CrowdStrike Holdings, Inc. (CRWD) Q2 2022 Earnings Call Transcript
Published at 2021-08-31 23:58:08
Thank you for standing by and welcome to the CrowdStrike Holdings Second Quarter Fiscal Year 2022 Financial Results Conference Call. At this time, all participants are in a listen-only mode. After the speakers presentation, there will be a question-and-answer session. [Operator Instructions] As a reminder, today's conference call is being recorded. I would now like turn the conference to your host, Ms. Maria Riley, Vice President of Investor Relations. Please go ahead.
Good afternoon and thank you for your participation today. With me on the call are George Kurtz, President and Chief Executive Officer and Co-Founder of CrowdStrike; and Burt Podbere, Chief Financial Officer. Before we get started, I would like to note that certain statements made during this conference call that are not historical facts, including those regarding our future plans, objectives, growth and expected performance including our outlook for the third quarter and fiscal year 2022 are forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. These forward-looking statements represent our outlook only as of the date of this call. While we believe any forward-looking statements we make are reasonable, actual results could differ materially because the statements are based on current expectations and are subject to risks and uncertainties. We do not undertake and expressly disclaim any obligation to update or alter our forward-looking statements, whether as a result of new information, future events or otherwise. Further information on these and other factors that could affect the company's financial results is included in filings we make with the SEC from time to time, including the section titled Risk Factors in the company's quarterly and annual reports that we file with the SEC. Additionally, unless otherwise stated, excluding revenue, all financial measures discussed on this call will be non-GAAP. A discussion of why we use non-GAAP financial measures and a reconciliation schedule showing GAAP versus non-GAAP results is currently available in our press release which may be found on our Investor Relations website at ir.crowdstrike.com or on our Form 8-K filed with the SEC today. With that, I will now turn the call over to George to begin.
Thank you, Maria and thank you all for joining us today. We delivered an outstanding second quarter, with rapid subscription revenue growth and record net new ARR generated in the quarter. We saw strength in multiple areas of the business, added $150.6 million in net new ARR and grew ending ARR 70% to exceed $1.34 billion. Our continued strong performance was driven by the groundswell of customers turning to CrowdStrike as their trusted security platform of record. We saw strong demand across the market which for us spans large enterprise, mid-market and SMB customers. Our success in gaining share in each of these market segments is reflected in our net new customer growth rate which on an organic basis accelerated in the quarter. In total, 1,660 net new customers chose CrowdStrike as their security partner, bringing our customer count to 13,080. The CrowdStrike brand is viewed as the gold standard in security. We designed the Falcon platform and our Security Cloud to add value and improve the security posture of any organization, regardless of size and sophistication. Customers new to CrowdStrike this quarter included a household name in the consumer security space; one of the largest nonprofit health care organizations in the United States; a Fortune 50 global insurance provider; and our security partner, Proofpoint, who we are excited to deepen our relationship with as both a technology and security partner. I'm also pleased to highlight that Workday, a cloud pioneer and leading provider of enterprise cloud applications for finance and human resources which CrowdStrike also uses, has now standardized on CrowdStrike Falcon across their multi-OS fleet. The threat environment remains fierce as expanding attack surface and inherent vulnerabilities in widely used operating systems, along with the complexity of active directory, leave companies of all sizes open to attack and provide a rich feeding ground for sophisticated and novice e-criminals alike. The lessons learned from recent attacks emphasize that a breach involves more than just malware which is why companies need to employ a holistic breach prevention strategy rather than overly relying on malware prevention, regardless if it's legacy or next-gen. As I have said before, nearly every breach you have ever heard of had two things in common: the victims had both a firewall and an antivirus solution which is why we built the Falcon platform from the ground up to stop breaches and not just prevent malware. With this mission, CrowdStrike has turned the tables on the adversaries and has become a trusted leader in security. Meanwhile, competitors fall further behind as they continue to blindly promote a strategy that relies on malware prevention versus a comprehensive solution focused on people, process and technology that stops breaches. According to recent data from our customer base indexed by Threat Graph, more than half of detections analyzed were not malware-based. Attackers are increasingly attempting to accomplish their objectives without using malware. They are exploiting the proliferation of vulnerabilities and abusing systemic weaknesses in identity architecture to get on the system and then moving laterally, thus making it more difficult for legacy and next-gen malware-focused products to be effective because they are not focused on breach prevention. To further demonstrate my point, I'd like to share a recent customer win with a Fortune 500 company that was using Microsoft's legacy security products that failed to rise to the challenges of today's adversaries and ended up unnecessarily costing them millions of dollars. This company experienced a long and difficult deployment process, particularly in low-bandwidth environments where endpoint performance was critical. Notably frustrated, this company began to evaluate alternatives when it was unfortunately hit by ransomware that encrypted their primary and backup data, causing weeks of business disruption and a financial impact estimated to be in the tens to hundreds of millions of dollars. This is when they turned to CrowdStrike. First, by bringing in our incident response team to remediate and stabilize their IT operations and followed by deploying Falcon Complete across their environment. Our approach to stopping breaches with the Falcon platform is foundational to CrowdStrike's leadership position in the market and the epicenter of restoring trust to the security posture of companies worldwide. Using AI, machine learning and an intelligent lightweight agent, the Falcon platform defends against today's most sophisticated threats with unmatched speed and simplicity. CrowdStrike's Threat Graph combines a massively scalable threat intelligence database with AI-powered analytics to detect, prevent, predict and mitigate advanced attacks and zero-day exploits. Threat Graph and Falcon's XDR capabilities continuously ingest massive volumes of live telemetry data from Falcon endpoints and other sources at scale. The Falcon platform processes approximately one trillion events per day from millions of agents, delivering unprecedented security insights. This empowers Falcon to benefit from crowdsourcing and economies of scale unlike any other solution on the market today which we believe enables our AI algorithms to be uniquely effective. The success of our platform strategy and growing leadership as the trusted security partner of choice is also reflected in our module adoption metrics which we have continued to increase quarter after quarter. Subscription customers that have adopted four or more modules, five or more modules and six or more modules increased to 66%, 53% and 29%, respectively, in the second quarter. We believe that our extensible Falcon platform, purpose-built to collect data once and reuse it many times to address multiple use cases not only provides customers an advantage over adversaries and lowers TCO, it is a cornerstone to building a durable growth business over the long-term. As we innovate on the platform, customers can derive even more value from their CrowdStrike investment. Take, for example, a midsized health care organization who, despite their limited budget and security staff, was looking to bolster it's security in the wake of repeated attacks against their peers. This organization initially thought they only needed to add a SIEM solution but quickly realized the implementation and maintenance would be a burden to their current security posture. Whereas with CrowdStrike Falcon Complete, Falcon Zero Trust and Humio, they could transform their security posture, have round-the-clock monitoring, gain identity visibility and risk scoring and implement a highly-effective log management solution for less than the cost of purchasing a stand-alone SIEM product. This customer was also amazed by Humio's speed of ingestion and ability to query data in real time which they deemed critical, given the rise in malicious cyber-activity targeting the health care sector. Customer interest in Humio is very high as the ability to log everything and get answers in real time is a growing necessity. In Q2, we secured new Humio deals across multiple industries, including technology, health care, hospitality and financial services. Additionally, Humio is already off to a great start in Q3 with a seven-figure land and growing pipeline. The integration of Humio into our already market-leading XDR capabilities is on track and we are encouraged by the growth opportunities we see in this area. We look forward to showcasing more of our leading XDR capabilities at Falcon in October. I will now highlight several of our cloud modules that are gaining exceptional traction with customers as the threat landscape has intensified. First is Falcon Complete, our turnkey managed detection and response subscription. The heightened threat environment has put a significant strain on cyber-resources and has exacerbated the skills gap in the industry. Recent reports indicate that over three million cyber-jobs are unfulfilled which is more than double the current number of professionals currently working in the field. Falcon Complete combines the advantages of our Security Cloud, the technology in our Falcon platform and a team of threat hunters and responders to deliver gold standard security around the clock, at scale with superior economics to organizations of all sizes. This translates to stopping breaches that extend far beyond the prevention of malware and that leverage legitimate software or services, exploit systems configurations or abuse legitimate prudentials. In recent quarters, we have seen a significant increase in the Falcon Complete customer base which has grown approximately 2.5x year-over-year. Additionally, just last week, Falcon Complete was named a leader in IDC MarketScape for U.S. managed detection and response services. Within the report, Falcon Complete was recognized for strength in it's breach prevention warranty, fully remote, automated remediation, breadth of threat-hunting capabilities and strong machine learning and artificial intelligence capabilities for detection and response. The next module on the Falcon platform I would like to highlight is Falcon Spotlight which leverages the power of the cloud to provide real-time vulnerability assessment and AI to prioritize vulnerability remediation without impacting performance of the network or endpoint. Real-time vulnerability management is becoming a necessity for a proactive security posture, given the continued targeting of core functionality and vulnerabilities in the Microsoft ecosystem and increase in zero-day exploits such as the recent Microsoft PrintNightmare vulnerability. Demonstrating the power of Falcon's network effect, we leveraged the massive amount of data and intelligence available in our Security Cloud and our AI model to predict that this newly discovered vulnerability would be exploited by adversaries. Using this data intelligence allowed us to provide customers with real-time visibility into their exposure. Our ability to provide real-time vulnerability management significantly differentiates CrowdStrike and it's directly attributable to the fundamental architecture of our cloud-native Falcon platform that enables us to collect data once and reuse many. We believe our success to date with Spotlight is an excellent illustration of our ability to leverage the CrowdStrike Security Cloud to stop breaches and drive module adoption. Spotlight's ability to provide visibility in real time into PrintNightmare exposure without deploying new agents or scanning was a significant driver of no-touch trials generated through the CrowdStrike store. Spotlight has also become strategic in the sales process, with a number of Spotlight customers growing more than 150% year-over-year in Q2. Next, I will briefly discuss Zero Trust. The recent Kaseya breach which is reported to have impacted over 1,000 companies from a single breach, serves as a reminder to the far-reaching impact of a supply chain breach and the importance of a Zero Trust architecture. It is also important to remember that most ransomware outbreaks have a compromised identity component. Shoring up this threat vector is critical to stopping breaches and lateral movement. Customers are increasingly turning to a zero-trust solution to combat threat actors that leverage identity-based attacks and move laterally within their targeted environments. CrowdStrike has the only Zero Trust solution on the market today that combines endpoint, workload and identity visibility and behavioral analytics to secure environments and prevent lateral movement. Moving to cloud; more and more organizations are waking up to the fact that adversaries do not draw much of a distinction between targeting data on an endpoint versus a cloud environment. As an innovator in cloud security and operator of one of the largest clouds, organizations are turning to CrowdStrike to protect their cloud estates. I'd like to share with you a recent customer win that demonstrates how cloud-native organizations can leverage the Falcon platform to achieve best-in-class security that empowers their business model instead of clashing with it. A cutting-edge enterprise AI platform company and a member of the Forbes Cloud 100 was experiencing stability and scaling issues when trying to use a competitor's cloud security offering that was built through M&A. As a company on a mission to reduce their own customer friction and deliver actionable intelligence, they felt it was critical that their security partner could match their speed and scale in the cloud instead of slowing them down. With these requirements in mind, this cloud innovator selected CrowdStrike for it's ability to provide a fully integrated and fully managed cloud solution through a single pane of glass with a single team. This customer purchased Falcon Complete with Cloud Workload Protection and Falcon Horizon to fully manage both their traditional endpoints and cloud workloads. This new customer found immense value in Falcon's cloud offerings across their EC2 and AWS Fargate infrastructure, making CrowdStrike the perfect partner to scale with their business. To summarize the power, breadth and value the Falcon platform provides and the importance of building trust with customers, I will share two more customer wins with you. The first is with a large media company that was using a legacy provider and was hit with a severe ransomware attack that quickly spiraled across their business. They called on CrowdStrike's services who leveraged both Falcon EDR for visibility as well as our new module, Falcon Forensics which automates the data collection and accelerates incident analysis to help them quickly locate the root cause and take back control of their environment. Following remediation of this breach, this new CrowdStrike customer was eager to transform their security posture and adopted 11 Falcon modules, including Falcon Complete, Discover, Spotlight, Falcon X Recon, Cloud Workload Protection and Falcon Zero Trust to proactively secure and fully manage their workstations, cloud workloads and identity layer as well as provide visibility into their IT assets and vulnerabilities. Next is the customer win I spoke about earlier with one of the largest nonprofit health care organizations in the United States. Given this company is a nonprofit, budget really matters but not at the expense of breach protection. This customer was looking to refresh it's endpoint strategy and move away from their existing vendor, Cylance, given it lacked the focus, efficacy and the customer service they have been promised. Without a security partner they could trust to protect them, they felt vulnerable as incidents were not identified or remediated at the speed required to stay ahead of today's threat actors. The competitive bake-off initially included multiple next-gen and legacy vendors. The low-cost next-gen product was quickly eliminated because the CISO realized the overly prevention-focused approach was too similar to legacy tech. Ultimately, this customer chose CrowdStrike as their trusted security partner, given Falcon's low false positive rate, manageability at scale, ease of use and performance that stood out prominently over all others. Additionally, our frictionless deployment was once again a key differentiator as Falcon was deployed across nearly 400,000 endpoints in just a few weeks. Moving to our partners; as we have discussed before, we are a partner-first company and believe the rapid expansion of our partner ecosystem is a direct reflection of our growing leadership position. Partners naturally gravitate to market leaders as it helps them bring in new customers and likewise, customer choice helps propel vendor prominence within the partner community. Our leadership position is driving strong engagement with all partners of all sizes which is contributing to our growing presence among the highest levels, including Boards and CIOs. For the first half of fiscal 2022, our partner-sourced ending ARR nearly doubled year-over-year. Investing in our partner ecosystem continues to be a key priority. In July, we teamed up with Telefonica Tech to bring the power of the Falcon platform to their hundreds of thousands of customers across Europe and North and South America. Coupling CrowdStrike Falcon with Telefonica's next defense MDR offering, our joint customers now have trusted and proven next-gen endpoint protection and world-class services. We are also excited to announce a new strategic alliance with Verizon. Through this collaboration, the CrowdStrike Falcon platform will be positioned as part of Verizon's business security portfolio to provide comprehensive endpoint and workload protection that spans prevention, detection and response capabilities. Verizon Business will be able to manage CrowdStrike through their managed detection and response and CRM services. And we are thrilled to team up with them to help joint customers stop breaches and reduce cyber-risk. In summary, I couldn't be more confident in our leadership position and opportunities for growth. I do not see another vendor in the market with our vision platform or ability to execute at scale. Our leadership as a trusted security platform of record and strong financial performance stands as a testament to CrowdStrike's dedication to innovation, protecting and delivering value to customers and transforming the security industry. I'd like to thank every CrowdStriker for all that they do day in and day out to make us the best in the business. With that, I will turn the call over to Burt to discuss our financial results in more detail.
Thank you, George and good afternoon, everyone. As a quick reminder, unless otherwise noted, all numbers except revenue mentioned during my remarks today are non-GAAP. We once again delivered exceptional results. In addition to strong growth at scale, in the second quarter, we continued to maintain very high unit economics, drive leverage and remain very capital efficient, generating strong operating and free cash flow. Additionally, we continue to perform at a high level well in excess of the SaaS industry's Rule of 40 benchmark, once again achieving a Rule of 80. Demand in the quarter was broad-based and well-balanced, fueled by strength in multiple areas of the business as we expand our leadership across the market from large enterprises to small businesses. We once again ended the quarter with a record pipeline which we believe indicates a strong foundation for future growth. In the quarter, we delivered 70% ARR growth year-over-year to exceed $1.34 billion. Rapid new customer acquisition as well as expansion business within existing customers drove substantial growth in the second quarter, once again resulting in very strong net new ARR which came in at an all-time high of $150.6 million. Our dollar-based net retention rate was once again above our benchmark. Moving to the P&L; total revenue grew 70% over Q2 of last year to reach $337.7 million. Subscription revenue grew 71% over Q2 of last year to reach $315.8 million. Professional services revenue was $21.9 million, setting a new record for the fourth consecutive quarter and representing 49% year-over-year growth. In terms of our geographic performance in Q2, we continued to see strong growth in the U.S. as well as international markets. Revenue growth in the U.S. was 73% and contributed approximately 72% of second quarter revenue. Approximately 14% of revenue was derived from Europe, Middle East and Africa markets, 10% from Asia Pacific and approximately 4% from other markets. Second quarter non-GAAP gross margin was 76%, up more than 150 basis points from Q2 of last year. Our non-GAAP subscription gross margin was 78% and up more than 90 basis points from Q2 of last year. We continue to be pleased with our strong subscription gross margin performance. While we expect subscription gross margin to fluctuate quarter-to-quarter, we expect it to remain solidly within our increased target model range of 77% to 82% or more as we march to fiscal year 2025. Total non-GAAP operating expenses in the second quarter were $222.4 million or 66% of revenue versus $140.9 million last year or 71% of revenue. As planned, we continued investing aggressively in our business during the quarter, including increasing investments in new technologies, international geographies and marketing programs. We believe the investments we are making today will lead to sustained growth over the long-term and maintain our total position as the trusted security partner of choice. Scaling our business efficiently remains a top priority which is why we intensely focus on our unit economics, including Magic Number. Our go-to-market engine is executing on all fronts to seize the strong demand we see in the market so we can help even more customers restore trust in their security posture. In Q2, we ended with a Magic Number of 1.4. Our continued exceptional unit economics speaks to the efficiency of our go-to-market engine and frictionless sales motion which we specifically designed to rapidly onboard and support customers of all sizes. It also indicates that we should increase investments in order to capture even more of the market opportunity at hand which is exactly what we are planning. Second quarter non-GAAP operating income was $35.3 million and operating margin improved more than 6 percentage points over Q2 of last year to exceed 10%. Non-GAAP net income attributable to CrowdStrike in Q2 was $25.9 million or $0.11 on a diluted per share basis. Our weighted average common shares used to calculate second quarter non-GAAP EPS attributable to CrowdStrike was on a diluted basis and totaled 238 million shares. We ended the second quarter with a strong balance sheet. Cash and cash equivalents increased to approximately $1.79 billion. Cash flow from operations in the second quarter was $108.5 million and free cash flow was $73.6 million or 22% of revenue. This brings our free cash flow as a percent of revenue to 30% for the first half of the year. Moving to our guidance; we remain optimistic about the demand for our offerings, record pipeline and the powerful secular trends fueling our growth. Given the growth drivers of our business as well as our exceptional second quarter performance and momentum into the third quarter, we are raising our guidance for the fiscal year 2022. While we do not specifically guide to ending or net new ARR, we expect seasonality in net new ARR to be less pronounced relative to prior years as we move from Q2 into Q3, given our steady climb at a much higher scale in recent quarters. Additionally, please recall that our net new ARR in Q3 of last year included approximately $6.8 million in acquired net new ARR. For the third quarter of FY '22, we expect total revenue to be in the range of $358 million to $365.3 million, reflecting a year-over-year growth rate of 54% to 57%, with subscription revenue being the dominant driver of growth. We expect non-GAAP income from operations to be in the range of $29.4 million to $34.7 million and non-GAAP net income attributable to CrowdStrike to be in the range of $19.7 million to $25.0 million. We expect diluted non-GAAP net income per share attributable to CrowdStrike to be in the range of $0.08 to $0.10, utilizing a weighted average share count of 240 million shares on a diluted basis. For the full fiscal year 2022, we currently expect total revenue to be in the range of $1,391.2 million to $1,409.4 million, reflecting a growth rate of 59% to 61% over the prior fiscal year. Non-GAAP income from operations is expected to be between $138.5 million and $152.1 million. We expect fiscal 2022 non-GAAP net income attributable to CrowdStrike to be between $102.9 million and $116.5 million. Utilizing 239 million weighted average shares on a diluted basis, we expect non-GAAP net income per share attributable to CrowdStrike to be in the range of $0.43 to $0.49. George and I will now take your questions.
[Operator Instructions] Our first question comes from Saket Kalia of Barclays Capital. Your line is open.
Hey guys, thanks for taking my question here. George, maybe for you; I was wondering if you could talk a little bit about the environment for big deals and what you're seeing out there. I think we all see the threat environment, I think you called it fierce in your prepared remarks. I'm curious how you're seeing that sort of manifest itself in bigger commitments with CrowdStrike [Technical Difficulty]. Does that make sense?
Sure, sure. Good to hear from you. So as you indicated and as I talked about in the prepared remarks, the threat environment, again, continues to get worse. We've seen a lot of the ransomware attacks and what it's done. And in particular, it has impacted business resiliency. It's no longer the case of encrypt a computer and reimage and carry on. It's impacting massive amounts of business and costing hundreds of millions of dollars. And I can tell you, I have done more Board briefings in the last two months than I've ever had. It seems like one a week to audit committees on this topic, particularly ransomware. When you look at big deals, how does this kind of translate? When you look at these big deals, we're talking about the media company, that was 11 modules that we landed with, so big lands and some real big commitments from customers saying, "We want all in on your platform. We want all in on Humio." And we spent a lot of time consolidating other technologies and removing agents and driving value to customers. So the big deals, the big enterprises, the big lands continue to be there. And I think we continue to get stronger and stronger every quarter in these areas.
Got it, very helpful. Thanks, George.
Thank you. Our next question comes from Sterling Auty of JPMorgan. Your line is open.
Yes, thanks. Hi, guys. So since SentinelOne went public, I think the number one question I still get is, what's happening with market share? And what's the kind of competitive win rates, especially in different market segments as you look to go down market? Wondering if you could just kind of comment on what you're seeing.
Sure. Good to hear from you, Sterling. We've actually seen an increase in our win rates across the board, legacy and next-gen. Obviously, we spend a lot of time in the enterprise but we have a very robust mid- and SMB business and we've seen strong results across the board. There's a lot of noise but I think you have to look at the numbers that we put up on the board. And one-fourth of our net new ARR is probably 94% of the total ARR. So when we think about this, it's a big market. Customers have a lot of choice. And they're focused on for breach prevention, not just detecting malware. And I think our platform, our ability to scale, our ability to get immediate value on rollout and manageability, these are all things that are really important to not only large enterprises but also to the smallest SMB customers out there; so that's what we've seen so far.
Thank you. Our next question comes from Brent Thill of Jefferies. Your line is open.
Hey guys, this is Joe [ph] on for Brent. Really appreciate the question. Maybe if you look out over the next 18 months, can you just rank your growth drivers? Is there any low-hanging fruit still there in core endpoint or is it going to come from XDR via Humio or is international the opportunity? Any color there would be helpful.
I think it's across the board. We're still in the early innings. If you look at the number of customers we have, 13,000-and-change versus some of our legacy competitors that have over 100,000, I mean, still lots of customers that are out there. When you look at things like XDR and you look at Humio, amazing growth drivers for us. When you look at cloud, we've done a lot of work on that. Last year, we did a little analysis on the opportunity. We think it's really undersized from a MarketScape perspective, if you will, from the analyst. And then when you look at things like identity, we're the only folks that have a Zero Trust identity module that came from Preempt. That's it. We're the only endpoint folks that have that. So that's been extremely successful for us. And when you look at the attacks, a lot of them are identity-based. And you switch that to identity being abused in the cloud and our Falcon Horizon module which has done an amazing job and we've seen amazing traction with that. So I think there's pockets of opportunity, broad-based across all the modules, across all the geographies. And with the momentum begets momentum. We really have become the go-to company in this space and that gold standard brand reputation has served us well.
Thank you. Our next question comes from Rob Owens of Piper Sandler. Your line is open.
Great and thank you for taking my question. George, to follow-up there in terms of the growth drivers; could you double-click on the XDR opportunity and whether this is the tip of the spear for customers or you're able to go back into the installed base? I guess the spirit of the question is, are you seeing clients be reactionary still at this point, given the breach environments? Or are they starting to get more strategic in terms of how they're deploying those security dollars? Thanks.
Yes. I think they are becoming more strategic and that's a lot of what we focus on. How do we consolidate? How do we become the platform of record like we have in many other companies for them? And how do we eliminate cost and complexity what they have? When we think about XDR, it's really advanced threat detection. We've been doing that for a long time. And now you're combining that with other people's data as well. So that's fantastic. That's a great growth driver. But we still have the Humio log management product as it is, right? And obviously, there'll be more integration with that in our platform. But that is an amazing product that allows you to log everything all of the time and answer any question in real time. So there are kind of two different products, if you will and between the two of them, as I mentioned, we have a seven-figure land in Q3, I think really we're just in the early innings. I'm so excited about that technology and I can't wait to see how everything unfolds over the next couple of quarters.
Thank you. Our next question comes from Matt Hedberg of RBC Capital Markets. Your line is open.
Great. Thanks a lot for taking my questions guys. George, you know, I noticed you launched Falcon Complete for GovCloud this quarter. Can you remind us of your exposure to U.S. fed and maybe how you guys are uniquely positioned to take share in kind of the overall public sector vertical?
Sure. Well, we kind of lump state, local and federal altogether. Obviously, fed is a big focus for us. And when we think about what's happening in the current environment and some of the moves that are being made in Washington, we think our technology is uniquely suited for solving some really big problems in those areas. We've seen success in the civilian agencies. And we're all processed for IL4 certification. We're just waiting on the government to approve that. And that allows us into other higher classified areas, if you will. So that is a segment that takes a lot of time and effort and government doesn't move so fast. But we've made great strides there and really across the board, state and local as well. I mean we've got some amazing states that are customers, many of them in local government. So as we look at those in it's totality, we've done tremendously well there and we still think we're in the early innings.
Thank you. Our next question comes from Tal Liani of Bank of America. Your line is open.
Hi guys, congrats on a great quarter. I have two questions on the market. When we discuss with distributors, there are two things that come up. And I want to ask you about the importance of automation and that's specific in relation to the selling point of SentinelOne. And second, about the price difference between you 2. As far as I understand and please correct me if I'm wrong, they compete with you with a lower-price solution. Is price a significant factor in the sales process?
Sure. I think if you buy into the marketing hype, that's one thing. But if you look under the covers, we have more automation by far than any other competitor, including SentinelOne. I mean that's how we get the scale. That's why the product is easily deployed. That's why we can drive cost out of the customer base because it does it automatically. When you look at the totality of all the services, again, we're focused on stopping breaches, not just -- we didn't come from a malware product that we tried to bolt on other pieces, we built this from the ground up. So on the pricing standpoint, we sell on value and we routinely win with a higher price point because the product works. It doesn't blow up machines, it's scalable. And people are talking to other customers saying, what are you using? And how is it working? And again, we're focused on stopping breaches, not just dealing with malware. And I think that serves us well. So low-cost options, I think you get what you pay for. There's a difference between a Fiero and Ferrari. And we happen to be the Ferrari model and that's what a lot of customers want.
Do you feel any pricing pressure in the market or we're not yet at this stage?
I mean there's always going to be competitive deals that are out there, whether it's next-gen competitors or legacy players and you have to play each deal by ear, if you will. But at the end of the day, we're going to compete on value which we have. And I can tell you there's a lot of deals we win where we're higher priced than our competitors. And I think the product is differentiated enough in a true platform. When you look at the technology, only one with the forensic modules, only one with the identity module. We've got an amazing growth in Spotlight, vulnerability -- predictive vulnerability management. So when you strip out all the PowerPoint and noise, you got to look at what really works and what are big customers focused on rolling out and it's CrowdStrike.
Thank you. Our next question comes from Brian Essex with Goldman Sachs. Your line is open.
Yes, good afternoon. Thank you very much. Thank you for taking the questions. Maybe Burt, you know, as we see you kind of like inching down market, how do you think about the model from a perspective of giving investors comfort that you can maintain retention rates, module adoption, margins? What are the difference in dynamics? And do you have a sense of -- I don't know if you can quantify the mix and what you're seeing through the model?
When you -- I think the first thing you got to look at is the new logos, right? So we saw acceleration in new logos and a lot of that is coming from down market. And so what you see in down market is you see folks that can come in quickly. We've taken out friction from the system to be able to allow onboarding to be really smooth, efficient. And then they're getting a tremendous amount of value in the down market. And certainly, when folks in the SMB space, if they choose our Falcon Complete offering which we monitor -- we remediate directly for them, they see the value in terms of filling that skills gap as well. And so that talks to the retention rates that we're seeing with respect to down market. So very optimistic about our opportunities in down market. We've done really well overall and we continue to win our unfair share in that segment.
Okay. Super helpful. Thank you.
Our next question comes from Alex Henderson of Needham. Your line is open.
Great, thanks. I was hoping you could talk a little bit about the average deal size in your pipeline across strata. In other words, if I look at enterprise to enterprise, mid-market to mid-market and lower end to lower end, are your deal sizes increasing across the pipeline? And did it happen in the most recent quarter? And similarly, with the -- all of these attacks that we've been seeing, can you talk a little bit about the other key metrics such as time to close and the overall strength of the pipeline? Has the attack rate caused an uptick in those three metrics? Thanks.
Thanks, Alex. So first, let me comment that, again, as I said in the prepared remarks, we've seen record momentum in the business heading into the second half. So we're excited about that. And that's an accumulation across the board in all the segments. For us, we don't give out specifics into each of those different segments. But what we can tell you is that we're landing with more modules in the SMB all the way up to enterprise. You can refer to George's comments about that one deal that had 11 modules. And so we're seeing more and more of that and that's also evidenced in -- as you look at the adoption rates of our modules. Every quarter that we talk about adoption rates, they keep going up. And I think that, that's a testament to the strength of the platform. It talks to the fact that more and more customers want to buy a platform as opposed to point solutions. And soon, we're going to be giving out data on no longer four, five, six but five, six, seven modules because the fourth module is going to be virtually the same as the third as in terms of adoption rate. So we're continuing to see momentum across the board and we're seeing those adoption rates continue to tick up because of folks trying to -- customers trying to buy the platform which is all integrated and flighted for them; so that's what we're seeing, Alex.
Any comment on time to close; the length of time to close deals?
Yes. I'll just comment that we generally don't talk about that. But we've talked about in the past where we've had large enterprise deals that closed over a weekend. And we still see some of those. That's not obviously every case. But we're seeing customers come to us, obviously more frequently by the number of logos. And some are closing really, really rapidly, even seven-figure deal type of customers.
Thank you. Our next question comes from Ittai Kidron of Oppenheimer. Your line is open.
Thanks. Hey guys, great quarter. Not that growing 64% is bad in your international business on a year-over-year basis but with it being only 28% of revenue, why is it growing still slowly than the U.S.? George, maybe you could talk about the international progress, your priorities there. And is there a different go-to-market approach perhaps you need in order to really unlock the opportunity internationally?
Yes. So when we look at international growth, I think you've got to look at how strong the U.S. has been. So when you look at the U.S. growth, it's been on fire for sure. And internationally, I think that's -- you always continue to build out your capacity there, your partner network and that's a key piece. We're just more mature in the U.S. We have more mature partners. So we continue to focus on that. I think we've had some really great international win, some big players that are out there. And we continue to focus on the key areas in the key geographies. I don't know, Burt, if you have any other comments on that piece.
Yes. So I mean this goes back to the fact that we're looking to continue to invest aggressively and international markets is one of those areas. I think we've got opportunity out there to take more share. When you're comparing it to the U.S., we have a high-grade problem where the U.S. is still really super strong. And as George already mentioned, we're still in early innings in a number of logos and customers that we have, 13,000. It's great, we're really proud of that. But it's a drop in the ocean when you compare it to some of the legacy players that have over -- that have had over 100,000 customers. So we think about that opportunity internationally to be out there and we're going to aggressively go after it.
Very good. Good luck. Thanks.
Our next question comes from Gray Powell of BTIG. Your line is open.
All right, great. Thanks for taking the question and congratulations on the strong results. So yes, earlier this year, you all seemed pretty excited about the potential to gain incremental customers against Microsoft. I know you had some comments in the prepared remarks and obviously, the headlines on Microsoft have not been particularly great this year in security. So yes, just how are you seeing that opportunity play out and how big do you think it could be?
Sure. So obviously, Microsoft, you have to take seriously as a competitor which we do for all competitors. And it's a big market. I think when customers are looking for that salesforce of security, they're coming to CrowdStrike fully integrated, covering multiple operating systems and again, focusing on stopping breaches. And there has been a lot of talk again at the Audit Committee around risk in a monoculture. And customers are becoming more and more uncomfortable with putting their eggs in one basket. So, I think we have a great opportunity there. We highlighted some of the big wins. And at the end of the day, Microsoft's Microsoft, they're going to get customers. But I think with the best platform, the best technology, our results speak for themselves and what we've been able to do. And customers, again, want that ease of use, ease of deployment and just have it work.
Got it. That's really helpful. Thank you.
Thank you. Our next question comes from Gregg Moskowitz of Mizuho. Your line is open.
Okay, thank you for taking the question and very good quarter. I had a follow-up on Falcon Complete which I think you mentioned has a customer base up 2.5x in recent quarters. And similarly, we're hearing that demand has really been spiking for the solution over the past few months, including among larger organizations. And so with that in mind, can you talk about your expectations for adoption of Complete going forward across both large enterprises and governments?
Sure, it's a great question. You know, when we originally built Complete, we thought it would be built for sort of that mid-market customer that maybe had one security person or none or half. And the reality is it's -- we're selling it to the smallest SMBs all the way up to the largest enterprises. One of our largest enterprise customers is a Falcon Complete customer because the economics are so good for them. When you look at -- again, getting back to automation. The automation we've built in is second to none in how we operate this service. When you look at that, we can really drive the cost out for our customers and provide a very high-touch engagement with them which is what they're looking for, again, stopping breaches, being able to identify threats very quickly and remediate them very quickly outside of any of the other automation that we have. So that level of engagement is something that truly differentiates us. And when you even think about this sort of market, it's a little bit more than MDR but we were doing this before MDR was even coined a term. So we have a lot of experience here that pales in comparison to our competitors.
Thank you. Our next question comes from Mike Walkley of Canaccord Genuity. Your line is open.
Great, thanks. Congratulations on the net new customers. I was wondering if you could share roughly the number of modules on average a new customer chooses today versus a year ago. And also, how is the percent of multiyear deals improving as shown by the strong RPO metrics?
Thanks, Mike. Good question. So we don't give out the specific numbers, how many modules each customer gets. What we do give out the percentage of customers with 4, 5 and 6-plus in modules which are, respectively, 66%, 53% and 29%. And that's been increasing quarter-over-quarter. And so that just talks to the testament of our ability to continue to sell the platform. And we are focused on continuing to build out the platform and to give customers more and more choice in terms of what they have available to them. And at the end of the day, George has talked many times about, hey, we're going to make this thing seamless for you to deploy and at the end of the day, easy to manage. And when you combine those things, it just makes it easier for customers to adopt. And so, going back to our earlier comments about the ability to scale and the ability to drive customer adoption; it all comes back to making it easy for the customer. And we're very focused in that area. And that's part of our core and part of our DNA and we'll never take our eye off that. Just that similar that we're never going to take our eye off efficiency, right? Unit economics matters. However, we do know that we've got this opportunity in front of us to be able to go after more market share and we're going to invest in that area to be able to go after more and more new logos as we continue our journey.
Thank you. Our next question comes from Erik [ph] of JMP Securities. Your line is open.
Yes, thanks for taking my question and congrats on a good quarter. I was curious about the CrowdStrike Store. That's been adding partners since the IPO, certainly. I was wondering, can you try to quantify or give us some context in terms of what revenue opportunity that is? And then also, I think Rapid7 and Siemplify were a couple of partners you highlighted. Can you talk a little bit about where your organic capabilities and where they pick up with the Humio technology with Siemplify and Spotlight with Rapid7?
Sure. So from a partner store perspective, it's, I think, been very well received by customers. They love the integration. And again, part of the strategy that we have with a single agent, single data store with Threat Graph and what I would call beachfront real estate is customers don't want more agents. They want less and they trust their agent, it's there. They know it's performance and it works. So the whole idea, again, is how do we leverage that architecture almost agent-as-a-service, if you will, for other partners. So that includes data integration, being able to interact with our agents, things of that nature. And we've done that for many of the partners that are out there. And it's really based on customer demand. So they have the technology that they're using. They want to integrate and some of the names you mentioned fall into that area. When we think about Spotlight and it's capabilities, we are replacing a lot of other agent-based VM technology that's out. And again, remember, we don't do the network scanning piece. We think that's a bit commoditized. And what customers are looking for, we highlighted this with the PrintNightmare vulnerability that Microsoft had, is they want push-button results instantly which we give them. And now using AI, we can actually prioritize what vulnerabilities are most likely to be exploited which really helps the IT ops team. So we've got tremendous capabilities in those areas. And Humio is, again, has just been a shining star for us. There hasn't been a customer or a prospect I talked to that haven't been extremely impressed with the capabilities there. So we'll be leveraging that as part of the integrations for the store. And I think we're still in the early innings there and that can be -- out year is a big driver of revenue for us; but right now it's very strategic and make sure our customers are happy.
Thank you. Our next question comes from Patrick Colville of Deutsche Bank. Your line is open.
Thank you for taking my question. I guess my question is about AV. One of the things we get a lot of incoming on is how thought-through that AV displacement are we in kind of mid-2021? Would you say that based on the kind of conversations you're having with customers and potential customers, that we're kind of in the late innings of that process? Or is there still kind of a lot to go and that we are in the early innings? I think that would be helpful. Thank you.
Sure. I still think we're in the early innings. Again, if you look at our customer count versus a McAfee or Symantec or a Trend, it's, again, impressive for a younger company but still pales in comparison to all the customers that they have. So it's an ongoing effort. It's a multiyear effort, lots of tailwinds there for us. And that's in the enterprise. And when you get down into the SMB and the mid-market, you got a ton of other players that are out there, too many to mention here. So that's always going to be an ongoing opportunity for us and in my opinion, still very early innings. And I know that from the big deals that we're doing and the McAfee and the Symantec replacements, I mean, it just happens every quarter kind of like clockwork.
And can I just tag on. I mean when do you think we'll get to the late innings of that displacement? Is it like -- I don't want to kind of put you on the spot and give forward guidance but is it like anytime soon or is it quite far out?
Firstly, I think it's far out because you have to look at the renewal cycles for many of these customers, right? It could be one year or two years or three years and it's always ongoing. And I would look at the customer count, compare that to other players that are out there and that will give you a good idea of where we are versus what's available to us.
Thank you. And this does conclude the formal part of the conference call. I'd like to turn the call back over to George Kurtz for closing remarks.
Great. I want to thank all of you for your time today. We certainly appreciate your interest and look forward to seeing you virtually at our upcoming investor events. Thank you. Be safe and have a great day.
Thank you. Ladies and gentlemen, this does conclude today's conference. Thank you all participating and have a great day. You may all disconnect.