CrowdStrike Holdings, Inc.

CrowdStrike Holdings, Inc.

$372.26
14.71 (4.11%)
NASDAQ Global Select
USD, US
Software - Infrastructure

CrowdStrike Holdings, Inc. (CRWD) Q1 2020 Earnings Call Transcript

Published at 2019-07-18 23:01:09
Operator
Good day, ladies and gentlemen. Thank you for your patience. You've joined the CrowdStrike Holdings Incorporated Q1 Fiscal Year 2020 Financial Results Conference Call. At this time, all participants are in a listen-only mode. Later, we will conduct a question-and-answer session. [Operator Instructions] As a reminder, this conference is being recorded. I would now like to turn the call over to your host, VP of Strategic Finance, Peter Daley. Sir, you may begin.
Peter Daley
Good afternoon. Thank you for your participation today. With me on the call are George Kurtz, President, Chief Executive Officer and co-Founder of CrowdStrike; and Burt Podbere, Chief Financial Officer. Before we get started, I would like to note that certain statements made during this conference calls that are not historical facts, including those regarding our future plans, objectives, and expected performance, are forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. These forward-looking statements represent our outlook only as of the date of this call. While we believe any forward-looking statements we have made are reasonable, actual results could differ materially because the statements are based on our current expectations, and are subject to risks and uncertainties. We do not undertake and expressly disclaim any obligation to update or alter our forward-looking statements, whether as a result of new information, future events or otherwise. Further information on these and other factors that could affect the Company's financial results is included in filings we make with the SEC from time-to-time, including the section titled Risk Factors in the Company's Form S-1, previously filed with the SEC. Also, unless otherwise stated, excluding revenue, all financial measures discussed on this call will be non-GAAP. A discussion of why we use non-GAAP financial measures and a reconciliation schedule showing GAAP versus non GAAP results is currently available in our press release, which may be found on our Investor Relations website at ir.crowdstrike.com or on our Form 8-K filed with the SEC today. Now, I will turn over the call to George to begin.
George Kurtz
Thank you, Peter. And thank you all for joining our first earnings conference call as a public company. I would like to begin by also thanking all of our employees, customers, partners, and investors for the hard work and dedication in helping us reach the important milestone of becoming a public company. We had a very strong start to the fiscal year. Consistent with the preliminary financial results in our IPO prospectus, we achieved 103% year-over-year total revenue growth, and added a record number of net new customers, while meaningfully improving operational leverage in the first quarter. Burt will discuss the details of our Q1 financial performance in a few moments. But first, for those new to the CrowdStrike story, I will provide some background on our technology, business, and markets. Our success to-date and rapid growth are the results of close to a decade-long mission to stop breaches and pioneer a new category, the security cloud. Nearly every breach you’ve ever heard of had two things in common. The victims had both a firewall and an antivirus solution. Today, companies and government agencies face the constant threat of cyberattacks from a variety of threat actors, ranging from highly advanced nation states to organized crime, activists and even terrorist organizations. These attacks aim to not only steal money and intellectual property, but increasingly they seek to disrupt and destroy. Using highly sophisticated tools and techniques, today’s cyber adversaries run circles around fossilized legacy technologies. This is what led us to start CrowdStrike back in 2011. We set out to create a modern endpoint security platform with a cloud native architecture, built from the ground up to stop breaches. Like other cloud disruptors, CrowdStrike started with a clean slate to build not only a scalable cloud architecture, but also a scalable, frictionless and highly efficient business model. Our platform is composed of two tightly integrated proprietary technologies, our easily deployed intelligent lightweight agent and our cloud-based dynamic graph database, called Threat Graph. Our Falcon platform integrates 10 cloud modules via software-as-a-service, subscription-based model that spans multiple large markets, including endpoint security, security and IT operations and threat intelligence to deliver comprehensive breach protection, even against today's more sophisticated attacks. We believe our cloud native platform gives us a fundamental competitive advantage as we capture data once and reuse it and monetize it many times over. Our customers can try new modules already populated with their data for free. This creates a high velocity cross-selling model. In fact, there are a number of key attributes that we believe set the Falcon platform apart from other solutions in the market. First, our solution is rapidly deployable, easy to use, and unlocks the power of crowdsourced data. It gets smarter the more data it consumes, increasing our effectiveness, intelligence and competitive advantage with each new customer and endpoint or workload, joining our crowdsourced network. Second, all of our cloud modules are powered by a single intelligent agent, allowing customers to consolidate and remove numerous agents from their infrastructure and restore endpoint performance. Our lightweight agent is designed to be automatically installed and operational on an endpoint in less than 30 seconds, that’s without any reboots. This is an important attribute for customers as they do not want to reboot their entire business to adopt a new solution. Solving this engineering challenge was critical for providing immediate time to value for our customers. Another key aspect of our agent is its ability to dynamically capture high-fidelity data with our proprietary smart filtering technology. What matters to stop breaches is the quality and the type of data that we obtain and analyze. Smart filtering is critical to capturing the right data on both the real world attacks and benign behavioral patterns to continually train and enhance our algorithms, resulting in industry-leading threat detection and low false positive rates. CrowdStrike’s smart filtering technology also allows us to take full advantage of the cloud. Our cloud native approach outperforms other solutions that may be forced to store their data locally or inefficiently stream unfiltered data from endpoints to on-premise controllers which crush networks and endpoint performance. And third, all the data we collect is stored in one place, not on-premise or stuck on the endpoint itself, but in the cloud where it’s analyzed almost instantaneously across our entire customer base. To handle all this telemetry, we’ve built our own proprietary distributed graph database that we call Threat Graph. We like to think of Threat Graph as the brain of our system. It is capable of dynamically scaling to meet demand. Every week it processes, correlates and analyzes over 1 trillion events across our global customer base in real time. What makes our Threat Graph so unique and powerful is its ability to very quickly discover and identify relationships and patterns within the data to see and stop attacks that are invisible and undetectable, using conventional legacy solutions. Threat Graph lets us apply cloud scale AI to this data to stop breaches in real time. Today, we serve over 3,000 subscription customers. We protect many large organizations across all mortgage verticals including 9 of the top 20 banks over 40% of the Fortune 100 and government agencies around the world. Our ease-of-use, rapid deployment and exceptional efficacy also makes our solutions a natural fit for small and mid-sized organizations, which often do not have large internal security teams. In the first quarter, we saw a strong customer momentum. I will take a moment to highlight a few of the notable customer wins that showcase initial adoption drivers of the Falcon platform as well as our ability to expand within existing accounts. Key things we often hear from customers are the need to simplify the security stack, reduce a number of agents on their endpoints and gain the advantage of a true cloud native endpoint security platform. Take the example from this quarter of a health insurance provider that was using a number of tools from other security vendors including EDR from a next gen vendor, AV from a legacy vendor and a variety of tools embedded in the operating systems of their servers and workstations. Yet this company had issues with alert fatigue and had difficulty scaling this patchwork of solutions as the business was growing. To solve these problems, they dropped the old setup and rolled out CrowdStrike’s Falcon platform, given its ease of deployment, single agent architecture and ability to take advantage of crowdsourced data by adding our threat hunting module, OverWatch. In Q1, we also displaced a legacy AV vendor and a midsized pharmaceutical company. The board and leadership team at this company had a growing concern about their current state of security and the level of adversary activity they were seeing. They also knew they had limited cybersecurity personnel and the skills gap, which is another demand driver we commonly see among prospective customers. This company quickly identified our turnkey Falcon Complete offering to help them easily address their skills gap and fortify their cyber defenses. Next, I will highlight a win that represents our tremendous opportunity to expand within our customer base. This customer is in the public sector, which also speaks to our growing success in that segment of the market. We initially engaged with this large U.S. city back in 2016 on a small deployment of 15,000 endpoints to replace a fossilized AV vendor that was failing to provide protection and value. We replaced that vendor with our combined EDR next-gen AV offering plus OverWatch. Based on the success of the initial deployment, we expanded our footprint to over 250,000 endpoints the following year. And I'm pleased to report that in Q1 of this year, we have increased coverage to 400,000 endpoints and sold additional cloud modules, including Falcon Discover for IT hygiene, Falcon Device Control, Falcon Spotlight for vulnerability management, and Falcon X for integrated threat intelligence. This is a great example of how we can land a new customer and expand that relationship by adding endpoints and modules over time. Our Falcon platform is one of the most strategic security purchases they have made in many years. These wins represent just a few of the 543 net new subscription customers that selected CrowdStrike in Q1 to help them stop breaches and protect their organizations. Driving the adoption of our platform is a robust sales and marketing engine that continues to deliver an increasing number of new logos, while consistently removing friction from the sales process. Increasing our customer base is a key component of our growth strategy. And we will continue to invest in customer acquisition programs, channel partnerships, and frictionless go-to market programs, including free and in-app trials. In addition to winning new customers at a rapid pace, we're also focused on expanding our relationship with existing subscription customers by deploying additional cloud modules and protecting more of their endpoints. Our dollar-based net retention rate speaks to the efficacy of our solution in our successful land and expand sales model. As of January 31, 2019, we had a dollar-based net retention rate of 147%. While this metric can fluctuate quarter-to-quarter, our benchmark is 120% or above, which we again exceeded in Q1. While we started in the endpoint security market, given the nature of our cloud-native architecture, we’re able to rapidly innovate on top of our platform and build new modules for additional functionality, and use case is not typically associated with endpoint security. Since 2016, we have launched seven new cloud modules and today we address five markets, corporate endpoint security, threat intelligence, security and vulnerability management, IT service management software and managed security services. Combining these market segments, we estimate that our global market opportunity is $24.6 billion in 2019, and growing to over $29 billion in 2021. To help drive future growth, we plan to continue to develop new cloud modules to address broader endpoint use cases such as IT configuration management and IT operations. To measure our success executing on our platform strategy, we look at the percentage of all subscription customers who have adopted four or more cloud modules. This percentage rapidly grew to 30% by the end of fiscal 2018 and grew to 47% by the end of fiscal 2019. In Q1, we continue to see an upward trend in this metric. In looking at our future growth prospects, it is common for those new to the CrowdStrike story to only think about the opportunity as endpoints such as desktops and servers. However, we think about the opportunity differently and more broadly than that. We expanded our market opportunity by securing a wider array of workloads which includes desktops and servers, virtualized and cloud environments, IoT devices, and containers. In Q1, we expanded our market opportunity even further when we introduced Falcon for Mobile that supports Android and iOS. This is a powerful vector for growth. These workloads need to be protected and they are growing with every new connected device and every new cloud instance. We also intend to grow by broadening our reach into new international markets and customers segments including smaller organizations as well as acquiring customers in the federal government vertical. And lastly, we see significant longer term opportunity with new workloads and applications within the CrowdStrike store. The CrowdStrike Store offers the first and only unified security cloud ecosystem of trusted third-party applications. This sets the stage for us to further expand our TAM and grow in segments outside of security, such as IT operations and compliance. In summary, we could not be prouder of our important mission, protecting our customers from devastating attacks, business disruption and assess of IP and financial resources. In addition to stopping breaches, we also help our customers reduce cost and complexity which differentiates us in the security marketplace. We have built a high-performing and enduring business with multiple engines for growth and a frictionless go-to-market strategy. We are excited by our future opportunities and look forward to your support as we advance on our journey to become the leading endpoint security platform and ultimately the de facto endpoint platform of the future. With that I’ll turn the call over to Burt.
Burt Podbere
Thank you, George, and good afternoon, everyone. I’d like to express how pleased we are with the level of interest we have received from our analysts and investors. We look forward to getting to know you and keeping you updated on our performance. Today, I will provide a brief overview of our first quarter financial results, target operating model, and our second quarter and full-year 2020 guidance. As a quick reminder, unless otherwise noted, all numbers except revenue mentioned during my remarks today, are non-GAAP. Across the board, we delivered an outstanding first quarter with strength in multiple areas of the business including ARR growth, revenue growth, and subscription gross margin improvement. We view annual recurring revenue or ARR as a key metric to measure our business, given it is driven by our ability to acquire new subscription customers, and to maintain and expand our relationships with existing subscription customers. We define ARR as the annualized value of our customer subscription contracts at the end of the quarter, assuming any contract that expires during the next 12 months is renewed on its existing terms. In the first quarter, we delivered a 114% ARR growth to reach $364.6 million of which $52 million was net new ARR added in the quarter. This growth was driven by a strong quarter for new logo acquisition, combined with low contraction and churn within our existing customer base. Total revenue more than doubled over Q1 of last year to reach $96.1 million. Approximately 90% of our revenue is subscription based with no perpetual licenses, giving us a strong, scalable, recurring revenue base and a business model advantage. In the first quarter, subscription revenue grew 116% over Q1 of last year to reach $86 million. The remaining 10% of our total revenue is derived from our strategic professional service offerings, which include incident response and proactive services that are generally sold separately from our subscriptions. While professional services carry a lower gross margin that our corporate average, it is a small portion of our revenue base and we view it as strategic. We have been able to derive an average of about $3 of subscription ARR for every $1 spent on an initial incident response for proactive services engagement. To be clear, these are customers that are new to CrowdStrike. In terms of geographic breakdown, approximately 75% of first quarter revenue was derived from customers in the U.S. and 25% from international markets. Moving to our operating results. We are focused on building a long-term business with sustainable growth and compelling margins. In Q1, we continued to recognize operating leverage in our SaaS model and the benefits of scale even as we increased investments in our global reach and cloud platform. First quarter non-GAAP gross margin improved to 70% from 59% a year ago. Our non-GAAP subscription gross margin increased to 73% from 62% in Q1 of last year. The improvement is primarily attributable to the efficiencies around hosting and data center costs and the uptake of multiple cloud modules by our customer base. Our collect ones reuse many data strategy, means that after the first module subscribed for by that customer is paid for and covers the cost of data storage and most computational costs, each additional subscription module carries a very high margin. Total non-GAAP operating expenses in the first quarter were $89.2 million, or 93% of revenue versus $59.4 million last year or 126% of revenue. Scaling and growing our business efficiently is a top priority, which is why we focus on our unit economics metrics, including Magic Number. In Q1, we ended with a Magic Number of 1.1. Key factors driving our unit economics include our strong gross and net retention rates, our highly efficient, low friction sales and marketing programs that continue to drive subscription revenue growth. We have a proven history of disciplined investing and remain committed to maintaining a thoughtful balance between generating top line growth and achieving operating leverage. Going forward, we plan to make continued progress in driving toward breakeven and beyond, but it may not be in a linear fashion, depending on the timing of expenses. As a result of our rapid top line growth, improving growth margin profile and continued disciplined approach to investing in our business, we drove strong operating leverage in the quarter with our operating margin improving 43 percentage points year-over-year. Non-GAAP net loss was $22.1 million or $0.47 per share, which compares to a non-GAAP net loss of $31.7 million or $0.73 per share in Q1 of last year. The weighted average common shares used to calculate first quarter EPS was 47.2 million shares in Q1 fiscal 2020 and 43.6 million shares in Q1 2019. Before I discuss our balance sheet I’d like to review our long-term operating model. On a non-GAAP basis, we are targeting gross margin to be in the 75 to 80 plus percent range. As a percentage of revenue, we are targeting non-GAAP sales and marketing to be 30% to 35%; R&D 15% to 20%; and G&A 7% to 9%. We anticipate this will lead to a non-GAAP operating margin of 20% or greater. Turning now to the balance sheet. We ended Q1 with a $175.1 million of cash, cash equivalents and marketable securities. Subsequent to the close of the quarter, we received net proceeds of $659.1 million from the IPO. Cash flow from operations in Q1 was positive $1.4 million and free cash flow was negative $16.1 million. Moving to our guidance for the second quarter and full year fiscal 2020. For Q2, total revenue is expected to be in the range of a $103 million to a $104 million, reflecting a year-over-year growth rate of 85% to 87% with subscription revenue being the dominant driver of growth. We expect non-GAAP loss from operations to be in the range of $29.1 million to $28.6 million and non-GAAP net loss to be in the range of $30.5 million to $30 million. Utilizing weighted average gears used in computing non-GAAP net loss per share, basic and diluted of 129.9 million, we expect non-GAAP net loss per share, basic and diluted in the range of $0.24 to $0.23. For full-year 2020, we expect total revenue to be in the range of $430.2 million to $436.4 million, reflecting a growth rate of 72% to 75%. Non-GAAP loss from operations is expected to be between a $113.4 million and a $110.4 million, and non-GAAP net loss is expected to be between $105.9 million and a $103.2 million. Utilizing weighted average shares used in computing non-GAAP net loss per share basic and diluted of a $147 million, we expect non-GAAP net loss per share to be in the range of $0.72 to $0.70. We are pleased with the strong results we are reporting today and believe we have the capacity and resources to continue driving the business forward over the long term. We are excited about CrowdStrike’s new phase as a public company and appreciate your ongoing interest and support. George and I will now take your questions. Operator, we’d now like to open the lines for questions.
Operator
Thank you sir. [Operator Instructions] Our first question comes from the line of Heather Bellini of Goldman Sachs. Your question, please?
Heather Bellini
Great. Thank you so much, gentlemen, for taking my question, and congratulations on your first quarter out of the gate. I wanted to follow up on some of the comments you made about the ultimate expansion and the things like IT ops and ATM. And just wondering, given just trying to think outside of the endpoint market as you referenced, how do you think your position in that market versus the competition? And just if you could share with us kind of is this kind of the customer kind of driving you into that market? And again, just share with us, how you feel like you’re positioned to start taking share in that market over time? Thank you.
George Kurtz
Sure. This is George. Thanks, Heather. So, I think it really is an extension of what we've already built and continue to refine in our IT ops and our Discover module, and just add on to what we’ve been seeing from a customer perspective. Getting back to the overall model, the single agent architecture, the ability to collect data at one-time, it becomes easy for us, if you will, to be able to represent that data and help customers understand the current configuration they have, help them provide more efficient IT operations once they have visibility into applications and the system health and things of that nature. So, it really is just an extension of what we’ve already been doing. And when we think about the opportunity, again, as these workloads proliferate, whether it’s desktops, server and IoT device, a cloud instance, a containerized instance, they all need some level of protection and visibility. And really, this is just an extension to collecting the data that we already have and being able to display that in a work flow that makes sense for our customers.
Operator
Thank you. Our next question comes from the line of Sterling Auty of JP Morgan. Your line is now open.
Sterling Auty
I wonder if you could give us an update on how your partnerships are developing, especially with partners like Dell.
Burt Podbere
Hi, Sterling. It’s Burt. So, I would characterize, [Technical Difficulty] early innings in terms of AR generation versus [Technical Difficulty]. We have access [Technical Difficulty] business from customers around the world. The up-sell [ph] opportunity is significant [Technical Difficulty]. Ultimately, we feel that [Technical Difficulty] expansion to markets [Technical Difficulty] strong presence such as in Federal or EMEA or APJ.
Sterling Auty
Got you. And then, one follow-up in terms of the module adoption for investors that are newer, what kind of the most popular module that you see within the ones that get upsold once a customer comes up?
Burt Podbere
That’s a good question. So, as you saw in the S-1, we're in a great spot. We’ve got 47% of our existing customers having four more modules in Q4, we saw that in Q1, the trend continued. For us, it goes back to how George first thought about the company, which was about next generation AV, EDR and OverWatch. Those were the three things that he came out with. And those are our core to our business, and that hasn’t changed. All the other ones that we talked about, whether it’s device control or whether it’s Discover, all those come in and they can come in equally depending on what the customer really wants to do.
Operator
Thank you. Our next question comes from the line of Tal Liani of Bank of America. Your line is now open.
Tal Liani
I’m trying to work next quarter numbers. If I put -- you are guiding way higher than we thought. If I put $103 million or $104 million in revenues, I don’t get minus $0.23, I get deeper loss. So, that means your margin assumptions are better than what we’re expecting. Can you elaborate on gross and OpEx -- gross margin and OpEx assumptions for next quarter? Thanks.
Burt Podbere
So, as we think about guidance, we think about guiding prudently based on the things that we know today, not necessarily the things that we don’t know. As we think about the future and to the guidance, we think about both improvements on the top, improvements on gross margin and OpEx. As we think about the splits between OpEx and gross margin, we think it's about 50-50 in terms of how we think about the improvements and the benefit there.
Tal Liani
Is so, still your targets, long term targets, same targets, you're reiterating the targets?
Burt Podbere
I am reiterating targets, correct.
Tal Liani
Okay, perfect. Thank you. I don't have a question on the fundamentals, straightforward quarter. Thanks.
Operator
Thank you. Our next question comes from the line of Saket Kalia of Barclays. Your question, please?
Saket Kalia
Hey, guys. Thanks for taking my questions here. First, maybe for you, Burt. We spoke about some of the different modules in your prepared remarks. But, can you talk about some of the different packages out there, like Falcon Pro, Falcon Enterprise and of course, Complete. Maybe just qualitatively, what you're seeing from a high level in terms of adoption, across some of those different packages or bundles that you offer?
George Kurtz
Sure. Hey, Saket. This is George. I'll take first shot at this. So, if we look at pro, which is really our Prevent and our Falcon X, that has wide adoption in the smaller SMB and corporate space. Obviously, the enterprise package can be applicable to a large organization, a corporate company, or even a large enterprise. And as we continue to go up the food chain, if you will, with premium, we have, as we talked about, we have many of our customers actually have OverWatch and Discover. And, it really depends on the overall organization. Certainly, Enterprise and Premium are going to be more applicable to the larger organizations. And the Pro version is just pure antivirus, if you will, next-gen AV antivirus with our Falcon X technology can be useful for a smaller organization. The beauty of the model is, once people understand our technology, it is easier to upsell them into an EDR technology where as a smaller company, maybe they weren’t quite exposed to it. But given our technology, how it works, how easy it is to use, and combine that with OverWatch, it makes for an effective cross-sell. So, hopefully that gives you at least an idea of where we're seeing the traction. And again, our overall goal, even for large enterprises is, you could have a trial in a large enterprise of just the pro product. But then, we can quickly come in and cross-sell them or up-sell them in the sales process into a package that fits their enterprise. So, it can leak into the enterprise, just from the free trial, which is really exciting to us. And it doesn't just have to be a next-gen AV sale.
Burt Podbere
It’s Burt. I'll just add on to that. As we think about what I just talked about in terms of the module adoption, as we continue to come out with different bundles and as we continue to bring new modules to the marketplace, we anticipate that not only the adoption within our existing customer base will increase but the amount of modules that each customer will have will increase as well.
Saket Kalia
Got it. Got it. Maybe just to stay with you, George. You brought up the CrowdStrike store quickly in your prepared remarks. Realizing it's early, can you just talk a little bit about the pipeline of potential partners that you can work there -- that you can work with there? And maybe some broad brushes on again, realizing it's early, how you sort of envision some of the commercial terms as those partners leverage some of the CrowdStrike data that you're able to collect?
George Kurtz
Sure. So, we've got close to a dozen partners that are in process and investigation phase. I think just to reiterate what we talked about is making sure that we’ve got the quality versus just quantity in the story. And certainly it’s early days as we continue to underscore. I think, when you look at the opportunity, the opportunity is much broader than that. You look at our technology fundamentally where we have the ability to do, it’s the ability to gather large amounts of data at scale, it could be security related data, it could be non-security related data. And we have the ability to take action. And this is very important for organizations of all sizes. And ultimately having them interact with third parties or create their own work flows is very exciting to this organizations. So it’s still early days but we’re focusing on getting the right partners in. And when we think about the revenue opportunity, Burt can comment some more specifically around this, but in terms of how we look at market with these partners, the more of the service offerings, behind the scenes APIs, if you will, that they use, the greater revenue share that we would get. So, the more they consume our platform, the less that they have to spend on their own and more revenue from a rev share perspective we will be able to take advantage of that.
Burt Podbere
Sure. And to expand on that just a little bit, as we look at each partner, we look at it on a case by case basis. And for us, as we think about the opportunity, we would derive revenue share from that.
Operator
Thank you. Our next question comes from Brad Zelnick of Credit Suisse. Your line is open.
Rachel Lauren
Hi. This is Rachel Lauren on for Brad. Congrats on the quarter, and it’s really great seeing the outlook. I just wanted to ask, are you seeing Windows 10 adoption as an opportunity as customers reevaluate endpoint security, and are you seeing more interest for Microsoft Defender APT?
George Kurtz
Yes. This is George. I’ll take this. So, I think, anytime you have a transition between Windows 7 and Windows 10, an operating system change, there’s always an opportunity for us to get built into the overall going damages, [ph] and we continue to see that. With respect to other partners out there or I should say, other competitors, I mean, there’s a variety of competitors that are out there. We’ve, I think, done a great job because of our platform support for technologies beyond just Windows. So, in a heterogeneous environment, companies want coverage not only for Microsoft 10 but they also want it for Linux and Mac and other devices. So, I think that’s an area where we have a distinct advantage over our competition in terms of our platform support, particularly in the Linux environment.
Rachel Lauren
Got you. Thank you. That’s helpful. And I have a quick follow-up. You guys reported really strong retention number. I wanted to know kind of are you seeing more adoption in terms of increasing endpoints or is that more coming from module -- increasing module adoption?
Burt Podbere
Hi. It’s Burt. So, we see it from both, we’re going after both. Both, whether or not existing customer has done an acquisition and we would get more endpoints over in system the ability to upsell with our -- in our trails and we’re seeing actually adoption in both.
Rachel Lauren
Got you. Thank you very much.
Operator
The next question comes from John DiFucci of Jeffries. Your line is open.
John DiFucci
Thank you. I have a question for George and a follow-up for Burt. So, George, Burt pointed out that every incremental product customer buys, improves margin. And that makes a lot of sense because you all work off that foundation that you talked about, the graph database and that lightweight endpoint. And you pointed out, 47% at the end of last year -- or fiscal year, up from 30%, actually had four or more products. And I know you said that the trend continues. Can you give us anymore on that? Because I happen to think that it's not just about improved margins, it’s also stickiness. As you know, you’ve worked at other endpoint vendors too, the stickiness of endpoint is something that investors look at and they question how sticky is it going to be but you are much more than that. The more you are much more than that, the more sticky I think you are going to be. So, can you give us any more color around that, better than 47%?
George Kurtz
I think, in general, just some color for the overall approach that we’ve taken and just to maybe double click, we talked about that city that I spoke about in my example earlier where we started small and then have expanded out those modules and that being one of the most strategic purchases made. I think that really underscores how strategic we are, how sticky we are with customers and our ability to add new modules. And what's really interesting is [Technical Difficulty] customers, they routinely say, okay, before we're going to purchase something else that maybe as a module that we don’t have today, they always ask do you have this module and/or will it be in your store, because they want to make a buying decision that is outside of the Falcon platform. It’s very similar to way we -- many customers look at sales force as an example. You want to have it all integrated. So, we’ve seen that level of strategic interest in what we're building to make sure that they can harmonize on that before other purchases. I think that’s really a good indicator of the stickiness. Burt, if you have any other comments?
Burt Podbere
Yes. I know you want to drill a little bit more into where we think we can go above the 47%. I mean, as I said that the trend continued in Q1. But I think really we have quite a few customers that have all of our capabilities. And that’s going to put some upward momentum to that number, and we expect to see that.
John DiFucci
And Burt, I think Tal mentioned about the guidance theme that surprised there. As you know from the S-1 we had to look at what the numbers for the quarter would be and you actually gave a little better than that. But the real surprise is the guidance, which is much better than where we were anyway, and I think most people, adding almost 10 percentage points of growth to revenue for the year, and we know how that works. So, I guess, the question is, you got two weeks left in this quarter. You have insight into this quarter and obviously you guided for that but the pipeline, I guess that’s reflective of that. So, can you talk a little more, give us a little more color around the pipeline, and what you're seeing as far as momentum in the market right now?
Burt Podbere
Yes, sure. So, definitely I think the momentum is continuing. I think, the overall strategy where we’ve got module expansion and then even on the bottom when we think about optimizing our cloud approach, which -- our hybrid cloud approach, this means using a public cloud provider, and [indiscernible] and then finally approach the refinement of our ability to smart filter, I think those few things continue to allow us to see momentum in the marketplace today. When I think about the strong guidance, again the guidance is based on things that I know today and not necessarily things that I know historically we have the benefit of running the table quarter-on-quarter. And I think it’d be prudent not to guide that way in the future because we just don’t know. But, the momentum that we’ve got clearly from the strategies that we have taken is showing in the marketplace and in the guidance that we just gave.
Operator
Thank you. [Operator instructions] Our next question comes from the line of Matt Hedberg of RBC Capital Markets. Your question, please?
Matt Hedberg
Hey, guys. Thanks for taking my question. I see we're running a little late. So, I'll try to keep it to one, I can have multiple here. But, well done in your first quarter. I wanted to ask the question about module a little different way. Burt, can you provide some color on the level of catch of multiple products for new customers as you disclose? But, I'm wondering if you could kind of help out versus the trends, say a year ago, understanding a lot of your products having been introduced in the last couple years? But kind of curious if new customers are coming in at a higher rate than maybe you expect as well.
Burt Podbere
We're very proud of the fact that the new customers that are coming in are buying bundles out of the gate. So, the majority of our new customers are buying more than one, more than two of our modules, actually, the majority are buying three. And so, we're very proud of that. And we're continuing to delight our customers. And that gives us a chance -- those that are coming on three. And as you know, there's a lot of customers that come in with more than that. So, for us, as we think about bringing more modules to the marketplace, we would expect that to grow.
Operator
Thank you. Our next question comes from the line of Gur Talpaz of Stifel. Your line is open.
Gur Talpaz
Great. Thanks for taking my questions. And congrats on a strong start here as a public company. I'll keep it to one for you, George. You alluded to this in prepared remarks, but I was hoping you could extrapolate a little bit. How difficult would it be for someone to effectively replicate your cloud architecture with your single lightweight agent, I mean to come in today and try to do what you do, how much would have to go in to ultimately replicate your strategy and your go to market?
George Kurtz
Well, there's a lot of core IP that we’ve built into the technology. And we started in 2011, as the first cloud native endpoint security vendor. And obviously, there's a lot of lessons learned between now and then. I think, there's key elements that we have that we don’t -- number one is the single lightweight agent doesn't require reboots. That really helps time to value and adoption. I think number two is the proprietary graph database that we've built with our time dimension to it, very hard to replicate at scale. We didn't pick an open source technology because it just didn’t scale to what we needed, we didn’t have some of the elements. And then the modular framework, to be able to add modules and use at scale, it's just really, really hard thing to do. And, you have a lot of folks that talk about cloud, but the reality is, is cloud managed and is cloud native. And you really have to start from a single sheet of paper. I don't think, it's any different than the Salesforce Siebel analogy that you just can't take something that started on-premise and try to jam it into a cloud and call it cloud native. So, in our mind it’s a difficult thing to do. And, more importantly, anyone coming into the space would really have a low margins and has to go through a painful process of margin migration upwards. Obviously, you've seen we've gone through this, but a lot of it really is based upon the core IP that we've built, which is very unique. And the data maybe is the last piece that I'll say is, once you collect that amount of data, it keeps building on each other -- on itself, I should say. And again, that becomes a very hard thing to replicate the sheer amount of trillions of events that we collect each week.
Operator
Thank you. Our next question comes from Sarah Hindlian of Macquarie. Your line is open.
Sarah Hindlian
All right, great. Thank you so much, guys. I have a question around new customer adds, which were really, really strong this quarter. I'm hoping you can tell me what factors you think are primarily driving that and how we should think about it going forward?
George Kurtz
This is George. Let me start here. I think, what we’re seeing, again, is the recognition in the marketplace, whether it’s analyst recognition, whether it’s the single agent cloud architecture, the adoption of new cloud module, the adoption of workloads where customers are looking for something that’s simple, give you time to value and just works. I think, we’ve done a good job in the free trials. We continue to see a lot of momentum where customers are coming in and very easily and quickly seeing the value of our technology that we can convert that with a very robust inside sales team. So, we see a lot of momentum in that space. And I think it’s just a recognition that traditional legacy players are not really capable of dealing with advanced threats. And customers are looking for something different, more prudently in a cloud-based architecture to match their needs as they migrate other technologies into the cloud.
Burt Podbere
Yes. That’s right. And for us as excited as we are and we’ve been talking about the upsell into our customer base. We’re equally as excited to go after our new customers. And we are focused on going after both. We believe that we have a lot of headroom in both new logos, as well as upselling to our customer base. And we compensate our sales team the same for even one of those on sales. So, we’re excited to go after both of those.
Sarah Hindlian
All right. Great. Thank you, Burt and George. And then, I had a follow-up in terms of the new modules. I know it’s still early days. But I'm just wondering how the pricing is shaping up as you’re starting to really crack into these new markets? Is this similar pricing dynamics to EDR, what are you thinking early on here?
George Kurtz
Yes. So, as we think about pricing for our new modules, we take a look at what we’ve done in the past, we take a look at what the market will bear. You have great read on what customers have been able to absorb according to their budgets. And so, for us as we think about the fact that once you bought that first initial module, you’re absorbing a lot of the initial cost and we have lot of flexibility in terms of where we want to go with our pricing as new module come out. And so, we’ve been able to benefit from that.
Operator
Thank you. Our next question comes from Andrew Nowinski of Piper Jaffray. Your line is open.
Andrew Nowinski
Great. Thank you, and congrats on the nice start. So, I just wanted to follow up on your comments about how malwares are running circles around the fossilized vendor solutions that are in market? Has the recent news related to Symantec created enough disruptions that you’re noticing an improvement in your win rates, particularly over Symantec?
George Kurtz
Well, any of the legacy vendors we continue to take share from, and again, I think, it’s a recognition of customers that are trying to transition to a true cloud architecture. We don’t really get focused on their distractions. We continue to focus on building the best endpoint security and platform technology that’s out there. And that’s why we win. We show the value in the sales process of what we can deliver, how we can protect against breaches, and more importantly, how we can create a modular framework that allows them to consolidated the number of agents they have with a single lightweight agent that can do the work of many. I think that’s why we continue to win in all areas of business.
Operator
Thank you. Our next question comes from Terry Tillman of SunTrust. Your line is open.
Terry Tillman
Yes. Thank you, gentlemen, and congrats as well on the IPO and the strong results. Maybe, Burt, my question for you is, we’re just looking at our models and now updating them post the final results for 1Q and then the guidance, how do we think about seasonality from a standpoint of some of the input by new customers as we drive our IRR numbers throughout the year? Is your business kind of still not at a point where there's a lot of seasonality and things just continue to ramp each quarter or any comments around seasonality? Thank you.
Burt Podbere
Sure. So, we do have some seasonality. We do see dips in Q1 from Q4, but we generally tend to build from there. But as you think about your models, clearly look at our Q1 and run with that. That’s how we think about it.
Operator
Thank you. Our next question comes from Erik Suppiger of JMP. Your line is now open.
Erik Suppiger
Just in general, I’m curious what difference has the IPO made for you? Has that changed hiring, has that changed marketing opportunities, what changes have you seen in light of your hire profile at this point?
George Kurtz
Obviously, it was a financing event for us, but there is certainly marketing aspect and awareness worldwide. So, we continue to see more and more awareness of CrowdStrike and what we do and just how different we are from all the other technologies that are out there. And I think it served as a good event to provide a level of awareness that maybe wasn’t available outside of the U.S. And I think we will continue to create a boarder presence, particularly in the international markets as a result of this IPO process.
Erik Suppiger
Does it make a difference from a hiring perspective?
George Kurtz
Well, from a hiring perspective, I think what's really interesting is, the amount of the data that we have and just the technology and the science that we have, may not have been as well known. And when we think about some of the leading tech companies that operate at scale, I would put ourselves in that category. So, for folks that really are looking to deal with data science and at scale, we get really excited about what we’ve done. And I think we’ve been able to shine a light on that through the IPO process.
Operator
Thank you. Our next question comes from Gregg Moskowitz of Mizuho Securities. Your line is now open.
Unidentified Analyst
This is Michael on for Gregg. I was just wondering what did you see with the respect to pricing environment this quarter.
George Kurtz
For us, it’s been consistent with the prior quarters. We haven't seen anything that has been unusual and it’s been basically business as usual.
Operator
Thank you. Our next question comes from the line of Alex Henderson of Needham. Your line is now open.
Alex Henderson
I have a question, I wanted to ask was, the only thing that came back at me with any dissidence when we’ve been talking about the company over the last couple of months. And really the question was around your relationship with Splunk. As I understand, the Threat Graph, a big piece of the customization of Threat Graph is around the time variable and should we have very accurate understanding of when things happen in order to anticipate the rollout of tax. To the extent that you’re tied in with Splunk, what -- how important is that relationship with Splunk, given your time-based relationship or is there something that you're getting from the log that you are just not picking up otherwise? Thanks.
George Kurtz
It’s pretty simple. This broad relationship is really just for presentation purposes. So, the graph database, the collection everything is all our technology. And threat hunters tend to like to hunting back and search around. So, we use Splunk, which you’re very familiar with as a presentation layer. And that's the extent of it. So, it's not really used for anything other than that.
Alex Henderson
Perfect. That’s exactly what I thought. Thank you.
Operator
Thank you. Our last question is from Shaul Eyal of Oppenheimer. Your line is open.
Shaul Eyal
Thank you. Good afternoon, gentlemen. Congrats on a strong set of results as well as the outlook. George, thanks for your sleek customer examples in a number of verticals you provided us with earlier in the call. Of the 443 net new -- different customers, can you talk to us broadly about the average size of customers, was it SMB, was it midmarket, or maybe high-end enterprise, just some kind of along these lines? Thank you.
George Kurtz
Yes. So, just to clarify, it was 543. And it's really adoption across the board, whether it's large enterprise or small and midmarket customers. I think the beauty of the model is that we have been able to go down market very effectively. We started the enterprise, and then we've been able to go down at the corporate space and ultimately into the small SMBs. And it's really because of that immediate time to value up and running without really any configuration and immediate time to value. So, it's across the board. We continue to see large enterprises switch off their incumbent event vendors to CrowdStrike and embrace the simulation architecture. So, we anticipate that trend continuing.
Shaul Eyal
Understood. Thank you and congrats again.
George Kurtz
Thank you.
Operator
Thank you. At this time, I'd like to turn the call back over to George Kurtz for any closing remarks. Sir?
George Kurtz
All right. Great. Thank you. Great questions. And I want to thank all of you for your time today. We appreciate your interest, and look forward to speaking with you next quarter. Thanks so much and have a great day.
Operator
Ladies and gentlemen, that does conclude today's conference. Thank you for your participation. And have a wonderful day. You may disconnect your lines at this time.