CrowdStrike Holdings, Inc.

CrowdStrike Holdings, Inc.

$347.88
4.38 (1.28%)
NASDAQ Global Select
USD, US
Software - Infrastructure

CrowdStrike Holdings, Inc. (CRWD) Q3 2020 Earnings Call Transcript

Published at 2019-12-05 23:43:06
Operator
Ladies and gentlemen, thank you for standing by and welcome to the CrowdStrike Fiscal Third Quarter 2020 Results Conference Call. At this time, all participants are in a listen-only mode. After the speaker presentation, there will be a question-and-answer session to ask a question during the session. [Operator Instructions] Please be advised that today's conference is being recorded. [Operator Instructions]. I would now like to hand the conference to your speaker today Maria Riley. Please go ahead.
Maria Riley
Good afternoon, and thank you for your participation today. With me on the call are George Kurtz, President, Chief Executive Officer and Co-Founder of CrowdStrike; and Burt Podbere, Chief Financial Officer. Before we get started, I would like to note that certain statements made during this conference call that are not historical facts including those regarding our future plans, objectives and expected performance are forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. These forward-looking statements represent our outlook only as of the date of this call. While we believe any forward-looking statements we have made are reasonable, actual results could differ materially because the statements are based on our current expectations and are subject to risks and uncertainties. We do not undertake and expressly disclaim any obligation to update or alter our forward-looking statements whether as a result of new information, future events or otherwise. Further information on these and other factors that could affect the company's financial results is included in filings we make with the SEC from time to time, including the section titled Risk Factors in the most recent company's quarterly report on Form 10-Q previously filed with the SEC. Also, unless otherwise stated, Excluding revenue all financial measures discussed on this call will be non-GAAP. In discussion of why we use non-GAAP financial measures and a reconciliation schedule showing GAAP versus non-GAAP results is currently available in our press release, which may be found on our Investor Relations website at ir.crowdstrike.com or on our Form 8-K filed with the SEC today. Now, I will turn the call over to George to begin.
George Kurtz
Thank you, Maria, and thank you all for joining us today. Across the board. We delivered an exceptional third quarter with record results well exceeding our expectations. Year-over-year, we increased the number of net new subscription customers by 112% and achieved 97% ARR growth, 98% subscription revenue growth and 88% total revenue growth, which was above the high end of our guidance. I would also like to highlight two significant milestones we achieved in the quarter. First, ARR grew to over $0.5 billion and second we generated positive free cash flow in the quarter and added to our cash balance. In our view, the strong results in our continued rapid growth at scale, which is significantly outpacing others in the industry demonstrate our increasing leadership in the Security Cloud category and our strong foundation to drive future growth. Our accelerating momentum in the market is the culmination of years of thoughtful innovation focus and execution, and is a credit to the hard work of all our employees. I'd like to thank every member of the CrowdStrike team for their unwavering dedication to stopping breaches and serving our 4,561 customers. In Q3, we once again saw an acceleration in customer growth, with the addition of a record 772 net new subscription customers versus 730 last quarter. This is our seventh consecutive quarter that we added a record number of net new customers. We also set a record for net new ARR of $77.9 million, representing 32% growth quarter-over-quarter. This was driven by strong sales with both enterprise and SMB customers. The reason why our solution is winning with customers across diverse industries geographies and size is simple. Our proven efficacy and stopping breaches, our cloud native platform with the lightweight single agent that is easy to use and rapidly deploy at scale. And we enable customers to consolidate agents and increase endpoint performance, all of which helps our customers realize immediate time to value. It is also important to remember that our solution unlocks the power of CrowdStrike data and gets smarter The more data it consumes. Our proprietary threat graph is the brain of our system, and is capable of dynamically scaling to meet demand; every week it processes correlates and analyzes over 2.5 trillion events across our global customer base in real-time. Each new customer and endpoint or workload joining our CrowdStrike network increases our data lake effectiveness, intelligence and long-term competitive advantage. I would like to take a moment to highlight a few recent customer wins that showcase the power of the Falcon platform. The first customer win is a competitive displacement of both, next-Gen and legacy products at a Fortune 100 Insurance company that highlights the superior performance of our solution. After a year of trying to deploy a cheaper and less effective next-gen vendor, this company security and could not get it to scale beyond 60% of their environment. Additionally, when they attempted to deploy the other vendors agent in the server environment, it was incompatible with their critical business applications and performance was negatively impacted. Their security team was understandably frustrated, prompting them to engage with CrowdStrike. They evaluated the Falcon platform, alongside another vendors' legacy security technology built into the operating system. Even though this competitor had a strong prior relationship with the customer, their product was found to be too complex and incompatible across the customers' heterogeneous environment. During rigorous testing by the security team and application owners, CrowdStrike demonstrated superior ease of deployment, application compatibility, strong endpoint performance and of course, high efficacy and stopping breaches. We won the business and this customer is adopting seven cloud modules across the Falcon platform including our NextGen AV, EDR, device control, IT hygiene, vulnerability management, threat intel and our threat hunting module. OverWatch. CrowdStrike is helping protect this customer from breaches, while significantly streamlining their security stack with our single-agent architecture. The next customer win I will share with you today is with a Fortune 100 retailer, where we are displacing legacy and next-gen vendors with our single-agent Falcon platform. This new CrowdStrike customer was initially looking to replace one of their next-gen EDR vendors with a solution that would provide prevention capabilities, along with a better user experience and greater visibility for the internal teams. CrowdStrike's tight technical integrations with Splunk and close relationships with their field sales team help position us as a leading contender to meet these customer strategic priorities. This customer now subscribes to three Falcon cloud modules, that's been an endpoint security and IT operations and in turn is removing multiple vendors and agents from their environment. The next win I will share with you today highlights how companies can derive high business value and ROI by consolidating agents with the Falcon platform. After two large enterprise companies merge, their security teams were faced with a patchwork of security tools that were ineffective and could not scale to meet their needs. These tools included four legacy AV providers, one next-gen EDR and one peer-to-peer query-based technology that were partially deployed across dozens of business units. Additionally, the organization was overwhelmed with so many false positives that they estimated 30 employees would be needed to triage alerts and manage these disparate tools. This organization decided to evaluate CrowdStrike because of our strong reputation in the marketplace or our ability to address a broad range of security challenges through a single agent in a modular platform. During the sales process, this customer deployed Falcon on over 15,000 endpoints over a weekend, where it had taken one of the incumbent vendors one year to reach a similar level. After seeing how quick and easy it was deploying scale with [ph] the Falcon platform across their environment, they increased the scope of the deployments to include servers, significantly increasing the overall deployment to well over 100,000 endpoints and workloads. The CISO at this new CrowdStrike customer estimated that by replacing the software, hardware and labor costs associated with these other vendors, they will attain a compelling ROI in less than eight months. And lastly, I would like to share a new customer win that demonstrates our incident response engagements from our services team, can quickly lead to large multi-year Falcon platform subscription engagements. After being hit with a ransomware attack earlier this year, a company based in Europe who is not a CrowdStrike customer, engage the CrowdStrike services team. We were able to remediate the incident and rapidly restore normal operations, eliminating the need for this customer to pay a stiff ransom to the hackers. Through this brief but urgent engagement, CrowdStrike build trust with the customer through our expertise, professionalism and technology efficacy. Recognizing that they had limited internal security resources, this customer became interested in our Falcon Complete subscription module, which is our full turnkey solution that combines endpoint security with remediation and response capabilities. Even though our solution was priced at a premium to the competition, this customer selected Falcon Complete based on total value provided, completeness of our solution and the deep trust built within our services team. The seven figure ARR Falcon Complete deal was more than 13 times larger than our initial services engagement and closed within three weeks after the CrowdStrike Services team completed the project. From the many conversations we've had with customers, the message that resonates loud and clear is that both CIOs and CISOs are looking for a strategic partner to help them bridge the skills gap and simplify their operations. They are also looking for ways to leverage enhanced automation in their security operations to increase efficacy and free up resources. Organizations are increasingly turning to the Falcon platform to protect an array of endpoints and workloads, stop breaches and restore endpoint performance. To measure the success of our platform strategy, we look at the percentage of all subscription customers that have adopted multiple modules. Our platform strategy is clearly gaining momentum with customers. In the third quarter, the percentage of customers that have adopted four or more cloud modules, increased beyond the 50% we reported last quarter. Additionally, I'm pleased to report that customers with five or more cloud modules increased to 30%. As customers adopt more modules that span a wide array of workloads, we believe it strengthens our customer relationship and increases our strategic value with the customer. The power of CrowdStrike's Falcon platform also continues to garner strong industry recognition. In the Gartner Customer Choice Peer Review that was released last week, CrowdStrike received the highest rating of all vendors based on customer satisfaction for the second year in a row with a rating of 4.9 out of 5. This builds on the recognition we received from Gartner in Q3, which includes being positioned as a leader in Gartner's Magic Quadrant for Endpoint Protection Platform and receiving the highest score for Lean Forward Organizations in Gartner's Second Critical capabilities for Endpoint Protection Platforms Report. Additionally, Forrester Research named CrowdStrike as a Leader in Endpoint Security in The Forrester Wave Q3 2019 report. CrowdStrike received the highest ranking of all vendors in the strategy category and achieved the highest score possible within 17 of the criteria. And lastly, SE Labs named CrowdStrike the Best New Endpoint Solution in its Annual Report. We believe the industry's strong recognition of CrowdStrike validates that our single-agent architecture, proprietary threat graph database and cloud modules represent the gold standard in securing the growing workloads of today and the future. We remain intensely focused on the success of our customers. Last month at our Annual Cybersecurity Conference, Fal.Con, we announced a new firewall management module that will deliver simple, centralized host firewall management to help customers transition away from legacy endpoint suites to CrowdStrike's next-generation platform. We expect this module to be generally available early next calendar year, at which time the Falcon platform will have 11 cloud modules that span endpoint security, security operations and threat intelligence. We also introduced Falcon for Amazon Web Services, which will be available in the AWS Marketplace this month. Customers will be able to easily purchase and deploy the solution with integrated metered billing to optimize their security spend for Elastic workloads. An increasing number of enterprise customers are migrating to the cloud and modernizing their applications. However, security teams responsible for protecting cloud workloads have had difficulty in providing security in an effective and cost-efficient manner that is as dynamic and flexible as AWS itself. CrowdStrike Falcon for AWS fulfills all of these demands. With integrated metered billing, we will allow customers to quickly and easily scale their consumption as their business needs change. Pay-as-you-go or metered billing is an important option for customers running applications with extreme fluctuations in usage such as payroll batch processing and data analytic workloads. At Falcon, we also announced seven new applications and use cases coming to the CrowdStrike Store. The CrowdStrike Store is a unified security cloud ecosystem of trusted third-party applications. These new apps will allow our customers to leverage their existing investments in CrowdStrike to address a range of security use cases, including application whitelisting, patch management and vulnerability risk prioritization. While still early, we are receiving strong interest from partners that want to develop apps on our platform and we see significant longer-term opportunities with new applications. By using our platform-as-a-service, our store partners can save on R&D time and investment of the same time, dramatically expanding their go-to-market reach. We also continue to expand our ecosystem of partners and customer touch points. We recently announced a new international go-to-market partnership with Wipro, a leading information technology consulting and business process services company with thousands of customers globally. Wipro is utilizing the CrowdStrike Falcon platform to build out their new next-gen service offerings that will leverage our proprietary threat graph data and focus on specific use cases such as detecting malicious insider behavior. We expect that this partnership will expand our go-to-market reach globally. As we continue to evaluate the competitive landscape, we recognize that this is a unique time in the industry. The seismic shift to cloud native technologies and cloud workloads, including containers has created an environment with massive greenfield opportunities. Additionally, the market has seen a rapid increase in consolidation among competitors, which has created uncertainty within their customer base. We believe these dynamics have contributed to an expansion in our pipeline and an acceleration in our overall customer adoption, which is driving our strong results and increased outlook. It is our view that the ultimate winner in endpoint or workload protection will be the company with the platform that leverages cloud native technologies and delivers the most value to customers via its platform and rich partner ecosystem. We also believe that a tightly aligned go-to-market engine built to foster frictionless adoption across companies of all sizes is equally important. These are all attributes inherent in CrowdStrike's cloud-native platform and sales motion. While our competitors are distracted by retooling their on-prem offerings, trying to integrate acquired technologies, rationalizing their workforce or simply learning the industry, we are intensely focused on protecting customers. We believe we have the first-mover advantage in a high performing and enduring business model with a frictionless go-to-market strategy and multiple engines for growth. We believe we are in a strong position to drive future success with customers, delivered continued rapid growth at scale with best-in-class unit economics and continue to expand our lead over the competition. With that, I'll turn the call over to Burt.
Burt Podbere
Thank you, George, and good afternoon, everyone. As a quick reminder, unless otherwise noted, all numbers except revenue mentioned during my remarks today are non-GAAP. As George discussed, we delivered another outstanding quarter across the board and achieved important milestones as ARR surpassed $500 million and we generated positive free cash flow. We saw strength in multiple areas of the business, including record net new ARR, record net new customers and continued strong subscription gross margin. In the third quarter, we delivered 97% ARR growth year-over-year to reach $501.7 million. We once again saw an acceleration in net new ARR in the quarter. We added $77.9 million in net new ARR, setting a new record for the third consecutive quarter growth. The growth in ARR was driven by another strong quarter for new logo acquisition with both enterprise and SMB customers, combined with expansion business and low contraction and churn within our existing customer base. Additionally, our dollar-based net retention rate, which speaks to the efficacy of our solution in our successful land and expand sales model, once again exceeded our 120% benchmark. Total revenue grew 88% over Q3 of last year to reach $125.1 million. Subscription revenue grew 98% over Q3 of last year to reach $114.2 million. In terms of geographic breakdown, approximately 74% of third quarter revenue was derived from customers in the US and 26% was from international markets. Our rapidly growing international business highlights the global nature of the security industry, the massive market opportunity in front of us and our continued success penetrating these markets. Moving to our operating results. As we have discussed previously, we are focused on building a long-term business with sustainable growth and compelling margins. In Q3, we continued to recognize operating leverage in our SaaS model and the benefits of scale, even as we increased investments in our global reach and cloud platform. Third quarter non-GAAP gross margin improved to 72% from 67% a year ago. Our non-GAAP subscription gross margin increased to 76%, a 520 basis point increase from Q3 of last year. This improvement is primarily attributable to two key drivers; data center optimization and the continued uptake of multiple cloud modules by our customer base. Total non-GAAP operating expenses in the third quarter were $106.7 million or 85% of revenue versus $73.1 million last year or 110% of revenue. Scaling our business efficiently is a top priority, which is why we focus on our unit economics including Magic Number. In Q3, we ended with a Magic Number of 1.1, which we consider to be very strong and represents an improvement in our sales and marketing efficiency. Key factors driving our unit economics include our strong gross and net retention rates and our highly efficient low-friction sales and marketing programs that continue to drive subscription revenue growth. We reported a non-GAAP operating loss of $16.5 million. As a result of our rapid top line growth, expanding gross margin profile and continued disciplined approach to investing in our business, we drove strong operating leverage in the quarter. Our non-GAAP operating margin improved 30 percentage points year-over-year. Q3 represents our fourth consecutive quarter of improving non-GAAP operating loss on both dollar and margin basis. We have a proven history of disciplined investing and remain committed to maintaining a thoughtful balance between generating top line growth and achieving operating leverage. Looking forward into fiscal year 2021 ending January 31, 2021, we expect to be free cash flow positive for the year and achieve non-GAAP operating income breakeven in the fourth quarter of fiscal year 2021, while at the same time continuing to aggressively invest in our market opportunity. Non-GAAP net loss in Q3 was $13.4 million or $0.07 per share, which compares to a non-GAAP net loss of $28.8 million or $0.64 per share in Q3 of last year. The weighted average common shares used to calculate third quarter EPS was 204.1 million shares in Q3 fiscal 2020 and 45.3 million shares in the Q3 fiscal 2019 period. Turning now to the balance sheet. Cash, cash equivalents and marketable securities increased to $833.7 million. Cash flow from operations was positive $38.6 million and free cash flow was positive $7.0 million. Moving to our guidance for the fourth quarter and full-year fiscal 2020. For Q4, total revenue is expected to be in the range of $135.9 to $138.6 million, reflecting a year-over-year growth rate of 69% to 72%, with subscription revenue being the dominant driver of growth. We expect non-GAAP loss from operations to be in the range of $21.6 million to $19.7 million and non-GAAP net loss to be in the range of $19.1 million to $17.2 million. Utilizing weighted average shares used in computing non-GAAP net loss per share, basic and diluted of 205.2 million, we expect non-GAAP net loss per share, basic and diluted in the range of $0.09 to $0.08. We are raising our outlook for the full fiscal year 2020. We currently expect total revenue to be in the range of $465.2 million to $468.0 million, reflecting a growth rate of 86% to 87% over the 2019 fiscal year. Non-GAAP loss from operations is expected to be between $80.5 million and $78.6 million, and non-GAAP net loss is expected to be between $77.7 million and $75.8 million. Utilizing weighted average shares used in computing non-GAAP net loss per share, basic and diluted of 146.7 million, we expect non-GAAP net loss per share to be in the range of $0.53 to $0.52. We are pleased with the strong results we are reporting today and believe we have the capacity and resources to continue driving the business forward over the long term. George and I will now take your questions.
Operator
Thank you. [Operator Instructions] Our first question comes from Sterling Auty with J.P. Morgan. Your line is now open.
Unidentified Analyst
Hi, guys. This is Matt on for Sterling. Thanks for taking my question. Just wanted to get a sense of what you guys are seeing in terms of, in initial deals, the adoption of multiple modules. I know you guys talked about the percentage of customers using four, more five or more. But just at that initial stage, what have you guys been seeing in terms of multiple modules?
George Kurtz
Hey, Matt. Thanks for your question. So with respect to modules and the number of modules that we provide, we believe our adoption rates for this quarter are milestones. We thought it would be informative to discuss on this call and we periodically share adoption milestones as they come in. It can vary quarter-to-quarter. As we bring out more and more modules, clearly there is more opportunity for customers to come in and purchase more modules upfront. And that's kind of the thinking that we have and that's what we're seeing it now.
Unidentified Analyst
Great. And then just a quick follow-up. In terms of the newer modules, are there any specific ones that you guys are seeing increased adoption? Thanks.
George Kurtz
You're welcome. So when we think about new modules and new modules adoption, on any given quarter, it could vary. Clearly, we've got Discover, which is our IT hygiene module. We've got Device Control. We've got Falcon X and of course, we have vulnerability management. And again, on any given -- on any given quarter, any one of those could be the fourth module or beyond.
Unidentified Analyst
Great. Thanks, guys.
Operator
Thank you. Our next question comes from Saket Kalia with Barclays Capital. Your line is now open.
Saket Kalia
Hey, guys. Thanks for taking my questions here. Maybe first for you, George. A lot of talk about the competitive displacements in the quarter. I thought that was really helpful commentary. Can you just go one level deeper about the profile of those competitive displacements, meaning of the deals you're winning, are the sources of that market share changing at all compared to what you maybe saw last year, for example?
George Kurtz
Well, as we mentioned in the call, earlier parts of the call, obviously, we've had some great displacements and we continue to be very aggressive in large and small markets. From our standpoint, obviously, the competitive environment has changed dramatically and we've seen an acceleration in our pipeline, given some of the acquisitions that have taken place and just the sheer uncertainty of these other companies that have been acquired, their level of R&D investment, their level of sales coverage, etcetera. So, what we've seen so far is that customers who maybe were ready for a renewal of their existing incumbent provider next year are coming to us even earlier now to get into the testing cycle and talk about the various modules and capabilities we have to solve some of the problem. So that's what we've seen is drilling acceleration of pipeline and just a general dissatisfaction with some of the acquisition, the incumbents they had in the acquisitions that have taken place.
Saket Kalia
Got it. That makes a lot of sense. Burt, maybe for my follow-up for you, really nice customer addition number in the quarter. And clearly, most of the business is enterprise, but you've been building a mid-market inside sales team for some time and I think there was just talk about balanced additions just across kind of customer size. Can you just maybe touch on how that mid-market sales effort is going? And at this point, what is -- if you are willing to disclose, what is the mix of ARR when thinking about enterprise versus mid-market/SMB, if you will?
Burt Podbere
Thanks for the question, Saket. So, we have certainly seen strong acceleration in new customer adds in the SMB space, which is clearly aligned with our growth strategy that we outlined during the IPO. The great news about us is our -- because of our cloud-based model, we are able to address both enterprise and SMB verticals in a very efficient manner. In the SMB space, obviously, there is a massive number of customers, deals are smaller, but we discount less. And so for us, as we think about both markets, we're equally as efficient in going after both of them and we're investing in both. And because we're in greenfield in both, any particular quarter could vary in terms of, which has a bigger acceleration or not. So right now, we're really, really happy with the acceleration in both of those markets.
Saket Kalia
Got it, very helpful. I'll get back in queue. Thanks, guys.
Operator
Thank you. Our next question comes from Alex Henderson with Needham. Your line is now open.
Alex Henderson
Great. Thank you very much. First, I just wanted to clarify, you guys are based in California, not in Ukraine, right.
George Kurtz
That would be correct. Sunnyvale, California.
Alex Henderson
So first question, I really wanted to ask here was, you've obviously had outstanding execution across the board. Your products taking off. Can you talk a little bit about the degree that you're able to staff up to sustain these exceptional growth rates? And obviously, there is scalability in your model that is different than the typical model. And I think it'd be helpful if you can go through just how much capacity you need to add in order to deliver an incremental growth.
George Kurtz
Well, great question. And I'll start out with saying, just phenomenal execution by the entire team, obviously, despite a lot of the noise in the environment. So, we're really excited about that. And I think that's a testament to the team we have and the model that we've built, both on the financial side as well as on the operating side in terms of the technology. We've been very aggressively hiring sales personnel all around the world. As Burt talked a little bit earlier, our inside sales team is a robust piece of our frictionless go-to market model with our in-app trials and our trial-to-pay. So, we really look closely at the unit economics and again, we're hiring appropriately in those areas. But I can tell you we're adding lots of people and we've created really a formulaic way to add folks, get them up to speed on board and get them productive very quickly. And that's one of the hardest things in the technology world to do. So, we feel really good about that. And I think it really is a testament to the people and the model that we've built, and we've been able to grow this quickly and maintain this level of execution. Burt, anything to add?
Burt Podbere
Yes. Thanks, George. Just the one point I'll add is the following. When we go through our capacity planning, we worked very closely. Finance worked very closely with sales. They produce a plan, we go through it and as George said, we look at the unit economics behind it. And so we make sure, as a company, we can absorb the amount of folks that can come in and make sure from a territory standpoint, we've allocated the resources appropriately.
Alex Henderson
Second question, if I could. The issue of Carbon Black being acquired by VMware, as I understand it, the vast majority of any relationship that you had with either SecureWorks or with Dell was related to upside to the model as opposed to any meaningful contribution currently. Obviously, there is two sides to this coin. One, disruption to Carbon Black and the other, the loss of the opportunity to sell into the Dell channel. How does that -- how do you think those weigh out over time? And are we talking about a slice of bread or more than a slice of bread here in terms of the scaling of the import [ph] of that channel versus your strategy?
Burt Podbere
Hey, it's Burt. Thanks for the question. From the Dell standpoint, it's de minimis in terms of our business today. Approximately, 1% of our revenue. So it's not been an impactful piece of the business. And when we think about how we're building the models, that's how we modeled it out even to begin with.
George Kurtz
And remember, George -- I'll also -- I'll also say, we do have a strong relationship still with SecureWorks. And obviously, we feel that and customers, I would say feel the same way. They're looking for really best-of-breed in this area. So that channel is obviously still wide open to us. And so far it's been a good relationship.
Alex Henderson
Great. Thank you very much.
Operator
Thank you. Our next question comes from Chris Eberle with Nomura Instinet. Your line is now open.
Christopher Eberle
Thanks for taking the question. One thing that we continue to hear from customers and potential customers is that CrowdStrike still seems to be the only vendor offering firmware detection. Are you guys seen anything out there from -- even close from other vendors providing similar services and maybe touch on the importance of that and why others have yet to add such offerings?
Burt Podbere
Yes. So, I think from a firmware perspective that's just one of many features that we have that others don't. And I think that's really reflective of the deep technical capabilities we have to be able to figure this stuff out and make it work even below the operating system, number one. But when we look at supply chain attacks, which, I think, as many have seen, that is an increasingly important element in preventing these breaches and it becomes even more important in the government space. So again, one great feature we have, thanks to the CrowdStrike, we were able to p ut that together. But from a threat perspective, obviously, it is becoming more and more important for larger organizations to protect their supply chain.
Christopher Eberle
Great. And then just one other quick one. Update on mobile and how that's progressing?
George Kurtz
Yes, sure. This is George. Still early days. We've got a lot of interest. We continue to add new capabilities to that. We've seen, I think some nice wins in that area, but it's still early days. And as with many of the modules, when we come to market, we get something. We understand how it works. We collect data. We begin to add detection and we begin to add prevention. And that's just been our model from the beginning. And we're going to continue along that path, so very encouraging at this point.
Christopher Eberle
Great, thanks. Great job, guys.
Operator
Thank you. Our next question comes from Gur Talpaz with Stifel. Your line is now open.
Gur Talpaz
Okay, great. Thanks for taking my questions. And first off, congrats on the results. Two questions. One for each of you, George and Burt. George, you talked about the forthcoming launch of host-based firewall management. And so we all wanted to gauge the initial interest for the module. I also want to better understand what you're seeing in terms of customers wanting to move past endpoint augmentation to one that ultimately allows them to standardize on CrowdStrike as the sole provider of endpoint security.
George Kurtz
Sure, thanks. Good question. One of the things that we found in talking to our customers and again, the module and the roadmap, a lot of it is driven from customer demand, is that they were looking for an easier way to manage their firewalls. And that is one of the last kind of vestiges of legacy suites that are out there in terms of helping customers manage those firewalls. So, we look at that as a way to, again, continue the acceleration in fully replacing legacy vendors. Obviously, we're already doing that in many areas, particularly around the anti-malware component EDR. That was another module that was just kind of hanging out there. So, we continue to push down that path. Fantastic feedback from customers, a lot of comments that was sort of the lasting, holding them to at least a small part of their suite, even if they were still using us on the anti-malware piece. And again, really encouraging for us and excited to have that come out early next year.
Gur Talpaz
That's helpful. And then Burt for you; when you think about the forthcoming margin improvement and targeting margin positive in Q4 of next year, how important is the frictionless sales motion in getting them? Maybe you can give us some colors on conversion of a trial before you buy customers and what you're sort of thinking about when you move into next year?
Burt Podbere
Yes. Thanks, Gur. So few things in there. So one, when we put -- when we put together the outlook for next year on the operating margin, we think about the continued momentum we've seen in the business as we enter Q4. We've got the biggest pipeline that we've ever seen, giving us the confidence, indicate the positive free cash flow and non-GAAP operating income breakeven in Q4 of next year. And when you think about -- with a frictionless system, I think, George has talked about it many times that the tech is as important as the go-to-market and we're as focused and we invest in equally both of those aspects of the business, to be able to ensure that we are able to continue with a frictionless motion, whether it's in-app trials or whether it's trial-pay. Both have been accelerating in our business. We don't necessarily give out percentages on the uptake, but both have been driving up into the right.
Gur Talpaz
That's great. Thanks, guys.
Operator
Thank you. Our next question comes from Gregg Moskowitz of Mizuho. Your line is now open.
Gregg Moskowitz
Okay. Thank you very much and congratulations as well on a really strong quarter. So, George, Threat Graph is now capturing 2.5 trillion events per week. I can only assume that this was a significantly outdated number. But I think the last update from a few months ago, was over 1 trillion. So, can you give us a sense of how fast this distributed database is growing? And more importantly, you touched on this earlier, but I'm wondering if you can elaborate on how sizable of a competitive advantage this brings to CrowdStrike both today as well as over the long term?
George Kurtz
Absolutely. So yes, I think some of those earlier numbers were just, again, earlier in the year. So, we continue to grow the data that we collect. We continue to grow our customer base. And again, we view that as a real strategic weapon to have a bespoke graph data technologies that we've built, that has a time element that's important element to it. We think is very unique in the industry and it's really been one of the drivers that continue to help us identify these very advanced breaches and start them in real time. It's also used to getting [ph] from our machine learning. So from our perspective, we'll continue to grow that. And really what that becomes is a data moat. The more data it consumes, the smarter it gets and becomes harder and harder for competitors to capture that level of data and keep up with it. So, it is certainly crown jewel of our technology stack.
Gregg Moskowitz
Okay, perfect. And then for Burt. There are a lot of questions that we get around the pricing environment at the endpoint level. Have you seen any changes at all in discounting rates over the past few months or so?
Burt Podbere
Thanks, Greg. So let me start with the fact that we continue to see good pricing dynamics in the market. Combine that with our disciplined discounting, we're very comfortable with where we are in terms of going to market. We have seen others out there that try to compete with us and we continuously win on value.
Gregg Moskowitz
Terrific. Thank you.
Operator
Thank you. Our next question comes from Erik Suppiger with JMP Securities. Your line is now open.
Erik Suppiger
Yes. Thanks for taking the question. First off, Burt, could you talk a little bit about what is enabling you to pull up your timing around free cash flow generation, that was a notable improvement, I think, over expectations.
Burt Podbere
Sure, Eric. Thanks for the question. Again, a lot of it has to come with the continued momentum we've seen out of Q3. Across the board, strong execution. We've seen the strongest pipe we've ever seen in company history. We've seen operating leverage across the board, specifically in the S&M and the unit economics. We've just seen an incredible amount of opportunity with respect to top line, gross margin and of course, OpEx. All those things combined have enabled us to outline what we think is going to happen next year.
Erik Suppiger
Did you maintain a consistent OpEx outlook to what you had previously been looking for in terms of dollars?
Burt Podbere
Yes. And we continue to invest aggressively and we haven't changed that at all.
Erik Suppiger
Okay. Secondly, in light of Symantec's acquisition, I'm just curious, have you seen much in terms of resumes or opportunities to hire more aggressively out of that, that population? And how long do you think that there is going to be a benefit from the acquisition of Symantec?
George Kurtz
Well, in general, we've seen resumes from many of the acquisitions. So, I'll start there, not just specific to Symantec. Number two is, obviously, there is a massive installed base that's out there. And I think it continues and accelerates the trend of customers looking for better outcomes, looking to stop breaches, looking to move to the cloud. And it's a great customer base for us to take advantage of. So, we're excited about the opportunity. We've been doing it for some time now, and I think it just accelerates to move there in two areas. One is the customers' uncertainty and concern for the R&D investment, number one. And number two, account coverage is going to be really limited. And if the enterprise customers that we're dealing with are looking for not only great technology, but also after sales, service support and a partner to help them prevent breaches.
Erik Suppiger
Very good. Congratulations on a great quarter. Thanks.
Operator
Thank you. [Operator Instructions] Our next question comes from Matt Hedberg with RBC Capital Markets. Your line is now open.
Matthew Swanson
Yes, thanks. This is Matt Swanson on for Matt. So, we've talked about some of the aggressive hiring and you also touched on ramping sales reps. Could you maybe talk a little bit about where you feel overall sales force productivity is right now? It feels just like, you have a reasonable amount of capacity from those existing investments still. Just trying to kind of get a gauge on that.
George Kurtz
Yes, Matt. So, one of the things we look at is Magic Number. We like where we are with respect to our Magic Number. And every time we put together the capacity plan, as I mentioned, we dovetail and look into where we are with the Magic Number on the forecast. And so long as we're comfortable with what we see, we feel very comfortable in terms of our capacity to be able to hit our targets.
Matthew Swanson
All right. And then a second maybe a little more abstract question. When we're talking about some of the competitive environment questions and legacy peers, do you start to feel like maybe you're playing a little bit of a different game than endpoint peers, given the breadth of your platform and the solutions you're trying to sell into when you go into some of these deals?
George Kurtz
Well, I think so -- I mean, again, I would look at bellwethers like Salesforce, Workday and ServiceNow, right? These are cloud leaders and we view ourselves as a cloud leader as well, not just an endpoint security provider. Because we've been pulled in other areas like IT hygiene and we're solving many different use cases and we're operating at the CIO level, being very strategic. Many of our opportunities are big part of the overall Board strategy to reduce risk. So when we come into an organization, we spend a lot of time on selling value. And I think you've heard that in the earlier comments that I went through in terms of taking multiple products and basically harmonizing those agents, restoring performance endpoints, reducing headcount. It's just a great story. And the beauty is we're actually delivering on it as opposed to many of our competitors. So, I do think it's a bit of a different game. And I would, again, kind of go back to the Salesforce Siebel analogy. I think that's where we're at versus some of the other competitors that you've seen and some of them that obviously have already gotten acquired.
Matthew Swanson
Thanks. Congratulations on the results.
Operator
Thank you. Our next question comes from Brent Thill with Jefferies. Your line is now open.
Brent Thill
Thank you. George, you had a FedRAMP certification over a year ago. I'm just curious if you can give us an update on the Fed government. And for Burt, just on the sales cycles, are you seeing, given all the commentary, it would sound like that the sales cycle is picking up speed and maybe the initial deal size is picking up speed, if you can just give us a flavor of what you're seeing there. Thanks.
George Kurtz
Sure. So, we've seen tremendous growth. Obviously, we've got our FedRAMP certification this year really for the first time because we missed it last buying season. So, we see triple-digit growth in that area. Some fantastic traction in the civilian agencies. And I think, overall, when we think about state, local and Fed, that has just been an amazing bright spot for us. We have a great team there and we've got some massive wins. We run our 100/100 number of weeks back and visiting customers and visited states and governments counties that were not customers that got hit by ransomware and it was really impactful. And other parts of the government that were protected by CrowdStrike, it appears we're home with their family on the weekend. So everybody was wondering what happened over there and we've seen an acceleration in that business across state, Fed and local governments.
Burt Podbere
Yes. And with respect to initial deals with our customers, so I think that when you look at the milestones that we put forward in terms of the number of our customers that have four more modules and also the number of our percentage of our customers that have five or more modules, the uptake in both of those things can give you an indication of where we're trending with respect to the initial purchases. So, we're happy with what we're seeing today.
Brent Thill
Thanks.
Operator
Thank you. Our next question comes from Heather Bellini with Goldman Sachs. Your line is now open.
Daniel Church
Hi, this is Dan Church on for Heather Bellini. Thanks for taking my question. In regards to the traction you're seeing in SMB, just any color you could provide in terms of how those customers look compared to enterprise customers in terms of modules attach rates? And then you mentioned a little bit earlier about more disciplined discounting and success in low friction go-to-market channel. So, any commentary on how those unit economics look relative to the larger enterprise?
George Kurtz
Yes, this is George. I'll start with just the modules. I think from, kind of SMB, as well as mid-market, smaller to the larger mids, what we've seen is that they are extremely interested in our complete offering. Again, that's end-to-end kind of turnkey technology, really focused on, again, helping organizations deal with some of the challenge they have in hiring great people across the board. And as you know, it's very expensive to do that and it's hard to provide what I would call sort of government grade or financial services level protection and we can do that with our complete offering we back it with $1 million breach warranty and for companies that just want the problem the go away and have the outcome, you're looking for. It's a great opportunity. So we see them adopting all those modules associated with complete and our turnkey service to help them.
Burt Podbere
Yes, I'll add. And with respect to the unit economics on the SMB space. Clearly, when we think about discounting, which we were able to benefit from the fact that we are able to do less discounting with the smaller SMB space, obviously there. I think your customer you get on something on as a volume discount and so we're really pleased with where we are, where we're trending with respect to the SMB space. Clearly, we are able to achieve a little healthier margins and the velocity. So both of those things add up to strong unit economics.
Daniel Church
Helpful, thanks. And then, I guess following up on the same on the question in terms of gross margin, you mentioned the expansion in year-over-year continues to be very impressive. So just any commentary on how much more room there is on the data center optimization front and versus continued uptake of modules and high incrementals there.
George Kurtz
Yes. So you've touched on a topic near and dear to my heart. I really feel that the company has executed extremely well. We're already in the long-term model where we projected, we were going to be with respect to the non-GAAP gross margins. With respect to the where we're going to where we're going to go from here. We still have quite a few initiatives in place to be able to think about a continued enhanced margin but that's going to take place overtime.
Daniel Church
Thank you.
Operator
Thank you. Our next question comes from Sarah Hindlian with Macquarie. Your line is now open.
Sarah Hindlian
Great, thank you so much for fitting me in, and I appreciate it. And congrats on the quarter. Yes, it's seems to me like using the Falcon platform-as-a-service would be a really, really compelling value proposition for clients. It would be really interesting to hear where you are seeing or what kind of module building you're seeing or early client interest on that fronts.
George Kurtz
Well, we've got customers that use the technology in ways. -- we haven't even plan, the ability to actually gather data at scale whether it's security relevant data or IT asset data many of their systems are sort of out a date, just understanding what assets are out there. So, we're seeing customers leverage our APIs in our infrastructure to collect data at scale and where they put into their, assuming their own data lake and enrich it with other information that's out there. It's kind of -- the sky is the limit. But overall, what we've been able to build and even with our real-time response APIs to take actions on the endpoint has tremendously reduce the overall time to value for customers and the flexibility is there to kind of do what they want, which again as part of the power of the platform we built.
Sarah Hindlian
All right, terrific. And just a quick follow-up for you as well. So it's really interesting to hear the progress you're making with multi-cloud adoption and not just the four plus, but five plus as well. And I'm just curious in particular about the security vulnerability management space. And you know your name is coming up more and more in that arena. Are you starting to see real displacements of some of the kind of the core competitors today and how is that tracking?
George Kurtz
Yes, great. So what we've seen in terms of multi-cloud we've been protecting cloud workloads for some time, obviously you saw we came out with some enhancements metered billing etc. For AWS it has been a great and fantastic partner for us, tremendous momentum with them, but in terms of our technology and cloud workloads it doesn't really matter where the cloud is. We can protect any of those workloads again whether it's on-prem or off-prem, hybrid cloud, just deploy it and work and I think that's been one of the core fact of our success which is easy and it works. When we think about the VMworld, we just came out, I am really excited with the new update to our VM Spotlight module, which adds application vulnerabilities and customers are really excited about that. We've taken a crawl walk run as we normally do gotten customer feedback. And what we hear is they are not looking for necessarily another agent if they can leverage our agent for VM tight technologies combined with something that we've released called CrowdScore, which helps them, think about the overall threat environment, risks and prioritize it, that's a winning combination. So that is probably our most trialed module that we have out there and we've gotten some. I would say pretty big wins out of it and we continue to make progress and add capabilities in that area.
Sarah Hindlian
Great, that was very helpful. Thank you so much.
Operator
Thank you. Our next question comes from [indiscernible] with Oppenheimer. Your line is now open.
Unidentified Analyst
Thank you for taking my question, gentlemen, congrats on the quarter. This is actually Ing [ph] for Shaul. Just the first question George, quickly on the international expansion; we saw that deal with Wipro partnership this quarter. Would we be expecting to see more deals coming out of that region in the APAC Asia region.
George Kurtz
While the APAC Asia region is first of all, it is a fantastic team that we have worked with many those people for many, many years. I was recently out in Australia and Singapore and the level of customer interest that we have is really off the charts and we've gotten some really big wins in those areas that we've been able to leverage. So, our name is out there, we've got a great team, and now we're continuing to build a partnership relationship. So we're excited about that Wipro opportunity. Obviously, they got massive scale and reach in that area and even beyond. So early days, but excited about that partnership and overall excited about our APJ business.
Unidentified Analyst
That's great. And, but just quickly on the gross margin improvements; we saw a 400 basis point our performance this year, compared to same quarter last period. Can you give us a little color on the -- as you bill out the cloud module, the amount of leverage you get as compared to how many modules you build out versus how many basis points gross margin improvements, is there like a correlation that we should expect to see between the two?
Burt Podbere
Yes, thanks for the question. So here's the great news about our platform. So once you buy that first module it absorbs the COGS every module after that is, virtually, our gross margin. So every module bring on top and every module that a customer would buy on top of the first one. We're going to see full incremental margin enhancements, now each module that we can come out with could be a different price, so it would vary on modules.
George Kurtz
And just to follow on to that, that's really the power of the architecture we built with the Threat Graph. We collect once and reuse many. So once that data is in the Threat Graph, it can be analyzed, used for AI and then obviously it powers all the other modules. So once we've already collected it, as Burt said it's virtually pure margin after the fact [ph].
Unidentified Analyst
Thank you for taking my questions. And again, congrats on the strong execution.
George Kurtz
Thank you.
Operator
Thank you. Our next question comes from Andrew Nowinski with Davidson. Your line is now open.
Hannah Rudoff
Hi, this is Hannah on for Andy, after posting a strong customer and ARR growth, what factors do you see accelerating ARR growth moving forward as the year-over-year comparisons get tougher because your metrics seems to hint that the growth should continue. Thank you.
George Kurtz
So thanks for the question. So again, I think we don't really comment on ARR, in terms of guidance or anything like that, but again it goes back to, we continue to see this great momentum in the business and as we entered Q4. I mean the pipe has been more substantial than anything else, we've seen before. And so that gives us the confidence to be able to talk about some of the things we've talked about in next year.
Operator
Thank you. This concludes today's question-and-answer session. I would now like to turn the call back over to George Kurtz for closing remarks.
George Kurtz
Sure, thank you. I want to thank all of you for your time today. We really appreciate your interest and look forward to speaking with you next quarter. Have a great holiday. Thanks.
Operator
Ladies and gentlemen, this concludes today's conference call. Thank you for participating. You may now disconnect.