustrative example point of view to kind of illustrate, you know, the different levers that we can pull to get there. I think that was the reason behind why we put it out there.
Thank you. Keep up the good work, guys.
Thank you.
Thank you, Andy. Our next question is from Jonathan Ho of William Blair, and he will be followed by a question from Hamza Fodderwala of Morgan Stanley. Jonathan, please proceed.
Hi there. I just wanted to maybe circle back with, sort of the Microsoft question. How often do you see customers that have switched from CrowdStrike to Microsoft switch back? You know, are you seeing any scenarios where, you know, maybe these customers, their testimonies or their experiences are getting out more into the marketplace and sort of altering that dynamic over time? Thank you.
I'll start, and I'll let Mike jump in. We haven't seen many switch, let's start there. That's the good news. I don't know, I guess it's still early in the cycle. I'm not saying someone couldn't have switched, what we find, though, are the customers that have already bought into Microsoft switching to us, we've gone through a litany of those, or at least several in this particular webinar. Again, it gets back to what we were talking about. A lot of times they'll come to us after a breach. A lot of times, they're frustrated. They thought they were gonna pay 1 item, it was a much bigger bill at the end, they got sticker shock.
Again, I kinda see this playing out just like the Symantec/McAfee days, in that, you know, signature-based AV that isn't really... You know, it's cobbled-together consoles that's not stopping breaches is why we've been so successful. You know, customers who may be on Microsoft we think is a great opportunity down the road to come back to come to CrowdStrike. You know, that's what we'll focus on. Mike, you wanna add to that?
Yeah, I think, just to follow on a couple of your comments there, George, what we are seeing is more examples of people coming from Microsoft to CrowdStrike, not from CrowdStrike to Microsoft and then boomeranging back. You know, I wanted to use one example. Obviously, when we, when we reached out to you all and asked what you wanted us to cover and talk about, there was a lot of questions around Microsoft. I thought that was a great example, having Tim Parisi from our services team use and go through an example where somebody had issues and then came over to CrowdStrike. It starts with an incident response engagement, so there's an opportunity there, and then ends up with a platform sale.
Beyond that, we see this quite often. I was with a customer last week who was telling me about the issues that they had. They were a Defender customer. They even brought in Microsoft during a breach, and that didn't go well. They got breached again, then they ended up going with CrowdStrike, and they've had an amazing experience since. That's probably more representative of what we see out there in the field, Jonathan.
Yeah, I'll add one more to that. I was with a customer last week. They were a Microsoft customer. They had an issue. They switched to CrowdStrike. The CISO's comment was, "If I ever leave my current employer, I will put in my contract a requirement that the new employer buys CrowdStrike if they don't already have it." I think that's strong testimony. That's the kind of, you know, fanatical customers that we have at CrowdStrike. Thank you.
Excellent. Thank you.
Our next question is from Hamza Fodderwala of Morgan Stanley. He will be followed by Keith Bachman of BMO. Hamza, please proceed. Hamza, are you there?
You're on mute, Hamza.
Okay, maybe we should go to our next question, and we can come back to you, Hamza. Our next question is from Keith Bachman of BMO. Let's see.
Good afternoon. Can you hear me okay?
Yes. Thank you, Keith.
Okay, perfect. I think BMO is a new CrowdStrike customer, so happy about that. I wanted to ask really a two-part question. First is on the margin targets that you gave, the free cash flow margin increase from the 30% looking out a couple of years to 32%+ is less of a slope, if you will, in terms of your operating margin target increase over that same period of time. I just wondered if there anything you wanted to call out is are you embedding some duration difference in that margin target that you put out for free cash flow? Perhaps just in the interest of time, I'll sneak in my second one here. I just wanted to ask about pricing within the context of SMB.
You did say that the underlying technology is great, which makes it a really efficient go-to-market capability, but it sounds like you may be more willing to ask for different pricing structures. Indeed, this past quarter, we got some feedback from the channel. In the SMB category, CrowdStrike was more aggressive. In enterprise, there was really no pricing change behavior. I just wanted to speak to while the underlying technology is the same, is there sort of a different philosophy as you're migrating into the SMB category from a pricing? This isn't related to channel.