CrowdStrike Holdings, Inc. Q4 FY2021 Earnings Call

Ladies and gentlemen, thank you for standing by and welcome to the CrowdStrike Fourth Quarter and Fiscal Year 2021 Financial Results Conference Call. At this time, all participants are in a listen-only mode. After the speaker presentation, there will be a question-and-answer session. Please be advised that today’s conference is being recorded. I would now like to hand the conference over to your speaker today, Maria Riley, Investor Relations for CrowdStrike. Please go ahead.

Good afternoon and thank you for your participation today. With me on the call are George Kurtz, President and Chief Executive Officer and Co-Founder of CrowdStrike; and Burt Podbere, Chief Financial Officer. Before we get started, I would like to note that certain statements made during this conference call that are not historical facts, including those regarding our future plans, objectives, and expected performance, including our outlook for the first quarter and fiscal year 2022 are forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. These forward-looking statements represent our outlook only as of the date of this call. While we believe any forward-looking statements we have made are reasonable, actual results could differ materially because the statements are based on current expectations and are subject to risks and uncertainties. We do not undertake and expressly disclaim any obligation to update or alter our forward-looking statements whether as a result of new information, future events or otherwise. Further information on these and other factors that could affect the company’s financial results is included in filings we make with the SEC from time-to-time, including the section titled Risk Factors in the company’s quarterly and annual reports that we file with the SEC. Additionally, unless otherwise stated, excluding revenue, all financial measures discussed on this call will be non-GAAP. A discussion of why we use non-GAAP financial measures and a reconciliation schedule showing GAAP versus non-GAAP results is currently available in our press release, which may be found on our Investor Relations website at ir.crowdstrike.com or on our Form 8-K filed with the SEC today. Please also note that in light of our recent acquisition of Humio management will provide additional information into our guidance assumptions. We do not intend to provide this additional information on an ongoing basis. Now, I'll turn the call over to George to begin.

Thank you, Maria. And thank you all for joining us today. We have a lot of ground to cover. I will focus today's discussion on three key points. First, we delivered a phenomenal fourth quarter with results exceeding our expectations across the board, as customers of all sizes are increasingly choosing CrowdStrike as their security cloud platform of record. Second, as recent events such as the SUNBURST software supply chain attack highlight, stopping the breach is no longer just about protecting endpoints. It also encompasses cloud workload security and identity protection. We continue to enhance our capabilities and invest in all these areas, including our timely acquisition of Preempt, and as a result, we are driving strong momentum with customers. Third, our recent acquisition of Humio is a key element of our strategy to drive long-term growth. Together, we are building what we believe will be the fastest, most cost-efficient, and extensible cloud data platform that will deliver best-in-class visibility for security as well as observability for IT operations. Now let's discuss our results and get into these topics in more detail. The fourth quarter tops off a banner year for CrowdStrike in which we delivered exceptional growth at scale, significantly improved our margins and generated meaningful positive free cash flow for the year. We reached a significant new milestone with ARR surpassing $1 billion, up 75% over last year. We believe this makes us the third fastest cloud-native SaaS company to reach $1 billion in ARR, following fellow pioneers Salesforce and Zoom. The exceptional execution of the CrowdStrike team made reaching this significant milestone a reality. I could not be more proud of our dedication and success as a team in helping customers achieve and maintain an advantage over adversaries as we leverage the cloud speed, agility, and visibility to digitally transform their security. I would like to personally thank every CrowdStriker for their unwavering support and congratulate the team on reaching our first $1 billion in ARR. Across the board, our fourth quarter results well exceeded our expectations. During the quarter, net new subscription customer growth accelerated to 70% year-over-year. We added a record $143 million in net new ARR and achieved 77% subscription revenue growth. We also continued to see rapid module adoption. CrowdStrike subscription customers that have adopted 4 or more modules, 5 or more modules, and 6 or more modules increased to 63%, 47%, and 24% respectively. Organizations around the world are shedding legacy and inferior next-gen security technologies and accelerating their move to modern cloud-native technologies to meet the demands of today's threat landscape, future-proof their security architecture, and adopt a zero-trust security model. Our go-to-market strategy is executing on all fronts to seize on the strong secular tailwinds and opportunities we see in the market. Demonstrating the power of our sales engine and our land-and-expand strategy, we added a record 1,480 net new subscription customers in the quarter and now proudly serve 9,896 subscription customers worldwide. We have gained incredible momentum with both marquee enterprises and small businesses alike. In total for the year, 4,465 net new customers chose Falcon. The marquee customer stories that I will share with you today highlight our growing leadership among large enterprises and include companies in the Fortune 50, Fortune 100, and Fortune 500. I would like to note that while these are Q4 wins, given customer delivery schedules, ARR contribution will begin in Q1 further reflecting our exceptional Q4 net new ARR performance. First, I am pleased to report that Pfizer, a biopharmaceutical company and leader in COVID-19 vaccine research, is a new CrowdStrike customer. Pfizer selected CrowdStrike to help fortify its security posture with an initial purchase of seven Falcon modules. The next win I'd like to share with you is Procter & Gamble. In executing their digital transformation plans, Procter & Gamble recognized they needed to transform security. Procter & Gamble was attracted to CrowdStrike's tightly integrated, cloud-native, single-agent architecture. Our strategic partnerships with EY and AWS were instrumental in Procter & Gamble choosing CrowdStrike. I'd also like to highlight a win with a large technology company, where we are replacing SentinelOne. This customer was eager to find a true security partner to protect its endpoints as well as its cloud workloads across both its development and production environments. In addition to efficacy issues, SentinelOne was not a scalable solution and dramatically degraded performance on the endpoint, causing instability and impacting developer productivity. CrowdStrike was selected given our proven efficacy, breadth, and depth of the Falcon platform; performance and scalability across operating systems including Mac and Windows workstations and Linux servers. We also secured a foundational customer in the federal space with a major defense contractor standardizing on CrowdStrike for their internal infrastructure, outshining a long-standing relationship with a legacy AV vendor as well as the next-gen EDR vendor. The Falcon platform was selected as part of their digital transformation initiative to increase efficiency, enhance visibility, improve performance at scale, and consolidate agents across their environment. Our next customer story takes us to Israel. After leveraging the Falcon for home use program earlier this year as a new customer, Bank Leumi, a leading bank in Israel, selected CrowdStrike to protect their endpoints and implement a zero trust model to future-proof their security architecture. CrowdStrike was chosen over the competition after determining their solution was unable to adequately protect multiple versions of Windows or match the performance and speed of the Falcon platform. As one of the most respected security organizations operating in both an industry and country that have long been targets for nation-state actors and e-crime, they focused on selecting a new security partner with a modern solution capable of preventing targeted attacks, protecting their active directory, and supporting their remote workers with the scale and performance of the cloud. Expanding with Falcon Zero Trust along with several more modules, Bank Leumi is taking advantage of the extensive functionality offered by the Falcon platform and single-agent architecture to protect its critical infrastructure. Our outstanding performance in the enterprise sector was complemented by our strength with mid-market and SMB customers as reflected in our net new customer growth rate, which accelerated in the quarter. In addition to investing in our best-in-class sales team, a key pillar of our strategy to efficiently grow our market share and leadership is to expand our routes to market through our partner ecosystem, trial-to-pay platform, and CrowdStrike store. We are seeing our investments in these areas over the past few years deliver meaningful results. In fiscal 2021, we gained significant leverage from our partners, growing our partnership count by 85% worldwide and doubling our partner-sourced transactions. Our partnership with AWS is outstanding with both partner-influenced deals and transactions fulfilled through the AWS Marketplace growing significantly throughout the year. In fiscal 2021, ending ARR transacted through the AWS Marketplace grew 650% over the last year, and transaction volume grew over 300%. We are also seeing positive momentum from our new alliance with EY, which is already influencing multiple deals as their clients look for modern cloud-native security to enable their digital transformation plans. Adversaries do not draw much of a distinction between targeting data on an endpoint versus a cloud environment, and neither should organizations. We operate and protect one of the largest clouds, our security cloud, and we naturally incorporate all this experience into our products. We have been investing and innovating in this area for a number of years, and as a result are also driving momentum with customers. Building on the cloud workload module we announced last year, we recently expanded the capabilities to provide customers greater control and visibility from build to runtime. The Falcon Cloud Workload Protection module now has the ability to secure applications with the new Falcon container sensor that is uniquely designed to run as an unprivileged container in a pod. This brings broad support to container runtime security even in managed container environments such as AWS Fargate, where the customer cannot run a Kernel mode sensor. And one of the new capabilities in Falcon Horizon, our Cloud Security Posture Management solution, now provides end-to-end visibility to Azure AD. This is an important tool to quickly identify privileged permissions and configurations in Azure AD, which is notoriously difficult to administer and protect. Securing this threat vector can help limit attacks like SUNBURST. SUNBURST highlights the urgent need for organizations to modernize and transform their security. It should serve as a wake-up call to organizations that rely on legacy technology, because legacy tech is no match for today's adversaries. While it is challenging to measure specific pipeline effects from events like SUNBURST, we do not believe it was a significant contributor to our strong Q4 results. We do believe it has raised awareness at the board level and will serve as an additional tailwind to the industry over the long term. Furthermore, we are seeing a crisis of trust within the Microsoft customer base driven by SUNBURST and their more recent zero-day vulnerabilities in Exchange that have been reported to affect 250,000 customers worldwide. Customers are looking to derisk their security architecture by choosing an alternative vendor to Microsoft. Additionally, following the SUNBURST campaign, we have seen customers become increasingly concerned about protecting their cloud directories such as Azure AD. This is driving interest in identity protection technologies such as our zero trust offerings derived from our acquisition of Preempt. As I communicated to the Senate Intelligence Committee last month, SUNBURST further highlights the importance of a zero trust posture. Organizations need to incorporate new security protections focused on authentication in order to significantly reduce or prevent lateral movement and privilege escalation during a compromise. With Preempt Security, CrowdStrike is leading the charge in delivering a zero trust solution focused on endpoints and workloads. We believe combining workload security with identity protection is foundational for establishing true zero trust environments. Preempt expands CrowdStrike's zero trust capabilities and incorporates critical identity behavior data and analysis to help customers fortify their defenses and prevent identity-based attacks and insider threats. Our initial phase of integration of Preempt is on track and targeted for the end of Q1, and we are very encouraged by initial customer response engagement. We believe CrowdStrike has the opportunity to be a key beneficiary as companies look to transform and bolster their security defenses to stay ahead of adversary advancements. We believe our pole position in the market is further strengthened with Humio, a leading provider of high-performance cloud log management and observability technology that we acquired several weeks ago. Whether you're looking to secure traditional endpoints or cloud workloads, visibility and data are vital. Security efficacy is directly related to the quantity and quality of data collected and the ability to analyze it in real-time. As a pioneer in EDR, we have spent the last decade building upon rich endpoint data, by adding more network visibility and telemetry from all workloads regardless of whether they are on-premise, in the cloud, or deployed in containers. All the data we collect is stored in one place, the Threat Graph, where it's analyzed across our entire customer base, providing real-time protection and community immunity. By streaming the telemetry to the cloud with our proprietary smart filtering technology, we believe we have a fundamental time and performance advantage over most vendors. Today, Threat Graph processes over 5 trillion security-related events per week. With Humio, we are now redefining next-gen XDR through a platform that spans endpoints, identities, applications, the network edge, and the cloud. CrowdStrike is building a unified data layer to power the next generation of enterprise security and IT. Humio provides us the ability to expand our data leg and to solve more security and non-security use cases in real-time. I can't emphasize enough the power of index-free data ingestion when applied to security use cases, as it allows us to query the data in real-time as it's being ingested. Additionally, Humio's capabilities will be built into the fabric of our Falcon OverWatch complete and threat intelligence modules as well as our professional services offerings, providing CrowdStrike with a greater time advantage over the competition and the adversary. We believe that combining Humio's data ingestion and analysis engine with CrowdStrike’s agent technology, which provides OS and application process-level telemetry, introspection capabilities, and smart filtering, will create a powerful data platform with a new level of speed and efficiency. This can be transformative and provide a fundamental advantage that has the potential to disrupt the log management and observability markets. Humio builds on the momentum we have already achieved with Falcon Spotlight and Falcon Discover to grow our total addressable market by solving broader use cases outside of traditional security. On day one, Humio broadens our reach into the log management market. This market alone is forecasted to be $4.9 billion in 2023 based upon IDC estimates, and that does not include any potential adjacencies, such as the massive observability market. Looking forward, we have even greater plans for this new CrowdStrike business unit. While it will take some time and investment to deliver this powerful combination to the market, we believe it has the potential to open up massive new TAM for CrowdStrike, provide a runway for growth well into the future, and ultimately create another line of business on par with our security business. As you can probably tell, we are very excited about the future opportunities and prospects Humio brings to CrowdStrike and are thrilled to welcome the team on board. Before turning the call over to Burt, I would like to take this opportunity to specifically applaud the outstanding work of our professional services team, which resulted in a record quarter. These outstanding professionals are widely respected across the industry as one of two elite forensic expert teams in the market. Our team of defenders are laser-focused on helping organizations survive a breach and prepare for the next attack. After being engaged by SolarWinds to investigate the SUNBURST attack, this team rolled up their sleeves and worked tirelessly to protect customers in a dynamic threat environment. Shortly thereafter, our services team released the CrowdStrike Reporting Tool for Azure, a free community tool to help other organizations quickly and easily review excessive permissions in their Azure AD environments, determine configuration weaknesses, and mitigate risk. We share the intelligence and learnings we derive from our incident response work with our engineering, product intelligence, OverWatch, and complete teams, further enhancing our ability to protect our entire customer base. We believe this is another factor that provides CrowdStrike a unique advantage over the adversaries and the competition. In closing, as you can see from the exceptional results we reported today, our Falcon platform is increasingly recognized as a mainstream market choice for enterprises of all sizes around the world. We believe we are still in the early innings of our growth journey. CrowdStrike is positioned to continue our momentum and further expand our leadership as we build on our success, expand our platform capabilities, and extend our reach into new and adjacent markets. With that, I will turn the call over to Burt.

Thank you, George, and good afternoon, everyone. As a quick reminder, unless otherwise noted, all numbers except revenue mentioned during my remarks today are non-GAAP. We delivered another outstanding quarter and fiscal year. Our record performance highlights our continued exceptional execution and ability to rapidly scale our business, while at the same time maintaining best-in-class operations. In fiscal year 2021, we delivered 82% revenue growth, 7% operating margin, and $293 million in free cash flow or 33% of revenue. We are exiting the year with a record fourth quarter, which includes record subscription gross margin at the high end of our target model and record free cash flow of $97 million. In the fourth quarter, we saw broad-based demand and strength in multiple areas of the business with multiple large deals, none being outsized. Similar to last quarter, demand for our solutions was well balanced between new customers and expansion business and between large enterprises and mid-market and smaller accounts. We once again ended the quarter with a record pipeline, which we believe indicates a strong foundation for future growth. In the fourth quarter, we delivered 75% ARR growth year-over-year to reach $1.05 billion. Rapid new customer acquisition as well as expansion business within existing customers drove substantial growth in the quarter, once again resulting in another quarter of record net new ARR, which came in at $142.7 million. Excluding the acquired net new ARR reported in Q3, net new ARR grew approximately 30% quarter-over-quarter, which is an increase from the trend we saw last year. We continue to be very pleased with the success of our land-and-expand strategy. Our gross retention rate remains high and best in class at 98% at year-end. Our dollar-based net retention rate exceeded the 120% benchmark throughout the year. Net retention increased to 125% as of the end of FY '21, up from 124% at the end of FY '20. For the interim FY '21 quarters, net retention was 128% in Q3, 131% in Q2, and 126% in Q1. Moving to the P&L. Total revenue grew 74% over Q4 of last year to reach $264.9 million. Subscription revenue grew 77% over Q4 of last year to reach $244.7 million. Professional service revenue was $20.3 million, setting a new record for the second consecutive quarter and representing 49% year-over-year growth. In addition to providing valuable breach remediation and forensic services to organizations around the world, our professional services are a strong lead generation engine for the Falcon platform. Among organizations who first became a professional services customer after February 1, 2019, the average subscription ARR derived for every $1 spent on initial incident response or proactive service engagement grew to $5.51. This is up significantly when compared to $3.73 reported last year. In terms of our geographic performance in Q4, we continue to see strong growth in the U.S. as well as international markets. Approximately 71% of fourth quarter revenue was derived from customers in the U.S.; 14% from Europe, Middle East, and Africa markets; 10% from Asia Pacific; and 5% from other markets. Growing our international business is a key component of our plan to sustain growth over the long term. We were pleased to see our investments in these markets deliver in fiscal 2021, with EMEA posting 84% growth and APAC revenue more than doubling at 113% over last year. We remain focused on building a long-term business with sustainable growth and compelling margins. In Q4, we recognized significant operating leverage in our SaaS model and the benefits of scale even as we increased investments in our global reach and cloud platform. Fourth quarter non-GAAP gross margin improved to a record 77%, a 380 basis point increase from Q4 of last year. Our non-GAAP subscription gross margin increased to 80% compared with 77% in Q4 of last year. Subscription gross margin reached the high end of our target range, reinforcing the business advantage of our strategy. Total non-GAAP operating expenses in the fourth quarter were $170.3 million or 64% of revenue versus $118.4 million last year or 78% of revenue. We continued investing aggressively in our business during the quarter. Scaling our business efficiently remains a top priority. Fourth quarter non-GAAP operating income was a record $34.4 million, and operating margin improved 17 percentage points over Q4 of last year to reach 13%. Q4 represents our ninth consecutive quarter of improving non-GAAP operating performance on both a dollar and margin basis. Non-GAAP net income in Q4 was $31.2 million or $0.13 on a diluted per share basis. We ended the fourth quarter with a strong balance sheet. Cash and cash equivalents totaled approximately $1.9 billion. Our cash balance reflects approximately $740 million in net proceeds from the $750 million senior unsecured notes issued in January. We also expanded our revolving credit facility to $750 million, providing CrowdStrike access to additional capital without diluting our shareholders. Cash flow from operations in the fourth quarter grew to $114.5 million, and free cash flow increased to $97.4 million, setting new records for both measures. Before we move to our guidance, I would like to make a few modeling notes. With respect to net new ARR, as is typical for software companies and similar to last year, we expect to see seasonality as we move from Q4 to Q1. Our guidance includes the impact of our recent acquisition of Humio, which closed on March 5, 2021. We currently expect the acquired net new ARR contribution from Humio to be approximately $2 million in the first quarter. Moving to our guidance. We continue to remain optimistic about the demand for our offerings, record pipeline, and the powerful secular trends fueling our growth. For the first quarter of FY '22, we expect total revenue to be in the range of $287.8 million to $292.1 million, reflecting a year-over-year growth rate of 62% to 64%, with subscription revenue being the dominant driver of growth. We expect non-GAAP income from operations to be in the range of $18.5 million to $21.7 million and non-GAAP net income to be in the range of $10.8 million to $13.9 million. We expect diluted non-GAAP net income per share to be in the range of $0.05 to $0.06, utilizing a weighted average share count of 238 million shares. For the full fiscal year 2022, we currently expect total revenue to be in the range of $1,310.4 million to $1,320.7 million, reflecting a growth rate of 50% to 51% over the prior fiscal year. Non-GAAP income from operations is expected to be between $94.8 million and $102.5 million. We expect fiscal 2022 non-GAAP net income to be between $63.8 million and $71.4 million. Utilizing weighted average shares used in computing diluted non-GAAP net income per share of 240 million, we expect non-GAAP net income per share to be in the range of $0.27 to $0.30. The midpoint of our non-GAAP EPS guidance includes approximately $0.08 per share in added operating expense for Humio and $0.09 per share in added interest expense for the debt we previously discussed. George and I will now take your questions.

A lot to sort of run through, but George, maybe I'll zero in on the public cloud and Falcon Horizon. The question is, as customers take a look at Falcon Horizon and your other security tools for the public cloud, can you just talk about how much you're able to cross-sell those into your existing customer base, and maybe how your conversations, understanding it's early, with new customers are trending around Falcon Horizon and the other public cloud security tools?

Sure. Thanks, Saket. Yes, obviously if you look at our model, we've done a great job of being able to cross-sell our technologies. And when you look at Horizon, it's a perfect opportunity for us to cross-sell into those cloud workloads, which as we've pointed out, are increasingly becoming more and more important for all the companies as they digitally transform. We've gotten tremendous feedback so far. Obviously still early days on Horizon, but again that's something that we had built for ourselves over many years. So while it's new to the market, it's been a proven technology. And it's been very well received so far by our customers, and we've gotten some nice traction with it. So we also pointed out some additional updates in the Linux modules where we can run in a Fargate environment as an example. So overall, very strong offering in the cloud workload runtime protection and visibility space, and we continue to build that out and we'll continue to build that out over time.

Saket, great question, great to hear your voice. So when we think about ARR per customer, you can see that there's a mix shift that is happening. I mean that's evidenced by the accelerated growth we saw in net new logos, and that was really driven by the mid-market and SMB space. And as a reminder, when you think about our ARR per customer across the board, accounts are expanding, and that's evidenced by our 125% net retention rate. And then finally when you think about the overall success of our net new logos and the velocity that we're seeing with respect to our net new logos, you're seeing that we're able to sell to customers large and small. This is very hard to do. And getting great satisfaction from our customers across the board is something that we absolutely strive to. So there are a lot of different dynamics that go into that equation. You've got the velocity from the smaller mid-market folks in terms of the volume of new logos, but you're also seeing us still be able to land those bigger deals. So excited about the opportunity and certainly excited about our expansion opportunities.

Appreciate the disclosure on the sales through AWS, but I'm just wondering if you can, either quantitatively or qualitatively, give us a sense of what percent of the net new ARR in the quarter or even the year actually came from protecting cloud workloads? Just so we can get a sense of that use case for endpoint versus traditional ones.

It's Burt. That's a very good question. First of all, we believe it was a strong quarter through AWS marketplace, which is growing significantly. We are likely one of the most active ISVs on the marketplace. The important point is that we are experiencing strong demand for our new cloud modules. George mentioned the number of containers we secure, and it’s quite substantial. When you consider that over 20% of the servers we protect are in the cloud, it starts to paint a clear picture. The encouraging news is that we still have significant opportunities in protecting cloud workloads, and we are well ahead of our competitors in the marketplace. The marketplace serves as an excellent platform for conducting business with both large and small customers.

Well, I think you have to look at the outcome. The outcome is to find advanced threats. And you don't want to create just bigger needle stacks, right? You want to be able to find those nuggets that are out there. You want to leverage the vast artificial intelligence technologies that we've built. And we've been, even prior to Humio, built a lot of technology, which is XDR-like in terms of looking at different network flows and connectivities. So we feel really good about the technology. We've looked at just about everything else that's out there, and we were just blown away about how fast the technology works, index-free ingestion and what it's going to bring. And as I pointed out in the script, it's going to help in multiple areas across the board that I pointed out, even the CrowdStrike Store to pull additional integrations in. So I think it's a real foundational technology for us. You'll hear more about it as we solidify the integration plans, but very excited.

George, maybe I'll start with you just with respect to Humio. You did talk a lot about the revenue opportunity associated with Humio. I'm wondering if you can expand upon the cost/benefit opportunities. And to the extent we can think about CrowdStrike re-platforming the back end on Humio, and if that's a path that you're thinking about as it relates to Capex, gross margin and just the way you're thinking about your own back end infrastructure? And then I have a follow-up for Burt, if I may.

Well certainly, it will be a technology that will be used throughout the CrowdStrike platform. You could see we're at the high end of our range for gross margins. So I think it could be a small impact, but I'll let Burt comment on anything further than that. But overall it's going to be foundational technology for us. Its ability to compress data is without actually having to rehydrate it. So I mean you can search all this information even in a very compressed format, which is very unique in the industry. I think it's certainly going to help across the board, and we'll know more when we get into it.

Yes, it's a good question, Fatima. I think that to George's point, I mean we're already in a good spot with respect to our subscription gross margin. There's going to be a little help with respect to Humio. And so we do anticipate an opportunity for increased margin expansion due to that, but also due to other things like more modules that we're going to add to our platform and more optimization. Sure. First, let me comment on seasonality. So I think that we typically see seasonality in our business in ARR. And we saw last year, or similar to last year, we saw a dip from Q4 to Q1. And I think that's going to be the case again. The good news is again, there were no outsized deals in the quarter. We had a lot of large deals. And so that was beneficial for us when we think about our ability to continue to land many large deals. And some of the things, some of the remarks that George made with respect to ARR going into Q1, that really relates to some of the subscription start dates. So we would still land them in Q4, but the subscription start date would take place in the following quarter, and that happens in every quarter.

George, I was wondering maybe if you could touch on Humio again a little bit. I guess could they typically see competitively an environment, are they similar to Scalar? And/or is this maybe taking their technology and repurposing in a completely different direction than what they were typically, or I guess, strategically aligned for?

Well, I think you've got the normal players in the SIM log management space that are out there that they would consider competitors. With respect to their technology, why it's differentiated, I really did talk about the index-free ingestion, the fact that there's a lot of things that they can do in memory, which is just it's amazingly how efficient the technology is. And when we put it through its paces and hooked it up to our back end, it handled all the data that we threw at it. So when you look at its flexible architecture and data models, it's different than others where you can operate it from the cloud. You're going to have data in different places, data sovereignty. So I think it gives us a lot of flexibility. And then when you combine it with our agent, our agent is more than just a forwarder of data. It's a very intelligent agent that does introspection, the system call analysis. Provides information, observability information that can be extremely valuable to IT departments, again outside of security. So when you combine our agent, our smart filtering with their ability at scale to ingest data in real-time, we really think it's a winning combination. I think it's across the board. We're seeing it. We're hearing it from CISOs. We're hearing it from CIOs. Boards are concerned. When you look at the latest breaches around SUNBURST and you look at the Exchange zero-day vulnerabilities, just about every incident response we do involves Microsoft technology. So obviously we're focused on being able to protect it, but there's a lot of customers that are looking at this and saying, 'Hey, we need to derisk our environment, and we need another provider.' The proverbial, 'I don't want the fox guarding the henhouse.' And I think just over the last couple of months has really highlighted the risk in using sort of a monoculture for both security and operating systems.

Congrats on the consistently strong execution, which is not easy in this environment. So I wanted to start with a question on a win you mentioned in your prepared remarks at Salesforce. Was the incumbent vendor that you displaced a legacy or a next-gen provider? And why did they select CrowdStrike?

So thanks, Andy. It was a next-gen vendor. One has been making a lot of noise in the investment community. And they chose us because of the scalable platform, low impact, and efficacy. And I think that's across the board, that's what we're seeing, whether it's a next-gen vendor or whether it's an incumbent vendor, is the ease of use, time to value is incredible. We've done some massive financial services companies, and it's been the smoothest rollout that they've seen. It just works, and the amount of visibility that we have is it's unbelievable compared to our competitors. So a lot of things may sound and seem the same, but when you actually get into the technology and platform, this was built to scale. And we've pioneered a lot of these technologies over time. Others have tried to copy us, but a bad copy is still a copy. We still are taking share. Just how the sales tactics work and how the renewals work, it's a really great opportunity for us to continue to take share from Symantec. I think that sort of play is again we'll continue with McAfee in the enterprise business. Whenever you see a disruption between owners, and particularly if it's a financial sponsor, we believe and I think that's been proven over time, you're not going to see a lot of innovation on the R&D side. And again, you're starting with an architecture that's just legacy. So there's a lot of work that would have to be done, and we think it's a great opportunity for us to continue to take share in that area. Yes. It's George. Thanks for the question. So we don't normally give the stats out, and candidly, it's difficult to give you something that's consistent. You look at an incident response engagement, it could be a week for a massive enterprise deal. You look at some of the other big financial services, it could be 6 months, and everything in between. So I think what's consistent is that when we get into a proof of value, we're winning it. People are seeing the ease of use. It's super easy to deploy. So we can get it out there very quickly, and that does accelerate the sales cycle. I talked about the threat environment being the worst that I've ever seen. And certainly the heightened awareness around that from Boards wanting to make sure they had things locked down. So overall, it's very variable, but I think we've done a good job of consistently proving value to our customers, consolidating agents, proving a real ROI.

On your comment about hiring enough salespeople to go after that record pipeline going into the year, so like I've been talking about for a while, Alex, we're constantly looking at our opportunities. And we're going to invest aggressively when we see them. We clearly see them now. Obviously, we're really happy with our Magic Number at 1.3. But I think we have some room there to continue to aggressively invest in the sales and marketing efforts because we clearly see the opportunity in front of us.

Thanks, Joel. And I'll start with the latter one. Obviously, we continue to build out the system integrator partnerships. So you'll see more over time. When you look specifically at EY, they've been great partners for us. The P&G deal that I called out, great relationships there. And as you very well know, they're operating at the Board level. They've got deep and long relationships. And as they're helping companies digitally transform, as I've said many times, you need to go through a security transformation as well. And they're hand in glove. So we're very excited about that relationship. Obviously, it's a worldwide relationship. And I think we're only in the beginning of that. And as that begins to ramp across the globe, we're excited about the potential opportunities that brings.

I wanted to touch a little bit on that last answer, George. I guess relative to the international opportunity, and maybe the GSIs could be a great accelerator. And while growth has paced I guess with overall growth, if you think about mix longer term, is there any governing factor or gating factor relative to getting to kind of a 50-50? I look historically at companies in this space, they had revenue half domestic, half international. Could you see that mix longer term? Or is there anything that might prevent that?

I can certainly see that mix in the long term. We continue to expand our presence outside of North America each quarter. We're also focused on building partnerships, which are crucial not just everywhere but particularly in many geographic areas, as that's often the only way to enter the market. We will keep working on this with partners like EY and AWS, who have a broad global reach. We have several other international partners that are very strategic for us. Currently, we are witnessing a strong demand from customers for our partners, as they express interest in using CrowdStrike as their main system.

Congratulations on the quarter. So I think in the prepared remarks, you mentioned that you did not see SolarWinds as a material driver to ARR in Q4. But I do think that everyone probably agrees that there should be a tailwind of growth in the EDR space from the breach in 2021. So I guess how should we think about that this year? And then beyond just EDR, what modules do you see the SolarWinds breach driving the most incremental demand for?

Sure. So we certainly see it as a sustainable tailwind. When you look at what happened, I mean this particular event was probably the most significant I've seen in almost 30 years in my security career. So that's going to drive a long-term trend in terms of customers that want better technologies that want greater visibility that drives EDR and XDR. So that's all good, and we see that. When you look at the modules that we think could really benefit from something like our zero trust and really our Preempt technology, we talked about identity being incredibly important. Obviously, you have EDR and there's a lot of technologies that find bad things. But identity is a big element of protecting organizations, both on-prem and in the cloud. And I couldn't think of a more well-timed acquisition than Preempt because of what's happening right now. The vulnerability issue is largely influenced by the recent vulnerabilities from Microsoft. Many organizations are struggling to address all these vulnerabilities, determining their status and whether the patches are effective. Our VM Spotlight product has significantly advanced and is very positively received by our customers, showing strong demand.

Thank you. And that concludes our Q&A session. I would now like to turn the call back over to George Kurtz for any closing remarks.

Operator, let's go ahead and conclude the call. And I'd like to thank everybody for joining us today. And we look forward to seeing you virtually at our upcoming events. Thank you.

Thank you. Ladies and gentlemen, this concludes today's conference call. Thank you for participating. You may now disconnect.