Skip to main content

Earnings Call

CrowdStrike Holdings, Inc. (CRWD)

Earnings Call 2024-07-31 For: 2024-07-31
Added on April 24, 2026

Earnings Call Transcript - CRWD Q2 2025

Operator, Operator

Hello, and welcome to CrowdStrike's Fiscal Second Quarter 2025 Financial Results Conference Call. At this time, all participants are in a listen-only mode. After the speakers' presentation, we will conduct a question-and-answer session. Please be advised that today's conference is being recorded. I would now like to hand the call over to Maria Riley, Vice President of Investor Relations. Maria, please go ahead.

Maria Riley, Vice President of Investor Relations

Good afternoon, and thank you for your participation today. With me on the call are George Kurtz, President and Chief Executive Officer and Co-Founder of CrowdStrike; and Burt Podbere, Chief Financial Officer. Before we get started, I would like to note that certain statements made during this conference call that are not historical facts, including those regarding our future plans, objectives, growth, including projections, and expected performance, including our outlook for the third quarter and fiscal year 2025, and any assumptions for fiscal periods beyond that are forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. These forward-looking statements represent our outlook only as of the date of this call. While we believe any forward-looking statements we make are reasonable, actual results could differ materially because the statements are based on current expectations and are subject to risks and uncertainties. We do not undertake and expressly disclaim any obligation to update or alter our forward-looking statements, whether as a result of new information, future events, or otherwise. Further information on these and other factors that could affect the company's financial results is included in the filings we make with the SEC from time to time, including the section titled Risk Factors in the company's Quarterly and Annual Reports. Additionally, unless otherwise stated, excluding revenue, all financial measures disclosed on this call will be non-GAAP. A discussion of why we use non-GAAP financial measures and a reconciliation schedule showing GAAP versus non-GAAP results is currently available in our earnings press release, which may be found on our Investor Relations website at ir.crowdstrike.com or on our Form 8-K filed with the SEC today. With that, I will now turn the call over to George.

George Kurtz, President and CEO

I would like to start today's remarks with my apology to everyone impacted by our Channel File 291 Incident, which transpired on July 19. I also want to take this moment to show my gratitude to everyone who worked with us through the incident. Thank you to our customers and partners for your continued trust. Thank you to our team of relentless CrowdStrikers for living our mission. Thank you to the broader cybersecurity and IT community for standing with us as we face the most challenging event in our company history. The magnitude of the July 19 incident will never be lost on me and my commitment is to make sure this never happens again. The days following the incident were among the most challenging in my career because I deeply felt what our customers experienced. Our response to the July 19 incident was immediate, deliberate, and focused. We activated CrowdStrike's crisis response plan to lead through the incident. We clearly communicated status with customers, partners in the market at large on our website, social media, email, phone, and broadcast. Our technical teams devised new automated recovery techniques for accelerated response. Our efforts were 100% focused on bringing impacted devices back online with the highest level of speed and transparency. This included the mobilization of CrowdStrikers in our partner community to communicate proactively and transparently with customers, as well as the market at large, and then recover impact at hosts. For many, recovery was within hours. We've already implemented the following actions to build a more resilient Falcon platform. First, enhanced content visibility and control. While sensor version control was always a cornerstone of the Falcon operational experience, we've already released new content control configurations. This allows customers to choose when and where new Falcon content is deployed with new granular controls. Second, content QA enhancements. We already shipped an enhanced content validator and content interpreter, two of the components which did not properly function. These components have been refactored to prevent shipping erroneous content and were both made GA earlier in August. And third, external review and validation. We've engaged two independent third-party software security vendors to review the Falcon sensor code and quality control process. This ongoing work focuses on enhancing security and resiliency over the short, medium, and long-term. These three major actions are in addition to an enhanced content release process. Our content release process now mirrors the sensor release regimen. It consists of sample testing, internal lab, and canary systems testing, early access soaking, and lastly a staggered concentric ring deployment in adherence with customer policy settings. The July 19 incident starts a new chapter for CrowdStrike, one focused on ensuring that cybersecurity's best AI platform for SOC operations, protection, visibility, response, and automation is also cybersecurity's most resilient platform. With built-in redundancy modes, new content controls and enhanced safeguards, we've immediately addressed learnings from the incident and will continue to apply and evolve these lessons into our future. Moving to our Q2 results. Our execution following the July 19 incident highlights the resiliency of CrowdStrike's business. Our focus on transparency and accountability continues to inspire trust. Our track record and third-party validation of delivering the industry's best AI-powered protection continues to resonate at scale. As the July 19 incident was in the final two weeks of the quarter when a meaningful portion of our sales typically close, it delayed deals into subsequent quarters. The vast majority of these deals remain in our pipeline. Despite this impact, I'm encouraged by the results we delivered. The enduring trust that prospects, customers, and the market have in CrowdStrike is demonstrated by our Q2 performance. Ending ARR of $3.86 billion, growing 32% year-over-year. Q2 net new ARR of $218 million, up 11% year-over-year within our pre-incident stated assumptions. Q2 revenue of $964 million also ahead of our guidance. Record non-GAAP operating income of $227 million, growing 46% year-over-year. GAAP profitability for the sixth consecutive quarter, and free cash flow of $272 million at 28% of revenue with a free cash flow Rule of 60. These financial results illustrate the resilience of our business and our team. Customers, prospects, and partners recognize CrowdStrike's technological leadership and role in serving the market need for ongoing platform consolidation. This is why they continue to choose CrowdStrike. In the hundreds of customer interactions I've had since the July 19 incident, organizations of all sizes thematically shared three messages with me. First, necessity to understand the incident, our response, and our actions to ensure it doesn't happen again. Second, acknowledgment of our trust record, gratitude for CrowdStrike safeguarding their organization over the years, and third, steadfast support for CrowdStrike continuing to be cybersecurity's innovation leader and their consolidation partner of choice. The breadth and depth of the Falcon platform spans 28 modules that revolutionize cybersecurity, stopping breaches for tomorrow's AI-powered SOC, covering cloud security, identity protection, device security, data protection, IT automation, and next-generation SIEM, our portfolio is diversified. CrowdStrike is much more than EDR and we appeal to a variety of personas across cybersecurity, IT, digital, risk, and compliance teams. Over the past year, our LogScale next-gen SIEM, identity protection, and cloud security businesses each expanded the power and reach of the Falcon platform, each representing resilient growth vectors outside of what was once considered our market back when I started the company. In Q2, our LogScale next-gen SIEM, Identity protection, and cloud security hyper growth businesses together surpassed $1 billion in ending ARR and grew more than 85% year-over-year. These results reaffirm our continued and increasing investment in innovation, assuring in the next chapter of the Falcon platform. Let me provide a few examples showcasing how these products are disrupting their respective markets. Importantly, each of these customer wins was closed after the July 19 incident began. I'll start with Falcon Cloud Security, the industry's only integrated CSPM, ASPM, DSPM, CIEM, CWP agent, and agentless solution. CrowdStrike's Cloud Security business is now more than $515 million in ARR and grew faster than 80% year-over-year. Two noteworthy post-July 19 wins, an eight-figure deal in a major enterprise software firm where Falcon Cloud Security was already running on a part of the environment, replacing another next-gen Cloud Security vendor allowed this customer the opportunity to standardize on Falcon Cloud Security for ease of management across broad distributions and superior cloud security protection. Next, a nine-figure Falcon Cloud Security purchase across a million hosts in a large enterprise for their production environment. Falcon Cloud Security's leading protection, visibility, and operational scoring in their evaluation placed CrowdStrike ahead of other cloud security products. Falcon Identity Protection continues to set the industry standard in the identity threat detection and response space. As of Q2, identity ending ARR surpassed $350 million, growing over 70% year-over-year. We pioneered this category and it's a key differentiator in our XDR value proposition. Now let's move to the LogScale next-gen SIEM business, which is greater than $220 million in ARR and grew more than 140% year-over-year. The SIEM market continues to be in a state of renaissance where organizations of all sizes are drafting their next chapter of security and IT data management. Our LogScale next-gen SIEM momentum showcases CrowdStrike's ability to displace legacy SIEMs at scale and capitalize on market demand for AI-powered SOC operations. Two exciting post-July 19 wins include an eight-figure win in which LogScale next-gen SIEM replaced two legacy SIEMs. This customer was already a large CrowdStrike customer and the ability to store, visualize, and action large amounts of first-party CrowdStrike data natively in the platform significantly lowered cost by more than 60% while increasing functionality. Ingesting third-party data into the Falcon platform is not only more cost-effective, but also differentiated in our incident workbench, which brings novel visibility and AI-powered response to the hands of every SOC analyst. What once took two legacy SIEMs is now natively in Falcon. And finally, a leading generative AI company that started using LogScale next-gen SIEM over a year ago standardized on the technology in a seven-figure win. Winning the totality of their SIEM business as well as observability use cases was a function of LogScale next-gen SIEM search speed, the native nature of Falcon data coupled with third-party data, and response actions and improved TCO relative to their legacy SIEM. I'm reassured by customers' and prospects' feedback, wanting to do more with CrowdStrike post-incident as evidenced by multiple seven and eight-figure platform expansions, with most opting for multi-year deals. Eliminating complexity is a key component of achieving resilience and we see the Falcon platform continuing to help solve a wide range of customer problems, simplifying cybersecurity, and most importantly, stopping breaches. Our partner-first go-to-market continues to deliver at scale, connecting our technology platform with new and existing customers. CrowdStrike's preeminent partner position as a top security vendor by business size and number of transactions serves as a competitive moat. In Q2, 66% of our new logo business was sourced by our partners, showcasing our best-in-class partner go-to-market. In Q2, our Systems Integrator business grew over 100% year-over-year, highlighting Falcon as an industry driver in delivering multi-disciplinary cybersecurity transformation. Our partners were instrumental in helping customers recover with noteworthy engagement from Accenture, KPMG, and EY among a dozen others. Our strategic alignment and deep partnership extend our reach. In this vein, global system integrators are increasingly becoming a central part of our partner strategy as the Falcon Flex subscription model highly resonates with the transformative nature of GSI engagements. We unite and align our entire partner ecosystem with our use of cloud marketplaces in CrowdStrike's go-to-market. We've demonstrated the success and results of this strategy with AWS, helping customers not only secure their AWS cloud services but also procure CrowdStrike for the full range of their cybersecurity needs. Now two quarters into our expanded relationship with Google, CrowdStrike is the fastest-growing cybersecurity vendor on the Google Cloud marketplace this year. Customers of all sizes are increasingly looking to utilize their committed hyperscaler spend, adding an additional layer of resilience to our go-to-market. Aligning our entire ecosystem from reseller to systems integrator, MSSPs to distributors makes CrowdStrike cybersecurity's partner of choice. With CrowdStrike, the entire ecosystem wins together. Our resilient business platform and go-to-market position CrowdStrike to execute on our unchanged vision and mission, whether on July 18 or today on August 28, our TAM and market opportunity remain unchanged. This is because, first, the need for cybersecurity simplification. Organizations of all sizes remain eager to simplify, consolidate, and rationalize their cybersecurity product lineups. Streamlining operational processes goes hand-in-hand with SOC transformation with the goal of faster, more effective cybersecurity delivered at a lower cost. Decreasing TCO and increasing efficiencies through AI and automation are clearly voiced organizational priorities and will be for years to come. Second, adversary proliferation and threat landscape acceleration. Released in our annual threat report several weeks ago, CrowdStrike's analyst and industry-lauded threat intelligence is in a class of its own, now tracking over 245 adversary groups. In the past year, our threat intelligence teams uncovered threat actors applying to and actively working for more than 100 unique companies. The realities of the threat landscape necessitate effective cyber protection and that is only intensifying. In the face of universally accepted market needs in adversary realities, the resounding feedback I hear from customers is that CrowdStrike is their number one and most effective cybersecurity control. This is not only because of product performance and efficacy, but also because of the organizational process and orchestration built on and around Falcon. With greater than seven modules on average deployed in organizations spending $100,000 or more per year, the Falcon platform is firmly rooted with replacement requiring a multi-vendor costly and time-consuming process, abandoning the protection and TCO benefits of a single-platform consolidation. Our best-in-class module adoption, supercharged by Charlotte AI, our generative AI SOC analyst, makes the Falcon platform sticky for all users as well as the data foundation of the SOC. This is why we continue aggressively investing in innovation to advance our track record of revolutionizing cybersecurity. This is why customers are looking to not only stay with us but also expand their Falcon platform adoption. This is why our upcoming annual customer and industry conference, Falcon, is what I refer to as our largest selling event of the year. It is already overflowed with more than 5,000 security and IT executives and more than 95 sponsoring partners. Our unchanged vision and mission propels us to become an even better, even more resilient, and even more customer-obsessed CrowdStrike. In working with customers post-incident, we quickly mobilized around customer loyalty. We took inspiration from our Falcon Flex subscription program, a licensing model that's been rapidly gaining traction across all of our customer segments. In the year since we built the Falcon Flex program, the customers who have subscribed to this new licensing model represent over $700 million in total deal value. Flex supercharges platform adoption, making it easier and faster for organizations to displace other technologies through flexibility, turning on and moving between modules without procurement and legal friction. Customers love the flexibility as it makes it easy to use more Falcon. In Falcon Flex, we also found a simple and effective mechanism to drive retention by offering compelling customer commitment packages. Our customer commitment package takes traditional module-by-module licensing into our Falcon Flex model, where customers can use any and all modules they wish at compelling economic values. Depending on need, the customer commitment package encompasses discounting, module ads, professional services, flexible payment terms, as well as adding duration to a customer subscription. Our best-in-class module adoption is differentiating and a leading indicator of CrowdStrike customers' behavior. And post-incident, our customer commitment package will drive even more Falcon utilization and platform value realization in both the short and long-term. Customers see this as an immediate win to realize maximum and differentiated value from the Falcon platform. It is also a long-term win for CrowdStrike, cementing us as the organization of cybersecurity platform of record. Customer feedback has been extremely positive because we're proactive in our approach and customers benefit because they get what they want: more Falcon. The blueprint for our customer commitment packages was Falcon Flex deals like this Fortune 500 insurance firm that I referenced before in the next-gen SIEM discussion. This customer has been with us for five years building over time from endpoint to identity. They had aspirations of consolidation and saw CrowdStrike as a platform where they could achieve their protection, automation, and economic objectives. In the midst of this deal discussion, the incident happened. We worked with them on a rapid recovery. Our trust record and value from the platform over time stood out. Through Falcon Flex, this customer accelerated consolidation. They contracted for every Falcon module displacing seven technologies. And through the AWS marketplace, their spend with CrowdStrike will grow from $2.2 million in ARR to more than $5 million in ARR over the subscription. Falcon Flex grew platform adoption through the subscription term and increased ARR over the multi-year period. Our customer commitment package will grow Falcon adoption, increasing platform stickiness, ROI, and protection levels. Customer commitment packages are a proactive and concerted investment we're making to build long-term loyalty and seed long-term platform adoption. In closing, the past few weeks have been some of the most formative for CrowdStrike. Beyond apologies, I want our actions to speak even louder than our words. We work to recover customers quickly, no matter the location or need; we focused on helping customers. Challenging and unprecedented moments like these are the true tests of companies, teams, and individuals. Our response has shown me that the golden rule I have led CrowdStrike with since day one, put the customer first always, isn't just alive and well, it's thriving. Cybersecurity's mission-critical role in today's digital society is undeniable. CrowdStrike's contribution to cybersecurity, bringing cybersecurity to the cloud, bringing AI to cybersecurity has profoundly redefined the industry, and we will continue to do so. We continue to invest in growth and innovation as well as safeguards to build cybersecurity's most resilient AI-powered platform. The mission of We Stop Breaches rings just as true today as it did prior to July 19. The most important part of CrowdStrike is the crowd, the people. Working at CrowdStrike isn't a job, it's a mission. The fight, the creativity, and the will to make the world a safer place by stopping breaches is here. Our mission is alive and well, and I know that CrowdStrike's very best days are ahead of us. Thank you for your unwavering trust. And now, I'll turn the call over to our CFO, Burt Podbere.

Burt Podbere, CFO

Thank you, George, and good afternoon, everyone. As a quick reminder, unless otherwise noted, all numbers except revenue mentioned during my remarks today are non-GAAP. In today's discussion, I will briefly summarize our second quarter financial results and provide our assumptions and investment priorities for the second half of the fiscal year. The strength of our second quarter results, we believe demonstrates our resilience, focused execution, commitment to financial discipline, and the long-term durability of our business. Despite the challenges of the last couple of weeks of the quarter, we delivered better-than-expected revenue, operating profit, and net income. In Q2, ending ARR grew 32% year-over-year to $3.86 billion, of which $218 million was net new added in the quarter, up 11% over Q2 of last year, and within our previously stated assumptions for the quarter. In Q2, we achieved our second largest quarter of all time for net new customer additions, expansion business, and net new ARR contribution from cloud, identity, and LogScale combined. Prior to July 19, we were on pace to deliver net new ARR growth well ahead of these results. The July 19 incident had a significant impact on the last two weeks of the quarter, as we rapidly mobilized teams to assist customers, but we continued to close deals, including a nine-figure deal value expansion. While deals can push in any given quarter, this quarter we experienced elevated levels, with more than $60 million in deals that we had line of sight for the quarter and remain open as of Monday. We expect these deals to close in future quarters. Our retention metrics and module adoption metrics remained strong in Q2, highlighting our deep partnership with customers and the significant value the Falcon platform delivers. Our dollar-based gross and net retention rates were consistent with our expectations for the quarter. Subscription customers with five, six, and seven or more modules represented 65%, 45%, and 29% of subscription customers respectively. Notably, deals with eight or more modules grew by 66% over the prior year, and 48% of all customers with $100,000 or more in ending ARR adopted at least eight modules, an increase of more than 10 percentage points over the prior year. Moving to the P&L. Total revenue grew 32% over Q2 of last year to reach $963.9 million, ahead of our expectations for the quarter. Subscription revenue grew 33% over Q2 of last year to reach $918.3 million. Professional services revenue was $45.6 million, representing 10% year-over-year growth. The sequential decrease in professional services revenue was primarily attributed to deploying complementary remediation services to help customers impacted by the July 19 incident. Record total gross margin of 78% increased by approximately 80 basis points year-over-year. Record subscription gross margin of 81% increased approximately 90 basis points over the prior year. Total non-GAAP operating expenses in the second quarter were $529.1 million or 55% of revenue, compared to 56% of revenue in the prior year. Consistent with our plan, we increased the pace of hiring, primarily in the areas of sales and marketing and R&D, growing total headcount by 22% year-over-year. In the second quarter, non-GAAP operating income grew 46% year-over-year to reach $226.8 million, and operating margin increased by more than 2 percentage points year-over-year to reach 24%. We delivered GAAP net income attributable to CrowdStrike of $47.0 million, growing more than 5x over Q2 of last year. Non-GAAP net income attributable to CrowdStrike grew 45% to reach $260.8 million or $1.04 on a diluted per share basis. Cash and cash equivalents grew to $4.04 billion. Free cash flow grew 44% over Q2 of last year to reach $272.2 million or 28% of revenue, in line with our expectations. And we delivered a Rule of 60 on a free cash flow basis. In regards to the impact of potential legal exposure related to the July 19 incident, I would like to note the following. The outcome of litigation is inherently difficult to predict, particularly in the early stages, and it is still too early for us to estimate any potential legal exposure we may have at this time. Our customer agreements contain provisions limiting our liability, and we maintain insurance policies intended to mitigate the potential impact of certain claims and have a strong cash position. We continue to work hand-in-hand with our customers to ensure their success and are well-positioned to continue investing in the business for long-term growth. Turning to our outlook, taking care of our customers has always been and will continue to be our number one priority. We believe this focus and commitment will benefit us and them over the long-term. Customer retention remains remarkably strong and we do not expect this to meaningfully change in the foreseeable future. Gross retention was 98% at the end of Q2 and dollar-based churn in the last five weeks as of Friday was modestly lower than the same period last year. However, visibility into the back half of the year is less than typical. We expect the following factors to impact our near-term results. First, we delayed the vast majority of outbound pipeline generation activities for a few weeks following the July 19 incident. Outbound prospecting has since fully resumed and is rising to pre-incident levels of responses. Second, we expect to see extended sales cycles for both new and existing customers, with additional scrutiny requiring higher levels of approval at the CEO and in some cases, Board of Directors level. Third, as George mentioned, through our customer commitment packages, we are encouraging customers to commit to more of the Falcon platform for longer periods of time. We are focused on making sure these commitments to the Falcon platform are one of the best decisions that IT and security teams make. As reflected in our revenue guidance, in the short term, we expect our commitment packages will result in temporarily muted upsell dollar values and temporarily higher than typical levels of contraction due to elongated subscription terms. We estimate these packages will impact net new ARR and subscription revenue by approximately $60 million and professional service revenue by high-single digit million dollars in the back half of FY '25. In the long term, we expect our customer commitment packages will ultimately lead to higher platform and module adoption and deeper partnerships with customers. And fourth, specific to free cash flow, we expect to have increased flexible payment terms for our customers and we will incur additional G&A costs associated with the July 19 incident. At this point in time, we are not providing a free cash flow margin expectation for the full year. We will maintain our long-standing focus on financial discipline and the bottom line with our attention squarely on the highest and best use of every dollar. As reflected in our guidance for the remainder of the year, while we will shift some planned investment from sales and marketing to further R&D, quality assurance, and customer support, we are continuing to invest in our FY 2025 plan for the remainder of the year at this point in time. This will enable us to remain focused on our customers, protect the world against cyber threats, and stay on track with our long-term investment and growth priorities. We expect these headwinds to remain in varying degrees for about a year with acceleration starting in the back half of next year. From a longer-term perspective, we expect to see operating margin improvement on an annual basis in FY '26. Additionally, we remain committed to reaching $10 billion in ending ARR by the end of fiscal year 2031 and achieving our target non-GAAP operating model on an annual basis by fiscal year 2029. I will provide a detailed update of our long-term model and FY '26 outlook after the conclusion of fiscal year 2025. Moving to our guidance. For the third quarter of FY '25, we expect total revenue to be in the range of $979.2 million to $984.7 million, reflecting a year-over-year growth rate of 25%. This includes an estimated $30 million impact from the customer commitment package we discussed earlier. We expect non-GAAP income from operations to be in the range of $166.7 million to $170.8 million, and non-GAAP net income attributable to CrowdStrike to be in the range of $201.2 million to $205.2 million. We expect diluted non-GAAP net income per share attributable to CrowdStrike to be approximately $0.80 to $0.81, utilizing a weighted average share count of approximately 252 million shares on a diluted basis. For the full fiscal year 2025, we currently expect total revenue to be in the range of $3,890.0 million to $3,902.2 million, reflecting a growth rate of 27% to 28% over the prior fiscal year. This includes an estimated $60 million impact from the customer commitment package we discussed earlier. Non-GAAP income from operations is expected to be between $774.7 million and $783.9 million. We expect fiscal 2025 non-GAAP net income attributable to CrowdStrike to be between $908.8 million and $918.0 million. Utilizing approximately 252 million weighted average shares on a diluted basis, we expect non-GAAP net income per share attributable to CrowdStrike to be in the range of $3.61 to $3.65. As George mentioned, Falcon 2024 is going to be our biggest customer event yet. The investor briefing will be held on September 18 and will feature conversations with customers and partners. To join Falcon in person, please contact our IR team for the registration information. The briefing will also be webcast live on our IR website. We look forward to seeing many of you there. George and I will now take your questions.

Operator, Operator

Thank you. Our first question comes from Hamza Fodderwala at Morgan Stanley. Please unmute your line and ask your question.

Hamza Fodderwala, Analyst

Great. Thank you for taking my question, and congrats on the strong results. I wanted to commend you, George, and the entire CrowdStrike team for your response and transparency since the outage event. So there's been a lot of talk, George, around whether Microsoft or customers perhaps may want to limit kernel access for future updates. I'm curious, in response to this outage, whether or not CrowdStrike will have to rearchitect their approach to the Falcon agent. And if so, would that be a meaningful undertaking that might push you away from the future innovation roadmap? Thank you.

George Kurtz, President and CEO

Thank you, Hamza. Let me provide some clarification. Despite the misleading narratives from our competitors, I want to emphasize that this was not a kernel update; it was a code update, and specifically, it was a configuration update, which we have already discussed. Regarding our architecture, I need to clarify that we have best-in-class systems that lead the industry for strong reasons. We demonstrate greater effectiveness, manageability, and scalability compared to our competitors. For instance, the latest MITRE results show that Falcon achieved 98% coverage, while our nearest competitor had only 79%. The mean time to detection for Falcon was 4 minutes, while our competitor took 47 minutes. Additionally, our agent is lightweight, requiring only 100 megabytes of storage, whereas our competitor's heavier agent needs 3 gigabytes in a Windows environment. Our position as the market leader is a result of our superior architecture. We have made updates to our configurations and are confident in moving forward, as are our customers. We will continue collaborating with Microsoft within the ecosystem as they seek to enhance kernel access. It’s important to note that there are thousands of software kernel drivers available that extend beyond security, including VPN, virtualization software, IT management software, backup software, and others. We are an integral part of the ecosystem and remain committed to working with Microsoft to foster its growth.

Operator, Operator

Our next question comes from Brian Essex with JP Morgan. Please unmute your line and ask your question.

Brian Essex, Analyst

Great. Good afternoon, and thank you for taking the question. Congratulations from me on one, a fantastic response to the incident; and then two, execution on the back of that is impressive. I guess, George, for me, obviously, you've got peers out there talking about benefiting their pipeline, we still have to see that in their numbers, but from your perspective, we'd love to get some insight into what you're seeing from the pipeline. Obviously, you've called out the $60 million in deals that kind of pushed into 3Q, but from a competitive perspective, what are you seeing in terms of the number of peers that are invited into the process, maybe a little color around the conversations that you're having at the C level that are leading to some of those extended sales cycles, that would be really helpful to get that insight?

George Kurtz, President and CEO

Sure. Obviously, there's a lot of noise in the marketplace and we can only control what we can control, and I think the best way for me to articulate that is to just recount some of the conversations. I had two customer calls this morning and most of them start out the same. They talk about our response, how transparent we were, and how we dealt with the problem. We talked about some of the mitigating steps that we've taken and it generally ends with we want to do more with CrowdStrike. I had one this morning, which was a customer that had an impact, we talked through it. They were satisfied with the controls we put in place, and in fact, on the call, they basically said we won the next-gen SIEM project they had, which we won against another next-gen SIEM competitor. So this is what we're seeing. And again, I'm recounting my calls and many, many of them sort of starting in the same way. So that gives me encouragement again that we've built a lot of trust with our customers over time and we put a lot of trust in the bank. Yes, we had an issue on July 19. We've been very clear about that and very transparent, but consistently, the calls have been, you have saved us way more times than this incident and we are all in on CrowdStrike and we're all in, for all the reasons we've talked about in the past, the consolidation play, the ability to save time, money, get better outcomes, and take four, five, six, and seven products and move them to the Falcon platform. That hasn't changed before the 19th of July and hasn't changed after the 19th of July and this is what customers are coming back to us with.

Operator, Operator

The next question comes from Saket Kalia with Barclays. Please unmute your line and ask your question.

Saket Kalia, Analyst

Okay. Great. Can you hear me? Hey, George. Can you hear me?

George Kurtz, President and CEO

Yes. We can hear you. Go ahead.

Saket Kalia, Analyst

Okay. Sorry about that. Awesome, sorry about that, guys. Thanks a ton for taking my question and offer my congrats as well just on the resilience here in the face of a very tough couple of weeks. George, maybe my question is for you. I'd love to just touch on Falcon Flex a little bit. This was something that you were investing in before the outage as well, but it sounds like it's something that can also be helpful for customers to maybe drive better security outcomes as well. Can you just maybe touch on that and how it's maybe helping that conversation post-outage?

George Kurtz, President and CEO

Sure. Well, when we think about Falcon Flex, this was born out of demand from our customers. If you look at our module attach rates, which we've gone through again many times in the past and they continue to go up as customers rely more and more on CrowdStrike, they came to us and said, hey, we want an easier and more flexible way to consume your Falcon platform. When you start with one module, when I started the company and you're at 28 days is a lot that you have to go through with a customer, and we wanted to meet customers where they wanted us to be, which is more CrowdStrike, make it easier through procurement cycles, and then ultimately allow them to consume it how and when they wanted to consume it. So we started down this journey a while back and it continues to gain a lot of traction with our customers. We've taken this and you heard this in my prepared remarks, and we are able now through our customer commitment package to be able to offer Falcon Flex. And again, some of the things that we went through, whether it's modules or time or what have you, we can allow our customers to be able to consume that as part of the customer commitment package. And we think overall, it's great for our customers because we're coming to the table and solving business problems. And also, it's great for CrowdStrike long-term because we're allowing them a very flexible model to continue to consume CrowdStrike, which they know and love.

Operator, Operator

Our next question comes from Tal Liani with Bank of America. Please unmute your line and ask your question.

Tal Liani, Analyst

Here we go. Now you can hear me. Last night one of your competitors mentioned that customers may now be hesitant to put all their resources into a single vendor and instead prefer to diversify their vendor relationships. In previous quarters, a significant portion of your growth has come from upselling to existing customers. The question is whether you have any evidence that this event has changed customers' willingness to buy from a single vendor, specifically you. Have you noticed any shift in customers' interest in purchasing additional modules? Additionally, I have a follow-up question regarding the full year EPS guidance, which suggests a substantial EPS for the fourth quarter. If you could clarify to ensure we have accurate figures, that would be appreciated. Thank you.

George Kurtz, President and CEO

Okay, Tal. Let me take the first part. So when we think about more modules, it gets back to what I just went through, customers want to do more with us. Obviously, we talk about what happened, and it's not going to happen again, but they want to buy more from us. And again, customers' comments back to me are they don't want to go backwards. They don't want a bunch of disparate products. They don't want a bunch of different consoles. And they specifically told me that the adversary lives in the gaps between products, in the SIEMs between products. So what they're looking for is the ability to cover more of their estate, right, to have a complete view. And when you look at next-gen SIEM, it allows us to take telemetry and logs in from other systems beyond the first-party data that CrowdStrike is generating. So I would say, the long and the short of that is customers don't want to go backwards and have a patchwork of products. They are still focused on the consolidation piece, and they're looking at us as one of the key consolidators in the market.

Burt Podbere, CFO

Yeah. So on your question with respect to EPS, as we thought about the impacts to non-GAAP operating income, we talked about some of the headwinds that we had, mostly driven from the revenue side of the house, and we tried to be consistent in the way that we approached the guide on both Q3 and full-year. So that's how we thought about it when we gave our guidance.

Operator, Operator

The next question comes from Joel Fishbein with Truist. Please unmute your line and ask your question.

Joel Fishbein, Analyst

Thanks for taking my question and also really great transparency, George and Burt. Thank you very much. My question is on guidance methodology. Burt, can you just go through a little bit of how you came up with the guide for the back half of the year considering all the moving pieces? And I guess the question, how it changed relative to how you've done your guidance before, that would be really helpful. Thank you.

Burt Podbere, CFO

On the revenue front, the most significant influence comes from the customer commitment package that George discussed. This will be the primary factor driving our revenue. We outlined the revenue impact as $60 million in the second half of the year, broken down into $30 million in Q3 and $30 million in Q4. This was the main contributor to revenue growth. Consequently, this will also affect our non-GAAP operating income. As we considered this and its effects on revenue and EPS, we adopted a cautious approach. There have not been any major changes in our guidance; we base it on what we can see rather than what we cannot. Again, the key impact was from the customer commitment actions, which consistently affected both our top and bottom lines.

Operator, Operator

Our next question comes from Gabriela Borges with Goldman Sachs. Please unmute your line and ask your question.

Gabriela Borges, Analyst

Hi. Good afternoon. Thank you. I would love to get a little bit more detail, George and Burt, on the customer commitment packages. And you mentioned a couple of dynamics there alongside duration and concessions, maybe just a little more on how you came up with that $30 million number in 3Q and 4Q, and what are some of the guardrails and how you think about the appropriate amount of duration or discounting or concessions that you want to give a customer to keep them happy and satisfied with the CrowdStrike platform? Thank you.

Burt Podbere, CFO

Thanks, Gabriela. Regarding how we arrived at the $60 million for the second half, we focused on net new ARR considering three main factors. First, we noted a delay in pipeline generation, which has an impact. Second, longer sales cycles due to increased scrutiny, a trend applicable to most in the software and tech sectors, also played a role. Third, we acknowledged a reduced upsell value. We evaluated all these factors in relation to the customer commitment packages. As for the packages themselves, they include various components such as discounts and duration, which affects net new ARR. Additionally, product considerations will influence COGS, impacting the bottom line. By taking all these elements into account, we formulated our guidance, leading to the $60 million estimate.

Operator, Operator

Our next question comes from Rob Owens with Piper Sandler. Please unmute your line and ask your question.

Rob Owens, Analyst

Thank you for answering my question, Burt. Regarding the $60 million expected for the remainder of this year, you mentioned that some weakness might continue for about a year concerning net-new ARR. While I understand you’re not providing guidance for the next year, should we consider this more on a 12-month timeline? Additionally, as the sale of customer commitment packages begins to level out and normalizes in relation to net-new ARR growth and historical margins, how should we view that? Thank you.

Burt Podbere, CFO

Thanks, Rob. So I think that this type of incident has a half-life, right? So there'll be a diminishing impact over time, so Q3 will be harder than Q4. Q4 will be harder than Q1, and so on and so forth. I think the biggest piece for us is that when we get to the back half of next year, we'll start to see an acceleration in the business, and that's the big picture, and that's what I want everybody to walk away from.

Operator, Operator

Our next question comes from Matt Hedberg with RBC. Please unmute your line and ask your question.

Matthew Hedberg, Analyst

Thanks for taking my questions. Actually, maybe a little bit of follow-up to Rob's question. I think, Burt, you kind of addressed it, but do you think part of that acceleration is some of these commitments then expanding usage? In other words, what's a bit of a headwind now is part of that broader commitment that just kind of compounds on itself? In other words, is that part of that tailwind that we should think about next year? Is this renewal cycle of these commitments?

George Kurtz, President and CEO

Yeah. This is George. So when we think about the consumption of Falcon Flex, typically what we've seen is customers can do more of it faster than they originally anticipate because we're providing value. So when we think about, to Burt's comments next year, obviously, there will be more modules in use and I think we have the ability to go back to those customers and understand what other things we can do for them, including looking at additional flex opportunities based upon what they've been using over the last period of time. Anything to add to that?

Burt Podbere, CFO

I believe what George mentioned is about laying the groundwork for the future, and I think we'll start to see the effects of that in the latter half of next year.

Operator, Operator

Our next question comes from Fatima Boolani with Citi. Please unmute your line and ask your question.

Fatima Boolani, Analyst

Good afternoon. Thank you for taking my questions. I appreciate it. George, and even Burt, please chime in, so on this procurement vehicle, Falcon Flex, clearly, you've seen a tremendous amount of positive data points, you shared them in the script, $700 million deal value created with just one year in the market. I'm wondering if this is now going to be the predominant go-to-market approach for you all in terms of incentivizing broader portfolio adoption. And then related to that, Burt, as we think about extrapolating some of the financial implications in the out years beyond your framed guidance, how should we think about renewal cycles and renewal conversations coming up that you could potentially steer towards these contracts such that you do still get an elongated period of maybe net new ARR growth? Can you help me sort of straddle those two? Thank you.

George Kurtz, President and CEO

When we consider Falcon Flex, it was developed based on customer needs. We've experienced significant success with it as it allows customers to access our entire product portfolio. They can select the modules they want and utilize them as they need, especially when acquiring new companies. Adding new modules, endpoints, or cloud workloads is straightforward for them. This approach shortens procurement cycles. It benefits our customers and us, serving as a key strategy in our go-to-market efforts moving forward. We've implemented it, witnessed excellent results, and will continue to prioritize it with our customer base.

Burt Podbere, CFO

Yeah. So all those things are the things that we're looking for. And as I think about the future in terms of our renewal opportunities, the Flex does offer more ability for the customers to consume more, to take on more, and that just bodes well for our renewal cycles, right? We want them to do that. And so by seeding them now, that's only going to bode better for us in the future and better for the customers more importantly. I think they're going to benefit more and more as, look, we're going to come up with new products, right, and those are going to be available to them. And so that's how we think about the renewals and the new renewal possibilities as we look out into the future.

Operator, Operator

Our next question comes from Andrew Nowinski with Wells Fargo. Please unmute your line and ask your question.

Andrew Nowinski, Analyst

Okay. Good afternoon. Thank you for taking the question. And I'm sure every organization that was impacted appreciates the transparency and the contrite response you have today. So I wanted to ask about really on the renewal cycle as well. I was wondering if you could just give us any more color around the mix of renewals throughout the year. I would imagine Q4 is typically has the most renewals out of all four quarters, but maybe if you could just provide more color on the mix, maybe which quarter do you think there's more risk to a higher mix of renewals in case they don't potentially renew? Thank you.

George Kurtz, President and CEO

Thanks, Andy. So two things. So one, there is definitely seasonality, right, in our business and we've talked about it, you've highlighted Q4, that's typically our highest quarter of deals. And I think, second, what I talked about earlier, it's this idea of a half-life. The closer you are to the sun, the hotter it is, the more difficult it is in terms of the headwinds. And as you move farther and farther out, you see more relief, so the impact gets less. So if you combine those two things, that's how we would think about the renewal cycle.

Operator, Operator

Our next question comes from Roger Boyd with UBS. Please unmute your line and ask your question.

Roger Boyd, Analyst

Thank you for addressing the questions, and I want to express my congratulations on the response and resilience shown over the past month. George, it's encouraging to see that the hypergrowth modules group surpassed $100 billion collectively, or $1 billion together. It seems like you reiterated the $10 billion ARR target, but the timeline appears to have shifted toward the longer end of the five to seven-year range you previously mentioned. I would appreciate your perspective on the sustainability of growth in this area. I understand there is considerable uncertainty, but I am curious if you view this as just a temporary challenge on the way to achieving your long-term guidance.

George Kurtz, President and CEO

Yeah. I'll start and then I'll turn it over to Burt. When we think about the durability of CrowdStrike, I think we've demonstrated it this quarter. We've had a history of durable growth because we're solving real problems for customers. And when you look at some of the businesses that we talked about, Identity and Cloud and next-gen SIEM, $1 billion is incredible and you look at the growth rate. So we've got multiple vectors of growth for CrowdStrike. We've got a massive TAM opportunity that's only getting bigger. And we always at CrowdStrike have and will continue to take a long-term view of the market. So we're going to deal with this in the short term, and then obviously, I think this sets us up well for the future. Burt?

Burt Podbere, CFO

We are dedicated to achieving $10 billion in annual recurring revenue by the end of 2031. This target was part of the range we shared in previous periods, and we remain focused on it.

Operator, Operator

Our next question comes from Joseph Gallo with Jefferies. Please unmute your line and ask your question.

Joseph Gallo, Analyst

Hey, guys. Thanks for the question. Can you just update us on the federal momentum? You're entering their biggest quarter, and how should we think about that business? Does the IT outage slow momentum there given they're typically pretty conservative? Thanks.

George Kurtz, President and CEO

Sure. Well, Q3 obviously is the federal quarter. I think we've got good momentum. We've done, I think, well with the sister relationship that we have. And as many things in the federal space, it takes time and we continue to build momentum and win deals in those categories, and not only federal, but we think about state and local, incredibly strong across-the-board, and we're just talking about the U.S., right? We do this for the rest of the world. So we like our opportunity there. Those are always long-term opportunities, but we're certainly encouraged in terms of the success that we've had so far.

Operator, Operator

Our next question comes from Gregg Moskowitz with Mizuho. Please unmute your line and ask your question.

Gregg Moskowitz, Analyst

Okay. Thank you for taking the question and also well done in terms of transparency. I had a clarification just on the customer commitment packages and CrowdStrike's future expansion strategy. Is part of the plan effectively giving away modules to existing customers for upwards of the year? In other words, when you speak about an expectation of muted upsell dollar values and temporarily higher levels of contraction, is this part of the seeding strategy that you're referring to?

George Kurtz, President and CEO

I want to emphasize that we always aim to do what is best for our customers. They appreciate our technology and the solutions we provide for their business challenges. When we consider the potential for increasing platform adoption, that is definitely a key topic for us. Over time, we have established a trend of greater module adoption, which has been evident since our IPO. From this perspective, we believe the long-term opportunity looks promising for CrowdStrike, and having customers utilize more modules is a positive focus for us.

Operator, Operator

Thank you. This concludes today's question-and-answer session. I would now like to turn the call back over to George Kurtz for closing remarks.

George Kurtz, President and CEO

So thank you all for your time today. We appreciate your continued support and look forward to seeing you at our upcoming investor event at Falcon. Thank you.