Crowdstrike Holdings (CRWD) 3Q Fiscal 2023 Earnings Call

Thank you, Maria, and thank you all for joining us. Let me start with a summary of our results. In Q3, we delivered 53% revenue growth year over year, 15% non-GAAP operating margin, and record non-GAAP net income, all of which were ahead of our guidance. Additionally, we achieved record free cash flow of $174 million, or approximately 30% of revenue. There are many positive trends we see in our business, including strong competitive win rates, consistent ASPs, exceptional retention rates, and the mission-critical nature of cybersecurity. However, I would first like to address the increased macroeconomic headwinds we saw in the quarter, which caused Q3 net new ARR to come in below our expectations. As we discussed on our last earnings call, organizations were starting to respond to macroeconomic conditions by adding extra layers of required approvals and extending the time it took to close some deals. As Q3 progressed and fears of a recession grew, this dynamic became more pronounced. In our smaller, more transactional non-enterprise accounts, we saw customers increasingly delay purchasing decisions, with average days to close lengthening by approximately 11% and net new ARR contribution decreasing by $15 million from Q2. This also impacted our net new logo additions in the quarter, even though our quarter-over-quarter POV win rates increased meaningfully over more complex vendors that required more headcount to manage. While sales cycles lengthen, we believe the vast majority of these deals are not lost, just delayed. In the enterprise, sales cycles or average days to close remained consistent with last quarter's modestly higher level. In Q3, these larger customers continued to prioritize their CrowdStrike investments, but some also had to manage timing issues related to OpEx budgets and cash flow amidst the rapidly evolving macro. To achieve this, some customers signed contracts that have multi-phase subscription start dates, which pushes their expense and CrowdStrike's ARR recognition into future quarters. While every quarter we have some deals with multi-phase subscription start dates, in comparison to last quarter, in Q3 we saw approximately $10 million more ARR deferred into future quarters. We expect these macro headwinds to persist through Q4. Additionally, given the increased scrutiny on budgets, we're not going to expect a typical Q4 budget flush, leading us to adjust our Q4 net new ARR expectations as Burt will discuss in more detail. But this caution does not deter our confidence in the long-term market position of CrowdStrike or the resiliency of the cybersecurity market. We see strong inherent demand for our products, and we entered Q4 with a record pipeline. Pipeline expansion is even more important in times of an evolving macro and elongated sales cycles. We are working to stay out in front of pipeline creation. With Jennifer Johnson, our recently appointed CMO, now at the marketing helm, we are realigning our marketing initiatives and increasing our focus on ramping more top-of-funnel initiatives and brand awareness to drive pipeline to even greater heights. We also gained significant leverage from our partner ecosystem, with partner-sourced ARR growing 55% year over year. There were many positives in this quarter, highlighted by the record number of customers contributing at least one million dollars in net new ARR in the quarter. Additionally, ending ARR for the one million dollar plus cohort surpassed the one billion dollar milestone in Q3, with a 67% year-over-year growth rate. These larger customers are standardizing on Falcon, consolidating vendors, and prioritizing expansion projects that represent sizable cross-sell and upsell opportunities that are moving forward even under uncertain macro conditions. Marquee brands that are new to our million dollar plus cohort included a global 500 manufacturer that landed with 10 modules, providing unprecedented visibility and protection to all areas of their environment and allowing them to consolidate four agents and vendors with their initial deployment of Falcon; two global 500 financial institutions who chose Falcon for its ability to replace multiple legacy security products and bolster their security posture through a single agent; a global 500 consumer goods manufacturer that is now leveraging Falcon Complete for a fully managed approach to protecting its critical infrastructure; and a Fortune 500 luxury brand leveraging Falcon to protect both its traditional endpoints and cloud workloads. In the third quarter, we also delivered strong results in the public sector, driven by a Falcon Complete land with one of the largest U.S. federal agencies now standardizing on the Falcon platform, and a strong quarter for our SLED business with a U.S. state government standardizing on CrowdStrike in the quarter, as well as wins and expansions across multiple U.S. state and local government agencies and educational institutions. To date, 40 U.S. state governments are CrowdStrike customers, of which 21 and the District of Columbia have standardized on Falcon. Additionally, we secured a win with one of the largest federal assistance integrators that will be using Falcon to protect its internal estate as well as integrate it into its MSSP offering. Moving to our expansion and retention performance, our dollar-based net retention rate was well above Q3 of last year and consistent with our Q2 performance, which was at the highest level in seven quarters. Our best-in-class gross retention rates remained at record levels above 98%. We are also seeing more customers standardize on the Falcon platform and adopt more modules. Q3 subscription customers with five or more, six or more, and seven or more modules were 60%, 36%, and 21% respectively. This represents a 55%, 66%, and 81% year-over-year increase in these respective module adoption cohorts. It was another record quarter for our emerging product category, which includes our Discover, Spotlight, identity protection, and Log Scale modules. Our identity protection solutions are the largest contributor to ARR within the emerging category, and Q3 was another record quarter. Net new ARR for identity protection solutions reached a new all-time high, and the attach rate on net new logos continues to grow rapidly. With close to 80% of cyber attacks leveraging identity-based tactics to compromise legitimate credentials and use techniques like lateral movement to evade detection, identity protection is core to stopping breaches. Our identity protection capabilities are a game changer, ensuring up active directory as well as stopping ransomware lateral movement. To punctuate the value of our identity protection capabilities, I'd like to share a recent seven-figure expansion with a leading global brand. This customer has a very capable security team that spent years building a dedicated identity and access management team and implementing a privileged access management solution, or PAM. Even with these efforts, shortly after turning on Falcon's identity protection in the POV, we identified several misconfigurations, including dozens of domain administrator accounts that were not being managed by their PAM solution, a multitude of accounts without password expiration, thousands of users with compromised passwords, and a potential attack path from unprivileged accounts to privileged ones. With Falcon Identity, this customer is shutting down routes to illegitimate access and significantly hardening their defenses. Q3 also marked another record quarter for Log Scale as we secured wins across multiple verticals, including financial services, insurance, technology, retail, energy, and telecommunications. Notable wins included a statewide insurance provider in the U.S. and the previously mentioned new global 500 financial institution, where Falcon Log Scale is enabling both organizations to log more data, retain it longer, and reduce the cost of their existing log solutions, resulting in better security and more visibility across their environments. During the quarter, we acquired external attack surface management (EASM) vendor Reposify to help our customers identify and eliminate risk from vulnerable and unknown assets before an attacker can exploit it. The acquisition closed in early October, and we expect to launch our external attack surface management module this quarter, which will bring us to 23 modules available across the Falcon platform. On the public cloud front, we continue to build momentum, with ending ARR for modules deployed in a public cloud setting growing over 100% year over year. Our CNAF solution continues to gain industry recognition, including winning Best Cloud Security in CRN's 2022 Tech Innovators Awards. Falcon Complete continues to shine, with net new ARR growing close to 20% quarter over quarter as customers embrace our extended lineup of Complete services, including Identity Complete and Cloud Complete. Additionally, we launched Falcon Complete Log Scale during Q3 and have already secured several wins. In a more challenging economic environment, there is appeal for a solution like Falcon Complete that allows companies to decrease headcount or hold headcount stable. The significant advantages of CrowdStrike's Falcon Complete offering were showcased in the first MITRE ATT&CK evaluation for security service providers. Out of 16 participants evaluated, the Falcon platform's integration of industry-leading technology and human expertise enabled us to deliver the highest coverage. This was MITRE's first closed-door test, which means the participants did not have prior knowledge of the adversary and retesting was not allowed. We believe this evaluation demonstrates why CrowdStrike is the clear leader in EDR and XDR, whether our capabilities are delivered as a fully managed service from CrowdStrike, through our network of MSSP partners, or operated independently by our customers. The Falcon platform also won SE Labs EDR ransomware detection and protection test. This well-regarded third-party testing firm involved 270 ransomware variations and deep attack tactics. Falcon achieved 100% ransomware prevention with zero false positives. Let me repeat: zero false positives. We believe this reflects our superior AI and machine learning models and the data mode advantage we derive from our unique graph technology and Threat Graph. Falcon's exceptionally low false positive rate represents a tremendous operational win for our customers, as it enables them to significantly increase their speed to triage, investigate, and remediate a verified alert. Based upon our business value assessment and realized analysis, we estimate that on average, enterprise customers observe a 68% increase in operational efficiencies with the Falcon platform, equating to an offset of approximately 3.5 full-time employees. We believe today's macro pressures on businesses and the escalating threat environment make Falcon's value proposition as a consolidator more important today than at any other time in CrowdStrike's history, in order to solve agent bloating, complexity within the security and IT stack, while also protecting the business from cyber adversaries and reducing operating costs. Companies need to consolidate on a truly integrated platform, not acquired technology stitched together by an invoice. CrowdStrike Falcon continues to be the gold standard and the security platform of record. While the cybersecurity market is not immune to macro pressures, it is a mission critical technology. The adversaries don't stop. As detailed in our latest threat hunting report, OverWatch observed a nearly 50% year-over-year increase in interactive intrusion campaigns. We believe cybersecurity investment is resilient and is prioritized, especially among the world's largest organizations, as represented in our million dollar plus customer cohort and best-in-class retention rates and module adoption rates. With the escalating threat environment, expanding attack surface, and extensibility of the Falcon platform, it is our belief that we are still in the early innings of CrowdStrike's growth journey. We believe the early and rapid success of our identity protection solutions best demonstrates our ability to leverage our unique and vast threat intelligence to create and dominate new and legacy markets. We intend to continue our disruptive innovation to expand our technology leadership and bring new modules to market. Even with these investments, we are responding to current macro conditions and plan to balance growth with profitability and free cash flow, as Burt will discuss in more detail. We remain steadfast in our vision to grow ending ARR to $5 billion by the end of fiscal year 2026 and reach our target operating model in fiscal year 2025. With that, I will turn the call over to Burt to discuss our financial results in more detail.

Thanks, Saket. So, again, if you look at what we've seen and what we've commented on, the inherent demand for our products remains strong. Obviously, there's an increase in the macro headwinds. We talked about some of the smaller customers having elongated sales cycles; we saw 11% increase in days to close, and those are delayed deals, not lost deals. And on the enterprise, again, we're seeing consistent win rates. They remain high, and in fact, in the smaller customers, we've actually seen them significantly improve quarter over quarter. So from our standpoint, as we look at this very closely, the landscape remains favorable to us. I really don't see another true consolidator like Falcon, and customers are looking for technologies that reduce costs, reduce complexity, actually work, and stop breaches, and that's what we're delivering. So again, when we look at the competitive landscape, it remains favorable to us, and as we pointed out, we saw increased macro headwinds, and that's what we talked about. So I'll turn over to Burt.

Thanks, Sterling. For us, the good news is that we have a very healthy install base and we feel that we've got great opportunities in that traditional land and expand model. We saw that in the ratios we saw. Having said that, we still feel that there's a tremendous opportunity in new logos. We think that the opportunity for us to go capture some of those new logos really goes to our model that we started and talked about since day one. So today we still think about tremendous opportunity in the land and expand model, as evidenced by our dollar-based net retention rates, but also in terms of the net new logos we have the opportunity to go capture. We talk about the TAMs that we've seen ever increasing from IDC and the fact that we've just been able to add new modules at a nice clip. We feel that we have a great opportunity to go after those new logos as well.

Yeah, we've seen tremendous interest since the acquisition. We announced that at Falcon. Customers are looking to understand their exposures externally, and as they move more and more to the cloud, a lot of their exposures are really configuration and policy driven. So it's a fantastic add for us. It fits very nicely within our platform, ties into what we're doing on the vulnerability management and risk side. Overall, we're really excited about it, and customers are not only looking at it for themselves but also looking at it from a third-party risk perspective and leveraging it across their supply chain to make sure that their suppliers are secure and not putting customers at risk. So far, very positive feedback, and we're excited to get the product launched and bring it to market.

Well, great question, Hamza. It's always been a balanced growth approach, and it's never been a growth at all costs, and I think we've shown that with our performance and track record. We continue to play the long game. But if you put things into perspective, we're a Rule of 83 last quarter. I mean, you think about the growth and the cash flow generation at scale at $2 billion plus ARR is pretty remarkable. We actually see this as a great opportunity for CrowdStrike as we go forward, as smaller competitors fall by the wayside, as private companies look for exits. We think it's a very attractive opportunity for us with our balance sheet of almost $2.5 billion in cash. At the end of the day, as these macro trends evolve, we see a great opportunity for us now and into the future to continue to consolidate customers as well as other technologies that might fit within our platform. So that's the way we look at it: balanced investment and again focus on making sure that we're delivering cash flow for our shareholders.

Operator, maybe we can move to the next question.

Sure. Let me take the latter question first. As I mentioned, we actually saw our win rates go up in the down market SMB space, so I think we continue to do well there. Burt talked about deals getting pushed out from that segment; we saw the impact of that. But when we think about what we can do and what we continue to focus on, obviously execution is really important to us and getting ahead of the lengthy sales cycles that you see in the enterprise with all the various approvals and legal that you have to go through, compliance, privacy. It just takes making sure that you have all of those checked off to try to fit the deals into a normal cycle that you would expect. It takes more work and effort, and we continue to focus on full reviews of the pipeline and making sure that we're working with not only our internal sales teams but also our partners and leveraging that vast partner network that we have. That's been the focus. Again, as you pointed out, I've been through multiple sales cycles, economic cycles, in security, and as I said in an earlier question, I do think it's a great opportunity long term as we push through the macro headwinds.

Sure. I'll take the first part of that. When we think about budgets, again, all the feedback that we've seen is that budgets are not in the enterprise getting cut. There are so many mandates around security and just as customers move to the cloud, what they are looking to do though is optimize that spend and consolidate. So they may not be spending as much money with a whole bunch of vendors, and they're looking to consolidate with companies like CrowdStrike. We spend a lot of time on selling the value, and when we think about this and we talked about this in the past, the consolidation of agents is a huge pain point for customers, the complexity, the cost. So all the conversations that I'm having, CEO all the way down, have been around how do we help consolidate the cost because they're going to spend the money; they'd rather spend it with fewer vendors and how do they get a better outcome. That's where CrowdStrike shines, and in some cases that may take a little extra work because we're upsizing some deals and we've got to go through more approvals and go through more of the value selling. But again, that's what we're focused on. We'll monitor the environment and see if there are any changes, but in all the conversations that I've had, security remains still top of mind and top of budget for enterprise customers.

Yeah, thanks. Obviously, customers are going to flex what they put in the cloud, and the cloud growth is what it is in terms of the macro cloud growth. In terms of what we see in our cloud workload protection, we continue to win in those areas. We win because we've got a combination of both workload protection as well as cloud security posture management and a full suite of protection capabilities, and we have more and more customers that continue to leverage our technologies as they migrate to the cloud. So they're still migrating to the cloud, they're leveraging our technologies as it's all integrated. In terms of our cloud workload protection across the board, it's certainly been very, very strong. So that's what we've seen in our business. Obviously, there's a broader cloud theme in the environment, and customers are going to choose when and how they migrate, but we are there for them and we continue to win those environments.

Well, as I mentioned earlier, we haven't seen any customers come back and say hey, our budgets are cut next year. We just haven't seen it. And as I mentioned, they're looking to consolidate, they're obviously looking to deploy those resources wisely and do it with fewer vendors and get better outcomes. Again, that's an area where I think we have tremendous strength. But nothing in my conversations, and as you might imagine I talk to a lot of customers all over the globe and prospects, nothing has come back that said they're spending less on security next year. They're deploying to the cloud, they're adding capabilities, there's a whole slew of compliance requirements that are coming in around the globe that will drive additional spend, and again they want to do it in a way that they get the most bang for their buck in a consolidated fashion. That's exactly what we've seen, and we haven't seen anything to deviate from that.

I wanted to thank all of you today for your time, and we certainly appreciate your interest and look forward to seeing you at our upcoming investor events. Thank you and have a great day.