Skip to main content

Earnings Call

CrowdStrike Holdings, Inc. (CRWD)

Earnings Call 2021-10-31 For: 2021-10-31
Added on April 24, 2026

Earnings Call Transcript - CRWD Q3 2022

Operator, Operator

Thank you for standing by, and welcome to the CrowdStrike Holdings, Inc. Q3 2022 Financial Results Conference Call. At this time, all participants are in a listen-only mode. After the speakers' presentation, there will be a question-and-answer session. As a reminder, today's conference call is being recorded. I would now like to turn the conference to your host, Ms. Maria Riley, Vice President of Investor Relations. Please go ahead.

Maria Riley, Vice President of Investor Relations

Good afternoon and thank you for your participation today. With me on the call are George Kurtz, President and Chief Executive Officer and Co-Founder of CrowdStrike; and Burt Podbere, Chief Financial Officer. Before we get started, I would like to note that certain statements made during this conference call that are not historical facts, including those regarding our future plans, objectives, growth and expected performance, including our outlook for the fourth quarter and fiscal year 2022 are forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. These forward-looking statements represent our outlook only as of the date of this call. While we believe any forward-looking statements we make are reasonable, actual results could differ materially because the statements are based on current expectations and are subject to risks and uncertainties. We do not undertake and expressly disclaim any obligation to update or alter our forward-looking statements, whether as a result of new information, future events or otherwise. Further information on these and other factors that could affect the Company's financial results is included in filings we make with the SEC from time to time, including the section titled Risk Factors in the Company's quarterly and annual reports that we file with the SEC. Additionally, unless otherwise stated, excluding revenue, all financial measures included on this call will be non-GAAP. A discussion of why we use non-GAAP financial measures and a reconciliation schedule showing GAAP versus non-GAAP results is currently available in our press release, which may be found on our Investor Relations website at ir.crowdstrike.com or on our Form 8-K filed with the SEC today. With that, I will turn the call over to George to begin.

George Kurtz, President and CEO

Thank you, Maria, and thank you all for joining us. I will start today's call by summarizing three key points. First, we delivered an outstanding third quarter headlined by an acceleration in net new ARR growth, strong execution across the market, from large enterprises to small businesses and expansion within the U.S. federal government. Second, we are seeing an inflection in new products with growing demand for our identity protection and Zero Trust, Humio and cloud security modules. And third, the competitive and pricing environment remains favorable to CrowdStrike. We continue to expand our lead over legacy and next-gen vendors because of our scalability, efficacy and differentiated offerings such as Falcon Complete. Now let's discuss our results and get into the topics in more detail. We delivered a robust third quarter with net new ARR growth accelerating and ending ARR growing 67% to surpass the $1.5 billion milestone. We added $170 million in net new ARR, which was ahead of our expectations and gained over 1,600 net new subscription customers for the second consecutive quarter. We proudly serve 14,687 subscription customers. In addition to accelerating net new ARR growth, we delivered record bottom line results and free cash flow reaching a new high watermark of $124 million. In the third quarter, we saw broad-based strength in multiple areas of the business and among SMB mid-market and large enterprises. Our outstanding results this quarter reflect continued strong customer adoption of our core products, growing success with our newer product initiatives, including identity protection, log management and cloud and our growing leadership in the market with a continued groundswell of customers turning to CrowdStrike as their trusted platform of record with our 21 modules. We also gained significant momentum and delivered a record quarter in the public sector, including wins with educational institutions, states and local governments and the U.S. federal government. Our performance on this front is highlighted by a large win with CISA, the Cybersecurity and Infrastructure Security Agency, to secure a significant portion of endpoints and workloads for multiple federal agencies as they operationalize the White House executive order to improve the nation's cyber resiliency. This win represents the culmination of our dedication and hard work over the course of several years on our public sector strategy and government certifications. We believe this significant win will create new opportunities and unlock additional business within the massive U.S. federal government. For additional information, please visit my new post to the CrowdStrike blog. Moving to the competitive environment. We continue to believe we have a significant technology lead with no competitor matching our scalability, performance, ease of use and commitment to customers. I could not be more excited by our opportunity, which has continued to grow. This quarter, our win rates increased across the board, and we saw a record number of wins against both legacy and next-gen vendors with SMB, mid-market and large enterprise customers. We also landed a record number of wins and displacements over a recently public next-gen vendor, SentinelOne. To be clear, we define a displacement as removing an incumbent's product and replacing it with Falcon. Let me share a recent example with one of the largest nonprofit hospital systems in the U.S. which had initially chosen the recently public next-gen vendor based on price and promised features that were never delivered. Just a few months into their multiyear contract with the other vendor, this organization realized the product failed to scale, caused major performance issues, prohibited critical processes from functioning properly and drove significant friction within the organization and its subsidiaries. That is when they turned to CrowdStrike, purchased multiple modules in a multimillion dollar ARR deal and realized immediate improvement, gaining up to 30% performance increase on their servers alone and greater efficacy without intrusive false positives. Another marquee win this quarter included Qualtrics, a leader in experience management. Customer focus and trust are key parts of Qualtrics' DNA. Therefore, it was critical for them to adopt best-of-breed security capable of fortifying their entire estate of traditional endpoints and cloud workloads without sacrificing end-user experience. Qualtrics moved off the next-gen endpoint security provider to Falcon in order to have a single solution that can be easily deployed and scaled along with their fast-growing business. We look forward to continuing our relationship with Qualtrics as their trusted security partner. We continue to see success winning new customers among our larger competitors as well. Take for example a leading health care system that was using a combination of two legacy vendors, Microsoft and Symantec when it was hit with a massive ransomware attack that disrupted their business. This organization turned to CrowdStrike's renowned incident response services team to remediate the breach. They also came to realize that while Microsoft attempts to check most of the boxes on paper and appeal to the CFO office, in reality, when every second counts, they needed CrowdStrike and standardized on Falcon Complete. With our leading technology, unmatched platform and adversary-focused approach to stopping breaches, we continue to eclipse our competitors and extend our leadership, which was once again recognized by industry analysts and third-party testing agencies, including IDC which named CrowdStrike, a leader in IDC Marketscape worldwide modern endpoint security for enterprise 2021 vendor assessment. Enterprise Management Associates, EMA granted Humio their top three award in log management and observability. Humio was recognized for its index research and its ability to ingest structured and unstructured data at real time and at scale. Last month, SE Labs recognized CrowdStrike as the best endpoint detection and response product for the second year in a row. And just this week, CrowdStrike earned the highest rating in the October 2021 Gartner Pure Insights Voice of the Customer for endpoint protection platforms. Cyber adversaries are increasingly attempting to accomplish their objectives without using malware. As we cited in our 2021 Threat Hunting report, based on recent customer data indexed by Threat Graph, 68% of detections analyzed were not malware-based. This is why companies need to employ a holistic breach provision strategy rather than overly relying on malware prevention regardless if it's legacy or next gen. This increasing trend in the adversary landscape is driving a generational shift to Zero Trust technologies, including CrowdStrike Falcon. We are seeing this trend play out in our modular adoption metrics which have continued to increase. Our module adoption rates demonstrate the flywheel effect of our platform in motion with subscription customers that have adopted four or more modules, five or more modules and six or more modules increasing to 68%, 55% and 32%, respectively, in the third quarter. We believe high adoption rates of our modules drive high retention rates and reflect our growing position as the trusted platform of record with the average number of modules per customer also increasing quarter after quarter. Our results have proven quarter after quarter that transformational differentiation built into the Falcon platform continues its technology dominance over legacy and next-gen vendors alike, delivering strong results in the field. On the cloud front, our footprint continues to grow even faster than our overall server endpoint growth with over 25% of the servers we protect now in the public cloud. CrowdStrike has redefined the approach to cloud security. With Falcon Horizon, we are selling into and enabling DevOps teams to improve decision-making and innovate faster. Falcon Horizon is API-driven and agentless, enabling customers to scan configurations and workloads across multiple cloud environments. Falcon Horizon provides continuous control plane threat detection and machine learning and indicator of attack detection as well as guided remediation for all cloud accounts, services and users across the cloud estate. During the quarter, we extended Falcon Horizon to support Google Cloud environments now supporting the three largest clouds. We also deepened our partnership with AWS with new features that work hand-in-hand with services from AWS to further protect customers from growing ransomware threats and increasingly complex cyber attacks. Moving to the partner front. As our leadership in the market increases, our partnerships grow and deepen with large name brand system integrators, VARs and MSSPs alike, building revenue streams for their businesses with Falcon. The third quarter was a breakout quarter for our MSSP ecosystem with our MSSP business growing more than 30% quarter-over-quarter and triple digits year-over-year. We also expanded our relationship with Google by joining their Work Safer program, which is designed to protect organizations, including small businesses, enterprises and public sector institutions against modern cyber attacks. Just as we usher the industry into a new era when we launched EDR and pioneered Zero Trust for the endpoint with deep visibility, we are leading the industry forward and once again, redefining security by focusing on the greatest source of enterprise risk and friction. Unlike any other competitor in the market today, our identity protection modules give customers the ability to prevent the spread of ransomware and stop lateral movement when credentials are stolen. This is a major advantage to winning deals in the field and increasing deal size. The third quarter marks the one-year anniversary of our acquisition of Preempt. And in this one quarter alone, we generated quarter included AIA Insurance, one of the largest public insurers in the Asia Pacific region; multiple major airlines; and a Fortune 100 manufacturer. CrowdStrike already natively enforces Zero Trust protection at the device layer and the identity layer. By harnessing technology from our recent acquisition of SecureCircle, we plan to take data protection to a new level by enforcing Zero Trust at the data layer. Legacy point products like DLP are aging, brittle, prone to false positives and require a high reliance on human intervention. Based on IDC estimates, we believe the market for DLP and related technologies to be approximately $3 billion in calendar year 2022. Our innovative approach to data protection will put power back into the hands of customers without changing the way users work. Moreover, after we combine SecureCircle's technology with CrowdStrike Zero Trust modules, customers will gain even more fine grain visibility and control as well as continuous risk monitoring to detect and respond to threats, whether they manifest as a device, identity or data layer. While the acquisition just closed and it will take some time to integrate into the Falcon platform, we have already received a tremendous response from customers that would like to replace their legacy DLP products from the likes of Symantec with Falcon's data protection module delivered through our single lightweight agent. CrowdStrike is the only platform in the market to connect the machine to identity and to data. It has been an unparalleled year of innovation at CrowdStrike. At this year's Falcon User Conference, we showcased our thought leadership, newest innovations and continued commitment to providing customers gold standard protection to stay ahead of adversaries today and in the future. Our new Falcon XDR module headlined the event. Falcon XDR leverages the technology we acquired from Humio and extends CrowdStrike's industry-leading endpoint detection and response capabilities to deliver real-time detection and automated response across the entire security stack. We also launched the Crowd XDR Alliance, which is a groundbreaking partnership with industry leaders including Google Cloud, Okta, ServiceNow, Zscaler, Proofpoint and Mimecast, among others. We invite you to learn more about XDR and our other new capabilities as well as hear discussions with our partners, AWS and Accenture, and our customer Zoom by tuning into our Falcon Investor Briefing, which is accessible on our Investor Relations website. Turning to Humio. Q3 was a record quarter, and we see increasing momentum in the log management space that has exceeded our expectations. In addition to the seven-figure new customer land with the DevOps team of a financial services company, we mentioned on our last call, Humio wins in the third quarter included a Fortune 150 food brand, a leading European cloud-based e-commerce platform company and Mimecast, a leader in cloud-based email management and security and a CrowdStrike technology partner. We are also seeing strong uptake for our recently announced Humio Community Edition, which gives users 16 gigabytes of streaming data ingestion per day with seven-day retention for free. In less than six weeks since our launch, we have already reached 100% of our six-month customer registration goal. Humio's log management platform is unmatched in speed, performance and storage ability. Humio Community Edition offers customers unprecedented access to best-in-class log management that they won't see anywhere else. We expect this program to be a strong avenue for lead generation as customers experience the power of Humio. Before closing, I would like to announce that we are promoting Jim Seidel to Chief Sales Officer, and he will be responsible for global sales. Jim has been with CrowdStrike for over eight years. And for the past five years, he has done an outstanding job leading our Americas sales team, our largest region and contributor to United States revenue, which accounts for 73% of our total revenue. During Jim's tenure, Americas revenue has grown significantly and exceeded my expectations quarter after quarter. And for the past four months, while Mike Carpenter was on leave to welcome the arrival of his child, Jim has served as acting Head of Global Sales and Field Operations. And true to form, as you can see from the results we published today, Jim delivered an exceptional third quarter on a global basis. Mike is transitioning to an advisory role until his departure from the Company to spend more time with his family. We are very grateful to Mike for his years of service and contributions to building a world-class sales organization. Mike, it has been a great partnership, and I can't thank you enough. We wish you all the best. In closing, we delivered an outstanding third quarter that can be characterized by phenomenal execution across the board and accelerated net new ARR growth. We continue to see a very favorable competitive environment today and into the future. We continue to expand our leadership and rapidly innovate as we once again redefine security. Looking forward, I could not be more excited about our future opportunities for growth. We have built a best in SaaS platform that not only significantly expands our reach beyond the core endpoint market, but also unifies the opportunity across cloud security, log management and identity protection. We see a long runway ahead in displacing legacy and next-gen point product vendors. And the fourth quarter is off to a great start, it already includes a notable land with one of the world's largest financial institutions. With that, I will turn the call over to Burt to discuss our financial results in more detail.

Burt Podbere, Chief Financial Officer

Thank you, George, and good afternoon, everyone. As a quick reminder, unless otherwise noted, all numbers, except revenue mentioned during my remarks today, are non-GAAP. We once again delivered exceptional results. In addition to strong growth at scale with accelerated net new ARR growth, we continue to maintain very high unit economics, drive leverage and generate strong operating and free cash flow. We also continued to perform at a high level well in excess of the SaaS industry's Rule of 40 benchmark, achieving a Rule of 77 and when calculated on a free cash flow basis, a Rule of 96 at scale with over $1.5 billion in ARR. We believe our continued outstanding execution speaks to our ability to rapidly and efficiently scale across the business, our customer first and mission-driven culture and our highly differentiated platform, all of which we believe set us apart from others in the market and are difficult to replicate. Demand in the quarter was broad-based and well balanced fueled by strength in multiple areas of the business as we expanded our leadership across the market from large enterprises to small businesses. We once again ended the quarter with our strongest pipeline to date, which we believe indicates a strong foundation for future growth. In the quarter, we delivered 67% ARR growth year-over-year to exceed $1.51 billion, a new milestone. Rapid new customer acquisition as well as expansion business within existing customers fueled an acceleration in net new ARR growth on both an organic and as-reported basis. Net new ARR grew 55% on an organic basis and 46% on a reported basis to reach a new all-time high of $170.0 million, with no outsized contribution from any one deal. It was a standout quarter for large deals as we derived a record amount of net new ARR from million-dollar deals. We believe this reflects our continued leadership in the enterprise segment, expanding deal sizes and the pricing leverage attributable to our distinct product differentiation. As George mentioned, we signed a large deal with CISA in the quarter, which will make the U.S. federal government one of our top customers. However, given this win covers multiple agencies, each with their own deployment schedules, the contribution to net new ARR was not notable in Q3, and we will see it steadily fold into ARR over the coming quarters. Our dollar-based net retention rate was once again above our benchmark. Our gross retention rate remained consistently high with prior quarters, and contraction and churn decreased on both a dollar basis and percent of ARR. Moving to the P&L. Total revenue grew 63% over Q3 of last year to reach $380.1 million. Subscription revenue grew 67% over Q3 of last year to reach $357.0 million. Professional services revenue was $23.0 million, setting a new record for the fifth consecutive quarter and representing 22% year-over-year growth. The geographic mix of third quarter revenue consisted of approximately 73% from the U.S.; 13% from Europe, Middle East and Africa; 10% from the Asia Pacific region; and approximately 4% from other markets. Third quarter non-GAAP gross margin was 76%, consistent with Q3 of last year. Our non-GAAP subscription gross margin was 79% and in line with Q3 of last year. We continue to be pleased with our strong subscription gross margin performance as we continue to invest for growing demand. As planned, we continued investing aggressively in our business during the quarter, including increasing investments in new technologies, international geographies and marketing programs while driving increased operating profit. Total non-GAAP operating expenses in the third quarter were approximately $239.0 million or 63% of revenue versus $157.0 million last year or 68% of revenue. We believe the investments we are making today will lead to sustained growth over the long term and maintain our pole position as the trusted security partner of choice. In Q3, we ended with a magic number of 1.3 as we continue to ramp investments to capture more of the market opportunity at hand and expand globally. Our continued exceptional unit economics speaks to the efficiency of our go-to-market engine and our ability to rapidly onboard and support customers of all sizes. We also believe that a magic number of 1.3 continues to indicate that we should increase investments even more given the massive market opportunity. Third quarter non-GAAP operating income grew 168% year-over-year to reach a record $50.7 million, and operating margin improved five percentage points over Q3 of last year to exceed 13%. Non-GAAP net income attributable to CrowdStrike in Q3 was $41.1 million or $0.17 on a diluted per share basis. Our weighted average common shares used to calculate third quarter non-GAAP EPS attributable to CrowdStrike was on a diluted basis and totaled approximately 239 million shares. We ended the third quarter with a strong balance sheet. Cash and cash equivalents increased to approximately $1.91 billion. Cash flow from operations in the third quarter was $159.1 million, and free cash flow grew to a new record of $123.5 million or 32% of revenue. Before we move to guidance, I'd like to cover a few modeling notes. First, while we do not specifically guide to ending or net new ARR, we continue to expect seasonality in net new ARR to be less pronounced relative to prior years as we move from Q3 into Q4, given our steady climb at a much higher scale in recent quarters and outstanding performance throughout this fiscal year. Our guidance includes the impact of our recent acquisition of SecureCircle, which closed on Monday. We currently expect the acquired net new ARR contribution from SecureCircle to be less than $1 million in the fourth quarter. Additionally, the $70 million IP transfer tax expenses related to the Humio acquisition will be reflected in the fourth quarter, which will impact operating and free cash flow results. Lastly, we funded the acquisition of SecureCircle, with cash. The approximately $61 million cash payment, net of cash acquired, will be reflected in our Q4 cash balance. Moving to our guidance. We remain optimistic about the demand for our offerings, record pipeline and the powerful secular trends fueling our growth. Given the growth drivers of our business as well as our exceptional third quarter performance and momentum into the fourth quarter, we are once again raising our guidance for the fiscal year 2022. For the fourth quarter of FY '22, we expect total revenue to be in the range of $406.5 million to $412.3 million, reflecting a year-over-year growth rate of 53% to 56%, with subscription revenue being the dominant driver of growth. We expect non-GAAP income from operations to be in the range of $55.2 million to $59.5 million and non-GAAP net income attributable to CrowdStrike to be in the range of $45.2 million to $49.4 million. We expect diluted non-GAAP net income per share attributable to CrowdStrike to be in the range of $0.19 to $0.21, utilizing a weighted average share count of 241 million shares on a diluted basis. For the full fiscal year 2022, we currently expect total revenue to be in the range of $1,427.1 million to $1,432.9 million, reflecting a growth rate of 63% to 64% over the prior fiscal year. Non-GAAP income from operations is expected to be between $171.0 million and $175.3 million. We expect fiscal 2022 non-GAAP net income attributable to CrowdStrike to be between $135.4 million and $139.7 million. Utilizing 238 million weighted average shares on a diluted basis, we expect non-GAAP net income per share attributable to CrowdStrike to be in the range of $0.57 to $0.59. George and I will now take your questions.

Operator, Operator

Our first question comes from Saket Kalia of Barclays Capital. Your line is open.

Saket Kalia, Analyst at Barclays Capital

Yes. Burt, maybe I'll start with you, just to sort of knock this out first. I was wondering if you could speak to the pricing environment a little bit and whether you feel like competitors are having an impact here with potentially lower price strategies. Does that make sense?

Burt Podbere, Chief Financial Officer

It's a good question. But in regards to pricing and it's been the same way for quite some time, discounting has remained consistent with prior quarters. And I think it highlights the differentiation of our platform and the value we bring to customers. We talk about value selling for quite some time. So it's allowing customers to center on us and take off other vendors, and that allows us to offer our customers lower total cost of ownership. And that really matters. In terms of the platform, I'll turn it over to George to talk a little bit about that.

George Kurtz, President and CEO

As Burt said, a big part of what we're doing is being able to consolidate other vendors. Agent consolidation, agent fatigue is a big issue that's out there. And obviously, we have a broad platform that's differentiated and works, and that's the key aspect of the platform that it actually works. And you've seen in the transcript that there was a large nonprofit hospital that went with a next-gen vendor on price and two months later was back with us and deploying because it didn't work. And I think that's a big part of it. You also have to look at things like identity, look at things like Falcon Complete. These are truly differentiated services. And when you look at the breadth of what we're doing, obviously, we're way more than just an endpoint company when you look at what we're focused on and the value we're delivering, and that's how we continue to win and drive the right pricing for us and obviously, good value for our customers.

Saket Kalia, Analyst at Barclays Capital

That makes a lot of sense. George, maybe just a follow-up for you. Congrats on the CISA contract. I was wondering if you could just dig into that just one level deeper and maybe talk a little bit more broadly, but how much opportunity you feel like CrowdStrike has within the federal government on the whole?

George Kurtz, President and CEO

Sure. Well, we're really proud of that win. And I think it really is a signature win given the directives that came out of the U.S. government. We're certainly proud to protect the U.S. government. When you look at Falcon as a whole in the platform, it was tailor-made to help protect the government an adversary focused approach using next-gen technologies, AI powered, very broad in what we're doing. And again, at the end of the day, our goal is to stop breaches. Again, a truly differentiated offering that we have is our intelligence. Most vendors don't have what we have, certainly not the next-gen vendors, and that's a key aspect of what we do and part of the whole data element to CrowdStrike. So we're excited about this win. We believe it is a big opportunity for us. Obviously, we've got this win, but there's more expansion capabilities and can protect the U.S. government as well as many governments around the world.

Operator, Operator

Thank you. Our next question comes from Sterling Auty of JPMorgan. Your line is open.

Sterling Auty, Analyst at JPMorgan

Just one question from my side. Can you give us a sense of what percentage of the net new ARR that you added in the quarter really came from protecting cloud workloads? And how does that compare to what it looked like maybe a year ago?

Burt Podbere, Chief Financial Officer

I'll start. Sterling, when we think about our Cloud Workload Protection, we can tell you that it is growing and we continue to see an increase in the available opportunities in the cloud. Currently, 25% of the servers we protect are in the cloud, which indicates our direction. Maybe George has a couple of other comments on that.

George Kurtz, President and CEO

Yes. The 25% we mentioned is an increase we've discussed in previous calls. When considering Cloud Workload Protection, it consists of two main components. One aspect is workload protection, which offers runtime protection and visibility across virtual environments, containers, and more. The other component is Cloud Security Posture Management, known as Falcon Horizon, where we continue to innovate. This agentless technology integrates with various APIs from cloud providers, allowing us to cover all three major providers. This approach delivers significant value quickly. Our unique offering combines visibility from an API standpoint with runtime protection, setting us apart from many competitors, including private companies. We are optimistic about this and continue to target the DevOps sector effectively, enhancing our ability to deliver value and facilitate a smooth onboarding process for clients.

Operator, Operator

Our next question comes from Alexander Henderson at Needham. Your line is open.

Alexander Henderson, Analyst at Needham

Spectacular results again. I wanted to get a little bit clearer on the concept of XDR. It seems to me that you guys have been pigeonholed by many people as an endpoint company, but you're really a platform. And to the extent that, that platform allows you to then extend into other niches that have historically been seen as separate end markets, a lot of the companies that are in those end markets have turned around and redefined themselves as XDR realizing that they needed to be a platform. But taking the term XDR and plugging it in front of the SIEM companies product does not make it a platform. So can you talk a little bit about that flood that's out there and whether that confusion is spreading to any of your customers or whether they see through that issue and understand the importance of the expense of the platform and the breadth of your product line?

George Kurtz, President and CEO

Well, thanks, Alex. It's a great question. And I think if folks are looking at us as just an endpoint company, pigeonholed endpoint company, they're really missing the big picture. I mean that's as simple as I could say it. We've proven that we are a platform company, as I said before, the sales force of Security 21 modules. You can look at the attach rates. And when you talk to customers and if folks really do their homework, and they talk to customers, they will see the value, and they see how we're consolidating there. So when we think about XDR, you have to start with the best EDR in the market, which is ours. It's been validated by Gartner and others and IDC, I mean, down the list. And the extension of EDR is XDR, right? And as a company who pretty much pioneered cloud-delivered endpoint security with Threat Graph and the massive data moat that we have by combining that with some of the technology we acquired from Humio and our Threat Graph. I think we're in a unique position to be able to drive additional threat detection outcomes as well as the declaration of the threat narrative, right, the attack narrative. And that's independent of Humio as a stand-alone log management observability platform. So we're really driving a lot of innovation in this area. And to your point, if you are just kind of a SIEM vendor now trying to glom on to XDR as an acronym, it's not going to work. You have to start with the best EDR in the world. And in my opinion, that's CrowdStrike.

Operator, Operator

Thank you. Our next question is from Brent Thiel of Jeffries. Your line is open.

Joe Gallo, Analyst at Jeffries

You have Joe on for Brent. I really appreciate the question. Burt, can you just walk through the puts and takes of margin? I think guidance implied 150 points of contraction in that 4Q. Is that acquisition-related travel investment? And then, maybe just how we should think about leverage going forward on an annual basis?

Burt Podbere, Chief Financial Officer

Yes. First, I'd like to discuss our overall operating margin, which we are proud to report is over 13% this quarter. This achievement is largely due to the effective unit economics we've established, particularly on the sales side. Whether we refer to our magic number or the Rule of 40 mentioned in our prepared remarks, both play a significant role in driving this operating margin. Looking ahead, we see several opportunities starting at the gross margin level. Recently, I increased our long-term expectations for gross margin expansion, and we are focused on investing to realize that potential. As we continue to grow, we aim to leverage our strong business model while also committing to aggressive investments. This strategy will not change. Additionally, investing in research and development and fostering innovation is essential to our identity. We are committed to pursuing the substantial opportunities that lie ahead. This summarizes our perspective moving forward.

Operator, Operator

Thank you. Our next question comes from Matt Hedberg of RBC Capital Markets. Your line is open.

Matt Hedberg, Analyst at RBC Capital Markets

George, FileVantage for file integrity monitoring, it looks like a great addition to the platform. Can you talk about sort of what customers are saying? I know it was just launched, but sort of why is that such an important piece of a CISO sort of like data security fabric in sort of this new post-COVID world?

George Kurtz, President and CEO

Yes. Thanks, Matt. It's a good question, and we're excited about this technology. And again, it goes to our strategy of consolidating agents and getting rid of other technologies that are costly and complex and weigh the system down. When you think about FIM, it's pure and simple compliance requirement. When you think about things like PCI and in the financial services industry, you have to understand what files change and who changed them and implement controls around that. So we've been able to do a lot of that for a long time. We've enhanced some features, put it into a module. And it's been extremely well received because it is literally a check box for just about any company that's out there, given the current regulatory frameworks and the various standards that exist.

Operator, Operator

Thank you. Our next question comes from Roger Boyd of UBS. Your line is open.

Roger Boyd, Analyst at UBS

Could you provide more details about the selection process for the CISA contract and how competitive it was? Additionally, can you discuss the role of incident response in this context, especially as the federal government becomes more collaborative through programs like JCDC?

George Kurtz, President and CEO

Yes, the federal government operates in a competitive environment, which is intentional. We strongly believe in collaborating with them, and we feel confident about the technology we provide, which is well-established and essential for their needs. We are enthusiastic about our initial partnership. Regarding threat intelligence, we have a distinctive group, with perhaps only one other company matching our level of intelligence capabilities, but they are no longer active in endpoint security. This provides value not just for the U.S. government, but it also sets us apart for all our customers. We have insights into adversaries' actions and know how to detect attacks, which we incorporate into our AI technologies. An adversary-focused strategy is crucial for preventing breaches. Along with our other services and managed offerings, we believe this will lead to strong results for the government.

Operator, Operator

Thank you. Our next question comes from Brian Essex of Goldman Sachs. Your line is open.

Brian Essex, Analyst at Goldman Sachs

Maybe George, if I could just have us unpack the new logo adds a little bit, it looks like a nice increase in new ARR. It looks like the landed cost of the logos that you added were a bit higher. Was it better strength from upmarket a little bit? Was it better, I guess, breadth of sale into the pipeline? Maybe if you could help us understand a little bit behind the drivers and what drove kind of the larger average customer ARR in the quarter.

Burt Podbere, Chief Financial Officer

Brian, it's Burt. I'll take that one. We're really pleased with the net new logo additions this quarter. The acceleration in net new ARR was significant for us. We added over 1,600 new logos, which is the second time we've reached that milestone. We're very excited about the performance of these new logos. Overall, we had exceptional performance, with notable strength in the enterprise and mid-market sectors, as well as in MSSP. When you combine that with the increase in $1 million deals, you see the strong performance we achieved. It's important to note that we didn't have any oversized or outside deals influencing this quarter, which speaks to the strength of our platform and the broad-based success we experienced.

Operator, Operator

Thank you. Our next question comes from Rob Owens of Piper Sandler. Your line is open.

Justin Roach, Analyst at Piper Sandler

This is Justin Roach on for Rob. Just wanted to follow up around the cloud security solutions like your CSPM and CWP. Have you guys seen any increase in competitive pressures in this area, given the number of players coming out it from both the network and the endpoint side? Or do you guys still view this as a largely greenfield opportunity?

George Kurtz, President and CEO

I believe this is primarily a greenfield opportunity. There are many early-stage companies in the space, but we are still at an early point in the life cycle, presenting a significant opportunity for all involved. We feel well-positioned because many competitors lack effective runtime protection, which is crucial. It's essential to integrate these components. It's not just about connecting and retrieving information from APIs; while we do that uniquely by applying our indicator of attack technology to our agentless framework, combining these elements is vital for our customers. Many major successes involve cloud solutions. As Burt mentioned, we have a substantial number of servers. Integrating CSPM with Cloud Workload Protection and aspects like vulnerability management is key, and we have the necessary technology for that. While it does function on desktops, we can also be integrated into the CICD pipeline. We can identify vulnerabilities in images and prevent their deployment. These factors are critical for fostering technology that is widely embraced by DevOps.

Operator, Operator

Thank you. Our next question comes from Jonathan Ruykhaver of Baird. Your line is open.

Jonathan Ruykhaver, Analyst at Baird

Congrats on that strong execution. You've talked about the benefits of Humio as it relates to data ingestion and just the additive nature to Threat Graph and obviously, the push into a broader XDR use case. And George, you touched on this in your comments, but just wondered if you could talk a little bit more what you see around the log management observability use case and how you see that contributing to the overall platform near term and longer term?

George Kurtz, President and CEO

Well, we've had some big wins this past quarter with Humio, even outside security. Certainly, security is a use case, but observability and telemetry, it really is a telemetry platform. And if you think about today's environment, all the various technologies out there, all the information they're gathering, you have to have a telemetry platform like Humio to make sense of it all at scale. So, it's been an amazing opportunity for us since acquiring the Company. I think we underappreciated what a huge opportunity is out there, particularly a lot of dissatisfaction with current vendors, and how open people are to wanting to switch into a technology like Humio. We've got a lot of customers that we're working with right now. And I see that, as I said before, really as a shining star, as a massive business opportunity and revenue driver for us in the future.

Jonathan Ruykhaver, Analyst at Baird

When you say that, is that including Falcon XDR? Is that more on the log management and observability use case?

George Kurtz, President and CEO

Well, it's a good question. Falcon XDR is going to give you essentially a threat detection outcome and some visibility into an attack scenario that starts beyond the endpoint. When you think about a Humio, you can log everything. You can store it pretty much forever. You can connect it to whatever you want to connect it to, and you can drive observability information from things that are outside just core security, things like connecting it to your HR system, to your performance management systems, to all the various workflows in your environment. That's not the use case of XDR. Security use cases XDR and Humio goes way beyond that.

Operator, Operator

Thank you. Our next question comes from Patrick Colville of Deutsche Bank. Your line is open.

Patrick Colville, Analyst at Deutsche Bank

Can you just talk about partnerships? I mean, you hopefully shared a statistic in the kind of opening remarks around, if I'm not mistaken, 30% sequential growth in partner-sourced deals. I guess, is that right? I'm just hoping to understand that the kind of partnership dynamic. And I guess the reason I ask because I know that some of the investors have a concern that other next-gen EDR vendors are more partner-friendly. So kind of any color you can give around CrowdStrike and partnerships and kind of try to quantify the trend you're seeing there would be very helpful.

George Kurtz, President and CEO

Let me clarify that we experienced a 30% quarter-over-quarter growth in MSSP and triple-digit growth year-over-year. We are very partner-friendly, and it's worth checking in with some of the larger partners to understand where we are generating our business. Our partner opportunities have increased, and our partners are earning significant revenue alongside us. We aim to prioritize partnerships, and we've been consistent in that approach. As you mentioned, there is a lot of uncertainty in the current environment.

Operator, Operator

Thank you. Our next question comes from Josh Tilton of Wolfe Research. Your line is open.

Strecker Backe, Analyst at Wolfe Research

This is Strecker speaking on behalf of Josh. I have a question for Burt. You mentioned that the net new ARR seasonality will be less pronounced, which makes sense. However, as we start to model for next year and consider the net new ARR seasonality, I'm not asking for specific guidance, but is there a year we should use as a reference? This year, we saw a sequential increase from Q4 to Q1. We do not expect that to happen again. Any insights or benchmarks you can share for next year would be very helpful.

Burt Podbere, Chief Financial Officer

Certainly. Q4 is off to a fantastic start with a record pipeline and significant momentum. We have already secured a major deal with a sizable financial institution, which is encouraging. We're building on a strong Q3, where we achieved $170 million in net new ARR, and I am very proud of that accomplishment. As we look at comparisons, it's important to clarify that our revenue guidance is based on what we can confidently project, rather than on potential high-performance scenarios. The figures are growing, which is beneficial for us, but as we consider the impact of larger numbers, we remain cautious and avoid overestimating our projections.

Operator, Operator

Thank you. Our next question comes from Mike Walkley of Canaccord Genuity. Your line is open.

Daniel, Analyst at Canaccord Genuity

This is Daniel on for Mike. So the prepared remarks, you noted that your identity modules generated more net new ARR than Preempt did previously while they were stand-alone. Are there any notable customer segments you're seeing the strength in? Or was the demand pretty broad-based across the board?

George Kurtz, President and CEO

Demand is broad-based across the board, and it really hit an inflection point. We've seen massive growth in it, as we said, more than all Preempt that they had as a stand-alone company. And the thing is we took the time and effort to do the integration right. Customers see the value of a single integrated agent. They understand that identity is critical to security. And we're the Company that's putting together runtime protection visibility with identity. And now with data protection, it's that triumvirate, that three-legged stool, and customers love it. So we've seen some massive wins in retail, in financial services, in manufacturing. It is a massive problem across the board for any company. And as we pointed out, over 60% of the breaches don't even use malware. They're using things like identity, which when you look at the Sunburst attack from last year, obviously, that was a key contributor. So people are looking to shore that up. And it's actually a key element to stopping ransomware, above and beyond any malware prevention that's out there. So customers understand the value of it, and they understand that we have another stone, and it's been a big driver for us.

Operator, Operator

Thank you. Our next question comes from Shaul Eyal of Cowen Company. Your line is open.

Shaul Eyal, Analyst at Cowen Company

Congrats on the quarterly results and guidance. George, I know there was a prior question about partnerships. My question is actually about the alliances that CrowdStrike has been leading and joining over the course of the past, I think 12 to 18 months, give or take. Is that beginning to have some impact on revenue and on net new customer additions, specifically in light of the fact that you have been adding 1,600 customers two quarters in your row now?

Burt Podbere, Chief Financial Officer

It's Burt. Can you just repeat the main bulk of your question because it got garbled a little bit? Your line is open.

George Kurtz, President and CEO

Certainly. There has been significant progress. When considering some of the companies we've previously mentioned, the list is extensive. While I can't name everyone, Zscaler stands out as a prime example. The partnership has been effective, with both sides collaborating on the network front and sharing data through our integrations. From an XDR standpoint, it all aligns well. We're incorporating them into our projects, and they're involving us in theirs. This cooperation is creating value for customers and helping us gain considerable traction. This is just one instance, and we are replicating this success throughout our technology alliance partnerships.

Operator, Operator

Thank you. And our last question comes from Gray Powell with BTIG. Your line is open.

Gray Powell, Analyst at BTIG

Great. So yes, I know you've talked about how you're more of a platform company than just an endpoint provider, but I'm going to ask an endpoint question, if that's okay. So just high level, the last two years in the endpoint space, it's just been really strong. I'd call it almost like a near perfect storm. How do you feel about the demand environment for the market as a whole, looking into next year just on a relative basis? Like do you think 2022 would be the same, better or worse than 2021 for the market?

George Kurtz, President and CEO

I believe the market is exceptionally strong. When you consider the market as a whole, there is significant cloud adoption and expansion, presenting a huge opportunity, which we've demonstrated with our servers. The legacy players like Symantec, McAfee, and Microsoft provide us with considerable potential for growth, which will take time to realize. This will be a major driver for next year. Additionally, while it's a smaller base, we view next-gen players as opportunities as customers express dissatisfaction with some existing providers. It's important to distinguish between pure endpoint and cloud solutions, as both offer substantial opportunities. Our overall customer count is impressive, yet remains small relative to the total market, and there are still many legacy technologies that are prime for replacement.

Operator, Operator

Thank you. I'm showing no further questions at this time. I'd like to turn the call back over to George Kurtz for any closing remarks.

George Kurtz, President and CEO

I want to thank all of you for your time today, and we certainly appreciate your interest and look forward to seeing you virtually at our upcoming investor events. Thanks again. Be safe, and we'll see you soon.

Operator, Operator

Ladies and gentlemen, this does conclude today's conference. Thank you all for participating. You may now disconnect. Have a great day.