CrowdStrike Holdings, Inc. (CRWD)

Investor Briefing

← View all transcripts

Oct 12, 2021

Welcome and thank you for joining our investor briefing today. First off is an in-depth discussion with George Kurtz, our Founder and CEO and Mike Pantonez, our CTO. This will be followed by a few brief and partner Fireside Chat. Our prepared remarks and fireside chats will take a little under 2 hours. We will then open up the session for Q and A with George and Mike. All participants will be in a listen only mode until the Q and A session If you wish to ask a question, please make sure your Zoom username is easily identifiable and use with the raise your hand feature on the bottom of the meeting window. When you are selected for a question, please be prepared to turn on your video and unmute the microphone. There might be a slight delay as you are promoted into the live queue. We hope you find today's session informative. Before we get started, let me remind you of our Safe Harbor and risks associated with forward looking statement. Today's presentation may contain forward looking statements, including but not limited to statements concerning our product roadmap and future initiative, the performance and benefits of our products, strategic plans or objectives, our estimates to market of of actual results to differ materially from those expressed or implied by such statements and are not guarantees of future performance. Information concerning these risks and uncertainties is contained in Cloudstrike's most recent Form 10 ks and other filings with the SEC. All forward looking statements are based on management's estimates, projections and assumptions as of today, October 12, 2021 and CrowdStrike assumes no obligation to update them. I would like to note that we will not be providing with any financial updates today and we ask that you would be mindful of this during the Q and A session. Without Further ado, I'd like to hand it over to George. Thank you, Maria, and thanks everyone for joining us today. It's been 10 years since starting CrowdStrike and it's been an amazing journey. Part of the thesis for CrowdStrike was to be the sales force of security, to be that fundamental cloud platform company that was missing in security. We started with 1 module, we're 19 today and we claim a leadership position in our market. And leadership is really important not only now but for the next decade. There's no compression algorithm for leadership. We've established ourselves with the largest enterprises all the way down to the smallest SMBs as a true leader of a company that can stop breaches and protect our customers. So we're going to go through an amazing set of product announcements that Mike is going to help us with, as well as talk about the innovation that we're driving within As a pioneer in cloud native endpoint security, it's really all about innovation. And what we've done over the last has been nothing short of remarkable. And we're going to talk about what we're doing today, but more importantly, what we're doing in the future. And Mike is going to take me through some of these of important announcements to continue our leadership position for the coming decade. Our revolutionary approach has made us the gold standard in endpoint security and workload protection. If you look at Gartner, if you look at Forrester, if you look at IDC, we're leaders in each one of those. We're furthest to the right in the visionary category for Gartner. Forrester, we offer superior endpoint security with a cloud native architecture and we're ranked number 1 in IDC for modern endpoint security in 2020. And that doesn't happen overnight. That happens with the most well thought out platform built in the cloud, born in the cloud and solving real world problems for our customers. All right, Mike, let's jump into the slides here. Number 1 for modern endpoint security. If you look at this chart, it's amazing. We've been at it for 10 years. Our legacy vendors have been at it for almost 30 years. And within 10 years, we're actually number 1. And if you also take the next gen players that you don't see on the list there, if you combine their market share together, We're still bigger than the sum of all of those vendors. So, we've achieved a lot in that very short period of time. So what does cloud native mean? So, I mean, we spent a lot of time on this. And when we got the company started, for me, it was Really important to start from the cloud, be born in the cloud and use the latest modern technology. And in 2011, it wasn't so fashionable to be delivering endpoint security from the cloud. Take us through what it really means. Well, first thing when you talk about cloud native, and you kind of touched on that, George, it wasn't fashionable 10 years ago, but now it's what everybody says. The thing that I would point out is, if you're going to call yourself cloud native, you need to have one platform. You can't have multiple offering. You can't have an on prem for some customers, a cloud version for others are hosted for certain organizations. We're focused on being of cloud native through microservices. We're building the cloud for the cloud. So, we really end up to traditional workloads but also the cloud workloads. And that really sets us apart. We've really been focused through strong leadership from when the company was started to really pioneer and anchor on being cloud native because the cloud gives us benefits that we're just not going to get from an on prem version. The reality is Just about everyone else started with an on prem version. And if you look at any of the websites, if they say hybrid or on prem and they play that as a strong suit. It really isn't because of the way the product is architected. And a lot of our competitors actually of batch information off. They save it to the hard drive, in some cases, 2 gigabytes to 25 gigabytes per endpoint, which absolutely destroys the performance. So I think it's one of those where you hear a lot of different comments from a marketing perspective, but it's kind of like Salesforce. There is no on prem version of Salesforce. And if someone offers an on prem version, they started with an on prem version, put it in the cloud and try to call it good and it comes with a lot of architectural limitations behind that. Yes, what really matters is the customer. When you have 2 different versions, someone misses out. So the customer that's using an on premise version is not going to get the same experience. They're not going to have the same feature sets. You just you can't break the laws of physics, right? So, that's the thing that we always focus on is the customer outcome. And cloud gives us an ability To stop breaches in a way that you just simply can't do in our own time or a high conversion. And I can tell you there's a business model advantage to it. It really impacts the speed of your development cycle and innovation and we're talking a lot about innovation today. When you have 2 Different versions that you have to maintain. It totally diffuses your development team. And as you said, One version tends to lose out and it's just it's not really efficient. So let's talk a little bit about the security cloud. And when I started the company, I looked around and looked at Salesforce and Workday and ServiceNow and each of those companies created their own cloud and their own platform. And when I thought about security, there really was no security cloud. It wasn't any of the firewall vendors. It wasn't any of the antivirus vendors. It just didn't exist. So for me, Creating and defining the security cloud was super important. Why don't you talk us through the benefits of having 1 security cloud? There's a lot of benefits and that creation of the security cloud gives us a lot of capabilities that our customers enjoy today. It's having all of the endpoints connect to that one single cloud. It's the telemetry that comes from those endpoints. We bring in process data from the endpoint. Importantly, we bring in a lot of network data from the endpoint as well. We can get a lot from the endpoint. We bring in information about the assets, information about the configuration of the device, cloud information. Importantly, we bring in a lot of identity. So, as all of this comes into the cloud, we get that collective benefit. As more people connect to the cloud, our customers get the benefit of that shared intelligence across having that one security cloud. Our threat hunters can use that to be able to move very, very quickly. And importantly, we use it for our AI models. We can train Our IOLs to get efficacy levels in prevention scores that you just often get with traditional approaches to security. One of the keys to making all this work was creating our own graph. And at the time when we started the company, the graph technology, graph databases just didn't scale to what we needed. And then we're missing an important element of time. So when you look at the threat graph, what's unique about it is, A, we built it for scalability and specifically for identification of threats and linking those threats together with what we call indicators of attack. And the second piece of that is we actually do that over a time. So It's one thing just to collect data, but you have to organize it over time slices, which is very difficult to do in the graph and we figured out a way to do that. So When we look at our efficacy rates, we look at our threat hunting, it all starts from the threat graph and it also empowers of the business model because the whole idea was a single agent into 1 data store that is unique to us that allows us to create those modules on top of it. And that was one of the things that I saw was really missing in the industry when I started CrashRecruiter. So to recap, we've got the single agent lightweight. We've got the threat graph. We've got the modules. We've got a full platform. We started from 1 module. We got 19 today real modules. The key area for us is stopping breaches and that was a big part again of starting CrowdStrike. I saw the whole industry was focused on stopping malware and just thought about it a little bit differently. And it may seem like a small nuance, but it's a real big difference to say we stop breaches in addition to just stopping Nowhere. But at the end of the day, over 60% of the attacks don't use Nowhere. Talk a little bit about that. Yes, I mean, it's a great point, George, because adversaries are going to innovate and they're going to innovate to try to find ways to compromise an organization to of vulnerability, they're going to find ways of getting hands on keyboard to get in there. We did some research recently and what we found was in the last 3 months, The hands on keyboard attempted breaches that we stopped. When we analyze them to get that learning that we could use For threat hunting, we found that 68% of those attacks didn't use any malware at all. So, if your defense strategy is to get the latest prevention to get The best in anti malware. You're going to be in trouble because when the adversary doesn't turn up using that tradecraft, how do you stop them? And that's really what we've built here and that's why we say we stop breaches regardless of the technique, regardless of the trade craft, The general way they're going to try to get in, we want to stop them and we want to make sure that they don't cause any damage for the customer. And that's an important small point, but a lot of people don't realize You made the fight with the trade cost, not on any one, on all of it. Yes. And you have to look at the kill chain over a period of different steps, Which are very repeatable. And that's a thing in security. Folks look at it and they think, wow, it's ever evolving. And it is. But If you look at the steps, those really haven't changed over 20 years. I mean, they're very similar. And what I wrote about in hacking exposed in 1999, The malware or a certain technique may change, but the actual kill chain itself, the attack chain hasn't changed at all. So when we think about interactive intrusions, security can be esoteric. And I think it's important to give some real world examples of things that are not malware related. So I'll give you 2 representative examples. Number 1 is identity and user credentials. And we see this all the time where People might get phished or their identity and user credentials are stolen, which leads to many of the breaches. There is no malware to stop. And I think that's really important to call out. There's no malware to actually stop. So Mike, if I have your credentials, I can log into that system. And I I know a lot of people say they have 2 factor, a lot of times they don't or people just click authenticate, they think their VPN went down and now they're on the system. That's one good example. The other good example is taking advantage of vulnerability. If you exploit a vulnerability even in an application that maybe a customer built, Like a web application getting to a database and then getting remote access up to the system. There's no malware to prevent that. So when you think about these That and what we do, what's different in terms of being able to prevent those breaches and being able to see that level of activity? Well, it's an interesting stat here. So following on what you're covering, George, I mean, what we find when we look at the speed at which adversaries move And the comment that I made before that you need to cover every hole, every entry point into the network. What we found is adversaries are getting faster and faster. So finding those through the industry that you would have heard many times that you as an attacker, you need to find one entry point. As a defender, you need to defend against all of them. And we measure the time it takes for the adversary to get in. We've been doing that for a few years now. How quick can they get that one entry point? Once they're inside, how aggressively can they start to move naturally. That number has dropped dramatically to an hour and 32. An adversary can find the way in, they can get that entry point, they can start to move laterally and they can do it in well under 2 hours. About 30% of those adversaries are doing it in 30 minutes. So, your defense strategy has to have the ability, of course, to stop now where we've kind of covered the fact that That's table stakes, the table stakes. But you also need to make sure that you're stopping the adversary that gets that entry point, of the beachhead that they're trying to create. So let's talk about Overwatch and leading threat hunting team that we have. I think it's one of those areas I love talking about because the team is so amazing. And when we think about Overwatch or MDR, some of the capabilities we have, These weren't even terms when I started the company, basically looked at it and said, hey, there needs to be a place for humans in the loop. You want to drive as much automation as you can. But at the end of the day, threat hunting is a really important element that a lot of folks have tried to copy and I think a lot of it is set up with our automation. Tell us about what we do on a daily basis. It's certainly a hot topic at the moment talking about threat hunting and talking about the value that it provides. And it's a topic that to your point that we're very passionate about because it's what makes the difference. It stops your organization from being breached. Today across the platform, we're processing around a little over 1 trillion event signals from our endpoint every 24 hours. It's a massive number. And we are looking for those hands on keyboard attacks. We're looking for those outliers and we automate that process. We've got a lot of technology built in. We've got a very strict methodology in terms of why that we do that threat hunting together with technology. That's an area that we really excelled at is driving automation and being able to find this across a trillion events every day. You get a trillion events every day. There's really nothing manual or human about it. Well, the whole thing has to be automated. You have to automate the techniques that you use to try and find those outliers, to find those tools in a way that an adversary may use a little bit different to a legitimate user. And then you need to provide that information to the threat hunter, Whether it's the end user that you're giving that information to or it's our Overwatch hunting team who are world class that are going Hand to hand combat with these adversaries every day. And when you boil it down, our team has stopped of 5,000 attempted intrusions over the last 12 months. And that comes down to a number of 1 attempted attack every 8 minutes that they stopped. I think what we've been able to do in terms of our AI and the automation, I think far exceeds anything else in the industry. And at the end of the day, you're taking something that's a massive amount of information, you're distilling it down to just a few hunting leads that make all the difference in the world. And I think the threat hunting piece is critically important. And it's set up because we've got the best technology. A lot of our competitors actually don't have the data to go through The massive amount of information we can because they keep a resident on the endpoint. And that's hard, right, especially when you start to think about cloud environments, when you start to think about We have a lot of customers that they'll spin up machines that live for an hour, they live for 2 hours. If you're storing a lot of that data on the endpoint itself, when that endpoint is gone, when that workload is torn down and deleted, then all of your threat hunting data is gone. Our Overwatch team is incredibly scalable because of the technology that we have that allows them to go through so much information so quickly. So, we're talking a lot about detection, but the important thing to point out is that this comes hand in glove with prevention. It's an interesting debate that's going on in the industry. It that happens every few years, prevention is better than detection and someone will argue detection is more important. The thing that I would point out is there are 2 concepts that works hand in hand. They're not in conflict with each other. Of course, you need to focus on prevention and that's why we have a team that is dedicated on building the best AI models. And we get that technology tested. We do work with various imperatives. We do work with of SE Labs and a whole bunch of other third party testers and the numbers speak for themselves. The best thing that I recommend people to do, have a look at the results, have a look and see what the tests I'm looking for. And what is really important is they're testing your ability to stop malware. They're testing your ability to not Leave any fragments of malicious software behind. But importantly, a lot of these 3rd party testers, they're testing your false positive rates. They're testing whether you're gaming the system. And the thing that they look at is how would you use it in a production environment. And we're absolutely leading those tests. We're getting 99.5% prevention for real world malware with AV comparatives where we're AAA rated with XE Labs 99% and we're exceeding 99% and absolutely incredibly proud of the team and what they've created. So what it means for the customer is they can turn this on, they can use the standard settings, they're presenting malware, They're working with us to do the threat hunting and it's the power of that platform working together that is how we stop breaches. I think what's important too is when you look at those results, Look at who isn't there. There's a lot of names that are missing from that list and we're very transparent. We do testing. Saying we welcome the testing. So let's talk a little bit about innovation. We've been out it for 10 years. We have a track record of driving innovation. We're updating the technology, adding new features almost on a daily basis and the beauty of our model being a SaaS platform is You log in one day and you log in the next and you've got new features and new capabilities. And for me, the speed of innovation is nothing I've seen before and I look at our new read news when they come out and just all of the new capabilities that we see on a really on a daily basis. Talk about the innovation within the company and where it is today and where we're going. To your point, George, if you look at the platform today, a lot of the benefit we get is from the cloud native architecture and just that work that we did building the foundation from the very start. That means customers, as you We've got a lot of new features, so they're logged off on a Friday, they're coming on Monday, there's a whole range of new capabilities. It means that we can continually build new modules, fully featured through modules that sit on top of that single agent. There's no additional complexity. There's new workflow features, there's new incident response features. And as we look forward, that concept of collecting data once and re Many times having a cloud native platform means that customers can continually get the new modules. They can get new features that are coming out. They don't have to install new management consoles. What we've seen in the industry for so long, there's no complexity of new agents. And that's so critically important because there's an innovation engine that's built on some solid architecture That was, DuVon, 10 years ago when you started the company. Well, the funny part of that is I remember going in talking to our Chief Architect and You always want to think faster and I said, why are you putting gold plated plumbing in? And the answer was, you're going to need it one day. And that's, We took the time and effort to build the foundation of the house the right way. And now you see the speed of the innovation, the speed of the modules when they come out. And keep in mind, when we create a module, that could be someone else's product that might take a long time to actually get out. We already have the agent. We already have the data architecture. We already have the platform. So really what we're creating is the workflow. So when that module comes out, it's a fairly mature product because The bulk of what we're doing has already been built and then we create the new workflow. So Mike, it's all about the platform as we've been talking about here. We covered a lot of ground, but we've got some exciting announcements. Why don't you take us through those? First one being FileVantage. This is one that A lot of our customers are really waiting for, very excited about our new FIM module, file integrity monitoring. It's a need that everybody understands. We know file integrity and monitoring, but it's not a solution that you hear a lot of people say, I love my Fin. A lot of complexity, they're hard to use, they're not really flexible. So, we spend a lot of time working on with some of those core problems. You get the ability to roll it out as part of the Falcon architecture, it's part of the Falcon platform. You turn it on, you then have the ability to track file changes. You have the ability to in source change control, super important, making sure that you monitor who's making changes to systems. And it's just that granular control that we give as part of the Falcon platform that's going to make this, I think, a pretty exciting module for our customers, 80s are all out, which is just so important. So you need a new agent? Definitely by name of the new agent. Okay. That's the beauty of the whole architecture, the same agent is going to collect that data and Basically allow us to create a Fin module. Yes. The thing that I like about this is, as it says on the slide here, no surprises. This is just Good security architecture is probably the better way of putting it, making sure that you know who's trying to make changes to your systems, making sure that people can't delete files. So, there's a good use case here for insider threat. If you've got an employee that's unhappy or somebody that gets onto your network that wants to cause damage. Firstly, you can stop them from doing that, but you can then also record and have that information evidence of somebody that's trying to go through. Really important, as I said, for a malicious insider. Next release to talk about today, We're going to announce some great new features with the Spotlight module. Spotlight is just going from strength to strength. We're really building out those capabilities. So one of the questions that we get from customers is what do I focus on? Every Tuesday, as I affectionately called it, 0 day Tuesday, with all of these vulnerabilities, what do I patch for? And if you look at the amount of patches that come every single month, It's a fair question for people to ask and one that you know really well. What do I prioritize on, which which is the vulnerability that's going to cause me the most issue because I really need to focus my patch on that one. So we've really spent time focusing on how we look at solving that problem. If you look at all vulnerabilities, they're not created equal. If you look at the opportunity for the attacker to exploit the vulnerabilities, they're not all equal. So, we challenged our data science and our engineering team to come up with a model to be able to predict which vulnerability was going to be the one that was more likely to be exploited by the adversary. So the benefit to the customer is You log in, you get that prioritization score, we call it expert AI, you're going to get recommended remediation as part of that and it's all orchestrated through the Falcon platform. So, we'll tell you what to focus on, we'll give you the tools to roll out that emergency patch And you can respond and take the organization side from Q2. And that's really exciting for me, obviously, coming from starting SoundStone, which really helped pioneer vulnerability management. In the early days, as you remember, we had rudimentary prioritization. And I only wished at that time we had all the AI models to really drive what's most important. And I think to put a finer point on this, if you're sitting at home on a computer on your cable modem And you hit auto update. You're okay, right? But a lot of people don't realize how hard it is for big companies to keep up to date. They just can't roll out these patches. They have to reboot the systems and there's the operational impact and there's just so many of them on 0 Day Tuesday that the ability to prioritize is absolutely key to reduce the overall risk. And speed is going to make a difference between first and last. It's as simple as that. So, Being able to know which is the problem that you need to focus on, where you need to target, what you need to fix is going to keep the company safe and secure. Well, if everything is the highest priority, there really is no priority. That's it. The next area to focus on is cloud security. We need to make sure that the same type of security that people have on traditional systems extends to the cloud. So when we look at with typical challenges that people face here. One is attacks in cloud infrastructure and targeting the systems themselves. But a big one that we see, which is really common in misconfiguration is people setting up a lot of this architecture, setting up SaaS systems, getting a few mistakes creeping in and that's where we see adversaries sort of pounce in and they get access to SIR data to exfiltrate information. So, We need to stop breaches in the cloud. The important thing here is to have a complete system that focuses on every technique that the advertiser uses. And we're really focused on pioneering the best solution in this category. We can help protect the systems at runtime, all of the machines that run the cloud infrastructure, that we can start to integrate with any cloud of your choice. And we don't see customers that pick 1 cloud over another. Typically, they have all of them. They've got AWS, They've got GCP, they've got a bit of Azure. We give people the choice at protecting the infrastructure that they build, but as well as the public cloud infrastructure to make sure they can understand how things are being configured and they have the combination of runtime protection and attack surface minimization. And it's the power of bringing them all together. So in short, I'd like to say that AV is We've gone beyond AV and we've built out the combination of using AV with indicators of attack with threat hunting. And really what we're doing is we're extending that capability into the cloud now. So we give you comprehensive visibility for hybrid clouds. We give you information about misconfigurations. It's such a critical part of what we do, telling you where your mistakes are so you can address them as quickly as possible. We've got the industry's 1st cloud IOA, what was pioneered when the company first started is now extending into cloud workloads. And we start to correlate run time and control plane visibility. So, you've got full information about what's running in the environment. And Mike, I also want to point out that it really is a greenfield opportunity for us when we think about the traditional legacy AV players, they're just not in the cloud. And When we get to the cloud, typically it's just under protected. There's nothing there. So, to have a leading technology like ours that can not only protect The endpoints that a company has in their physical service, but also cloud workloads, I think is a great opportunity for us. And That's one of the areas where I think it's really a 10x opportunity. And what I mean by that is You might have 100,000 endpoints in a company, but they might have 1,000,000 cloud workloads. And we've seen That ratio, obviously, it moves around depending on the company. But if you think about just the ephemeral workloads, we protect well over 1,000,000,000 of ephemeral workloads on a daily basis and that number is only increasing with digital transformation and cloud adoption. We've had some recent customer wins, which I think are a great representation of the way that the product is being built today. We've got customer wins with the DevOps team that is bringing CrowdStrike to the security group. And people talk about the friction between DevOps and SecurityOps. But when you've got your DevOps team saying, we want to build secure code, we want to do it using the Falcon platform, you know that you hit those key requirements of security that you also are giving people like an easy to use architecture that doesn't flow down the workflow. And I think that's really important when you look at CrowdStrike and where we came and where we are today. Yes, we sell to the security team. Yes, we sell to the CIO, but we spent a lot of time selling to the DevSecOps team because we can remove a lot of that friction. And you really do have to build up that DNA to be able to sell to them. And We have done that and we will continue to do that. And that's really important not only for the endpoint protection technology, but also for technology like Humea. And another great announcement is the hardware protection complete is the first of its kind with a fully managed hardware protection solution. So, I'm incredibly excited about this because we are extending the capabilities of our Complete team to offer cloud workload protection in a managed form. So, customers get the ability of the CrowdStrike Complete team managing their cloud environment 24.7, 365. And I think this is going to be a huge win for a lot of our customers and the bridge prevention warranty. Well, that's it. You got to back it up. So we believe so confidently in the team with technology and we have a great prevention warranty. But important So let's talk about the next phase of the journey and one of the things I continually see organizations struggle with is just the complexity. There's just so much complexity in the enterprise, Even for the smallest SMB players that are out there, it keeps growing. It's ever increasing. And some of the things that we've seen continue to deal with the threat landscape. When we think about nation state actors, we think about e Crime, hacktivism, their sophistication keeps going up. We also see cloud first in remote employees. No longer is the firewall capable of protecting employees within their own organization. It's really work from anywhere. There's so many cloud workloads that have sprung up, if you will. We also see more vulnerabilities. We talked about 0 day Tuesday and it's really, really hard for organizations to keep track of all this information and reduce the overall complexity. And when we think about all this complexity organizations have to deal with, a lot of it is driven by the data they have to collect. And you think about every device that's out there, it could be the smallest IoT device, it could be the largest cloud workloads and everything in between. And there's just so much data and so much information to go through, which is one of the reasons why we bought Humio, which I'm really excited about. I think it's a revolutionary technology. And why don't we do a deeper dive into EMEA? Yes. Thanks, George. It's incredibly exciting to talk about Inyo. This is when we speak to a lot of organizations, one of the problems that they talk to us about is just the complexity of storing data and they're asking for help. They look at the size of our threat grafts, they look at the experience that we have. So they're asking for us to help them with that's bigger data problem. And it's a problem that grows every year. So when you think about Hune, I mean, think about the core value that it provides, there's a whole heap of new features that I think organizations get access to as part of that NUO acquisition. Well, and it's not just about storing the data, it's about actually using the data, storing the data, asking a question, getting an answer. Yes. There's key advantages here and I'll step you through some of those. So you touched on it, better scale, better data integration and implementation and a lot of traditional tools out there. Another advantage of the Hymio platform is the fact that it's index free. So you don't have the challenges of indexes, which are very slow, they can become very expensive. And if you put that together with market leading compression, it means that we can store a lot of data to it at scale and we can interact with that data very, very quickly. Another advantage which we touched on is This whole architecture allows you to retain more data and do it at dramatically lower costs. So that's a great win for organizations as well. And then if you look at just the way that the technology is built with the index free storage architecture, with the way that we do compression, It also means that you have the ability to do blazing fast searches. So you can search across any data set whether it's structured or unstructured and get results basically instantaneously. And then because of the fact that it's a flexible data warehouse that allows you to solve a whole range of different use cases, same use cases, observability use cases, but it can also solve compliance needs. We have a lot of organizations that are so excited about Hemio because it allows them to store data and answer questions that they couldn't normally do with a lot of the traditional products they use. And then the last one that I'll touch on is really the core of the value that Vimeo provides. It allows you to log everything and ask anything in proxy and apply technology stacks. So, Incredibly excited for people to start using Hymyard across the world. And I think you touched on it and we sort of get this question all the time like It's humia or just log management. And you said the magic word, it's really a data warehouse, isn't it? It's something bigger than just log management. It is bigger than log management and you can use it to solve lots of different use cases. A natural one is log management. A natural one is to replace of same tools. We see a lot of people that are using this to help them with end user behavior analytics, even down to replacing UVA tools that they had because they struggle with the data. And it's just giving customers the flexibility to solve the different use cases, which is why we're so excited about this. And when we talked about bringing Humio into CrowdStrike, that flexible nature Obviously, we have the security DNA and we bring that to Jumio, but Jumio brings a lot of DevOps experience. And When we think about where they've been selling before the acquisition, the majority of it has been in DevOps, right? So talk about some of the use cases that are outside of security. So there's a lot of DevOps use cases as you mentioned, George. So tracking Kubernetes architectures, getting the instrumentation from a lot of the applications that people are building. When somebody publishes an app, there's a whole bunch of systems and there's an interconnected ecosystem that runs that app. So, Hinyo gives you the ability to take all of that information to be able to bring in observable, so you can track The system that you're building, so that flexible nature means that you can just follow a lot of the new use cases. Mike, what that means is that we can really instrument the CICD pipeline across the whole DevOps lifecycle. And we have customers that are doing that today, right? So they're using Humio to help It's started small and it builds up in your architecture and you've got a great announcement about that. Well, it's not only about the technology, right? It's also about of the go to market motion and I'm really excited that we announced the Humio Community Edition, which basically allows anyone to download the community edition and use it free. It has some limitations over 7 days, but it really gives the user and In particular, we think there's going to be a lot of DevOps users that download it, but it gives them a feel for how fast and how easy Geo is. And we think that's going to be really successful and we think it's going to be disruptive to this market. I think that experience of being able to deploy and test that have been struggling with their existing technologies. They've had a problem and we've gone in, we've talked about Humio and during the evaluation process, they've realized that they can go from a small amount of data to huge volumes on the same single platform with better workflow with less complexity. And if we look at a couple of the wins that we've had recently, there are 3 that I'd love to talk about. One that's a really great success story is a large financial services company that were really struggling to take in 20 terabytes a day. They had and now print a gray log environment. And the big challenge here was not only the fact that they couldn't get all their data in, it was how long it would take them into query. So this organization actually had a query team that if you wanted to ask something of the data, you have to write a query, You sent it to a group that would audit that to make sure that it wasn't going to be an expensive query that slowed everything down. And with the Huynhyo architecture, they were able to go from 20 terabytes a day up to 130 terabytes. And in that particular example there, not only is it a 6.5 times increase in terabytes per day ingested, but they don't have to actually have that code review. So, every developer has access to the system, they can start to use it in real time, they can interact and it just speeds up the entire So let me put that in perspective, the 40 minute query basically comes back in a second or so. The second example is the multinational IT company that we work with. Again, similar store is struggling with data ingestion. They're struggling with 10 terabytes a day with their elastic infrastructure. Queries were causing systems impact. It's one that everybody .:] Here's about all the time. Somebody writes a query, they try to get some information, poorly written search just grinds everything to a halt. So, in this particular scenario, customer now customer of Humio, they went immediately up to 70 terabytes a day for 7 times increase. And again, it's the same story here, reduced friction, instant response, all the developers get direct access to Himio and it just speeds up their entire development process and happy devs are good devs. That's the one thing that we always have to remember. Well, and the other thing that I want to point out too with the index free ingestion, it really is a benefit. When you look at Elastic, it's actually indexed on right. So there are various technologies that are out there that may seem fast in some areas, but there's slowness in other areas and I think what we've been able to do with Humio is really exploit its capabilities to give you that fast ingestion and fast query time. It makes such a difference. I mean, giving people native access to the platform so that they can to have after code releases so they can query the data in real time. It's such a game changer and that's the theme of those 2 wins. The last win that I'll touch on is really interesting. This one is a little bit different. It's a multinational consumer goods company. This organization struggled with their user, end user behavior analytics struggling with the amount of traffic, common thing that you're seeing here. The solution that they were using was topping out at 1 terabyte a day. So it just means that they weren't getting the analytics that they needed. They were making trade offs on what was important. And As you know, from a security perspective, that was an in well thing. This particular organization used Puneo to scale up the amount of data that they could bring in. But interestingly, that could actually solve the same use cases natively in Humio as they could in the U. S. Tool. So, it was not only I win from a data perspective, but we actually displaced the data warehouse that we're using, the data platform that we're using, as well as the user tool. Now you've got a team that can get really fast response, they can ask more queries from a bigger data set and it's just yielding a better outcome from that organization that really wanted to dig into end user behavior analytics. Mike, what's really interesting is that the community edition We'll actually have Falcon data replicator information in it, of course, dummy data, but it will give people a real sense for how to consume Falcon data and that's been one of the things when we talk to customers, they've been using other technologies and using our APIs and putting of our EDR information with other technologies that are out there and with the ability to actually consume as much as they want of our Falcon data replicator and for as long as they want. It really gives them a lot of flexibility. So Humio is a game changer for us, but For sure, it opens up much bigger opportunities and really we're just scratching the surface. Part of the strategy obviously to continue to develop, evolve, sell and make it part of our overall platform for log management and observability. One of the benefits that Humio has is its ability to pull in data from any data source, including other security vendors that are in the ecosystem. Let's So it's one of the interesting terms that people talk about and use and I always say one of the most overused and reviewed terms in security these days. And if you ask a lot of different vendors, if you ask a lot of different analysts what it means, you're going to get a whole range of different answers out there. So if we look at what XER really means, and as I said, there's a lot of different ways that people talk about it. The challenge that I have is from an industry perspective today, a lot of people talk about XDR because it's so hot right now. And people talk about XDR because it helps with like valuations. But a lot of the time what vendors have been talking about is just And you touched on it before, getting data and putting it all into one location, that's not XDR, that's saying that's log management or getting data from all different devices and putting it under 1 visualization of that data under 1 pane of glass, That's not XDR either. At its most basic level, XDR gives security teams an easier way to of the stock breakeven by extending visibility detection and response all in that one location. It builds on XDR, builds on industry leading of EDI as I talked about. But the really important thing is to make sure that you bring in that 3rd party telemetry and then you do something meaningful with it. Bringing in the 3rd party telemetry is just one thing. You have to do a little bit of structuring on the data. So we talked about what makes us unique earlier in the session. We talked about the ontology that we've built, the relationship between the data. At TxDAR really to be effective, you need to have oncology not only on your own EDR data, So you need to extend that out to the 3rd party. And the reason you do it is you want your artificial intelligence model the way that you present on the endpoint to extend to the network, to the email, to the web, the way that you do threat hunting. If you understand the format of 3rd party data, your threat hunting extends on to those 3rd party data sources as well. And really that's what XDR means. The X is enriching telemetry from ADR from the ADR products with 3rd party data sources. The B is the detection, that provides real time threat detection, alerting, prevention and hunting across multiple technologies and domains. And the R is the response, proactive automated responses across multiple technologies and domains. I think that's key when you think about XDR is it's not just log everything and put it in one place. It really is to get an advanced threat detection, it'd be an enrichment of EDR data or might combine elements to come up with a brand new detection. And for us, as you said, starting with the best EDR data puts us in pole position in this market. And when you look at Just the EDR data itself and there's nuances in this and you don't see it in the glossy PowerPoint. But by far, we collect way more event types than any other vendor that's out there and that really sets itself well to pioneer the best of our technology in the industry. So Mike, earlier today, we announced Falcon XDR. I'm absolutely pumped for this announcement. Take us through What it means from a CrowdStrike perspective? What is Falcon XDR? Yes, huge announcement and it's about bringing the right visibility at the right time to make the best decision to keep of. If we look at what XCR means in Falcon XCR, we touched on a lot of this before. We get an amazing amount of benefit from bringing together Humio together with Spectraff. And if you look at the X, the X is bringing in the telemetry, It's bringing in from 3rd party data sources and you touched on it before. Cimuor gives us the ability to bring in 3rd party data. It allows us to do that ontology work so that we can start to derive value from the information from those 3rd party sources. So the D valves are industry leading threat detection. So it's allowing us to do increased visibility into indicators of attack. That the platform provides real time detection. We can talk about extending telemetry sources for broader number of security of use cases and correlations. And the important part is, and we've talked about this a few times, it's bringing in our data science model, what we do with artificial intelligence and machine learning and using that across CrowdStrike and third party data to provide an improved detection speed So we could solve these use cases a lot faster. I think that's critical as really the leader in AI prevention on the endpoint to be able to extend out that rich data science lineage that we have and pull in other data and do that at scale to get better outcomes and lower false positive rates. I think it's a tremendous benefit to customers. Or the other way to look at it is how did the attacker get to the endpoint where we stopped them? What else could you have done in a different part of the network to build a stronger architecture? And the day here is really giving people that visibility across the entire organization, so they can stop the attacker as quickly as possible. It's that defense in-depth concept that we're doing here. So let me talk a little bit about the R in response now. And This is something that we spent a lot of time on. It really goes to our philosophy of building automation throughout the entire platform to help with to help internal teams and processes and to drive and continue to drive automation throughout the entire lifecycle because our platform really has become a security platform of record. And every security IT pro I talk to wants faster response, right? They want to help create playbooks that automate what happens when there's a detection prevention and improve their speed and efficiency. As we know, there aren't unlimited security professionals in the market today. There's over 3,000,000 open jobs that are out there now in the of the security and IT marketplace. So how do we empower, how do we create a multiplier effect for them and drive automation through this process? So I'm really excited to announce Falcon Fusion, which is really our FalconSorb technology. And The interesting and exciting piece for me is that it's actually purpose built for CrowdStrike's Falcon platform to orchestrate and automate any complex or repetitive security workflow. And the beauty of it is, It's built into the platform. There's no extra charge for our customers. It's just built in throughout all of the workflows that we have across the module. And it really leverages the power of the security cloud and relevant contextual insights across all the endpoints, all the identities, all the workloads that we have. Enterprise customers that we've worked with as we built this out have been extremely excited about the ability to build complex and real time notifications and responses and queries where they can branch off and they can do different things and they can also leverage what we call real time response, and that is the automation, the ability to drive things like PowerShell remediation, the ability to collect more data. The flexibility I think is really unparalleled and we're starting with the CrowdStrike EDR technology and its own data And then extending that out to the other XDR partners in our ecosystem. So take a look at the workflow here. Mike, maybe just quickly talk us through some of its capabilities. I'm super proud of what the team did here. So this is technology that's been built in to the Falcon platform. As you pointed out, similar to RTR, this is a core component now of the Falcon platform. So this shows you the workflow that you can build and the power of the Falcon Fusion capability here. So you set up a trigger. In this particular example here in this demo, It does a new detection. What we want to do is have a customized action. So we want to do a notification. You may have a Slack group, you've got some administrators or you've got with the SOC team, so you send out a Slack message, so customize that Slack message and then start to go through a process of carrying out action. So, you may send out an email, if it's in a cloud environment, if it's something that You want to send information to the cloud service provider, you get some information out of there, out to them via email. But the cool thing here is because it's integrated in platform. We can start to take information out from the Falcon platform. So, get information about running processes, Get a copy of the file. So, it's a new detection. That's where we started. So, take a copy of that file. Send that to a particular team so they can start to work on it. But the last two pieces here change the detection status, start to add some comments, start to do case management. And this is some awesome functionality that's built into the fabric of the Falcon platform built by our South Shore team. So what we've been doing is anchoring on the Falcon platform and bringing in data from 3rd party vendors to bring through market a solution that includes CrowdStrike and non CrowdStrike data in the 1 architecture. The work that we've been doing for the last 10 years really sets us up for success here Because we understand that data is about value and not volume. But we've proven at the same time that we can bring data at incredible scale. We deal with millions of workloads under management. We ingest, as we talked about today, more than 1,000,000,000,000 unit signals per day. And when we started CrowdStrike, we talked about this earlier. We spent time on establishing that ontology. We spent on defining the relationships between the telemetry from our sensor and threat activity, and this has helped us in the way that we do prevention. That allowed us to create the concept of independent attack and benefits in interest hunting. So, XDR requires the same concept. Yes, it relies or requires that concept to go beyond just the endpoint, but it's a third party data sources. What we've done is we focused on bringing in data the right way from 3rd party vendors. We're focused on being able to provide rapid insight into other security challenges. And the important part that's really core to the CrowdStrike vision is to reduce the burden on the security analyst to make it easy to use the technology. So, we don't want to actually extend the value that you get from other security vendors' products. So, If you don't do this, we touched on this before, if you don't do all of this work, all you've got is log collection. And today, we announced Staffing XDR, which is a platform that's sophisticated enough to allow users to be able to ask data questions of the data from CrowdStrike and questions on the data from third party security lens that we use today. And I think that's really important because we spend so much time on the threat graph and the ontology, which is how it's organized and the relationships between all these different data points on the endpoint that it's critical that we extend that ontology to consume other data. And that's one of I think our secret sauce is that it wasn't a store and forward agent. It was a smart agent with a graph. It was of massive graph in the cloud. We never lost the context of the information as we've sent it. And it allows everything to work seamlessly end to end so that we're not just shipping data and then trying to assemble it and figure out what happened. And by taking our ontology and being able to extend that out, I believe that's a real game changer for of XDR and the way the industry is going to look at it. So, to summarize, Sakim, XDR, huge announcement today is expanding the reach and giving deeper insight across the whole of security stacks, crowd shopping on crowd sites and telemetry, better detection of threats, and more understanding of the risks that are out there. And ultimately, it's all about that response. It's having incident management, case management to make sure that you keep the Company safe and secure. It doesn't matter how the attacker may try to get inside the organization. Super excited about this. Can't wait for people to start to see the technology. And it's something that we announced as we mentioned earlier today. So, let's relook at the platform now. As you can see here, starting left to right, endpoint security, cloud security, managed services, security and IT operations, Threat Intelligence, Identity Protection, Log Management, and we've got on the end there the CrowdStrike store. And with the new announcements that we've made today, the platform extends to include 21 modules across these categories. So, I'm incredibly excited for our customers to start to get the value from all of the new leases that we've talked about today. We're extending the capability. We're linking with our Humio database and customers have the ability to use Humio as a standalone data warehouse that we talked about, but that linkage with the threat graph allows organization to get the full power of FalconXCR. And the last announcement from George today to talk about Falcon Fusion is that last layer, it's the response layer that across the entire architecture. So it's a critical part of FalconXCR. The Falcon Fusion available right now can be used with endpoint security, with cloud security. So really excited about the new capabilities that Falcon Fusion brings into the architecture. So Let me talk a little bit about the CrowdStrike store while we're on the slide. We continue to evolve the platform now to to extend out its capabilities so that other third parties can take advantage of it. Fusion is a great example. Those workflows that our third parties can now take advantage of, the ability to actually take in and understand 3rd party telemetry through XDR. So That becomes more and more important over time as we extend the framework for other third parties to leverage what we've already collected and what we've already built. So Mike, one of the other announcements we made today is the Crowd XDR Alliance. And we talked about the ontology that we spent so much time building to make sure that our data was organized and we can use that data in a way to train our algorithms. Now that we're taking in other third party data, What are we doing there? Talk about this alliance. We've got to touch on it right there. So, we believe it's a first of its kind integration and alliance that we've announced today. And it really comes down to what you mentioned with the ontology. XDR, the importance of it, the value of XDR is going to be taking that data, the schema and creating that ontology, building the relationships with the data. So, the announcements that we've made today, we've pulled together Some amazing organizations as part of this alliance and you can see the names in the announcement. And we're working through that standard. We're building the framework to allow customers to get the benefit of all of us working together. Yes, so let's just maybe put a finer point on that. And that is if we think about how the Internet works today, it's common protocols, right? So different technologies can speak to each other, whether that's TCPIP or HTTP, it's a common language, if you will. And part of the challenge in security is that many of these products don't So really what we're focused on is taking an ontology that we know works and extending that out into our partner ecosystem. So Ultimately, when the data is received, it's organized in a way that makes sense so that the customer gets the benefit of having organized data through a true XDR platform and allows more advanced detections across it. And it's going beyond out of the box integrations. It's making sure that the preventions that we have extend to CrowdStrike and non CrowdStrike data with 3rd party technology. It's the workflow. Customers use the Falcon platform for interim workflow. That workflow will go from CrowdStrike data to the data of our XDR alliance partners. We will allow you to control access across all environments. So absolutely really excited about this announcement. It is first of its kind that we're talking about today And we count light of some people to get access to the technology. And I also want to reinforce too that we're putting this information out there. We're working with some of these launch partners, but It won't be just limited to them. There'll be other companies that will be able to participate and even competitors at CrowdStrike because at the end of the day, I think it's all about organizing data the right way for the benefit of the customer. So now that we've gone through all of these announcements and we talked a little bit about our strategy. It wouldn't be possible without really the power of Way. Really what that means is power of CrowdStrike, the power of the data that we collected. That data comes from other community customers, right? And that's the crowd and the CrowdStrike. And it also is our partner ecosystem, which is really important for us as we go to market. So CrowdStrike is a piece of it, the customers are a piece of it, that community immunity, the ability to share data at scale is critical, and then leveraging the ecosystem of our partners and that could be traditional resale partners, it could be managed service providers, which we have many of or it could be our 3rd party partners that we're working with in the XDR Alliance. But all of that together is really focused on stopping breaches for our customers. Let's take a few minutes to hear from our partner Accenture, who is using the power of We and building services on Falcon. I'll turn it over to Matthew Polly, CrowdStrike's VP of Worldwide Alliances, Channel and Business Development. Thanks, George. Hi, folks. As George mentioned, I'm Matthew Polly, Vice President of Business Development Channels and Alliances here at CrowdStrike and I'm with Kelly Bistel of Accenture Security Services. Thanks, Kelly, very much for being on investor briefing today. I really appreciate you taking the time. Good to see you again, Matthew. My name is Kelly Bissle and I look after across the country around the world, so our 8,000 people in our projects around the world for both government and commercial clients. And Kelly, if I'm not mistaken, you've been in security services for some time. Can you Tell us a little bit about your career prior to the extension. Look, I've been in this space for a long time. One of the fortunate ones I got to help build some of the protocols within the Internet that we're using today. So maybe you can blame me for some of the securities laws, I don't know. But I started my career in the telco space where I helped really secure telephone networks. And then I built with security practice at Deloitte. I was there for about 15 years. Then I joined Accenture so that we can really transform the way security works for our clients around the world to get to a safer place. Excellent. So you've built a career in security really and the last 20 or so have been in security services. I would imagine you've got A point of view on where you see the industry going. Can you kind of fill us in on that point of view and How you're setting Accenture on a course for the future as you see it? Matthew, that's right. So not only the years passed, but If I look at even the projects that we do from year to year, so 13,000 some odd projects and 800 and service clients. I think there are 3 trends that I'm noticing. 1, innovation is happening faster than our clients can secure it. 2, regulation is increasing at huge pace. We've seen more regulation in the last, I would say, 12 months than we have in probably 3 years combined before that. And to Put in perspective, we're tracking 247 different laws around privacy and security. So that's the second thing, Greg. 3rd thing is, Even though we're getting much better when it comes to the cloud and as a service functions, It also has the other side of the coin that has another problem where we're seeing concentration risk. And this is where Adversaries, the hackers, if you will, see that and they can attack that one plant maybe, but many, many, many plants. So, I see these three trends happening and where I'm thinking Accenture is knowing these things and helping our clients navigate through these and that's securing one client at a time, but we're going after ecosystems. As we know, A bank or a pharma company or an oil and gas, they don't operate by themselves. They operate within an ecosystem of third parties and other business partners. So, We're actually trying to solve the whole ecosystem problem at the time. That's where we're going. I mean, that's excellent. And we've certainly seen and increase in supply chain attacks where they're really attacking the ecosystem with a different target in mind. I mean, that's a trend we saw with SolarWinds, Kaseya and some of the others. I mean, and that's really, I think, Good intersection from where the partnership between CrowdStrike and Accenture come together. Can you would you help Our audience will understand from your point of view how you view the CrowdStrike partnership with Ascended? This is right. So look, I think this is When it comes to us, we're 2 giants in this marketplace and I think we have to band together really make a real positive impact to the market and that thing gets huge. We signed our initial partnership about a year ago, but we're off and running. We've done this in 11 countries around the Americas, Europe and APAC. I think we're moving fast. We worked on a bunch of clients together in the U. S, U. K, Australia, Germany is leaving. So We're already moving at a global scale and I think this Accenture's CrowdStrike alliance really helps us together. Things like how do we enable the market and go to market for our clients together. But more importantly, I think we have a lot of opportunities and we can create joint solutions together. That's going to be interesting. Yes, absolutely. And I think We've got a couple of I know we've got a couple of joint solutions that we've already kind of delivered to the market. Maybe You can clarify for us a little bit about what you mean by joint solutions and give examples to what you don't mind. Sure. Yes. Joint solution For us, it means that we combine the great power and strength of Accenture S in class services coupled with Incredible technology that CrowdStrike has to deliver more value to the clients cheaper. And that's where we really want to come down to. And We have lots of examples that we go through, but maybe one I'll just highlight is we all know that our clients struggle to attract cybersecurity talent, So they need our help. And this is where we come together to actually do what we do best with our clients around things like incident response and innovation around industry problems like maybe OT or retail or some other things. This is really where we actually help change the market in a positive way. Sure. I mean that incident response collaboration is one that we see be really productive for both Accenture and CrowdStrike. Would you mind talking about how you guys have leveraged CrowdStrike and your services that Help customers in crisis. Yes. So this is really good. So our incident response or some would call it IR, This is where a client is in crisis. They either have a data breach or maybe they're hit with ransomware. They would call Accenture and their mission is for us to help get that hacker out of their systems so they can get back to normal operations. And what our instant responders can do is now leverage CrowdStrike Falcon platform, which is great, so that they can gain visibility across that client's environment and remediate those endpoints and get that hacker out. So not only for the short term of getting them back online, Together, how do we transform the clients in their security posture so that we can prevent another breach? Messaging around SOC services, multi factor authentication, application security and tons more. This is where that we've done a lot of this with insurance companies in Europe, we've done it with automotive parts and electronics companies, we've done it in Asia Pacific and Australia with energy providers. So that IR service is a really powerful thing that helps our clients It's an excellent offering. You guys take the market. You've helped the customer get back on their feet and then it creates kind of, I mean for us on a commercial point of view, creates pull throughs for both your services for strategic transformation as well as long term subscriptions for the CrowdStrike technology. So Kelly, How would you characterize the overall opportunity between Accenture and CrowdStrike going forward? Do you think we've maximized the collaboration with what we've done or really where do you see things going next I guess is my question. First of all, I think the opportunity is We haven't yet tapped into power both of our organizations because we're in this early innings of our relationship. I think in the future, we're going to do so much more together across Europe, partially driven by what we we are doing with OpenMinded, which is an acquisition that we made in France, which is a huge CrowdStrike user. About that company earlier this year, but also not just Europe, but what we're doing in the U. S. Commercial space, U. S. Public sector and even in Asia Pacific. And I mean, are there specific technologies or requirements from the customers where you think that the combination of CrowdStrike and Accenture would go next? That's right. I think there are 3 things that we should that we're really moving forward with together. And the first one is clients need simplicity. Most of them have 80, 120 different security tools that they have to knit together. What we've done together a little bit already is not just the Falcon platform. What I like about where CrowdStrike is going is they have this scalable licensing structure that helps our clients flex using data not just from the endpoint from others. In other parts of the network they would normally put through the SIEM tool. And why this is important is because this allows the client to have a broader visibility on of fewer tools. What it means is they have simpler, cheaper, faster, more secure services. Now, and that's made possible because what you're doing with the Humio acquisition, your XDR strategy. I really like the way you're pulling this portfolio of capabilities together to make it simpler for our clients because Who would want cheaper, faster, more secure, right? 100%. So that's one area. And you said there were 3. I Imagine the second is really in the category of 0 Trust. That's right, 0 Trust. So, look, we know that earlier in the year, the President issued a 0 Trust executive order, if you will, or cybersecurity went ahead 0 Trust. And most of of our clients have technologies like SailPoint or Oktour, Ping or even Active Directory. So I really like is where CrowdStrike is going around new capabilities around 0 Trust and their identity threat protection. This is a new solution that we could potentially pull into the practice to help clients gain that additional visibility into things like of Title IT accounts, which they don't always be able to control with subs and affiliates or orphaned accounts or for system accounts that are not tied to a person or shared or sale credentials. These are technical things, but they're really because they may allow for cracks in the armor of the client. And what this does is allow us to see those things so we can protect the client and make sure that they're safe. That's important. That's the second thing. And maybe I'll even offer the third thing, which is I think exciting, which is cloud. I mean, we can't really talk about how do we secure a client's environment without going to cloud. I think you know that we have a gigantic cloud first strategy and that we've been doing this for years years, almost 10 years now. And Customers perceive that security is the number one obstacle to moving to cloud, moving from those on premise workloads to the cloud. What we're exploring now is how CrowdStrike's cloud workload protection helps remove those barriers so that customers can move faster to the cloud with more confidence and safety. And so these Three points together really paint a really, really exciting picture for the future for both of us. That's fantastic. So maybe I'll just summarize. We've been collaborating. We've been doing deals around the world. We've got joint solutions around Internet response and managed services wrapped around CrowdStrike Managed Stock Services, delivered by Accenture Wraparound CrowdStrike. We're now exploring 3 new areas, which really involve the Qumio capabilities for XCR incorporating and enhancing the endpoint data with on top of kind of the identity and access management practices you're already getting in play. And then the third is specific to cloud workload protection, helping customers breakdown those obstacles from moving from on premise to the cloud. I'm super excited about the opportunity we have ahead of us, Kelly. Is there anything else just in closing you'd like to highlight or share? Well, yes, thank you for having me on this. But The thing I would like to close is 2 things. 1 is this market has more cyber risks than any time in my 30 year career. But I'm not discouraged by that. I'm pretty excited about what we are doing together, 2 great security companies coming together so we can secure the world. So for 1, I'm incredibly bullish on the go forward plan and what we can do together to make our clients safe. Well, Kelly, I really appreciate you taking time out of your busy day to speak with our investor comments today. So thank you very much. I'm really looking forward to working with you guys in the future. I'm delighted. Good to see you again, Matthew. Thank you, Matthew and Kelly. Now, I will turn it over to Jeff of WS and activities in Q4. Thank you, George. We are pleased to be part of the investor briefing today. I'm Jessica Alexander and lead our Cloud Product Sales and Alliances for CrowdStrike. With me today is Carol Potts from AWS, one of our strategic partners. Carol, thank you for taking time to speak with us today. Why don't you tell us a little bit about your role? Sure. Thank you, Jessica, and I appreciate you having me join me today. My name is Carol Potts and I lead the ISV Sales segment at AWS. And our team manages the business and relationships with the independent software vendors or ISVs. And we're committed to working with the industry's most impact of ISVs and specifically help them bring high valuable software solutions to market, which then in turn helps with the end user customers' business as well. How long have you been at AWS? I just hit the 7 year mark at AWS, which has gone very fast. I actually joined AWS before AWS' with financials were reported separately. They were actually in the other category in consumer, digital and other. So, When I joined, not a lot of people understood this way. Long time, can you tell us a little bit about your career journey? I've always worked in high-tech and many years in leadership roles, fighting sales teams that to work with customers on solutions that help companies better innovate and grow their businesses. And I was at HP and Compaq a long time and then came to AWS to build the strategic accounts organization. And in my time at AWS, I've had the privilege and opportunity to work closely with many interesting companies like Netflix and Pinterest, Capital One and Adobe on their expansion in the cloud and with AWS. And then was asked 2 years ago to then build the ISV segment as we decided to pull this type of customer together and also a partner together in the sales organization. Great. What a fun journey to have. Our audience may not know what an ISV is. Can you explain it to us? That's a good question. ISV, As I mentioned stands for independent software vendor and it's a software company that builds and sells software and there are different types of software sales, B2C Business Consumer and B2B Business and we focus on the ISVs that are selling the B2B solutions. And so there are technology companies that provides software solutions that run on or are integrated with AWS. And these partners, These include our partners such as CrowdStrike and Okta and Snowflake, all of which leverage AWS services to innovate on behalf of their customers. In addition to providing AWS services through ISVs, also partner with them to sell and succeed market their products transact faster via the AWS Marketplace and also integrate with AWS Services to enhance their offerings for their target customers. Well, as the leader for the ISV sales team, which sounds like a very strategic segment for AWS, What themes or trends have you seen over the last couple of years? Well, looking really over the past for 2 years. We've seen that ISVs are moving faster to a software as a service SaaS and consumption based model from a perpetual license based model. And the consumption model really provides the ISVs greater flexibility that allows the ISVs to innovate faster for their customer. And I would say too that we see ISVs moving from self managed products to manage services in the cloud. And the reason is it's just much easier to scale the ISV support and operations with managed services since they no longer must do the SIS admin work, which frees up people and overhead. And last, but importantly, a very fast moving trend that we see is that ISVs are leveraging artificial intelligence and machine learning along with analytics bring more innovation to their customers. And this is because there is just so much data that can be used to create more consumable and valuable product offerings. I think you've made 3 really good points because CrowdStrike leverages those as of the SaaS services. We find our customers really like the SaaS solution. It's turnkey. We're also seeing a lot of demand for our managed services, our complete offering. And Obviously, the AI and intelligence is built into our Threat Graph. So we see very similar things at CrowdStrike. Can any ISV list on the marketplace and what value do ISVs get by transacting through marketplace? The ISVs that provide of infrastructure software like security, observability, networking and storage or business applications like CRM or ERP collaboration software can list products on marketplace in several ways, including SaaS, virtual machines and containers. Marketplace also supports professional services offerings. And with AWS Data Exchange, we call it ADX, Marketplace now provides data products to customers. So overall, the AWS Marketplace works backwards from customers to search the offerings in Marketplace. In addition to having self-service capabilities for partners to list. We also identify strategic partnerships in the marketplace in conjunction with our APN, Amazon Partner Network, which is our global partner organization to provide robust options for our customers to transact with our ISV. Hi, Carolyn. We find a lot of value in that cohesion between the AWS marketplace and the APN program. So, it's a great package to be able to offer. What types of technologies are most popular in the AWS Marketplace and how does CrowdStrike fit into that? For marketplace has a broad range of domains that are popular across business applications and infrastructure software. Within the infrastructure software category, security is a of highly in demand offering and for good reasons. Typically, AWS employs a shared responsibility model where the customers need to deliver the data, applications and workloads that they place in the cloud, while AWS takes care of the security of the cloud. So having security tools easily available for entitled provision build within their AWS environment is the way that we support customers by ensuring the security tools we prefer are easily accessible as they migrate and modernize to AWS. So the CrowdStrike platform is uniquely positioned to offer endpoint security and managed security. In fact, a good example is CrowdStrike's MDR, Managed Detection and Response offering. We find that out in the field, our better together story on why the shared responsibility model is, A, important and B, of how our relationship works and that is very important to customers and it's nice they like having an innovative message as well as integrated solutions. So we find that with our customers as well. It sounds like the resources available to ISV through the APN are fairly sensitive. So what are the key components of a successful partnership with AWS? I would say I could boil it down to really 3 broad components that make a successful partnership. Both AWS and the ISV should identify strategies and priorities for how we want to jointly delight the end user customer. There are many programs and opportunities to engage and all of which add value. And so ISDs that are most successful work backwards from their customers and then engage the right programs and resources. 2nd aspect is to resource a focused alliances team as you've done at CrowdStrike, sponsored by the CEO or it might be sponsored by the Head of Global Sales. Having an empowered leader to direct and Marshall Resources fast is invaluable. And 3rd, to scale as a partner requires investment and adapting to the customer's changing needs. So the most successful ISVs understand this and evolve their go to market models and continue to push AWS to create resources that add value to their efforts. The component of this too is understanding that AWS will always look at the business and what the customer wants and will align to that. AWS Marketplace has been a successful channel for us at CrowdStrike and together we are bringing industry leading security to our joint customers. From your vantage point, why has the marketplace grown into such a successful channel for CrowdStrike Falcon? Customer driven or are there specific attributes to the Falcon platform making a compelling offering for AWS customers? Yes, in the case of Marketplace, this was an early area of prioritization and focus for CrowdStrike to reach and engage with customers by leveraging the AWS field, also our go to market program. And it worked. And also the protection and ease of use of Falcon is highly complementary to AWS' focus on driving customer success cloud. This allowed for vibrant, engaged co selling between our field teams because it has a clear value proposition to our joint customers. From the AWS partnership with CrowdStrike, so why are joint customers? Well, over the last 5 years, CrowdStrike has made significant investments in the partnership to delight our joint customers, as you said, in 3 areas of investment specifically to hand out. First is the integrations with AWS Services. That's a key component of our partnership. For example, CrowdStrike's integration with AWS Systems Manager makes adoption of CrowdStrike products easier for the customer. Integration with AWS Network Firewall gives customers actionable, of accurate security telemetry from both the network and cloud workloads. An example is CrowdStrike's integration with AWS customer engagement platform, which makes tracking and managing our joint business feelable and resilient. 2nd, CrowdStrike invests in our partnership by staffing specialized go to market roles that aligns with the AWS global partner teams. And third, I would say CrowdStrike also creates of targeted marketing campaigns and co branded assets that make it easy for customers to understand the value of using CrowdStrike and AWS together. A lot of work, but well worth the effort for sure. How do CrowdStrike's of Strike's new cloud security products aligned with your customers. Overall, it starts with CrowdStrike having such a complementary solution to AWS that naturally allows us to align well with our joint end user customers. Constructed Cloud Security products enable AWS customers to secure their AWS services like our compute, storage, of Elastic Kubernetes Service we call EKS. In fact, one popular use case we see is customers securing their local machines with of CrowdStrike's product. And now this includes using CrowdStrike's new cloud product, which creates an even stronger security posture. What key takeaways would you leave the investor community with today, Carol? Well, if I haven't made the point already, CrowdStrike is a tremendous partner to AWS and importantly to our customers. We're excited because with CrowdStrike's new cloud products, your solution will be even more complementary to AWS services and the strategy to drive CrowdStrike's growth with our partner programs and with AWS Marketplace is benefiting our joint customers as well as AWS and CrowdStrike together. So we truly have a fantastic relationship and I look forward to working and continuing our success together. Carol, we couldn't do it without you guys, and we feel the same way about our success and working jointly with others towards really common positive outcomes for our joint customers. Thank you. Thank you, Jessica and Carol. Amazon is a great partner and we look forward to our continued collaboration together. We think our customers say it best. I have the opportunity to speak with Jim Alcove, Salesforce Chief Trust Officer. Fireside chat was part of our keynote this morning and you can access it in the Falcon portal. We spoke with another prominent CrowdStrike customer, of Zoom. Going to jump to Jim Seidel, CrowdStrike's Senior Vice President of Sales for the Americas for a deeper dive with Richard Farley, Deputy CFO at ZOO. Thank you, George, and thank you all for joining us today. With me is Richard Farley, Deputy Chief Information Security Officer from Zoom. Let's have a little chat over Zoom about Zoom, Richard. And before we jump in, do you mind if you give us a little bit of an introduction to yourself and describe your role in Zoom? Sure, Jim. Yes. So Richard Farley, I'm the Deputy Chief Information Security Officer at Zoom. And I've been at Zoom for almost 3 years now. I've got a of a pretty long background in large scale technology and security operations. And for the past year or so at Zoom, I've been focused on advancing and maturing our governance, risk and compliance program that previously I was responsible for security operations with Tim as well. Thanks again for joining us today. Given this unprecedented threat landscape we live in, how does your Board and senior leadership think about cybersecurity? Well, cybersecurity has always been a priority at Zoom. Since Zoom basically became a household name over the past year and a half. We're of course a higher profile cyber target. So the importance of cybersecurity to our Board and to our Our leadership team has never been greater. Over the past year, year and a half, we've had significantly in cybersecurity during this time, and we continue to engage with best in class security partners to assist us as the threat landscape changes, Our regulatory landscape changes and our technology environment grows and gets more complex at the time. So How do you believe this extends to the day in and day out job you and your team have for securing your environment? Well, This new kind of hybrid work model that we've adopted largely because of COVID, Most companies, especially tech companies, have supported remote and mobile workers for a long time now. However, with COVID, that's significantly been amplified and that makes the Company's attack surface larger as well. It's no longer viable to adopt a capital and model their security environment as we move towards this idea of kind of 0 trust baseline. It's now even more important for us as security leaders to focus on identity and authentication and least privilege access management along with, of course, securing the devices our workers are using to access our company information and the systems and the infrastructure from the data. This becomes an even bigger challenge for companies who adopt a bring your own device model as Zoom has, where workers are using their own fixed and mobile devices to access the IT environment. At Zoom, we do support BYOD, We require certain instrumentation on those workaround devices to ensure that we have visibility and detection capabilities and that those devices are at a minimum baseline security standard. The other thing that I'd mention is that Sure, it makes no difference if your employee can be tricked by a bad actor, right? So, the human firewall is an absolutely critical component of our defenses as well. We want all of our employees to see it all invested in the overall protection of them, regardless of where they're working and how they're connected to our IT systems and data. Between the chair and the keyboard, right? That's a big aspect of it. You mentioned trust, 0 Trust and a lot about how you look at that. And I know trust is an important pillar for Zim. Talk to us a little bit about What trust means to you and how does trust influence your buying business? Yes. So our CEO, Eric Yuan, has a list of 4 books that are highly recommended to all of our employees at Zoom. One of those books is a great book called The Speed of Trust by Stephen Covey. So he highly recommends that we all read that focused with a few others. And I assume we believe in a company culture where our employees can trust each other and are accountable for achieving their goals. Is the more that we can trust each other, the more agile and efficient we can be. So this extends not just to our employees, but also beyond that to include our customers and our business partners. And so establishing and maintaining trust is just as important when we work with with our business partners, including CrowdStrike. And that means to me that we need to do what we say that we're going to do and make it right if we fall short that we're transparent with each other and where possible we try and go beyond what is strictly written in contract for example. The other key belief that we have in Zoom is creating happiness. And so I think Trust is a big component of creating happiness for our employees, our customers and as well as our business partners. I was just actually making sense on those books and talking about happiness and you also mentioned speed, right? And so when I look back at the beginning of the pandemic and your Close the demand in early 2020 and the growth that comes with that, what advice would you have for cloud native companies as they prepare their technologies to security stacks for this Explosive growth is the speed of not only technology, but the speed of adversaries and what we deal with every single day. Zoom is in a, I think, a pretty unique situation. Just to give some context on Zoom's growth, when Zoom was founded in the early part of our journey. Our target market is really centered around business use cases for sophisticated businesses that have security and IT teams that we worked very closely with, very much white glove relationships with our customers to establish of the security settings that align with those individual threat models for those customers. And to some extent, well, to a great extent that changed with COVID-nineteen pandemic. So, the use of ZYN grew exponentially very quickly. And suddenly we had an enormous number of individual single licensed customers or very, very small business customers that don't have sophisticated of security teams to help make decisions about privacy and security settings for their users. So, in response to this last year, we made changes to our default settings aligned with our what we think are our security best for our product and we provided training materials that are available online to promote those best practices. And so, I think with those lessons learned, I would suggest a couple of things. First, think long and hard about adopting a secure by default mindset for your product as you're coming to market. And second, really be prepared to be nimble and listen carefully to your customers and your users because you may not be able to anticipate at a time how your product might be used in surprising kind of new ways. Here in the marketplace when we work with our partners. That's really great and super. I mean, we're joined again today on a Zoom, right? I'm joined from halfway around the world. And so, As you look at Zoom and the security needs of Zoom, is it different from other organizations? Maybe compare it to cloud native versus maybe a legacy sort of non cloud native company? Yes. I mean, scale is obviously a very important factor for us. We certainly hope that we don't have another, I think we call it a black swan event like COVID anytime soon, but we know that we need to be ready if it does. And this means that we have to be able to rapidly deploy our security instrumentation as we scale up again our infrastructure, But not just the instrumentation of our servers and infrastructure, also our SOC processes, right, because there's always a human part of this. And that may have to be done at a moment's notice, right. And so our customers often say, Zendesk works. And even though they don't see what we have behind the curtains in all of our security operational capabilities, We have to have IT operations, including and maybe especially security operations that just works too. And so, I'm sure there are other companies that are sort of in the same boat as Zoom, but I think we're the Scale and ability to rapidly adapt to changes is maybe a little bit unique compared to most other companies. Yes, I know so much similarities between CrowdStrike cloud native security platform and Zoom. And when you looked at CrowdStrike And us being cloud native from the very beginning, is there any benefits or key benefits that you thought about when we were partnering up? Yes. I think, first, we believe in a principle of kind of do no harm. So, whatever technology we put in place, including our security controls. It has to be minimally invasive and avoid getting in the way of our workers doing their jobs. And by the way, it also has to not get one of our customers using our service too. So, but this can be a pretty big challenge because there's lots of instrumentation that has to go into managing and securing our devices and servers and infrastructure. And we have mobile device management and device management agents for our fixed assets and cloud dynamic assets. On those devices. We have traditional signature based AV that still plays a role, but we also have of the advanced endpoint detection and response tools. We have user behavior analytics tools, bio integrity monitoring, forensics instrumentation, lots of other stuff in the stack as well. And with such a large management and security stack, we run the risk of affecting the performance of our of service and user endpoints. I mean, you think about processing video and audio streams all day long at the scale that we're doing it, we are using 100% of our server GPU all the time. And if the security instrumentation gets in the way of that, that increases our costs. It also could potentially impact performance and kind of add Variability to, you know, you don't want the audio and the video stuttering when our users are in their meetings or in their webinars. But in some of these areas, we can't compromise, especially the endpoint detection and response. So, we start with the clarity, prioritize list of requirements, and we evaluate those requirements and the different options that are out there to pick with us tools. And then when necessary, we can consider trade offs where one tool might excel in a high priority requirement and maybe be just good enough in a lower priority capability. And so in order to reduce the footprint in the stack, We may make that compromise or we may have to adopt multiple pools that are best for you for these different types of use cases. There's a few things unpacking. That was really good, right? Performance, you had better protection, you had resilience of your IT infrastructure, a number of things that we certainly at CrowdStrike that feel like we offer and as you went through that process, it sounds like that was some of the decision making that went into you adopting CrowdStrike Falcon. So just wanted to sort of circle back a few points there and see if you could highlight couple of things when you thought about CrowdStrike and the decision to move forward. I think you really did touch on many of those. Just wanted to see if there was any more that you may want to speak to. Well, CrowdStrike Falcon was really at the top of our list for several of those prioritized requirements that we set at the outset of our evaluation. And The experience that we've had so far as the agents haven't caused any significant performance issues. CrowdStrike platform supports our of heterogeneous fleet that includes Linux in our data centers, Windows and Mac devices for our workforce. And then we've also got a combination of both physical data centers and a multi cloud strategy too, and CrowdStrike confidence fits into all of those. We knew that CrowdStrike could scale with us as we saw the tremendous growth that we had last year. And I think also uniquely for CrowdStrike, we benefit from that continuous automated threat intelligence that's gathered through your large customer base and is enhanced with human intelligence as well. And That's a bit of a secret sauce I think that CrowdStrike has is that we benefit not just from our scale but from the scale of your entire customer base, which is great. That is correct, right? Yes, that. And then also I think it goes beyond the technology So in 2020, we were approached by the NFL to support their the NFL draft in 2020, which obviously they couldn't do in person at the time because of COVID. As you can imagine, an online only NFL draft that has an audience of millions, tens of millions of people, You can imagine that was a potentially significant security target for the NFL disruption, whatever. Through our strong partnership and support working with CrowdStrike services team plus the technology stack we had in place. We felt like we were really able to provide an enhanced service to the NFL during that marquee event. And we've leveraged the Yes, super exciting, right? Roger Goodell's chair, infamous chair on that Zoom. You spoke about that. If you could take something like an NFL draft and sort of think about the business outcomes and the business value realized with security being embedded into all the processes of Zoom. Could you share some success or efficiencies your teams Have you all? Yes, I can. So this is a little bit more high level in general, but of course, we take of privacy and security very seriously and we believe that all of our customers have their own unique models and security requirements. So within our product, we provide a robust set of security controls and settings for our customers and this includes options for meeting hosts to manage the security of their meetings in real time with just a couple of clicks. Some examples include like controlling screen sharing and locking meetings in the use of waiting rooms and removing attendees if necessary. Last year, we implemented optionally through end to end encryption where the encryption keys are invisible to Zooms, and we can't see any of the data that's happening that's transferring through our data centers for the customers that need the follow-up security and privacy. And we also implemented flexible geographic data routing controls, which gives account owners and administrators who are paid accounts the ability to customize which of our global data center regions they use for transiting their real time meeting and webinar data. This year, we made enhancements to our user interface that now makes privacy information very easy for anyone attending a meeting to understand where our security and privacy settings can be enforced through a robust set of role based controls that That's some of the security privacy enhancements that we've been focusing on for the past year. And all of us think about that as we think about more information, more confidential meetings, more meetings just being held across Zoom. How do we make sure that we keep all that information secure? How do people feel trusted and go back to that word that we talked about, trust Zoom to have the right controls to keep that information safe? Particularly important. And as Zoom becomes a bigger target in the cybersecurity space and the high profile nature of the customers that we have that are using our platform, Knowing that we have tools in place and partnerships with CrowdStrike to secure our endpoints and our servers to be able to perform proactive threat hunting activities if we get security intelligence that there might be something mounting against Zoom or one of our customers. This really allows us to focus on what We do best, which is providing that frictionless video and audio and data sharing experience for our customers. So that complexity of all of the security and all of the operational and Variability issues are hidden from our customers because that's why they trust us is that they don't have to worry about that stuff and that's sort of why we trust CrowdStrike is that you're supporting us. Of course, we have to worry about that every day, but we know that we have that strong partnership with you to keep the infrastructure safe. Thank you, Richard. Thank you for the time today. Thank you for your insights. And we feel exactly the same about our continued mission to keep you and all other customers safe together and we do really appreciate the partnership. Thanks a lot, Ben. I appreciate it. Back to you, George. Thank you, Jim and Richard. We're really proud to have Zoom as customer and we look forward to seeing you on stage again. I want to thank everyone for their time and attention today. We know your time is valuable. We're certainly really excited about these announcements and where we are as a company and more importantly where we're going. So with that, I'll turn it over to Maria for our Q and A session. Thank you, George. Please note that this session is being recorded. Viable and use the raise your hand feature on the bottom of the meeting window. When you are selected for a question, We ask that you limit yourself to one question and one follow-up. Our first question is from Sterling Auty of JPMorgan and he will be followed by a question from Brent Thill of Jefferies. Of workload technology and what other to transport to the cloud. You're still going to need a virtual firewall. What piece of the puzzle does this occupy? And what's still going to be needed by customers? Yes, Maria, maybe we can have him type that in chat because his comments just broke up there We can come back to that question. Yes. Gettling your audio is a little garbled. So if you could send it to us in the chat, that'd be great. We will go to our next question, which is Brent Thill of Jefferies. Thanks. George, there's certainly a blurring of the line between security and infrastructure. When you talk about being a potential data warehouse And doing other things with Qumio, I'm just curious if you can kind of help bridge that divide and how aggressive you want to be there on that side. And then, and just secondarily, if you can just follow-up on Qumio, where you stand with the broader Salesforce integration and And to go to market plans. Thanks. Sure. I think it really stems from the agent itself and we've got a lot of feedback from customers that They trust our agents. They're incredibly excited about the data and the telemetry that we can collective scale, we've expanded out already before Qmeal and collecting observability information above beyond just security information that could be Identity information could be a health of the system, operating system, patch levels, things of that nature. So all of that is incredibly important. And from my perspective, it's something that customers have wanted for some period of time. And then when you have the ability to take observability information and fuse that into Qumio or Data Lake along with CrowdStrike security information. We think that's a real win. So I don't see us being diffused there. We're always going to focus on our core. And outside of that, what we've done on the sales force piece is we've actually been able to create a specialist team that works with the broader sales force team to take advantage of the large sales force that we have today. Our next question is from Brian Essex at Goldman Sachs and that will be followed by a question from Alex Henderson of Needham. Great. Can you hear me okay? Yes, George, I just want to follow on to Brent's question. With regard to the impact of Humio on observability, What are the typical barriers that you're seeing from customers that have standardized on other platforms? I mean, I think Splunk is maybe the most popular one. What kind of gets them over the hurdle to adopt your platform more pervasively than something they may already some of them really kind of Enterprises we spoke to really kind of separate analytics platforms on the network from security and how is their mindset shifting Maybe consider your platform instead of others as already standardized stocks. Yes. So let me start and I'll turn it over to Mike. But if you look at the technology, whether it's replacing an Elk stack, which we've talked about or another SIEM or something along those lines. I think when people We see the technology work, we see that scale as an moment. And if you ask any customer, would you like to have the ability to log any information that's available on your enterprise and ask a question and get an answer back within a second, you'll get a resounding yes. So, Mike, if you want to follow on to that piece in a little bit more detail. Yes. The only other thing I'd add to that, Brian, is getting the data in. If people are obviously using an and they want to get data into something like Qumio. They're going to look at an easy way of doing that. And that's why we've worked with people like Crigle. And we've got customers now that are sending data into their existing stack and they're also sending it into Pingo. And that's been fantastic, and we'll continue, obviously, to look to make things easy. And then also building our integration. So today, we released a heap of integrations that people can use, and we'll keep adding to those. And it's just removing the friction In trying to get these tools up and running and get those ready. Does that require building a new relationship with IT operations or is there a different way that you kind of penetrate a company with your platform. Well, over time, we've expanded our relationship to IT operations already. When we think about the Discover module, the ability to identify assets and discover information that's out there. There are a lot of IT teams outside of security that use the product for its real time response to be able to Roll out PowerShell scripts and take action. So I think it's really just a follow on to what we've already done. Certainly, the security is core to us. But with our specialist team, obviously, they understand how to sell its IT operations, a smaller team. And our larger sales force certainly understands how to sell security. And when you put the 2 together, I think we're going to have an effective selling machine. And I think over time as we've proven, we're pretty good at selling our technology and pretty efficient at Great. Very helpful. Thank you very much. Thank you, Brian. Our next question is from Alex Henderson of Needham and Company. And following that, Alex, we'll take Sterling's question via chat. Great. Thank you very much. It seems pretty clear to me that you guys have really been platform since the get go. I remember you talking about the platform before your IPO. And Yes, the term XDR has only really come on the stage recently. It strikes me that you've been XDR from the get go and you're just really adopting marketing terms that are being used by other people as opposed to defining this as a new category. And I was hoping you could talk a little bit about how you see the problems that companies that are redefining themselves as XDR companies could fit in that. And then second part of the question is, it looks like you've announced 2 new modules here going from 'nineteen to 'twenty one, is that right? And are they all GA? And can you talk a little bit about the pricing implications of all of these additional features and tool sets that you've announced relative to your existing pricing structure. Thanks for the question, Alex. Yes, so it's a great comment that you make around XDR. And I think I probably couldn't have said it better myself. I think if you look at the marketplace, XDR is a term that's getting thrown around really a lot these days. And it's by a lot of people that are either trying to redesign or re announce An existing SIN capability or in many cases, it's a lot of the network vendors that are talking a lot about XCR. But your comment around Us always providing Xeo use cases is absolutely spot on. If you look at the sense of the agent that we have, We added network telemetry as part of that. We added asset information. We've added identity. We've added hygiene information. So broadly, looking at the capabilities, we could have been talking about XDR for years now. Yes, we could have had it all over the website, but that's not to us what we think of XDR. When you look at the announcement that we talked about today, It's then taking that next step and taking 3rd party telemetry and putting that together with the CrowdStrike for a graph. It's these small use cases that we're looking to extend into by taking CrowdStrike and 3rd party data. But what makes this uniquely different is we want to take the capability like our artificial intelligence, like our of attack like our threat hunting and extend that across to these 3rd parties. And that's why it's called extended detection and response. So that is critical to the announcement that we've made today. Your question around the modules, we have gone from 'nineteen to 'twenty one, And they are chargeable capabilities that are part of the platform that we've announced. Thank you, Alex. I'll now read Sterling Auty from JPMorgan's question over email. The complete TWP discussion from today for cloud workload protection, does this cover 100% of a customer cloud needs or does the Silk require layers for proxy, SMZScaler, virtual firewall or other pieces? And I'll hit that and Mike can certainly jump in. It's certainly focused on the ability to provide workload protection as we've talked about in the past and visibility and that could be a virtualized workload as well as a container. And also ties into our Horizon capabilities, which focus a lot on policy configuration. And as we've seen in the past, there's a lot of companies that Unfortunately, they get themselves into trouble. It can be very daunting to configure some of these architectures and make sure that there isn't one mistake or one hole or open file bucket or what have you. So we're really excited about this. It's something that we've gotten from customers over the last couple of years looking for this and we're delighted that we're able to now offer this to our customers. I don't know, Mike, if you have anything else to add to that. The one comment, George, is obviously the uptake in Complete has been significant, and customers love the fact that We take control over the management and we provide customers with information about what we fix and we're extending that capability to our cloud offerings. So a lot of excitement from customers that want to extend into that capability and it's part of an overall strategy to include a number of different technologies from CrowdStrike and our partners to the question around additional capabilities from Zscaler and others. Great. Thanks, George and Mike. Our next question is from Ittai Kajon of Oppenheimer, and that will be followed by a question from Gray Powell of with Hey, guys. Good to see a great announcement today. I guess I wanted to dig into the XDR alliance. XDR can truly deliver on its vision and needs to have as much information as possible from all kinds of third party tools. I couldn't help but notice, but there's a very clear list of of companies that are direct competitors of yours and are companies like firewall vendors that are not part of the alliance here today. And so in what way would the XDR solution be able to deliver on its vision right out of the box versus something that will over time you'll be able to deliver on as you get more and more integrations and access to third party data. And do you think there are parties That will not want to be part of this alliance. What kind of blind spots does it create for you? Well, it's a great question. And these were really launch partners. The alliance is open. We're helping create the ontology. So let me just explain a little bit, which is we spend a lot of time on This concept of how to organize data, we call it oncology. And we're basically extending that out in a framework to work with other partners so that There's a common language that these vendors can speak so that XDR can be realized. So when we look at what we came out with today, That's really just the launch partners. We'll open that up to anyone else that wants to be part of it and integrate with it because we think it's good for customers. So it doesn't mean that Any of our competitors or firewall vendors wouldn't be part of that. They have to participate in formatting the data the right way. But really what we're trying to do is to help drive a bit of a standard, if you will, so that we can exchange data and ultimately solve a big problem for customers. And I think at the end of the day, open is good and we want to get the right outcome customer, so we all speak the same language behind the scenes. Got it. Maybe if I reverse it, George, would you be open to customizing your data to Into other third party XDR platforms? Well, our data does feed into other third party platform at this point. I mean, you can basically connect to it with Falcon data replicator and you can do whatever you want with it. I think From our standpoint and what we've talked about, you heard in my if you saw any of the keynotes or Mike talking, it's really about starting with the best sorry, best EDR and the XDR obviously extends that out. So obviously, we're a little biased. We think we do have the best XDR and EDR solutions and you have to start with that. So at the end of the day, from an API perspective, we work with all the other vendors out there and we're really trying to focus on solving customer problems and we'll continue to do that. Thank you. Appreciate it. Thanks. Thanks, Sethi. Our next question is from Gray Powell of BTIG and that will be followed by a question from Greg Moskowitz of Mizuho. Okay, great. Thanks for taking my question. Can you hear me okay? I had some audio issues before. Yes, we got you. All right, great. Thank you. Yes, this one might be so easy. I'm almost embarrassed to ask it, but I think I'm going to do it anyway. Can you just help us understand the difference between Falcon Vantage, which I believe you said is the new SIM product versus Falcon XDR, which pretty much sounds like it does a lot of the same things as assumed. Would customers potentially buy both of these products or are there situations where one might be more Yes, I can jump in. Hi, Grae, it's Mike. File Advantage is a file integrity monitoring system. So the whole concept of FileVantage is to allow you to define files or folders that you want to monitor and also enforce control over. So you may want to use this to Lock down certain directories and only allow certain people to connect to. You may want to lock down and prevent any changes, really good for dealing with insider threat use cases or maybe a malicious insider that you want to lock out. Also really good to deal with change control. So you may want to make sure that certain parts of the server aren't changed and you only allow people once they're approved. So Great technology that we've built in house on top of our current capability, on top of our agent. It means that you don't have to roll out any additional infrastructure. You don't have to roll out another management server. So that file advantage was part of the announcement today. XDR, as mentioned earlier, XDR is extending on detection and response beyond just the endpoint to take in some third party data, whether that's coming from the network or from a email or from web as an example. For slightly different use cases. Okay. That's really helpful. And then just one other quick one. With the enhancements in Spotlight, Is there any change in pricing on that module or is that just basically making your product more competitive in the vulnerability management space? No pricing changes. We've continued to evolve the product from when it started and we've added a tremendous amount of capability. And that's our general philosophy is Start with a specific use case and extend that out and we've seen a tremendous reception on that. If you look at Sort of the 0 day Tuesday as we talked about earlier, it's a big problem right now to prioritize. So that's just another feature that we're adding and we to add a lot of value to our customers in the platform itself. Thank you, Gray. Our next question is from Greg Moskowitz of with Zoho, and that will be followed by a question from Shaul Eyal of Cowen. Great. Thanks, Maria. Hi, guys. Great presentation today. So two questions. First, given that Tumio is a core component of FalconXCR yet will also continue to be sold standalone. Which solution will you be leading with once XCR is GA? What will the sales motion be like? Well, I think the sales motion is going to be focused on what problem are we solving and like any of the modules we have, right, we've got everything from core security to endpoint security to threat intelligence and forensics, right? So, I think The motion that we put in place is what are the real challenges and problems that customers have once the sales force identifies that they can hone in on specific opportunities and then be able to convert that. So when you look at XDR, I think it's a natural upsell because it's just another endpoint upsell, if you will. It's a very natural motion to have. And then when you look at Jumio piece, I think a big part of why we're excited too is the freemium element and that is people are going to download the product, they're going to use it for things that are not even security related, right? So we're going to have the ability as we always have to kind of self have the platform self select what's really important so that we can surface that and really focus the sales force, whether it's the specialist sales force or whether it's the broader sales force. All right. Thanks, George. And then secondly, so the leading vulnerability management vendors, they all talk about prioritizing vulnerabilities and targeting remediation efforts. Naturally, you don't have all the capabilities of VM solution and vice versa. But can you expand on what makes Expert AI is different when it comes to prioritizing risk? Thanks, Ray. I mean, the big thing that we looked at was How do we help customers work out what the most critical vulnerabilities they need to focus on first? So you are correct. People have been trying to solve that problem for quite a while. I would basically say that Customers still struggle with this today. So one of the reasons why we worked on this was to help people look at a number of different factors, look at a number of different data points. And then using that capability that we've built, health organizations focusing on what the most High risk vulnerabilities are that they need to patch as quickly as possible. And we're really, really excited about the models that we've created the AI team, has extended their capabilities. And we think it's going to help customers really focusing on what's the most high severity issues that they need to address as quickly as possible. And it's all part of the Falcon platform, part of the Spotlight module. Our next question is from Shaul Eyal of Cowen and that will be followed by a question from Roger Boyd of UBS. Saul? Thank you, Mary. Hi, everybody. George, BioVantage would Seem to be taking you towards the data security category where Varonis is one of the notable players. With that in mind, is that the right way to look at it? And maybe I might follow-up. I know we don't have FERC. I know this is not a financial session, but By design, we don't have FERC. Sure. No, but maybe just directionally, with all the announcements, the new categories, Maybe subcategories you guys are heading into. Should we be thinking about your TAM of Fitter extending down the road On the heels of what you provided back in April during your Analyst Day? Yes, it's a great question. And no doubt we've expanded our TAM. We'll have some updates to that given the announcement that we have today. When we think about data itself, it's really important. And what we've really been able to do is to tie sort of a 3 legged stool, which is you take the health and hygiene of the system itself or workload, right, that's called an endpoint. Is it protected? Is it does it have the right hygiene? You tie that with identity, right, which we really have focused on with our preempt acquisition and you tie it to the data. And this is what customers are asking for. And again, we're pioneering tying all this together and we think it's really, really important as we go forward. And if Think about today's environment, data just flows everywhere. It's not just confined within the firewall itself. So we're excited about the capabilities. It's not as feature rich as some of the standalone players that are out there. But again, for V1, we're really excited. And like everything else, it's part of the overall frictionless agent that we have. And I know the customers who have been working with us. We're really excited about the capabilities here and we'll continue to extend that out into the data arena. Thank you. Thank you, Shaul. Our next question is from Roger Boyd and our last question will be from Benjamin Bowen of Seavigniew. Roger, you're up. Roger, are you still on mute? Roger, if you can hear us, yes, unmute and ask your question, please. Can you hear me now? Yes, we got you. There we go. Awesome. Sorry about that. Just a quick question on the work you're doing with Accenture. A lot of great work there. Appreciate that session. Just curious about how you think about working with partners there versus scaling your own internal IR and pro service business. And You've also consistently talked about the idea of a 5 to 1 upsell opportunity from service to software. I'm curious how that upsell opportunity works as you work with more IR partners there. Well, Accenture has been a fantastic partner. And really when we think about our services, It's a very small portion of what we do, but we do get the multiplier effect as you talked about out of it. And we do partner with larger companies like Accenture because it's just a much broader opportunity for them. When we think about digital transformation or of security transformation, creating policies and spending a lot of time with customers. That's their bailiwick, right? If we get called in for an incident response, we're in, we deploy our technology, we're out and it's a great lead behind and an upsell and that's really what we're focused on. We're very partner friendly with all the large service providers And there's only a few things we do. We do really well and we will partner with them. A lot of times, even if the service provider has incident response, they may call us in We have expertise in a particular area. But when you look at Accenture, why we're so excited, they've got the reach, they've got the Board level contacts and they're spending a lot of time transforming companies and security really is a transformational element of any company as they go forward. So We'll continue to focus on that and we'll continue to work on the ourselves with our interim response practice. Our next question is from Benjamin Bolan of Cleveland Research. Ben? Good evening. Thanks. I appreciate you doing this presentation and thanks for taking the question. George, I was hoping you could talk a little bit about how you think about bundled selling motion with 21 modules. I'm a newer analyst on the name, but it's hard enough for me to keep those Great. How do you think about customers understanding the importance of all of what you're doing, bundling that? Is that something that You think CrowdStrike is meant to lead? Is that a partner led initiative? Just any thoughts on that? And then I have a follow-up. Yes, it's a great question. And as I said before, I spend as much time trying to build scalable technology as they do a scalable sales motion. And I think we've done a great job in that area. So when you think about where we are today, it's really outcome based selling. What problem is the we're trying to solve. Is it just core endpoint? Is it a threat intelligence problem? Is it an issue around observability? So every conversation when we're engaged starts at that level and then we can drive to the specific modules. And we have 21 modules, but we only have categories of endpoint threat intelligence managed services. So it makes it a lot more reasonable once you get to just a handful of those. The other piece that I really want to focus on is the fact that we've got a very friction free motion internally. So as a customer, And it's one thing to land a new customer focused on their outcomes. But as an existing customer, you can just put your hands up and say, I want to try of File Manager or I want to try our firewall protection module. Whatever it is, you can try it. And then obviously there's a lot of analytics that come out of that that gets into the inside sales team or the field sales team and that allows us to be very efficient in having the customer self select what they want to try from a cross sell perspective. So that's that piece there. And then obviously Some partners will be more focused on observability and data and core kind of SIM and logging and others are going to be focused on core security It's a matter of working with them and enabling them, whether it's in the U. S. Or whether it's outside to basically hit their sweet spot. And each partner is a little bit different. Thanks. The last thing is you talked about extending the breach of protection insurance to English, The cloud workflow protection complete, CWP complete. Could you talk a little bit about what you think the breach protection insurance has done to date? How well received that has been and if it's done anything for the broader motion or adoption or new customer additions, just thoughts along that? The warranty that we have? Yes. I think it has certainly given a level of comfort to customers because we're willing to back up our technology and with the warranty, right? And there's a lot of companies that won't do that or If you look into their details, it's more of a marketing gimmick. This is a real warranty. So from that perspective, I think it's really important. And also Let's keep in mind too, there's really a challenge right now with cyber insurance. The rates are all up, if you can get it. And it's a real problem that's here in the industry. It may not be so well known. So our customers, particularly complete customers get a discount on their insurance in addition to being backed by our warranty. So I think it's 2 pieces. We put our money where our mouth is and back our product and service. And the second piece is We actually provide a way for companies to drive down their insurance costs, which has been very effective. Thank you. Okay. Thank you. I think, Maria, that was our last question. So I want to get wrapped up here. It's It's been an action packed full day at Falcon. I still wish that we could be in person. I hope we're in person next year, but we've put together a lot of content. I know there's a lot to consume. Hopefully, you can go back and watch some of the videos. We're super excited obviously about XDR, about Humio, filed Vantage about the alliance that we put together really helping again as we've done in the past is define the industry and drive it forward with a standard that's good for all customers and partners irrespective of the category that they're in. So with that, I just wanted to thank everyone for the time and attention. We'll see you on the next earnings call. And I wish everyone well and stay safe. Thanks.

• Slides