CrowdStrike Holdings, Inc. (NASDAQ:CRWD) Q2 2024 Earnings Call Transcript August 30, 2023 5:00 PM ET
Maria Riley – Vice President of Investor Relations
George Kurtz – President, Chief Executive Officer and Co-Founder
Burt Podbere – Chief Financial Officer
Conference Call Participants
Saket Kalia – Barclays
Sterling Auty – MoffettNathanson
Andrew Nowinski – Wells Fargo
Keith Bachman – BMO Capital Markets
Mike Walkley – Canaccord Genuity
Gray Powell – BTIG
Brian Essex – JPMorgan
Jonathan Ho – William Blair
Gregg Moskowitz – Mizuho
Gabriela Borges – Goldman Sachs
Patrick Colville – Scotiabank
Yi Fu Lee – Cantor Fitzgerald
Trevor Walsh – JMP Securities
Peter Levine – Evercore ISI
Hello, and welcome to the CrowdStrike Fiscal Second Quarter 2024 Results Conference Call. At this time, all participants are in a listen-only mode. After the speaker presentation, there will be a question-and-answer session. [Operator Instructions] Please be advised that today’s conference is being recorded.
It is now my pleasure to introduce Vice President of Investor Relations, Maria Riley.
Good afternoon, and thank you for your participation today. With me on the call are George Kurtz, President and Chief Executive Officer and Co-Founder of CrowdStrike, and Burt Podbere, Chief Financial Officer.
Before we get started, I would like to note that certain statements made during this conference call that are not historical facts, including those regarding our future plans, objectives, growth and expected performance, including our outlook for the third quarter and fiscal year 2024 and any assumptions for fiscal periods beyond that are forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. These forward-looking statements represent our outlook only as of the date of this call. While we believe any forward-looking statements we make are reasonable, actual results could differ materially because the statements are based on current expectations and are subject to risks and uncertainties. We do not undertake and expressly disclaim any obligation to update or alter our forward-looking statements, whether as a result of new information, future events or otherwise. Further information on these and other factors that could affect the company’s financial results is included in the filings we make with the SEC from time to time, including the section titled Risk Factors in the company’s quarterly and annual report.
Additionally, unless otherwise stated, excluding revenue, all financial measures disclosed on this call will be non-GAAP. A discussion of why we use non-GAAP financial measures and a reconciliation schedule showing GAAP versus non-GAAP results is currently available in our earnings press release, which may be found on our Investor Relations website at ir.crowdstrike.com or on our Form 8-K filed with the SEC today.
With that, I will now turn the call over to George.
Thank you, Maria, and thank you all for joining us today. I am pleased to report that in the second quarter, we exceeded our guidance across both top and bottom-line metrics, delivering strong, durable growth at scale and credible leverage and operating within our target model on every metric. Even with a challenging macro backdrop, we delivered an impressive quarter, highlighting CrowdStrike’s structural competitive moat, making Falcon the definitive cybersecurity platform for the cloud era.
Financial highlights for the quarter include, ending ARR of $2.9 billion, up 37% year-over-year, with record contribution from cloud security, identity protection and LogScale Next-gen SIEM, together surpassing $500 million in ARR, record non-GAAP operating margin of 21.3%, record non-GAAP net income, which grew 109% year-over-year, GAAP profitability for the second consecutive quarter, record Q2 free cash flow of $188.7 million and an over 80% year-over-year increase in deals involving eight or more Falcon platform modules.
Our commitment to operational excellence and the utilization of AI within our platform and across our entire organization is driving enviable leverage in our financial results, even as we aggressively invest in fueling growth. As Burt will discuss, we are raising our revenue outlook for the year and bringing in our timeline to sustainably achieve our non-GAAP target operating model. We now expect to exit Q4 within our target non-GAAP operating margin model and to remain within our target model on an annual basis starting in FY ’25.
In an increasingly digital cloud-defined world, cybersecurity is becoming more important than ever. The SEC’s recently enacted cybersecurity disclosure requirements substantiate the growing gravity of cybersecurity threats, elevating the category from an operational concern to an urgent Board level and CXO spend priority. At CrowdStrike, we continue to build cybersecurity’s platform of choice, offering a simple and powerful promise. We stop breaches.
Heading into the second half of the year, we see increased momentum in the business, driven by record levels of new logo and upsell pipeline, record deal registrations from our market-leading partner ecosystem and record levels of customers proudly trusting CrowdStrike to be their long-term security platform consolidator of choice. We are also observing substantial changes in the competitive landscape, uniquely benefiting CrowdStrike. With the business momentum we see and competitive market dynamics, we believe our second half performance will yield double-digit net new ARR growth.
Working in cybersecurity for the past 30 years, I have recognized and created tectonic shifts in this industry and we are in the midst of one right now. Organizations need better, faster and more cost-effective protection for a digital society. Organizations need seamless, not stitched together automation to break down legacy data silos. Organizations need lower TCO and more efficient ROI-driven investment. The competitive battlefield of cybersecurity today reflects these realities, separating the wheat from the chaff. Those who have platforms versus those with point products masquerading as platform stories.
What was a market littered with dozens of companies is quickly consolidating to several vendors. Smaller, narrower point product companies are being left behind. These companies are quickly going the way of legacy AV, already in the hands or looking for the safe hands of strategic or private equity buyers. Point products, single feature cloud security companies are learning the hard way that platforms built by design win at scale. Today’s competitive landscape solidifies CrowdStrike’s leadership position and turns what were once competitors into immediate shared donors. CrowdStrike is purpose-built for this market. We have the technology innovation, mission-driven team and sizable scale to lead cybersecurity platform consolidation.
Shifting from competitive market dynamics to CrowdStrike, here are the reasons I see us winning in the second half and beyond. The Falcon platform enables real consolidation with best-of-breed outcomes, and we are flighting XDR transformations across cloud security, identity protection and LogScale Next-gen SIEM. Each of these three platform solutions are high-growth, sizable businesses. Each are examples of IPO worthy companies in their own right and each are seamlessly integrated components of the Falcon platform.
Let me first provide commentary on CrowdStrike as cybersecurities consolidator, and then I’ll follow up with updates on our cloud, identity and Next-gen SIEM Falcon platform businesses. The Falcon platform has not only become the standard for delivering AI-powered cybersecurity, it has become the foundational cybersecurity platform for our customers. Our revolutionary cloud-native architecture consists of an AI-powered data platform and lightweight sensor form factor, which remains the easiest and fastest to deploy with no reboots. Our form factor was made for the digital anywhere enterprise, not bound by operating system or hardware-defined network perimeters. CrowdStrike has the visibility to detect and prevent attacks and the workflow integrations and automation to remediate. We have the prime enterprise real estate on devices and multi-cloud workloads to automate and consolidate cybersecurity.
Customer after customer I met with at the Black Hat Security Conference wants to anchor their cybersecurity on the Falcon platform. These customers see us as their core partner in their security journey. With consolidation being a hot topic, let’s talk about what security outcomes really mean. Stopping the breach. This is the most important outcome. Companies need vendors who are trusted partners that can understand, prevent and respond to threat actors to stop breaches. CrowdStrike is uniquely positioned to stop breaches with our technology, threat intelligence and services.
Saving time, delivering everything in a single modern console coupled with generative AI reduces dwell time and makes cybersecurity faster and easier. Saving money with most enterprises still buying north of 60 cybersecurity point products, there’s too much cybersecurity shelf wear. Individual products require learning and maintenance, building integrations and higher staffing costs. Eliminating the time managing, integrating, updating and operating superfluous tools represents real savings regarding product, people, process and cost.
And finally, doing more. CrowdStrike’s Falcon unlocks new capabilities for organizations such as deploying their first code to cloud security, identity protection, exposure management, attack surface reduction, next-gen SIEM and more, all in one integrated platform. The breadth of native Falcon capabilities in our prime real estate within the enterprise and SMB technology stack is our advantage and creates significant customer expansion path. Our open XDR platform, the ability to take in first-party and third-party data is quickly becoming the enterprise data destination.
We see data gravity for the management of cybersecurity, but also broader observability use cases as a competitive moat for CrowdStrike. Customers gain greater value with every module they adopt, reducing agents, security gaps, complexity and cost, enabling them to transform and consolidate their security stack with the Falcon platform.
Let me share several recent new customer wins that speak to this. First is a major auto manufacturer that tried but failed to consolidate their security on Microsoft E5. This company’s security team quickly realized Microsoft’s complexity, multiple consoles, lack of integration, miss detections and complex deployments hampered their ability to defend themselves and consolidate. This customer is now consolidating on the Falcon platform with Falcon Complete for Endpoint, Identity and Cloud. Now with a single agent, single user interface and single platform, they have complete visibility across their end points, cloud and identities and the ability to stop threats in real time. By moving from expensive Microsoft E5 to CrowdStrike, organizations can save 50% plus per user per year on Microsoft licensing costs, adding up to millions of dollars of savings.
Another seven-figure consolidation win was with a leading residential construction manufacturer who took their Falcon Complete subscription to the next level. Beyond the Endpoint, this customer purchased Falcon Cloud Security, Identity Protection, LogScale and Falcon Surface, our external attack surface management offering. Falcon has become the platform of consolidation and trust for this enterprise, reducing spend with three other vendors by more than 60% and wholly eliminating multiple vendors from their stack. Consolidation is not only fueling bigger new logo lands but also increased platform adoption, especially in the areas of cloud security, identity protection and LogScale, which, in aggregate, contribute well over $0.5 billion in ending ARR. Financial services, technology, retail and manufacturing industry verticals continue to demonstrate strong demand with large deal sizes. In Q2, we closed over 80% more deals involving eight or more modules than a year ago as customers increasingly look to CrowdStrike to consolidate their security stack.
Let me now discuss our momentum in the platform areas of Cloud, Identity and LogScale, Next-gen SIEM, where we are setting new records. Let’s start with Cloud Security, where net new ARR growth accelerated meaningfully and reached a new record during the quarter. Ending ARR for Falcon modules deployed in a public cloud grew to $296 million, up 70% year-over-year, larger than almost every single vendor in cloud security today. Driving this inflection is our focused innovation on Falcon Cloud Security, our CNAPP suite offering, which unifies agent and agentless cloud-native security capabilities into a single offering, providing immediate time to value across all major cloud environments. Net new ARR growth for Falcon Cloud Security accelerated to 70% quarter-over-quarter. We have made it easier for customers to consume Falcon Cloud Security with a single SKU and customers are rapidly standardizing on CrowdStrike as their cloud security platform of choice.
Customers are eager to move away from multiple point product vendors to Falcon’s unified best-of-breed platform. We added many new capabilities to our CNAPP offering, including infrastructure as code, site scanning and attack path analysis, creating the most comprehensive CNAPP solution on the market. Combined with Falcon Surface, our external attack surface monitoring solution that we acquired last year, we now provide a complete outside-in and inside-out view of a customer’s security posture.
This past quarter, we executed a go-to-market emphasis on cloud security, hosting a virtual Cloud Security Summit with over 12,500 security and DevOp participants followed by cloud-focused partner and sales plays. Our integrated cloud suite, easy management and lower TCO value propositions are resonating at scale.
We closed a record number of cloud customer wins in Q2, including multiple seven-figure cloud expansions with Fortune 500 customers, together in excess of $20 million in deal value. An iconic Fortune 50 retailer prioritized a full, not phased, Falcon Cloud Security purchase of $5 million in deal value, choosing CrowdStrike over a point product cloud security scanner and displacing their firewall vendor. Additionally, a major Fortune 500 manufacturer sought product superiority and a single-platform approach replacing Wiz with Falcon Cloud Security. Other cloud wins include [new wins] (ph), with financial, technology media and healthcare companies as well as public sector accounts.
Finally, I want to highlight a cloud expansion with a Fortune 1000 retail brand facing increasing costs from their incumbent cloud security vendor and struggling with limited visibility over their cloud assets. This customer launched an initiative to unify their security stack and remove gaps between traditional endpoint, cloud runtime security and posture management. CrowdStrike is the only vendor that met these requirements and a unified platform and helped them drive down their overall operational costs.
The cloud security market opportunity is massive and growing rapidly with the potential to reach $18 billion in calendar year 2026. Cloud exploitation by adversaries increased 95% year-over-year and the only way to stop threats at all time is with a fully-fledged agent and agentless cloud suite like Falcon. Only CrowdStrike delivers a fully integrated CNAPP solution that unifies cloud workload protection, cloud security posture management, cloud infrastructure entitlement management, threat intelligence and threat hunting in one platform across hybrid and multi-cloud environments. Our leadership in cloud security was recognized in Frost & Sullivan’s recently published 2023 Frost Radar, Cloud Workload Protection Platform report based on our impressive CWPP business growth, our comprehensive cloud visibility and our unrivaled cloud detection and response services.
Identity Protection also stands out with over $200 million in ending ARR, up 194% year-over-year. Identity-based attacks represented 62% of all interactive intrusions we observed in the last 12 months. CrowdStrike’s Falcon Identity Protection delivers the best protection against identity attacks, recently winning the CRN Tech Innovator Award as the best solution on the market. The identity protection adoption rate for new customers grew more than 100% year-over-year and the total number of deals tied to identity increased 200%. Highlighting this in Q2 is a financial services firm that initially turned to CrowdStrike for incident response following a breach where an attacker used legitimate credentials to bypass the company’s existing security products and remain undetected for a week. Following remediation by CrowdStrike incident responders, this customer consolidated on the Falcon platform, adopting Falcon Complete, Falcon Identity Complete and Falcon Cloud Security Complete, displacing and consolidating four vendors in the process, Microsoft, SentinelOne, Arctic Wolf and Sophos.
Moving to LogScale. Net new ARR from LogScale Next-gen SIEM reached a new record as customers increasingly adopt a solution to sell multiple use cases. The number of customers using LogScale grew more than 3x year-over-year. LogScale ending ARR grew over 200% year-over-year and is quickly approaching the $100 million ARR milestone, which we expect to achieve in Q3. A Fortune 500 manufacturing company expanded on the Falcon platform with a nearly $4 million deal value LogScale purchase after becoming frustrated with their legacy SIEM vendor due to its increasingly prohibitive costs, complex licensing and poor forced on-prem to cloud migration experience. Given LogScale’s unparalleled speed and flexibility and cost-effective licensing model, this customer is now leveraging the Falcon platform to transition away from legacy SIM, supercharging the speed of both their observability and security use cases.
Falcon is a platform that brings the benefits of generative AI to life for every SOC, CISO, CXO and enterprise. We do it with proprietary threat data, and we do it with industry-leading AI expertise. Charlotte AI is the engine powering our portfolio of generative AI capabilities across the platform, utilizing CrowdStrike’s high-fidelity data advantage. Charlotte AI helps Falcon users of all skill levels to do more in the platform by automating workflows, which fuels module adoption and reduces the mean time to detect and respond. The net benefit to customers from our pioneering use of AI in a single platform is faster results, better security outcomes and lower overall cost, ushering in a new era of machine speed security. We showcased Charlotte AI earlier this month at Black Hat where we’re the only vendor of consequence to showcase a live, not PowerPoint, demo of generative AI in action. Public reception was fantastic, and we will release Charlotte AI pricing at Falcon.
Moving to partners. 64% of new customers from large enterprises to SMBs were sourced from our partners in the quarter. Our industry-leading partner ecosystem is embracing the broader Falcon platform, building long-term differentiated businesses with CrowdStrike. CrowdStrike is AWS’ largest cybersecurity go-to-market partner. And we recently won their ISV Partner of the Year Award, validating our cloud security category leadership, commitment to innovation and go-to-market success, particularly in cloud security.
Finally, the initial momentum we are building through our partnership with Dell is exciting, delivering eight figures in deal value in just a few months. As we highlighted previously, our resell agreement with Dell hit the market in Q1 delivering in-quarter new deals in every major geography region. In the second quarter, we went live with attached device sales globally and rapidly achieved industry-leading device attach rates. Demand in our markets has remained resilient. And even as we continue to operate at a time of macro uncertainty and increased deal scrutiny, our win rates remain high. The momentum we are building with consolidation deals specifically tied to Cloud Security, Identity Protection, Next-gen SIEM and increased partner engagement is driving our pipeline to record levels.
Additionally, Fal.Con, our annual customer conference, is our biggest selling event of the year, and this year, registration is already up 80% from last year. The Falcon ecosystem will be on full display with over 70 technology go-to-market partner sponsors in attendance. I would like to invite our investors and analysts to join us at Fal.Com. Similar to last year, in conjunction with the event, we will hold an investor briefing featuring conversations with customers and partners. This year’s briefing will also include a financial discussion led by our CFO, Burt Podbere. Please note that customer sessions will not be available on the webcast, so please join us in person.
And with that, I will turn the call over to Burt to discuss our financial results.
Thank you, George, and good afternoon, everyone. As a quick reminder, unless otherwise noted, all numbers except revenue mentioned during my remarks today are non-GAAP.
We delivered a strong second quarter amid a continued challenging macro environment. In Q2, we scaled the business to new heights and drove significant operating leverage. New milestones in the quarter included record operating margin, which was within our target operating model for the first time in company history, record non-GAAP net income attributable to CrowdStrike, which more than doubled year-over-year, and GAAP profitability for the second quarter in a row.
The demand environment remained resilient, and we built record levels of new logo and upsell pipeline. We achieved Q2 net new ARR of $196.2 million, which was above stated assumptions as our relentless focus on sales execution enabled us to perform well even as we continue to see heightened deal scrutiny and elongated sales cycles. We ended the quarter with ending ARR reaching $2.93 billion, up 37% over last year. We continue to be very pleased with the success of our land-and-expand strategy with our dollar-based net retention rate effectively at our benchmark in Q2. Subscription customers with five or more, six or more and seven or more modules increased to 63%, 41% and 24% of subscription customers, respectively.
Moving to the P&L. Total revenue grew 37% over Q2 of last year to reach $731.6 million. Subscription revenue grew 36% over Q2 of last year to reach $690.0 million. Professional services revenue was $41.7 million, setting a new record for the 12th consecutive quarter and representing 44% year-over-year growth. During the quarter, we also saw strength in Latin America, the Middle East and Japan. International revenue grew 43% year-over-year. Our second quarter non-GAAP gross margin performance remained strong. Total non-GAAP gross margin was 78%, and we achieved subscription gross margin of approximately 80% for the second consecutive quarter. We look forward to discussing the initiatives and investments we are making to drive subscription gross margin higher and beyond our target model in more detail at our Fal.Con Investor Briefing in September.
Total non-GAAP operating expenses in the second quarter were $412.5 million or 56% of revenue versus $321.4 million last year or 60% of revenue. Q2 sales and marketing and R&D expenses grew 26% and 35% year-over-year, respectively. We expect sales and marketing and R&D expenses to fluctuate quarter-to-quarter due to the timing of in-person events, marketing and technology development programs.
As a result of our dedication to operational excellence and profitable growth at scale, in Q2, we achieved multiple new milestones for the profitability of the business. These milestones included record non-GAAP operating income of $155.7 million, growing 78% year-over-year, achieving our target model range for non-GAAP operating margin for the first time in company history and a record 21% of revenue, well ahead of our planned timeline. More than doubling non-GAAP net income attributable to CrowdStrike, which grew to a record $180.0 million or $0.74 on a diluted per share basis. And finally, achieving GAAP profitability for the second consecutive quarter. These achievements speak to the power of our financial model and focus on running an efficient business. We are accelerating our timeline to reach the target model. As implied in our guidance, we now expect to exit Q4 within our target non-GAAP operating margin model and to remain within our target model on an annual basis starting in FY ’25.
We ended the second quarter with a strong balance sheet. Cash and cash equivalents increased to $3.17 billion. Cash flow from operations grew 17% year-over-year to a Q2 record of $244.8 million. Free cash flow grew 39% year-over-year to a Q2 record of $188.7 million or 26% of revenue, achieving a rule of 63 on a free cash flow basis.
Looking at the first half of fiscal year 2024, free cash flow grew 42% year-over-year to reach $416.1 million and 29% of revenue, putting us well on track to reach our stated goal of 30% free cash flow margin for the full fiscal year.
Moving to our outlook. We are raising our revenue guidance for the fiscal year and maintaining our net new ARR assumptions for the second half and fiscal year, which call for in line to modestly up net new ARR for the full year. For the third quarter of FY ’24, we expect total revenue to be in the range of $775.4 million to $778.0 million reflecting a year-over-year growth rate of 33% to 34%.
We expect non-GAAP income from operations to be in the range of $154.4 million to $156.3 million and non-GAAP net income attributable to CrowdStrike to be in the range of $179.8 million to $181.8 million. We expect diluted non-GAAP net income per share attributable to CrowdStrike to be approximately $0.74, utilizing a weighted average share count of 244 million shares on a diluted basis.
We are raising our revenue and profitability guidance for the full fiscal year 2024. We currently expect total revenue to be in the range of $3,030.7 million to $3,042.9 million, reflecting a growth rate of 35% to 36% over the prior fiscal year. Non-GAAP income from operations is expected to be between $601.3 million and $610.5 million. We expect fiscal 2024 non-GAAP net income attributable to CrowdStrike to be between $680.4 million and $689.7 million. Utilizing 243 million weighted average shares on a diluted basis, we expect non-GAAP net income per share attributable to CrowdStrike to be in the range of $2.80 to $2.84.
George and I will now take your questions.
[Operator Instructions] And our first question comes from the line of Saket Kalia with Barclays.
Okay, great. Hey, George. Hey, Burt. Thanks for taking my question here.
Great to hear your voice, Saket.
Same here, Burt, and great to see the profitability, so much fun stuff to talk about in the quarter. But maybe I’ll just hit 1 topic head on, which is the scrutiny that I think all of us have on the second half net new ARR ramp. And listen, I think we’ve heard it from you and George for multiple quarters now that the multiproduct pipeline just looks strong. But I was wondering if either of you could help us maybe look at that ramp from another lens to maybe help us get a little bit more confidence, whether that’s based on things like net revenue retention or implied new logo business, any other lens that you’d have us look at — I guess, look through when kind of stress testing that second half net new ARR ramp that you’re guiding to?
Sure, Saket. Let me take the first part, and I will turn it over to Burt. So when we think about the back half of the year and our confidence, I think it starts with the product and the consolidation that we’re seeing. Customer after customer looking to consolidate on the platform and the product portfolio has never been stronger, particularly in the areas that I talked about, Cloud, LogScale, Identity. We gave you some great numbers around that. Then you look to our partners, our industry-leading partners in our ecosystem. We continue to grow that. We’ve got tremendous focus on that internally with a new leader, Dell, Pax8. I mean I can go down the list of our partners and certainly AWS that I called out, all contributing to our momentum. And then the pipeline, a record pipeline as we see this. The partners and CrowdStrike are delivering a record pipeline because the products are there. So that’s the way I look at it. Burt?
Yes. I would just add a couple of things. One, I would add, we’re very happy with our retention rates. We think they’re best in class, as well as I think we’re seeing strength from multiple aspects of the business, right, from either our enterprise or SMBs. We see strength in both. So that’s why we get confidence in the second half.
Thank you. One moment please for our next question. Our next question comes from the line of Sterling Auty with MoffettNathanson.
Yeah, thanks. Hi, guys. I also want to drill in on that same topic, but specific, George, to one of the comments made about the sales pipeline. And wondering if you can just peel back the onion and talk about what you saw in this quarter and what is happening with the strength and maturity in the pipeline coverage, specifically to drive that acceleration?
Sure. I think you have to start with the ramp reps that we have. We did a lot of hiring last year. It takes a while to ramp rep. So we’re going into the back half of the year with ramp capacity, which we’re obviously excited about. And then a lot of it has to do with me being in the field and talking to customers and just what I’m hearing from them. I was recently on a call with a large Fortune 200 company. I was on with their CIO, their CTO and their CSO. And they said the reason we have all of these people together is because of the spend, which is eight figures, and two, we were so strategic. We’re actually handling their observability and their security use cases. So when I look at that and I look at the product portfolio and where we are, it’s just encouraging, combined with the sales ramp and the capacity we have as we go to the back half of the year.
Thank you. One moment please for our next question. And our next question comes from the line of Andrew Nowinski with Wells Fargo.
Great. Good afternoon and congrats on the quarter and I’d echo Saket’s comments about profitability, that is really an amazing outlook. I wanted to just ask another question on the back half of the year guidance. The way you described everything, George, with products, consolidation, partners growing, record pipeline, ramped reps, I know the back half does look fairly aggressive, but you also have easy comps, too. So maybe why not — what gives you caution about raising that guidance a little bit more coming off of a really good quarter and heading into with all those positive trends you have going for your business right now?
Hey, Andy, it’s Burt. So when it comes to guidance, we take a very prudent approach. And we guide to basically what we see, not what we don’t see. We definitely don’t guide to running tables. And you’ve also got to still factor in that, it’s still — we’re still in a tough macro. We do see deals getting elongated and sales cycles taking longer. So I think those are the things why we guided to the way we guided.
Thank you. One moment please for our next question. And our next question comes from the line of Rob Owens with Piper Sandler.
Great. Thanks for taking my question. This is Ethan on for Rob here. George, I just wanted to touch on that observability point that just came up again. And highlighted the success you’re seeing with LogScale. So can you talk a little bit more about some of those observability use cases that you’re seeing success with and maybe where you’re seeing a little bit of differentiation? Thank you.
Sure. So when you look at LogScale, its capabilities are obviously Next-gen SIEM, but also in observability, and we have many customers that use it just for that use case, and we have an opportunity to go back and sell them security. Things like managing and monitoring the Kubernetes clusters, the cloud environment, their infrastructure, I mean we have a customer who manages like the train schedules on it. So it can manage a large set of data, and it does it extremely efficiently. And what we’re seeing right now is customers telling other customers about it. We have huge Fortune 25 referenceable customers in the space. And I think the success begets more success in that area. So that’s why we’re pretty excited about it. And you’ve seen the growth in that area and customers are looking for something that’s better and faster and gives them an outcome that is more contemporary than what they’re using today.
Thank you. One moment please for our next question. Our next question comes from the line of Keith Bachman with BMO Capital Markets.
Hi, many thanks for taking the question. I wanted to ask about the $500 million ARR run rate that you mentioned for LogScale and others. And, A, is that the same composition from the analyst event where you referenced it was $399 million in the January quarter. So it’s up 25% in only two quarters, so pretty healthy growth there? B, any comments on how you anticipate that continuing to scale over the next couple of quarters to help realize that back half of your guidance? C, any update on the thoughts on M&A that might contribute to the growth of that emerging portfolio? Thanks very much?
Yeah, it’s a great question. So for us, the way we broke it out on this earnings call, it’s not the emerging category that we had talked about in the past. It’s different. And we wanted to give increased visibility into the specific business lines. And we thought that it would be very important for everybody to see how well they’re performing and how well [indiscernible] scale they’re performing. So you’ve got, obviously, our Cloud momentum. You’ve got our LogScale momentum and our Identity momentum. And we wanted to show everybody exactly how we’re doing in those areas, and that they’re taking flight at scale. I’ll pass the other questions over to George.
Well, when we think about the current environment, I think everyone is seeing there is a shift in the competitive environment and companies that are moving around in terms of M&A activity. We think the back half of the year will be a great opportunity. We continue to evaluate many, many different candidates as we normally do. And we think the environment is getting better from an M&A perspective. And we’re very diligent in how we buy things in the bar and how we look to integration because we focus on a seamless one platform approach, and we remain true to that. So back half of the year, we’ll see how it goes, but certainly excited about that, and we continue to drive innovation internally and we’ll look externally for good companies with good culture and good people.
Thank you. One moment please. And our next question comes from the line of Mike Walkley with Canaccord Genuity.
Great. Thank you. George, it’s clear platform leaders are gaining wallet share as enterprises consolidate vendors. I just want to dig in a little bit more. It seems like there’s even a big shift more favorable to CrowdStrike from your comments even a quarter ago, with SentinelOne and BlackBerry Cylance potentially up for sale, are you already generating strong share gain opportunities in the SMB market? Or can you just let us know how Falcon Go is trending versus your expectations?
Yeah. We already see that in the marketplace. We’ve got customers that are very concerned about the uncertainty. They have seen the Cylance Blackberry movie before, and they’re concerned and uncertainty is never a good thing for a security buyer. So we’ve already seen deals come our way. And again, as a consolidator, and as the leader of the space, we think that just accrues more value to us. So we’ll see how everything shakes out, but for sure, what we’re hearing from partners and customers about some of the latest movements in our space is concern in terms of other competitors. And again, they’re looking for a long-term viable partner, and those are — that’s what we’re hearing from multiple sources.
Thank you. One moment please for our next question. Our next question comes from the line of Gray Powell with BTIG.
Great. Thanks for taking the question. And congratulations on the good results. So maybe one on the competitive side. I guess the biggest concern we’ve heard from investors is just on pricing in the endpoint security space, particularly as EDR adoption moves past the 50% mark. So I guess the question would be, how much room is left in the Global 2000? And then how sensitive do you think the incremental buyer is today compared to what you’ve seen the last two years? Thank you.
Well, from buyers, what we’ve seen is their buying platform. They’re not just buying one particular area. The way our technology works, it’s single-agent architecture, a common data store and then modules and then we’ve been able to obviously monetize that across different areas. Protection is just one area. But when you look at cloud, you look at agentless, you look at some of the other offerings, LogScale and Identity, it’s really about the platform sale, not an individual area and getting the right outcome, as I talked about in the earnings script, stopping breaches. I talked to a customer recently. They have 60 different products and controls. And we were the only one that actually detected activity in their environment and prevented a potential issue. So that’s really been the focus for us. And I think when you look at even the legacy areas, it’s almost, what, 50% of the market is still available from a legacy perspective, near 50%. So yeah, 48%. I think when you look at that, still a big opportunity in legacy displacements as well as the platform areas that we called out are just massive TAM opportunities. And as I mentioned in the script, they could each be an IPO-able business on a stand-alone basis as big as they are.
Thank you. One moment please for our next question, please. Our next question comes from the line of Brian Essex with JPMorgan.
Yeah. Good afternoon. Thank you for taking the question. Maybe just for Burt. I wanted to understand how you’re balancing spending both on a GAAP and non-GAAP perspective. It looks like operating expenses on a non-GAAP basis actually declined sequentially, but stock-based comps spiked up. Would love to know how the hiring environment is playing into that and how you think about managing that going forward? And any impact that might have toward achieving your cash flow targets? Thank you.
Sure, right. So thanks for the question. So number one, we are going to continue to invest as aggressively as we can while keeping to our commitment to our profitability metrics. And for us, I think that the key here, you had mentioned on the stock-based compensation, a lot of that is based on timing of grants and I think that for us, we’re going to continue to use grants to attract and retain. Having said that, we think that we are going to continue to show low dilution, less than 2% this year and strive to keep it under 3% for next year. For us today, we think it’s a good hiring environment. We’re taking the time in terms of how we’re going to [Technical Difficulty] hiring and where, and we’re being very prudent in terms of where we’re deploying headcount. And as we’ve mentioned in prior calls, we are managing the pace of hiring in accordance with what we think is what we need to continue to hit our targets. So that’s how we see it.
Thank you. One moment please for our next question. Our next question comes from the line of Jonathan Ho with William Blair.
Hi, good afternoon and congrats on the strong results. Can you maybe give us some additional color in terms of what you’re seeing for these attach rates, especially with the eight or more products and how do we think about maybe net retention going forward as you start to realize that platform vision? Thank you.
Yeah, Jonathan, great to hear your voice. Yeah. We’re really pleased with what we’ve seen with respect to customers adopting across the board, five, six, seven, eight modules. So for us, when you talk about the DBNR, remember, it’s a noisy metric, and it can fluctuate quarter-to-quarter, and we’ve talked about that repeatedly. Some quarters have bigger [lands] (ph) and some have bigger expense. But I think at the end of the day, for us, what we’re seeing is that we’ve got a lot of headroom in both new local opportunities. George talked about the available market from our legacy provider 48%, but we also have an ever-growing customer base. And as we continue to delight our customers, they’re going to continue to buy more for us, and it goes along with the consolidation theme that we’ve been talking about here. So it really plays into our favor. The great news is that in addition to strong expansions, net new ARR contribution from new logos remains high, even higher than we were expecting so far for the year.
Thank you. One moment please for our next question. And our next question comes from the line of Gregg Moskowitz with Mizuho.
Okay. Thank you for taking the question. George, obviously, it’s extremely early as it remains — as it relates rather to the arc of generative AI. But you did mention in your prepared remarks that you plan to release Charlotte AI pricing at Fal.Con. Presumably, that means there will be some form of discrete monetization for Charlotte. We haven’t really seen that though from other cybersecurity vendors as yet. So when it comes to your data and the application of your AI tech, maybe just help us understand kind of why you think you’ll be able to not just deliver incremental value to your customers but monetize it as well? Thanks.
Sure. Well, when you look at outcomes, as I mentioned, one of them is doing more with less. And in security, there’s upwards of probably a 3 million person gap and the ability to actually hire security folks. And as I mentioned, when we launched Charlotte AI in public preview is the fact that it really — it really is a virtual analyst, a SOC analyst, which are super expensive and hard to maintain. So for our purposes, when we look at the total value to a customer, if we can create more virtual analysts, just as an example that takes eight hours of work and compress it into 10 minutes. We think there’s real value to that, which is why we’ll have pricing around it, which we’re going to deliver at Fal.Con. And even from what we’ve shown recently in one of the security conferences, it’s real. It’s out there. People liked it. They want it and it’s differentiated from others that were just showing PowerPoint. So we’re really excited about it. Obviously, it’s early innings. But if we can show real value in creating these virtual analysts around Charlotte AI, we think customers are going to pay for that.
Thank you. One moment please for our next question. And our next question comes from the line of Gabriela Borges with Goldman Sachs.
Good afternoon. Thank you. Burt, I’m looking to better understand the impact that macro may be having on the upsell and downsell component of NRR. Are you seeing customers coming up for newer contracts, trying to optimize the number of endpoints they have and the number of employees that they have? Is that causing pressure on NRR? And if it is, when do you think that headwind might abate?
Hey, Gabriela. So first, I think we talked about why we were giving guidance the way we did. We did talk about the 10% headwinds for the first half, we came in better than that. We talked about coming in flat to slightly up for the second half over last year. And I think at the end of the day, we’re still in a tough macro. We believe all the things that George talked about, we’re very adamant that we feel that we’re going to be able to achieve those things. Having said that, you have to remember that still, as I said earlier on this call, deals are taking longer to close, there’s more scrutiny on the P&Ls and so we have to overcome those things to be able to really overcome what — anything that we would put out there. And for us, I think that we have a great opportunity to do so. And it’s so long as we continue to stay the course, invest where we need to invest, take a prudent approach, I think we’re going to be in good shape.
Thank you. One moment please for our next question. Our next question comes from the line of Patrick Colville with Scotiabank.
Hey, thank you for taking my question. And this one is for Burt. I mean you gave us lots of juicy metrics. And I guess I just want to get some clarifications. Can you give us the emerging products number, so we can kind of triage what we had previously versus kind of what you’re giving us now? And then I guess the second part of my question is in reference to your comments about fiscal ’25 operating margin being in line with the target model. Can you just remind us what the target model is that you’re referencing?
Yeah. So first, on the emerging products, we thought it would be better to give you full numbers on our businesses that are meaningful, that are taking flight. So we won’t be going back to anything that we used to call emerging products. With respect to our target model for FY ’25 and hitting those targets, the last one that we were talking about was certainly the operating margin. We said we were going to be between the 20% and 22% plus, and we actually hit that one. That was the last one of several that we gave out from subscription gross margin to F&M to G&A to R&D. We also gave out free cash. And for the year, we’re still talking about that 30% to 32% plus.
Thank you. One moment please. And our next question comes from the line of Yi Fu Lee with Cantor Fitzgerald.
Yi Fu Lee
Congrats on the strong set of results. This is Yi in for Jonathan Ruykhaver. Just one question around CNAPP. Obviously, CrowdStrike is building CNAPP around endpoint. I was wondering if maybe, George, you could share any benefits of doing this versus other vendors that building it off, like, let’s say, a Zero Trust Exchange? That is from us.
Yeah. So when we think about our Cloud business, and I went into some detail on this. It’s both agent and agentless so, right? It’s not just around the cloud workload protection, but it’s also around the cloud security posture management and everything really from code to cloud. And we’ve added tremendous capabilities, which I’ve called out in the earnings script as well in terms of our ability to instrument and flight containers and understand if insecure code is being put into the CICD pipeline, et cetera. So we’ve always been strong in the agent world. And what we’re finding is that customers are looking at agentless and moving to our solution because it combines the best of both worlds, agent and agentless, together in one single SKU. And we had tremendous success last quarter. We’ve got a dedicated sales team on cloud, and customers are seeing the benefits of an integrated platform with Falcon. So we’ll continue down that path. And again, we continue to build out its capabilities and win new business there.
Thank you. One moment please. Our next question comes from the line of Trevor Walsh with JMP Securities.
Great. Thanks for taking my question. George, maybe just to follow up on that last response around CNAPP. What’s the appetite for customers to or at least start to look at combining CNAPP capabilities with XDR or at least kind of bridging the two together as far as kind of all the — just another point of telemetry from cloud kind of feeding into that XDR outlook? And where do you see it either happening — what’s the kind of current state and where do you see it going? Thanks.
Well, the current state is the reality, which is that’s what we’re doing today. So we’re taking all that rich telemetry from the CNAPP offering, agent, agentless and even the exposure management that all from an XDR perspective, is coming back into the Falcon platform and is available to any of the algorithms to identify and prevent any sort of malicious activity. It’s also available from a compliance perspective to help customers manage their compliance and risk. It’s available from an asset graph perspective, which gives customers an idea of what’s actually in their environment. And then from a cloud detection response perspective, we actually have some of our managed services that are able to help cloud customers, which at this point, is sort of an epidemic of issues in cloud environments, the way the adversaries are operating. So we’re really pioneering that space and putting it all together. And there is a reason why we’re one of the largest cloud security by revenue vendors in the market today.
Thank you. One moment please. Our next question comes from the line of Peter Levine with Evercore ISI.
Great. Thanks, guys, for taking my questions. George, maybe just to piggyback off of that other AI question. Every vendor is telling us their AI is proprietary. The outcomes are proprietary to their data. So maybe explain to us like really where the competitive moat comes from? When we hear Microsoft talk about or at least push all their products, their customers going copilot, Palo, Zscaler are all talking about kind of the same outcomes. But maybe put a finer point on why you think what your moat is around Charlotte AI?
Sure. It really is a good question, and I certainly agree with you. There’s a lot of people talking about it, and I think we’re actually delivering it. One of the things that I would point you to is the data set itself. And what’s important to realize it isn’t just about the most data. You’ll hear that from a lot of vendors. One vendor will say more data than the other. It’s really about sort of the curated data set because when we think about generative AI, it actually has to be trained. We think about ChatGPT, there’s a bunch of humans helping to train it. Just so happens, probably more by luck than understanding generative AI was going to be on the horizon, that when we started the company, we actually have a very well-defined training set that’s annotated based upon all the threat hunting that we’ve done over the last 10 years. So we believe our 10-year head start in terms of having a data set that’s actually curated is going to give us a distinct advantage of helping our customers. So that’s a big area. And then it’s a foundational platform component, which is made available to every other service on the platform, which is different than others. So again, first innings, we’ll see how it all unfolds, but initial customer reaction has been very, very positive.
Thank you. I’ll now hand the call back over to CEO, George Kurtz for any closing remarks.
Great. Well, I want to thank everyone for their time today. We certainly appreciate your interest and look forward to seeing you in person at our upcoming Fal.Con conference. Thanks so much, and we’ll talk soon.
Ladies and gentlemen, this concludes today’s conference call. Thank you for participating, and you may now disconnect.