Earnings Call: Q1 2020

Jul 18, 2019

Good day, ladies and gentlemen. Thank you for your patience. You've joined the CrowdStrike Holdings Incorporated Q1 Fiscal Year 2020 Financial Results Conference Call. At this time, all participants are in a listen only mode. Later, we will conduct a question and answer session. As a reminder, this conference is being recorded. I would now like to turn the call over to your host, VP of Strategic Finance, Peter Daley. Sir, you may begin. Good afternoon, and thank you for your participation today. With me on the call are George Kurtz, President, Chief Executive Officer and Co Founder of CrowdStrike and Bert Podbearer, Chief Financial Officer. Before we get started, I would like to note that certain statements made during this conference call that are not historical facts, including those regarding our future plans, objectives and expected performance, are forward looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. These forward looking statements represent our outlook only as of the date of this call. While we believe any forward looking statements we have made are reasonable, actual results could differ materially because the statements are based on our current expectations and are subject to risks and uncertainties. We do not undertake and expressly disclaim any obligation to update or alter our forward looking statements, whether as a result of new information, future events or otherwise. Further information on these and other factors that could affect the company's financial results is included in filings we make with the SEC from time to time, including the section titled Risk Factors in the company's Form S-one previously filed with the SEC. Also, unless otherwise stated, excluding revenue, all financial measures discussed on this call will be non GAAP. A discussion of why we use non GAAP financial measures and a reconciliation schedule showing GAAP versus non GAAP results is currently available in our press release, which may be found on our Investor Relations website at ir.crowdstrike.com or on our Form 8 ks filed with the SEC today. Now, I will turn over the call to George to begin. Thank you, Peter, and thank you all for joining our first earnings conference call as a public company. I would like to begin by also thanking all of our employees, customers, partners and investors for their hard work and dedication in helping us reach the important milestone of becoming a public company. We had a very strong start to the fiscal year, Consistent with the preliminary financial results in our IPO perspectives, we achieved 103% year over year total revenue growth and added a record number of net new customers, while meaningfully improving operational leverage in the Q1. Bert will discuss the details of our Q1 financial performance in a few moments. But first, for those new to the CrowdStrike story, I will provide some background on our technology, business and markets. Our success to date and rapid growth are the results of close to a decade long mission to stop breaches and pioneer a new category, the security cloud. Nearly every breach you've ever heard of had 2 things in common. The victims had both a firewall and an antivirus solution. Today, companies and government agencies face the constant threat of cyber attacks from a variety of threat actors, ranging from highly advanced nation states to organized crime, activist and even terrorist organizations. These attacks aim to not only steal money and intellectual property, but increasingly they seek to disrupt and destroy. Using highly sophisticated tools and techniques, today's cyber adversaries run circles around fossilized legacy technologies. This is what led us to start CrowdStrike back in 2011. We set out to create a modern endpoint security platform with a cloud native architecture built from the ground up to stop breaches. Like other cloud disruptors, CrowdStrike started with a clean slate to build not only a scalable cloud architecture, but also a scalable, frictionless and highly efficient business model. Our platform is composed of 2 tightly integrated proprietary technologies, our easily deployed intelligent lightweight agent in our cloud based dynamic graph database called Threat Graph. Our Falcon platform integrates 10 cloud modules via software as a service subscription based model that spans multiple large markets, including endpoint security, security and IT operations and threat intelligence to deliver comprehensive breach protection even against today's most sophisticated attacks. We believe our cloud native platform gives us a fundamental competitive advantage as we capture data once and reuse it and monetize it many times over. Our customers can try new modules already populated with their data for free. This creates a high velocity cross selling model. In fact, there are a number of key attributes that we believe set the Falcon platform apart from other solutions in the market. First, our solution is rapidly deployable, easy to use and unlocks the power of crowdsourced data. It gets smarter the more data it consumes, increasing our effectiveness, intelligence and competitive advantage with each new customer and endpoint or workload joining our crowdsource network. 2nd, all of our cloud modules are powered by a single intelligent agent, allowing customers to consolidate and remove numerous agents from their infrastructure and restore endpoint performance. Our lightweight agent is designed to be automatically installed and operational on an endpoint in less than 30 seconds. That's without any reboots. This is an important attribute for customers as they do not want to reboot their entire business to adopt a new solution. Solving this engineering challenge was critical for providing immediate time to value for our customers. Another key aspect of our agent is its ability to dynamically capture high fidelity data with our proprietary smart filtering technology. What matters to stopping breaches is the quality and the type of data that we obtain and analyze. Smart filtering is critical to capturing the right data on both real world attacks and benign behavioral patterns to continually train and enhance our algorithms, resulting in industry leading threat detection and low false positive rates. CrowdStrike's smart filtering technology also allows us to take full advantage of the cloud. Our cloud native approach outperforms other solutions that may be forced to store their data locally or inefficiently stream unfiltered data from endpoints to on premise controllers, which crush networks and endpoint performance. And 3rd, all the data we collect is stored in one place, not on premise or stuck on the endpoint itself, but in the cloud, where it is analyzed almost instantaneously across our entire customer base. To handle all this telemetry, we built our own proprietary distributed graph database that we call Threat Graph. We like to think of Threat Graph as the brain of our system. It is capable of dynamically scaling to meet demand. Every week, it processes, correlates and analyzes over 1 trillion events across our global customer base in real time. What makes our Threat Graph so unique and powerful is its ability to very quickly discover and identify relationships and patterns within the data to see and stop attacks that are invisible and undetectable using conventional legacy solutions. ThreatGraph lets us apply cloud scale AI to this data to stop breaches in real time. Today, we serve over 3,000 subscription customers. We protect many large organizations across all major verticals, including 9 of the top 20 banks, over 40% of the Fortune 100 and government agencies around the world. Our ease of use, rapid deployment and exceptional efficacy also makes our solution a natural fit for small and midsized organizations, which often do not have large internal security teams. In the Q1, we saw strong customer momentum. I will take a moment to highlight a few of the notable customer wins that showcase initial adoption drivers of the Falcon platform, as well as our ability to expand within existing accounts. Key themes we often hear from customers are the need to simplify their security stack, reduce the number of agents on their endpoints and gain the advantage of a true cloud native endpoint security platform. Take the example from this quarter of a health insurance provider that was using a number of tools from other security vendors, including EDR from a next gen vendor, AV from a legacy vendor and a variety of tools embedded in the operating systems of their servers and workstations. Yet this company had issues with alert fatigue and had difficulty scaling this patchwork of solutions as the business was growing. To solve these problems, they dropped the old setup and rolled out CrowdStrike's Falcon platform given its ease of deployment, single agent architecture and ability to take advantage of crowdsourced data by adding our threat hunting module Overwatch. In Q1, we also displaced the legacy AV vendor at a midsized pharmaceutical company. The board and leadership team at this company had a growing concern about their current state of security and the level of adversary activity they were seeing. They also knew they had limited cyber security personnel and a skills gap, which is another demand driver we commonly see among prospective customers. This company quickly identified our turnkey Falcon Complete offering to help them easily address their skills gap and fortify their cyber defenses. Next, I will highlight a win that represents our tremendous opportunity to expand within our customer base. This customer is in the public sector, which also speaks to our growing success in that segment of the market. We initially engaged with this large U. S. City back in 2016 on a small deployment of 15,000 endpoints to replace a fossilized AV vendor that was failing to provide protection and value. We replaced that vendor with our combined EDR next gen AV offering, plus Overwatch. Based on the success of the initial deployment, we expanded our footprint to over 250,000 endpoints the following year. And I'm pleased to report that in Q1 of this year, we have increased coverage to 400,000 endpoints and sold additional cloud modules, including Falcon Discover for IT hygiene, Falcon Device Control, Falcon Spotlight for vulnerability management and FalconX for integrated threat intelligence. This is a great example of how we can land a new customer and expand that relationship by adding endpoints and modules over time. Our Falcon platform is one of the most strategic security purchases they have made in many years. These wins represent just a few of the 543 net new subscription customers that selected CrowdStrike in Q1 to help them stop breaches and protect their organizations. Driving the adoption of our platform is a robust sales and marketing engine that continues to deliver an increasing number of new logos, while consistently removing friction from the sales process. Increasing our customer base is a key component of our growth strategy, and we will continue to invest in customer acquisition programs, channel partnerships and frictionless go to market programs, including free and in app trials. In addition to winning new customers at a rapid pace, we are also focused on expanding our relationship with existing subscription customers by deploying additional cloud modules and protecting more of their endpoints. Our dollar based net retention rate speaks to the efficacy of our solution in our successful land and expand sales model. As of January 31, 2019, we had a dollar based net retention rate of 147%. While this metric can fluctuate quarter to quarter, our benchmark is 120% or above, which we again exceeded in Q1. While we started in the endpoint security market, given the nature of our cloud native architecture, we're able to rapidly innovate on top of our platform and build new modules for additional functionality and use cases not typically associated with endpoint security. Since 2016, we have launched 7 new cloud modules and today we address 5 markets Corporate endpoint security, threat intelligence, security and vulnerability management, IT service management software and managed security services. Combining these market segments, we estimate that our global market opportunity is $24,600,000,000 in 2019 and growing to over $29,000,000,000 in 2021. To help drive future growth, we plan to continue to develop new cloud modules to address broader endpoint use cases, such as IT configuration management and IT operations. To measure our success executing on our platform strategy, we look at the percentage of all subscription customers who have adopted 4 or more cloud modules. This percentage rapidly grew to 30% by the end of 2018 and grew to 47% by the end of fiscal 2019. In Q1, we continue to see an upward trend in this metric. In looking at our future growth prospects, it is common for those new to the CrowdStrike story to only think about the opportunity as endpoints, such as desktops and servers. However, we think about the opportunity differently and more broadly than that. We expanded our market opportunity by securing a wider array of workloads, which includes desktops and servers, virtualized and cloud environments, IoT devices and containers. In Q1, we expanded our market opportunity even further when we introduced Falcon for mobile that supports Android and iOS. This is a powerful vector for growth. These workloads need to be protected and they are growing with every new connected device in every new cloud instance. We also intend to grow by broadening our reach into new international markets and customer segments, including smaller organizations, as well as acquiring customers in the federal government vertical. And lastly, we see significant longer term opportunity with new workloads and applications within the CrowdStrike store. The CrowdStrike store offers the 1st and only unified security cloud ecosystem of trusted third party applications. This sets the stage for us to further expand our TAM and grow in segments outside of security, such as IT operations and compliance. In summary, we cannot be prouder of our important mission, protecting our customers from devastating attacks, business disruption and a theft of IP and financial resources. In addition to stopping breaches, we also help our customers reduce cost and complexity, which differentiates us in the security marketplace. We have built a high performing and enduring business with multiple engines for growth and a frictionless go to market strategy. We are excited by our future opportunities and look forward to your support as we advance on our journey to become the leading endpoint security platform and ultimately the de facto endpoint platform of the future. With that, I'll turn the call over to Bert. Thank you, George, and good afternoon, everyone. I'd like to express how pleased we are with the level of interest we have received from our analysts and investors. We look forward to getting to know you and keeping you updated on our performance. Today, I will provide a brief overview of our Q1 financial results, target operating model and our Q2 and full year 2020 guidance. As a quick reminder, unless otherwise noted, all numbers except revenue mentioned during my remarks today are non GAAP. Across the board, we delivered an outstanding Q1 with strength in multiple areas of the business, including ARR growth, revenue growth and subscription gross margin improvement. We view annual recurring revenue or ARR as a key metric to measure our business, given it is driven by our ability to acquire new subscription customers and to maintain and expand our relationships with existing subscription customers. We define ARR as the annualized value of our customer subscription contracts at the end of the quarter, assuming any contract that expires during the next 12 months is renewed on its existing terms. In the Q1, we delivered 114% ARR growth to reach 364 point $6,000,000 of which $52,000,000 was net new ARR added in the quarter. This growth was driven by a strong quarter for new logo acquisition combined with low contraction and churn within our existing customer base. Total revenue more than doubled over Q1 of last year to reach $96,100,000 Approximately 90% of our revenue is subscription based with no perpetual licenses, giving us a strong, scalable, recurring revenue base and a business model advantage. In the first quarter, subscription revenue grew 116% over Q1 of last year to reach 86,000,000 The remaining 10% of our total revenue is derived from our strategic professional service offerings, which include incident response and proactive services that are generally sold separately from our subscriptions. While professional services carry a lower gross margin than our corporate average, it is a small portion of our revenue base and we view it as strategic. We have been able to derive an average of about $3 of subscription ARR for every $1 spent on an initial incident response or proactive services engagement. To be clear, these are customers that are new to CrowdStrike. In terms of geographic breakdown, approximately 75% of 1st quarter revenue was derived from customers in the U. S. And 25% from international markets. Moving to our operating results. We are focused on building a long term business with sustainable growth and compelling margins. In Q1, we continue to recognize operating leverage in our SaaS model and the benefits of scale even as we increased investments in our global reach and cloud platform. 1st quarter non GAAP gross margin improved to 70% from 59% a year ago. Our non GAAP subscription gross margin increased to 73% from 62% in Q1 of last year. The improvement is primarily attributable to the efficiencies around hosting and data center costs and the uptake of multiple cloud modules by our customer base. Our collect once, reuse many data strategy means that after the first module subscribed for buyback customers paid for and covers the cost of data storage and most computational costs, each additional subscription module carries a very high margin. Total non GAAP operating expenses in the Q1 were $89,200,000 or 93% of revenue versus $59,400,000 last year or 126 percent of revenue. Scaling and growing our business efficiently is a top priority, which is why we focus on our unit economics metrics, including Magic Number. In Q1, we ended with a Magic Number of 1.1. Key factors driving our unit economics include our strong gross and net retention rates, our highly efficient low friction sales and marketing programs that continue to drive subscription revenue growth. We have a proven history of disciplined investing and remain committed to maintaining a thoughtful balance between generating top line growth and achieving operating leverage. Going forward, we plan to make continued progress in driving toward breakeven and beyond, but it may not be in a linear fashion depending on the timing of expenses. As a result of our rapid top line growth, improving growth margin profile and continued disciplined approach to investing in our business, we drove strong operating leverage in the quarter with our operating margin improving 43 percentage points year over year. Non GAAP net loss was $22,100,000 or $0.47 per share, which compares to a non GAAP net loss of 31,700,000 or $0.73 per share in Q1 of last year. The weighted average common shares used to calculate 1st quarter EPS was 47,200,000 shares in Q1 fiscal 2020 and 43,600,000 shares in Q1 2019. Before I discuss our balance sheet, I'd like to review our long term operating model. On a non GAAP basis, we are targeting gross margin to be in the 75% to 80 plus percent range. As a percentage of revenue, we are targeting non GAAP sales and marketing to be 30% to 35%, R and D 15% to 20% and G and A 7% to 9%. We anticipate this will lead to a non GAAP operating margin of 20% or greater. Turning now to the balance sheet. We ended Q1 with $175,100,000 of cash, cash equivalents and marketable securities. Subsequent to the close of the quarter, we received net proceeds of $659,100,000 from the IPO. Cash flow from operations in Q1 was positive $1,400,000 and free cash flow was negative 16,100,000 dollars Moving to our guidance for the Q2 and full year fiscal 2020. For Q2, total revenue is expected to be in the range of $103,000,000 to $104,000,000 reflecting a year over year growth rate of 85% to 87% with subscription revenue being the dominant driver of growth. We expect non GAAP loss from operations to be in the range of $29,100,000 to $28,600,000 and non GAAP net loss to be in the range of $30,500,000 to $30,000,000 Utilizing weighted average shares using computing non GAAP net loss per share, basic and diluted of $129,900,000 we expect non GAAP net loss per share, basic and diluted in the range of $0.24 to $0.23 For full year 2020, we expect total revenue to be in the range of $430,200,000 to $436,400,000 reflecting a growth rate of 72% to 75%. Non GAAP loss from operations is expected to be between 113.4 $1,000,000 and $110,400,000 and non GAAP net loss is expected to be between $105,900,000 $103,200,000 Utilizing weighted average shares used in computing non GAAP net loss per share, basic and diluted of 147,000,000 dollars we expect non GAAP net loss per share to be in the range of $0.72 to $0.70 We are pleased with the strong results we are reporting today and believe we have the capacity and resources to continue driving the business forward over the long term. We are excited about CrowdStrike's new phase as a public company and appreciate your ongoing interest and support. George and I will now take your questions. Operator, we'd now like to open the lines for questions. Thank you, Our first question comes from the line of Heather Bellini of Goldman Sachs. Your question please. Great. Thank you so much gentlemen for taking my question and congratulations on your Q1 out of the gate. I wanted to follow-up on some of the comments you made about the ultimate expansion into things like IT ops and APM. And just wondering, given just trying to think outside of the endpoint market as you referenced, how do you think you're positioned in that market versus the competition? And just if you could share with us kind of is this kind of the customers kind of driving you into that market? And again, just share with us how you feel like you're positioned to start taking share in that market over time? Thank you. Sure. This is George. Thanks, Heather. So I think it really is an extension of what we've already built and continue to refine in our IT ops and our Discover module and it just add ons to what we've been seeing from a customer perspective. Getting back to the overall model of the single agent architecture, the ability to collect data one time, it becomes easy for us, if you will, to be able to represent that data and help customers understand the current configuration they have, help them provide more efficient IP operations once they have visibility into applications and the system health and things of that nature. So it really is just an extension of what we've already been doing. And when we think about the opportunity again, as these workloads proliferate, right, whether it's a desktop server, an IoT device, a cloud instance, a containerized instance, they all need some level of protection and visibility. And really this is just an extension to collecting the data that we already have and being able to display that in a workflow that makes sense for our customers. Great. Thank you so much. Thank you. Thank you. Our next question comes from the line of Sterling Auty of JPMorgan. Your line is open. Yes, thanks. Hi, guys. I wonder if you could give us an update on how your partnerships are developing especially with partners like Dell? Hi, Sterling, it's Bert. So I would characterize our issue with DALYs in terms of ARR generation versus where we think DALYSTAL. We have access to the business, every mobile business from our customers around the world. The upsell opportunity is significant on any technical integration or to market integration in strategic fashion is exciting. Us. Ultimately, we feel that the development will accelerate our expansion into markets where they have a strong presence, such as in federal or EMEA or APJ. Got you. And then one follow-up, in terms of the module adoption for investors that are newer, what's kind of the most popular modules that you see within the ones that get up sold once a customer comes on? Right. That's a good question. So as you saw on the S1, we're in a great spot. We've got 47% of our existing customers having 4 more modules in Q4. We saw that in Q1, the trend continued. For us, it goes back to how George first thought about the company, which was about next generation AV, EDR and overwatch. Those were the three things that he came out with and those are core to our business and that hasn't changed. All the other ones that we've talked about, whether it's device control or whether it's discover, all those come in and they can come in equally depending on what question comes from the line of Tal Liani of Bank of America. Your line is open. Hi, guys. I'm trying to work next quarter numbers. The if I put you're guiding way higher than we thought. If I put $103,000,000 or $104,000,000 in revenues, I don't get minus $0.23 I get deeper loss. So that means your margin assumptions are better than what we're expecting. Can you elaborate on gross margin and OpEx assumptions for next quarter? Thanks. Thanks, Tal. So it's Bert. So as we think about guidance, we think about guiding prudently based on the things that we know today, not necessarily on the things that we don't know. As we think about the future into the guidance, we think about both improvements on the top, improvements on gross margin and OpEx. And as we think about the splits between OpEx and gross margin, we think it's about fifty-fifty in terms of how we think about the improvements and the benefit there. Is so still your targets, long term targets, same targets, you're reiterating their targets? I am reiterating targets, correct. Okay, perfect. Thank you. I don't have a question on the fundamentals straightforward quarter. Thanks. Thank you. Our next question comes from the line of Sakhi Kalia of Barclays. Your question please. Hey guys, thanks for taking my questions here. First, maybe for you, Bert. We spoke about some of the different modules in your prepared remarks, but can you talk about some of the different packages out there like Falcon Pro, Falcon Enterprise and of course Complete? Maybe just qualitatively, what you're seeing from a high level in terms of adoption across some of those different packages or bundles that you offer? Sure. Hey, Saket, this is George. I'll take this first shot at this. So if we look at Pro, which is really our PREVENT and and our FalconX, that has wide adoption in the smaller SMB and corporate space. Obviously, the enterprise package can be applicable to a large organization, a corporate company or even a large enterprise. And as we continue to go up the food chain, if you will, with premium, we have as we've talked about, we have many of our customers actually have Overwatch and Discover and it really depends on the overall organization. Certainly, enterprise and premium are going to be more applicable to the large organizations. And the pro version just pure antivirus if you will, next gen AV antivirus with our FalconX technology can be useful for a smaller organization. The beauty of the model is once people understand our technology, it is easier to upsell them into an EDR technology where as a smaller company maybe they weren't quite exposed to it. But given our technology, how it works, how easy it is to use and combine that with Overwatch, it makes for an effective cross sell. So hopefully that gives you at least an idea of where we're seeing the traction. And again, our overall goal even for large enterprises is you could have a trial in a large enterprise of just the pro product, but then we can quickly come in and cross sell them or up sell them in the sales process into a package that fits their enterprise. So it can leak into the enterprise just from the free trial, which is really exciting to us. And it doesn't just have to be a next gen AV sale. Got it. It's Bert. I'll just add on to that. As we think about what I just talked about in terms of the module adoption, as we continue to come out with different as we come out with different bundles and as we continue to bring new modules to the marketplace, we anticipate that not only the adoption within our existing customer base will increase, but the amount of modules that each customer will have will increase as well. Got it. Got it. Maybe just to stay with you, George, you brought up the CrowdStrike store quickly in your prepared remarks. Realizing it's early, can you just talk a little bit about the pipeline of potential partners that you can work there that you can work with there? And maybe some broad brushes on, again, realizing it's early, how you sort of envision some of the commercial terms as those partners leverage some of the CrowdStrike data that you're able to collect? Sure. So we've got close to a dozen partners that are in process and investigation phase. I think just to reiterate what we talked about is making sure that we've got the quality versus just quantity in the store. And it certainly is early days as we continue to underscore. I think when you look at the opportunity, the opportunity is much broader than that. You look at our technology fundamentally, what do we have the ability to do? The ability to gather large amounts of data at scale, it could be security related data, it could be non security related data and we have the ability to take actions. And this is very important for organizations of all sizes and ultimately having them interact with 3rd parties or create their own workflows is very exciting to these organizations. So it's still early days, but we're focusing on getting the right partners in. And when we think about the revenue opportunity, Bert can comment more specifically around this. But in terms of how we look to go to market with these partners, the more of the service offerings, the behind the scenes APIs, if you will, that they use, the greater revenue share that we would get. So the more they consume our platform, the less that they have to spend on their own and the more revenue from a rev share perspective we would be able to take advantage of. Sure. And to expand on that just a little bit, as we look at each partner, we look at it on a case by case basis. And for us, as we think about the opportunity, we would derive that revenue share from that. Very helpful, guys. Thanks very much. Thank you. Our next question comes from Brad Zelnick of Credit Suisse. Your line is open. Hi, this is Rachel Lauren on for Brad. Congrats on the quarter and it was really great seeing the outlook. I just wanted to ask, are you seeing Windows 10 adoption as an opportunity as customers reevaluate endpoint security? And are you seeing more interest for Microsoft Defender ATP? Yes, this is George. I'll take this. I think anytime you have a transition between Windows 7 and Windows 10, an operating system changes, there's always an opportunity for us to get built into the overall gold images, and we continue to see that. With respect to other partners out there, I should say other competitors, I mean there's a variety of competitors that are out there. We've I think done a great job because of our platform support for technologies beyond just Windows. So in a heterogeneous environment, companies want coverage not only for Microsoft 10, but they also want it for Linux and Mac and other devices. So I think that's an area where we have a distinct advantage over our competition in terms of our platform support, particularly in the Linux environment. Got you. Thank you. That's helpful. And as a quick follow-up, you guys reported a really strong net retention number. And I wanted to know kind of are you seeing more adoption in terms of increasing endpoints or is that more coming from module increasing module adoption? Hi, it's Bert. So we see it from both. We're going after both, both whether or not an existing and we're seeing actually adoption of both. Okay. And then and we're seeing actually adoption of both. Got you. Thank you very much. Our next question comes from John DiFucci of Jefferies. Your line is open. Thank you. I have a question for George and a follow-up for Bert. So George, Bert pointed out that every incremental product customer buys improves margins and that makes a lot of sense because they all work off that foundation that you talked about, the graph database and the lightweight endpoint. And you pointed out 47% at the end of last year or fiscal year and up from 30%, actually you have 4 or more products. And I know you said that the trend continues. Is there any can you give us any more on that? Because I happen to think that it's not just about the improved margins, it's also the stickiness. As you know, you've worked at other endpoint vendors too. The stickiness of endpoint is something that investors look at and they question how sticky is it going to be, but you're much more than that. The more you are much more than that, the more sticky I think you're going to be. So can you give us any more color around that better than 47%? Well, I think in general just some color for the overall approach that we've taken and just to maybe double click, we talked about that city that I spoke about in my example earlier, where we started small and then have expanded out those modules and that being one of the most strategic security purchase they made, I think that really underscores how strategic we are, how sticky we are with customers and our ability to add new modules. And what's really interesting is now with customers, they routinely say, okay, before we're going to purchase something else that maybe is a module that we don't have today, they always ask us, will you have this module and or will it be in your store, because they don't want to make a buying decision that is outside of the Falcon platform. It's very similar to the way we many customers look at Salesforce as an example, right? You want to have it all integrated. So we've seen that level of strategic interest in what we're building to make sure that they can harmonize on that before other purchases. I think that's really a good indicator of the stickiness. Sorry, if you have any other comments. Yes, I know you want to drill a little bit more into where we think we can go above the 47%. I mean, as I said that the trend continued in Q1. But I think really we have quite a few customers that have all of our capabilities. And that's going to put some upward momentum to that number and we expect to see that. Okay, great. And Bert, I think Tal mentioned about the guidance being the surprise here. As you know, from the S-one, we had a look at what the numbers for the quarter would be and you actually did a little better than that. But the real surprise here is that the guidance, which is much better than where we were anyway, and I think most people adding almost 10 percentage points of growth to revenue for the year and we know how that works. So I guess the question is, I mean, you got 2 weeks left to this quarter. You have insight into this quarter and obviously you guided for that, but the pipeline, I mean, I guess that's reflective of that. So can you talk a little more any give us a little more color around the pipeline and what you're seeing as far as momentum in the market right now? Yes, John. Yes, sure. So definitely, I think the momentum is continuing. I think the overall strategy where we've got modular expansion and then even on the bottom when we think about optimizing our cloud approach with our hybrid cloud approach between using a public cloud provider and our colos. And then finally, of course, the refinement of our ability to smart filter. I think those three things continue to allow us to see momentum in the marketplace today. When I think about the strong guidance, again, the guidance is based on things that I know today and not necessarily things that I know tomorrow. Historically, we've had the benefit of running the table quarter on quarter. And I think it would be prudent not to guide that way in the future because we just don't know. But the momentum that we've got clearly from the marketplace and in the guidance that we just gave. Great. Okay. Thanks. Nice job, guys. Thanks, John. Thank you. Our next question comes from the line of Matt Hedberg of RBC Capital Markets. Your question please. Hi guys. Thanks for taking my question. I see we're running a little late, so I'll try to keep it to 1. I can have multiple here, but well done in your Q1. I wanted to ask the question about module a little different way. Bert, can you provide some color on the level of catch of multiple products for new customers? I see, I'll disclose that, but I'm wondering if you can kind of help us out versus the trends a year ago, understanding a lot of your products are have been introduced in the last couple of years, but kind of curious on if new customers are coming in at a higher rate than maybe you expected as well? We're very proud of the fact that the new customers that are coming in are buying bundles out of the gates. So the majority of our new customers are buying more than 1, more than 2 of our modules. Actually the majority are buying 3. And so we're very proud of that and we're continuing to delight our customers and that gives us a chance to upsell those that are coming in 3 and as you know, there's a lot of customers that come in with more than that. So for us, as we think about bringing more modules to the marketplace, we would expect that to grow. Great. Thanks a lot guys. Thank you. Our next question comes from the line of Gur Talpaz of Stifel. Your line is open. Great. Thanks for taking my questions and congrats on a strong start here as a public company. I'll keep it to one for you, George. You alluded to this in your prepared remarks, but I was hoping you could extrapolate a little bit. How difficult would it be for someone to effectively replicate your cloud architecture with your single lightweight agent? Meaning if somebody was to come in today and try to do what you do, how much would have to go in to ultimately replicate your strategy and your go to market? Well, there's a lot of core IP that we've built into the technology and we started in 2011 as the first cloud native endpoint security vendor. And obviously there's a lot of lessons learned between now and then. I think there's key elements that we have that we've built. Number 1 is a single lightweight agent doesn't require reboots. That really helps time to value and adoption. I think number 2 is the proprietary graph database that we've built, right, with our time dimension to it, very hard to replicate at scale. We didn't pick an open source technology because it's been scaled to what we needed and didn't have some of the elements. And then the modular framework to be able to add modules and do this at scale, it's just a really, really hard thing to do. And you have a lot of folks that talk about cloud, but the reality is it's cloud management is cloud native and you really have to start from a single sheet of paper. I don't think it's any different than the Salesforce Siebel analogy that you just can't take something that started on premise and try to jam it into a cloud and call it cloud native. So in our mind, it's a difficult thing to do. And more importantly, anyone coming into the space would really have low margins and have to go through a painful process of margin migration upwards. Obviously, you've seen we've gone through this, but a lot of it really is based upon the core IP that we've built, which is very unique. And the data moat maybe is the last piece that I'll say is, once you collect that amount of data, it keeps building on each other on itself, I should say. And again, that becomes a very hard thing to replicate the sheer amount of trillions of events that we collect each week. Awesome. That's great color. Thanks, George. Thank you. Thank you. Our next question comes from Sarah Hindlian of Macquarie. Your line is open. All right, great. Thank you so much, guys. I have a question around new customer adds, which were really, really strong this quarter. I'm hoping you can tell me what factors you think are primarily driving that and how we should think about it going forward? Hey, this is George. Let me at least start here. I think what we're seeing again is the recognition in the marketplace, whether it's analyst recognition, whether it's the single agent cloud architecture, the adoption of new cloud modules, the adoption of workloads where customers are looking for something that's simple, needed time to value and just works. I think we've done a good job in the free trials. We continue to see a lot of momentum where customers coming in and very easily and quickly seeing the value of our technology and then we can convert that with a very robust inside sales team. So we see a lot of momentum in that space. And I think it's just a recognition that the traditional legacy players are not really capable of dealing with advanced threats and customers are looking for something different, more importantly in a cloud based architecture to match their needs as they migrate other technologies into the cloud. Yes, that's right. And us as excited as we are and we've been talking about the upsell into our customer base, we're equally as excited to go after our new customers. And we are focused on going after both. We believe that we have a lot of headroom in both new logos as well as upsell into our customer base. And we compensate our sales team the same for either one of those sales. So we're excited to go after both of those. All right. Great. Thank you, Bert and George. And then I had a follow-up on in terms of the new modules. I know it's still early days, but I'm just wondering how the pricing is shaping up as you're starting to really crack into these new markets. Is it similar pricing dynamics to EDR? What are you thinking early on here? Yes. So as we think about pricing for our new modules, we take a look at what we've done in the past. We think what the market will bear. We have a great read on what customers have been able to absorb according to their budgets. And so for us, as we think about the fact that once you bought that first initial module, you're absorbing a lot of the initial costs and we have a lot of flexibility in terms of where we want to go with our pricing as new modules come out. And so we've been able to benefit from that. Thank you very much, George and Bernstein. Congrats on the quarter. Thank you. Our next question comes from Andrew Nowinski of Piper Jaffray. Your line is open. Great. Thank you and congrats on the nice start. So I just wanted to follow-up on your comments about how malware is running circles around the fossilized vendor solutions that are in the market. Has the recent news related to Symantec created enough disruption to where you're noticing an improvement in your win rates, particularly over Symantec? Well, any of the legacy vendors we continue to take share from. And again, I think it's a recognition of customers that are trying to transition to a true cloud architecture. We don't really get focused on their distractions. We continue to focus on building the best endpoint security and platform technology that's out there. And that's why we win. We show the value in the sales process of what we can deliver, how we can protect against breaches and more importantly, how we can create a modular framework that allows them to consolidate the bloated number of agents they have with a single lightweight agent that can do the work of many. I think that's why we continue to win in all areas of business. Okay, thanks. Keep up the good work guys. Thank you. Thank you. Our next question comes from Terry Tillman of SunTrust. Your line is open. Yes. Thank you, gentlemen, and congrats as well on the IPO and the strong results. Maybe Bert, my question for you is, as we're just looking at our models and now updating and post the final results for 1Q and then the guidance, how do we think about seasonality from a standpoint of some of the inputs like new customers as we drive our ARR numbers throughout the year? Is your business kind of still not at a point where there's a lot of seasonality and things just continue to ramp each quarter or any commentary on seasonality? Thank you. Sure. So we do have some seasonality. We do see dips in Q1 from Q4, but we generally tend to build from there. But as you think about your models, clearly look at our Q1 and run with that. That's how we think about Thanks. You're welcome. Thank you. Our next question comes from Erik Suppiger of JMP. Just in general, I'm curious what difference has the IPO made for you? Has that changed hiring? Has that changed marketing opportunities? What changes have you seen in light of your higher profile at this point? Yes, this is George. Obviously, it was a financing event for us, but there's certainly a marketing aspect and awareness worldwide. So we continue to see more and more awareness of CrowdStrike and what we do and just how different we are from all the other technologies that are out there. And I think it served as a good event to provide a level of awareness that maybe wasn't available outside of the U. S. And I think we'll continue to create a broader presence particularly in the international markets as a result of this IPO process. Does it make a difference from a hiring perspective? Well, from a hiring perspective, I think what's really interesting is the amount of data that we have and just the technology and the science that we have may not have been as well known. And when we think about some of the leading tech companies that operate at scale, I would put ourselves in that category. So for folks that really are looking to deal with data science and at scale, they get really excited about what we've done. And I think we've been able to shine a light on that through the IPO process. Great. Thank you. Thank you. Our next question comes from Gregg Moskowitz of Mizuho Securities. Your line is open. Yes. Hi. This is Mike Romali on for Greg. I was just wondering what did you see with respect to the pricing environment this quarter? Yes. So for us, it's been consistent with prior quarters. We haven't seen anything that has been unusual It's been basically business as usual. Thank you. Our next question comes from the line of Alex Henderson of Needham. Your line is open. Very much. I have a question I wanted to ask that was the only thing that came back at me with any dissidents when we've been talking about the company over the last couple of months. And really the question was around your relationship with Splunk. As I understand the Threat Graph, a big piece of the customization of the Threat Graph was around the time variable and making sure that you had very accurate understanding of when things happened in order to anticipate the rollout of tax. To the extent that you're tied in with Splunk, what how important is that relationship with Splunk given your time based relationship? Or is there some things that you're getting from the logs that you just start picking up otherwise? Thanks. Yes. I mean, it's pretty simple. This relationship is really just for presentation purposes. So the graph database, the collection, everything is all our technology. And threat hunters tend to like to hunt and peck and search around. So we use Splunk, which they're very familiar with as a presentation layer, and that's the extent of it. So, it's not really used for anything other than that. Perfect. That's exactly what I thought. Thank you. Thank you. Our last question is from Shaul Eyal of Oppenheimer. Your line is open. Thank you. Good afternoon, gentlemen. Congrats on the strong set of results as well as the outlook. George, thanks for your 3 customer examples in a number of verticals you provided us with earlier in the call. Of the 443 net new subscription customers, can you talk to us broadly about the average size of customers? Was it SMB? Was it mid market? Well, maybe high in enterprise? Just some color along these lines. Thank you. Okay. Yes. So just to clarify, it was 543. And it's really adoption across the board, whether it's large enterprise or small or mid market customers. I think the beauty of the model is that we have been able to go down market very effectively. We started in the enterprise and then we've been able to go down into the corporate space and ultimately into the small SMBs. And it's really because of that immediate time to value up and running without really any configuration and immediate time to value. So it's across the board. We can continue to see large enterprises switch off their incumbent vendors to CrowdStrike and embrace the single agent architecture. So we anticipate that trend continuing. You. At this time, I'd like to turn the call back over to George Kurtz for any closing remarks. Sir? All right, great. Thank you. Great questions. And I want to thank of you for your time today. We appreciate your interest and look forward to speaking with you next quarter. Thanks so much and have a great day. Ladies and gentlemen, that does conclude today's conference. Thank you for your participation and have a wonderful day. You may disconnect your lines at this time.