CrowdStrike Holdings, Inc.

CrowdStrike Holdings, Inc.

$372.26
14.71 (4.11%)
NASDAQ Global Select
USD, US
Software - Infrastructure

CrowdStrike Holdings, Inc. (CRWD) Q1 2022 Earnings Call Transcript

Published at 2021-06-03 20:51:05
Operator
Good day, and thank you for standing by, and welcome to the CrowdStrike Holdings First Quarter Fiscal 2022 Financial Results Conference Call. At this time, all participants are in a listen-only mode. After the speaker presentation, there will be a question-and-answer session. [Operator Instructions] Please be advised that today’s conference is being recorded. [Operator Instructions] I would now like to hand the conference over to your speaker today, Maria Riley, Vice President of Investor Relations. Please go ahead.
Maria Riley
Good afternoon, and thank you for your participation today. With me on the call are George Kurtz, President and Chief Executive Officer and Co-Founder of CrowdStrike; and Burt Podbere, Chief Financial Officer. Before we get started, I would like to note that certain statements made during this conference call that are not historical facts, including those regarding our future plans, objectives, growth and expected performance, including our outlook for the second quarter and fiscal year 2022 are forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. These forward-looking statements represent our outlook only as of the date of this call. While we believe any forward-looking statements we make are reasonable, actual results could differ materially because the statements are based on current expectations and are subject to risks and uncertainties. We do not undertake and expressly disclaim any obligation to update or alter our forward-looking statements whether as a result of new information, future events or otherwise. Further information on these and other factors that could affect the Company’s financial results is included in filings we make with the SEC from time-to-time, including the section titled Risk Factors in the Company’s quarterly and annual reports that we file with the SEC. Additionally, unless otherwise stated, excluding revenue, all financial measures discussed on this call will be non-GAAP. A discussion of why we use non-GAAP financial measures and a reconciliation schedule showing GAAP versus non-GAAP results is currently available in our press release, which may be found on our Investor Relations website at ir.crowdstrike.com or on our Form 8-K filed with the SEC today. Please also note that in light of our recent acquisition of Humio management will provide additional information into our guidance assumptions. We do not intend to provide this additional information on an ongoing basis. With that, I’ll turn the call over to George to begin.
George Kurtz
Thank you, Maria, and thank you all for joining us today. We delivered an outstanding first quarter, and fiscal year 2022 is off to a record start for CrowdStrike. Building on last year’s milestone performance, we started and finished the first quarter with strong momentum and results exceeding our expectations. We saw strength in multiple areas of the business, added $143.8 million in net new ARR and grew ending ARR 74% to exceed $1.19 billion. Burt will provide the details of our financial performance and I will focus my remarks on three key points. First, customers are increasingly turning to CrowdStrike as their trusted security cloud platform of record. As we extend the platform beyond core protection, we’re seeing strong momentum in cloud workloads, IT operations and our expansion into DevOps. Our platform includes 19 modules and easily allows customers to consolidate agents and reduce debt. Second, our leadership is recognized by both customers and industry analysts such as Gartner and Forrester. Our growing brand has become the cybersecurity gold standard, translating into a broad customer base that is scaling rapidly, deeper penetration within verticals and our strong financial success. And third, the demand environment is robust, driven by strong secular trends, including digital and security transformation, cloud adoption, and an ongoing heightened threat environment. This includes the massive influx of ransomware and the operational impact of these attacks that have been seen over the past two years. We believe these dynamics will provide CrowdStrike a runway for long-term sustainable growth. Now, let’s discuss these topics in more detail. It only takes a quick glance at current headlines to know that the threat landscape is fierce and growing in intensity every day. High profile breaches and vulnerabilities like SUNBURST, pipeline and infrastructure attacks, and zero-day vulnerabilities in Microsoft Exchange, are only the tip of the spear. Threat actors are well-resourced and becoming more sophisticated. At the same time, Ransomware as a Service sites are making it easier for even novice e-criminals to run successful and lucrative campaigns, which is contributing to the proliferation of ransomware activity. Our 2020 CrowdStrike Global Security Attitude Survey revealed that more than half of organizations surveyed worldwide have suffered a ransomware attack within the previous 12 months. At the same time, organizations need to transform their businesses in order to keep up with evolving business needs, such as work-from-anywhere and moving their critical applications and workloads to the cloud. Both of these factors exponentially expand the Company’s threat landscape and increase their risk of a breach. Today’s threat environment highlights the need for organizations around the world to transform their security and adopt a Zero Trust architecture in order to protect their digital assets, identities and core infrastructure. The lessons learned from recent attacks emphasize why legacy or perceived good enough next-gen tech is no match for today’s adversaries, leading to a crisis of trust among these vendors, whereas CrowdStrike has emerged as a trusted leader. CrowdStrike’s mission to stop breaches has never been more relevant. The Falcon platform is at the epicenter of restoring trust to the security posture of companies worldwide. The integration of threat intelligence and threat hunting into the Falcon platform provides us deep insights into the adversaries and how they operate. The extensive capabilities of the Falcon platform significantly set CrowdStrike apart from both legacy and next-gen vendors. This includes our acquisition of Preempt and Humio, which should not have been more timely, as companies are looking for new ways to shore up protection of their active directories, stop lateral movement, and have even greater real-time visibility in search into their endpoints, identities, applications, network edge and cloud from a single data layer. Customers are increasingly turning to Zero Trust solutions to combat threat actors that leverage identity-based attacks and move laterally within their targeted environments. We won multiple Falcon Zero Trust deals in the quarter, including a global leader in auto manufacturing of fortune 500 manufacturer of high-tech materials and equipment, a provider of IT management software, and a municipality, among others. Additionally, when it comes to log management, companies are looking for technologies with the same characteristics as their security, reliability, scalability, speed and real-time queries in a cost-efficient manner. Even though we just acquired Humio in March, customer interest is very high. And in Q1, we already secured new deals across multiple industries, including financial services, technology and law enforcement. A new Humio customer that I would like to highlight is a Fortune 500 company that was using multiple legacy on-prem log management products to manage a variety of use cases across their security and dev team. In addition to the complexity of using multiple products, this company was struggling with increasing data ingestion costs, looking to migrate to a cloud-based solution that would reduce costs, enhance visibility, and be easy to implement. They chose Humio over a leading competitor in the space. Humio was selected for its index-free ingesting capabilities, faster search speeds, and customizable dashboards that provide them with greater insights in automation than any of the competitive products they evaluated. This customer is now able to meet their daily three terabyte data ingest needs with a single solution, allowing them to take full advantage of their data at the speed and scale of the cloud. Since our inception, driving innovation has been at the core of CrowdStrike’s mission. As a result, we pioneered cloud endpoint security and have extended data to include workload protection. Our determined focus and uncompromising commitment to excellence has led to a trusted leadership position in a platform that encompasses 19 modules spanning multiple markets, including identity, XDR, and log management. Driving innovation throughout our product offering and bringing new functionalities to market that leads to better and faster outcomes for our customers will continue to be a top priority. In May, we announced Falcon Fusion, a unified and extensible cloud scale framework that provides easy-to-use custom automation to simplify enterprise security workflows and help security teams solve real-world problems with fewer resources and greater accuracy and speed. We also recently announced an expanded partnership with Google Cloud through a series of product integrations with the Falcon platform and Google Cloud suite of security products. These integrations will help security and dev ops teams increase visibility of threat actors across cloud and hybrid deployments, and enable them to act much more quickly to address them. As customers have begun adopting our cloud workload protection and Cloud Security Posture Management, demand for integrations with the GCP security suite have accelerated. We are confident that the partnership with Google will drive additional value and adoption by those who are standardizing on GCP, as well as those employing a hybrid cloud strategy. We continue to extend our cloud leadership position by announcing new features to our Cloud Security Posture Management module, Falcon Horizon. These new capabilities provide security teams, the ability to easily manage and protect multiple cloud environments from a single cloud-based console. Powered by CrowdStrike’s industry-leading threat intelligence, Falcon Horizon is the first CSPM solution to deliver behavioral detection using IOAs of threats to the cloud control play. Horizon utilizes an adversary-focused approach for continuous in-depth control plane threat detection across an organization’s cloud accounts, services and users for AWS and Azure. The expansion of our Falcon platform and growth of our brand leadership has brought in new customers at a rapid pace, driven incredible momentum with industry analysts and partners, and translated into strong financial results. We are gaining strong industry recognition across multiple well-respected sources. Our most recent achievements included, once again, taking a leader position in the 2021 Gartner Magic Quadrant for Endpoint Protection Platforms. In the report, we are not just in the leader’s quadrant, we are leading the path on Completeness of Vision with CrowdStrike by far the furthest to the right. We believe that our position in the Magic Quadrant shows that we are clearly separated from the competition and that we’re in rarefied territory as a leader that continues to outpace legacy and next-gen competitors in execution, strategy, innovation and vision. We also received the highest score for Lean Forward organizations in Gardner’s Critical Capabilities for Endpoint Protection Platforms report. Likewise, Forrester Research named CrowdStrike, a leader in endpoint security software-as-a-service in the Forrester Wave Q2 2021 report. We also received the highest scores possible within 17 criteria in the report. Forrester also named CrowdStrike a leader in both, the Forrester Wave Q1 2021 Managed Detection and Response, and External Threat Intelligence Services reports. We were also recognized as best cloud computing security solution and best managed security service at the 2021 SC Awards where Shawn Henry, our President of Services and Chief Security Officer, received a Security Executive of the Year award as well. Falcon achieved 100% detection coverage in all 20 steps of the MITRE ATT&CK evaluations, showcasing the effectiveness of our platform. And lastly, the Falcon platform achieved 100% protection rate in the AV Comparatives Business Real-World Protection Test for the March-April 2021 period, and the highest AAA rating in the Q1 Enterprise Endpoint Protection Evaluation from independent testing organization SE Labs. We are proud of our continued strong track record of proven efficacy. Our participation in highly regarded industry evaluations showcase our commitment to stop breaches and drive transparency with customers. A crucial part of our commitment is to continually test our solution, validate its capabilities and find opportunities to improve. It’s unfortunate that some vendors decline to compete in these public tests, including so-called next-gen players. This lack of scrutiny is a significant disservice to all customers who would benefit from greater transparency. We believe the industry’s strong recognition of CrowdStrike validates our vision, empowering organizations to embrace security transformation and stop sophisticated adversaries through the power of a cloud-native platform. We believe the rapid expansion of our partner ecosystem also demonstrates our growing leadership position. As we discussed in our webinar in April, our partner-sourced ARR grew 86% in fiscal year 2021. Partners naturally gravitate to market leaders as it helps them bring in new customers. And likewise, customer choice helps propel vendor prominence within the partner community. Our leadership position is driving strong engagement with partners of all sizes, which is contributing to our growing presence among the highest levels, including Boards and CIOs. As we announced a couple of weeks ago, we strengthened our alliance with another trusted industry leader, EY. Falcon is now one of EY’s preferred cybersecurity platforms. The expanded collaboration also introduces extension into new geography areas as well as three new joint offerings. With these new offerings, we expect to leverage EY’s consultants to drive CrowdStrike’s subscription sales, similar to how we leverage our own professional services team, which in FY21 on average drove $5.51 in subscription ARR for every dollar spent on initial incident response or proactive service engagement among organizations that first became a professional services customer after February 1, 2019. Additionally, our partnership with Zscaler continues to deepen as we both invest in our technology and commercial relationship. We announced multiple new technology integrations with Zscaler this quarter and are also excited to report that they are now a CrowdStrike customer. Additionally, one of our marquee wins in the quarter was brought to us through our tech alliance with Zscaler. This Fortune 100 global insurer chose CrowdStrike to help further its digital transformation initiatives and fortify its security, replacing a patchwork of four legacy and next-gen vendors. Falcon was selected over Microsoft to replace these incumbents for its ability to consolidate multiple agents, improve performance and protect their endpoints in cloud environments with one single agent. The voice that matters most is the customers’, and they are increasingly turning to CrowdStrike as their trusted security platform of record and validating our leadership. In the first quarter, we reached a new milestone as our subscription customers well surpassed the 10,000 mark. We added 1,524 net new subscription customers including the customers we acquired from Humio. On an organic basis, the net new subscription customers added in the quarter grew 69% year-over-year. We now proudly serve 11,420 subscription customers worldwide. Our growth across the market is very-diversified as we are winning customers of all sizes and industries. In Q1, we also saw strong demand in the public sector, landing several U.S. federal wins in both civilian and defense and expansion business with the largest healthcare agency. We are optimistic in our ability to expand within these accounts over time, especially given the renewed focus to bolster the nation’s cyber defenses as outlined in the White House’s cybersecurity executive order. Adding customers at this rate and among companies of all sizes and verticals is not an easy task. Our go-to-market engine is executing on all fronts to seize on the strong demand we see in the market, so we can help even more customers restore trust in their security posture. The investments we have made in the frictionless deployment of our platform and frictionless sales motion, which includes trial to pay and in-app trials have never been more important. The same can be said for our strong partner ecosystem with leading partners like AWS and EY. These advantages minimize barriers to adoption, expand our reach and shorten the sales process, which we believe provides us an edge over the competition. We believe we can execute on market demand faster than any other vendor whereas even next-gen competitors struggle with a complex sales process and even more complex deployments that are difficult to scale out of the lab. Our growing leadership at the trusted security partner of choice is also reflected in our continued success in driving module adoption. Subscription customers that have adopted 4 or more modules, 5 or more modules and 6 or more modules increased to 64%, 50% and 27%, respectively, in the first quarter. We are growing our footprint to cover more customer assets with new and existing customers alike. This includes adoption of newer technologies such as Falcon Cloud runtime protection, Zero Trust and Humio. In the last quarter, we more than doubled ARR from our newly launched cloud workload modules. We are rapidly scaling our overall cloud footprint with greater than 20% of all servers we protect being in the public cloud. We are also expanding our dev ops capabilities and seeing success selling into dev ops environment as we continue to help customers reduce their attack surface and unify cloud security posture management and breach protection. Let me share a few customer examples that demonstrate how the power of the Falcon platform translated into strategic customer wins. A Q1 deal I’d like to highlight was an expansion with Cloudera, a cloud-native, enterprise data company that provides insights using machine learning and analytics. Viewing effective security as essential to their operations, Cloudera has been a CrowdStrike customer for their traditional endpoints for multiple years. Looking to further leverage the CrowdStrike Falcon platform to protect their ephemeral cloud environment, Cloudera purchased a fully managed solution for Falcon Horizon, Cloud Workload Protection, Discover for Cloud and container and Falcon complete to provide them with a fully managed and hassle-free solution. Our next customer win is with a Fortune 150 multinational manufacturing company. After trying to deploy Microsoft Defender for over a year, they found themselves frustrated with the level of complexity and the cumbersome agents, resulting in less than a third of their endpoints protected. On top of that, the recent zero-day Microsoft Exchange vulnerability has exposed them to risk of a potential breach, and they would have to wait months before Microsoft could deliver a patch to fully resolve the issue. This is when they turned to CrowdStrike. With our single lightweight agent that doesn’t require a reboot, this new customer found Falcon easy to deploy, fast and effective. As a result, they purchased 5 modules and deployed globally in a matter of weeks. The last customer win I will share with you is a health care services provider. This new customer was looking to quickly move off their SentinelOne implementation after experiencing several outages caused by sensor updates, impacting their critical business operations. Frustrated at the lack of scalability, need for manual updates and continuous crashes with SentinelOne, this customer chose CrowdStrike over other providers including Carbon Black and Palo Alto Networks. Falcon outshined the competition given its ease of use and frictionless, fast and reboot-less deployment. Purchasing 8 modules, including Spotlight, Horizon and Discover for Cloud and containers, Falcon is now protecting their multi-OS estate of traditional end points as well as their previously unprotected cloud workloads. In summary, the fundamental reasons why we have earned our leadership position and are winning customers at a rapid pace over both legacy and next-gen vendors are: the Falcon platform’s ability to fully utilize the power of the cloud and AI to stop breaches and provide community immunity; our ability to easily and rapidly deploy our lightweight agent at scale across both, endpoints and workloads without requiring a reboot, while other next-gen vendors fail to scale and require reboots; our platform is easy to use and easy to manage all from a single user interface; and our ability to leverage the power of the cloud to collect data once and solve many real-world business problems that deliver better outcomes and immediate ROI for customers. Customers recognize that Threat Graph and our ability to stream data to the cloud in real time are unique to CrowdStrike. This is very different from other vendors, including upstarts that silo their data and upload data in delayed batches. Any vendor with an on-prem solution is currently unable to fully utilize the power of the cloud. With one data store, CrowdStrike analyzes data almost instantaneously across our entire customer base, providing real-time protection, community immunity and better training data for our AI algorithms. This allows us to deepen our competitive moat. While a robust demand environment may serve as a temporary lifeline to inferior technology, when I look at the competitive landscape, I couldn’t be more confident in our leadership position. I do not see another vendor in the market with our vision, platform, scale or ability to execute at scale. Our leadership as a trusted security platform of record and strong financial performance stands as a testament that CrowdStrike’s dedication to innovation, protecting customers and transforming the security industry. I’d like to thank every CrowdStriker for all that they do day in and day out to make us the best in the business. With that, I will turn the call over to Burt to discuss our financial results in more detail.
Burt Podbere
Thank you, George, and good afternoon, everyone. As a quick reminder, unless otherwise noted, all numbers except revenue mentioned during my remarks today are non-GAAP. Before we get started, I will note that the results we are reporting today include the acquisition of Humio. To assist with your models, we will share select details regarding Humio’s impact on Q1. However, we do not intend to disclose these details on an ongoing basis. The acquired net new ARR from Humio was approximately $3.6 million, which is reflected in both, the ending and net new ARR results we are reporting today. From the acquisition of Humio, we also gained 119 net new customers in the quarter. Given the acquisition closed during the quarter and the impact of fair value purchase accounting adjustments related to deferred revenue, the GAAP revenue recognized from Humio was de minimis to our results. The acquisition also added approximately $5 million to operating expenses in the quarter, which again represents about two months of quarterly expenses. Moving to our results. We delivered an exceptional first quarter. In addition to strong growth at scale in the first quarter, we continue to maintain very high unit economics, drive leverage and remain very capital efficient, generating record operating and free cash flow. Additionally, we continue to perform at a high level, well in excess of the SaaS industry’s Rule of 40 benchmark, achieving a Rule of 80. Demand in the quarter was broad-based and fueled by strength in multiple areas of the business. Similar to last quarter, demand for our solutions was well-balanced between new customers and expansion business and between large enterprises and mid-market and smaller accounts. We once again ended the quarter with a record pipeline, which we believe indicates a strong foundation for future growth. In the quarter, we delivered 74% ARR growth year-over-year to reach $1.19 billion. In the last 12 months, we have added more than $0.5 billion to ARR. Rapid new customer acquisition as well as expansion business within existing customers drove substantial growth in the first quarter, once again resulting in very strong net new ARR which came in at $143.8 million. Our dollar-based net retention rate once again exceeded 120%. Moving to the P&L. Total revenue grew 70% over Q1 of last year to reach $302.8 million. Subscription revenue grew 73% over Q1 of last year to reach $281.2 million. Professional services revenue was $21.6 million, setting a new record for the third consecutive quarter and representing 36% year-over-year growth. In terms of our geographic performance in Q1, we continue to see strong growth in the U.S. as well as international markets. Revenue growth in the U.S. increased to 70% and contributed approximately 73% of first quarter revenue. Approximately 14% of revenue was derived from Europe, Middle East and Africa markets; 10% from Asia Pacific; and approximately 3% from other markets. We remain focused on building a long-term business with sustainable growth and compelling margins. In Q1, we recognized strong operating leverage in our SaaS model and the benefits of scale even as we increased investments in our global reach and cloud platform. First quarter non-GAAP gross margin was 77%, up approximately 150 basis points from Q1 of last year. Our non-GAAP subscription gross margin was 79% compared with 78% in Q1 of last year. We continue to be pleased with our strong subscription gross margin performance. While we expect gross margin to fluctuate quarter-to-quarter, we expect it to remain solidly within our increased target model range of 77% to 82% or more as we march to fiscal year 2025. Total non-GAAP operating expenses in the first quarter were $202.9 million or 67% of revenue versus $133.0 million last year or 75% of revenue. As planned, we continued investing aggressively in our business during the quarter, including increasing investments in new technologies, international geographies and marketing programs. We believe the investments we are making today will lead to sustained growth over the long term and maintain our pole position as the trusted security partner of choice. Scaling our business efficiently remains a top priority, which is why we intensely focus on our unit economics, including Magic Number. In Q1, we ended with a Magic Number of 1.4 which is an increase over last quarter and indicates that we should continue investing in our large and growing market opportunity. First quarter non-GAAP operating income was $29.8 million, and operating margin improved 9 percentage points over Q1 of last year to reach 10%. Non-GAAP net income attributable to CrowdStrike in Q1 was $23.3 million or $0.10 on a diluted per share basis. Our weighted average common shares used to calculate first quarter non-GAAP EPS attributable to CrowdStrike was on a diluted basis and totaled 237 million shares. We ended the first quarter with a strong balance sheet. Cash and cash equivalents totaled approximately $1.68 billion. This takes into account the $352 million net cash consideration we invested to acquire Humio. Cash flow from operations in the first quarter grew to $147.5 million and free cash flow increased to $117.3 million or 39% of revenue, setting new records for both measures. As a reminder, given the timing of expenses, seasonality of new hires and the midyear ESPP purchase, the second quarter is generally our lowest cash flow generation quarter. Moving to our guidance. We continue to remain optimistic about the demand for our offerings, record pipeline and the powerful secular trends fueling our growth. Given the growth drivers of our business as well as our exceptional first quarter performance and momentum into the second quarter, we are raising our guidance for the fiscal year 2022. While we do not specifically guide to ending or net new ARR, we expect seasonality in net new ARR to be less pronounced relative to prior years as we move from Q1 into Q2, given the outstanding outperformance in Q1. Additionally, recall that in Q2 of last year, net new ARR included the second largest deal in the Company’s history, which contributed low 8 figures to ARR. For the second quarter of FY22, we expect total revenue to be in the range of $318.3 million to $324.4 million, reflecting a year-over-year growth rate of 60% to 63% with subscription revenue being the dominant driver of growth. We expect non-GAAP income from operations to be in the range of $26.3 million to $30.7 million, and non-GAAP net income attributable to CrowdStrike to be in the range of $17.7 million to $22.1 million. We expect diluted non-GAAP net income per share attributable to CrowdStrike to be in the range of $0.07 and $0.09, utilizing a weighted average share count of 238 million shares on a diluted basis. For the full fiscal year 2022, we currently expect total revenue to be in the range of $1,347.0 million to $1,365.7 million reflecting a growth rate of 54% to 56% over the prior fiscal year. Non-GAAP income from operations is expected to be between $115.7 million and $129.6 million. We expect fiscal 2022 non-GAAP net income attributable to CrowdStrike to be between $83.1 million and $97.0 million. Utilizing 239 million weighted average shares on a diluted basis, we expect non-GAAP net income per share attributable to CrowdStrike to be in the range of $0.35 to $0.41. George and I will now take your questions.
Operator
[Operator Instructions] Our first question will come from the line of Saket Kalia from Barclays. You may begin.
Saket Kalia
Okay, great. Hey, guys, thanks for taking my question here. George, maybe for you, a lot of nice sample wins you mentioned in your prepared remarks, particularly in the cloud portfolio part of the business. Understanding it’s still early with some of those tools, I was wondering if you could share what customers have said about their willingness to use third-party security tools for public cloud workloads, and also about the competitiveness of Falcon in the public cloud.
George Kurtz
Sure. So, hey Saket, good to connect here. Customers are very willing to use our technology. As we’ve talked about many times, they’re looking for a holistic solution across multiple clouds, not just one cloud provider. They’re looking for a single agent that not only can give visibility and protection in their corporate enterprise, but also in their cloud environment. And in terms of the willingness to use it, it’s an extremely competitive product. We continue to add more and more capabilities, including drift detection now if these workloads drift and containers drift, which is a real boon for the devops team. So, we’ve spent a lot of time selling into that group. We’ve got a lot of traction there. And as I mentioned before, a lot of our cloud technology, not necessarily new product, particularly things like Horizon because we built it for internal use before we actually delivered it to the market. So, in general, it’s a greenfield opportunity in cloud. There’s not a lot of competitors and the existing technologies we have to displace. And we’re really excited about the momentum we’ve seen in that particular category.
Saket Kalia
Great. Thanks very much.
Operator
Our next question will come from the line of Sterling Auty from JPMorgan. You may begin.
Sterling Auty
Yes. Thanks. George, maybe just on the cloud side. I think this is an area that people have -- are struggling to understand the different pieces of what fits to make a cloud security stack. Can you maybe help us understand what piece of the puzzle will CrowdStrike provide going forward? Where will you partner? And what parts will be delivered by others in the industry?
George Kurtz
Sure. So, you have to separate, again, the network components out from the workload components. And there are other players that have virtual firewalls and network technology. So, we need to separate that out because we don’t actually supply that. So, specific to workloads, containers, virtual instances, we have the ability to protect at runtime. So, similar to what we do today in a normal environment, we can identify threats and prevent those using machine learning and behavioral technologies. We’ve got the ability to understand and stream data, EDR data, if you will. And we also have cloud security posture management, which gives you the configuration of that infrastructure. And what’s different than a normal corporate environment is that since customers in the cloud don’t control the infrastructure, it’s mostly set up via policy settings. And a lot of those settings can go awry or be misconfigured. So, we’re handling the policy piece and the configuration of the infrastructure as well as the workload protection piece, as well as understanding the configurations of these containers, as an example, to understand if there are vulnerabilities or drifts. So, in our mind, in terms of workload protection, we’re covering a full suite of protection capabilities that a customer would need.
Sterling Auty
That makes sense. Thank you.
Operator
Our next question will come from the line of Matt Hedberg from RBC Capital Markets. You may begin.
Matt Hedberg
Hi, guys, thanks for taking my question. Congrats on a really strong Q1. George, you’ve got over 11,000 customers, and you’re seeing acceleration there on customer adds. And I think what strikes me, and it was really coming out of your last financial update was it still looks like you’re early and potentially could 10x your customers and still not be fully penetrated into that global opportunity. I guess, I’m wondering from a high level, could you talk about your strategy in going after the next 10,000. How might that change versus the first 10,000? And where do you see the biggest opportunities for share gains?
George Kurtz
Sure. Well, as we’ve talked about in the past, we’ve built a tremendous sales machine and we spent a lot of time, obviously, focusing on the scalability of the technology but also the scalability of the sales machine. And things like trial to pay, in-app trials, creating frictionless ways to actually cross-sell into our customer base, that’s really important for what we do. And when we think about the next 10,000 or beyond, and as you said, 10,000, 11,000 is fantastic. But when you look at other competitors over the many, many years, they’ve had hundreds of thousands. So, we certainly think we can be in that arena in the future. And it goes to, I think, a very efficient go-to-market motion. Burt talked about our Magic Number of 1.4. And it also combines with the fact that we’ve built an e-commerce platform behind or below, if you will, the Falcon platform. So, the platform is designed to sell itself and to get new customers and we spend a lot of time on digital to trial to pay and then conversions. And whether it’s a small customer or whether it’s a large one in enterprise, once we get them in the door, we certainly can’t convert them with a credit card, but obviously, the bigger customers will engage on the sales team and a partner and close deals. And now with things like AWS and GCP and EY, we’ve expanded our partner network. So we feel really good about the flywheel we’ve built and the scalability -- sales scalability built into the platform.
Matt Hedberg
Thanks, guys.
Operator
Our next question will come from the line of Shaul Eyal from Cowen. You may begin.
Shaul Eyal
Thank you. Good afternoon, guys. Congrats on the strong set of results. George or Burt, when looking at your net new 1,500-plus customers, even when you exclude the Humio a little bit, can you outline to us whether they are predominantly midsized or high-end enterprises. If you had to put a ballpark on the average number of modules that are currently deployed, is it three or even more than that per new customer?
Burt Podbere
Hi, Shaul, great to hear your voice. So, I’ll take the second part of your question first. Number one, as new customers come on board, we’re seeing them deploy more and more modules. That goes also talk to the fact that we have more modules for customers to purchase. On the second part, in terms of where we’re seeing uptick with respect to new customers and new logos, obviously, a lot of the velocity is coming from some of the smaller -- the SMB and mid-market because it does take less time for -- to contract a deal. But the good news is that we’re capturing deals both at the large enterprise level, mid-market and SMB, across the board.
Shaul Eyal
Thank you for that.
Operator
Our next question will come from the line of Brian Essex from Goldman Sachs. You may begin.
Brian Essex
Hi, good afternoon, and thank you for taking the question, and congrats on a good set of results. Maybe George, I want to dig into -- in your prepared remarks, you mentioned the partnership with Zscaler. And I know Zscaler called out that I think you brought them into a large investment bank deal. And then here you called out that they pulled you into an insurance deal. Maybe if you could -- if we could take a step back more thematically and understand the driver behind those deals. Is it the two of you going together with an end-to-end -- endpoint through network security Zero Trust deal, or maybe to better understand the go-to-market behind some of these partnerships and what’s driving those deals would be helpful?
George Kurtz
Sure. I think, thematically, its customers are looking for a next-gen endpoint workload technology platform like CrowdStrike combined with next-gen network technology, and they’re looking to replace their legacy Palo Alto Networks. And we spent -- or others. And we spent a lot of time in the field, and we’ve set up compensation structures between the two organizations, where both sales teams are incented to help each other out, which is always good in the field. And we’ve done the integration. So, when we think about understanding what happens out of the network, obviously, we’re not a network company, that information can be supplied to us in the Falcon platform. And we’ve got tremendous visibility on the endpoints that go beyond anything a network company could have, and that’s useful to Zscaler customers. So, when you put the two of them together, we think it’s better together. And we’ve got a huge hotel company that uses both, Zscaler and CrowdStrike. And it has just been amazing to see the technologies work together, and they’ve been a big fan and a big proponent of us putting these integrations together. So, I think it’s good for customers and it’s good for both parties.
Operator
Our next question will come from the line of Andrew Nowinski from D.A. Davidson.
Andrew Nowinski
Great. Thank you. And congrats on another fantastic quarter. I wanted to just get a question in on the net new ARR this quarter. So you, again -- you saw no seasonality from Q4 to Q1, which I think is the first time at least the last three years where net new ARR has not declined sequentially, clearly indicating a significant change in the spending environment. In the past, I think you’ve talked about AWS driving a significant percentage of that net new ARR. So, I was curious, was that again the key driver this quarter that enabled CrowdStrike to define normal seasonality?
Burt Podbere
Hey Andy, this is Burt. So, I think it’s just more broad-based demand. I don’t think it’s necessarily focused in just AWS. I think, the great news is we essentially delivered a second Q4 in Q1, to your point. You’ve been following us closely. I think it’s the continuation of trends we have been seeing for quite some time. George talked about them, the digital and security transformation, cloud adoption, this robust threat landscape. And I think we’re in a buying environment. And so, we’re really excited to be able to post such a strong Q1. But I think, again, it goes back to the broad-based demand. But thanks for tracking that information.
Operator
Our next question will come from the line of Rob Owens from Piper Sandler.
Rob Owens
Could you guys elaborate on some of the success you’re seeing in the public sector? Obviously, a growing commitment from the administration towards Zero Trust, and you mentioned a couple of wins. So, maybe just help us understand the success you’re seeing and how big that opportunity could be. Thanks.
George Kurtz
Sure. Good to connect here. When you look at the -- some of the orders that have come out of the White House, it will -- if you will, it’s like -- lines up with our strategy, lines up with what we do. And I think certainly, the federal government can benefit and has been benefiting from our technology. We spent our initial foray into the civilian agencies, and that gives you a beachhead into some of the broader intelligence agencies. So, we’ve gotten a lot of our certifications that has taken some time. That’s just a process that anyone has to go through. We put the effort in and spend the money to do it. And we think we’re set up for success. So, we’ve seen some really nice wins, big wins in the federal space. And we think that’s going to continue to carry forward. And when we think about federal, that’s just one piece of the government. Obviously, state and local, we’ve had tremendous wins. A lot of the states in the U.S. certainly have adopted CrowdStrike, a lot of municipalities and communities. And as you’ve seen with ransomware and some of the other forest attacks that are out there, typically, they are under protected and they need technologies like CrowdStrike. And they typically don’t have the people power to do it. So, we feel really good about fed, state and local from a platform perspective.
Operator
And our next question will come from the line of Mike Walkley from Canaccord Genuity.
Mike Walkley
Hey. Thanks. And my congrats on the strong results. I guess, George, a question for me is just with the sale of McAfee’s enterprise business and the lack of innovation out there and growing industry concerns for legacy solutions. I was hoping you could maybe share your thoughts on what inning you think you’re in regards to taking share from legacy vendors. And how all these recent ransomware attacks might be accelerating the transition from legacy solutions to yours.
George Kurtz
Sure. It’s a good question. And I think we’re still in the early innings, maybe second inning in terms of our ability to continue to take share. And actually, just today, IDC released an updated worldwide market share stat from modern endpoint security, and CrowdStrike was ranked number one, ahead of Microsoft and other legacy vendors. So, we feel really good about where we are. But, as we talked about earlier on the call, 11,000-plus customers, fantastic, but there’s a lot of companies out there, big and small, and we still think we’ve got a lot of runway, and still continue the migration of -- and share from Symantec and McAfee to CrowdStrike. So, still early on, but obviously, lots of progress that we’re proud of.
Operator
Our next question come from the line of Alex Henderson from Needham.
Alex Henderson
Great. Thanks. There’s been a lot of attacks and some pretty high visibility ones of late. In fact, the intensity and rapidity of these attacks seem to be escalating as Biden’s going into meeting with Putin. I was wondering if you could give us some clarity on the efficacy of your system which is, I think, probably the most important variable to look at relative to any security company in terms of handling those attacks that have recently occurred and how it has or has not impacted your customers. Thanks.
George Kurtz
Yes, sure. So, we went through some of the prepared remarks in terms of our efficacy and some of the latest results that we’ve seen with the testing organizations. I’ll point you back to those, 100% for the last couple of months. Obviously, that’s just one piece of it, right? You have to look at the entire system and it’s designed to stop breaches. And we stopped last year, I think, 65,000 -- or 75,000, I should say, in process breaches. So, we know the technology works. We know it has extremely high efficacy. MITRE ATT&CK, we had 100% coverage across the 20 different groups. And there’s a reason why we’re winning. The technology works, the technology scales. And it’s designed to catch things across the kill chain. Even if something slips through one part of the kill chain is designed to catch it in the second part and stop breaches. And that’s what we’ve done from the beginning, and that’s what we’re going to continue to do.
Operator
Our next question will come from the line of Jonathan Ruykhaver from Baird.
Jonathan Ruykhaver
George, I think this one is for you. Gartner -- some Gartner research I was reading recently noted growing competition commoditation on log management offerings across a lot of companies both public and private. And obviously, logs are important to contributing to the richness and breadth of data sources. So, I could see how it’s very important for applications like EDR, XDR and et cetera. But just wondering your thoughts looking forward, how do you maintain differentiation on the data side given some of those forces around commoditization?
George Kurtz
Sure. I mean you can -- any company has lots of data, it’s the value and what you do with it. And I think CrowdStrike has proven our ability to utilize the data. And whether that’s in training our AI algorithms or whether that’s creating a product that can actually be quickly searched and insights be gained. With our Threat Graph, we’ve pioneered cloud delivery end point and graft technology specific to security. So, I think that continues. With Humio, you’ve got fantastic technology, extremely fast, extremely efficient, in-memory, index-free, driving down the cost compared to legacy technologies that are out there on the lock side. And that will be a key part of our XDR extension in our strategy. And we’ve seen fantastic feedback from customers. I called out some big wins that we had with Humio. And as that gets integrated, which we’re working on, we feel really good about having the ability to pull other information besides CrowdStrike data into our data platform and our Threat Graph and make that available to customers. So, I think it comes down to -- again, there’s a lot of marketing noise in the marketplace. But when you actually look at the technology which we have and why we bought Humio, we feel really good about it as a next-gen technology that’s going to be a good fit for our platform.
Operator
Our next question comes from the line of Ittai Kidron from Oppenheimer.
Ittai Kidron
Thanks. Hey, guys. Great quarter. I want to go back to the cloud, George, if I may. Can you talk about the cloud workload and Horizon. How often are dissolving conjunction, both of them together. Is there a high attach rate for those two? And with respect to your attach rates, the 4 to 5 and 6 modules, clearly those are doing very well for you. But how frequently are cloud workload protection and Horizon part of those 4, 5, 6?
George Kurtz
Well, I would say, much more frequently now. Obviously, Horizon is still a relatively new entrant into our portfolio as of last year. But, we talked about Cloudera is a good example. That was a company who had our traditional endpoint protection and obviously, now adopted our cloud technology. So, we have a big base that we can go into and cross sell, which we are. And part of the conversation with any new customer is about what you’re doing in the cloud and how you’re protecting it. Some companies, they have a different time scale or path to the cloud. And it may not line up exactly to what they’re doing internally or for their end points. But every sales call, certainly at the larger enterprise in the medium, we’re talking about our cloud technology. It’s really about the platform play. And again, we’ve seen tremendous success in the overall adoption just over the last couple of quarters with it. So, it’s been out less than a year. But I think when you look at how fast we’re innovating in that area and our ability to actually sell into dev ops, we feel really good about its future.
Operator
Our next questions come from the line of Gray Powell from BTIG.
Gray Powell
Congratulations on the great results. So yes, maybe focusing in on ARR. So, if I look at Q1, your net new ARR of $144 million, that’s up 68% year-over-year in Q1 versus a 65% comp last year, which is just a really impressive number. Of your net new growth, how much of that is coming from sort of the core endpoints or EDR space versus new product areas, whether that’s Humio, Preempt, vulnerability management, IT operations or other stuff?
Burt Podbere
Hey Gray, great questions. So effectively, our core is still the majority of our sales, right? That’s the core traditional workload and endpoint protection, it’s detection, it’s prevention, it’s OverWatch. But, we’ve seen some great traction coming in from things even like device control and then you throw in Discover for IT management and you got also Spotlight which has gained some traction. And so, what we’re really seeing across the board is companies coming in and buying more modules out of the gate, because they see the value not only of the platform and where they can go with the platform, but the total cost of ownership. We’re able to drive down those costs overall by taking out some other competitors that offer other type of technologies where we come in with better efficacy and lower cost. So, it’s really all about the opportunity for customers to purchase more of our modules, and they’re doing so more and more out of the get-go. So, that’s how we look at it.
Operator
And our last question will come from the line of Patrick Colville from Deutsche Bank.
Patrick Colville
Hey there. Thank you so much for squeezing me in. I mean, a lot of impressive metrics this quarter. I mean, one that kind of stood out to me was RPO billings, which if I’m not mistaken, grew 79% in fiscal first quarter, which is actually larger than any quarter last year. So, trying to understand why that metric might be so strong. Were there some very large multiyear deals signed in this quarter?
Burt Podbere
Yes. So, Patrick, great question. And the answer is yes. We’re seeing an uptick in the number of multiyear deals versus where we’ve been historically. Customers want to lock into us. They want to use our platform and they see us as the platform that they can grow on. And they see us as a platform of the future. Everyone today is looking for that modern day architecture. We supply it, easy to deploy, simple to manage, and we’re able to show customers that, hey, we’re here to stay. We’re going to continue to invest in R&D. And we’re going to use our balance sheet to be able to do that. We are seeing more and more of those multiyear deals they paid annually, which obviously impacts the deferred, but the total RPO number has gone up because customers are willing to sign longer term contracts with us because they believe in what we’re doing. And that’s really good for us. And we’re really happy -- we’ll really have to see that uptick in RPO.
Operator
And I now turn it over to George Kurtz for any closing remarks.
George Kurtz
Okay. I want to thank all of you for your time today. We certainly appreciate your interest and look forward to seeing you virtually at our upcoming investor events. Stay safe, and we’ll talk soon. Thank you.
Operator
And this concludes today’s conference call. Thank you for participating. You may now disconnect.