CrowdStrike Holdings, Inc. Q4 FY2022 Earnings Call

Thank you for standing by, and welcome to the CrowdStrike Fourth Quarter and Fiscal Year 2022 Results Conference Call. At this time, all participants are in a listen-only mode. After the speaker’s presentation, there will be a question-and-answer session. As a reminder, today's call is being recorded. I would now like to turn the conference to your host, Ms. Maria Riley, Vice President of Investor Relations. Please go ahead, ma'am.

Good afternoon, and thank you for your participation today. With me on the call are George Kurtz, President and Chief Executive Officer and Co-Founder of CrowdStrike; and Burt Podbere, Chief Financial Officer. Before we get started, I would like to note that certain statements made during this conference call that are not historical facts, including those regarding our future plans, objectives, growth and expected performance, including our outlook for the first quarter and fiscal year 2023, are forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. These forward-looking statements represent our outlook only as of the date of this call. While we believe any forward-looking statements we make are reasonable, actual results could differ materially because the statements are based on current expectations and are subject to risks and uncertainties. We do not undertake and expressly disclaim any obligation to update or alter our forward-looking statements, whether as a result of new information, future events or otherwise. Further information on these and other factors that could affect the company's financial results is included in the filings we make with the SEC from time to time, including the section titled Risk Factors in the company's quarterly and annual reports. Additionally, unless otherwise stated, excluding revenue, all financial measures discussed on this call will be non-GAAP. A discussion of why we use non-GAAP financial measures and a reconciliation schedule showing GAAP versus non-GAAP results is currently available in our press release, which may be found on our Investor Relations website. With that, I will now turn the call over to George to begin.

Thank you, Maria, and thank you all for joining us. Before we get started, I would like to acknowledge the war in Ukraine. Our deepest thoughts and support are with all of those impacted by this tragedy, as we are reminded of the terrible human toll that military conflict brings. We are hoping for peace in Ukraine and the broader region. Turning to our financial results, I will start today's call by summarizing four key points. First, CrowdStrike delivered an exceptional fourth quarter that far exceeded our expectations. This quarter's results are headlined by an acceleration in net new ARR growth for the second consecutive quarter to reach $217 million. Record 19% non-GAAP operating margin and record free cash flow of $127 million, or approximately $197 million when excluding the IP transfer tax payment related to the acquisition of Humio. Second, our success outside of traditional endpoint security is now punctuated by both scale and hyper growth as we surpassed the $150 million ARR milestone, while growing in excess of 100% year-over-year for our IT hygiene, vulnerability management, identity protection and log management modules collectively. Third, we exited the year with tremendous momentum for ARR derived from Falcon deployments in the public cloud, where ARR eclipsed the $100 million milestone and grew 20% quarter-on-quarter as we lead the effort to transform security for the public cloud. And fourth, as you can see from our outstanding results, our growth engine is executing on all cylinders, which includes our thriving partner ecosystem. One partner I would like to highlight is AWS. In fiscal 2022, ending ARR transacted through the AWS marketplace grew more than 100% year-over-year. Furthermore, CrowdStrike ended the year as one of the top ISV partners by transaction volume on the AWS Marketplace, with partner source deals growing strongly throughout the year. We believe this speaks to the success of our partnership with the world's largest public cloud provider and highlights the value we can provide to both partners and customers alike. Now, let's discuss our results in more detail. Net new ARR growth accelerated for the second quarter in a row to reach $217 million, and for the first time in company history, surpassed the $200 million milestone. Demand was driven by expansion in the core endpoint market as well as a record quarter for cloud, identity protection and Humio. Growth was also fueled by rapid customer expansion among companies of all sizes, from large enterprises to small businesses. We added over 1,600 subscription customers for the third consecutive quarter, bringing the total number of customers that rely on CrowdStrike to protect their business to 16,325, a 65% increase year-over-year. Demand in the quarter was broad-based and new wins included sizable deals with multiple top global financial services organizations, a record number of new Falcon Complete customers, including Fortune 500 and multinational companies across the technology, media, telecommunications, education and government sectors, among many others. Record lands for our Cloud Workload Protection module and Horizon, our agentless cloud security posture management module, including wins at a large US insurance provider, a Fortune 250 software company, and a Fortune 50 energy company. We achieved another record quarter for our identity protection modules, which significantly differentiates Falcon in the field and continue to lead to higher win rates. Key wins included a global leader in customer experience management, a global financial services company, public sector agencies and multiple wins in the Fortune 500. Q4 was also another record quarter for Humio, with wins across multiple verticals such as retail, financial services, manufacturing, technology and transportation. Our success with Humio this quarter included securing a seven-figure deal with a financial services customer, whose existing log management solutions have become budget prohibitive given the exponential growth of data being captured by their DevOps team. And lastly, we are thrilled to announce that Cloudflare, a trusted CrowdStrike technology partner, on a mission to build a better Internet, became a new customer in the quarter, adopting both Falcon Complete and Horizon. We look forward to deepening our natural partnership and identifying even more opportunities to work together. Among these many fantastic recent wins, let me take a moment to share some additional details about the expansion with a Fortune 50 financial institution that I think exemplifies our technology advantage in action and why scalability and trust matter. Mid-year, this particular customer had chosen CrowdStrike to protect its traditional endpoints and displace the legacy incumbent. At approximately the same time, for relationship reasons, this organization had chosen a next-gen competitor to protect a server environment. But after six months, they were still struggling to deploy the other vendor's products in its server environment. They were plagued by forced reboots, significant memory usage and unmet product roadmap promises. While they struggled to get their service protected, Falcon was fully deployed across their hundreds of thousands of endpoints in a matter of weeks without requiring a reboot. Side-by-side, we showcased our differentiation on a broad scale and in a real production environment. This customer was able to see the rich telemetry Falcon provided in real time and the power of our security cloud, all resulting in better efficacy. This customer terminated the other vendor's contract and is now deploying Falcon to protect their services globally. This is just one of many customer stories that demonstrate the fundamental reason why we have earned our leadership with increased win rates and record displacement, efficacy, scalability, manageability, real-time versus batch mode and importantly, our ability to consolidate agents while solving a growing number of real-world business problems. Q4 was also a record quarter for our partner ecosystem. In total, for fiscal year 2022, we gained significant leverage from our partner ecosystem. During the year, partner stores ending ARR grew 83% year-over-year with our MSSP business growing more than 200%. Our architecture is fundamentally different from any other vendor we see in the market. While our technology advantages are vast, it all starts with how we design the platform from the beginning with smart filtering capabilities on the agent, which gives us the ability to dynamically adjust our aperture to stream rich telemetry to the cloud in real time. We believe these foundational architectural elements have created a high barrier to entry, while competitors operate in batch mode and struggle with storing data on the endpoint. We continue to extend our technology leadership across the entire platform. As we announced yesterday, Humio sets the standard for streaming index-free data ingestion and reached a new benchmark of over 1 petabyte of data ingestion per day. CrowdStrike will continue to leverage the speed and scale of the Humio engine to extend our position in the XDR space. You have heard me say that CrowdStrike is more than just an endpoint provider. The success of our platform strategy is reflected in the hyper growth we are deriving from many of our modules, as well as our strong module adoption metrics, which have consistently increased quarter-after-quarter. In Q4, subscription customers with four or more, five or more and six or more modules increased to 69%, 57% and 34%, respectively. As both new and existing customers increasingly trust Falcon to solve security challenges outside of core endpoint, we have multiple product areas contributing significantly to ARR growth. We are seeing tremendous growth from our emerging products that solve use cases outside of traditional endpoint protection. This includes our discovery, spotlight, and identity protection modules as well as Humio. ARR for this group grew more than 100% over last year, contributing $157 million to FY 2022 ending ARR. These modules are significant growth drivers for our overall business, with ending ARR for these modules growing 30% quarter-over-quarter and representing approximately 17% of our Q4 net new ARR collectively. Our success to date in these adjacent areas speaks to the extensibility of our platform outside of core next-gen AV and EDR, the data we collect and our ability to make meaningful inroads in accessing new TAMs. Changing from a module perspective to a deployment environment view, our public cloud business surpassed the $100 million milestone in Q4 to reach $106 million in ending ARR. This milestone encompasses our modules deployed in the public cloud, including our cloud runtime protection and CSPM modules. We have seen tremendous momentum in this business as we exit the year. Ending ARR growth for our business, when viewed through a cloud deployment lens, outpaced the growth of our overall business, growing 20% quarter-over-quarter and represented approximately 8% of our Q4 net new ARR. Cloud workloads are increasingly targeted by adversaries and are largely under-protected, representing a significant growth opportunity in FY 2023 and beyond. Moving to the market dynamics, there are powerful tailwinds driving our markets, and we do not currently see any indication that these trends will abate anytime soon. The adversaries are certainly not slowing down, actually quite the opposite. As we've published in our most recent global threat report, 2021 provided no rest for the weary, with an 82% increase in ransomware-related data leaks. As the nation-state events of the past few weeks have demonstrated, cyberspace is center stage, joining land, air, sea, and space as the fifth dimension of warfare. There are no borders in cyberspace and the cyber blast radius has no bounds, putting every organization and government at risk, as attacks can extend far beyond their intended targets as we saw with NotPetya. Last year, 62% of attacks we observed were malware-less, with most of these involving compromised identities. We expect that both e-criminals and nation-state adversaries alike will continue to exploit vulnerabilities across endpoints and cloud environments and ramp up tradecraft around the use of identity and stolen credentials to bypass legacy defenses. In addition to advancing adversary tactics in a heightened threat environment, organizations must contend with the ongoing security skills gap, which we have seen drive increased demand for our Falcon complete offering. To help companies combat the increasing threat of compromised identity, last week we launched Falcon Identity Threat Protection Complete, the industry's first managed identity solution and a new way to help customers scale their security teams to protect against sophisticated attacks and stop breaches. Additionally, the attack surface is expanding rapidly and the digital supply chain is ever-growing as organizations embrace digital transformation and move more workloads to the cloud. We believe our TAM continues to expand, and all of these factors will lead to sustained market growth for the foreseeable future. We also continue to see a very favorable competitive environment and multi-year runway to displacing legacy endpoint vendors, which is bolstering our growth as companies look to transform their security stack. Before I hand it over to Burt, I will provide some final thoughts on the big picture of what we see unfolding. As I shared with you in my opening comments, in addition to our growing leadership in the EPP market, we now have multiple vectors driving our growth and scale that are outside what some might consider our core. We have been very deliberate and purposeful in choosing to enter markets. Enterprise risk is coalescing around three critical areas: endpoints or workloads, identity and data, all three areas we have been investing, innovating and see as core to CrowdStrike's mission. These areas represent the biggest risk for organizations, and customers are increasingly looking to the Falcon platform to solve their most pressing security needs, as legacy products in these markets are brittle, complicated and struggle to deliver value to the customer. Given our footprint on the endpoint or workload, the data we collect and the advantages of our architecture and Security Cloud afford, we see great alignment and great opportunity in our approach to solving a multitude of problems for customers, as we innovate and disrupt in these emergent categories, such as log management, SIM and observability, which is reflected in our growing strength in these newer markets as well as endpoint protection. In closing, I would like to thank every CrowdStriker around the world for their tireless dedication to protecting our customers, which ultimately translates to the financial success of our company. I'm humbled and inspired by the commitment level of execution and hard work CrowdStrikers exemplify on a daily basis. They are the everyday champions that make results like the fourth quarter possible. Thank you. With that, I will turn the call over to Burt to discuss our financial results in more detail.

Thank you, George, and good afternoon, everyone. As a quick reminder, unless otherwise noted, all numbers, except revenue mentioned during my remarks today, are non-GAAP. Before we get started, I will note that the results we are reporting today include the acquisition of SecureCircle, which was de minimis to both revenue and ARR, contributing less than $1 million in Q4 ARR. The acquisition of SecureCircle resulted in the addition of 26 net new customers in the quarter. We once again delivered exceptional results to top off a phenomenal year. We finished the year with over $1.73 billion in ending ARR. In fiscal year 2022, we delivered 65% ARR growth, 66% total revenue growth, 215% operating income growth, 157% net income growth and record free cash flow of $442 million, or 30% of revenue. This is the second year in a row CrowdStrike delivered 30% or better free cash flow margin, which is in line with our target model. Importantly, we accomplished these results while also aggressively investing in the business and expanding our remarkable team by 46%. We believe our strong performance highlights that in addition to our clear and defined mission and our cloud-native architecture, our business fundamentals possess the hallmark characteristics of SaaS leaders that have transformed and come to dominate their respective markets, including rapid growth at an ever-increasing scale, best-in-class gross retention rates, enduring market dynamics and a growing leadership position, as well as a highly leverageable model with the ability to deliver phenomenal free cash flow. As we continue to capitalize on our unique market position, I firmly believe CrowdStrike's best days are ahead. Now moving to the fourth quarter. Net new ARR growth accelerated for the second consecutive quarter. Demand in the quarter was broad-based, fueled by strength in multiple areas of the business and reflects continued strong customer adoption of our core products, growing success with our newer product initiatives including identity protection, log management and cloud, record expansion business and continued rapid new customer acquisition. Net new ARR grew 52% to reach a new all-time high of $216.9 million. The composition of net new ARR was very well balanced across deal size, even though two large accounts contributed approximately eight figures each to net new ARR this quarter. We believe this represents our continued leadership in the enterprise segment, expanding deal sizes and the pricing leverage attributable to our distinct product differentiation. Our dollar-based net retention rate was once again above our benchmark. We continue to be very pleased with the success of our land and expand strategy. Our gross retention rate remains high and best-in-class at 98.1% at year-end. Our dollar-based net retention rate was above the 120% benchmark throughout the year. Net retention was 123.9% as of the end of FY 2022, which is essentially a similar level to last year but on a much bigger base. For the interim FY 2022 quarters, net retention was 121.8% in Q3, 120.4% in Q2 and 123.4% in Q1. Our professional services organization is a strong lead generation engine for the Falcon platform. Among organizations who first became a customer after February 1, 2020, and for each $1 spent by those customers on their initial engagement for our incident response or proactive services, as of January 31, 2022, we derived an average of $5.71 in ARR for those subscription contracts, up from $5.51 reported last year. Moving to the P&L, total revenue grew 63% over Q4 of last year to reach $431.0 million. Subscription revenue grew 66% over Q4 last year to reach $405.4 million. Professional services revenue was $25.6 million, setting a new record for the sixth consecutive quarter, representing 26% year-over-year growth. Fourth quarter total and subscription non-GAAP gross margins remained relatively consistent at 77% and 79%, respectively. We continue to be pleased with our strong subscription gross margin performance as we continue to invest for growing demand. Total non-GAAP operating expenses in the fourth quarter were approximately $250.8 million or 58% of revenue versus $170.3 million last year or 64% of revenue. In Q4, we ended with a magic number of 1.3 as we continue to ramp investments to capture more of the market opportunity at hand and expand globally. Our continued exceptional unit economics speaks to the efficiency of our go-to-market engine and our ability to rapidly onboard and support customers of all sizes. We also believe that a magic number of 1.3 continues to indicate that we should increase investments even more given the massive market opportunity. The leverage we generated this year demonstrates the efficiency in our model and enables us to step up investments in new technologies, new international geographies and other marketing programs as well as continue to hire aggressively. We believe the investments we are making today will lead to sustained growth over the long-term and maintain our pole position as the trusted security partner of choice. Fourth quarter non-GAAP operating income more than doubled, growing 134% year-over-year to reach a record $80.4 million, and operating margin improved approximately six percentage points over Q4 of last year to reach 19%. Non-GAAP net income attributable to CrowdStrike in Q4 also more than doubled, growing to a record $70.4 million or $0.30 on a diluted per share basis. Our weighted average common shares used to calculate fourth quarter non-GAAP EPS attributable to CrowdStrike was on a diluted basis and totaled approximately 238 million shares. We ended the fourth quarter with a strong balance sheet. Cash and cash equivalents increased to approximately $2 billion and reflects the $61 million cash payment, net of cash acquired for the acquisition of SecureCircle and the approximately $70 million cash payment for IP transfer tax related to the acquisition of Humio. Cash flow from operations in the fourth quarter was a record $159.7 million, and free cash flow grew to a new record of $127.3 million or 30% of revenue. Excluding the approximately $70 million IP transfer tax payment related to the acquisition of Humio, free cash flow would have been approximately $197 million or 46% of revenue for Q4 and $512 million or 35% of revenue for the fiscal year. Before we move to guidance, I'd like to cover a few modeling notes. First, I would like to note that we have entered the quarter with the strongest pipeline ever for Q1. While we do not specifically guide to ending or net new ARR, given the incredible performance of Q4, which included two accounts that contributed approximately eight figures each to net new ARR, I’d like to provide a framework for how to think about net new ARR for Q1. As you may recall, last year, we significantly overperformed in Q1, and it was not indicative of typical seasonality. Consistent with years prior to that, 11% to 13% sequential seasonality was more typical for net new ARR, which we would expect this Q1 after adjusting for the two large contributors in Q4, and this is implied in our revenue guidance. Second, as we continue to invest for future growth and scale and invest to remain ahead of any potential supply chain delays, we expect capital expenditures as a percent of revenue to be between 10% and 12% in fiscal year 2023. We anticipate these investments will be more weighted to the first half of the year than the second. At the same time, we are planning to maintain free cash flow margin at 30% of revenue for the year, weighted more towards the second half. Moving to our guidance, we are starting the New Year with a robust pipeline, and we remain optimistic about the demand for our offerings and the powerful secular trends fueling our growth. For the first quarter of FY 2023, we expect total revenue to be in the range of $458.9 million to $465.4 million, reflecting a year-over-year growth rate of 52% to 54%, with subscription revenue being the dominant driver of growth. We expect non-GAAP income from operations to be in the range of $61.7 million to $66.4 million, and non-GAAP net income attributable to CrowdStrike to be in the range of $52 million to $56.7 million. We expect diluted non-GAAP net income per share attributable to CrowdStrike to be in the range of $0.22 to $0.24, utilizing a weighted average share count of 240 million shares on a diluted basis. For the full fiscal year 2023, we currently expect total revenue to be in the range of $2,133.1 million to $2,163.2 million, reflecting a growth rate of 47% to 49% over the prior fiscal year. Non-GAAP income from operations is expected to be between $289.2 million and $311.8 million. We expect fiscal 2023 non-GAAP net income attributable to CrowdStrike to be between $251.1 million and $273.6 million. Utilizing 243 million weighted average shares on a diluted basis, we expect non-GAAP net income per share attributable to CrowdStrike to be in the range of $1.03 to $1.13. We look forward to sharing additional details about our business on our next investor webinar scheduled for April 7. George and I will now take your questions.

Thank you. Our first question comes from Saket Kalia of Barclays. Your line is open.

Okay. Great. Hey, guys. Thanks for taking my question here. Maybe for you, George. First of all, a lot of nice helpful disclosure on some of the non-endpoint products. Maybe if we could just zero in on one? I was wondering if you could talk a little bit more about Preempt; it feels like it's been a module that's been gaining traction over the last couple of quarters. Can you just talk a little bit about how you feel it differentiates from your competition? And also, how it might contribute to deal sizes?

Sure. Thanks, Saket. When you look at our Identity Zero Trust module, which came from the Preempt acquisition, it has now been integrated into the platform, which makes it seamless. It's obviously been a standout for us because, when we think about the threat environment, we have seen many of these breaches abuse identity, abuse directory services, and there's a massive compliance issue in just understanding all of these accounts, where they live and who has access to privileged accounts. So, this is a highly differentiated module. Our competitors really don't have anything that's close to this. The way it works, the AI algorithms that we have built around it that we got from the Preempt team, and the expertise that we have in this area. So, it certainly is a big way for us to help differentiate the platform among many others. And it has been an absolute standout for us. I think we've taken the time and effort to do the integration right, which is an important part of the way CrowdStrike looks at its platform.

Thank you. Our next question comes from Sterling Auty of JPMorgan. Your line is open.

Yes, thanks. Hi guys. I wanted to zero in on the cloud security opportunity that you talked about. What I'm curious about is when you go in and sell, what does that security stack look like in the cloud? And what percentage of the wallet do you think you can capture versus the kind of capture rate that you get on-prem with endpoint?

Sure. Thanks, Sterling. When we look at the cloud business and I think we put some good disclosures around our penetration there. To us, it's still a greenfield opportunity. The beauty of our platform is that we cover two very important areas; one is runtime protection; and the second one is cloud security posture management. There are companies that have one or the other. We actually have both, and they are integrated across our Falcon control plane, which makes it very effective. We also have the ability to identify indicators of attack, which is much different than just misconfigurations. So, when you combine those together and you think about containers and Kubernetes clusters, the configuration, whether they have vulnerabilities, whether it's traditional virtualization and everything in between. We're covering a big part of the overall security stack of what people are looking for in that runtime protection visibility. So, we still feel it's in the early innings. We've got great technology in both the agent side, if you will, and some of it is agentless with cloud security posture management. But we make it very easy and effective for the DevOps teams to – that's who we're selling to in these areas and we've gotten pretty good at it, to be able to implement this as part of the CICD pipeline.

Thank you. Our next question comes from Andrew Nowinski of Wells Fargo. Your line is open.

Thank you. Congrats on another amazing quarter, guys. So, in our last reseller survey, CrowdStrike had the top results. I'm wondering if you're seeing any sort of inflection with resellers and channel partners. And similarly, I'm wondering if that CISA deal last quarter has maybe created an inflection within the US federal market?

Sure. So, thanks. When you think about our partner opportunities and CrowdStrike, first, we are a partner-first company. That's the way I built it. We haven't wavered from that. There are many areas of partnering, everything from traditional resellers to managed service providers to cloud providers and hyperscalers like AWS that I talked about earlier. So, why have we been successful there? Well, we've taken the right approach to not compete with partners, to augment what they're trying to do. Our managed service providers have been looking for the best endpoint platform that they can plug in and offer other services. I think we've figured out how to complement the services that they have in those areas, and it's been very effective. Of course, customers want our technology, so they're clamoring to these partners to work with us. We'll continue to do that. I think we've put some great proof points out on our success in managed service, in the cloud providers, as well as traditional resellers. When we think about CISA, it's a fantastic validation for us in the Federal government. I've spent time in Washington, I was just there recently. A lot of excitement surrounds our technology finally being able to be deployed there. You have to go through a lot of different compliance and accreditations to sell in the Federal government and we worked through those. We continue to work through those at different levels. It opens up a massive opportunity for us that we've seen a significant pull from customers' interest in that vertical because of the aging technologies they’ve been saddled with in the past. So, more to come on that, but very excited about the opportunity today and in the future.

Thank you. Our next question comes from Joel Fishbein of Truist. Your line is open.

Hey, thank you and congrats on a fantastic execution. I have a quick question for George and a follow-up for Burt, if I could. George, you just GA-ed the Falcon XDR module. I think there's a lot of noise in the space. Can you talk about Falcon XDR and how it's different than the other products that are out there? And why it's important going forward?

Sure. When we think about XDR, it's more than just the marketing acronym. Organizations of all shapes and sizes, security companies have tried to just slap XDR on what they have that’s legacy. We don't think that's the right approach. We believe you have to start with the best EDR in the market, and then extend that. We believe our EDR is the best and we've been validated many times in different places. What we've been able to do is leverage the very powerful, fast, and efficient streaming engine of Humio. We just talked about the petabyte benchmarks to combine that with our Threat Graph, apply AI on top of it to get the best threat detection outcome and response leveraging our fusion technology. So, we're still in the early days. Obviously, we just launched it. We're working with many customers and adding more integrations around that. But we're really excited about that. We believe that's really a technology that will subsume the SIM market, and we think we're in a perfect pole position to be able to capture it.

Thank you. Our next question comes from Brent Thill of Jeffries. Your line is open.

Hey, guys. You have Joe on for Brent. Thanks for the question. I really appreciate the additional disclosures. Burt, unreal results and fantastic opening guide for revenue for fiscal 2023. Maybe just walk us through the methodology? And has anything changed with how you would typically give an opening guidance? And then maybe to what extent do we expect the mix shift of revenue outside of core endpoint? And what were the inflationary impacts on revenue and OpEx for fiscal 2023? Thanks.

Hey, Joe, thanks for that. In terms of our methodology, nothing has really changed. We guide to what we see. We do not guide to running the tables. So, absolutely no change there. The question about capturing some of the additional markets outside of core endpoint, I think we've given some good disclosures about our momentum. We don't see that momentum fading, and we are excited about both core and some of our emerging products. We are excited about being able to sell both those opportunities to both the largest enterprise companies in the world down to some of the smallest. So, that's how we think about it.

Thank you. Our next question comes from Matt Hedberg of RBC Capital Markets. Your line is open.

Great. Thanks for taking my question guys. Congrats. Lots of things to talk about here. Burt, for you, one of the things that really stood out to me was when we look at ending ARR per subscription customer, that had declined sequentially for many quarters. In Q3, it was kind of flattish, maybe up a little bit. But Q4, according to my math, it was up about 3% sequentially; really, really strong. I think to me, that speaks to your cross-sell ability. I'm wondering, when you think about the guide for next year, what are some of the assumptions around ending ARR per subscription customer? Should that continue this kind of upward sequential trajectory at this point?

Hey, Matt, we really don't look at it that way, to be fair with you because when you think about net new ARR, it could come from anywhere. It could come from new logos or our existing base. Our focus, as you know, has always been net new ARR, wherever it comes from. So when we think about looking out into this year, we're doing the same thing from a compensation perspective with our sales team as we have done last year, meaning we're going to pay our sales team the same whether they bring in a net new logo or whether they bring it from an existing customer. So we pay on net new ARR. We don't care where it comes from. The great news is we have a tremendous amount of headroom in both, right? Our expanding base really helps in terms of cross-sell for sure. But we still have a tremendous amount of headroom in being able to go after new logos. And that's kind of a great position to be in. It really speaks to the fact that we think about CrowdStrike in the early innings of our journey with a lot of headroom to go. So, hopefully, that makes sense to you.

Thank you. Our next question comes from Tal Liani of Bank of America. Your line is open.

Hi everyone. It was a great quarter. I want to ask about competition. The last information I have indicates you have 24 modules now. How is the competitive landscape evolving with the addition of these modules? Can you provide details on the acceptance rates? Typically, you share statistics on what percentage of subscription customers are using more than four, five, or six modules. I didn't catch that this quarter; can you update us on the acceptance rates of your modules? Also, can you discuss the take rate of the new modules and how you anticipate it will ramp up compared to historical trends? Thank you.

Yes. Thanks, so George here. When we look at the competition, I think, this quarter, we put a punctuation mark on a competitive point. With the growth, the cross-sell, some of the modules outside of just the core, we've never seen a better competitive environment for us. We're entering the quarter with the largest pipeline. We’ve got lots of replacements in the legacy world and next-gen world. A truly differentiated platform with our modules; we have 22, just to be clear. When you look at what we've put together in the endpoint and workload protection visibility space, combined with identity, which is very unique to us that others don't have, combined with data now, with SecureCircle, it's a true platform that customers are looking to buy and understand they can consolidate agents, reduce costs, and get much better outcomes. Then you combine our world-class offerings like SaaS and Complete and OverWatch on top of it, and it certainly is a winning combination. So, full steam ahead from us on the competitive side, and we continue to out-innovate and build what we believe is the best platform in the industry. Burt, I'll let you take the module take rates.

Sure. I’ll give them out again because we're very proud of them. The percentage of customers with four or more modules is 69%, five or more modules is 57%, six or more modules is 34%, all of which are increases over last quarter.

Thank you. Our next question comes from Alex Henderson of Needham. Your line is open.

Thank you very much. I've actually got a clarification and a question. The first one is a clarification. You talked about a record pipeline; that's kind of a throwaway considering your growth rate. I was wondering if you were to look at your pipeline relative to forward expected net new ARR, whether the ratio of your pipeline to the forward ARR is, in fact, a record as well. Then the question I have for you is really actually on a smaller piece of your business, which I think is very important, which is the services business, which obviously did very well with the increase in revenue upsell. With Mandiant having been bought out here or announced to be bought out, they have been one of the more successful companies in targeting events and coping with them. Does that open up a runway for you? It's my understanding that Google is planning on using that predominantly for internal products as opposed to what Mandiant has done in the past. So does that open up a new opportunity for you to expand that further and become the preeminent, not that you're not already, but even more of a preempting player in security, so you can get that upsell?

Hey, Alex. It's Burt. Thanks for your questions. I’ll take the first clarification point, and then I’ll pass it to George to talk about the Mandiant acquisition. We came out and said that our pipeline going into the year is the greatest pipeline we've ever seen in company history. I think I’ll leave it to everyone else and you on the call to figure out what that means in terms of net new ARR. But generally, I think that, combined with the momentum we've talked about in the business, we feel really good about starting the year. I’ll turn it over to George for your second part of the question.

Yes. Thank you, Burt. First, I want to congratulate Kevin and the entire team. I've known and worked with Kevin for many years, and they're a fantastic organization, one of the best in the business, and we have a lot of respect for them. We continue to work with them on partnership opportunities. We think it’s a great opportunity being part of Google, who is also another big partner of CrowdStrike. Both organizations make a lot of sense. You’ve got world-class capabilities across the board. We think our technology can be additive to the overall Mandiant solution, and we look forward to seeing how that progresses and continuing to partner with them. Overall, we think it's a positive net effect for all parties.

Thank you. Our next question comes from Fatima Boolani of Citi. Your line is open.

Good afternoon. Thank you for taking my questions. Burt, I look at your operating income guidance for fiscal 2023 and it implies close to a 60% growth in operating income. I look at that in comparison to the 49% you've guided to the high end from a revenue standpoint. I wanted to ask you what are some of the contributing factors to your operating income growth outstripping your revenue growth? And what considerations do you have in place vis-à-vis travel and expense levels reverting to pre-COVID levels, as well as some talent retention and talent acquisition costs and wage inflation that has maybe doubled some of your peers? Any thoughts around there? How you've been able to buck that trend as contemplated in your guidance would be very helpful. That's it for me. Thank you.

Sure, Fatima. Thank you for your question. When we take a look at the guide, we take a look at, of course, what we see, not necessarily what we don’t see, similar on the revenue side. We think about our model. We’ve got a lot of leverage in our model. Unit economics is really strong, and it’s pointing to one thing, which is continuing to invest aggressively, which we plan to do, and it's reflected in the guide. A few influential factors shape that guide: momentum in the business, so scale impacts how we think about our margin guide. We consider things like inflation; we take into consideration what we're seeing regarding talent—there is a talent war that we are seeing on a day to day basis, not only for us but for others in the space. We’ve done a really good job of differentiating ourselves from others to attract folks to come and join us. We plan to travel more this year; we want people to collaborate. We believe in visiting customers. However, every CFO out there is looking for the highest and best use of travel, and I’m no exception. I’m ensuring that we have all the controls in place to make sure we are utilizing the highest and best use of dollars for travel. As a company, we've got to continue our story about being a really well-planned company in all aspects of the business—from tech to go-to-market to finance. I hope that answers your question.

Thank you. Our next question comes from Joshua Tilton of Wolfe Research. Your line is open.

Hey guys, thanks for taking my question. You spoke a lot in the prepared remarks about the success of the non-endpoint modules. Can you just comment on the demand environment as we enter the year, but more specifically compare and contrast the demand for endpoint modules versus the demand for the cloud security and identity modules? Where are you seeing the highest demand of those three categories? And how does that maybe compare to this time a year ago?

When you look at the endpoint security modules and identity, they go together. We see broad-based demand across all revenue; people are buying the endpoint security modules primarily for two reasons: protection and visibility, which we get both; in order to enhance the protection, they’ve added the identity module, which makes sense given that many of the breaches don’t use malware in today's environment. We see that as a great opportunity for many customers who have been with us for a long time who don’t have identity, as that’s a newer module, to be able to add identity to their existing platform. Again, there’s not much they have to do other than activate it, given the architecture that we’ve built. And then, when you look at some of the other modules just in general, vulnerability management has done exceptionally well. We’ve seen lots of vulnerabilities in the environment; understanding the assets and their configurations and hygiene is very important for protection. In a distributed world today, right, there’s no perimeter. It’s all systems wherever they may reside. They need this level of protection visibility and ability to comprehend their vulnerability. Overall, we are pleased with the module growth outside of what we call just core endpoint protection. We look forward to continued growth in those areas.

Thank you. Our next question comes from Rob Owens of Piper Sandler. Your line is open.

Great. Thanks for taking my question. I was wondering, if you could touch on the critical infrastructure defense project that you recently announced? Just I guess, how it came about with these vendors. More broadly, how under-protected are we in these verticals relative to next-generation technologies?

Yes. Sure. Rob, we thought it was appropriate with some of our partners in the industry to see where we can help. When you look at critical infrastructure and what the government is really concerned about—hospitals, pipelines, things of that nature—it’s important that they are protected. There aren’t a lot of enforce standards in some of these areas, and oftentimes they are under-protected for various reasons. We thought it was the right thing to do in terms of offering our technology out there for some period of time. We hope to move the needle at improving protection in places where it may not have been sufficient. We will look to see how that pans out from a business perspective, but first and foremost, we’re just trying to do the right thing.

Thank you. Our next question comes from Jonathan Ruykhaver of Baird. Your line is open.

Yes. Hey guys. Congrats. I'm wondering if you could just provide some color on the free tiers, whether it be the Humio community edition. I think you've introduced some sort of capabilities as well. Just curious how you're thinking about that sales motion? Is there an opportunity to introduce those free tiers more broadly going forward?

Well, yes. So let’s talk about Falcon Fusion for a bit, which is our store capabilities. The beauty is it’s built into the platform. If you are a Falcon customer, it has been extremely well loved by our customers. The amount of automation we’ve achieved far outstrips what our competitors can do, and it ties into our XDR response strategy. It’s seamlessly built in. It wasn't an acquisition that we had to bolt on. So we’re happy with that. Other than ensuring everybody knows we have it, there’s not a lot of motion we have to go into there, and it has been a differentiator for us. When we think about the Humio community edition, I think it goes to the heart of where we’ve been able to make good inroads in the DevOps world, both in cloud protection as well as observability. We've talked about some of the significant wins with Humio. Some of them are not even security related; they're simply observability. The beauty of that technology is its ability to get data from just about any source and answer any question at scale. The community edition has been very well received. We have people using it, and they are saying it's a great technology. They want to learn more, possibly thinking about licensing it. We’re still in the early innings on that, but it goes to the heart of our e-commerce efforts and the platform we built out, which I think is underappreciated from a business perspective and sales efficiency it brings to CrowdStrike.

Thank you. Our next question comes from Ittai Kidron of Oppenheimer. Your line is open.

Thanks. Hey guys. Great quarter, and thanks for all the disclosures. I have a couple. George, first for you on the new modules. Clearly, you're making very good progress here. But can you tell us how much of the progress do you have customers that land first review in these solutions? And for you, Burt, great job on the operating margin side. I guess you're pretty much at your target operating margin range, so is it time to raise it finally?

All right. So, I'll take the first part. When we think about how customers land, let's take a couple of examples. Cloud workload protection, cloud security posture management, horizon. Absolutely, they can land there first before they put Falcon on any of their traditional endpoints. We see that all the time, same with Humio. When you think about something like identity, that becomes a driver for why they're calling us. They're looking at their existing solutions and saying, hey, we need a solution in the endpoint identity space. You guys are the only folks that have it, come in and talk to us. Traditionally, we will land that among something else, probably the endpoint detection or EDR. The beauty of our model is a single agent collects data one time, all the modules become available. Once we get the agent into that system, everything else opens up from a module perspective. There are different demand drivers, and then there are specific technologies, which are natural for us to lead with and sell, being able to cross-sell in other places in their organization like cloud workload protection and cloud security posture management.

Hey, Ittai, it’s Burt. Number one, really happy with our performance on the top and the bottom. I think the guide really reflects what we really want to do this year, which is aggressively invest in the business. We've got this opportunity in front of us. We think there’s a tremendous amount of demand. We are going for it. When we guided, we took all of that into consideration. I feel good about where we are. Our unit economics, the metrics we look at are all driving that decision in terms of how we guide it. It's a great thing about our business; it’s well-flighted, the model itself is open to leverage, and we are going to use that leverage to invest aggressively into the business.

Thank you. Our last question comes from Gregg Moskowitz of Mizuho. Your line is open.

Hi, thank you very much and thanks for taking the question. I'll keep it to 1 just in the interest of time. So, you now have more than half of the Fortune 500 total. Based on our numbers, you’ve added 77 of the Fortune 500 over the past 12 months. Both of these are remarkable statistics. As you look ahead to fiscal 2023, how would you characterize your new customer pipeline, specifically at the larger enterprise level? How much runway is there for your current Fortune 500 customers to continue expanding with CrowdStrike?

Great. We still see a big runway of potential customers in the Fortune 500 that aren't on CrowdStrike; we've seen obviously a lot of interest there. Enterprise customers understand that if they're looking for the best protection at scale with manageability, CrowdStrike is the technology of choice, and we've built our gold standard reputation in that arena. Burt, anything else to add? I know we're short on time.

Yes. It's a great question. Right now, we’re really happy that we have over 50% of the Fortune 500. We have a whole bunch more to go, and when George and I look at the rest of our potential business, we're looking forward. Again, tremendous success in enterprise; that's where George flighted the business, and that's where we started. We’re going to continue to see lots of opportunities come our way and then go downmarket. We've had a lot of success being able to build the technology, the same agent for both a company that has 1 million endpoints versus one that has 5. It’s hard to do. We have over 16,000 subscription customers. Those are all open to cross-sell and upsell. We have a tremendous amount of new logos to go after, whether it’s enterprise, mid-market or SMB. That’s the beauty of where we are. You’re hearing excitement in our voices, and I'll turn it back over to the moderator.

Okay. Thank you so much. We appreciate everyone's time and attention, and we wish the best for everyone to stay healthy, and we look forward to seeing you next quarter. Thanks so much.

Thank you. Ladies and gentlemen, this does conclude today's conference. Thank you all for participating. You may now disconnect. Have a great day.