CrowdStrike Holdings Inc

NASDAQ:CRWD

Thank you for standing by, and welcome to CrowdStrike Holdings' Third Quarter Fiscal Year 2024 Earnings Conference Call. [Operator Instructions] I would now like to hand the call over to VP of Investor Relations, Maria Riley. Please go ahead.

Good afternoon, and thank you for your participation today. With me on the call are George Kurtz, President and Chief Executive Officer and Co-Founder of CrowdStrike; and Burt Podbere, Chief Financial Officer.

Before we get started, I would like to note that certain statements made during this conference call that are not historical facts, including those regarding our future plans, objectives, growth, including projections and expected performance, including our outlook for the fourth quarter and fiscal year 2024, and any assumptions for fiscal periods beyond that are forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. These forward-looking statements represent our outlook only as of the date of this call. While we believe any forward-looking statements we make are reasonable, actual results could differ materially because the statements are based on current expectations and are subject to risks and uncertainties. We do not undertake and expressly disclaim any obligation to update or alter our forward-looking statements, whether as a result of new information, future events or otherwise. Further information on these and other factors that could affect the company's financial results is included in the filings we make with the SEC from time to time, including the section titled Risk Factors in the company's quarterly and annual report. Additionally, unless otherwise stated, excluding revenue, all financial measures disclosed on this call will be non-GAAP. A discussion of why we use non-GAAP financial measures and a reconciliation schedule showing GAAP versus non-GAAP results is currently available in our earnings press release, which may be found on our Investor Relations website at ir.crowdstrike.com or on our Form 8-K filed with the SEC today. With that, I will now turn the call over to George.

Thank you, Maria, and thank you all for joining us today. I would like to begin my remarks today by expressing gratitude to our customers, who proudly trust CrowdStrike as their cybersecurity platform consolidator for the AI era. Gratitude to our partners, who win with CrowdStrike, taking our joint customers on Falcon platform transformation journeys from device to cloud, to identity, to data and beyond, and to our team for their passionate dedication to our mission, stopping breaches, fighting adversaries and delivering the very best cybersecurity outcomes. Moving on to Q3. Despite a challenging macro environment and geopolitical tension, I am extremely proud of the resilience of our business and that we delivered a record Q3. CrowdStrike surpassed the $3 billion ARR milestone with an ending ARR of $3.15 billion, growing 35% year-over-year. CrowdStrike is the fastest and only pure play cybersecurity software vendor in history to achieve this milestone. In Q3, we delivered double-digit net new ARR acceleration at scale powered by customer demand for the depth and breadth of CrowdStrike's AI-native XDR platform, terrific execution exemplified by rising win rates against our competitors and acceleration in our cloud security and identity businesses as well as a record quarter in our LogScale next-gen SIEM business. Our standout top line performance came in tandem with P&L discipline as our profitability soared to record heights. Q3 was indeed a quarter of records. Let me share several of our financial highlights: record net new ARR of $223 million, representing 13% year-over-year growth from acceleration in new and expansion business; record non-GAAP subscription gross margin; record GAAP and non-GAAP operating profitability; record free cash flow of $239 million, representing 30% free cash flow margin and achieving free cash flow rule of 66, up from 63 last quarter. Burt will share more color on our financials and platform adoption steps following my remarks. This was a standout quarter and places us well on the path to $10 billion in ARR that we outlined in our latest investor briefing. The market continues to validate CrowdStrike's widening leadership position. While others scale back R&D, we are increasing our investments as innovation is the lifeblood of our company. We continue to make meaningful investments in go-to-market and profitable growth. To this end, we received multiple industry awards and accolades over the course of this quarter. Across industry analyst firms, CrowdStrike is consistently top rated.

In Q3, CrowdStrike was awarded a perfect 100% across protection, visibility and analytics detections in MITRE's latest ATT&CK testing, an industry first; recognized as Gartner customer choice and one of the highest rated in their latest Peer Insights Voice of the Customer for EPP Report; named the leader in The Forrester Wave for endpoint security; and positioned as a leader in the IDC vulnerability management MarketScape. Our leadership position is translating into record demand for our Exposure Management solution in its first quarter on the market. Our market presence and open platform approach to XDR is a uniting force in cybersecurity. In Q3, we hosted Fal.Con, our flagship customer and ecosystem event with more than 4,000 attendees and 70 sponsors. This was fast followed by our Fal.Con On the Road series, where we have already hosted Fal.Con Tokyo and Fal.Con São Paulo with thousands in attendance. The drumbeat of innovation was loud and clear with multiple releases and announcements showcasing CrowdStrike as the XDR leader, including the Falcon platform Raptor release, which standardizes all of our customers on LogScale. This builds our platform data gravity, coupling native Falcon data with third-party data ingest, further enabling our customers to realize SIEM and XDR use cases on Falcon. Falcon for IT, a new module to unify IT and SecOps from hygiene to patching, Falcon for IT lets customers consolidate multiple use cases and replace legacy products with our single-agent architecture; our new Falcon Data Protection module that liberates customers from legacy DLP products with modern, frictionless data security, which prevents data exfiltration; Falcon Foundry, a no-code application development solution, enabling both customers and technology partners to build directly on Falcon. Foundry epitomizes the true definition of a platform offering linerless apps. We announced the acquisition of Bionic, bringing application security posture management to the Falcon Cloud Security suite. Falcon Cloud Security is the industry's most comprehensive and innovative cloud security offering with integrated agent and agentless CSPM, CIEM, CWP and now ASPM. We released the beta and pricing for Charlotte AI, our AI-powered SOC analyst, which was incredibly well received. CrowdStrike's generative AI, leveraging multiple foundational models, can turn hours of work into minutes while democratizing cybersecurity, unlocking value and adoption across the entire breadth of the Falcon platform. Enthusiasm for Falcon for IT, our automation and hygiene module for IT teams, is exciting to witness because it is something so intuitive that our customers want. Like Data Protection, Falcon for IT solves a clear and long-neglected pain point, where customers are forced to rely on multiple legacy products that have long outstayed their welcome. Customers are eager to consolidate their agent estate while reducing cost and complexity. Falcon for IT illustrates the power of CrowdStrike's single platform approach. We have the real estate and data foundation to solve ever-evolving use cases, delighting our customers while disrupting vendors that have failed to evolve. The resounding takeaway from my customer engagements at Fal.Con and throughout the quarter is that CrowdStrike is the right choice for CSOs, CIOs, executive teams and boards. Here's why. Our build by design, single platform architecture requires no integration, no stitching and no platformization. Our unified cloud native platform and critical beachfront real estate within the customer estate naturally creates cybersecurity data gravity, falling for today's challenges while preparing for the unknowns of tomorrow. Organizations are looking for a trusted cybersecurity consolidator. CrowdStrike is cybersecurity's AI consolidator, liberating organizations from a litany of increasingly ineffective legacy tools, multiple agents, point products and fragmented pseudo platforms. Illustrating this point, deals with 8 or more modules increased 78% year-over-year in the quarter. This is what consolidation looks like. And third, stopping the breach matters more today than ever. Adversaries continue to evolve, moving faster and increasing their use of dark AI, turning AI into a weapon for evil. At the same time, legislative and SEC regulatory oversight pressures boards and executives to prioritize cybersecurity. With these 3 takeaways in mind, let's start by expanding on the first, why CrowdStrike is the definitive single security platform. Multiple fragmented platforms, consoles and data silos force customers to focus on integrating not security outcomes. Our relentless focus on innovation and commitment to a single build-by-design platform creates cybersecurity source of truth. Built on this platform foundation, our cloud, identity and LogScale next-gen SIEM products are examples of IPO-worthy hyper-growth businesses. Let's take a look at our momentum in cloud security. Growth accelerated in the quarter, and we're entering Q4 with a record pipeline. Noteworthy wins in the quarter included an 8-figure total deal value with a new Falcon customer in the hospitality vertical where we now secure their vast multi-cloud estate as part of a broader Microsoft replacement; a 7-figure cloud security expansion with one of the largest enterprise SaaS providers where we replaced multiple existing point products with Falcon Cloud Security; a 7-figure cloud security expansion with a major apparel brand, where we replaced a firewall hardware vendor's cloud security with our unified Falcon Cloud Security offering. CrowdStrike has one of the largest and fastest-growing cloud security businesses by ARR and customer count. The number of customers we protect in the public cloud has increased 45% from last year, as we rapidly replace other cloud security vendors in the ecosystem. Point product, API-based CSPMs have emerged as the easiest to replace as the market rapidly adopts our consolidated view that, together, agent and agentless security stops the breach. Combined with our recently completed Bionic acquisition, we're the only vendor offering ASPM, CSPM, CWP and CIEM under a single CNAPP umbrella. Moving to Identity Threat Protection, where we delivered a record quarter. More and more companies are investing in protection from the growing number of identity-based attacks with highly visible breaches prominently covered in the news over the past few months. Identity Threat Protection wins in the quarter included an 8-figure total deal value win in the federal government, where Falcon Identity landed as the identity security solution of choice; and multiple 7-figure wins across diverse verticals including financial services, consumer packaged goods and manufacturing to name a few. We see a long runway for guiding organizations on their Zero Trust transformation with our Identity Threat Protection given a rapidly growing threat vector, a largely untapped market where most organizations aren't protected and our frictionless unified architecture that secures identity across devices, clouds, domain controllers and Active Directory. CrowdStrike pioneered the identity threat protection category, and we are unmatched in the market as the only company with a single agent solution for both on-prem and cloud environments. Moving to LogScale. Our LogScale next-gen SIEM business achieved new records in Q3, surpassing the $100 million ARR milestone. The combination of search speed, data gravity and cost efficiencies, all integrated within the Falcon platform, sets LogScale miles apart from its competitors. However, it is the future of this business that really excites me. Our LogScale next-gen SIEM opportunity is supercharged by pervasive discontent with legacy SIEMs, recent M&A activity and CrowdStrike's growing position as cybersecurity's platform of record. We have seen a significant and pronounced increase in interest among customers looking to leapfrog their expensive, cumbersome and slow legacy SIEMs. Our next-gen SIEM offering is the right technology in the right place at the right time to benefit from market dynamics and the scale of CrowdStrike. Q3 wins include a 7-figure expansion in a major consumer staples company, selected LogScale to ingest data from third parties, correlate alerts and benefit from long-term data retention; a 7-figure financial services new customer land, where CrowdStrike was called in to stop a breach. With the desire to operationalize their high fidelity security data without compromising on cost, Falcon LogScale was an easy choice to replace the incumbent Microsoft; a 7-figure new logo land in a business process outsourcing firm that had decided it was time to replace their antiquated SIEM with LogScale while also adopting the Falcon platform for XDR, Identity and Cloud Security. Our advancement into the next-gen SIEM market is accelerated by the Raptor release, which brings LogScale to the forefront of the Falcon platform experience. With Raptor, we've made it significantly easier for customers to build their security and data lake efforts on top of LogScale next-gen SIEM across our native first-party data and that of any third-party product. Our single platform approach evolves and broadens the aperture of cybersecurity. CrowdStrike is cybersecurity's AI consolidator, liberating organizations from legacy AV, thus far EDRs and a hodgepodge of hygiene, compliant, vulnerability device management tools, costly and clunky SIEMs, and a confusing alphabet soup of immature cloud point products. This lengthy list of costly point products can be left behind saving tens of millions annually for businesses. Most importantly, stopping the breach matters more today than ever before. Adversaries don't discriminate. No matter the industry vertical, the geography or the business side, stopping the breach is nonnegotiable. The business disruption and financial losses from breaches are growing. Cutting corners on security is one of the most costly choices a business can make. The costs associated with cleaning up a breach can exceed $100 million. Our seminal cybersecurity platform innovation as well as threat intelligence and service expertise delivers the best security outcomes. This is why we win. Stopping the breach is the security outcome that CrowdStrike delivers. This makes our business incredibly durable in diverse economic cycles. We are a business necessity. A win this quarter exemplifying our unmatched capabilities is a large multinational who was using legacy EDR until they were breached. They called CrowdStrike, and we quickly remediated the breach. Seeing the power of the Falcon platform, this customer purchased Falcon Complete, Identity Complete and LogScale next-gen SIEM for hundreds of thousands of workloads. Helping this large multinational in their time of need showcases CrowdStrike's differentiation. Our AI trained on cybersecurity's richest data set drives the industry's most comprehensive protection and automation. We couple the right technology platform with cybersecurity's best and brightest incident responders and the expertise that comes from curating the industry's leading threat intelligence. The need for stopping breaches is not just an enterprise concern. The problem is just as pronounced in the SMB market, especially the S of SMB, where businesses remain stuck on legacy signature-based AV, oftentimes not knowing that better exists for them. Falcon Go is fit for purpose, delivering big protection for their small business. With our latest release of Falcon Go, we deliver a whole new user experience, creating the easy button for cybersecurity. Removing the need for CrowdStrike users to have cyber or IT skills, the new console is intuitive and preconfigured for immediate SMB success. We're always looking to remove the friction from the customer experience, and this new release makes Falcon Go as easy as one click to accelerate customer adoption. Falcon Go is a major step for SMB cybersecurity, and we are now investing in go-to market. We launched sales of Falcon Go on Amazon business, a marketplace where over 6 million SMBs purchase everything for their businesses. With Falcon Go, our mission of stopping breaches extends to businesses of all sizes, large and small. Our go to market is propelled by our partner ecosystem. Partners bring CrowdStrike into new accounts and drive platform adoption in existing customers. Year-to-date, 62% of all our new logo wins were partner sourced. The efficacy and success of our channel-led growth was reported by Canalys, the channel's leading industry analyst firm, in their most recent cybersecurity research. Canalys reported CrowdStrike's endpoint market share as #1 ahead of Microsoft. In addition, the research highlights CrowdStrike as the fastest-growing cybersecurity vendor in the channel ahead of Microsoft and Palo Alto Networks among others. We are setting new records. We announced surpassing $1 billion in AWS Marketplace sales. Being the first and fastest cybersecurity vendor to reach this milestone exemplifies CrowdStrike's leadership position as the cloud's cybersecurity platform of choice. And our AWS momentum is not slowing. This past quarter was a CrowdStrike record AWS Marketplace quarter. Our global systems integrator alliance partners are increasingly engaging with us across the entire Falcon platform. For example, EY built a 150-person strong and growing global LogScale next-gen SIEM practice based on the demand they are seeing for SIEM transformation and our technological superiority. In addition, EY refers their clients to CrowdStrike for incident response engagements and secured digital transformation projects. To date, we have done over $160 million in business with EY across 24 countries. In closing, in a challenging macroeconomic environment, which impacted even the largest cybersecurity vendors, we delivered a record Q3, accelerating double-digit net new ARR growth, record free cash flow and record profitability. Surpassing $3 billion of ARR as the fastest and only pure-play cybersecurity software vendor in history to achieve this milestone validates CrowdStrike's market leadership. Our Q4 setup is strong with a record pipeline and the competitive gap between CrowdStrike and other players in the market continues to widen. I'm excited about the path we are on and the progress we are making to $10 billion in ARR. Today's cyber environment is exactly why I built CrowdStrike. The adversary is moving faster and the rise of dark AI significantly increases attacker sophistication. Falcon has made cybersecurity easy and effective for small businesses to the world's largest enterprises. Simply put, CrowdStrike is cybersecurity's platform consolidator of choice. The platform is winning at scale. Our customers are looking to Falcon for more, more workloads, more use cases and more security outcomes. CrowdStrike remains unrelenting in our focus and promise stopping the breach. With that, we have a busy and exciting Q4 ahead of us, and I will now turn it over to Burt for commentary on our financial performance.

Thank you, George, and good afternoon, everyone. As a quick reminder, unless otherwise noted, all numbers except revenue mentioned during my remarks today are non-GAAP. Additionally, the results we are reporting today include the acquisition of Bionic, which closed during the quarter and was de minimis to revenue and ARR. Outstanding execution from the CrowdStrike team resulted in a record third quarter despite a continued challenging macro environment. Financial highlights in the quarter included an acceleration in net new ARR growth, driving ending ARR well above the $3 billion milestone; 96% year-over-year growth in operating income and record operating margin; record net income, which more than doubled year-over-year; record GAAP profitability for the third consecutive quarter; and record free cash flow. In the third quarter, we achieved record net new ARR of $223.1 million, with year-over-year growth accelerating to 13%. Demand in the quarter was broad-based as we expanded our leadership across the market from large enterprises to small businesses. New customer acquisition, strong expansion business within existing customers and a record quarter with the U.S. federal government contributed to the acceleration in net new ARR growth and ending ARR reached $3.15 billion, up 35% year-over-year. We continue to be very pleased with our platform strategy as subscription customers with 5 or more, 6 or more and 7 or more modules now represent 63%, 42% and 26% of subscription customers, respectively. Our gross retention rate remained high, and our dollar-based net retention rate was slightly below our benchmark in Q3, as the mix of net new ARR from new customers has remained above our expectations and we continue to land bigger deals. Moving to the P&L. Total revenue grew 35% over Q3 of last year to reach $786.0 million. Subscription revenue grew 34% over Q3 of last year to reach $733.5 million. Professional services revenue was a record $52.6 million, representing 57% year-over-year growth. The geographic mix of third quarter revenue consisted of approximately 69% from the U.S., 15% from Europe, Middle East and Africa, 10% from the Asia Pacific region, and 6% from other markets. Our investments in data center and workload optimization that we outlined in our Fal.Con investor briefing in September, continuing to bear fruit, resulting in record subscription gross margin performance above 80% in the third quarter. Total non-GAAP operating expenses in the third quarter were $436.1 million or 55% of revenue versus $348.6 million last year or 60% of revenue. Q3 sales and marketing and R&D expenses grew 23% and 31% year-over-year, respectively. We continue to invest aggressively in innovation and growth while exceeding our profitability expectations. Third quarter non-GAAP operating income grew 96% year-over-year to reach a record $175.7 million, and operating margin increased by 7 percentage points year-over-year to reach a record 22%. As we outlined during our Fal.Con investor briefing in September, we have once again raised our target model, which now calls for subscription gross margin of 82% to 85%, operating margin of 28% to 32% and free cash flow margin of 34% to 38%. We expect to achieve our new target model within the next 3 to 5 years as we also flagged the company to reach $10 billion of ARR over the next 5 to 7 years. Non-GAAP net income attributable to CrowdStrike in Q3 grew to a record $199.2 million or $0.82 on a diluted per share basis, each more than doubling year-over-year. Our weighted average common shares used to calculate third quarter non-GAAP EPS attributable to CrowdStrike was on a diluted basis and totaled approximately 244 million shares. We ended the third quarter with a strong balance sheet. Cash and cash equivalents and short-term investments totaled $3.17 billion and reflects the $238.7 million payment net of cash acquired for the acquisition of Bionic. Cash flow from operations was a Q3 record of $273.5 million. Free cash flow reached a record $239.0 million or 30% of revenue, achieving a rule of 66 on a free cash flow basis. Moving to our outlook. As George outlined, strong demand for the Falcon platform is driving our pipeline to new heights. However, the macro environment remains challenging with continued increased budget scrutiny, and as a result, we are not expecting to see the typical Q4 budget flush. Balancing these factors, we are maintaining our net new ARR assumptions, which call for in line to modestly up net new ARR for the full year and double-digit year-over-year net new ARR growth in the second half. As our guidance reflects, we are raising our full year revenue and profitability expectations for the year. Additionally, we are maintaining our target of 30% free cash flow margin for the full fiscal year. More specifically, for the fourth quarter of FY '24, we expect total revenue to be in the range of $836.6 million to $840.0 million, reflecting a year-over-year growth rate of 31% to 32%. We expect non-GAAP income from operations to be in the range of $186.5 million to $189.0 million, and non-GAAP net income attributable to CrowdStrike to be in the range of $199.6 million to $202.1 million. We expect diluted non-GAAP net income per share attributable to CrowdStrike to be approximately $0.81 to $0.82, utilizing a weighted average share count of 245 million shares on a diluted basis. For the full fiscal year 2024, we currently expect total revenue to be in the range of $3,046.8 million to $3,050.2 million, reflecting a growth rate of 36% over the prior fiscal year. Non-GAAP income from operations is expected to be between $633.6 million and $636.2 million. We expect fiscal 2024 non-GAAP net income attributable to CrowdStrike to be between $715.2 million and $717.7 million. Utilizing 243 million weighted average shares on a diluted basis, we expect non-GAAP net income per share attributable to CrowdStrike to be in the range of $2.95 to $2.96. George and I will now take your questions.

[Operator Instructions] Our first question comes from the line of Saket Kalia of Barclays.

Great to see the net new ARR return to growth in the quarter. George, maybe for you. A lot of great stuff in your prepared remarks to run through, but maybe I'll just stick to one question here. You've talked about how the legacy SIEM market is starting to feel kind of like the legacy AV market did. And of course, we've recently seen some M&A in that market. It's probably too early, but maybe the question is what are prospective SIEM customers saying to you about LogScale and their willingness to explore other solutions besides their traditional SIEM. Does that make sense?

It does. Yes, it's a great question. So when I look at the market today and I compare that to when I started CrowdStrike in 2011 and really talking to customers in 2012 and 2013 about replacing their legacy AV, it feels like it's the same conversation just with a different context of replacing their legacy SIEM. What I found -- and I tend to like businesses in markets where this is in place, where the incumbents are entrenched but have a high degree of dissatisfaction, where the technology is legacy and where the complexity is just tie of patching all this stuff together. And in talking to customers, they want better, faster, cheaper, and they want something that works at cloud scale. If you look at what we've done with LogScale, it's a much more modern version of a SIEM, a next-gen SIEM. We got ahead of the curve a couple of years ago when we bought Humio, which is now LogScale. We've now integrated it into our platform, and it's extended out our XDR technology, and it allows us to do log and SIEM on the same platform. So from our perspective, the feedback that we've gotten not only from customers but partners like EY are building practices around this. This is a massive opportunity for CrowdStrike and now is the right time for us given the level of dissatisfaction, M&A and the environment and the customer's willingness to look for a much better solution, which also gives us data gravity in the platform.

Our next question [Operator Instructions] comes from the line of Joel Fishbein of Truist.

Good quarter on the net new ARR side. George, another question along Saket's line but around the comments you made with regard to Data Protection. The same could be said about the legacy DLP market. And as you know, I would say that's even longer in the tooth than some of the SIEM market players out there. Love to hear how you are. You didn't talk about it like you did Cloud Security, Identity Protection, LogScale, et cetera. How far are we in that displacement market? And how big do you think they are? And what's the competitive dynamics there? Would be really helpful.

Sure. Well, we actually showed our Data Protection technology at Fal.Con, a couple of months ago. We're actively working with some of the largest enterprises in the world to make sure that we account for all their requirements and their ability to actually move off their legacy DLP product. There's not one customer that I've talked to that says they like their DLP product, period. And in today's environment with data in motion, particularly through cloud services, the ability to actually be able to track from endpoint through cloud where data moves, what type of data is out there, leveraging our AI to understand is it something that should be moving in certain places is going to be incredibly important. And the way we look at it is the same way we looked at legacy AV. There's a better way to reimagine DLP into Falcon Data Protection. And we're very, very close to being able to release that as we continue to put the fine touches on what customers are looking for and what they're willing to write a check for. So stay tuned but another massive market opportunity for us.

Our next question comes from the line of Rob Owens of Piper Sandler.

George, I guess, staying on theme here with these extensible adjacencies. Maybe you can touch on Falcon for IT, what early response has been since, I guess, showing it at your recent user conference and where you see the opportunity on that front.

Well, coming out of Fal.Con, I would say that was the #1 requested feedback item across all the great announcements that we had. I think it's so overdue in the technology space to be able to unify IT and security. Sometimes the technology is in the harder part. It's the org structure. So having a single agent that both security and IT can use, a home for IT, I think, is very important. We're actually working with large customers right now, gathering their feedback, and then we'll look to have a product out probably in Q1. But so far, the feedback has been amazing in terms of what we've already delivered, and now we're capturing additional capabilities for our first release. So I think that one is -- has a lot of legs to it and certainly opens up a massive TAM opportunity for us in IT well beyond anything in security given the agent cloud architecture that we built. We've got the real estate, and we plan to monetize it.

Our next question comes from the line of Matthew Hedberg of RBC.

Burt, I've got one for you. Obviously, you didn't comment on fiscal '25. I believe at this point last year, you just gave a couple of breadcrumbs how to think about ARR. I'm curious, as we sort of sharpen our pencils on '25, are there any guideposts or things that we should think about whether it's growth or profitability?

Matt, great question. So for us, we are always looking to maximize our growth while at the same time, paying attention to the bottom line. So that's never changed. We are absolutely going to continue to invest in innovation. We've got -- we announced so much at our last Fal.Con. We've got a lot of momentum. We're going to continue to invest to continue that momentum, but also, at the same time, we recognize that we want to make sure that we're a very well-run company and people are seeing the output of that, certainly on this quarter, and we don't plan on changing that at all for next year.

Our next question comes from the line of John DiFucci of Guggenheim.

George, it's impressive to really to see the consistency of your team at scale here. But I'm just curious, how did traction continue into the end of the October quarter? And then again into -- I mean, we're almost through November relative to the October period. And the reason I'm asking this is that we've generally heard of a fade in business activity through October across the industry, not necessarily with you. I mean, actually, we didn't hear it with you but across most others. And it's actually sort of shown up in results of some of your security peers. So I'm just wondering maybe what are you seeing. What did you see into the end of the quarter? And what are you seeing at the beginning of the January period?

Yes. We certainly had a strong October. I think, as I said in my prepared remarks, the macro environment is still challenging. And we make no mistake about that. Deals take longer, a lot more scrutiny, a lot of sign-offs. And there's a lot more work that goes into these larger enterprise deals, getting deals done even like FalconFlex, which are more enterprise like in their nature, takes time. So we had a great October, but in general, buyers are still cautious. And I think the fact that we're able to provide a real platform play that allows them to consolidate in other technologies and ultimately save money accrues value to us, but it certainly takes a lot of time and effort to get the deals through the goal line. But the team did a great job, and October was strong for us.

Our next question comes from the line of Tal Liani of Bank of America.

First question is Bionic contribution. You said it was de minimis. Can you define what's de minimis for net new -- the contribution to net new IRR? And then quarter was phenomenal, but I do see some weakness across the board of cyber companies with billings. In your case, it was down about 2%. I also see some weakness in deferred revenues. How do I reconcile what I see with billings, with deferred, with the underlying drivers that are very strong and your strong execution? Why are we seeing weakness not just with you, maybe with the entire space? But why are we seeing weakness with billings across the board?

Thanks, Tal. Good question. I'm going to start with billings. Yes, you're correct. For us, specifically, we don't manage the business to billings. And we feel the ARR gives you the absolute best proxy to revenue, and we felt that that's the right metric, as you know, since we went public to give you more transparency into the health of our business. And that's the metric that really guides you on health. With respect to billings ourselves, I mean, we think about billings similar to probably most of you out there, is that billings typically for hardware companies use that when they don't disclose any sort of bookings metric, and that's not us, right? We think that billings have certain things that just are not as relevant as a metric like ARR. You're comparing a balance sheet item to a P&L item, and for us, the P&L is going to dictate the health of the business. So for us, billings obviously is going to be impacted by duration, and there are many things that go into that. And remember also that when you think about it on a year-on-year basis, we're still up on billings, and I think that's the one thing that you want to take away. For us, when we think about how we want to continue to be transparent, ARR really gives you that notion of where we're going and how we're doing. And I think that that's the focus, and it has been, by the way, since we went public. Even as a private company, that's the one that we manage the business to. That's how we look at how to give out quotas to our reps, et cetera, et cetera. So for us, that's not going to change. And I hope that answers that question.

Our next question comes from the line of Adam Borg of Stifel.

Maybe just for George on CNAPP, it's obviously great to hear the traction. As we look ahead, should we still view this more of an upsell opportunity to existing customers? Or what needs to happen for this to be more of a tip of spear to drive net new logos?

I'm sorry. Would you mind repeating your question?

Great. Can you hear me okay now?

Yes, I can -- we can hear you now.

Great. Sorry about that. Maybe just on CNAPP, it's great to see the continued traction there. And as the market matures, should we view this as more of an upsell opportunity? Or what needs to happen for this to be more of a tip of spear to drive net new logos?

Yes. It's really a bright star for us when you look at our CNAPP capabilities of cloud workload protection, CSPM, CIEM, ASPM now with Bionic. We really have, I think, the -- one of the most complete cloud security offerings in the industry. And we're winning deals with it. We're leading in many cases, particularly forward leaning cloud companies, that we're selling to. If you look at the latest threat environment and what's happening and how identities are being abused and 2-factor authentication systems being bypassed, those sort of things, it's important to have a full suite of cloud protection. And I think this is sort of the awakening time for that industry in that companies can't just say, hey, we've got something from a cloud provider or we're going to go at it alone. I remember many, many, many years ago, companies didn't run antivirus, right? And you would say that's silly to anybody who runs an antivirus type technology. It wasn't so silly 30, 35-plus years ago. And I think this is kind of the inflection point in the cloud world where you're going to have multiple levels of protection, both agent and ageless and the fact that we've been able to harmonize those 2 together and deliver a very robust agentless technology combined with the best cloud workload protection in the industry gives us a real advantage.

Our next question comes from the line of Mike Walkley of Canaccord Genuity.

George, you touched on the new release of Falcon Go to better target SMB customers with more concise packaging. Can you just give us some color on how this segment of your business is trending as some of your competitors have called out soft SMB spending due to the macro? And also just how is this new release helping address pain points for these smaller customers because it seems like you're starting to accelerate the win rates in this segment?

Well, we saw a very strong SMB segment. We've done a lot of work, a, starting with our partners like Pax8 and others, Dell, in that market. So meeting the customers where they like to buy is really, really important. And then coming up with a very innovative and easy-to-use technology designed for the SMB, our latest release of Falcon Go is literally one-click install. And the feedback that we've gotten from customers are like, wow, this is the easiest thing I've seen. It just works. And I think you're going to see even more broad adoption because we've made it so easy to install. You don't have to be an IT professional. And then we've got our partner network that are building services around it. So they're able to generate dollars. We're able to sell our product through their channels where they meet the customers. And I think we've taken a very innovative and effective approach in our partnering strategy, and this is something that we've really worked on over the last year, 18 months, and we're bearing the fruit of it right now.

Our next question comes from the line of Gray Powell of BTIG.

Yes, I was just wondering if you could repeat the commentary on the potential for a year-end budget flush. I think you said that it was not going to be a typical year. And if I remember correctly, last year, the commentary is more like there's going to be little or no budget flush. So I guess my question is like how does this year look in comparison. Is it better, same, worse? And just sort of what's your confidence level on trends?

I think we're looking at it, saying it may not happen, right? So we're not necessarily counting on that. And if it does happen, fantastic. And you have to, again, keep in mind that our fiscal year-end is the beginning of a new budget cycle as well. So we have year-end budget if it comes in December and the new budgets in January. But we -- the macro environment, I would say, has remained steady. As I said earlier, still challenging, and we'll see if a budget flush comes, but that's not something that we're counting on.

Our next question comes from the line of Jonathan Ho of William Blair.

Congratulations on the strong quarter. I just wanted to get a little bit more color around the Charlotte AI revenue potential and maybe what customer use cases are seeing the most interest so far.

Well, we announced our pricing at Fal.Con. That was actually well received with customers. And in terms of the overall use cases, as I've talked about in the past, really, it's helping a Tier 1 SOC analyst up level themselves to be a Tier 3, right? It's really driving SOC automation, which is a big focus for us with things like Charlotte and things like Falcon Foundry. How do you drive automation into organizations to give them better outcomes? At the end of the day, they would be willing to pay for something if it's going to save them time or money or make their job easier. And what we've seen in the customers who are using Charlotte right now in its preview mode is they're able to do things way faster than they ever could and they're able to explore and ask questions that they haven't been able to do in the past, right? Just -- it just makes it so easy to have Charlotte gather up all the information and then take an action on their behalf. So a, the pricing has resonated well with customers. We'll see how it shakes out as we get into full swing of things. But overall, what we've put together and the fact that it isn't an independent chatbot, it's really a foundational platform service, it's wired into everything that we do and allows automation through all the modules, I think is a home run for us.

Our next question comes from the line of Gregg Moskowitz of Mizuho.

George, in your prepared remarks, you expressed a lot of excitement for Falcon for IT. But in addition to better security, better unification with IT, it also strikes me as having the potential to be a real ROI-driven sale for many customers. Do you agree with that? And if so, is that going to be an angle that you really go after from a go-to-market standpoint?

Well, it's exactly what we're hearing from customers. I was with a customer last night, and they were saying we're so excited with Falcon for IT because we've got to work -- we find the problems. We document them and then we've got to work with the IT teams to get them fixed. And a lot of times, their tooling is well behind what we can do with Falcon and they sort of end up fixing it themselves with IT because we just have the capabilities to do that. So to be able to carve out a home for IT and seamlessly help them understand their exposures on their assets that matter and then drive the automation to actually remediate those is incredible. And it goes beyond just kind of simple remediation. If you think about all the internal use cases in HR, hey, an employee might have an issue. They might have to investigate it, might have to do forensics on systems. Systems are remote all over the world. We've got many, many airlines that use our technology. They don't want to send out an IT person to go fix a kiosk that has a Microsoft blue screen. So what can they do? They can use Falcon for IT to bring it back to health, tremendous savings in terms of cost and travel and complexity. So this one I'm really, really excited about. And again, we're working to get all the components of what customers need at least for this first release. And then I think sort of the sky is the limit on what we can build out there.

Our next question comes from the line of Gabriela Borges of Goldman Sachs.

George and Burt, I have a question for you as you think about your fiscal year '25 planning assumptions. You mentioned a couple of times that the macro environment is very consistent. Clearly, the execution on growth and profitability is very consistent. I'd love your observations on what's incrementally changing. Meaning, as you think about your priorities into next year, what's new versus this time last year?

Well, I'll start and then I'll let Burt jump in. I think from a priority perspective, just on go to market and product, I'll let you talk about the fiscal piece, Burt. But we continue to drive innovation. Our focus has been on innovation, not integration. And I think that's shown in what we've been able to deliver in the market how fast we've been able to come out products. Falcon was our richest release of technology. So we want to continue to be the innovation leader in security, and I think customers will recognize that. From a go-to-market perspective, there's a lot of work that we've done in terms of really, really making sure we've got the right hygiene across the enterprise and making sure that we can compress these basically time in sales cycles to get deals done when we need to and factor them in, and then also, as we go down market into SMB, creating the right products for that segment and then delivering it through the right channel. So what we have is working. So it's going to continue to drive innovation, continue to remove friction in a go-to-market motion and continue operational excellence up and down the sales and the partner organization. Burt?

Thanks, George. So in terms of how we think about the macro next year, we're not going to predict the change in the macro until we actually see it, right? I think that's going to be the wait-and-see game for most companies, and that's certainly the one that we're going to take. But that's how I see it.

Our next question comes from the line of Alex Henderson of Needham.

I was hoping you could give us some clarity around some of the key metrics that people use to track conditions, closure rates, whether they are stable, improving or eroding, cycle time. I know you've said your deal size is up. And I think at the -- at Fal.Con, you talked about a significant increase in pipeline build. I think the comment was made on the stage that your pipeline target that they had tried to build was more than double the target. So I was hoping you could talk about what the pipeline looks like as we go into this quarter and into the new year.

Great. Well, when we look at the current macro environment, it is stable, but as I talked about in the Q&A and in the prepared remarks, it's still a challenging environment. It takes a lot of effort to get deals done. And again, it depends on the segments. Some segments are going to be a little bit longer in the enterprise and SMB a little bit shorter. But that being said, when we look out and we look at things like our pipeline, we have a record pipeline. And we have that because I think we've got the best product suite in the industry. We've got customers that are truly understanding the platform capabilities of what we've built. They're coming to us and saying, "Hey, let's sit down and go through your road map and our road map, and let's figure out what we can consolidate." So they're coming to us with the openness of wanting to buy more and leveraging things like FalconFlex to be able to have bigger commits at CrowdStrike, which is important. And overall, it's, as I said, still a tough environment, but I think we've got some key metrics like the pipeline that is encouraging to us. And when you look at LogScale and our cloud business, and our identity business, I mean, these are absolutely bright stars across the entire platform. And again, keep in mind, we're not selling individual piece parts. People are buying the platform, and that's what's driving the growth.

Our last question comes from the line of Eric Heath of KeyBanc Capital Markets.

Great. George, I guess I'll come back to the SIEM conversation. So appreciate the color on the synergies of using LogScale to do the analytics on top of your first-party data that you're already capturing. Makes a ton of sense. But I guess can you flesh out a bit more as to why your AI engine and your proprietary endpoint data is a better approach to capture the next-gen SIEM opportunity that many seem to be targeting, including those that tend to have more first-party data sources?

Well, when you look at just kind of the data gravity and what customers care about from a security perspective, I would say 85% of really the value of the data and the data that's generated comes from the endpoint. That really is the richest source of data because that's where it's generated from. As it goes across the network, it gets down selected and you lose a lot of the fidelity. So we already have a lot of that data. So let's start there. Then when you look at LogScale, LogScale is very robust and has the capabilities to ingest just about any type of third-party data into the product and very effectively without creating an index, which is its unique capabilities, index reingestion, which means you get immediate results. So from a platform perspective, we sort of have the data gravity already. We've got that 85% of the data. So customers would rather give us 15% that we don't have and leverage LogScale to replace their SIEM. And beyond replacing their SIEM, that's the security use case. We have customers -- many, many customers that use it for all kinds of performance management, logging their infrastructure, logging their Kubernetes clusters. So when you combine the fact that we're coming out with Falcon for IT, now with LogScale, which can log any data above and beyond security, we think that's a much broader opportunity than just SIEM itself. It opens up the entire data architecture of an organization to CrowdStrike.

I would now like to turn the conference back to George Kurtz for closing remarks. Sir?

Well, thank you. And I first want to close by acknowledging the heroic dedication of our team in Israel who continue to remain focused on CrowdStrike's mission. Our thoughts are with each and every one of you in these trying times of war. Thanks all of you for your time today. We appreciate your interest and look forward to seeing you at our upcoming investor event and happy holidays.

This concludes today's conference call. Thank you for participating. You may now disconnect.